Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #14158 - Use tailoring file for scan #18

Merged
merged 1 commit into from Jan 6, 2017
Merged

Fixes #14158 - Use tailoring file for scan #18

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 31 additions & 13 deletions lib/foreman_scap_client/client.rb
View file
Open in desktop
Expand Up @@ -9,10 +9,13 @@ module ForemanScapClient
CONFIG_FILE = '/etc/foreman_scap_client/config.yaml'

class Client
attr_reader :config, :policy_id, :tailored

def run(policy_id)
@policy_id = policy_id
ensure_policy_exist
load_config
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getting following, because ensure_policy_exist on line above requires config to be present already

/usr/local/share/gems/gems/foreman_scap_client-0.3.0/lib/foreman_scap_client/client.rb:131:in `ensure_policy_exist': undefined method `[]' for nil:NilClass (NoMethodError)
        from /usr/local/share/gems/gems/foreman_scap_client-0.3.0/lib/foreman_scap_client/client.rb:16:in `run'
        from /usr/local/share/gems/gems/foreman_scap_client-0.3.0/bin/foreman_scap_client:10:in `<top (required)>'
        from /usr/bin/foreman_scap_client:23:in `load'
        from /usr/bin/foreman_scap_client:23:in `<main>'

ensure_scan_file
ensure_tailoring_file
Dir.mktmpdir do |dir|
@tmp_dir = dir
scan
Expand All @@ -23,8 +26,10 @@ def run(policy_id)

private

def config
def load_config
@config ||= YAML.load_file(CONFIG_FILE)
ensure_policy_exist
@tailored = !@config[policy_id][:tailoring_path].empty?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should also handle the case that this option is not there yet (so can be nil) to be compatible with older version of puppet-foreman_scap_client/foreman_openscap or in case the puppet module haven't reconfigured the client yet.

rescue => e
puts 'Config file could not be loaded'
puts e.message
Expand Down Expand Up @@ -57,7 +62,11 @@ def scan_command
else
profile = ''
end
"oscap xccdf eval #{profile} --results-arf #{results_path} #{config[@policy_id][:content_path]}"
"oscap xccdf eval #{profile} #{tailoring_subcommand} --results-arf #{results_path} #{config[@policy_id][:content_path]}"
end

def tailoring_subcommand
tailored ? "--tailoring-file #{config[policy_id][:tailoring_path]}" : ""
end

def bzip_command
Expand Down Expand Up @@ -125,25 +134,34 @@ def ensure_policy_exist
end
end

def ensure_scan_file
return if File.exist?(config[@policy_id][:content_path])
puts "File #{config[@policy_id][:content_path]} is missing. Downloading it from proxy"
def ensure_file(dir, download_path, type_humanized)
return if File.exist?(config[policy_id][dir])
puts "File #{config[policy_id][dir]} is missing. Downloading it from proxy."
begin
FileUtils.mkdir_p(File.dirname(config[@policy_id][:content_path]))
uri = URI.parse(download_uri(config[@policy_id][:download_path]))
puts "Download scap content xml from: #{uri}"
FileUtils.mkdir_p(File.dirname(config[policy_id][dir]))
uri = URI.parse(download_uri(config[policy_id][download_path]))
puts "Download #{type_humanized} xml from: #{uri}"
request = generate_https_object(uri).get(uri.path)
request.value
scap_content_xml = request.body
open(config[@policy_id][:content_path], 'wb') do |file|
file << scap_content_xml
ds_content_xml = request.body
open(config[policy_id][dir], 'wb') do |file|
file << ds_content_xml
end
rescue StandardError => e
puts "SCAP file is missing and download failed with error: #{e.message}"
puts "#{type_humanized} is missing and download failed with error: #{e.message}"
exit(5)
end
end

def ensure_scan_file
ensure_file :content_path, :download_path, "SCAP content"
end

def ensure_tailoring_file
return unless tailored
ensure_file :tailoring_path, :tailoring_download_path, "Tailoring file"
end

def download_uri(download_path)
foreman_proxy_uri + "#{download_path}"
end
Expand Down