ssg.playbook_builder - Code Metrics - Inspection of "Merge pull request #6080 from jan-cerny/resolv_pro..." - ComplianceAsCode/content - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( d4a97d...a9acad )

by Matěj

created 2020-09-15 13:56 UTC

ssg.playbook_builder B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	276
Duplicated Lines	0 %

Test Coverage

Coverage

74.53%

Importance

Changes

Metric	Value
eloc	185
dl	0
loc	276
ccs	120
cts	161
cp	0.7453
rs	8.5599
c	0
b	0
f	0
wmc	48

12 Methods

Rating	Name	Size	Complexity
A	PlaybookBuilder.create_playbooks_for_all_rules_in_profile()	19	3
A	PlaybookBuilder._find_rule_title()	4	1
A	PlaybookBuilder._get_rules_variables()	12	5
A	PlaybookBuilder.__init__()	13	1
A	PlaybookBuilder.create_playbooks_for_all_rules()	11	3
B	PlaybookBuilder.choose_variable_value()	30	7
B	PlaybookBuilder.create_playbook()	45	8
B	PlaybookBuilder.build()	41	8
A	PlaybookBuilder.get_data_from_snippet()	20	4
A	PlaybookBuilder.create_playbook_for_single_rule()	19	2
A	PlaybookBuilder.get_benchmark_variables()	11	2
A	PlaybookBuilder.open_profile()	18	4

How to fix Complexity

#!/usr/bin/python3

import os
import re
import sys

from collections import OrderedDict

import ssg.rules
import ssg.utils
import ssg.yaml
import ssg.build_yaml
import ssg.build_remediations

COMMENTS_TO_PARSE = ["strategy", "complexity", "disruption"]


class PlaybookBuilder():
    def __init__(self, product_yaml_path, input_dir, output_dir, rules_dir, profiles_dir):
        self.input_dir = input_dir
        self.output_dir = output_dir
        self.rules_dir = rules_dir
        product_yaml = ssg.yaml.open_raw(product_yaml_path)
        product_dir = os.path.dirname(product_yaml_path)
        relative_guide_dir = ssg.utils.required_key(product_yaml,
                                                    "benchmark_root")
        self.guide_dir = os.path.abspath(os.path.join(product_dir,
                                                      relative_guide_dir))
        self.profiles_dir = profiles_dir
        additional_content_directories = product_yaml.get("additional_content_directories", [])
        self.add_content_dirs = [os.path.abspath(os.path.join(product_dir, rd)) for rd in additional_content_directories]

    def choose_variable_value(self, var_id, variables, refinements):
        """
        Determine value of variable based on profile refinements.
        """
        if refinements and var_id in refinements:
            selector = refinements[var_id]
        else:
            selector = "default"
        try:
            options = variables[var_id]
        except KeyError:
            raise ValueError("Variable '%s' doesn't exist." % var_id)
        try:
            value = options[selector]
        except KeyError:
            if len(options.keys()) == 1:
                # We will assume that if there is just one option that it could
                # be selected as a default option.
                value = list(options.values())[0]
            elif selector == "default":
                # If no 'default' selector is present in the XCCDF value,
                # choose the first (consistent with oscap behavior)
                value = list(options.values())[0]
            else:
                raise ValueError(
                    "Selector '%s' doesn't exist in variable '%s'. "
                    "Available selectors: %s." %
                    (selector, var_id, ", ".join(options.keys()))
                )
        return value

    def get_data_from_snippet(self, snippet_yaml, variables, refinements):
        """
        Extracts and resolves tasks and variables from Ansible snippet.
        """
        xccdf_var_pattern = re.compile(r"\(xccdf-var\s+(\S+)\)")
        tasks = []
        values = dict()
        for item in snippet_yaml:
            if isinstance(item, str):
                match = xccdf_var_pattern.match(item)
                if match:
                    var_id = match.group(1)
                    value = self.choose_variable_value(var_id, variables,
                                                       refinements)
                    values[var_id] = value
                else:
                    raise ValueError("Found unknown item '%s'" % item)
            else:
                tasks.append(item)
        return tasks, values

    def get_benchmark_variables(self):
        """
        Get all variables, their selectors and values used in a given
        benchmark. Returns a dictionary where keys are variable IDs and
        values are dictionaries where keys are selectors and values are
        variable values.
        """
        variables = dict()
        for cur_dir in [self.guide_dir] + self.add_content_dirs:
            variables.update(self._get_rules_variables(cur_dir))
        return variables

    def _get_rules_variables(self, base_dir):
        for dirpath, dirnames, filenames in os.walk(base_dir):
            for filename in filenames:
                root, ext = os.path.splitext(filename)
                if ext == ".var":
                    full_path = os.path.join(dirpath, filename)
                    xccdf_value = ssg.build_yaml.Value.from_yaml(full_path)
                    # Make sure that selectors and values are strings
                    options = dict()
                    for k, v in xccdf_value.options.items():
                        options[str(k)] = str(v)

                    yield (xccdf_value.id_, options,)

    def _find_rule_title(self, rule_id):
        rule_path = os.path.join(self.rules_dir, rule_id + ".yml")
        rule_yaml = ssg.yaml.open_raw(rule_path)
        return rule_yaml["title"]

    def create_playbook(self, snippet_path, rule_id, variables,
                        refinements, output_dir):
        """
        Creates a Playbook from Ansible snippet for the given rule specified
        by rule ID, fills in the profile values and saves it into output_dir.
        """

        with open(snippet_path, "r") as snippet_file:
            snippet_str = snippet_file.read()
        fix = ssg.build_remediations.split_remediation_content_and_metadata(snippet_str)
        snippet_yaml = ssg.yaml.ordered_load(fix.contents)

        play_tasks, play_vars = self.get_data_from_snippet(
            snippet_yaml, variables, refinements
        )

        if len(play_tasks) == 0:
            raise ValueError(
                "Ansible remediation for rule '%s' in '%s' "
                "doesn't contain any task." %
                (rule_id, snippet_path)
            )

        tags = set()
        for task in play_tasks:
            tags |= set(task.pop("tags", []))

        play = OrderedDict()
        play["name"] = self._find_rule_title(rule_id)
        play["hosts"] = "@@HOSTS@@"
        play["become"] = True
        if len(play_vars) > 0:
            play["vars"] = play_vars
        if len(tags) > 0:
            play["tags"] = sorted(list(tags))
        play["tasks"] = play_tasks

        playbook = [play]
        playbook_path = os.path.join(output_dir, rule_id + ".yml")
        with open(playbook_path, "w") as playbook_file:
            # write remediation metadata (complexity, strategy, etc.) first
            for k, v in fix.config.items():
                playbook_file.write("# %s = %s\n" % (k, v))
            ssg.yaml.ordered_dump(
                playbook, playbook_file, default_flow_style=False
            )

    def open_profile(self, profile_path):
        """
        Opens and parses profile at the given profile_path.
        """
        if not os.path.isfile(profile_path):
            raise RuntimeError("'%s' is not a file!\n" % profile_path)
        profile_id, ext = os.path.splitext(os.path.basename(profile_path))
        if ext != ".profile":
            raise RuntimeError(
                "Encountered file '%s' while looking for profiles, "
                "extension '%s' is unknown. Skipping..\n"
                % (profile_path, ext)
            )

        profile = ssg.build_yaml.Profile.from_yaml(profile_path)
        if not profile:
            raise RuntimeError("Could not parse profile %s.\n" % profile_path)
        return profile

    def create_playbooks_for_all_rules_in_profile(self, profile, variables):
        """
        Creates a Playbook for each rule selected in a profile from tasks
        extracted from snippets. Created Playbooks are parametrized by
        variables according to profile selection. Playbooks are written into
        a new subdirectory in output_dir.
        """
        profile_rules = profile.get_rule_selectors()
        profile_refines = profile.get_variable_selectors()

        profile_playbooks_dir = os.path.join(self.output_dir, profile.id_)
        os.makedirs(profile_playbooks_dir)

        for rule_id in profile_rules:
            snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
            if os.path.exists(snippet_path):
                self.create_playbook(
                    snippet_path, rule_id, variables,
                    profile_refines, profile_playbooks_dir
                )

    def create_playbook_for_single_rule(self, profile, rule_id, variables):
        """
        Creates a Playbook for given rule specified by a rule_id. Created
        Playbooks are parametrized by variables according to profile selection.
        Playbooks are written into a new subdirectory in output_dir.
        """
        profile_rules = profile.get_rule_selectors()
        profile_refines = profile.get_variable_selectors()
        profile_playbooks_dir = os.path.join(self.output_dir, profile.id_)
        os.makedirs(profile_playbooks_dir)
        snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
        if rule_id in profile_rules:
            self.create_playbook(
                snippet_path, rule_id, variables,
                profile_refines, profile_playbooks_dir
            )
        else:
            raise ValueError("Rule '%s' isn't part of profile '%s'" %
                             (rule_id, profile.id_))

    def create_playbooks_for_all_rules(self, variables):
        profile_playbooks_dir = os.path.join(self.output_dir, "all")
        os.makedirs(profile_playbooks_dir)
        for rule in os.listdir(self.rules_dir):
            rule_id, _ = os.path.splitext(rule)
            snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
            if not os.path.exists(snippet_path):
                continue
            self.create_playbook(
                snippet_path, rule_id, variables,
                None, profile_playbooks_dir
            )

    def build(self, profile_id=None, rule_id=None):
        """
        Creates Playbooks for a specified profile.
        If profile is not given, creates playbooks for all profiles
        in the product.
        If the rule_id is not given, Playbooks are created for every rule.
        """
        variables = self.get_benchmark_variables()
        profiles = {}
        for profile_file in os.listdir(self.profiles_dir):
            profile_path = os.path.join(self.profiles_dir, profile_file)
            try:
                profile = self.open_profile(profile_path)
            except ssg.yaml.DocumentationNotComplete as e:
                msg = "Skipping incomplete profile {0}. To include incomplete " + \
                    "profiles, build in debug mode.\n"
                sys.stderr.write(msg.format(profile_path))
                continue
            except RuntimeError as e:
                sys.stderr.write(str(e))
                continue
            profiles[profile.id_] = profile

        if profile_id:
            to_process = [profile_id]
        else:
            to_process = list(profiles.keys())

        for p in to_process:
            profile = profiles[p]
            if rule_id:
                self.create_playbook_for_single_rule(profile, rule_id,
                                                     variables)
            else:
                self.create_playbooks_for_all_rules_in_profile(
                    profile, variables)

        if not profile_id:
            # build playbooks for virtual '(all)' profile
            # this virtual profile contains all rules in the product
            self.create_playbooks_for_all_rules(variables)


1		#!/usr/bin/python3
2
3	2	import os
4	2	import re
5	2	import sys
6
7	2	from collections import OrderedDict
8
9	2	import ssg.rules
10	2	import ssg.utils
11	2	import ssg.yaml
12	2	import ssg.build_yaml
13	2	import ssg.build_remediations
14
15	2	COMMENTS_TO_PARSE = ["strategy", "complexity", "disruption"]
16
17
18	2	class PlaybookBuilder():
19	2	def __init__(self, product_yaml_path, input_dir, output_dir, rules_dir, profiles_dir):
20	2	self.input_dir = input_dir
21	2	self.output_dir = output_dir
22	2	self.rules_dir = rules_dir
23	2	product_yaml = ssg.yaml.open_raw(product_yaml_path)
24	2	product_dir = os.path.dirname(product_yaml_path)
25	2	relative_guide_dir = ssg.utils.required_key(product_yaml,
26		"benchmark_root")
27	2	self.guide_dir = os.path.abspath(os.path.join(product_dir,
28		relative_guide_dir))
29	2	self.profiles_dir = profiles_dir
30	2	additional_content_directories = product_yaml.get("additional_content_directories", [])
31	2	self.add_content_dirs = [os.path.abspath(os.path.join(product_dir, rd)) for rd in additional_content_directories]
32
33	2	def choose_variable_value(self, var_id, variables, refinements):
34		"""
35		Determine value of variable based on profile refinements.
36		"""
37	2	if refinements and var_id in refinements:
38	2	selector = refinements[var_id]
39		else:
40		selector = "default"
41	2	try:
42	2	options = variables[var_id]
43		except KeyError:
44		raise ValueError("Variable '%s' doesn't exist." % var_id)
45	2	try:
46	2	value = options[selector]
47		except KeyError:
48		if len(options.keys()) == 1:
49		# We will assume that if there is just one option that it could
50		# be selected as a default option.
51		value = list(options.values())[0]
52		elif selector == "default":
53		# If no 'default' selector is present in the XCCDF value,
54		# choose the first (consistent with oscap behavior)
55		value = list(options.values())[0]
56		else:
57		raise ValueError(
58		"Selector '%s' doesn't exist in variable '%s'. "
59		"Available selectors: %s." %
60		(selector, var_id, ", ".join(options.keys()))
61		)
62	2	return value
63
64	2	def get_data_from_snippet(self, snippet_yaml, variables, refinements):
65		"""
66		Extracts and resolves tasks and variables from Ansible snippet.
67		"""
68	2	xccdf_var_pattern = re.compile(r"\(xccdf-var\s+(\S+)\)")
69	2	tasks = []
70	2	values = dict()
71	2	for item in snippet_yaml:
72	2	if isinstance(item, str):
73	2	match = xccdf_var_pattern.match(item)
74	2	if match:
75	2	var_id = match.group(1)
76	2	value = self.choose_variable_value(var_id, variables,
77		refinements)
78	2	values[var_id] = value
79		else:
80		raise ValueError("Found unknown item '%s'" % item)
81		else:
82	2	tasks.append(item)
83	2	return tasks, values
84
85	2	def get_benchmark_variables(self):
86		"""
87		Get all variables, their selectors and values used in a given
88		benchmark. Returns a dictionary where keys are variable IDs and
89		values are dictionaries where keys are selectors and values are
90		variable values.
91		"""
92	2	variables = dict()
93	2	for cur_dir in [self.guide_dir] + self.add_content_dirs:
94	2	variables.update(self._get_rules_variables(cur_dir))
95	2	return variables
96
97	2	def _get_rules_variables(self, base_dir):
98	2	for dirpath, dirnames, filenames in os.walk(base_dir):
99	2	for filename in filenames:
100	2	root, ext = os.path.splitext(filename)
101	2	if ext == ".var":
102	2	full_path = os.path.join(dirpath, filename)
103	2	xccdf_value = ssg.build_yaml.Value.from_yaml(full_path)
104		# Make sure that selectors and values are strings
105	2	options = dict()
106	2	for k, v in xccdf_value.options.items():
107	2	options[str(k)] = str(v)
		0 ignored issues – show Comprehensibility Best Practice introduced 2020-03-27 21:24 UTC by Report Bug Copy Issue Report The variable `str` does not seem to be defined. Loading history...
108	2	yield (xccdf_value.id_, options,)
109
110	2	def _find_rule_title(self, rule_id):
111	2	rule_path = os.path.join(self.rules_dir, rule_id + ".yml")
112	2	rule_yaml = ssg.yaml.open_raw(rule_path)
113	2	return rule_yaml["title"]
114
115	2	def create_playbook(self, snippet_path, rule_id, variables,
116		refinements, output_dir):
117		"""
118		Creates a Playbook from Ansible snippet for the given rule specified
119		by rule ID, fills in the profile values and saves it into output_dir.
120		"""
121
122	2	with open(snippet_path, "r") as snippet_file:
123	2	snippet_str = snippet_file.read()
124	2	fix = ssg.build_remediations.split_remediation_content_and_metadata(snippet_str)
125	2	snippet_yaml = ssg.yaml.ordered_load(fix.contents)
126
127	2	play_tasks, play_vars = self.get_data_from_snippet(
128		snippet_yaml, variables, refinements
129		)
130
131	2	if len(play_tasks) == 0:
132		raise ValueError(
133		"Ansible remediation for rule '%s' in '%s' "
134		"doesn't contain any task." %
135		(rule_id, snippet_path)
136		)
137
138	2	tags = set()
139	2	for task in play_tasks:
140	2	tags \|= set(task.pop("tags", []))
141
142	2	play = OrderedDict()
143	2	play["name"] = self._find_rule_title(rule_id)
144	2	play["hosts"] = "@@HOSTS@@"
145	2	play["become"] = True
146	2	if len(play_vars) > 0:
147	2	play["vars"] = play_vars
148	2	if len(tags) > 0:
149	2	play["tags"] = sorted(list(tags))
150	2	play["tasks"] = play_tasks
151
152	2	playbook = [play]
153	2	playbook_path = os.path.join(output_dir, rule_id + ".yml")
154	2	with open(playbook_path, "w") as playbook_file:
155		# write remediation metadata (complexity, strategy, etc.) first
156	2	for k, v in fix.config.items():
157	2	playbook_file.write("# %s = %s\n" % (k, v))
158	2	ssg.yaml.ordered_dump(
159		playbook, playbook_file, default_flow_style=False
160		)
161
162	2	def open_profile(self, profile_path):
163		"""
164		Opens and parses profile at the given profile_path.
165		"""
166	2	if not os.path.isfile(profile_path):
167		raise RuntimeError("'%s' is not a file!\n" % profile_path)
168	2	profile_id, ext = os.path.splitext(os.path.basename(profile_path))
169	2	if ext != ".profile":
170		raise RuntimeError(
171		"Encountered file '%s' while looking for profiles, "
172		"extension '%s' is unknown. Skipping..\n"
173		% (profile_path, ext)
174		)
175
176	2	profile = ssg.build_yaml.Profile.from_yaml(profile_path)
177	2	if not profile:
178		raise RuntimeError("Could not parse profile %s.\n" % profile_path)
179	2	return profile
180
181	2	def create_playbooks_for_all_rules_in_profile(self, profile, variables):
182		"""
183		Creates a Playbook for each rule selected in a profile from tasks
184		extracted from snippets. Created Playbooks are parametrized by
185		variables according to profile selection. Playbooks are written into
186		a new subdirectory in output_dir.
187		"""
188		profile_rules = profile.get_rule_selectors()
189		profile_refines = profile.get_variable_selectors()
190
191		profile_playbooks_dir = os.path.join(self.output_dir, profile.id_)
192		os.makedirs(profile_playbooks_dir)
193
194		for rule_id in profile_rules:
195		snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
196		if os.path.exists(snippet_path):
197		self.create_playbook(
198		snippet_path, rule_id, variables,
199		profile_refines, profile_playbooks_dir
200		)
201
202	2	def create_playbook_for_single_rule(self, profile, rule_id, variables):
203		"""
204		Creates a Playbook for given rule specified by a rule_id. Created
205		Playbooks are parametrized by variables according to profile selection.
206		Playbooks are written into a new subdirectory in output_dir.
207		"""
208	2	profile_rules = profile.get_rule_selectors()
209	2	profile_refines = profile.get_variable_selectors()
210	2	profile_playbooks_dir = os.path.join(self.output_dir, profile.id_)
211	2	os.makedirs(profile_playbooks_dir)
212	2	snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
213	2	if rule_id in profile_rules:
214	2	self.create_playbook(
215		snippet_path, rule_id, variables,
216		profile_refines, profile_playbooks_dir
217		)
218		else:
219		raise ValueError("Rule '%s' isn't part of profile '%s'" %
220		(rule_id, profile.id_))
221
222	2	def create_playbooks_for_all_rules(self, variables):
223		profile_playbooks_dir = os.path.join(self.output_dir, "all")
224		os.makedirs(profile_playbooks_dir)
225		for rule in os.listdir(self.rules_dir):
226		rule_id, _ = os.path.splitext(rule)
227		snippet_path = os.path.join(self.input_dir, rule_id + ".yml")
228		if not os.path.exists(snippet_path):
229		continue
230		self.create_playbook(
231		snippet_path, rule_id, variables,
232		None, profile_playbooks_dir
233		)
234
235	2	def build(self, profile_id=None, rule_id=None):
236		"""
237		Creates Playbooks for a specified profile.
238		If profile is not given, creates playbooks for all profiles
239		in the product.
240		If the rule_id is not given, Playbooks are created for every rule.
241		"""
242	2	variables = self.get_benchmark_variables()
243	2	profiles = {}
244	2	for profile_file in os.listdir(self.profiles_dir):
245	2	profile_path = os.path.join(self.profiles_dir, profile_file)
246	2	try:
247	2	profile = self.open_profile(profile_path)
248		except ssg.yaml.DocumentationNotComplete as e:
249		msg = "Skipping incomplete profile {0}. To include incomplete " + \
250		"profiles, build in debug mode.\n"
251		sys.stderr.write(msg.format(profile_path))
252		continue
253		except RuntimeError as e:
254		sys.stderr.write(str(e))
255		continue
256	2	profiles[profile.id_] = profile
257
258	2	if profile_id:
259	2	to_process = [profile_id]
260		else:
261		to_process = list(profiles.keys())
262
263	2	for p in to_process:
264	2	profile = profiles[p]
265	2	if rule_id:
266	2	self.create_playbook_for_single_rule(profile, rule_id,
267		variables)
268		else:
269		self.create_playbooks_for_all_rules_in_profile(
270		profile, variables)
271
272	2	if not profile_id:
273		# build playbooks for virtual '(all)' profile
274		# this virtual profile contains all rules in the product
275		self.create_playbooks_for_all_rules(variables)
276

ComplianceAsCode / content

Push — master ( d4a97d...a9acad )

ssg.playbook_builder B

Complexity

Size/Duplication

Test Coverage

Importance

12 Methods

How to fix Complexity

Complexity

Duplication Side-by-Side

Filter issues like