collect_remediations.main() - Code Metrics - Inspection of "Merge pull request #8043 from ComplianceAsCode/cpe..." - ComplianceAsCode/content - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Push — master ( 36ef11...81e955 )

by Jan

created 2022-02-02 08:10 UTC

collect_remediations.main() B

↳ Parent: collect_remediations

Complexity

Conditions

Size

Total Lines	32
Code Lines	25

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	30

Importance

Changes

Metric	Value
cc	5
eloc	25
nop	0
dl	0
loc	32
ccs	0
cts	22
cp	0
crap	30
rs	8.8133
c	0
b	0
f	0

#!/usr/bin/env python

import sys
import os
import os.path
import argparse

import ssg.build_remediations as remediation
import ssg.build_yaml
import ssg.rules
import ssg.jinja
import ssg.environment
import ssg.utils
import ssg.xml
from ssg.build_cpe import ProductCPEs


def parse_args():
    p = argparse.ArgumentParser(
        description="This script collects all remediation scripts, both "
        "static and templated, processes them with Jinja and puts them to "
        "the given output directory.")
    p.add_argument(
        "--build-config-yaml", required=True,
        help="YAML file with information about the build configuration. "
        "e.g.: ~/scap-security-guide/build/build_config.yml"
    )
    p.add_argument(
        "--product-yaml", required=True,
        help="YAML file with information about the product we are building. "
        "e.g.: ~/scap-security-guide/rhel7/product.yml"
    )
    p.add_argument(
        "--resolved-rules-dir", required=True,
        help="Directory with <rule-id>.yml resolved rule YAMLs"
    )
    p.add_argument(
        "--remediation-type", required=True, action="append",
        help="language or type of the remediations we are combining."
        "example: ansible")
    p.add_argument(
        "--output-dir", required=True,
        help="output directory where all remediations will be saved"
    )
    p.add_argument(
        "--fixes-from-templates-dir", required=True,
        help="directory from which we will collect fixes generated from "
        "templates")
    p.add_argument(
        "--platforms-dir", required=True,
        help="directory from which we collect compiled platforms")

    return p.parse_args()


def prepare_output_dirs(output_dir, remediation_types):
    output_dirs = dict()
    for lang in remediation_types:
        language_output_dir = os.path.join(output_dir, lang)
        if not os.path.exists(language_output_dir):
            os.makedirs(language_output_dir)
        output_dirs[lang] = language_output_dir
    return output_dirs


def find_remediation(
        fixes_from_templates_dir, rule_dir, lang, product, expected_file_name):
    language_fixes_from_templates_dir = os.path.join(
        fixes_from_templates_dir, lang)
    fix_path = None
    # first look for a static remediation
    rule_dir_remediations = remediation.get_rule_dir_remediations(
        rule_dir, lang, product)
    if len(rule_dir_remediations) > 0:
        # first item in the list has the highest priority
        fix_path = rule_dir_remediations[0]
    if fix_path is None:
        # check if we have a templated remediation instead
        if os.path.isdir(language_fixes_from_templates_dir):
            templated_fix_path = os.path.join(
                language_fixes_from_templates_dir, expected_file_name)
            if os.path.exists(templated_fix_path):
                fix_path = templated_fix_path
    return fix_path


def process_remediation(
        rule, fix_path, lang, output_dirs, expected_file_name, env_yaml, cpe_platforms):
    remediation_cls = remediation.REMEDIATION_TO_CLASS[lang]
    remediation_obj = remediation_cls(fix_path)
    remediation_obj.associate_rule(rule)
    fix = remediation.process(remediation_obj, env_yaml, cpe_platforms)
    if fix:
        output_file_path = os.path.join(output_dirs[lang], expected_file_name)
        remediation.write_fix_to_file(fix, output_file_path)


def collect_remediations(
        rule, langs, fixes_from_templates_dir, product, output_dirs,
        env_yaml, cpe_platforms):
    rule_dir = os.path.dirname(rule.definition_location)
    for lang in langs:
        ext = remediation.REMEDIATION_TO_EXT_MAP[lang]
        expected_file_name = rule.id_ + ext
        fix_path = find_remediation(
            fixes_from_templates_dir, rule_dir, lang, product,
            expected_file_name)
        if fix_path is None:
            # neither static nor templated remediation found
            continue
        process_remediation(
            rule, fix_path, lang, output_dirs, expected_file_name, env_yaml, cpe_platforms)


def main():
    args = parse_args()

    env_yaml = ssg.environment.open_environment(
        args.build_config_yaml, args.product_yaml)

    product = ssg.utils.required_key(env_yaml, "product")
    output_dirs = prepare_output_dirs(args.output_dir, args.remediation_type)
    product_cpes = ProductCPEs(env_yaml)
    cpe_platforms = dict()
    for platform_file in os.listdir(args.platforms_dir):
        platform_path = os.path.join(args.platforms_dir, platform_file)
        try:
            platform = ssg.build_yaml.Platform.from_yaml(platform_path, env_yaml, product_cpes)
        except ssg.build_yaml.DocumentationNotComplete:
            # Happens on non-debug build when a platform is
            # "documentation-incomplete"
            continue
        cpe_platforms[platform.name] = platform

    for rule_file in os.listdir(args.resolved_rules_dir):
        rule_path = os.path.join(args.resolved_rules_dir, rule_file)
        try:
            rule = ssg.build_yaml.Rule.from_yaml(rule_path, env_yaml)
        except ssg.build_yaml.DocumentationNotComplete:
            # Happens on non-debug build when a rule is
            # "documentation-incomplete"
            continue
        collect_remediations(
            rule, args.remediation_type, args.fixes_from_templates_dir,
            product, output_dirs, env_yaml, cpe_platforms)
    sys.exit(0)


if __name__ == "__main__":
    main()


1			#!/usr/bin/env python
2
3			import sys
4			import os
5			import os.path
6			import argparse
7
8			import ssg.build_remediations as remediation
9			import ssg.build_yaml
10			import ssg.rules
11			import ssg.jinja
12			import ssg.environment
13			import ssg.utils
14			import ssg.xml
15			from ssg.build_cpe import ProductCPEs
16
17
18			def parse_args():
19			p = argparse.ArgumentParser(
20			description="This script collects all remediation scripts, both "
21			"static and templated, processes them with Jinja and puts them to "
22			"the given output directory.")
23			p.add_argument(
24			"--build-config-yaml", required=True,
25			help="YAML file with information about the build configuration. "
26			"e.g.: ~/scap-security-guide/build/build_config.yml"
27			)
28			p.add_argument(
29			"--product-yaml", required=True,
30			help="YAML file with information about the product we are building. "
31			"e.g.: ~/scap-security-guide/rhel7/product.yml"
32			)
33			p.add_argument(
34			"--resolved-rules-dir", required=True,
35			help="Directory with <rule-id>.yml resolved rule YAMLs"
36			)
37			p.add_argument(
38			"--remediation-type", required=True, action="append",
39			help="language or type of the remediations we are combining."
40			"example: ansible")
41			p.add_argument(
42			"--output-dir", required=True,
43			help="output directory where all remediations will be saved"
44			)
45			p.add_argument(
46			"--fixes-from-templates-dir", required=True,
47			help="directory from which we will collect fixes generated from "
48			"templates")
49			p.add_argument(
50			"--platforms-dir", required=True,
51			help="directory from which we collect compiled platforms")
52
53			return p.parse_args()
54
55
56			def prepare_output_dirs(output_dir, remediation_types):
57			output_dirs = dict()
58			for lang in remediation_types:
59			language_output_dir = os.path.join(output_dir, lang)
60			if not os.path.exists(language_output_dir):
61			os.makedirs(language_output_dir)
62			output_dirs[lang] = language_output_dir
63			return output_dirs
64
65
66			def find_remediation(
67			fixes_from_templates_dir, rule_dir, lang, product, expected_file_name):
68			language_fixes_from_templates_dir = os.path.join(
69			fixes_from_templates_dir, lang)
70			fix_path = None
71			# first look for a static remediation
72			rule_dir_remediations = remediation.get_rule_dir_remediations(
73			rule_dir, lang, product)
74			if len(rule_dir_remediations) > 0:
75			# first item in the list has the highest priority
76			fix_path = rule_dir_remediations[0]
77			if fix_path is None:
78			# check if we have a templated remediation instead
79			if os.path.isdir(language_fixes_from_templates_dir):
80			templated_fix_path = os.path.join(
81			language_fixes_from_templates_dir, expected_file_name)
82			if os.path.exists(templated_fix_path):
83			fix_path = templated_fix_path
84			return fix_path
85
86
87			def process_remediation(
88			rule, fix_path, lang, output_dirs, expected_file_name, env_yaml, cpe_platforms):
89			remediation_cls = remediation.REMEDIATION_TO_CLASS[lang]
90			remediation_obj = remediation_cls(fix_path)
91			remediation_obj.associate_rule(rule)
92			fix = remediation.process(remediation_obj, env_yaml, cpe_platforms)
93			if fix:
94			output_file_path = os.path.join(output_dirs[lang], expected_file_name)
95			remediation.write_fix_to_file(fix, output_file_path)
96
97
98			def collect_remediations(
99			rule, langs, fixes_from_templates_dir, product, output_dirs,
100			env_yaml, cpe_platforms):
101			rule_dir = os.path.dirname(rule.definition_location)
102			for lang in langs:
103			ext = remediation.REMEDIATION_TO_EXT_MAP[lang]
104			expected_file_name = rule.id_ + ext
105			fix_path = find_remediation(
106			fixes_from_templates_dir, rule_dir, lang, product,
107			expected_file_name)
108			if fix_path is None:
109			# neither static nor templated remediation found
110			continue
111			process_remediation(
112			rule, fix_path, lang, output_dirs, expected_file_name, env_yaml, cpe_platforms)
113
114
115			def main():
116			args = parse_args()
117
118			env_yaml = ssg.environment.open_environment(
119			args.build_config_yaml, args.product_yaml)
120
121			product = ssg.utils.required_key(env_yaml, "product")
122			output_dirs = prepare_output_dirs(args.output_dir, args.remediation_type)
123			product_cpes = ProductCPEs(env_yaml)
124			cpe_platforms = dict()
125			for platform_file in os.listdir(args.platforms_dir):
126			platform_path = os.path.join(args.platforms_dir, platform_file)
127			try:
128			platform = ssg.build_yaml.Platform.from_yaml(platform_path, env_yaml, product_cpes)
129			except ssg.build_yaml.DocumentationNotComplete:
130			# Happens on non-debug build when a platform is
131			# "documentation-incomplete"
132			continue
133			cpe_platforms[platform.name] = platform
134
135			for rule_file in os.listdir(args.resolved_rules_dir):
136			rule_path = os.path.join(args.resolved_rules_dir, rule_file)
137			try:
138			rule = ssg.build_yaml.Rule.from_yaml(rule_path, env_yaml)
139			except ssg.build_yaml.DocumentationNotComplete:
140			# Happens on non-debug build when a rule is
141			# "documentation-incomplete"
142			continue
143			collect_remediations(
144			rule, args.remediation_type, args.fixes_from_templates_dir,
145			product, output_dirs, env_yaml, cpe_platforms)
146			sys.exit(0)
147
148
149			if __name__ == "__main__":
150			main()
151

ComplianceAsCode / content

Push — master ( 36ef11...81e955 )

collect_remediations.main() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like