ComplianceAsCode /
content
| Conditions | 19 |
| Total Lines | 269 |
| Code Lines | 228 |
| Lines | 0 |
| Ratio | 0 % |
| Tests | 0 |
| CRAP Score | 380 |
| Changes | 0 | ||
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
Complex classes like ssg.build_profile.XCCDFBenchmark.get_profile_stats() often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
| 1 | from __future__ import absolute_import |
||
| 136 | def get_profile_stats(self, profile): |
||
| 137 | """Obtain statistics for the profile""" |
||
| 138 | |||
| 139 | # Holds the intermediary statistics for profile |
||
| 140 | profile_stats = { |
||
| 141 | 'profile_id': "", |
||
| 142 | 'ssg_version': 0, |
||
| 143 | 'rules': [], |
||
| 144 | 'rules_count': 0, |
||
| 145 | 'implemented_ovals': [], |
||
| 146 | 'implemented_ovals_pct': 0, |
||
| 147 | 'missing_ovals': [], |
||
| 148 | 'implemented_sces': [], |
||
| 149 | 'implemented_sces_pct': 0, |
||
| 150 | 'missing_sces': [], |
||
| 151 | 'implemented_checks': [], |
||
| 152 | 'implemented_checks_pct': 0, |
||
| 153 | 'missing_checks': [], |
||
| 154 | 'implemented_bash_fixes': [], |
||
| 155 | 'implemented_bash_fixes_pct': 0, |
||
| 156 | 'implemented_ansible_fixes': [], |
||
| 157 | 'implemented_ansible_fixes_pct': 0, |
||
| 158 | 'implemented_ignition_fixes': [], |
||
| 159 | 'implemented_ignition_fixes_pct': 0, |
||
| 160 | 'implemented_kubernetes_fixes': [], |
||
| 161 | 'implemented_kubernetes_fixes_pct': 0, |
||
| 162 | 'implemented_puppet_fixes': [], |
||
| 163 | 'implemented_puppet_fixes_pct': 0, |
||
| 164 | 'implemented_anaconda_fixes': [], |
||
| 165 | 'implemented_anaconda_fixes_pct': 0, |
||
| 166 | 'missing_bash_fixes': [], |
||
| 167 | 'missing_ansible_fixes': [], |
||
| 168 | 'missing_ignition_fixes': [], |
||
| 169 | 'missing_kubernetes_fixes': [], |
||
| 170 | 'missing_puppet_fixes': [], |
||
| 171 | 'missing_anaconda_fixes': [], |
||
| 172 | 'implemented_fixes': [], |
||
| 173 | 'implemented_fixes_pct': 0, |
||
| 174 | 'missing_fixes': [], |
||
| 175 | 'assigned_cces': [], |
||
| 176 | 'assigned_cces_pct': 0, |
||
| 177 | 'missing_cces': [], |
||
| 178 | 'missing_stig_ids': [], |
||
| 179 | 'missing_cis_refs': [], |
||
| 180 | 'missing_hipaa_refs': [], |
||
| 181 | 'missing_anssi_refs': [], |
||
| 182 | 'missing_ospp_refs': [], |
||
| 183 | 'missing_cui_refs': [], |
||
| 184 | 'ansible_parity': [], |
||
| 185 | } |
||
| 186 | |||
| 187 | rule_stats = [] |
||
| 188 | ssg_version_elem = self.tree.find("./{%s}version[@update=\"%s\"]" % |
||
| 189 | (xccdf_ns, ssg_version_uri)) |
||
| 190 | |||
| 191 | rules = [] |
||
| 192 | |||
| 193 | if profile == "all": |
||
| 194 | # "all" is a virtual profile that selects all rules |
||
| 195 | rules = self.indexed_rules.values() |
||
| 196 | else: |
||
| 197 | xccdf_profile = self.tree.find("./{%s}Profile[@id=\"%s\"]" % |
||
| 198 | (xccdf_ns, profile)) |
||
| 199 | if xccdf_profile is None: |
||
| 200 | print("No such profile \"%s\" found in the benchmark!" |
||
| 201 | % profile) |
||
| 202 | print("* Available profiles:") |
||
| 203 | profiles_avail = self.tree.findall("./{%s}Profile" % (xccdf_ns)) |
||
| 204 | for _profile in profiles_avail: |
||
| 205 | print("** %s" % _profile.get('id')) |
||
| 206 | sys.exit(1) |
||
| 207 | |||
| 208 | # This will only work with SSG where the (default) profile has zero |
||
| 209 | # selected rule. If you want to reuse this for custom content, you |
||
| 210 | # need to change this to look into Rule/@selected |
||
| 211 | selects = xccdf_profile.findall("./{%s}select[@selected=\"true\"]" % |
||
| 212 | xccdf_ns) |
||
| 213 | |||
| 214 | for select in selects: |
||
| 215 | rule_id = select.get('idref') |
||
| 216 | xccdf_rule = self.indexed_rules.get(rule_id) |
||
| 217 | if xccdf_rule is not None: |
||
| 218 | # it could also be a Group |
||
| 219 | rules.append(xccdf_rule) |
||
| 220 | |||
| 221 | for rule in rules: |
||
| 222 | if rule is not None: |
||
| 223 | oval = rule.find("./{%s}check[@system=\"%s\"]" % |
||
| 224 | (xccdf_ns, oval_ns)) |
||
| 225 | sce = rule.find("./{%s}check[@system=\"%s\"]" % |
||
| 226 | (xccdf_ns, sce_ns)) |
||
| 227 | bash_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 228 | (xccdf_ns, bash_rem_system)) |
||
| 229 | ansible_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 230 | (xccdf_ns, ansible_rem_system)) |
||
| 231 | ignition_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 232 | (xccdf_ns, ignition_rem_system)) |
||
| 233 | kubernetes_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 234 | (xccdf_ns, kubernetes_rem_system)) |
||
| 235 | puppet_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 236 | (xccdf_ns, puppet_rem_system)) |
||
| 237 | anaconda_fix = rule.find("./{%s}fix[@system=\"%s\"]" % |
||
| 238 | (xccdf_ns, anaconda_rem_system)) |
||
| 239 | cce = rule.find("./{%s}ident[@system=\"%s\"]" % |
||
| 240 | (xccdf_ns, cce_uri)) |
||
| 241 | stig_id = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 242 | (xccdf_ns, self.stig_ns)) |
||
| 243 | cis_ref = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 244 | (xccdf_ns, self.cis_ns)) |
||
| 245 | hipaa_ref = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 246 | (xccdf_ns, hipaa_ns)) |
||
| 247 | anssi_ref = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 248 | (xccdf_ns, anssi_ns)) |
||
| 249 | ospp_ref = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 250 | (xccdf_ns, ospp_ns)) |
||
| 251 | cui_ref = rule.find("./{%s}reference[@href=\"%s\"]" % |
||
| 252 | (xccdf_ns, cui_ns)) |
||
| 253 | |||
| 254 | rule_stats.append( |
||
| 255 | RuleStats(rule.get("id"), oval, sce, |
||
| 256 | bash_fix, ansible_fix, ignition_fix, |
||
| 257 | kubernetes_fix, puppet_fix, anaconda_fix, |
||
| 258 | cce, stig_id, cis_ref, hipaa_ref, anssi_ref, |
||
| 259 | ospp_ref, cui_ref) |
||
| 260 | ) |
||
| 261 | |||
| 262 | if not rule_stats: |
||
| 263 | print('Unable to retrieve statistics for %s profile' % profile) |
||
| 264 | sys.exit(1) |
||
| 265 | |||
| 266 | rule_stats.sort(key=lambda r: r.dict['id']) |
||
| 267 | |||
| 268 | for rule in rule_stats: |
||
| 269 | profile_stats['rules'].append(rule.dict['id']) |
||
| 270 | |||
| 271 | profile_stats['profile_id'] = profile |
||
| 272 | if ssg_version_elem is not None: |
||
| 273 | profile_stats['ssg_version'] = \ |
||
| 274 | 'SCAP Security Guide %s' % ssg_version_elem.text |
||
| 275 | profile_stats['rules_count'] = len(rule_stats) |
||
| 276 | profile_stats['implemented_ovals'] = \ |
||
| 277 | [x.dict['id'] for x in rule_stats if x.dict['oval'] is not None] |
||
| 278 | profile_stats['implemented_ovals_pct'] = \ |
||
| 279 | float(len(profile_stats['implemented_ovals'])) / \ |
||
| 280 | profile_stats['rules_count'] * 100 |
||
| 281 | profile_stats['missing_ovals'] = \ |
||
| 282 | [x.dict['id'] for x in rule_stats if x.dict['oval'] is None] |
||
| 283 | |||
| 284 | profile_stats['implemented_sces'] = \ |
||
| 285 | [x.dict['id'] for x in rule_stats if x.dict['sce'] is not None] |
||
| 286 | profile_stats['implemented_sces_pct'] = \ |
||
| 287 | float(len(profile_stats['implemented_sces'])) / \ |
||
| 288 | profile_stats['rules_count'] * 100 |
||
| 289 | profile_stats['missing_sces'] = \ |
||
| 290 | [x.dict['id'] for x in rule_stats if x.dict['sce'] is None] |
||
| 291 | |||
| 292 | profile_stats['implemented_checks'] = \ |
||
| 293 | [x.dict['id'] for x in rule_stats if x.dict['check'] is not None] |
||
| 294 | profile_stats['implemented_checks_pct'] = \ |
||
| 295 | float(len(profile_stats['implemented_checks'])) / \ |
||
| 296 | profile_stats['rules_count'] * 100 |
||
| 297 | profile_stats['missing_checks'] = \ |
||
| 298 | [x.dict['id'] for x in rule_stats if x.dict['check'] is None] |
||
| 299 | |||
| 300 | profile_stats['implemented_bash_fixes'] = \ |
||
| 301 | [x.dict['id'] for x in rule_stats if x.dict['bash_fix'] is not None] |
||
| 302 | profile_stats['implemented_bash_fixes_pct'] = \ |
||
| 303 | float(len(profile_stats['implemented_bash_fixes'])) / \ |
||
| 304 | profile_stats['rules_count'] * 100 |
||
| 305 | profile_stats['missing_bash_fixes'] = \ |
||
| 306 | [x.dict['id'] for x in rule_stats if x.dict['bash_fix'] is None] |
||
| 307 | |||
| 308 | profile_stats['implemented_ansible_fixes'] = \ |
||
| 309 | [x.dict['id'] for x in rule_stats if x.dict['ansible_fix'] is not None] |
||
| 310 | profile_stats['implemented_ansible_fixes_pct'] = \ |
||
| 311 | float(len(profile_stats['implemented_ansible_fixes'])) / \ |
||
| 312 | profile_stats['rules_count'] * 100 |
||
| 313 | profile_stats['missing_ansible_fixes'] = \ |
||
| 314 | [x.dict['id'] for x in rule_stats if x.dict['ansible_fix'] is None] |
||
| 315 | |||
| 316 | profile_stats['implemented_ignition_fixes'] = \ |
||
| 317 | [x.dict['id'] for x in rule_stats if x.dict['ignition_fix'] is not None] |
||
| 318 | profile_stats['implemented_ignition_fixes_pct'] = \ |
||
| 319 | float(len(profile_stats['implemented_ignition_fixes'])) / \ |
||
| 320 | profile_stats['rules_count'] * 100 |
||
| 321 | profile_stats['missing_ignition_fixes'] = \ |
||
| 322 | [x.dict['id'] for x in rule_stats if x.dict['ignition_fix'] is None] |
||
| 323 | |||
| 324 | profile_stats['implemented_kubernetes_fixes'] = \ |
||
| 325 | [x.dict['id'] for x in rule_stats if x.dict['kubernetes_fix'] is not None] |
||
| 326 | profile_stats['implemented_kubernetes_fixes_pct'] = \ |
||
| 327 | float(len(profile_stats['implemented_kubernetes_fixes'])) / \ |
||
| 328 | profile_stats['rules_count'] * 100 |
||
| 329 | profile_stats['missing_kubernetes_fixes'] = \ |
||
| 330 | [x.dict['id'] for x in rule_stats if x.dict['kubernetes_fix'] is None] |
||
| 331 | |||
| 332 | profile_stats['implemented_puppet_fixes'] = \ |
||
| 333 | [x.dict['id'] for x in rule_stats if x.dict['puppet_fix'] is not None] |
||
| 334 | profile_stats['implemented_puppet_fixes_pct'] = \ |
||
| 335 | float(len(profile_stats['implemented_puppet_fixes'])) / \ |
||
| 336 | profile_stats['rules_count'] * 100 |
||
| 337 | profile_stats['missing_puppet_fixes'] = \ |
||
| 338 | [x.dict['id'] for x in rule_stats if x.dict['puppet_fix'] is None] |
||
| 339 | |||
| 340 | profile_stats['implemented_anaconda_fixes'] = \ |
||
| 341 | [x.dict['id'] for x in rule_stats if x.dict['anaconda_fix'] is not None] |
||
| 342 | |||
| 343 | profile_stats['implemented_fixes'] = \ |
||
| 344 | [x.dict['id'] for x in rule_stats if x.dict['fix'] is not None] |
||
| 345 | profile_stats['implemented_fixes_pct'] = \ |
||
| 346 | float(len(profile_stats['implemented_fixes'])) / \ |
||
| 347 | profile_stats['rules_count'] * 100 |
||
| 348 | profile_stats['missing_fixes'] = \ |
||
| 349 | [x.dict['id'] for x in rule_stats if x.dict['fix'] is None] |
||
| 350 | |||
| 351 | profile_stats['missing_stig_ids'] = [] |
||
| 352 | if 'stig' in profile_stats['profile_id']: |
||
| 353 | profile_stats['missing_stig_ids'] = \ |
||
| 354 | [x.dict['id'] for x in rule_stats if x.dict['stig_id'] is None] |
||
| 355 | |||
| 356 | profile_stats['missing_cis_refs'] = [] |
||
| 357 | if 'cis' in profile_stats['profile_id']: |
||
| 358 | profile_stats['missing_cis_refs'] = \ |
||
| 359 | [x.dict['id'] for x in rule_stats if x.dict['cis_ref'] is None] |
||
| 360 | |||
| 361 | profile_stats['missing_hipaa_refs'] = [] |
||
| 362 | if 'hipaa' in profile_stats['profile_id']: |
||
| 363 | profile_stats['missing_hipaa_refs'] = \ |
||
| 364 | [x.dict['id'] for x in rule_stats if x.dict['hipaa_ref'] is None] |
||
| 365 | |||
| 366 | profile_stats['missing_anssi_refs'] = [] |
||
| 367 | if 'anssi' in profile_stats['profile_id']: |
||
| 368 | profile_stats['missing_anssi_refs'] = \ |
||
| 369 | [x.dict['id'] for x in rule_stats if x.dict['anssi_ref'] is None] |
||
| 370 | |||
| 371 | profile_stats['missing_ospp_refs'] = [] |
||
| 372 | if 'ospp' in profile_stats['profile_id']: |
||
| 373 | profile_stats['missing_ospp_refs'] = \ |
||
| 374 | [x.dict['id'] for x in rule_stats if x.dict['ospp_ref'] is None] |
||
| 375 | |||
| 376 | profile_stats['missing_cui_refs'] = [] |
||
| 377 | if 'cui' in profile_stats['profile_id']: |
||
| 378 | profile_stats['missing_cui_refs'] = \ |
||
| 379 | [x.dict['id'] for x in rule_stats if x.dict['cui_ref'] is None] |
||
| 380 | |||
| 381 | profile_stats['implemented_anaconda_fixes_pct'] = \ |
||
| 382 | float(len(profile_stats['implemented_anaconda_fixes'])) / \ |
||
| 383 | profile_stats['rules_count'] * 100 |
||
| 384 | profile_stats['missing_anaconda_fixes'] = \ |
||
| 385 | [x.dict['id'] for x in rule_stats if x.dict['anaconda_fix'] is None] |
||
| 386 | |||
| 387 | profile_stats['assigned_cces'] = \ |
||
| 388 | [x.dict['id'] for x in rule_stats if x.dict['cce'] is not None] |
||
| 389 | profile_stats['assigned_cces_pct'] = \ |
||
| 390 | float(len(profile_stats['assigned_cces'])) / \ |
||
| 391 | profile_stats['rules_count'] * 100 |
||
| 392 | profile_stats['missing_cces'] = \ |
||
| 393 | [x.dict['id'] for x in rule_stats if x.dict['cce'] is None] |
||
| 394 | |||
| 395 | profile_stats['ansible_parity'] = \ |
||
| 396 | [rule_id for rule_id in profile_stats["missing_ansible_fixes"] if rule_id not in profile_stats["missing_bash_fixes"]] |
||
| 397 | profile_stats['ansible_parity_pct'] = 0 |
||
| 398 | if len(profile_stats['implemented_bash_fixes']): |
||
| 399 | profile_stats['ansible_parity_pct'] = \ |
||
| 400 | float(len(profile_stats['implemented_bash_fixes']) - |
||
| 401 | len(profile_stats['ansible_parity'])) / \ |
||
| 402 | len(profile_stats['implemented_bash_fixes']) * 100 |
||
| 403 | |||
| 404 | return profile_stats |
||
| 405 | |||
| 785 |
