Test Failed
Push — master ( 6aa15a...501dda )
by Jan
04:52 queued 02:43
created

graph.xml_parser.xml_parser.get_oval_graph()   A

Complexity

Conditions 1

Size

Total Lines 2
Code Lines 2

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 2
CRAP Score 1

Importance

Changes 0
Metric Value
eloc 2
dl 0
loc 2
ccs 2
cts 2
cp 1
rs 10
c 0
b 0
f 0
cc 1
nop 2
crap 1
1
'''
2
    Modules for create node IDs and parsing xml
3
'''
4
5 1
from lxml import etree as ET
6 1
import uuid
7 1
import graph.oval_graph
8 1
import os
9 1
import py
10
11 1
ns = {
12
    'XMLSchema': 'http://oval.mitre.org/XMLSchema/oval-results-5',
13
    'xccdf': 'http://checklists.nist.gov/xccdf/1.2',
14
    'arf': 'http://scap.nist.gov/schema/asset-reporting-format/1.1',
15
    'oval-definitions': 'http://oval.mitre.org/XMLSchema/oval-definitions-5',
16
    'scap': 'http://scap.nist.gov/schema/scap/source/1.2',
17
}
18
19
20 1
class xml_parser():
21 1
    def __init__(self, src):
22 1
        self.src = src
23 1
        self.tree = ET.parse(self.src)
24 1
        self.root = self.tree.getroot()
25 1
        if not self.validate(
26
                '../schemas/arf/1.1/asset-reporting-format_1.1.0.xsd'):
27 1
            raise ValueError("err- This is not arf report file.")
28
29 1
    def get_src(self, src):
30 1
        _dir = os.path.dirname(os.path.realpath(__file__))
31 1
        FIXTURE_DIR = py.path.local(_dir) / src
32 1
        return str(FIXTURE_DIR)
33
34 1
    def validate(self, xsd_path):
35 1
        xsd_path = self.get_src(xsd_path)
36 1
        xmlschema_doc = ET.parse(xsd_path)
37 1
        xmlschema = ET.XMLSchema(xmlschema_doc)
38
39 1
        xml_doc = self.tree
40 1
        result = xmlschema.validate(xml_doc)
41
42 1
        return result
43
44 1
    def get_data(self, href):
45 1
        report_data = None
46 1
        reports = self.root.find('.//arf:reports', ns)
47 1
        for report in reports:
48 1
            if "#" + str(report.get("id")) == href:
49 1
                report_data = report
50
51 1
        trees_data = report_data.find(
52
            ('.//XMLSchema:oval_results/XMLSchema:results/'
53
             'XMLSchema:system/XMLSchema:definitions'), ns)
54 1
        return trees_data
55
56 1
    def get_used_rules(self):
57 1
        rulesResults = self.root.findall(
58
            './/xccdf:TestResult/xccdf:rule-result', ns)
59 1
        rules = []
60 1
        for ruleResult in rulesResults:
61 1
            result = ruleResult.find('.//xccdf:result', ns)
62 1
            if result.text != "notselected":
63 1
                check_content_ref = ruleResult.find(
64
                    './/xccdf:check/xccdf:check-content-ref', ns)
65 1
                if check_content_ref is not None:
66 1
                    rules.append(dict(
67
                        id_rule=ruleResult.get('idref'),
68
                        id_def=check_content_ref.attrib.get('name'),
69
                        href=check_content_ref.attrib.get('href'),
70
                        result=result.text,
71
                    ))
72 1
        return rules
73
74 1
    def get_notselected_rules(self):
75 1
        rulesResults = self.root.findall(
76
            './/xccdf:TestResult/xccdf:rule-result', ns)
77 1
        rules = []
78 1
        for ruleResult in rulesResults:
79 1
            result = ruleResult.find('.//xccdf:result', ns)
80 1
            if result.text == "notselected":
81 1
                rules.append(dict(id_rule=ruleResult.get('idref')))
82 1
        return rules
83
84 1
    def parse_data_to_dict(self, rule_id):
85 1
        scan = dict(definitions=[])
86 1
        used_rules = self.get_used_rules()
87 1
        for i in self.get_data(used_rules[0]['href']):
88 1
            scan['definitions'].append(self.build_graph(i))
89 1
        self.insert_comments(scan)
90 1
        definitions = self._fill_extend_definition(scan)
91 1
        for definition in definitions['definitions']:
92 1
            if self.get_def_id_by_rule_id(rule_id) == definition['id']:
93 1
                return dict(rule_id=rule_id, definition=definition)
94
95 1
    def _xml_dict_to_node(self, dict_of_definition):
96 1
        children = []
97 1
        for child in dict_of_definition['node']:
98 1
            if 'operator' in child and 'id':
99 1
                children.append(self._xml_dict_to_node(child))
100
            else:
101 1
                children.append(
102
                    graph.oval_graph.OvalNode(
103
                        child['value_id'],
104
                        'value',
105
                        child['value'],
106
                        child['negate'],
107
                        child['comment'],
108
                    ))
109
110 1
        if 'id' in dict_of_definition:
111 1
            children[0].node_id = dict_of_definition['id']
112 1
            return children[0]
113
        else:
114 1
            return graph.oval_graph.OvalNode(
115
                str(uuid.uuid4()),
116
                'operator',
117
                dict_of_definition['operator'],
118
                dict_of_definition['negate'],
119
                dict_of_definition['comment'],
120
                children,
121
            )
122
123 1
    def get_def_id_by_rule_id(self, rule_id):
124 1
        used_rules = self.get_used_rules()
125 1
        notselected_rules = self.get_notselected_rules()
126 1
        for rule in notselected_rules:
127 1
            if rule['id_rule'] == rule_id:
128 1
                raise ValueError(
129
                    'err- rule "{}" was not selected, so there are no results.'
130
                    .format(rule_id))
131 1
        for rule in used_rules:
132 1
            if rule['id_rule'] == rule_id:
133 1
                return rule['id_def']
134 1
        raise ValueError('err- 404 rule not found!')
135
136 1
    def get_rule_dict(self, rule_id):
137 1
        return self.parse_data_to_dict(rule_id)
138
139 1
    def xml_dict_of_rule_to_node(self, rule):
140 1
        dict_of_definition = rule['definition']
141 1
        return graph.oval_graph.OvalNode(
142
            rule['rule_id'],
143
            'operator',
144
            'and',
145
            False,
146
            dict_of_definition['comment'],
147
            [self._xml_dict_to_node(dict_of_definition)],
148
        )
149
150 1
    def get_oval_graph(self, rule_id=None):
151 1
        return self.xml_dict_of_rule_to_node(self.parse_data_to_dict(rule_id))
152
153 1
    def build_graph(self, tree_data):
154 1
        graph = dict(
155
            id=tree_data.get('definition_id'),
156
            node=[],
157
        )
158 1
        for tree in tree_data:
159 1
            negate_status = False
160 1
            if 'negate' in tree:
161
                negate_status = self._str_to_bool(tree.get('negate'))
162 1
            graph['negate'] = negate_status
163 1
            graph['node'].append(self._build_node(tree))
164 1
        return graph
165
166 1
    def _str_to_bool(self, s):
167 1
        if s == 'true':
168 1
            return True
169 1
        elif s == 'false':
170 1
            return False
171
        else:
172 1
            raise ValueError('err- negation is not bool')
173
174 1
    def _build_node(self, tree):
175 1
        negate_status = False
176 1
        if tree.get('negate') is not None:
177 1
            negate_status = self._str_to_bool(tree.get('negate'))
178
179 1
        node = dict(
180
            operator=tree.get('operator'),
181
            negate=negate_status,
182
            result=tree.get('result'),
183
            comment=None,
184
            node=[],
185
        )
186 1
        for child in tree:
187 1
            if child.get('operator') is not None:
188 1
                node['node'].append(self._build_node(child))
189
            else:
190 1
                negate_status = False
191 1
                if child.get('negate') is not None:
192 1
                    negate_status = self._str_to_bool(child.get('negate'))
193
194 1
                if child.get('definition_ref') is not None:
195 1
                    node['node'].append(
196
                        dict(
197
                            extend_definition=child.get('definition_ref'),
198
                            result=child.get('result'),
199
                            negate=negate_status,
200
                            comment=None,
201
                        ))
202
                else:
203 1
                    node['node'].append(
204
                        dict(
205
                            value_id=child.get('test_ref'),
206
                            value=child.get('result'),
207
                            negate=negate_status,
208
                            comment=None,
209
                        ))
210 1
        return node
211
212 1
    def _fill_extend_definition(self, scan):
213 1
        out = dict(definitions=[])
214 1
        for definition in scan['definitions']:
215 1
            nodes = []
216 1
            for value in definition['node']:
217 1
                nodes.append(self._operator_as_child(value, scan))
218 1
            out['definitions'].append(
219
                dict(
220
                    id=definition['id'],
221
                    comment=definition['comment'],
222
                    node=nodes,
223
                    ))
224 1
        return out
225
226 1
    def _operator_as_child(self, value, scan):
227 1
        out = dict(
228
            operator=value['operator'],
229
            negate=value['negate'],
230
            result=value['result'],
231
            comment=value['comment'],
232
            node=[],
233
        )
234 1
        for child in value['node']:
235 1
            if 'operator' in child:
236 1
                out['node'].append(self._operator_as_child(child, scan))
237 1
            elif 'extend_definition' in child:
238 1
                out['node'].append(
239
                    self._find_definition_by_id(
240
                        scan,
241
                        child['extend_definition'],
242
                        child['negate'],
243
                        child['comment'],
244
                    ))
245 1
            elif 'value_id' in child:
246 1
                out['node'].append(child)
247
            else:
248
                raise ValueError('error - unknown child')
249 1
        return out
250
251 1
    def _find_definition_by_id(self, scan, id, negate_status, comment):
252 1
        for definition in scan['definitions']:
253 1
            if definition['id'] == id:
254 1
                definition['node'][0]['negate'] = negate_status
255 1
                definition['node'][0]['comment'] = comment
256 1
                return self._operator_as_child(definition['node'][0], scan)
257
258 1
    def create_dict_form_criteria(self, criteria):
259 1
        comments = dict(
260
            operator='AND' if criteria.get('operator') is None else criteria.get('operator'),
261
            comment=criteria.get('comment'),
262
            node=[],
263
        )
264 1
        for criterion in criteria:
265 1
            if criterion.get('operator'):
266 1
                comments['node'].append(
267
                    self.create_dict_form_criteria(criterion))
268
            else:
269 1
                if criterion.get('definition_ref'):
270 1
                    comments['node'].append(
271
                        dict(
272
                            extend_definition=criterion.get('definition_ref'),
273
                            comment=criterion.get('comment'),
274
                        ))
275
                else:
276 1
                    comments['node'].append(
277
                        dict(
278
                            value_id=criterion.get('test_ref'),
279
                            comment=criterion.get('comment'),
280
                        ))
281 1
        return comments
282
283 1
    def prepare_definition_comments(self, oval_definitions):
284 1
        definitions = []
285 1
        for definition in oval_definitions:
286 1
            comment_definition = dict(
287
                id=definition.get('id'), comment=None, node=[])
288 1
            title = definition.find(
289
                './/oval-definitions:metadata/oval-definitions:title', ns)
290 1
            comment_definition['comment'] = title.text
291 1
            criteria = definition.find('.//oval-definitions:criteria', ns)
292 1
            comment_definition['node'].append(
293
                self.create_dict_form_criteria(criteria))
294 1
            definitions.append(comment_definition)
295 1
        return definitions
296
297 1
    def is_definition_in_array(self, definition_, array):
298
        for definition in array:
299
            if definition_['id'] == definition['id']:
300
                return True
301
        return False
302
303 1
    def recursive_help_fill_comments(self, comments, nodes):
304 1
        out = nodes
305 1
        out['comment'] = comments['comment']
306 1
        for node, comment in zip(out['node'], comments['node']):
307 1
            node['comment'] = comment['comment']
308 1
            if 'operator' in node:
309 1
                self.recursive_help_fill_comments(comment, node)
310
311 1
    def fill_comment(self, comment_definition, data_definition):
312 1
        comments = comment_definition['node'][0]
313 1
        nodes = data_definition['node'][0]
314 1
        data_definition['comment'] = comment_definition['comment']
315 1
        self.recursive_help_fill_comments(comments, nodes)
316
317 1
    def insert_comments(self, data):
318 1
        oval_def = self.root.find(
319
            './/arf:report-requests/arf:report-request/'
320
            'arf:content/scap:data-stream-collection/'
321
            'scap:component/oval-definitions:oval_definitions/'
322
            'oval-definitions:definitions', ns)
323 1
        comment_definitions = self.prepare_definition_comments(oval_def)
324
325 1
        for data_definition in data['definitions']:
326 1
            for comment_definition in comment_definitions:
327 1
                if comment_definition['id'] == data_definition['id']:
328
                    self.fill_comment(comment_definition, data_definition)
329