Initial commit.

Author: silug

.gitignore

@@ -0,0 +1,16 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+/vendor/
+/Gemfile.lock
+
+.*.sw?

.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

Gemfile

@@ -0,0 +1,7 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in scelint.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"

README.md

@@ -0,0 +1,36 @@
+# Scelint
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/scelint`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'scelint'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install scelint
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/scelint.
+

Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

exe/scelint

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'scelint'
+
+to_check = ARGV.empty? ? ['.'] : ARGV
+lint = Scelint::Lint.new(to_check)
+
+count = lint.files.count
+
+if count.zero?
+  warn 'No SCE data found.'
+else
+  lint.errors.each do |error|
+    warn error
+  end
+
+  lint.warnings.each do |warning|
+    warn warning
+  end
+
+  message = "Checked #{count} files."
+  if lint.errors.count == 0
+    message += "  No errors."
+    exit_code = 0
+  else
+    message += "  #{lint.errors.count} errors."
+    exit_code = 1
+  end
+
+  if lint.warnings.count > 0
+    message += "  #{lint.warnings.count} warnings."
+  end
+
+  puts message
+  exit exit_code
+end

lib/scelint.rb

@@ -0,0 +1,253 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'json'
+require 'deep_merge'
+
+require 'scelint/version'
+
+module Scelint
+  class Error < StandardError; end
+  # Your code goes here...
+
+  class Lint
+    def initialize(paths = ['.'])
+      @data = {}
+      @errors = []
+      @warnings = []
+
+      merged_data = {}
+
+      paths.each do |path|
+        if File.directory?(path)
+          [
+            'SIMP/compliance_profiles',
+            'simp/compliance_profiles',
+          ].each do |dir|
+            ['yaml', 'json'].each do |type|
+              Dir.glob("#{path}/#{dir}/**/*.#{type}").each do |file|
+                @data[file] = parse(file)
+                merged_data = merged_data.deep_merge!(@data[file])
+              end
+            end
+          end
+        elsif File.exist?(path)
+          @data[path] = parse(path)
+        else
+          raise "Can't find path '#{path}'"
+        end
+      end
+
+      return nil if @data.empty?
+
+      @data['merged data'] = merged_data
+
+      @data.each do |file, data|
+        lint(file, data)
+      end
+
+      @data
+    end
+
+    def parse(file)
+      return @data[file] if @data[file]
+
+      type = case file
+             when %r{\.yaml$}
+               'yaml'
+             when %r{\.json$}
+               'json'
+             else
+               nil
+             end
+      return YAML.safe_load(File.read(file)) if type == 'yaml'
+      return JSON.parse(File.read(file)) if type == 'json'
+
+      raise "Failed to determine file type of '#{file}'"
+    end
+
+    def files
+      @data.keys - ['merged data']
+    end
+
+    def warnings
+      @warnings
+    end
+
+    def errors
+      @errors
+    end
+
+    def check_version(file, data)
+      @errors << "Version check failed in #{file}." unless data['version'] == '2.0.0'
+    end
+
+    def check_keys(file, data)
+      ok = ['version', 'profiles', 'ce', 'checks']
+
+      data.keys.each do |key|
+        @warnings << "Unexpected key '#{key}' found in #{file}." unless ok.include?(key)
+      end
+    end
+
+    def check_title(file, data)
+      @warnings << "Bad title #{data} in #{file}." unless data.is_a?(String)
+    end
+
+    def check_description(file, data)
+      @warnings << "Bad description #{data} in #{file}." unless data.is_a?(String)
+    end
+
+    def check_controls(file, data)
+      @warnings << "Bad controls #{data} in #{file}." unless data.is_a?(Hash)
+
+      data.each do |key, value|
+        @warnings << "Bad control #{key} in #{file}." unless key.is_a?(String) && value # Should be truthy
+      end
+    end
+
+    def check_profile_ces(file, data)
+      @warnings << "Bad ces #{data} in #{file}." unless data.is_a?(Hash)
+
+      data.each do |key, value|
+        @warnings << "Bad ce #{key} in #{file}." unless key.is_a?(String) && value.is_a?(TrueClass)
+      end
+    end
+
+    def check_confine(file, data)
+      @warnings << "Bad confine #{data} in #{file}." unless data.is_a?(Hash)
+    end
+
+    def check_identifiers(file, data)
+      @warnings << "Bad identifiers #{data} in #{file}." unless data.is_a?(Hash)
+
+      data.each do |key, value|
+        @warnings << "Bad identifier #{key} in #{file}." unless key.is_a?(String) && value.is_a?(Array)
+        value.each do |identifier|
+          @warnings << "Bad identifier #{identifier} in #{file}." unless identifier.is_a?(String)
+        end
+      end
+    end
+
+    def check_oval_ids(file, data)
+      @warnings << "Bad oval-ids #{data} in #{file}." unless data.is_a?(Array)
+
+      data.each do |key|
+        @warnings << "Bad oval-id #{key} in #{file}." unless key.is_a?(String)
+      end
+    end
+
+    def check_imported_data(file, data)
+      ok = ['checktext', 'fixtext']
+
+      data.each do |key, value|
+        @warnings << "Unexpected key '#{key}' found in #{file}" unless ok.include?(key)
+
+        @warnings << "Bad #{key} data in #{file}: '#{value}'" unless value.is_a?(String)
+      end
+    end
+
+    def check_profiles(file, data)
+      ok = [
+        'title',
+        'description',
+        'controls',
+        'ces',
+        'confine',
+      ]
+
+      data.each do |profile, value|
+        value.keys.each do |key|
+          @warnings << "Unexpected key '#{key}' found in #{file} (profile '#{profile}')." unless ok.include?(key)
+        end
+
+        check_title(file, value['title']) unless value['title'].nil?
+        check_description(file, value['description']) unless value['description'].nil?
+        check_controls(file, value['controls']) unless value['controls'].nil?
+        check_profile_ces(file, value['ces']) unless value['ces'].nil?
+        check_confine(file, value['confine']) unless value['confine'].nil?
+      end
+    end
+
+    def check_ce(file, data)
+      ok = [
+        'title',
+        'description',
+        'controls',
+        'identifiers',
+        'oval-ids',
+        'confine',
+        'imported_data',
+      ]
+
+      data.each do |ce, value|
+        value.keys.each do |key|
+          @warnings << "Unexpected key '#{key}' found in #{file} (CE '#{ce}')." unless ok.include?(key)
+        end
+
+        check_title(file, value['title']) unless value['title'].nil?
+        check_description(file, value['description']) unless value['description'].nil?
+        check_controls(file, value['controls']) unless value['controls'].nil?
+        check_identifiers(file, value['identifiers']) unless value['identifiers'].nil?
+        check_oval_ids(file, value['oval-ids']) unless value['oval-ids'].nil?
+        check_confine(file, value['confine']) unless value['confine'].nil?
+        check_imported_data(file, value['imported_data']) unless value['imported_data'].nil?
+      end
+    end
+
+    def check_type(file, check, data)
+      @warnings << "Unknown type '#{data}' found in #{file} (check '#{check}')." unless data == 'puppet-class-parameter'
+    end
+
+    def check_settings(file, check, data)
+      ok = ['parameter', 'value']
+
+      data.keys.each do |key|
+        @warnings << "Unexpected key '#{key}' found in #{file} (check '#{check}')." unless ok.include?(key)
+      end
+    end
+
+    def check_check_ces(file, data)
+      @warnings << "Bad ces #{data} in #{file}." unless data.is_a?(Array)
+
+      data.each do |key|
+        @warnings << "Bad ce #{key} in #{file}." unless key.is_a?(String)
+      end
+    end
+
+    def check_checks(file, data)
+      ok = [
+        'type',
+        'settings',
+        'controls',
+        'identifiers',
+        'oval-ids',
+        'ces',
+        'confine',
+      ]
+
+      data.each do |check, value|
+        value.keys.each do |key|
+          @warnings << "Unexpected key '#{key}' found in #{file} (check '#{check}')." unless ok.include?(key)
+        end
+
+        check_type(file, check, value['type']) if value['type']
+        check_settings(file, check, value['settings']) if value['settings']
+        check_controls(file, value['controls']) unless value['controls'].nil?
+        check_identifiers(file, value['identifiers']) unless value['identifiers'].nil?
+        check_oval_ids(file, value['oval-ids']) unless value['oval-ids'].nil?
+        check_check_ces(file, value['ces']) unless value['ces'].nil?
+        check_confine(file, value['confine']) unless value['confine'].nil?
+      end
+    end
+
+    def lint(file, data)
+      check_version(file, data)
+      check_keys(file, data)
+
+      check_profiles(file, data['profiles']) if data['profiles']
+      check_ce(file, data['ce']) if data['ce']
+      check_checks(file, data['checks']) if data['checks']
+    end
+  end
+end

lib/scelint/version.rb

@@ -0,0 +1,3 @@
+module Scelint
+  VERSION = "0.1.0"
+end

scelint.gemspec

@@ -0,0 +1,28 @@
+require_relative 'lib/scelint/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "scelint"
+  spec.version       = Scelint::VERSION
+  spec.authors       = ["Steven Pritchard"]
+  spec.email         = ["[email protected]"]
+  spec.license       = 'Apache-2.0'
+
+  spec.summary       = %q{Linter SIMP Compliance Engine data}
+  spec.homepage      = "https://github.com/silug/rubygem-simp-scelint"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'deep_merge'
+end