-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
135 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| --- | ||
| order: 12 | ||
| title: 12. Next Steps | ||
| next: 13.md | ||
| author: Emily | ||
| headerDepth: 3 | ||
| --- | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| order: 13 | ||
| title: 13. Delta | ||
| author: Daniel | ||
| headerDepth: 3 | ||
| --- | ||
|
|
||
| ## Testing |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| --- | ||
| order: 25 | ||
| next: 26.md | ||
| title: InSpec Delta - Laying the Ground for a Clean Release Branch | ||
| shortTitle: Delta - Prep & Setup | ||
| author: Aaron Lippold | ||
| --- | ||
|
|
||
| ## InSpec Delta | ||
|
|
||
| ### Preparing the Profile Before Running Delta | ||
|
|
||
| Before running Delta, it's beneficial to format the profile to match the format Delta will use. This minimizes changes to only those necessary based on the guidance update. Follow these steps: | ||
|
|
||
| 1. **Run Cookstyle:** Install the Cookstyle gem and use it to lint the controls into Cookstyle format. Verify the gem installation with `gem list cookstyle`. Create a `.rubocop.yml` file with the provided example settings or modify these settings via the command line. Run `cookstyle -a ./controls` and any tests you have for your profile. | ||
|
|
||
| ```shell | ||
| AllCops: | ||
| Exclude: | ||
| - "libraries/**/*" | ||
|
|
||
| Layout/LineLength: | ||
| Max: 1000 | ||
| AllowURI: true | ||
| IgnoreCopDirectives: true | ||
|
|
||
| Naming/FileName: | ||
| Enabled: false | ||
|
|
||
| Metrics/BlockLength: | ||
| Max: 400 | ||
|
|
||
| Lint/ConstantDefinitionInBlock: | ||
| Enabled: false | ||
|
|
||
| # Required for Profiles as it can introduce profile errors | ||
| Style/NumericPredicate: | ||
| Enabled: false | ||
|
|
||
| Style/WordArray: | ||
| Description: "Use %w or %W for an array of words. (https://rubystyle.guide#percent-w)" | ||
| Enabled: false | ||
|
|
||
| Style/RedundantPercentQ: | ||
| Enabled: true | ||
|
|
||
| Style/NestedParenthesizedCalls: | ||
| Enabled: false | ||
|
|
||
| Style/TrailingCommaInHashLiteral: | ||
| Description: "https://docs.rubocop.org/rubocop/cops_style.html#styletrailingcommainhashliteral" | ||
| Enabled: true | ||
| EnforcedStyleForMultiline: no_comma | ||
|
|
||
| Style/TrailingCommaInArrayLiteral: | ||
| Enabled: true | ||
| EnforcedStyleForMultiline: no_comma | ||
|
|
||
| Style/BlockDelimiters: | ||
| Enabled: false | ||
|
|
||
| Lint/AmbiguousBlockAssociation: | ||
| Enabled: false | ||
| ``` | ||
|
|
||
| 2. **Run the SAF CLI Command:** Use `saf generate update_controls4delta` to check and update the control IDs with the provided XCCDF guidance. This process checks if the new guidance changes the control numbers and updates them if necessary. This minimizes the Delta output content and improves the visualization of the modifications provided by the Delta process. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| --- | ||
| order: 26 | ||
| next: 27.md | ||
| title: InSpec Delta - Making the Delta Release Branch | ||
| shortTitle: Delta - Making your Branch | ||
| author: Aaron Lippold | ||
| --- | ||
|
|
||
| ## Prepair Your Environment | ||
|
|
||
| - **Download New Guidance:** Download the appropriate profile from the [DISA Document Library](https://public.cyber.mil/stigs/downloads/). Unzip the downloaded folder and identify the `<name>xccdf.xml` file. | ||
| - **Create the InSpec Profile JSON File:** Clone or download the InSpec profile locally. Run the `inspec json` command to create the InSpec Profile JSON file to be used in the `saf generate delta` command. | ||
|
|
||
| ## Delta Workflow Process | ||
|
|
||
|  | ||
|
|
||
| ## Using Delta | ||
|
|
||
| The SAF InSpec Delta workflow typically involves two phases, `preformatting` and `delta`. | ||
|
|
||
| Before starting, ensure you have the latest SAF-CLI, the InSpec Profile JSON file, and the updated guidance file. | ||
|
|
||
| 1. **Preformat the Source Profile:** Before running the Delta command, preformat your source profile (usually the Patch Release profile) using the `saf generate update_controls4delta` command. This prepares the profile for the Delta process. | ||
| 2. **Run the Delta Command:** Execute `saf generate delta [arguments]` to start the Delta process. | ||
|
|
||
| For more information on these commands, refer to the following documentation: | ||
|
|
||
| - [update_controls4delta](https://saf-cli.mitre.org/#delta-supporting-options) | ||
| - [saf generate delta](https://saf-cli.mitre.org/#delta) | ||
|
|
||
| ## Scope of Changes by Delta | ||
|
|
||
| Delta focuses on specific modifications migrating the changes from the XCCDF Benchmark Rules to the Profiles controls, and updating the 'metadata' of each of thosin the `control ID`, `title`, `default desc`, `check text`, and `fix text`, between the XCCDF Benchmark Rules and the Profile Controls. | ||
|
|
||
| If the XCCDF Guidance Document introduces a new 'Rule' or `inspec control` that is not in the current profile's `controls` directory, Delta will add it to the controls directory, populating the metadata from the XCCDF Benchmark data, similar to the [inspec_profile](#inspec-profile) (aliases xccdf-benchmark-to-inspec-stubs) tool. | ||
|
|
||
| It also adjusts the `tags` and introduces a `ref` between the `impact` and `tags`. | ||
|
|
||
| Delta does not modify the Ruby/InSpec code within the control, leaving it intact. Instead, it updates the 'control metadata' using the information from the supplied XCCDF guidance document. This applies to 'matched controls' between the XCCDF Guidance Document and the InSpec profile. | ||
|
|
||
| ### Further InSpec Delta Information and Background | ||
|
|
||
| - The original Delta branch can be found [here](https://github.com/mitre/saf/pull/485). | ||
| - Delta moves lines not labeled with 'desc' to the bottom, between tags and InSpec code. | ||
| - Whether the controls are formatted to be 80 lines or not, Delta exhibits the same behavior with the extra text. | ||
| - Parameterizing should be considered. |