Remove legacy V and SV identifiers from the CCI tags in xccdf2inspec

mitre · Mar 16, 2021 · 29d4a56 · 29d4a56
1 parent 2a363f9
commit 29d4a56
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/lib/happy_mapper_tools/stig_attributes.rb b/lib/happy_mapper_tools/stig_attributes.rb
@@ -77,6 +77,15 @@ class ReferenceInfo
       element :dc_identifier, String, tag: 'identifier', namespace: 'dc'
     end
 
+    class Ident
+      include HappyMapper
+      attr_accessor :legacy
+      attr_accessor :cci
+      tag 'ident'
+      attribute :system, String, tag: 'system'
+      content :ident, String
+    end
+
     class Rule
       include HappyMapper
       tag 'Rule'
@@ -87,7 +96,7 @@ class Rule
       element :title, String, tag: 'title'
       has_one :description, Description, tag: 'description'
       element :reference, ReferenceInfo, tag: 'reference'
-      has_many :idents, String, tag: 'ident'
+      has_many :idents, Ident, tag: 'ident'
       element :fixtext, String, tag: 'fixtext'
       has_one :fix, Fix, tag: 'fix'
       has_one :check, Check, tag: 'check'

diff --git a/lib/inspec_tools/xccdf.rb b/lib/inspec_tools/xccdf.rb
@@ -17,7 +17,7 @@ def initialize(xccdf, replace_tags = nil)
       @xccdf = replace_tags_in_xccdf(replace_tags, @xccdf) unless replace_tags.nil?
       cci_list_path = File.join(File.dirname(__FILE__), '../data/U_CCI_List.xml')
       @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read(cci_list_path))
-      # @cci_items = HappyMapperTools::CCIAttributes::CCI_List.parse(File.read('./data/U_CCI_List.xml'))
+      register_after_parse_callbacks
       @benchmark = HappyMapperTools::StigAttributes::Benchmark.parse(@xccdf)
     end
 
@@ -89,6 +89,14 @@ def inject_metadata(metadata = '{}')
 
     private
 
+    def register_after_parse_callbacks
+      # Determine if the parsed Ident is refrencing a legacy ID number.
+      HappyMapperTools::StigAttributes::Ident.after_parse do |object|
+        object.legacy = object.system.eql?('http://cyber.mil/legacy')
+        object.cci = object.system.eql?('http://cyber.mil/cci')
+      end
+    end
+
     def replace_tags_in_xccdf(replace_tags, xccdf_xml)
       replace_tags.each do |tag|
         xccdf_xml = xccdf_xml.gsub(/(&lt;|<)#{tag}(&gt;|>)/, "$#{tag}")
@@ -133,8 +141,8 @@ def insert_controls
         control['tags']['rid'] = group.rule.id
         control['tags']['stig_id'] = group.rule.version
         control['tags']['fix_id'] = group.rule.fix.id
-        control['tags']['cci'] = group.rule.idents
-        control['tags']['nist'] = @cci_items.fetch_nists(group.rule.idents)
+        control['tags']['cci'] = group.rule.idents.select { |i| i.cci }.map { |i| i.ident }
+        control['tags']['nist'] = @cci_items.fetch_nists(control['tags']['cci'])
         control['tags']['false_negatives'] = group.rule.description.false_negatives if group.rule.description.false_negatives != ''
         control['tags']['false_positives'] = group.rule.description.false_positives if group.rule.description.false_positives != ''
         control['tags']['documentable'] = group.rule.description.documentable if group.rule.description.documentable != ''