147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
|
# File 'lib/happy_mapper_tools/stig_attributes.rb', line 147
def self.apply(value) value = value.gsub('&', 'and')
DescriptionDetails.parse "<Details>#{value}</Details>"
rescue Nokogiri::XML::SyntaxError
allowed_tags = %w{VulnDiscussion FalsePositives FalseNegatives Documentable
Mitigations SeverityOverrideGuidance PotentialImpacts
PotentialImpacts ThirdPartyTools MitigationControl
Responsibility IAControls}
tags_found = value.scan(%r{(?<=<)([^\/]*?)((?= \/>)|(?=>))}).to_a
tags_found = tags_found.uniq.flatten.reject!(&:empty?)
offending_tags = tags_found - allowed_tags
if offending_tags.count > 1
puts "\n\nThe non-standard tags: #{offending_tags.to_s.colorize(:red)}" \
' were found in: ' + "\n\n#{value}"
else
puts "\n\nThe non-standard tag: #{offending_tags.to_s.colorize(:red)}" \
' was found in: ' + "\n\n#{value}"
end
puts "\n\nPlease:\n "
option_one = '(1) ' + '(best)'.colorize(:green) + ' Use the ' +
'`-r --replace-tags array` '.colorize(:light_yellow) +
'(case sensitive) option to replace the offending tags ' \
'during processing of the XCCDF ' \
'file to use the ' +
"`$#{offending_tags[0]}` " .colorize(:light_green) +
'syntax in your InSpec profile.'
option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
'elements within ' +
'`<`,`>`, `<` '.colorize(:red) +
'or '.colorize(:default) +
'`>` '.colorize(:red) +
'as "placeholders", and use something that doesn\'t confuse ' \
'the XML parser, such as : ' +
"`$#{offending_tags[0]}`" .colorize(:light_green)
puts option_one
puts "\n"
puts option_two
end
|