Inspec_tools Bucketing deviation from heimdall

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data

https://inspec-tools.mitre.org/

Other

92 stars 30 forks source link

Inspec_tools Bucketing deviation from heimdall #224

Closed rx294 closed 3 years ago

rx294 commented 3 years ago

Found a deviation between Inspec_Tools summary bucketing and heimdall bucketing of controls…

Inspec_Tools summary does not report errors correctly

Control should be marked profile error if atleast one of the status is an error….current version does not do that
Empty results block should be reported as profile errors …. current version does not do that

rx294 commented 3 years ago

Fixed code from

https://github.com/mitre/inspec_tools/blob/master/lib/utilities/inspec_util.rb#L98-L112

    def self.control_status(control, for_summary = false)
      status_list = control[:status].uniq
      if control[:impact].to_f.zero?
        'Not_Applicable'
      elsif (status_list.include?('error') || status_list.empty?) && for_summary
        'Profile_Error'
      elsif status_list.include?('failed')
        'Open'
      elsif status_list.include?('passed')
        'NotAFinding'
      else
        # profile skipped or profile error
        'Not_Reviewed'
      end
    end