consider how to convert impact 0 to Severity in inspec2ckl

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data

https://inspec-tools.mitre.org/

Other

92 stars 30 forks source link

consider how to convert impact 0 to Severity in inspec2ckl #60

Closed samcornwell closed 4 years ago

samcornwell commented 5 years ago

Right now we are leaving out the Severity blank in Checklist files if the control impact is 0. In writing controls, we change the original impact to 0 if it is Not Applicable. We should re-evaluate if we want to try to parse out the original control severity for Not Applicable controls, do something else, or leave the Severity blank.

Bialogs commented 4 years ago

Recently we updated the InspecUtils#string_to_impact and InspecUtils#float_to_impact methods and this did not come up as a consideration.

If it comes back up we can take a look at the "Do something else" portion because we ported over the InspecUtils#get_impact_string method and can manipulate what is returned in certain cases more easily.