Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: initial lula report #599

Merged
merged 37 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
95568b1
initial command
CloudBeard Aug 5, 2024
3f7bb0c
initial command
CloudBeard Aug 9, 2024
d1543fb
initial report - still wip
CloudBeard Aug 12, 2024
0ea6bde
still wip, need to pull controls from catalog and profile to do math …
CloudBeard Aug 14, 2024
8027410
added report doc
CloudBeard Aug 19, 2024
b10e5ff
refactored to test main function, added test and test data
CloudBeard Sep 18, 2024
bba7581
Merge branch 'main' into initial-lula-report
CloudBeard Sep 18, 2024
e793cd1
Merge branch 'main' into initial-lula-report
CloudBeard Sep 24, 2024
3227f7b
update tests
CloudBeard Sep 25, 2024
6296154
re run doc generation
CloudBeard Sep 25, 2024
d707143
fix e2e test
CloudBeard Sep 27, 2024
9371ff8
removed failed case, its covered in unit test for the function itself
CloudBeard Sep 27, 2024
ee25f9f
add compose to handleComponentDefinittion
CloudBeard Sep 30, 2024
9d58163
update e2e test file to contain validations
CloudBeard Sep 30, 2024
ddd7fa8
Merge branch 'main' into initial-lula-report
CloudBeard Sep 30, 2024
60827db
extra space?
CloudBeard Sep 30, 2024
b4430e5
chore: empty commit to re-run CI
CloudBeard Sep 30, 2024
1862398
update report structure
CloudBeard Oct 2, 2024
07e630a
update go fmt
CloudBeard Oct 3, 2024
79a034b
Merge branch 'main' of /~https://github.com/defenseunicorns/lula into i…
CloudBeard Oct 8, 2024
09592ac
still wip need to fix to work with new compose
CloudBeard Oct 8, 2024
c363e45
updated compose calls
CloudBeard Oct 10, 2024
df8a3cd
update to table function and I think fixed e2e tests to match
CloudBeard Oct 10, 2024
baf8f91
Merge branch 'main' into initial-lula-report
CloudBeard Oct 10, 2024
5698e54
Merge branch 'main' into initial-lula-report
CloudBeard Oct 11, 2024
6047d8c
Merge branch 'main' into initial-lula-report
CloudBeard Nov 22, 2024
30ce424
fix(report): pair with andy on consolidating logic
brandtkeller Nov 23, 2024
6e92274
remove golden files and clean up test
CloudBeard Dec 4, 2024
a37ef5a
Merge branch 'main' into initial-lula-report
CloudBeard Dec 4, 2024
9829b37
updated lint/gosec errors
CloudBeard Dec 4, 2024
c704cc9
Merge branch 'main' into initial-lula-report
CloudBeard Dec 6, 2024
2f19489
dropped un-needed test and fix oscal types
CloudBeard Dec 6, 2024
5202d0d
Merge branch 'main' into initial-lula-report
CloudBeard Dec 13, 2024
9e15079
fix tests
CloudBeard Dec 13, 2024
5ca9232
Merge branch 'main' into initial-lula-report
CloudBeard Dec 13, 2024
0f18665
Merge branch 'main' into initial-lula-report
CloudBeard Dec 15, 2024
88939a1
Merge branch 'main' into initial-lula-report
brandtkeller Dec 18, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/cli-commands/lula.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Real Time Risk Transparency through automated validation
* [lula dev](./lula_dev.md) - Collection of dev commands to make dev life easier
* [lula evaluate](./lula_evaluate.md) - evaluate two results of a Security Assessment Results
* [lula generate](./lula_generate.md) - Generate a specified compliance artifact template
* [lula report](./lula_report.md) - Build a compliance report
* [lula tools](./lula_tools.md) - Collection of additional commands to make OSCAL easier
* [lula validate](./lula_validate.md) - validate an OSCAL component definition
* [lula version](./lula_version.md) - Shows the current version of the Lula binary
Expand Down
46 changes: 46 additions & 0 deletions docs/cli-commands/lula_report.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
title: lula report
description: Lula CLI command reference for <code>lula report</code>.
type: docs
---
## lula report

Build a compliance report

```
lula report [flags]
```

### Examples

```

To create a new report:
lula report -f oscal-component-definition.yaml

To create a new report in json format:
lula report -f oscal-component-definition.yaml --file-format json

To create a new report in yaml format:
lula report -f oscal-component-definition.yaml --file-format yaml

```

### Options

```
--file-format string File format of the report (default "table")
-h, --help help for report
-f, --input-file string Path to an OSCAL file
```

### Options inherited from parent commands

```
-l, --log-level string Log level when running Lula. Valid options are: warn, info, debug, trace (default "info")
```

### SEE ALSO

* [lula](./lula.md) - Risk Management as Code

6 changes: 0 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -58,16 +58,10 @@ github.com/charmbracelet/bubbletea v1.1.1 h1:KJ2/DnmpfqFtDNVTvYZ6zpPFL9iRCRr0qqK
github.com/charmbracelet/bubbletea v1.1.1/go.mod h1:9Ogk0HrdbHolIKHdjfFpyXJmiCzGwy+FesYkZr7hYU4=
github.com/charmbracelet/lipgloss v0.13.0 h1:4X3PPeoWEDCMvzDvGmTajSyYPcZM4+y8sCA/SsA3cjw=
github.com/charmbracelet/lipgloss v0.13.0/go.mod h1:nw4zy0SBX/F/eAO1cWdcvy6qnkDUxr8Lw7dvFrAIbbY=
github.com/charmbracelet/x/ansi v0.2.3 h1:VfFN0NUpcjBRd4DnKfRaIRo53KRgey/nhOoEqosGDEY=
github.com/charmbracelet/x/ansi v0.2.3/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
github.com/charmbracelet/x/ansi v0.3.2 h1:wsEwgAN+C9U06l9dCVMX0/L3x7ptvY1qmjMwyfE6USY=
github.com/charmbracelet/x/ansi v0.3.2/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
github.com/charmbracelet/x/exp/golden v0.0.0-20240815200342-61de596daa2b h1:MnAMdlwSltxJyULnrYbkZpp4k58Co7Tah3ciKhSNo0Q=
github.com/charmbracelet/x/exp/golden v0.0.0-20240815200342-61de596daa2b/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
github.com/charmbracelet/x/exp/golden v0.0.0-20240919170804-a4978c8e603a h1:IUy+N6nKpGfijckOe8KGnAQwBUT6xz63n3tbb0Gy8aY=
github.com/charmbracelet/x/exp/golden v0.0.0-20240919170804-a4978c8e603a/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
github.com/charmbracelet/x/exp/teatest v0.0.0-20240918160051-227168dc0568 h1:MWPyZsxZMe/oKhkt5j34zAba/2nXOxWuf3CvQqO8SDA=
github.com/charmbracelet/x/exp/teatest v0.0.0-20240918160051-227168dc0568/go.mod h1:NDRRSMP6bZbCs4jyc4i1/4UG4M+0PEiQdpivQgD0Mio=
github.com/charmbracelet/x/exp/teatest v0.0.0-20240919170804-a4978c8e603a h1:sS42HbmCab8rCehUwNO/bQEZQoJ6GavhZyO+245mBwA=
github.com/charmbracelet/x/exp/teatest v0.0.0-20240919170804-a4978c8e603a/go.mod h1:NDRRSMP6bZbCs4jyc4i1/4UG4M+0PEiQdpivQgD0Mio=
github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=
Expand Down
294 changes: 294 additions & 0 deletions src/cmd/report/report.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,294 @@
package report
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved

import (
"encoding/json"
"fmt"
"os"
"strings"

oscalTypes_1_1_2 "github.com/defenseunicorns/go-oscal/src/types/oscal-1-1-2"
"github.com/defenseunicorns/lula/src/pkg/common/composition"
"github.com/defenseunicorns/lula/src/pkg/common/network"
"github.com/defenseunicorns/lula/src/pkg/common/oscal"
"github.com/defenseunicorns/lula/src/pkg/message"
"github.com/spf13/cobra"
"gopkg.in/yaml.v3"
)

type flags struct {
InputFile string // -f --input-file
FileFormat string // --file-format
}

type ReportData struct {
ComponentDefinition *ComponentDefinitionReportData `json:"componentDefinition,omitempty" yaml:"componentDefinition,omitempty"`
}

type ComponentDefinitionReportData struct {
Title string `json:"title" yaml:"title"`
ControlIDBySource map[string]int `json:"control ID mapped" yaml:"control ID mapped"`
ControlIDByFramework map[string]int `json:"controlIDFramework" yaml:"controlIDFramework"`
}

var opts = &flags{}

var reportHelp = `
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
To create a new report:
lula report -f oscal-component-definition.yaml

To create a new report in json format:
lula report -f oscal-component-definition.yaml --file-format json

To create a new report in yaml format:
lula report -f oscal-component-definition.yaml --file-format yaml
`

var reportCmd = &cobra.Command{
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
Use: "report",
Hidden: false,
Aliases: []string{"r"},
Short: "Build a compliance report",
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
Example: reportHelp,
Run: func(_ *cobra.Command, args []string) {
// Call the core logic for generating the report
err := GenerateReport(opts.InputFile, opts.FileFormat)
if err != nil {
message.Fatal(err, "error running report")
}
},
}

// Runs the logic of report generation
func GenerateReport(inputFile string, fileFormat string) error {
spinner := message.NewProgressSpinner("Fetching or reading file %s", inputFile)
getOSCALModelsFile, err := fetchOrReadFile(inputFile)
if err != nil {
spinner.Fatalf(fmt.Errorf("failed to get OSCAL file: %v", err), "failed to get OSCAL file")
}
spinner.Success()

spinner = message.NewProgressSpinner("Reading OSCAL model from file")
oscalModel, err := oscal.NewOscalModel(getOSCALModelsFile)
if err != nil {
spinner.Fatalf(fmt.Errorf("failed to read OSCAL Model data: %v", err), "failed to read OSCAL Model")
}
spinner.Success()

err = handleOSCALModel(oscalModel, fileFormat)
if err != nil {
return err
}

return nil
}

func ReportCommand() *cobra.Command {
reportFlags()
return reportCmd
}

func reportFlags() {
reportFlags := reportCmd.PersistentFlags()
reportFlags.StringVarP(&opts.InputFile, "input-file", "f", "", "Path to an OSCAL file")
reportFlags.StringVar(&opts.FileFormat, "file-format", "table", "File format of the report")
reportCmd.MarkPersistentFlagRequired("input-file")
}

func fetchOrReadFile(source string) ([]byte, error) {
if isURL(source) {
spinner := message.NewProgressSpinner("Fetching data from URL: %s", source)
defer spinner.Stop()
data, err := network.Fetch(source)
if err != nil {
spinner.Fatalf(err, "failed to fetch data from URL")
}
spinner.Success()
return data, nil
}
spinner := message.NewProgressSpinner("Reading file: %s", source)
defer spinner.Stop()
data, err := os.ReadFile(source)
if err != nil {
spinner.Fatalf(err, "failed to read file")
}
spinner.Success()
return data, nil
}

// Processes an OSCAL Model based on the model type
func handleOSCALModel(oscalModel *oscalTypes_1_1_2.OscalModels, format string) error {
// Start a new spinner for the report generation process
spinner := message.NewProgressSpinner("Determining OSCAL model type")
modelType, err := oscal.GetOscalModel(oscalModel)
if err != nil {
spinner.Fatalf(fmt.Errorf("unable to determine OSCAL model type: %v", err), "unable to determine OSCAL model type")
return err
}

switch modelType {
case "catalog", "profile", "assessment-plan", "assessment-results", "system-security-plan", "poam":
// If the model type is not supported, stop the spinner with a warning
spinner.Warnf("reporting does not create reports for %s at this time", modelType)
return fmt.Errorf("reporting does not create reports for %s at this time", modelType)

case "component":
spinner.Updatef("Composing Component Definition")
err := composition.ComposeComponentDefinitions(oscalModel.ComponentDefinition)
if err != nil {
spinner.Fatalf(fmt.Errorf("failed to compose component definitions: %v", err), "failed to compose component definitions")
return err
}

spinner.Updatef("Processing Component Definition")
// Process the component-definition model
err = handleComponentDefinition(oscalModel.ComponentDefinition, format)
if err != nil {
// If an error occurs, stop the spinner and display the error
spinner.Fatalf(err, "failed to process component-definition model")
return err
}

default:
// For unknown model types, stop the spinner with a failure
spinner.Fatalf(fmt.Errorf("unknown OSCAL model type: %s", modelType), "failed to process OSCAL file")
return fmt.Errorf("unknown OSCAL model type: %s", modelType)
}

spinner.Success()
message.Info(fmt.Sprintf("Successfully processed OSCAL model: %s", modelType))
return nil
}

// Handler for Component Definition OSCAL files to create the report
func handleComponentDefinition(componentDefinition *oscalTypes_1_1_2.ComponentDefinition, format string) error {
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
spinner := message.NewProgressSpinner("composing component definitions")

err := composition.ComposeComponentDefinitions(componentDefinition)
if err != nil {
spinner.Fatalf(fmt.Errorf("failed to compose component definitions: %v", err), "failed to compose component definitions")
return err
}

spinner.Success() // Mark the spinner as successful before moving forward

controlMap := oscal.FilterControlImplementations(componentDefinition)
extractedData := ExtractControlIDs(controlMap)
extractedData.Title = componentDefinition.Metadata.Title

report := ReportData{
ComponentDefinition: extractedData,
}

message.Info("Generating report...")
return PrintReport(report, format)
}

// Gets the unique Control IDs from each source and framework in the OSCAL Component Definition
func ExtractControlIDs(controlMap map[string][]oscalTypes_1_1_2.ControlImplementationSet) *ComponentDefinitionReportData {
sourceMap, frameworkMap := SplitControlMap(controlMap)

sourceControlIDs := make(map[string]int)
for source, controlMap := range sourceMap {
total := 0
for _, count := range controlMap {
total += count
}
sourceControlIDs[source] = total
}

aggregatedFrameworkCounts := make(map[string]int)
for framework, controlCounts := range frameworkMap {
total := 0
for _, count := range controlCounts {
total += count
}
aggregatedFrameworkCounts[framework] = total
}

return &ComponentDefinitionReportData{
ControlIDBySource: sourceControlIDs,
ControlIDByFramework: aggregatedFrameworkCounts,
}
}

// Split the default controlMap into framework and source maps for further processing
func SplitControlMap(controlMap map[string][]oscalTypes_1_1_2.ControlImplementationSet) (sourceMap map[string]map[string]int, frameworkMap map[string]map[string]int) {
sourceMap = make(map[string]map[string]int)
frameworkMap = make(map[string]map[string]int)

for key, implementations := range controlMap {
if isURL(key) {
if _, exists := sourceMap[key]; !exists {
sourceMap[key] = make(map[string]int)
}
for _, controlImplementation := range implementations {
for _, implementedReq := range controlImplementation.ImplementedRequirements {
controlID := implementedReq.ControlId
sourceMap[key][controlID]++
}
}
} else {
if _, exists := frameworkMap[key]; !exists {
frameworkMap[key] = make(map[string]int)
}
for _, controlImplementation := range implementations {
for _, implementedReq := range controlImplementation.ImplementedRequirements {
controlID := implementedReq.ControlId
frameworkMap[key][controlID]++
}
}
}
}

return sourceMap, frameworkMap
}

// Helper to determine if the controlMap source is a URL
func isURL(str string) bool {
return strings.HasPrefix(str, "http://") || strings.HasPrefix(str, "https://")
}

func PrintReport(data ReportData, format string) error {
brandtkeller marked this conversation as resolved.
Show resolved Hide resolved
if format == "table" {
// Use the message package for printing table data
message.Infof("Title: %s", data.ComponentDefinition.Title)

// Print the Control ID By Source as a table
message.Info("\nControl Source | Number of Controls")
message.Info(strings.Repeat("-", 60))

for source, count := range data.ComponentDefinition.ControlIDBySource {
message.Infof("%-40s | %-15d", source, count)
}

// Print the Control ID By Framework as a table
message.Info("\nFramework | Number of Controls")
message.Info(strings.Repeat("-", 40))

for framework, count := range data.ComponentDefinition.ControlIDByFramework {
message.Infof("%-20s | %-15d", framework, count)
}

} else {
var err error
var fileData []byte

if format == "yaml" {
message.Info("Generating report in YAML format...")
fileData, err = yaml.Marshal(data)
if err != nil {
message.Fatal(err, "Failed to marshal data to YAML")
}
} else {
message.Info("Generating report in JSON format...")
fileData, err = json.MarshalIndent(data, "", " ")
if err != nil {
message.Fatal(err, "Failed to marshal data to JSON")
}
}

message.Info(string(fileData))
}

return nil
}
Loading