Merge pull request #3073 from mitre/inspec_profile_auto_generated_readme

Agnostic profile controls readme generation
mitre · Nov 25, 2024 · 27f8a8a · 27f8a8a
2 parents 27170dc + fcf657a
commit 27f8a8a
Show file tree

Hide file tree

Showing 6 changed files with 167 additions and 90 deletions.
diff --git a/README.md b/README.md
@@ -1433,13 +1433,14 @@ See the wiki for more information on 👉 [template files](https://github.com/mi
 validate threshold            Validate the compliance and status counts of an HDF file
 
   USAGE
-    $ saf validate threshold -i <hdf-json> [-h] [-T <flattened-threshold-json> | -F <template-file>]
+    $ saf validate threshold -i <hdf-json> [-I <flattened-threshold-json> | -T <template-file>] [-h] [-L info|warn|debug|verbose]
 
   FLAGS
-    -F, --templateFile=<template-file>                Expected data template, generate one with "saf generate threshold"
-    -T, --templateInline=<flattened-threshold-json>   Flattened JSON containing your validation thresholds
-                                                      (Intended for backwards compatibility with InSpec Tools)
-    -i, --input=<hdf-json>                            (required) Input HDF JSON File
+    -i, --input=<value>           (required) The HDF JSON File to be validated by the threshold values   
+    -T, --templateFile=<value>    A threshold YAML file containing expected threshold values.
+                                  Generate it using the "saf generate threshold" command
+    -I, --templateInline=<value>  An inline (on the command line) flattened JSON containing the validation
+                                  thresholds (Intended for backwards compatibility with InSpec Tools)
 
   GLOBAL FLAGS
     -h, --help               Show CLI help
@@ -1448,7 +1449,12 @@ validate threshold            Validate the compliance and status counts of an HD
         --interactive        Collect input tags interactively (not available on all CLI commands)
 
   EXAMPLES
-    $ saf validate threshold -i rhel7-results.json -F output.yaml
+    Providing a threshold template file
+      $ saf validate threshold -i rhel7-results.json -T threshold.yaml
+    
+    Specifying the threshold inline
+      $ saf validate threshold -i rhel7-results.json -I "{compliance.min: 80}, {passed.total.min: 18}, {failed.total.max: 2}"
+
 ```
 
 [top](#validate-hdf-thresholds)
@@ -1619,7 +1625,7 @@ EXAMPLES
 [top](#generate-data-reports-and-more)
 #### Thresholds
 
-Threshold files are used in CI to ensure minimum compliance levels and validate control severities and statuses using `saf validate threshold`
+Threshold files are used in Continious Integration (CI) to ensure minimum compliance levels and validate control severities and statuses using `saf validate threshold`
 
 See the wiki for more information on 👉 [template files](https://github.com/mitre/saf/wiki/Validation-with-Thresholds).
 

diff --git a/src/commands/generate/delta.ts b/src/commands/generate/delta.ts
@@ -47,36 +47,37 @@ export default class GenerateDelta extends BaseCommand<typeof GenerateDelta> {
   static description = 'Update an existing InSpec profile with updated XCCDF guidance'
 
   static flags = {
-    inspecJsonFile: Flags.string({char: 'J', required: false, exclusive: ['interactive'],
-      description: '\x1B[31m(required if not --interactive)\x1B[34m Input execution/profile (list of controls the delta is being applied from) JSON file - can be generated using the "inspec json <profile path> | jq . > profile.json" command'}),
-    xccdfXmlFile: Flags.string({char: 'X', required: false, exclusive: ['interactive'],
-      description: '\x1B[31m(required if not --interactive)\x1B[34m The XCCDF XML file containing the new guidance - in the form of .xml file'}),
-    deltaOutputDir: Flags.string({char: 'o', required: false, exclusive: ['interactive'],
+    inspecJsonFile: Flags.string({
+      char: 'J', required: false, exclusive: ['interactive'],
+      description: '\x1B[31m(required if not --interactive)\x1B[34m Input execution/profile (list of controls the delta is being applied from) JSON file - can be generated using the "inspec json <profile path> | jq . > profile.json" command',
+    }),
+    xccdfXmlFile: Flags.string({
+      char: 'X', required: false, exclusive: ['interactive'],
+      description: '\x1B[31m(required if not --interactive)\x1B[34m The XCCDF XML file containing the new guidance - in the form of .xml file',
+    }),
+    deltaOutputDir: Flags.string({
+      char: 'o', required: false, exclusive: ['interactive'],
       description: '\x1B[31m(required if not --interactive)\x1B[34m The output folder for the updated profile (will contain the controls that delta was applied too) - if it is not empty, it will be overwritten. Do not use the original controls directory'}),
-    ovalXmlFile: Flags.string({char: 'O', required: false, exclusive: ['interactive'],
+    ovalXmlFile: Flags.string({
+      char: 'O', required: false, exclusive: ['interactive'],
       description: 'The OVAL XML file containing definitions used in the new guidance - in the form of .xml file'}),
-    reportFile: Flags.string({char: 'r', required: false, exclusive: ['interactive'],
+    reportFile: Flags.string({
+      char: 'r', required: false, exclusive: ['interactive'],
       description: 'Output markdown report file - must have an extension of .md'}),
     idType: Flags.string({
-      char: 'T',
-      required: false,
-      exclusive: ['interactive'],
-      default: 'rule',
-      options: ['rule', 'group', 'cis', 'version'],
+      char: 'T', required: false, exclusive: ['interactive'],
+      default: 'rule', options: ['rule', 'group', 'cis', 'version'],
       description: "Control ID Types: 'rule' - Vulnerability IDs (ex. 'SV-XXXXX'), 'group' - Group IDs (ex. 'V-XXXXX'), 'cis' - CIS Rule IDs (ex. C-1.1.1.1), 'version' - Version IDs (ex. RHEL-07-010020 - also known as STIG IDs)",
     }),
     // New flag -M for whether to try mapping controls to new profile
     runMapControls: Flags.boolean({
-      char: 'M',
-      required: false,
+      char: 'M', required: false,
       exclusive: ['interactive'],
       dependsOn: ['controlsDir'],
       description: 'Run the approximate string matching process',
     }),
     controlsDir: Flags.string({
-      char: 'c',
-      required: false,
-      exclusive: ['interactive'],
+      char: 'c', required: false, exclusive: ['interactive'],
       description: 'The InSpec profile directory containing the controls being updated (controls Delta is processing)'}),
   }