to_xccdf: Enable STIGViewer support for automatic CCI descriptions. (#222)

* XCCDF ident elements with CCI values should use a cyber.mil/cci system attribute to display correctly in STIG Viewer.

* inspec2xccdf: Add support for Legacy IDs in the DISA STIGViewer.

* to_xccdf: refactored ident system logic for CCIs into the Ident constructor

Signed-off-by: Jarod Neuner <jarod@neuner.us>

Co-authored-by: Kyle <Bialogs@users.noreply.github.com>

Author: janeuner

lib/happy_mapper_tools/benchmark.rb

@@ -65,6 +65,14 @@ class Ident
       tag 'ident'
       attribute :system, String, tag: 'system'
       content :ident, String
+      def initialize(ident_str)
+        @ident = ident_str
+	if ident_str =~ /^(CCI-[0-9]{6})$/
+          @system = 'http://cyber.mil/cci'
+	else
+          @system = 'http://cyber.mil/legacy'
+	end
+      end
     end
 
     # Class Fixtext maps from the 'fixtext' from Benchmark XML file using HappyMapper

lib/utilities/xccdf/from_inspec.rb

@@ -34,6 +34,7 @@ def parse_data_for_xccdf(json) # rubocop:disable Metrics/AbcSize, Metrics/Cyclom
         c_data[c_id]['rweight']        = control['tags']['rweight'] if control['tags']['rweight'] # Optional attribute where N/A is not schema compliant
         c_data[c_id]['stig_id']        = control['tags']['stig_id'] || DATA_NOT_FOUND_MESSAGE
         c_data[c_id]['cci']            = control['tags']['cci'] if control['tags']['cci'] # Optional attribute
+        c_data[c_id]['legacy']         = control['tags']['legacy'] if control['tags']['legacy'] # Optional attribute
         c_data[c_id]['nist']           = control['tags']['nist'] || ['unmapped']
         c_data[c_id]['check']          = control['tags']['check'] || DATA_NOT_FOUND_MESSAGE
         c_data[c_id]['checkref']       = control['tags']['checkref'] || DATA_NOT_FOUND_MESSAGE

lib/utilities/xccdf/to_xccdf.rb

@@ -74,6 +74,7 @@ def build_groups # rubocop:disable Metrics/AbcSize
         end
 
         group.rule.ident = build_rule_idents(control['cci']) if control['cci']
+        group.rule.ident += build_rule_idents(control['legacy']) if control['legacy']
 
         group.rule.fixtext = HappyMapperTools::Benchmark::Fixtext.new
         group.rule.fixtext.fixref = control['fix_id']
@@ -126,10 +127,7 @@ def build_rule_idents(idents)
 
       # Each rule identifier is a different element
       idents.map do |identifier|
-        ident = HappyMapperTools::Benchmark::Ident.new
-        ident.system = 'https://public.cyber.mil/stigs/cci/'
-        ident.ident = identifier
-        ident
+        ident = HappyMapperTools::Benchmark::Ident.new identifier
       end
     end
 
@@ -227,6 +225,7 @@ def populate_rule_result(control, result, result_status)
       rule_result.instance = result['code_desc']
 
       rule_result.ident = build_rule_idents(control['cci']) if control['cci']
+      rule_result.ident += build_rule_idents(control['legacy']) if control['legacy']
 
       # Fix information is only necessary when there are failed tests
       rule_result.fix = build_rule_fix(control['fix_id']) if control['fix_id'] && result_status == 'fail'