Ensure a rule's inspec code is updated after establishing rule satisf…

…action or reverting change on a rule (#609) * Updated seed to properly extablish rule satisfaction Signed-off-by: Vanessa Fotso <[email protected]> * - Update the rule's inspec code after saving the rule - Resave the rule to trigger the callback after establishing the rule satisfaction or reverting the change on a rule Signed-off-by: Vanessa Fotso <[email protected]> --------- Signed-off-by: Vanessa Fotso <[email protected]>
mitre · Sep 27, 2023 · b823436 · b823436
1 parent 3b00a2d
commit b823436
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 21 deletions.
diff --git a/app/controllers/rule_satisfactions_controller.rb b/app/controllers/rule_satisfactions_controller.rb
@@ -9,6 +9,8 @@ class RuleSatisfactionsController < ApplicationController
 
   def create
     if @rule.satisfies.empty? && (@rule.satisfied_by << @satisfied_by_rule)
+      # Save the rule to trigger callbacks (update inspec)
+      @satisfied_by_rule.save
       render json: { toast: "Successfully marked #{@rule.version} as satisfied by #{@satisfied_by_rule.version}." }
     else
       render json: {
@@ -23,6 +25,8 @@ def create
 
   def destroy
     if @rule.satisfied_by.delete(@satisfied_by_rule)
+      # Save the rule to trigger callbacks (update inspec)
+      @satisfied_by_rule.save
       render json: { toast: "#{@rule.version} is no longer marked as satisfied by #{@satisfied_by_rule.version}." }
     else
       render json: {

diff --git a/app/controllers/rules_controller.rb b/app/controllers/rules_controller.rb
@@ -103,6 +103,8 @@ def destroy
 
   def revert
     Rule.revert(@rule, params[:audit_id], params[:fields], params[:audit_comment])
+    # Save the rule to trigger callbacks (update inspec)
+    @rule.save
     render json: { toast: 'Successfully reverted history for control.' }
   rescue RuleRevertError => e
     render json: {

diff --git a/app/models/component.rb b/app/models/component.rb
@@ -352,6 +352,8 @@ def create_rule_satisfactions
         next if sb_rule.nil?
 
         rule.satisfied_by << sb_rule
+        # Save the rule to trigger callbacks (update inspec)
+        sb_rule.save
       end
     end
   end

diff --git a/app/models/rule.rb b/app/models/rule.rb
@@ -5,6 +5,8 @@
 # Rules, also known as Controls, are the smallest unit of enforceable configuration found in a
 # Benchmark XCCDF.
 class Rule < BaseRule
+  attr_accessor :skip_update_inspec_code
+
   amoeba do
     # Using set review_requestor_id: nil does not work as expected, must use nullify
     nullify :review_requestor_id
@@ -38,12 +40,10 @@ class Rule < BaseRule
                           association_foreign_key: :rule_id
 
   before_validation :set_rule_id
-  before_save :apply_audit_comment
-  before_save :sort_ident, :update_inspec_code
+  before_save :apply_audit_comment, :sort_ident
   before_destroy :prevent_destroy_if_under_review_or_locked
   after_destroy :update_component_rules_count
-  after_save :update_component_rules_count
-  after_save :update_satisfied_by_inspec_code
+  after_save :update_component_rules_count, :update_inspec_code
 
   validates_with RuleSatisfactionValidator
   validate :cannot_be_locked_and_under_review
@@ -202,6 +202,9 @@ def displayed_name
   end
 
   def update_inspec_code
+    return if skip_update_inspec_code
+
+    self.skip_update_inspec_code = true
     desc = disa_rule_descriptions.first
     control = Inspec::Object::Control.new
     control.add_header('# -*- encoding : utf-8 -*-')
@@ -228,14 +231,7 @@ def update_inspec_code
     end
     control.add_post_body(inspec_control_body) if inspec_control_body.present?
     self.inspec_control_file = control.to_ruby
-  end
-
-  def update_satisfied_by_inspec_code
-    sb = satisfied_by.first
-    return if sb.nil?
-
-    # trigger update_inspec_code callback
-    sb.save
+    save
   end
 
   def basic_fields

diff --git a/db/seeds.rb b/db/seeds.rb
@@ -155,16 +155,14 @@
   c.rules.order('RANDOM()').limit(c.rules.size * rand(25..35) / 100)
    .update(status: 'Applicable - Configurable')
 
-  rule_satisfactions = []
-  rules_with_duplicates_ids = c.rules.order('RANDOM()').limit(c.rules.size * rand(5..10) / 100).pluck(:id)
-  c.rules.where.not(id: rules_with_duplicates_ids).order('RANDOM()')
-   .limit(c.rules.size * rand(10..15) / 100).pluck(:id).each do |rule_id|
-    rule_satisfactions << RuleSatisfaction.new(
-      rule_id: rule_id,
-      satisfied_by_rule_id: rules_with_duplicates_ids.sample
-    )
+  # Add Rule satisfaction:
+  # Only Applicable - Configurable rule can satisfy other rules
+  rule_selection = c.rules.where(status: 'Applicable - Configurable')
+  c.rules.where.not(status: 'Applicable - Configurable').limit(3).each do |rule|
+    rule.satisfied_by << rule_selection.sample
+    # Save the rule to trigger callbacks
+    rule.save
   end
-  RuleSatisfaction.import! rule_satisfactions
 
   # Call update last to trigger callbacks
   c.rules.update(locked: true, rule_weight: '10.0', rule_severity: RuleConstants::SEVERITIES.sample)