Merge pull request #118 from NSWC-Crane/CHRIS_DEV

Doc updates, minor bug fixes.

.gitignore

@@ -104,8 +104,7 @@ instance/
 # Scrapy stuff:
 .scrapy
 
-# Sphinx documentation
-docs/_build/
+/docs/_build/doctrees/
 
 # PyBuilder
 .pybuilder/

client/src/app/pages/import-processing/tenable-import/tenableVulnerabilities.component.ts

@@ -37,7 +37,7 @@ interface CustomFilter {
 interface AssetsFilter {
   filterName: string;
   operator: string;
-  value: string | string[] | { id: string }[];
+  value: any;
 }
 interface AccordionItem {
   header: string;
@@ -1321,26 +1321,35 @@ export class TenableVulnerabilitiesComponent implements OnInit, OnDestroy {
     return addressRegex.test(ip);
   }
 
-  createAssetsFilter(value: any): AssetsFilter | null {
-    if (value && value.length > 0) {
-      let formattedValue: any = { id: value[0] };
-      for (let i = 1; i < value.length; i++) {
-        formattedValue = {
-          operator: 'intersection',
-          operand1: formattedValue,
-          operand2: {
-            id: value[i],
-          },
-        };
-      }
-
-      return {
-        filterName: 'asset',
-        operator: '~',
-        value: formattedValue,
-      };
-    }
-    return null;
+  createAssetsFilter(value: any): AssetsFilter | null {
+    if (!value || value.length === 0) {
+      return null;
+    }
+
+    if (value.length === 1) {
+      return {
+        filterName: 'asset',
+        operator: '=',
+        value: { id: value[0] }
+      };
+    }
+
+    let formattedValue: any = { id: value[0] };
+    for (let i = 1; i < value.length; i++) {
+      formattedValue = {
+        operator: 'union',
+        operand1: formattedValue,
+        operand2: {
+          id: value[i],
+        },
+      };
+    }
+
+    return {
+      filterName: 'asset',
+      operator: '~',
+      value: formattedValue,
+    };
   }
 
   createAssetExposureScoreFilter(value: any): CustomFilter | null {
@@ -2220,7 +2229,6 @@ export class TenableVulnerabilitiesComponent implements OnInit, OnDestroy {
   }
 
   loadVulnList() {
-    this.clearFilters(false);
     this.tenableTool = 'listvuln';
     this.loadVulnerabilitiesLazy({ first: 0, rows: this.rows });
     this.expandColumnSelections();

client/src/app/pages/poam-processing/poam-details/poam-details.component.html

@@ -368,7 +368,6 @@
               <div *ngIf="collectionType === 'Tenable'" class="stepper-content">
                 <tenable-assets-table [pluginID]="poam.vulnerabilityId" [tenableRepoId]="originCollectionId"></tenable-assets-table>
               </div>
-
               <div class="stepper-buttons">
                 <p-button styleClass="p-button-outlined p-button-rounded p-button-text p-button-raised p-button-secondary" icon="pi pi-arrow-left" (onClick)="prevCallback.emit()"></p-button>
                 <p-button styleClass="p-button-outlined p-button-rounded p-button-text p-button-raised p-button-primary" icon="pi pi-arrow-right" iconPos="right" (onClick)="nextCallback.emit()"></p-button>

client/src/app/pages/poam-processing/poam-details/poam-details.component.ts

@@ -623,18 +623,17 @@ ${this.pluginData.description ?? ''}`,
           this.poam.vulnerabilityId = this.stateData.vulnerabilityId;
           this.poam.rawSeverity = this.stateData.severity;
           this.poam.stigCheckData = this.stateData.ruleData;
-          const benchmarkId = this.stateData.benchmarkId;
+          this.poam.stigBenchmarkId = this.stateData.benchmarkId;
           const selectedStig = this.stigmanSTIGs.find(
-            (stig: any) => stig.benchmarkId === benchmarkId,
+            (stig: any) => stig.benchmarkId === this.poam.stigBenchmarkId,
           );
           if (selectedStig) {
             this.selectedStigObject = selectedStig;
             this.selectedStigTitle = selectedStig.title;
             this.poam.vulnerabilityName = selectedStig.title;
             this.onStigSelected(selectedStig);
           } else {
-            this.poam.stigBenchmarkId = benchmarkId;
-            this.poam.vulnerabilityName = benchmarkId;
+            this.poam.vulnerabilityName = this.poam.stigBenchmarkId;
           }
         },
       });
@@ -1062,19 +1061,19 @@ ${this.pluginData.description ?? ''}`,
     }
   }
 
-  onStigSelected(event: any) {
+  onStigSelected(event: any) {    
     let selectedStig;
     if (typeof event === 'string') {
       selectedStig = this.stigmanSTIGs.find(
         (stig: any) => stig.title === event,
-      );
+      );      
     } else {
-      selectedStig = event.value;
+      selectedStig = event;
     }
-
     if (selectedStig) {
       this.selectedStigTitle = selectedStig.title;
       this.selectedStigBenchmarkId = selectedStig.benchmarkId;
+      this.poam.stigBenchmarkId = this.selectedStigBenchmarkId;
       this.poam.vulnerabilityTitle = (() => {
         const [version, release] =
           selectedStig.lastRevisionStr?.match(/\d+/g) || [];
@@ -1085,7 +1084,6 @@ ${this.pluginData.description ?? ''}`,
 
         return `${selectedStig.title} :: ${formattedRevision} Benchmark Date: ${selectedStig.lastRevisionDate}`;
       })();
-      this.poam.stigBenchmarkId = selectedStig.benchmarkId;
     }
   }
 

docs/_build/.gitignore

@@ -0,0 +1,6 @@
+# Ignore everything
+*
+
+# Except
+!html
+!.gitignore

docs/build.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+SPHINX_IMAGE_W_REQUIREMENTS=sphinx-w-requirements
+
+# Change to this script directory
+cd "$(dirname "$(realpath "$0")")"
+
+# Create _build if it doesn't exist
+mkdir -p _build
+
+# Clean up _build
+find _build -type f -not -name '.gitignore' -delete
+find _build -type d -empty -delete
+
+docker build -t $SPHINX_IMAGE_W_REQUIREMENTS .
+
+docker run --rm -v $(pwd):/docs $SPHINX_IMAGE_W_REQUIREMENTS

docs/source/install/documentation.rst

@@ -0,0 +1,30 @@
+
+.. _documentation:
+
+Documentation
+########################################
+
+Build with Docker
+^^^^^^^^^^^^^^^^^^
+
+#. Clone the C-PAT repository from GitHub.
+#. Navigate to /docs folder of the repository. 
+#. Build the Docker image using the following command: ``docker build -t sphinx-w-requirements .``
+#. Run the Docker image using the following command: ``docker run --rm -v "$(pwd):/docs" sphinx-w-requirements``
+#. The build product is located in ``_build`` in the docs directory.
+
+Alternatively, you can run the ``build.sh`` script located in the /docs directory of the repository. This script will build the Docker image and run the container, generating the documentation.
+
+Build with Python
+^^^^^^^^^^^^^^^^^^
+
+To build the documentation locally:
+
+#. Clone the C-PAT repository from GitHub.
+#. Install Python
+#. Install Sphinx ``pip install sphinx``
+#. Navigate to /docs folder of the repository. 
+#. Install the documentation build requirements ``pip install -r requirements.txt``
+#. Depending on the OS you are using, build the documentation using make.bat or the Makefile, and specify html as the format. Windows PowerShell example: ``./make html``
+
+By default, the build product is located in ``_build`` in the docs directory. 

docs/source/install/index.rst

@@ -24,4 +24,5 @@ These pages describe how to setup and deploy C-PAT
 	environment-variables
 	securing
 	integrations
+	documentation
 

docs/source/install/integrations.rst

@@ -38,7 +38,7 @@ STIG Manager
 
 
 Tenable
-------
+--------
 
   .. list-table:: Tenable Environmenment Variables: 
    :widths: 20 25 55

docs/source/install/reverse-proxy.rst

@@ -7,29 +7,29 @@ Deploy with TLS
 
 
 Configure a Reverse Proxy or Kubernetes Ingress Controller
-========================
+==========================================================
 
 To support HTTPS connections, C-PAT components should be situated behind a reverse proxy or in a Kubernetes cluster.  Configure the reverse proxy (such as nginx) or the Kubernetes Ingress Controller in accordance with publisher documentation, local security requirements, and Keycloak documentation.
 In either case, you will have to set Keycloak environment variable `PROXY_ADDRESS_FORWARDING=true`  and make sure appropriate headers are forwarded.
 
 
 
 Nginx for TLS
-========================
+==============
 
 C-PAT provides two branches on GitHub with sample RMF Tools nginx deployments with a configuration file that may be useful to those setting up a Production deployment of C-PAT and STIG Manager:
 
 
 
 With CAC Authentication
-------------------------------------------
+------------------------
 
 https://github.com/NSWC-Crane/C-PAT/tree/rmftools-orchestration-cac
 
 
 
 Without CAC Authentication
-------------------------------------------
+---------------------------
 
 https://github.com/NSWC-Crane/C-PAT/tree/demo-auth-no-CAC
 
@@ -42,7 +42,7 @@ https://github.com/NSWC-Crane/C-PAT/tree/demo-auth-no-CAC
   :show_caption: True 
   :title: Component Diagram with Reverse Proxy
 
----------------------------
+------------------------------------------
 
 .. thumbnail:: /assets/images/k8-component-diagram.svg
   :width: 50%

docs/source/user/assetprocessing.rst

@@ -1,12 +1,14 @@
+
 .. _assetprocessing:
+
 Asset Processing
 ----------------
 
 The asset processing component is responsible for displaying all assets pertaining to a specific collection. The following section is seperated into 3 parts; local assets, STIG Manager Assets, and Tenable Assets.
 Each section contains global functionality to reduce or add columns to the table view and export the asset table data to a .csv file.
 
 Local Assets
-^^^^^^^^^^^^
+^^^^^^^^^^^^^
 When a user is browsing a collection that belongs organically to C-PAT, i.e. the collection was created in C-PAT and not imported from Tenable or STIG Manager, the Asset Processing component will display the local assets view.
 The local assets view contains a tabset with 2 tabs, Asset Management and Asset Chart.
 
@@ -19,10 +21,10 @@ To modify an asset, a user has two options.
 Either option will open a pop-up form with the asset's information. The user can modify the asset's information and click "Save" to save the changes.
 
 STIG Manager Assets
-^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^
 The STIG Manager Assets view is displayed when a user is browsing a collection that was imported from STIG Manager. The STIG Manager Assets view contains a single assets table with columns for Asset Name, FQDN, IP Address, MAC Address, Collection Name, and STIG Manager Labels. The table is a display of assets returned from a query to the STIG Manager API at ``/assets?collectionId={collectionId}`` and contains data that is current as of the time that the user opens the Asset Processing component.
 
 
 Tenable Assets
-^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^
 The Tenable Assets view is displayed when a user is browsing a collection that was imported from Tenable. The Tenable Assets view contains a single assets table with columns for Plugin ID, Name, Family, Severity, VPR, IP Address, ACR, AES, NetBIOS, DNS, MAC Address, Port, Protocol, Agent ID, and Host ID. The table is a display of assets returned from a query to the Tenable API at ``/analysis`` using the ``listvuln`` tool with a filter for ``repository`` to match the collection that the user is currently viewing. The asset data displayed is current as of the time that the user opens the Asset Processing component.

docs/source/user/index.rst

@@ -1,5 +1,5 @@
 
-.. _admin-index:
+.. _user-index:
 
 User Guide
 ===============================

docs/source/user/labelprocessing.rst

@@ -1,4 +1,6 @@
+
 .. _labelprocessing:
+
 Label Processing
 ----------------
 

docs/source/user/manage-poams.rst

@@ -1,17 +1,19 @@
+
 .. _manage-poams:
+
 Manage POAMs
 ------------
 
 The Manage POAMs component is a compilation of charts, tables, and grids that are ultimately designed to assist a user in quickly and easily identifying the data they want or need to view. The Manage POAMs component is broken down into the following interactive sections: POAM Status Grid (tabset), Main POAM Chart, and the Main POAM Chart expansion table.
 
 POAM Main Chart
-^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^
 
 The POAM Main Chart contains a single dataset that is seperated into 4 different viewing formats; POAM Status, Severity, Scheduled Completion, and Labels. Each section is filterable via the filter dropdown located below the chart. 
 Filters are available for Status, Severity, Scheduled Completion, Labels, and Vulnerability Source. Multiple filters can be applied.
 
 POAM Expanded Grid
-^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^
 
 The expanded POAM grid is a table that dynamically reflects the POAMs from the POAM Main Chart. When the main chart is filtered, the resulting data displayed in the expanded grid will also be filtered. In addition to the filters available in the Main Chart, the expanded POAM grid also contains column filters for the following fields: 
 Last Updated, POAM ID, Vulnerability ID, POAM Status, Vulnerability Source, STIG Benchmark, Adjusted Severity, Submitter, Assigned Teams, Submitted Date, and Scheduled Completion Date.
@@ -22,7 +24,7 @@ The far right column of the expanded POAM grid contains an icon that will direct
    POAM's are also exportable from within the expanded grid. The export will contain all POAMs displayed in the grid, formatted into the eMASS excel format.
 
 Assigned Grid
-^^^^^^^^^^^^^
+^^^^^^^^^^^^^^
 
 The Assigned Grid is a table that displays POAMs segmented into one of four seperate categories; All POAMs, Needs Attention, My POAMs, and Pending Approval.
 
@@ -31,19 +33,19 @@ The Assigned Grid is a table that displays POAMs segmented into one of four sepe
 
 
 All POAMs
-"""""""""
+""""""""""
 The All POAMs tab displays all POAMs that are currently available within the collection. No filtering is conducted on the dataset for the All POAMs tab. Access Level of 1 (Viewer) or greater is required to view this tab.
 
 
 Needs Attention
-"""""""""""""""
+""""""""""""""""
 The Needs Attention tab contains POAMs where the Scheduled Completion Date is less than 30 days and the POAM status is not Draft, Closed, or False Positive. Access Level of 1 (Viewer) or greater is required to view this tab.
 
 
 My POAMs
-""""""""
+"""""""""
 The My POAMs tab displays all POAMs that have been submitted by the user where the POAM status is not Closed. Access Level of 2 (Submitter) or greater is required to view this tab.
 
 Pending Approval
-""""""""""""""""
+"""""""""""""""""
 The Pending Approval tab displays all POAMs that are Pending Approval within the current collection [POAM Status of Submitted, Extension Requested, or Pending CAT-I Approval]. Access Level of 3 (Approver) or greater is required to view this tab.