ssg._oval.main() - Code Metrics - Inspection of "Merge pull request #2949 from cipherboy/ssg-module" - ComplianceAsCode/content - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 291ee9...9d841e )

by Matěj

created 2018-06-15 13:07 UTC

ssg._oval.main() C

↳ Parent: ssg._oval

Complexity

Conditions

Size

Total Lines	57
Code Lines	45

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	8
eloc	45
nop	0
dl	0
loc	57
rs	6.0451
c	0
b	0
f	0

How to fix Long Method

import sys
import os
import re
import argparse
import tempfile
import subprocess

from ConfigParser import SafeConfigParser

from ssg._constants import oval_footer as footer
from ssg._constants import oval_namespace as ovalns
from ssg._constants import timestamp
from ssg._xml import ElementTree as ET
from ssg._xml import oval_generated_header


SHARED_OVAL = re.sub('shared.*', 'shared', __file__) + '/checks/oval/'


try:
    from openscap import oscap_get_version
    if oscap_get_version() < 1.2:
        oval_version = "5.10"
    else:
        oval_version = "5.11"
except ImportError:
    oval_version = "5.10"

# globals, to make recursion easier in case we encounter extend_definition
definitions = ET.Element("definitions")
tests = ET.Element("tests")
objects = ET.Element("objects")
states = ET.Element("states")
variables = ET.Element("variables")


# append new child ONLY if it's not a duplicate
def append(element, newchild):
    newid = newchild.get("id")
    existing = element.find(".//*[@id='" + newid + "']")
    if existing is not None:
        if not silent_mode:

            sys.stderr.write("Notification: this ID is used more than once " +
                             "and should represent equivalent elements: " +
                             newid + "\n")
    else:
        element.append(newchild)


def add_oval_elements(body, header):
    """Add oval elements to the global Elements defined above"""

    tree = ET.fromstring(header + body + footer)
    tree = replace_external_vars(tree)
    # parse new file(string) as an etree, so we can arrange elements
    # appropriately
    for childnode in tree.findall("./{%s}def-group/*" % ovalns):
        # print "childnode.tag is " + childnode.tag
        if childnode.tag is ET.Comment:
            continue
        if childnode.tag == ("{%s}definition" % ovalns):
            append(definitions, childnode)
            defname = childnode.get("id")
            # extend_definition is a special case:  must include a whole other
            # definition
            for defchild in childnode.findall(".//{%s}extend_definition"
                                              % ovalns):
                defid = defchild.get("definition_ref")
                extend_ref = find_testfile(defid+".xml")
                includedbody = read_ovaldefgroup_file(extend_ref)
                # recursively add the elements in the other file
                add_oval_elements(includedbody, header)
        if childnode.tag.endswith("_test"):
            append(tests, childnode)
        if childnode.tag.endswith("_object"):
            append(objects, childnode)
        if childnode.tag.endswith("_state"):
            append(states, childnode)
        if childnode.tag.endswith("_variable"):
            append(variables, childnode)
    return defname



def replace_external_vars(tree):
    """Replace external_variables with local_variables, so the definition can be
       tested independently of an XCCDF file"""

    # external_variable is a special case: we turn it into a local_variable so
    # we can test
    for node in tree.findall(".//{%s}external_variable" % ovalns):
        print("External_variable with id : " + node.get("id"))
        extvar_id = node.get("id")
        # for envkey, envval in os.environ.iteritems():
        #     print envkey + " = " + envval
        # sys.exit()
        if extvar_id not in os.environ.keys():
            print("External_variable specified, but no value provided via "
                  "environment variable")
            sys.exit(2)
        # replace tag name: external -> local
        node.tag = "{%s}local_variable" % ovalns
        literal = ET.Element("literal_component")
        literal.text = os.environ[extvar_id]
        node.append(literal)
        # TODO: assignment of external_variable via environment vars, for
        # testing
    return tree


def find_testfile(testfile):
    """Find OVAL files in CWD or shared/oval"""
    for path in ['.', SHARED_OVAL]:
        for root, folder, files in os.walk(path):
            searchfile = root + '/' + testfile
            if not os.path.isfile(searchfile):
                searchfile = ""
            else:
                testfile = searchfile.strip()
                # Most likely found file, exit this loop
                break

    if not os.path.isfile(testfile):
        print("ERROR: %s does not exist! Please specify a valid OVAL file."
              % testfile)
        sys.exit(1)

    return testfile


def read_ovaldefgroup_file(testfile):
    """Read oval files"""
    with open(testfile, 'r') as test_file:
        body = test_file.read()
    return body


def parse_options():
    usage = "usage: %(prog)s [options] definition_file.xml"
    parser = argparse.ArgumentParser(usage=usage, version="%(prog)s ")
    # only some options are on by default

    parser.add_argument("--oval_version", default=oval_version,
                        dest="oval_version", action="store",
                        help="OVAL version to use. Example: 5.11, 5.10, ... \
                        [Default: %(default)s]")
    parser.add_argument("-q", "--quiet", "--silent", default=False,
                        action="store_true", dest="silent_mode",
                        help="Don't show any output when testing OVAL files")
    parser.add_argument("xmlfile", metavar="XMLFILE", help="OVAL XML file")
    args = parser.parse_args()

    return args


def main():
    global definitions
    global tests
    global objects
    global states
    global variables
    global silent_mode

    args = parse_options()
    silent_mode = args.silent_mode
    oval_version = args.oval_version

    testfile = args.xmlfile
    header = oval_generated_header("testoval.py", oval_version, "0.0.1")
    testfile = find_testfile(testfile)
    body = read_ovaldefgroup_file(testfile)
    defname = add_oval_elements(body, header)
    ovaltree = ET.fromstring(header + footer)

    # append each major element type, if it has subelements
    for element in [definitions, tests, objects, states, variables]:
        if element.getchildren():
            ovaltree.append(element)
    # re-map all the element ids from meaningful names to meaningless
    # numbers
    testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")

    ovaltree = testtranslator.translate(ovaltree)
    (ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
    os.write(ovalfile, ET.tostring(ovaltree))
    os.close(ovalfile)
    if not silent_mode:
        print("Evaluating with OVAL tempfile: " + fname)
        print("OVAL Schema Version: %s" % oval_version)
        print("Writing results to: " + fname + "-results")
    cmd = "oscap oval eval --results " + fname + "-results " + fname
    oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
    cmd_out = oscap_child.communicate()[0]
    if not silent_mode:
        print cmd_out

    if oscap_child.returncode != 0:
        if not silent_mode:
            print("Error launching 'oscap' command: \n\t" + cmd)
        sys.exit(2)
    if 'false' in cmd_out:
        # at least one from the evaluated OVAL definitions evaluated to
        # 'false' result, exit with '1' to indicate OVAL scan FAIL result
        sys.exit(1)
    # perhaps delete tempfile?
    definitions = ET.Element("definitions")
    tests = ET.Element("tests")
    objects = ET.Element("objects")
    states = ET.Element("states")
    variables = ET.Element("variables")

    # 'false' keyword wasn't found in oscap's command output
    # exit with '0' to indicate OVAL scan TRUE result
    sys.exit(0)


1			import sys
2			import os
3			import re
4			import argparse
5			import tempfile
6			import subprocess
7
8			from ConfigParser import SafeConfigParser
9
10			from ssg._constants import oval_footer as footer
11			from ssg._constants import oval_namespace as ovalns
12			from ssg._constants import timestamp
13			from ssg._xml import ElementTree as ET
14			from ssg._xml import oval_generated_header
15
16
17			SHARED_OVAL = re.sub('shared.*', 'shared', __file__) + '/checks/oval/'
18
19
20			try:
21			from openscap import oscap_get_version
22			if oscap_get_version() < 1.2:
23			oval_version = "5.10"
24			else:
25			oval_version = "5.11"
26			except ImportError:
27			oval_version = "5.10"
28
29			# globals, to make recursion easier in case we encounter extend_definition
30			definitions = ET.Element("definitions")
31			tests = ET.Element("tests")
32			objects = ET.Element("objects")
33			states = ET.Element("states")
34			variables = ET.Element("variables")
35
36
37			# append new child ONLY if it's not a duplicate
38			def append(element, newchild):
39			newid = newchild.get("id")
40			existing = element.find(".//*[@id='" + newid + "']")
41			if existing is not None:
42			if not silent_mode:
			0 ignored issues – show Comprehensibility Best Practice introduced 2018-05-31 12:10 UTC by Report Bug Copy Issue Report The variable `silent_mode` does not seem to be defined. Loading history...
43			sys.stderr.write("Notification: this ID is used more than once " +
44			"and should represent equivalent elements: " +
45			newid + "\n")
46			else:
47			element.append(newchild)
48
49
50			def add_oval_elements(body, header):
51			"""Add oval elements to the global Elements defined above"""
52
53			tree = ET.fromstring(header + body + footer)
54			tree = replace_external_vars(tree)
55			# parse new file(string) as an etree, so we can arrange elements
56			# appropriately
57			for childnode in tree.findall("./{%s}def-group/*" % ovalns):
58			# print "childnode.tag is " + childnode.tag
59			if childnode.tag is ET.Comment:
60			continue
61			if childnode.tag == ("{%s}definition" % ovalns):
62			append(definitions, childnode)
63			defname = childnode.get("id")
64			# extend_definition is a special case: must include a whole other
65			# definition
66			for defchild in childnode.findall(".//{%s}extend_definition"
67			% ovalns):
68			defid = defchild.get("definition_ref")
69			extend_ref = find_testfile(defid+".xml")
70			includedbody = read_ovaldefgroup_file(extend_ref)
71			# recursively add the elements in the other file
72			add_oval_elements(includedbody, header)
73			if childnode.tag.endswith("_test"):
74			append(tests, childnode)
75			if childnode.tag.endswith("_object"):
76			append(objects, childnode)
77			if childnode.tag.endswith("_state"):
78			append(states, childnode)
79			if childnode.tag.endswith("_variable"):
80			append(variables, childnode)
81			return defname
			0 ignored issues – show introduced 2018-05-31 12:10 UTC by Report Bug Copy Issue Report The variable `defname` does not seem to be defined for all execution paths. Loading history...
82
83
84			def replace_external_vars(tree):
85			"""Replace external_variables with local_variables, so the definition can be
86			tested independently of an XCCDF file"""
87
88			# external_variable is a special case: we turn it into a local_variable so
89			# we can test
90			for node in tree.findall(".//{%s}external_variable" % ovalns):
91			print("External_variable with id : " + node.get("id"))
92			extvar_id = node.get("id")
93			# for envkey, envval in os.environ.iteritems():
94			# print envkey + " = " + envval
95			# sys.exit()
96			if extvar_id not in os.environ.keys():
97			print("External_variable specified, but no value provided via "
98			"environment variable")
99			sys.exit(2)
100			# replace tag name: external -> local
101			node.tag = "{%s}local_variable" % ovalns
102			literal = ET.Element("literal_component")
103			literal.text = os.environ[extvar_id]
104			node.append(literal)
105			# TODO: assignment of external_variable via environment vars, for
106			# testing
107			return tree
108
109
110			def find_testfile(testfile):
111			"""Find OVAL files in CWD or shared/oval"""
112			for path in ['.', SHARED_OVAL]:
113			for root, folder, files in os.walk(path):
114			searchfile = root + '/' + testfile
115			if not os.path.isfile(searchfile):
116			searchfile = ""
117			else:
118			testfile = searchfile.strip()
119			# Most likely found file, exit this loop
120			break
121
122			if not os.path.isfile(testfile):
123			print("ERROR: %s does not exist! Please specify a valid OVAL file."
124			% testfile)
125			sys.exit(1)
126
127			return testfile
128
129
130			def read_ovaldefgroup_file(testfile):
131			"""Read oval files"""
132			with open(testfile, 'r') as test_file:
133			body = test_file.read()
134			return body
135
136
137			def parse_options():
138			usage = "usage: %(prog)s [options] definition_file.xml"
139			parser = argparse.ArgumentParser(usage=usage, version="%(prog)s ")
140			# only some options are on by default
141
142			parser.add_argument("--oval_version", default=oval_version,
143			dest="oval_version", action="store",
144			help="OVAL version to use. Example: 5.11, 5.10, ... \
145			[Default: %(default)s]")
146			parser.add_argument("-q", "--quiet", "--silent", default=False,
147			action="store_true", dest="silent_mode",
148			help="Don't show any output when testing OVAL files")
149			parser.add_argument("xmlfile", metavar="XMLFILE", help="OVAL XML file")
150			args = parser.parse_args()
151
152			return args
153
154
155			def main():
156			global definitions
157			global tests
158			global objects
159			global states
160			global variables
161			global silent_mode
162
163			args = parse_options()
164			silent_mode = args.silent_mode
165			oval_version = args.oval_version
166
167			testfile = args.xmlfile
168			header = oval_generated_header("testoval.py", oval_version, "0.0.1")
169			testfile = find_testfile(testfile)
170			body = read_ovaldefgroup_file(testfile)
171			defname = add_oval_elements(body, header)
172			ovaltree = ET.fromstring(header + footer)
173
174			# append each major element type, if it has subelements
175			for element in [definitions, tests, objects, states, variables]:
176			if element.getchildren():
177			ovaltree.append(element)
178			# re-map all the element ids from meaningful names to meaningless
179			# numbers
180			testtranslator = idtranslate.IDTranslator("scap-security-guide.testing")
			0 ignored issues – show Comprehensibility Best Practice introduced 2018-06-13 12:58 UTC by Report Bug Copy Issue Report The variable `idtranslate` does not seem to be defined. Loading history...
181			ovaltree = testtranslator.translate(ovaltree)
182			(ovalfile, fname) = tempfile.mkstemp(prefix=defname, suffix=".xml")
183			os.write(ovalfile, ET.tostring(ovaltree))
184			os.close(ovalfile)
185			if not silent_mode:
186			print("Evaluating with OVAL tempfile: " + fname)
187			print("OVAL Schema Version: %s" % oval_version)
188			print("Writing results to: " + fname + "-results")
189			cmd = "oscap oval eval --results " + fname + "-results " + fname
190			oscap_child = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
191			cmd_out = oscap_child.communicate()[0]
192			if not silent_mode:
193			print cmd_out
			0 ignored issues – show introduced 2018-06-14 17:23 UTC by Report Bug Copy Issue Report Missing parentheses in call to 'print'. Did you mean print(print cmd_out)? (<string>, line 193) Loading history...
194			if oscap_child.returncode != 0:
195			if not silent_mode:
196			print("Error launching 'oscap' command: \n\t" + cmd)
197			sys.exit(2)
198			if 'false' in cmd_out:
199			# at least one from the evaluated OVAL definitions evaluated to
200			# 'false' result, exit with '1' to indicate OVAL scan FAIL result
201			sys.exit(1)
202			# perhaps delete tempfile?
203			definitions = ET.Element("definitions")
204			tests = ET.Element("tests")
205			objects = ET.Element("objects")
206			states = ET.Element("states")
207			variables = ET.Element("variables")
208
209			# 'false' keyword wasn't found in oscap's command output
210			# exit with '0' to indicate OVAL scan TRUE result
211			sys.exit(0)
212

ComplianceAsCode / content

Push — master ( 291ee9...9d841e )

ssg._oval.main() C

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

Duplication Side-by-Side

Filter issues like