|
1
|
|
|
#!/usr/bin/env python |
|
2
|
|
|
|
|
3
|
|
|
from __future__ import print_function |
|
4
|
|
|
|
|
5
|
|
|
import os |
|
6
|
|
|
import sys |
|
7
|
|
|
|
|
8
|
|
|
import ssg.constants |
|
9
|
|
|
import ssg.jinja |
|
10
|
|
|
import ssg.oval |
|
11
|
|
|
import ssg.rules |
|
12
|
|
|
import ssg.utils |
|
13
|
|
|
import ssg.yaml |
|
14
|
|
|
import ssg.build_yaml |
|
15
|
|
|
import ssg.rule_yaml |
|
16
|
|
|
|
|
17
|
|
|
|
|
18
|
|
|
def main(): |
|
19
|
|
|
""" |
|
20
|
|
|
Walk through all known products in the ssg root specified in sys.argv[1], |
|
21
|
|
|
and ensure that all ovals in all rule directories are parsable under |
|
22
|
|
|
ssg.oval.parse_affected(...). |
|
23
|
|
|
""" |
|
24
|
|
|
|
|
25
|
|
|
if len(sys.argv) != 3: |
|
26
|
|
|
print("Error! Must supply only path to root of ssg directory and the build_config.yml file path", |
|
27
|
|
|
file=sys.stderr) |
|
28
|
|
|
sys.exit(1) |
|
29
|
|
|
|
|
30
|
|
|
ssg_root = sys.argv[1] |
|
31
|
|
|
ssg_build_config_yaml = sys.argv[2] |
|
32
|
|
|
|
|
33
|
|
|
known_dirs = set() |
|
34
|
|
|
for product in ssg.constants.product_directories: |
|
35
|
|
|
product_dir = os.path.join(ssg_root, product) |
|
36
|
|
|
product_yaml_path = os.path.join(product_dir, "product.yml") |
|
37
|
|
|
product_yaml = ssg.yaml.open_raw(product_yaml_path) |
|
38
|
|
|
|
|
39
|
|
|
env_yaml = ssg.yaml.open_environment(ssg_build_config_yaml, product_yaml_path) |
|
40
|
|
|
ssg.jinja.add_python_functions(env_yaml) |
|
41
|
|
|
|
|
42
|
|
|
guide_dir = os.path.join(product_dir, product_yaml['benchmark_root']) |
|
43
|
|
|
additional_content_directories = product_yaml.get("additional_content_directories", []) |
|
44
|
|
|
add_content_dirs = [os.path.abspath(os.path.join(product_dir, rd)) for rd in additional_content_directories] |
|
45
|
|
|
|
|
46
|
|
|
for cur_dir in [guide_dir] + add_content_dirs: |
|
47
|
|
|
if cur_dir not in known_dirs: |
|
48
|
|
|
parse_affected(cur_dir, env_yaml) |
|
49
|
|
|
known_dirs.add(cur_dir) |
|
50
|
|
|
|
|
51
|
|
|
|
|
52
|
|
|
def parse_affected(cur_dir, env_yaml): |
|
53
|
|
|
for rule_dir in ssg.rules.find_rule_dirs(cur_dir): |
|
54
|
|
|
rule_path = os.path.join(rule_dir, "rule.yml") |
|
55
|
|
|
rule = ssg.build_yaml.Rule.from_yaml(rule_path, env_yaml) |
|
56
|
|
|
prodtypes = ssg.rule_yaml.parse_prodtype(rule.prodtype) |
|
57
|
|
|
|
|
58
|
|
|
env_yaml['rule_id'] = rule.id_ |
|
59
|
|
|
env_yaml['rule_title'] = rule.title |
|
60
|
|
|
env_yaml['products'] = prodtypes # default is all |
|
61
|
|
|
|
|
62
|
|
|
for oval in ssg.rules.get_rule_dir_ovals(rule_dir): |
|
63
|
|
|
xml_content = ssg.jinja.process_file_with_macros(oval, env_yaml) |
|
64
|
|
|
# Some OVAL definitions may render to an empty definition |
|
65
|
|
|
# when building OVAL 5.10 only content |
|
66
|
|
|
if not xml_content: |
|
67
|
|
|
continue |
|
68
|
|
|
|
|
69
|
|
|
oval_contents = ssg.utils.split_string_content(xml_content) |
|
70
|
|
|
|
|
71
|
|
|
try: |
|
72
|
|
|
results = ssg.oval.parse_affected(oval_contents) |
|
73
|
|
|
|
|
74
|
|
|
assert len(results) == 3 |
|
75
|
|
|
assert isinstance(results[0], int) |
|
76
|
|
|
assert isinstance(results[1], int) |
|
77
|
|
|
|
|
78
|
|
|
except ValueError as e: |
|
79
|
|
|
print("No <affected> element found in file {}".format(oval)) |
|
80
|
|
|
raise e |
|
81
|
|
|
|
|
82
|
|
|
|
|
83
|
|
|
if __name__ == "__main__": |
|
84
|
|
|
main() |
|
85
|
|
|
|
ComplianceAsCode /
content
