|
1
|
|
|
#!/usr/bin/python3 |
|
2
|
|
|
|
|
3
|
|
|
from __future__ import print_function |
|
4
|
|
|
|
|
5
|
|
|
import argparse |
|
6
|
|
|
import os |
|
7
|
|
|
import os.path |
|
8
|
|
|
|
|
9
|
|
|
import ssg.build_yaml |
|
10
|
|
|
import ssg.utils |
|
11
|
|
|
import ssg.environment |
|
12
|
|
|
import ssg.id_translate |
|
13
|
|
|
import ssg.build_renumber |
|
14
|
|
|
import ssg.products |
|
15
|
|
|
|
|
16
|
|
|
|
|
17
|
|
View Code Duplication |
def parse_args(): |
|
|
|
|
|
|
18
|
|
|
parser = argparse.ArgumentParser( |
|
19
|
|
|
description="Converts SCAP Security Guide YAML benchmark data " |
|
20
|
|
|
"(benchmark, rules, groups) to XCCDF Shorthand Format" |
|
21
|
|
|
) |
|
22
|
|
|
parser.add_argument( |
|
23
|
|
|
"--build-config-yaml", required=True, |
|
24
|
|
|
help="YAML file with information about the build configuration. " |
|
25
|
|
|
"e.g.: ~/scap-security-guide/build/build_config.yml" |
|
26
|
|
|
) |
|
27
|
|
|
parser.add_argument( |
|
28
|
|
|
"--product-yaml", required=True, |
|
29
|
|
|
help="YAML file with information about the product we are building. " |
|
30
|
|
|
"e.g.: ~/scap-security-guide/rhel7/product.yml" |
|
31
|
|
|
) |
|
32
|
|
|
parser.add_argument( |
|
33
|
|
|
"--xccdf", required=True, |
|
34
|
|
|
help="Output XCCDF file. " |
|
35
|
|
|
"e.g.: ~/scap-security-guide/build/rhel7/ssg-rhel7-xccdf.xml" |
|
36
|
|
|
) |
|
37
|
|
|
parser.add_argument( |
|
38
|
|
|
"--ocil", required=True, |
|
39
|
|
|
help="Output OCIL file. " |
|
40
|
|
|
"e.g.: ~/scap-security-guide/build/rhel7/ssg-rhel7-ocil.xml" |
|
41
|
|
|
) |
|
42
|
|
|
parser.add_argument( |
|
43
|
|
|
"--oval", required=True, |
|
44
|
|
|
help="Output OVAL file. " |
|
45
|
|
|
"e.g.: ~/scap-security-guide/build/rhel7/ssg-rhel7-oval.xml" |
|
46
|
|
|
) |
|
47
|
|
|
parser.add_argument("--resolved-base", |
|
48
|
|
|
help="To which directory to put processed rule/group/value YAMLs.") |
|
49
|
|
|
return parser.parse_args() |
|
50
|
|
|
|
|
51
|
|
|
|
|
52
|
|
|
def main(): |
|
53
|
|
|
args = parse_args() |
|
54
|
|
|
|
|
55
|
|
|
env_yaml = ssg.environment.open_environment( |
|
56
|
|
|
args.build_config_yaml, args.product_yaml) |
|
57
|
|
|
product_yaml = ssg.products.Product(args.product_yaml) |
|
58
|
|
|
base_dir = product_yaml["product_dir"] |
|
59
|
|
|
benchmark_root = ssg.utils.required_key(env_yaml, "benchmark_root") |
|
60
|
|
|
|
|
61
|
|
|
# we have to "absolutize" the paths the right way, relative to the |
|
62
|
|
|
# product_yaml path |
|
63
|
|
|
if not os.path.isabs(benchmark_root): |
|
64
|
|
|
benchmark_root = os.path.join(base_dir, benchmark_root) |
|
65
|
|
|
|
|
66
|
|
|
loader = ssg.build_yaml.LinearLoader( |
|
67
|
|
|
env_yaml, args.resolved_base) |
|
68
|
|
|
loader.load_compiled_content() |
|
69
|
|
|
loader.load_benchmark(benchmark_root) |
|
70
|
|
|
|
|
71
|
|
|
loader.add_fixes_to_rules() |
|
72
|
|
|
xccdftree = loader.export_benchmark_to_xml() |
|
73
|
|
|
ocil = loader.export_ocil_to_xml() |
|
74
|
|
|
|
|
75
|
|
|
checks = xccdftree.findall(".//{%s}check" % ssg.constants.XCCDF12_NS) |
|
76
|
|
|
|
|
77
|
|
|
translator = ssg.id_translate.IDTranslator("ssg") |
|
78
|
|
|
|
|
79
|
|
|
oval_linker = ssg.build_renumber.OVALFileLinker( |
|
80
|
|
|
translator, xccdftree, checks, args.oval) |
|
81
|
|
|
oval_linker.link() |
|
82
|
|
|
oval_linker.save_linked_tree() |
|
83
|
|
|
oval_linker.link_xccdf() |
|
84
|
|
|
|
|
85
|
|
|
ocil_linker = ssg.build_renumber.OCILFileLinker( |
|
86
|
|
|
translator, xccdftree, checks, args.ocil) |
|
87
|
|
|
ocil_linker.link(ocil) |
|
88
|
|
|
ocil_linker.save_linked_tree() |
|
89
|
|
|
ocil_linker.link_xccdf() |
|
90
|
|
|
|
|
91
|
|
|
ssg.xml.ElementTree.ElementTree(xccdftree).write(args.xccdf) |
|
92
|
|
|
|
|
93
|
|
|
|
|
94
|
|
|
if __name__ == "__main__": |
|
95
|
|
|
main() |
|
96
|
|
|
|
ComplianceAsCode /
content
Loading history...