Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML Report Creation Fails With XPath error: growing nodeset hit limit #2082

Closed
gfrizzo-rescale opened this issue Feb 1, 2024 · 4 comments
Closed

HTML Report Creation Fails With XPath error: growing nodeset hit limit #2082

gfrizzo-rescale opened this issue Feb 1, 2024 · 4 comments

Comments

@gfrizzo-rescale
Copy link

Description of Problem:

When running a scan oscap xccdf eval with --report oscap-results.html argument, the following error appears at the end and the report creation fails:

XPath error : Memory allocation failed : growing nodeset hit limit

growing nodeset hit limit

^
runtime error: file /openscap/xsl/xccdf-report.xsl line 91 element value-of
XPath evaluation returned no result.
OpenSCAP Error: Could not apply XSLT /openscap/xsl/xccdf-report.xsl to XML file: NONEXISTENT [/openscap/src/source/xslt.c:183]

OpenSCAP Version:

1.3.10 (also tried with 1.3.8. Same error)

Operating System & Version:

Red Hat Enterprise Linux 8.9 (Ootpa)

Steps to Reproduce:

  1. I believe this may be related to the number of files being scanned. So, have at least 318135 files in the system.
  2. Run: oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_stig --report my-oscap-results.html --stig-viewer my-stig-viewer-results.xml /usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml
  3. Error shows at the end of the scan. XML report is successfully generated. HTML fails.

Actual Results:

HTML report is not generated.

Expected Results:

HTML report is generated.

Additional Information / Debugging Steps:
@evgenyz
Copy link
Contributor

evgenyz commented Feb 1, 2024
edited
Loading

Well, you're in luck. Kinda. We have 2 workarounds: #2051 and #2052. Choose your poison.

@gfrizzo-rescale
Copy link
Author

Thanks!

OSCAP_PROBE_MAX_COLLECTED_ITEMS works.
Any recommendations for the default value? Based on #2051, 1000 is fine?

Also, not sure if this is the right place to ask but, do you know how long would take to the openscap 1.3.10 release to reach the official distribution channels (so, a simple yum install would install version 1.3.10)?

@evgenyz
Copy link
Contributor

evgenyz commented Feb 6, 2024

It all depends on the system. And you should understand that limiting collected items might yield false-negative results. Pick the biggest you possibly can.

@evgenyz evgenyz closed this as completed Feb 6, 2024
@evgenyz
Copy link
Contributor

evgenyz commented Feb 6, 2024

Re: 1.3.10, sometime in the first half of the year, hopefully. No precise ETA yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@evgenyz @gfrizzo-rescale