WIP

linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml

@@ -1,5 +1,5 @@
 documentation_complete: true
-  
+
 prodtype: rhcos4,rhel7,rhel8,rhel9
 
 title: 'Uninstall 389-ds-base Package'

linux_os/guide/system/permissions/restrictions/sysctl_kernel_panic_on_oops/rule.yml

@@ -1,4 +1,3 @@
-prodtype: fedora
 documentation_complete: true
 
 title: 'Kernel panic on oops'

ssg/environment.py

@@ -8,8 +8,13 @@
 
 def open_environment(build_config_yaml_path, product_yaml_path, product_properties_path=None):
     contents = open_raw(build_config_yaml_path)
+    product = open_product_environment(product_yaml_path, product_properties_path)
+    contents.update(product)
+    return contents
+
+
+def open_product_environment(product_yaml_path, product_properties_path=None):
     product = load_product_yaml(product_yaml_path)
     if product_properties_path:
         product.read_properties_from_directory(product_properties_path)
-    contents.update(product)
-    return contents
+    return product

utils/convert_prodtype_ds_check.py

@@ -0,0 +1,82 @@
+#!/usr/bin/env python
+
+from __future__ import print_function
+
+import argparse as ap
+from xml.etree import ElementTree
+
+NAMESPACES = dict(
+    xccdf_ns="http://scap.nist.gov/schema/scap/source/1.2",
+    profile_ns="http://checklists.nist.gov/xccdf/1.2",
+)
+
+
+def fname_to_etree(fname):
+    input_tree = ElementTree.parse(fname)
+    return input_tree
+
+
+def get_rule_results_from_etree(tree):
+    xpath_expr =  ".//{%s}Rule" % NAMESPACES["profile_ns"]
+    xccdfs = tree.findall(xpath_expr)
+    return xccdfs
+
+
+def get_profiles_from_etree(tree):
+    xpath_expr = ".//{%s}Profile" % NAMESPACES["profile_ns"]
+    xccdfs = tree.findall(xpath_expr)
+    return xccdfs
+
+
+def get_selections_from_etree(tree):
+    xpath_expr = ".//{%s}select" % NAMESPACES["profile_ns"]
+    xccdfs = tree.findall(xpath_expr)
+    return xccdfs
+
+
+def get_rules_from_etree(tree):
+    xpath_expr = ".//{%s}Rule" % NAMESPACES["profile_ns"]
+    xccdfs = tree.findall(xpath_expr)
+    return xccdfs
+
+
+def extract_tree_from_file(fname):
+    return fname_to_etree(fname)
+
+
+def make_parser():
+    parser = ap.ArgumentParser()
+    parser.add_argument("first")
+    return parser.parse_args()
+
+
+if __name__ == "__main__":
+    #args = make_parser()
+    f = "../build/ssg-rhel8-ds.xml" #args.first
+    #first_results = extract_results_from_file(f)
+    tree = extract_tree_from_file(f)
+
+    profiles = sorted(get_profiles_from_etree(tree), key=lambda x: x.attrib["id"])
+
+    rules = sorted(get_rules_from_etree(tree), key=lambda x: x.attrib["id"])
+
+    print(f"Found {len(profiles)} profilies, {len(rules)} rules")
+
+    rules_selections = {}
+    for p in profiles:
+        p_id = p.attrib["id"].removeprefix("xccdf_org.ssgproject.content_")
+        selections = sorted(get_selections_from_etree(p), key=lambda x: x.attrib["idref"])
+        print(f"{p_id} (selections: {len(selections)})")
+        for sel in selections:
+            r_id = sel.attrib["idref"].removeprefix("xccdf_org.ssgproject.content_")
+            r_selected = sel.attrib["selected"].lower() == "true"
+            print(f"   {'+' if r_selected else '-'}{r_id}")
+            r_stats = rules_selections.get(r_id, {"selected": 0, "unselected": 0})
+            r_stats["selected" if r_selected else "unselected"] += 1
+            rules_selections[r_id] = r_stats
+
+    for r in rules:
+        r_id = r.attrib["id"].removeprefix("xccdf_org.ssgproject.content_")
+        r_selected = r.attrib["selected"].lower() == "true"
+        in_profiles = f"selected: {rules_selections[r_id]['selected']}, unselected: {rules_selections[r_id]['unselected']}" if r_id in rules_selections else "absent"
+        print(f"{'+' if r_selected else '-'}{r_id} (profiles: {in_profiles})")