Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Filter out OVALs from XCCDF (WIP)
Browse files Browse the repository at this point in the history
evgenyz committed Dec 18, 2023
1 parent e274175 commit f7a66a0
Showing 4 changed files with 26 additions and 24 deletions.
25 changes: 14 additions & 11 deletions ssg/build_renumber.py
Original file line number Diff line number Diff line change
@@ -10,8 +10,7 @@
)
from . import utils
from .xml import parse_file, map_elements_to_their_ids
from .oval_object_model import load_oval_document

from .oval_object_model import load_oval_document, OVALDefinitionReference

from .checks import get_content_ref_if_exists_and_not_remote
from .cce import is_cce_value_valid, is_cce_format_valid
@@ -275,19 +274,23 @@ def _ensure_by_xccdf_referenced_oval_no_extra_def_in_oval_file(self):
# or internally via extend-definition

xccdf_oval_check_refs = [name for name in self._get_list_of_names_of_oval_checks()]
def_keys = list(self.oval_document.definitions.keys())
document_def_keys = list(self.oval_document.definitions.keys())

internal_refs = set()
for def_id in def_keys:
references_from_xccdf_to_keep = OVALDefinitionReference()
for def_id in document_def_keys:
if def_id in xccdf_oval_check_refs:
oval_def_refs = self.oval_document.get_all_references_of_definition(def_id)
for ref_def_id in oval_def_refs.definitions:
if ref_def_id != def_id:
internal_refs.add(ref_def_id)
references_from_xccdf_to_keep += oval_def_refs

references_to_remove = OVALDefinitionReference()
for def_id in document_def_keys:
if def_id not in xccdf_oval_check_refs:
if def_id in self.oval_document.definitions:
def_refs = self.oval_document.get_all_references_of_definition(def_id)
def_refs -= references_from_xccdf_to_keep
references_to_remove += def_refs

for def_id in def_keys:
if def_id not in xccdf_oval_check_refs and def_id not in internal_refs:
self.oval_document.remove_definition_and_all_references(def_id)
self.oval_document.remove_referenced_components(references_to_remove)


class OCILFileLinker(FileLinker):
13 changes: 1 addition & 12 deletions ssg/oval_object_model/oval_container.py
Original file line number Diff line number Diff line change
@@ -73,7 +73,7 @@ def _copy_component(destination, source_of_components):

def _remove_keys_from_dict(dict_, to_remove):
for k in to_remove:
del dict_[k]
dict_.pop(k, None)


def _keep_keys_in_dict(dict_, to_keep):
@@ -220,17 +220,6 @@ def get_all_references_of_definition(self, definition_id):
self._process_objects_states_variables_references(ref)
return ref

def remove_definition_and_all_references(self, definition_id):
if definition_id not in self.definitions:
raise ValueError(
"ERROR: OVAL definition '{}' doesn't exist.".format(definition_id)
)
org_fun = self._skip_if_is_none
self._skip_if_is_none = lambda *_: True
ref = self.get_all_references_of_definition(definition_id)
self._skip_if_is_none = org_fun
self.remove_referenced_components(ref)

def keep_referenced_components(self, ref):
self._call_function_for_every_component(_keep_keys_in_dict, ref)

8 changes: 8 additions & 0 deletions ssg/oval_object_model/oval_definition_references.py
Original file line number Diff line number Diff line change
@@ -51,6 +51,14 @@ def __iadd__(self, other):
self.variables.extend(other.variables)
return self

def __isub__(self, other):
self.definitions = list(filter(lambda i: i not in other.definitions, self.definitions))
self.tests = list(filter(lambda i: i not in other.tests, self.tests))
self.objects = list(filter(lambda i: i not in other.objects, self.objects))
self.states = list(filter(lambda i: i not in other.states, self.states))
self.variables = list(filter(lambda i: i not in other.variables, self.variables))
return self

def __repr__(self):
return str(self.__dict__)

4 changes: 3 additions & 1 deletion ssg/oval_object_model/oval_document.py
Original file line number Diff line number Diff line change
@@ -107,7 +107,9 @@ def product_name(self, __value):
@staticmethod
def _skip_if_is_none(value, component_id):
if value is None:
raise MissingOVALComponent(component_id)
#raise MissingOVALComponent(component_id)
logging.warning("Component {} is None".format(component_id))
return True
return False

def load_shorthand(self, xml_string, product=None, rule_id=None):

0 comments on commit f7a66a0

Please sign in to comment.