Blame SOURCES/scap-security-guide-0.1.37-add-disa-stig-rule-id.patch

df3ea4
From 4bfc0f1d9cfe21ec672fc806f5421272f1c0b41f Mon Sep 17 00:00:00 2001
df3ea4
From: Wesley Ceraso Prudencio <wcerasop@redhat.com>
df3ea4
Date: Wed, 1 Nov 2017 14:17:24 +0100
df3ea4
Subject: [PATCH] Enables the STIG Rule ID to be output
df3ea4
df3ea4
Signed-off-by: Wesley Ceraso Prudencio <wcerasop@redhat.com>
df3ea4
---
df3ea4
 cmake/SSGCommon.cmake               |  5 ++++
df3ea4
 shared/utils/add_stig_references.py | 57 +++++++++++++++++++++++++++++++++++++
df3ea4
 2 files changed, 62 insertions(+)
df3ea4
 create mode 100755 shared/utils/add_stig_references.py
df3ea4
df3ea4
diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake
df3ea4
index 8ac826ef6..786e07532 100644
df3ea4
--- a/cmake/SSGCommon.cmake
df3ea4
+++ b/cmake/SSGCommon.cmake
df3ea4
@@ -130,10 +130,15 @@ macro(ssg_build_shorthand_xml PRODUCT)
df3ea4
 endmacro()
df3ea4
 
df3ea4
 macro(ssg_build_xccdf_unlinked PRODUCT)
df3ea4
+    file(GLOB STIG_REFERENCE_FILE_LIST "${SSG_SHARED_REFS}/disa-stig-${PRODUCT}-*-xccdf-manual.xml")
df3ea4
+    list(APPEND STIG_REFERENCE_FILE_LIST "not-found")
df3ea4
+    list(GET STIG_REFERENCE_FILE_LIST 0 STIG_REFERENCE_FILE)
df3ea4
+    
df3ea4
     add_custom_command(
df3ea4
         OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/xccdf-unlinked-resolved.xml"
df3ea4
         COMMAND "${XSLTPROC_EXECUTABLE}" --stringparam ssg_version "${SSG_VERSION}" --output "${CMAKE_CURRENT_BINARY_DIR}/xccdf-unlinked-resolved.xml" "${CMAKE_CURRENT_SOURCE_DIR}/transforms/shorthand2xccdf.xslt" "${CMAKE_CURRENT_BINARY_DIR}/shorthand.xml"
df3ea4
         COMMAND "${OPENSCAP_OSCAP_EXECUTABLE}" xccdf resolve -o "${CMAKE_CURRENT_BINARY_DIR}/xccdf-unlinked-resolved.xml" "${CMAKE_CURRENT_BINARY_DIR}/xccdf-unlinked-resolved.xml"
df3ea4
+        COMMAND "${SSG_SHARED_UTILS}/add_stig_references.py" --disa-stig "${STIG_REFERENCE_FILE}" --unlinked-xccdf "${CMAKE_CURRENT_BINARY_DIR}/xccdf-unlinked-resolved.xml"
df3ea4
         DEPENDS generate-internal-${PRODUCT}-shorthand.xml
df3ea4
         DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/shorthand.xml"
df3ea4
         DEPENDS "${CMAKE_CURRENT_SOURCE_DIR}/transforms/shorthand2xccdf.xslt"
df3ea4
diff --git a/shared/utils/add_stig_references.py b/shared/utils/add_stig_references.py
df3ea4
new file mode 100755
df3ea4
index 000000000..0ab208793
df3ea4
--- /dev/null
df3ea4
+++ b/shared/utils/add_stig_references.py
df3ea4
@@ -0,0 +1,57 @@
df3ea4
+#!/usr/bin/env python2
df3ea4
+
df3ea4
+try:
df3ea4
+    from xml.etree import cElementTree as etree
df3ea4
+except ImportError:
df3ea4
+    import cElementTree as etree
df3ea4
+
df3ea4
+import re
df3ea4
+import sys
df3ea4
+import argparse
df3ea4
+
df3ea4
+parser = argparse.ArgumentParser(
df3ea4
+    description='Add STIG references to XCCDF files.')
df3ea4
+parser.add_argument(
df3ea4
+    "--disa-stig", help="DISA STIG Reference XCCDF file",dest="reference")
df3ea4
+parser.add_argument(
df3ea4
+    "--unlinked-xccdf", help="unlinked SSG XCCDF file", dest="destination")
df3ea4
+args = parser.parse_args()
df3ea4
+
df3ea4
+reference = args.reference
df3ea4
+destination = args.destination
df3ea4
+
df3ea4
+xccdf_namespace = "http://checklists.nist.gov/xccdf/1.1"
df3ea4
+stig_href = 'http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx'
df3ea4
+stig_references_beginning = 'http://iase.disa.mil/stigs/'
df3ea4
+
df3ea4
+try:
df3ea4
+    reference_root = etree.parse(reference)
df3ea4
+except IOError as exception:
df3ea4
+    print 'INFO: DISA STIG Reference file not found for this platform'
df3ea4
+    sys.exit(0)
df3ea4
+
df3ea4
+reference_rules = reference_root.findall('.//{%s}Rule' % xccdf_namespace)
df3ea4
+
df3ea4
+dictionary = {}
df3ea4
+
df3ea4
+for rule in reference_rules:
df3ea4
+    version = rule.find('.//{%s}version' % xccdf_namespace)
df3ea4
+    if version is not None and version.text:
df3ea4
+        dictionary[version.text] = rule.get('id')
df3ea4
+
df3ea4
+target_root = etree.parse(destination)
df3ea4
+target_rules = target_root.findall('.//{%s}Rule' % xccdf_namespace)
df3ea4
+
df3ea4
+for rule in target_rules:
df3ea4
+    refs = rule.findall('.//{%s}reference' % xccdf_namespace)
df3ea4
+    for ref in refs:
df3ea4
+        if (ref.get('href').startswith(stig_references_beginning) and
df3ea4
+                ref.text in dictionary):
df3ea4
+            index = rule.getchildren().index(ref)
df3ea4
+            new_ref = etree.Element(
df3ea4
+                '{%s}reference' % xccdf_namespace, {'href': stig_href})
df3ea4
+            new_ref.text = dictionary[ref.text]
df3ea4
+            new_ref.tail = ref.tail
df3ea4
+            rule.insert(index + 1, new_ref)
df3ea4
+
df3ea4
+target_root.write(destination)