|
 |
540324 |
From 4c54b1cfb05961bde8248e03d27cabeca967e211 Mon Sep 17 00:00:00 2001
|
|
|
540324 |
From: Watson Sato <wsato@redhat.com>
|
|
|
540324 |
Date: Mon, 17 Aug 2020 10:59:15 +0200
|
|
|
540324 |
Subject: [PATCH] Remove SCAP-1.3 SCAPVAL workarounds
|
|
|
540324 |
|
|
|
540324 |
These changes to the DS cause SRC-330 to fail in SCAPVAL-1.3.5.
|
|
|
540324 |
In SCAPVAL-1.3.5 was fixed and these false positive workarounds are not
|
|
|
540324 |
necessary anymore.
|
|
|
540324 |
---
|
|
|
540324 |
tests/run_scapval.py | 26 --------------------------
|
|
|
540324 |
1 file changed, 26 deletions(-)
|
|
|
540324 |
|
|
|
540324 |
diff --git a/tests/run_scapval.py b/tests/run_scapval.py
|
|
|
540324 |
index e1dd806ca1..bc2655b9fd 100755
|
|
|
540324 |
--- a/tests/run_scapval.py
|
|
|
540324 |
+++ b/tests/run_scapval.py
|
|
|
540324 |
@@ -46,35 +46,9 @@ def process_results(result_path):
|
|
|
540324 |
return ret_val
|
|
|
540324 |
|
|
|
540324 |
|
|
|
540324 |
-def workaround_datastream(datastream_path):
|
|
|
540324 |
- tree = ET.parse(datastream_path)
|
|
|
540324 |
- root = tree.getroot()
|
|
|
540324 |
- # group_id and user_id cannot be zero
|
|
|
540324 |
- # tracked at https://github.com/OVAL-Community/OVAL/issues/23
|
|
|
540324 |
- for group_id_element in root.findall(".//{%s}group_id" % oval_unix_ns):
|
|
|
540324 |
- if group_id_element.text is not None:
|
|
|
540324 |
- group_id_element.text = "-1"
|
|
|
540324 |
- for user_id_element in root.findall(".//{%s}user_id" % oval_unix_ns):
|
|
|
540324 |
- if user_id_element.text is not None:
|
|
|
540324 |
- user_id_element.text = "-1"
|
|
|
540324 |
- # OCIL checks for security_patches_up_to_date is causing fail
|
|
|
540324 |
- # of SRC-377, when requirement is about OVAL checks.
|
|
|
540324 |
- rule_id = "xccdf_org.ssgproject.content_rule_security_patches_up_to_date"
|
|
|
540324 |
- for rule in root.findall(".//{%s}Rule[@id=\"%s\"]" % (xccdf_ns, rule_id)):
|
|
|
540324 |
- for check in rule.findall("{%s}check" % xccdf_ns):
|
|
|
540324 |
- system = check.get("system")
|
|
|
540324 |
- if system == "http://scap.nist.gov/schema/ocil/2":
|
|
|
540324 |
- rule.remove(check)
|
|
|
540324 |
- output_path = datastream_path + ".workaround.xml"
|
|
|
540324 |
- tree.write(output_path)
|
|
|
540324 |
- return output_path
|
|
|
540324 |
-
|
|
|
540324 |
-
|
|
|
540324 |
def test_datastream(datastream_path, scapval_path, scap_version):
|
|
|
540324 |
result_path = datastream_path + ".result.xml"
|
|
|
540324 |
report_path = datastream_path + ".report.html"
|
|
|
540324 |
- if scap_version == "1.3":
|
|
|
540324 |
- datastream_path = workaround_datastream(datastream_path)
|
|
|
540324 |
scapval_command = [
|
|
|
540324 |
"java",
|
|
|
540324 |
"-Xmx1024m",
|