skyler / rpms / scap-security-guide

Forked from rpms/scap-security-guide 3 years ago
Clone
Source Code
GIT

Files

  1.   fe0dde01a42673c3eda1933c38a8f78dbff6c1de
  2.   SOURCES
  3.   scap-security-guide-0.1.53-handle_non_package_cpes-PR_6292.patch
Blob Blame History Raw 
From bde4b709e8c3e91a3fd0b3699146ad88a2897ce0 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Thu, 22 Oct 2020 22:20:30 +0200
Subject: [PATCH] Add workround to skip non package CPEs

Do not add checks for package installed for CPEs that are not related to
package installed.
---
 ssg/build_remediations.py | 12 ++++++++++++
 ssg/constants.py          |  1 +
 2 files changed, 13 insertions(+)

diff --git a/ssg/build_remediations.py b/ssg/build_remediations.py
index 6759b6c963..9c7824560f 100644
--- a/ssg/build_remediations.py
+++ b/ssg/build_remediations.py
@@ -298,6 +298,12 @@ def parse_from_file_with_jinja(self, env_yaml):
                 if platform in self.local_env_yaml["platform_package_overrides"]:
                     platform = self.local_env_yaml["platform_package_overrides"].get(platform)
 
+                    # Workaround for plaforms that are not Package CPEs
+                    # Skip platforms that are not about packages installed
+                    # These should be handled in the remediation itself
+                    if not platform:
+                        continue
+
                 # Adjust package check command according to the pkg_manager
                 pkg_manager = self.local_env_yaml["pkg_manager"]
                 pkg_check_command = PKG_MANAGER_TO_PACKAGE_CHECK_COMMAND[pkg_manager]
@@ -452,6 +458,12 @@ def update_when_from_rule(self, to_update):
                 if platform in self.local_env_yaml["platform_package_overrides"]:
                     platform = self.local_env_yaml["platform_package_overrides"].get(platform)
 
+                    # Workaround for plaforms that are not Package CPEs
+                    # Skip platforms that are not about packages installed
+                    # These should be handled in the remediation itself
+                    if not platform:
+                        continue
+
                 additional_when.append('"' + platform + '" in ansible_facts.packages')
                 # After adding the conditional, we need to make sure package_facts are collected.
                 # This is done via inject_package_facts_task()
diff --git a/ssg/constants.py b/ssg/constants.py
index f1b64e6827..c2f72f66df 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -464,6 +464,7 @@
   "login_defs": "login",
   "sssd": "sssd-common",
   "zipl": "s390utils-base",
+  "sssd-ldap": None,  # Force package check wrapping skip
 }
 
 # _version_name_map = {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation