Tree - rpms/scap-security-guide

rpms / scap-security-guide

Files

Commit: 9be3b2b3a7baf71e5aae9dcb7cfb5328882f332d
Blob Blame History Raw
From ea1bab197a17dd944e41a583c82c3cc757bb566b Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 4 Aug 2021 12:23:05 +0200
Subject: [PATCH] Update STIG mapping table to reflect statistics of coverage.

---
 .../shared_xccdf-apply-overlay-stig.xslt      | 59 +++++++++++++------
 .../transforms/shared_xccdf2table-stig.xslt   | 28 +++++++++
 2 files changed, 68 insertions(+), 19 deletions(-)

diff --git a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
index 945f709b95..b7c000608c 100644
--- a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
+++ b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
@@ -28,26 +28,47 @@
       <xsl:variable name="overlay_ref" select="@disa"/>
       <xsl:variable name="overlay_title" select="xccdf:title/@text"/>
 
-      <xsl:for-each select="$rules">
-        <xsl:if test="@id=$overlay_rule">
-		  <Group id="V-{$overlay_id}">
-		    <title>SRG-OS-ID</title>
-		    <description></description>
-            <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >
-			<version><xsl:value-of select="$overlay_version"/></version>
-          	<title><xsl:value-of select="$overlay_title"/></title>
-          	<description><xsl:copy-of select="xccdf:rationale/node()" /></description>
-          	<check system="C-{$overlay_id}_chk">
-              <check-content>
-					      <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>
-              </check-content>
-          	</check>
-		  	<ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>
-          	<fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>
-          </Rule> 
+      <xsl:choose>
+        <xsl:when test="$overlay_rule='XXXX'">
+          <Group id="V-{$overlay_id}">
+            <title>SRG-OS-ID</title>
+            <description></description>
+                <Rule id="Missing Rule" severity="{$overlay_severity}" >
+          <version><xsl:value-of select="$overlay_version"/></version>
+                <title><xsl:value-of select="$overlay_title"/></title>
+                <description></description>
+                <check system="C-{$overlay_id}_chk">
+                  <check-content>
+                  </check-content>
+                </check>
+                <ident></ident>
+                <fixtext></fixtext>
+              </Rule>
           </Group>
-        </xsl:if>
-      </xsl:for-each> 
+        </xsl:when>
+        <xsl:otherwise>
+          <xsl:for-each select="$rules">
+            <xsl:if test="@id=$overlay_rule">
+          <Group id="V-{$overlay_id}">
+            <title>SRG-OS-ID</title>
+            <description></description>
+                <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >
+          <version><xsl:value-of select="$overlay_version"/></version>
+                <title><xsl:value-of select="$overlay_title"/></title>
+                <description><xsl:copy-of select="xccdf:rationale/node()" /></description>
+                <check system="C-{$overlay_id}_chk">
+                  <check-content>
+                    <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>
+                  </check-content>
+                </check>
+            <ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>
+                <fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>
+              </Rule>
+              </Group>
+            </xsl:if>
+          </xsl:for-each>
+        </xsl:otherwise>
+    </xsl:choose>
 
     </xsl:for-each> 
     </xsl:copy>
diff --git a/shared/transforms/shared_xccdf2table-stig.xslt b/shared/transforms/shared_xccdf2table-stig.xslt
index 3746c386c0..4c477542f4 100644
--- a/shared/transforms/shared_xccdf2table-stig.xslt
+++ b/shared/transforms/shared_xccdf2table-stig.xslt
@@ -20,6 +20,34 @@
 			</div>
 			<br/>
 			<br/>
+
+			<div>
+			<table>
+				<thead>
+				  <tr>
+					<th>Total</th>
+					<th>Missing</th>
+					<th>Implemented</th>
+					<th>Coverage</th>
+					<th>STIG ids missing rule</th>
+				  </tr>
+				</thead>
+				<tbody>
+				  <tr>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule))"/></td>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']))"/></td>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']))"/></td>
+					<td><xsl:value-of select="format-number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']) div count(/cdf:Benchmark/cdf:Group/cdf:Rule)*100, '#.00')"/>%</td>
+					<td>
+						<xsl:for-each select="/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']">
+							<xsl:value-of select="cdf:version/node()"/><xsl:text>&#xd;</xsl:text>
+						</xsl:for-each>
+					</td>
+				  </tr>
+				</tbody>
+				</table>
+			</div>
+
 			<xsl:apply-templates select="cdf:Benchmark"/>
 		</body>
 		</html>
rpms / scap-security-guide

Source Code

Files
