Skip to content

Commit

Permalink
Generates components per profile
Browse files Browse the repository at this point in the history
  • Loading branch information
Honny1 committed Feb 12, 2024
1 parent b06624e commit e5fdf78
Showing 1 changed file with 55 additions and 8 deletions.
63 changes: 55 additions & 8 deletions build-scripts/build_xccdf.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
import argparse
import os
import os.path
from collections import namedtuple


import ssg.build_yaml
import ssg.utils
Expand All @@ -14,6 +16,9 @@
import ssg.products


Paths_ = namedtuple("Path_", ["xccdf", "oval", "ocil", "build_ovals_dir"])


def parse_args():
parser = argparse.ArgumentParser(
description="Converts SCAP Security Guide YAML benchmark data "
Expand Down Expand Up @@ -53,6 +58,14 @@ def parse_args():
"--resolved-base",
help="To which directory to put processed rule/group/value YAMLs."
)
parser.add_argument(
"--per-profile",
type=str,
choices=["off", "on"],
default="off",
help="Generates XCCDF, OVAL, OCIL, per profile. To directory:"
"~/scap-security-guide/build/rhel7/thin_ds/",
)
return parser.parse_args()


Expand All @@ -77,18 +90,49 @@ def link_ocil(xccdftree, checks, output_file_name, ocil):
ocil_linker.link_xccdf()


def link_benchmark(loader, xccdftree, paths, benchmark=None):
if benchmark is None:
benchmark = loader.benchmark

def link_benchmark(loader, xccdftree, args, benchmark=None):
checks = xccdftree.findall(".//{%s}check" % ssg.constants.XCCDF12_NS)

link_oval(xccdftree, checks, paths.oval, paths.build_ovals_dir)
link_oval(xccdftree, checks, args.oval, args.build_ovals_dir)

ocil = loader.export_ocil_to_xml(benchmark)
link_ocil(xccdftree, checks, args.ocil, ocil)

ssg.xml.ElementTree.ElementTree(xccdftree).write(args.xccdf)


ocil = loader.export_ocil_to_xml()
link_ocil(xccdftree, checks, paths.ocil, ocil)
def append_id(filename, id_):
return "{0}_{2}{1}".format(*os.path.splitext(filename) + (id_,))

ssg.xml.ElementTree.ElementTree(xccdftree).write(paths.xccdf)

def append_dir(path, dir):
return os.path.join(os.path.dirname(path), dir, os.path.basename(path))


def _set_thin_ds_path(args):
p = Paths_(
xccdf=append_dir(args.xccdf, "thin_ds"),
oval=append_dir(args.oval, "thin_ds"),
ocil=append_dir(args.ocil, "thin_ds"),
build_ovals_dir=args.build_ovals_dir,
)
if not os.path.exists(os.path.dirname(p.xccdf)):
os.makedirs(os.path.dirname(p.xccdf))
return p


def link_benchmark_per_profile(loader, args):
path = _set_thin_ds_path(args)

for id_, benchmark in loader.get_benchmark_by_profile():
xccdftree = benchmark.to_xml_element(loader.env_yaml)
p = Paths_(
xccdf=append_id(path.xccdf, id_),
oval=append_id(path.oval, id_),
ocil=append_id(path.ocil, id_),
build_ovals_dir=path.build_ovals_dir
)
link_benchmark(loader, xccdftree, p, benchmark)


def main():
Expand All @@ -112,6 +156,9 @@ def main():

loader.add_fixes_to_rules()

if args.per_profile == "on":
link_benchmark_per_profile(loader, args)

xccdftree = loader.export_benchmark_to_xml()
link_benchmark(loader, xccdftree, args)

Expand Down

0 comments on commit e5fdf78

Please sign in to comment.