From e5fdf7822b2533484fc406846cb4c4176a647688 Mon Sep 17 00:00:00 2001 From: Jan Rodak Date: Mon, 12 Feb 2024 17:25:52 +0100 Subject: [PATCH] Generates components per profile --- build-scripts/build_xccdf.py | 63 +++++++++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/build-scripts/build_xccdf.py b/build-scripts/build_xccdf.py index 44ae09fe356..88147ba0437 100644 --- a/build-scripts/build_xccdf.py +++ b/build-scripts/build_xccdf.py @@ -5,6 +5,8 @@ import argparse import os import os.path +from collections import namedtuple + import ssg.build_yaml import ssg.utils @@ -14,6 +16,9 @@ import ssg.products +Paths_ = namedtuple("Path_", ["xccdf", "oval", "ocil", "build_ovals_dir"]) + + def parse_args(): parser = argparse.ArgumentParser( description="Converts SCAP Security Guide YAML benchmark data " @@ -53,6 +58,14 @@ def parse_args(): "--resolved-base", help="To which directory to put processed rule/group/value YAMLs." ) + parser.add_argument( + "--per-profile", + type=str, + choices=["off", "on"], + default="off", + help="Generates XCCDF, OVAL, OCIL, per profile. To directory:" + "~/scap-security-guide/build/rhel7/thin_ds/", + ) return parser.parse_args() @@ -77,18 +90,49 @@ def link_ocil(xccdftree, checks, output_file_name, ocil): ocil_linker.link_xccdf() -def link_benchmark(loader, xccdftree, paths, benchmark=None): - if benchmark is None: - benchmark = loader.benchmark - +def link_benchmark(loader, xccdftree, args, benchmark=None): checks = xccdftree.findall(".//{%s}check" % ssg.constants.XCCDF12_NS) - link_oval(xccdftree, checks, paths.oval, paths.build_ovals_dir) + link_oval(xccdftree, checks, args.oval, args.build_ovals_dir) + + ocil = loader.export_ocil_to_xml(benchmark) + link_ocil(xccdftree, checks, args.ocil, ocil) + + ssg.xml.ElementTree.ElementTree(xccdftree).write(args.xccdf) + - ocil = loader.export_ocil_to_xml() - link_ocil(xccdftree, checks, paths.ocil, ocil) +def append_id(filename, id_): + return "{0}_{2}{1}".format(*os.path.splitext(filename) + (id_,)) - ssg.xml.ElementTree.ElementTree(xccdftree).write(paths.xccdf) + +def append_dir(path, dir): + return os.path.join(os.path.dirname(path), dir, os.path.basename(path)) + + +def _set_thin_ds_path(args): + p = Paths_( + xccdf=append_dir(args.xccdf, "thin_ds"), + oval=append_dir(args.oval, "thin_ds"), + ocil=append_dir(args.ocil, "thin_ds"), + build_ovals_dir=args.build_ovals_dir, + ) + if not os.path.exists(os.path.dirname(p.xccdf)): + os.makedirs(os.path.dirname(p.xccdf)) + return p + + +def link_benchmark_per_profile(loader, args): + path = _set_thin_ds_path(args) + + for id_, benchmark in loader.get_benchmark_by_profile(): + xccdftree = benchmark.to_xml_element(loader.env_yaml) + p = Paths_( + xccdf=append_id(path.xccdf, id_), + oval=append_id(path.oval, id_), + ocil=append_id(path.ocil, id_), + build_ovals_dir=path.build_ovals_dir + ) + link_benchmark(loader, xccdftree, p, benchmark) def main(): @@ -112,6 +156,9 @@ def main(): loader.add_fixes_to_rules() + if args.per_profile == "on": + link_benchmark_per_profile(loader, args) + xccdftree = loader.export_benchmark_to_xml() link_benchmark(loader, xccdftree, args)