Entity: line 1: parser error : StartTag: invalid element name <!doctype html>

[hectoralicea]

• Is this an issue with SCAP Workbench?
  • No
• Is this an issue with SCAP Security Guide (i.e., related to the content of scans, not the scanner proper)?
  • Yes
• Is this an issue during the OS installation process?
  • No

Description of Problem:

Unable to run openscap on Amazon Linux 2 using the amazon or redhat7 profile

OpenSCAP Version:

# oscap --version
OpenSCAP command line tool (oscap) 1.2.17
Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

Operating System & Version:

# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"

Steps to Reproduce:

1. After installing openscap on an Amazon Linux, execute the following command

oscap xccdf eval  --fetch-remote-resources  --profile xccdf_org.ssgproject.content_profile_stig --stig-viewer /var/tmp/results-stig.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 

or

oscap xccdf eval  --fetch-remote-resources  --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa  --stig-viewer /var/tmp/amzn2-stig-latest/results-stig.xml  /usr/share/xml/scap/ssg/content/ssg-amzn2-ds.xml

or any other permutation.

Actual Results:

[root@ip-10-70-4-35 tmp]# oscap xccdf eval  --fetch-remote-resources  --profile xccdf_org.ssgproject.content_profile_stig  --stig-viewer /var/tmp/rhel8-stig-latest/results-stig.xml  /usr/share/xml/scap/ssg/content/ssg-amzn2-ds.xml >  /var/tmp/rhel8-stig-latest/results-stig.stdout.txt
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok
OpenSCAP Error: Extra content at the end of the document [oscap_source.c:272]
Entity: line 1: parser error : StartTag: invalid element name
<!doctype html>
^
Entity: line 1: parser error : Extra content at the end of the document
<!doctype html>
^
Unable to parse XML from user memory buffer [oscap_source.c:274]
Failed to create OVAL definition model from: 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2'. [xccdf_session.c:1030]

Expected Results:

a valid run without error

Additional Information / Debugging Steps:

No other

[spongenee]

I am facing the same issue

[ggbecker]

The remote resource content doesn't exist anymore:
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2

It should use this instead I believe:
https://www.redhat.com/security/data/oval/v2/RHEL7/rhel-7.oval.xml.bz2

But this is a content related issue and should be reported in https://github.com/ComplianceAsCode/content/

It might be even fixed already.

[Mab879]

The URL was fixed in ComplianceAsCode/content#10842

And removed in ComplianceAsCode/content#11547