Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce test for checking rule identifiers #265

Merged
merged 3 commits into from
Sep 26, 2024

Conversation

mildas
Copy link
Contributor

@mildas mildas commented Sep 25, 2024

Check for known references of individual profiles.

References are links with specific identifiers.

<xccdf-1.2:reference href="https://www.cisecurity.org/benchmark/red_hat_linux/">2.3.3</xccdf-1.2:reference>

It's not possible to automatically check whether the identifiers are correct as those are coming from policy requirements. However, we can test if policy references are assigned to profile rules.

The references mapping could be read from CaC/content ssg/constants.py. But as it lists references for all CaC/content profiles and products, most of that stuff would have to be filtered out and wouldn't simplify things much here. And so mapping is part of the test code.

Note: do not merge yet, a lot of failures caused by missing references in various profiles. I'm going to create CaC upstream issues for each individual rhel+profile combination and create waivers.

static-checks/rule-identifiers/main.fmf Outdated Show resolved Hide resolved
static-checks/rule-identifiers/test.py Show resolved Hide resolved
static-checks/rule-identifiers/test.py Outdated Show resolved Hide resolved
static-checks/rule-identifiers/test.py Outdated Show resolved Hide resolved
static-checks/rule-identifiers/test.py Outdated Show resolved Hide resolved
static-checks/rule-identifiers/test.py Outdated Show resolved Hide resolved
static-checks/rule-identifiers/test.py Outdated Show resolved Hide resolved
@comps comps merged commit 0499ab1 into RHSecurityCompliance:main Sep 26, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants