That's odd. Thanks for the suggested patch -- I just wanna do some quick checks and make sure that the obvious fix won't breaking some kind of hidden dependency somewhere, and then I'll respond.
On 02/05/2013 12:07 PM, Brian Millett wrote: > Ok, so I've a rhel-6.3 system > > [root@localhost checks]# uname -r > 2.6.32-279.19.1.el6.x86_64 > [root@localhost checks]# rpm -qa | grep libxslt > libxslt-1.1.26-2.el6_3.1.x86_64 > > I've been looking at the RHEL6/input/checks to see how it is done, and I > wanted to test the checks. So following the documentation > https://fedorahosted.org/scap-security-guide/wiki/newoval, I ran > 'sshd_idle_timeout_value=30 ./testcheck.py sshd_idle_timeout.xml' and > got the following error: > > [root@localhost checks]# sshd_idle_timeout_value=30 ./testcheck.py > sshd_idle_timeout.xml > external_variable with id : sshd_idle_timeout_value > Evaluating with OVAL tempfile : /tmp/sshd_idle_timeoutUDK_FW.xml > File '/tmp/sshd_idle_timeoutUDK_FW.xml' line 7: Element > '{http://oval.mitre.org/XMLSchema/oval-definitions-5}definition', > attribute 'id': [facet 'pattern'] The value > 'oval:oval:scap-security-guide.testing:def:108' is not accepted by the > pattern 'oval:[A-Za-z0-9_\-\.]+:def:[1-9][0-9]*'. > > Looking into the code, I see that idtranslate.idtranslator already is > adding the namespace to the id > > str_id = "%s:%s:%s:%d" % (namespace_to_prefix(tagname), self.content_id, > tagname_to_abbrev(tagname), i) > > So the 'oval:oval:scap-security-guide.testing:def:108' being generated > is redundant. the following patch fixes that. > > [root@localhost checks]# diff -wruN testcheck.py.orig ./testcheck.py > --- testcheck.py.orig 2013-02-05 10:54:44.579854555 -0600 > +++ ./testcheck.py 2013-02-05 10:54:57.889884072 -0600 > @@ -102,7 +102,7 @@ > if element.getchildren(): > ovaltree.append(element) > # re-map all the element ids from meaningful names to > meaningless numbers > - testtranslator = idtranslate.idtranslator("testids.ini", > "oval:scap-security-guide.testing") > + testtranslator = idtranslate.idtranslator("testids.ini", > "scap-security-guide.testing") > ovaltree = testtranslator.translate(ovaltree) > (ovalfile, fname) = tempfile.mkstemp(prefix=defname,suffix=".xml") > os.write(ovalfile, ET.tostring(ovaltree)) > > > so now > > [root@localhost checks]# sshd_idle_timeout_value=30 ./testcheck.py > sshd_idle_timeout.xml > external_variable with id : sshd_idle_timeout_value > Evaluating with OVAL tempfile : /tmp/sshd_idle_timeoutt_n33_.xml > Definition oval:scap-security-guide.testing:def:111: false > Definition oval:scap-security-guide.testing:def:109: false > Definition oval:scap-security-guide.testing:def:108: false > Evaluation done. > > -- > Brian Millett > "Shifts in paradigms > often cause nose bleeds." > Greg Glenn > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
