----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Thursday, July 3, 2014 8:19:33 PM > Subject: Re: [PATCH 1/2] [*/transforms/idtranslate.py] Allow shorthand format > to contain <ind:variable_object> > definition > > > On 7/3/14, 6:23 AM, Jan Lieskovsky wrote: > > > > > Currently it's not possible the shorthand form of OVAL definition to contain > <ind:variable_object> definition (based on previously defined > <local_variable>). > > The reason behind this limitation being that idtranslate.py script (which is > internally > called by relabelids.py script, which is subsequently called during the > benchmark > build process) is not currently able to properly handle <ind:var_ref> > element. > > When translating the OVAL ids idtranslate.py is able to correctly replace > value of > 'var_ref' attribute, but not able to translate the id when 'var_ref' isn't an > attribute, > but rather an tag / element directly. The <variable_object> definition > expects > the form of: > > <ind:variable_object id="object_id" version="1"> > <ind:var_ref>reference_to_previously_defined_variable_used_in_the_check</ind:var_ref> > </ind:variable_object> > > Since (currently) value of <ind:var_ref> element isn't properly translated > into > real ID, during the benchmark build process the error like the following is > raised: > > ... [pattern] id 'variable_name' does not meet the expected pattern > [oval:a-z...] > > This results in unability to successfully build the benchmark, when > variable_object > (containing by xsd required reference to var_ref) is used. > > Since I need the capability to define variable_objects (see the patch [2/2]), > update > idtranslate.py script (in RHEL/6 and also across the content) to be able to > properly > handle variable_objects (properly translate var_ref ids even in case it's > listed as tag / element). > > The function / proper work of proposed change is confirmed by successful work > of subsequent patch (see patch [2/2] for further details). > > Please review. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > 0001-transforms-idtranslate.py-Allow-shorthand-format-to-.patch > From 6666cca40efcf54711ed76ac1b1eb176ec62b271 Mon Sep 17 00:00:00 2001 > From: Jan Lieskovsky <[email protected]> Date: Thu, 3 Jul 2014 11:21:39 > +0200 > Subject: [PATCH 1/2] [*/transforms/idtranslate.py] Allow shorthand format to > contain <ind:variable_object> definition > > Signed-off-by: Jan Lieskovsky <[email protected]> --- > Fedora/transforms/idtranslate.py | 3 +++ > OpenStack/transforms/idtranslate.py | 3 +++ > RHEL/6/transforms/idtranslate.py | 3 +++ > RHEL/7/transforms/idtranslate.py | 3 +++ > RHEVM3/transforms/idtranslate.py | 3 +++ > 5 files changed, 15 insertions(+) > > diff --git a/Fedora/transforms/idtranslate.py > b/Fedora/transforms/idtranslate.py > index 77f078a..67c1cf4 100755 > --- a/Fedora/transforms/idtranslate.py > +++ b/Fedora/transforms/idtranslate.py > @@ -123,6 +123,9 @@ class idtranslator: > if element.tag == "{" + oval_ns + "}filter": > element.text = self.assign_id("{" + oval_ns + > "}state", element.text) > continue > + if element.tag == "{" + oval_ns + > "#independent}var_ref": > + element.text = self.assign_id("{" + oval_ns + > "}variable", element.text) > + continue > for attr in element.keys(): > if attr in ovalrefattr_to_tag.keys(): > element.set(attr,self.assign_id( "{" + > oval_ns + "} " + > ovalrefattr_to_tag[attr], > element.get(attr))) > diff --git a/OpenStack/transforms/idtranslate.py > b/OpenStack/transforms/idtranslate.py > index 77f078a..67c1cf4 100755 > --- a/OpenStack/transforms/idtranslate.py > +++ b/OpenStack/transforms/idtranslate.py > @@ -123,6 +123,9 @@ class idtranslator: > if element.tag == " {" + oval_ns + "}filter": > element.text = self.assign_id("{" + oval_ns + > "}state", element.text) > continue > + if element.tag == "{" + oval_ns + > "#independent}var_ref": > + element.text = self.assign_id("{" + oval_ns + > "}variable", element.text) > + continue > for attr in element.keys(): > if attr in ovalrefattr_to_tag.keys(): > element.set(attr,self.assign_id( "{" + > oval_ns + "} " + > ovalrefattr_to_tag[attr], > element.get(attr))) > diff --git a/RHEL/6/transforms/idtranslate.py > b/RHEL/6/transforms/idtranslate.py > index 77f078a..67c1cf4 100755 > --- a/RHEL/6/transforms/idtranslate.py > +++ b/RHEL/6/transforms/idtranslate.py > @@ -123,6 +123,9 @@ class idtranslator: > if element.tag == " {" + oval_ns + "}filter": > element.text = self.assign_id("{" + oval_ns + > "}state", element.text) > continue > + if element.tag == "{" + oval_ns + > "#independent}var_ref": > + element.text = self.assign_id("{" + oval_ns + > "}variable", element.text) > + continue > for attr in element.keys(): > if attr in ovalrefattr_to_tag.keys(): > element.set(attr,self.assign_id( "{" + > oval_ns + "} " + > ovalrefattr_to_tag[attr], > element.get(attr))) > diff --git a/RHEL/7/transforms/idtranslate.py > b/RHEL/7/transforms/idtranslate.py > index 77f078a..67c1cf4 100755 > --- a/RHEL/7/transforms/idtranslate.py > +++ b/RHEL/7/transforms/idtranslate.py > @@ -123,6 +123,9 @@ class idtranslator: > if element.tag == " {" + oval_ns + "}filter": > element.text = self.assign_id("{" + oval_ns + > "}state", element.text) > continue > + if element.tag == "{" + oval_ns + > "#independent}var_ref": > + element.text = self.assign_id("{" + oval_ns + > "}variable", element.text) > + continue > for attr in element.keys(): > if attr in ovalrefattr_to_tag.keys(): > element.set(attr,self.assign_id( "{" + > oval_ns + "} " + > ovalrefattr_to_tag[attr], > element.get(attr))) > diff --git a/RHEVM3/transforms/idtranslate.py > b/RHEVM3/transforms/idtranslate.py > index 77f078a..67c1cf4 100755 > --- a/RHEVM3/transforms/idtranslate.py > +++ b/RHEVM3/transforms/idtranslate.py > @@ -123,6 +123,9 @@ class idtranslator: > if element.tag == " {" + oval_ns + "}filter": > element.text = self.assign_id("{" + oval_ns + > "}state", element.text) > continue > + if element.tag == "{" + oval_ns + > "#independent}var_ref": > + element.text = self.assign_id("{" + oval_ns + > "}variable", element.text) > + continue > for attr in element.keys(): > if attr in ovalrefattr_to_tag.keys(): > element.set(attr,self.assign_id( "{" + > oval_ns + "}" + > ovalrefattr_to_tag[attr], > element.get(attr))) > -- > 1.8.3.1 > > ack
Thanks, Shawn. Pushed. By any chance have you had found time to review / test also the second one? Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
