From: "Shawn Wells"<[email protected]>
To:[email protected]
Sent: Thursday, July 3, 2014 8:19:33 PM
Subject: Re: [PATCH 1/2] [*/transforms/idtranslate.py] Allow shorthand
format to contain <ind:variable_object>
definition
On 7/3/14, 6:23 AM, Jan Lieskovsky wrote:
Currently it's not possible the shorthand form of OVAL definition to
contain
<ind:variable_object> definition (based on previously defined
<local_variable>).
The reason behind this limitation being that idtranslate.py script (which
is
internally
called by relabelids.py script, which is subsequently called during the
benchmark
build process) is not currently able to properly handle <ind:var_ref>
element.
When translating the OVAL ids idtranslate.py is able to correctly replace
value of
'var_ref' attribute, but not able to translate the id when 'var_ref'
isn't an
attribute,
but rather an tag / element directly. The <variable_object> definition
expects
the form of:
<ind:variable_object id="object_id" version="1">
<ind:var_ref>reference_to_previously_defined_variable_used_in_the_check</ind:var_ref>
</ind:variable_object>
Since (currently) value of <ind:var_ref> element isn't properly
translated
into
real ID, during the benchmark build process the error like the following
is
raised:
... [pattern] id 'variable_name' does not meet the expected pattern
[oval:a-z...]
This results in unability to successfully build the benchmark, when
variable_object
(containing by xsd required reference to var_ref) is used.
Since I need the capability to define variable_objects (see the patch
[2/2]),
update
idtranslate.py script (in RHEL/6 and also across the content) to be able
to
properly
handle variable_objects (properly translate var_ref ids even in case it's
listed as tag / element).
The function / proper work of proposed change is confirmed by successful
work
of subsequent patch (see patch [2/2] for further details).
Please review.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
0001-transforms-idtranslate.py-Allow-shorthand-format-to-.patch
From 6666cca40efcf54711ed76ac1b1eb176ec62b271 Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky<[email protected]> Date: Thu, 3 Jul 2014 11:21:39
+0200
Subject: [PATCH 1/2] [*/transforms/idtranslate.py] Allow shorthand format
to
contain <ind:variable_object> definition
Signed-off-by: Jan Lieskovsky<[email protected]> ---
Fedora/transforms/idtranslate.py | 3 +++
OpenStack/transforms/idtranslate.py | 3 +++
RHEL/6/transforms/idtranslate.py | 3 +++
RHEL/7/transforms/idtranslate.py | 3 +++
RHEVM3/transforms/idtranslate.py | 3 +++
5 files changed, 15 insertions(+)
diff --git a/Fedora/transforms/idtranslate.py
b/Fedora/transforms/idtranslate.py
index 77f078a..67c1cf4 100755
--- a/Fedora/transforms/idtranslate.py
+++ b/Fedora/transforms/idtranslate.py
@@ -123,6 +123,9 @@ class idtranslator:
if element.tag == "{" + oval_ns + "}filter":
element.text = self.assign_id("{" + oval_ns +
"}state",
element.text)
continue
+ if element.tag == "{" + oval_ns +
"#independent}var_ref":
+ element.text = self.assign_id("{" + oval_ns +
"}variable",
element.text)
+ continue
for attr in element.keys():
if attr in ovalrefattr_to_tag.keys():
element.set(attr,self.assign_id( "{" + oval_ns +
"} " +
ovalrefattr_to_tag[attr],
element.get(attr)))
diff --git a/OpenStack/transforms/idtranslate.py
b/OpenStack/transforms/idtranslate.py
index 77f078a..67c1cf4 100755
--- a/OpenStack/transforms/idtranslate.py
+++ b/OpenStack/transforms/idtranslate.py
@@ -123,6 +123,9 @@ class idtranslator:
if element.tag == " {" + oval_ns + "}filter":
element.text = self.assign_id("{" + oval_ns +
"}state",
element.text)
continue
+ if element.tag == "{" + oval_ns +
"#independent}var_ref":
+ element.text = self.assign_id("{" + oval_ns +
"}variable",
element.text)
+ continue
for attr in element.keys():
if attr in ovalrefattr_to_tag.keys():
element.set(attr,self.assign_id( "{" + oval_ns +
"} " +
ovalrefattr_to_tag[attr],
element.get(attr)))
diff --git a/RHEL/6/transforms/idtranslate.py
b/RHEL/6/transforms/idtranslate.py
index 77f078a..67c1cf4 100755
--- a/RHEL/6/transforms/idtranslate.py
+++ b/RHEL/6/transforms/idtranslate.py
@@ -123,6 +123,9 @@ class idtranslator:
if element.tag == " {" + oval_ns + "}filter":
element.text = self.assign_id("{" + oval_ns +
"}state",
element.text)
continue
+ if element.tag == "{" + oval_ns +
"#independent}var_ref":
+ element.text = self.assign_id("{" + oval_ns +
"}variable",
element.text)
+ continue
for attr in element.keys():
if attr in ovalrefattr_to_tag.keys():
element.set(attr,self.assign_id( "{" + oval_ns +
"} " +
ovalrefattr_to_tag[attr],
element.get(attr)))
diff --git a/RHEL/7/transforms/idtranslate.py
b/RHEL/7/transforms/idtranslate.py
index 77f078a..67c1cf4 100755
--- a/RHEL/7/transforms/idtranslate.py
+++ b/RHEL/7/transforms/idtranslate.py
@@ -123,6 +123,9 @@ class idtranslator:
if element.tag == " {" + oval_ns + "}filter":
element.text = self.assign_id("{" + oval_ns +
"}state",
element.text)
continue
+ if element.tag == "{" + oval_ns +
"#independent}var_ref":
+ element.text = self.assign_id("{" + oval_ns +
"}variable",
element.text)
+ continue
for attr in element.keys():
if attr in ovalrefattr_to_tag.keys():
element.set(attr,self.assign_id( "{" + oval_ns +
"} " +
ovalrefattr_to_tag[attr],
element.get(attr)))
diff --git a/RHEVM3/transforms/idtranslate.py
b/RHEVM3/transforms/idtranslate.py
index 77f078a..67c1cf4 100755
--- a/RHEVM3/transforms/idtranslate.py
+++ b/RHEVM3/transforms/idtranslate.py
@@ -123,6 +123,9 @@ class idtranslator:
if element.tag == " {" + oval_ns + "}filter":
element.text = self.assign_id("{" + oval_ns +
"}state",
element.text)
continue
+ if element.tag == "{" + oval_ns +
"#independent}var_ref":
+ element.text = self.assign_id("{" + oval_ns +
"}variable",
element.text)
+ continue
for attr in element.keys():
if attr in ovalrefattr_to_tag.keys():
element.set(attr,self.assign_id( "{" + oval_ns +
"}" +
ovalrefattr_to_tag[attr],
element.get(attr)))
--
1.8.3.1
ack
