Skip to content

Commit

Permalink
Introduce JSON tailoring import option for autotailor
Browse files Browse the repository at this point in the history
The --json-tailoring option will provide support for importing
https://github.com/ComplianceAsCode/schemas/tree/main/tailoring.
  • Loading branch information
evgenyz committed Jan 30, 2024
1 parent e539163 commit 78449f1
Show file tree
Hide file tree
Showing 7 changed files with 218 additions and 44 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ build/
*.a
*.la
.cproject
.idea
.project
.settings/language.settings.xml

Expand Down
7 changes: 7 additions & 0 deletions docs/manual/manual.adoc
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
= OpenSCAP User Manual
:imagesdir: ./images
:workbench_url: https://www.open-scap.org/tools/scap-workbench/
:json_tailoring_url: https://github.com/ComplianceAsCode/schemas/tree/main/tailoring
:sce_web: https://www.open-scap.org/features/other-standards/sce/
:openscap_web: https://open-scap.org/
:oscap_git: https://github.com/OpenSCAP/openscap
Expand Down Expand Up @@ -868,6 +869,12 @@ $ autotailor --unselect service_usbguard_enabled --output /tmp/tailoring.xml \
--new-profile-id custom /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml ospp
----

The `autotailor` tool can also consume {json_tailoring_url}[JSON tailoring] files and convert them into XCCDF Tailoring.

----
$ autotailor --json-tailoring custom.json /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
----

For more details about other options of the `autotailor` program please read the `autotailor(8)` man page or run `autotailor --help`.


Expand Down
25 changes: 24 additions & 1 deletion tests/utils/autotailor_integration_test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ set -e -o pipefail
autotailor="$top_srcdir/utils/autotailor"
tailoring="$(mktemp)"
ds="$srcdir/data_stream.xml"
json_tailoring="$srcdir/custom.json"
stdout="$(mktemp)"
original_profile="P1"
result="$(mktemp)"
Expand Down Expand Up @@ -93,11 +94,33 @@ assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'

# refine value v1 to 30
# set value v1 to thirty
python3 $autotailor --id-namespace "com.example.www" --var-value V1=thirty $ds $original_profile > $tailoring
$OSCAP xccdf eval --profile P1_customized --progress --tailoring-file $tailoring --results $result $ds
assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="thirty"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'

# refine value v1 to 'thirty' (30) and v2 to 'other' (Other Value)
python3 $autotailor --id-namespace "com.example.www" --var-select V1=thirty --var-select V2=other $ds $original_profile > $tailoring
$OSCAP xccdf eval --profile P1_customized --progress --tailoring-file $tailoring --results $result $ds
assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="30"]'
assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V2" and text()="Other Value"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'

# use JSON tailoring
python3 $autotailor $ds --id-namespace "com.example.www" --json-tailoring $json_tailoring > $tailoring
$OSCAP xccdf eval --profile JSON_P1 --progress --tailoring-file $tailoring --results $result $ds
assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="New Value"]'
assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V2" and text()="Some Value"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="notselected"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notchecked"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3" and @role="unchecked"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3" and @severity="unknown"]'
assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
23 changes: 23 additions & 0 deletions tests/utils/custom.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"id": "JSON_P1",
"title": "JSON Tailored Profile P1",
"base_profile_id": "P1",
"rules": {
"R1": {
"selected": false
},
"R3": {
"selected": true,
"role": "unchecked",
"severity": "unknown"
}
},
"variables": {
"V1": {
"value": "New Value"
},
"V2": {
"select": "some"
}
}
}
10 changes: 9 additions & 1 deletion tests/utils/data_stream.xml
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,20 @@
<select idref="xccdf_com.example.www_rule_R2" selected="true"/>
</Profile>
<Value id="xccdf_com.example.www_value_V1" operator="equals" type="number">
<title>value</title>
<title>value 1</title>
<description xml:lang="en">cccc</description>
<question xml:lang="en">ssss</question>
<value>5</value>
<value selector="thirty">30</value>
</Value>
<Value id="xccdf_com.example.www_value_V2" operator="equals" type="string">
<title>value 2</title>
<description xml:lang="en">22222</description>
<question xml:lang="en">Q2</question>
<value>Default</value>
<value selector="some">Some Value</value>
<value selector="other">Other Value</value>
</Value>
<Rule selected="false" id="xccdf_com.example.www_rule_R1">
<title>Rule R1</title>
<description>Description</description>
Expand Down
Loading

0 comments on commit 78449f1

Please sign in to comment.