ssg.build_remediations module

class ssg.build_remediations.AnacondaRemediation(file_path)

Bases: Remediation

class ssg.build_remediations.AnsibleRemediation(file_path)

Bases: Remediation

classmethod from_snippet_and_rule(snippet_fname, rule_fname)

get_references()

inject_package_facts_task(parsed_snippet)

Injects a package_facts task only if the snippet has a task with a when clause with ansible_facts.packages, and the snippet doesn’t already have a package_facts task

parse_from_file_with_jinja(env_yaml, cpe_platforms)

update(parsed, config, cpe_platforms)

update_tags_from_config(to_update, config)

update_tags_from_rule(to_update)

update_when_from_rule(to_update, cpe_platforms)

class ssg.build_remediations.BashRemediation(file_path)

Bases: Remediation

parse_from_file_with_jinja(env_yaml, cpe_platforms)

class ssg.build_remediations.BlueprintRemediation(file_path)

Bases: Remediation

This provides class for OSBuild Blueprint remediations

class ssg.build_remediations.IgnitionRemediation(file_path)

Bases: Remediation

class ssg.build_remediations.KubernetesRemediation(file_path)

Bases: Remediation

class ssg.build_remediations.PuppetRemediation(file_path)

Bases: Remediation

class ssg.build_remediations.Remediation(file_path, remediation_type)

Bases: object

associate_rule(rule_obj)

expand_env_yaml_from_rule()

get_inherited_conditionals(language, cpe_platforms)

get_inherited_cpe_platform_names()

get_rule_specific_conditionals(language, cpe_platforms)

get_rule_specific_cpe_platform_names()

get_stripped_conditionals(language, cpe_platform_names, cpe_platforms)

collect conditionals of platforms defined by cpe_platform_names and strip them of white spaces

parse_from_file_with_jinja(env_yaml, cpe_platforms)

ssg.build_remediations.RemediationObject

alias of remediation

ssg.build_remediations.expand_xccdf_subs(fix, remediation_type)

Expand the respective populate keywords of each remediation type with an <xccdf:sub> element

This routine translates any instance of the ‘type-populate’ keyword in the form of:

(type-populate variable_name)

where type can be either ansible, puppet, anaconda or bash, into

<sub idref=”variable_name”/>

ssg.build_remediations.get_rule_dir_remediations(dir_path, remediation_type, product=None)

Gets a list of remediations of type remediation_type contained in a rule directory. If product is None, returns all such remediations. If product is not None, returns applicable remediations in order of priority:

{{{ product }}}.ext -> shared.ext

Only returns remediations which exist.

ssg.build_remediations.is_supported_filename(remediation_type, filename)

Checks if filename has a supported extension for remediation_type.

Exits when remediation_type is of an unknown type.

ssg.build_remediations.load_compiled_remediations(fixes_dir)

ssg.build_remediations.parse_from_file_with_jinja(file_path, env_yaml)

Parses a remediation from a file. As remediations contain jinja macros, we need a env_yaml context to process these. In practice, no remediations use jinja in the configuration, so for extracting only the configuration, env_yaml can be an abritrary product.yml dictionary.

If the logic of configuration parsing changes significantly, please also update ssg.fixes.parse_platform(…).

ssg.build_remediations.parse_from_file_without_jinja(file_path)

Parses a remediation from a file. Doesn’t process the Jinja macros. This function is useful in build phases in which all the Jinja macros are already resolved.

ssg.build_remediations.process(remediation, env_yaml, cpe_platforms)

Process a fix, and return the processed fix iff the file is of a valid extension for the remediation type and the fix is valid for the current product.

Note that platform is a required field in the contents of the fix.

ssg.build_remediations.split_remediation_content_and_metadata(fix_file)

ssg.build_remediations.write_fix_to_file(fix, file_path)

Writes a single fix to the given file path.