ssg.build_renumber module

class ssg.build_renumber.FileLinker(translator, xccdftree, checks, output_file_name)[source]

Bases: object

Bass class which represents the linking of checks to their identifiers.

CHECK_NAMESPACE = None

CHECK_SYSTEM = None

add_missing_check_exports(check, checkcontentref)[source]

get_related_checks(checks)[source]: Returns a list of checks which have the same check system as this class.

link_xccdf()[source]

save_linked_tree()[source]: Write internal tree to the file in self.linked_fname.

class ssg.build_renumber.OCILFileLinker(translator, xccdftree, checks, output_file_name)[source]

Bases: FileLinker

CHECK_NAMESPACE = 'http://scap.nist.gov/schema/ocil/2.0'

CHECK_SYSTEM = 'http://scap.nist.gov/schema/ocil/2'

link(tree)[source]

class ssg.build_renumber.OVALFileLinker(translator, xccdftree, checks, output_file_name)[source]

Bases: FileLinker

CHECK_NAMESPACE = 'http://oval.mitre.org/XMLSchema/oval-definitions-5'

CHECK_SYSTEM = 'http://oval.mitre.org/XMLSchema/oval-definitions-5'

add_missing_check_exports(check, checkcontentref)[source]

build_ovals_dir = None

link()[source]

save_linked_tree()[source]: Write internal tree to the file in self.linked_fname.

save_oval_document_for_each_xccdf_rule(file_name_prefix='')[source]

ssg.build_renumber.check_and_correct_xccdf_to_oval_data_export_matching_constraints(xccdftree, oval_document)[source]

Verify if <xccdf:Value> ‘type’ to corresponding OVAL variable ‘datatype’ export matching constraint:

http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf#page=30&zoom=auto,69,313

is met. Also correct the ‘type’ attribute of those <xccdf:Value> elements where necessary in order the produced content to meet this constraint.

To correct the constraint we use simpler approach - prefer to fix ‘type’ attribute of <xccdf:Value> rather than ‘datatype’ attribute of the corresponding OVAL variable since there might be additional OVAL variables, derived from the affected OVAL variable, and in that case we would need to fix the ‘datatype’ attribute in each of them.

Define the <xccdf:Value> ‘type’ to OVAL variable ‘datatype’ export matching constraints mapping as specified in Table 16 of XCCDF v1.2 standard:

http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf#page=30&zoom=auto,69,313

ssg.build_renumber.create_xccdf_id_to_cce_id_mapping(xccdftree)[source]

ssg.build_renumber.rules_with_ids_generator(xccdftree)[source]

ssg.build_renumber.verify_correct_form_of_referenced_cce_identifiers(xccdftree)[source]

In SSG benchmarks, the CCEs till unassigned have the form of e.g. “RHEL7-CCE-TBD” (or any other format possibly not matching the above two requirements)

If this is the case for specific SSG product, drop such CCE identifiers from the XCCDF since they are in invalid format!