ssg.rule_dir_stats module

This module contains common code shared by utils/rule_dir_stats.py and utils/rule_dir_diff.py. This code includes functions for walking the output of the utils/rule_dir_json.py script, and filtering functions used in both scripts.

ssg.rule_dir_stats.filter_rule_ids(all_keys, queries)[source]: From a set of queries (a comma separated list of queries, where a query is either a rule id or a substring thereof), return the set of matching keys from all_keys. When queries is the literal string “all”, return all of the keys.

ssg.rule_dir_stats.get_affected_products(rule_obj)[source]: From a rule_obj, return the set of affected products from rule.yml

ssg.rule_dir_stats.get_all_affected_products(args, rule_obj)[source]

From a rule_obj, return the set of affected products from rule.yml, and all fixes and checks.

If args.strict is set, this function is equivalent to get_affected_products. Otherwise, it includes ovals and fix content based on the values of args.fixes_only and args.ovals_only.

ssg.rule_dir_stats.missing_oval(rule_obj)[source]: For a rule object, check if it is missing an oval.

ssg.rule_dir_stats.missing_remediation(rule_obj, r_type)[source]: For a rule object, check if it is missing a remediation of type r_type.

ssg.rule_dir_stats.product_names_oval(rule_obj)[source]: For a rule_obj, check the scope of the platforms versus the product name of the OVAL objects.

ssg.rule_dir_stats.product_names_remediation(rule_obj, r_type)[source]: For a rule_obj, check the scope of the platforms versus the product name of the remediations of type r_type.

ssg.rule_dir_stats.two_plus_oval(rule_obj)[source]: For a rule object, check if it has two or more OVALs.

ssg.rule_dir_stats.two_plus_remediation(rule_obj, r_type)[source]: For a rule object, check if it has two or more remediations of type r_type.

ssg.rule_dir_stats.walk_rule_stats(rule_output)[source]

Walk the output of a rule, generating statistics about affected ovals, remediations, and generating verbose output in a stable order.

Returns a tuple of (affected_ovals, affected_remediations, all_affected_remediations, affected_remediations_type, all_output)

ssg.rule_dir_stats.walk_rules(args, known_rules, oval_func, remediation_func)[source]

Walk a dictionary of known_rules, returning the number of visited rules and the output at each visited rule, conditionally calling oval_func and remediation_func based on the values of args.fixes_only and args.ovals_only. If the result of these functions are not Falsy, set the appropriate output content.

The input rule_obj structure is the value of known_rules[rule_id].

The output structure is a dict as follows:

{
    rule_id: {
        "oval": oval_func(args, rule_obj),
        "ansible": remediation_func(args, "ansible", rule_obj),
        "anaconda": remediation_func(args, "anaconda", rule_obj),
        "bash": remediation_func(args, "bash", rule_obj),
        "puppet": remediation_func(args, "puppet", rule_obj)
    },
    ...
}

The arguments supplied to oval_func are args and rule_obj. The arguments supplied to remediation_func are args, the remediation type, and rule_obj.

ssg.rule_dir_stats.walk_rules_diff(args, left_rules, right_rules, oval_func, remediation_func)[source]

Walk a two dictionary of known_rules (left_rules and right_rules) and generate five sets of output: left_only rules output, right_only rules output, shared left output, shared right output, and shared common output, as a five-tuple, where each tuple element is equivalent to walk_rules on the appropriate set of rules.

Does not understand renaming of rule_ids as this would depend on disk content to reflect these differences. Unless significantly more data is added to the rule_obj structure (contents of rule.yml, ovals, remediations, etc.), all information besides ‘title’ is not uniquely identifying or could be easily updated.

ssg.rule_dir_stats.walk_rules_diff_stats(results)[source]

Takes the results of walk_rules_diff (results) and generates five sets of output statistics: left_only rules output, right_only rules output, shared left output, shared right output, and shared common output, as a five-tuple, where each tuple element is equivalent to walk_rules_stats on the appropriate set of rules.

Can assert.

ssg.rule_dir_stats.walk_rules_parallel(args, left_rules, right_rules, oval_func, remediation_func)[source]

Walks two sets of known_rules (left_rules and right_rules) with identical keys and returns left_only, right_only, and common_only output from _walk_rule. If the outputted data for a rule when called on left_rules and right_rules is the same, it is added to common_only. Only rules which output different data will have their data added to left_only and right_only respectively.

Can assert.

ssg.rule_dir_stats.walk_rules_stats(args, known_rules, oval_func, remediation_func)[source]

Walk a dictionary of known_rules and generate simple aggregate statistics for all visited rules. The oval_func and remediation_func arguments behave according to walk_rules().

Returned values are visited_rules, affected_ovals, affected_remediation, a dictionary containing all fix types and the quantity of affected fixes, and the ordered output of all functions.

An effort is made to provide consistently ordered verbose_output by sorting all visited keys and the keys of ssg.build_remediations.REMEDIATION_MAP.