ssg.build_renumber module
- class ssg.build_renumber.FileLinker(translator, xccdftree, checks, output_file_name)[source]
Bases:
object
Bass class which represents the linking of checks to their identifiers.
- CHECK_NAMESPACE = None
- CHECK_SYSTEM = None
Returns a list of checks which have the same check system as this class.
- class ssg.build_renumber.OCILFileLinker(translator, xccdftree, checks, output_file_name)[source]
Bases:
FileLinker
- CHECK_NAMESPACE = 'http://scap.nist.gov/schema/ocil/2.0'
- CHECK_SYSTEM = 'http://scap.nist.gov/schema/ocil/2'
- class ssg.build_renumber.OVALFileLinker(translator, xccdftree, checks, output_file_name)[source]
Bases:
FileLinker
- CHECK_NAMESPACE = 'http://oval.mitre.org/XMLSchema/oval-definitions-5'
- CHECK_SYSTEM = 'http://oval.mitre.org/XMLSchema/oval-definitions-5'
- build_ovals_dir = None
- ssg.build_renumber.check_and_correct_xccdf_to_oval_data_export_matching_constraints(xccdftree, oval_document)[source]
Verify if <xccdf:Value> ‘type’ to corresponding OVAL variable ‘datatype’ export matching constraint:
http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf#page=30&zoom=auto,69,313
is met. Also correct the ‘type’ attribute of those <xccdf:Value> elements where necessary in order the produced content to meet this constraint.
To correct the constraint we use simpler approach - prefer to fix ‘type’ attribute of <xccdf:Value> rather than ‘datatype’ attribute of the corresponding OVAL variable since there might be additional OVAL variables, derived from the affected OVAL variable, and in that case we would need to fix the ‘datatype’ attribute in each of them.
Define the <xccdf:Value> ‘type’ to OVAL variable ‘datatype’ export matching constraints mapping as specified in Table 16 of XCCDF v1.2 standard:
http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf#page=30&zoom=auto,69,313
- ssg.build_renumber.verify_correct_form_of_referenced_cce_identifiers(xccdftree)[source]
In SSG benchmarks, the CCEs till unassigned have the form of e.g. “RHEL7-CCE-TBD” (or any other format possibly not matching the above two requirements)
If this is the case for specific SSG product, drop such CCE identifiers from the XCCDF since they are in invalid format!