ssg package

ssg.ansible module

Common functions for processing Ansible in SSG

ssg.ansible.add_minimum_version(ansible_src)

Adds minimum ansible version to an Ansible script

ssg.ansible.remove_multiple_blank_lines(ansible_src)

Removes multiple blank lines in an Ansible script

ssg.ansible.remove_trailing_whitespace(ansible_src)

Removes trailing whitespace in an Ansible script

ssg.ansible.update_yaml_list_or_string(current_contents, new_contents)

ssg.build_cpe module

ssg.build_derivatives module

ssg.build_guides module

ssg.build_guides.build_index(benchmarks, input_basename, index_links, index_options, index_initial_src)

ssg.build_guides.builder(queue)

Fetch from a queue of tasks, process tasks until the queue is empty. Each task is processed with generate_for_input_content, and the guide is written as output.

Raises: when an error occurred when processing a task.

ssg.build_guides.fill_queue(benchmarks, benchmark_profile_pairs, input_path, path_base, output_dir)

For each benchmark and profile in the benchmark, create a queue of tasks for later processing. A task is a named tuple (benchmark_id, profile_id, input_path, guide_path).

Returns: queue of tasks.

ssg.build_guides.generate_for_input_content(input_content, benchmark_id, profile_id)

Returns HTML guide for given input_content and profile_id combination. This function assumes only one Benchmark exists in given input_content!

ssg.build_guides.get_benchmark_profile_pairs(input_tree, benchmarks)

ssg.build_guides.get_output_guide_paths(benchmarks, benchmark_profile_pairs, path_base, output_dir)

Return a list of guide paths containing guides for each non-blacklisted profile_id in a benchmark.

ssg.build_guides.get_path_args(args)

Return a namedtuple of (input_path, input_basename, path_base, output_dir) from an argparse containing args.input and args.output.

ssg.build_ovals module

ssg.build_profile module

class ssg.build_profile.RuleStats(rid=None, roval=None, rbash_fix=None, ransible_fix=None, rignition_fix=None, rkubernetes_fix=None, rpuppet_fix=None, ranaconda_fix=None, rcce=None, stig_id=None, cis_ref=None, hipaa_ref=None, anssi_ref=None)

Bases: object

Class representing the content of a rule for statistics generation purposes.

class ssg.build_profile.XCCDFBenchmark(filepath)

Bases: object

Class for processing an XCCDF benchmark to generate statistics about the profiles contained within it.

console_print(content, width)

Prints the ‘content’ array left aligned, each time 45 characters long, each row ‘width’ characters wide

get_profile_stats(profile)

Obtain statistics for the profile

show_profile_stats(profile, options)

Displays statistics for specific profile

ssg.build_profile_remediations module

ssg.build_profile_remediations.builder(queue)

While there are tasks in the queue, process them with generate_input_for_content and write their output to the correct location.

Raises any exceptions which occur during handling of a task.

ssg.build_profile_remediations.fill_queue(benchmarks, benchmark_profile_pairs, input_path, path_base, extension, output_dir, template)

Returns a queue containing tasks to create each remediation. A task is a namedtuple of (benchmark_id, profile_id, input_path, extension, remediation_path, template).

ssg.build_profile_remediations.generate_for_input_content(input_content, benchmark_id, profile_id, template)

Returns remediation for given input_content and profile_id combination. This function assumes only one Benchmark exists in given input_content!

ssg.build_profile_remediations.get_output_paths(benchmarks, benchmark_profile_pairs, path_base, extension, output_dir, template)

Returns a list of output filenames for each non-blacklisted profile in the benchmark.

ssg.build_remediations module

ssg.build_renumber module

ssg.build_stig module

ssg.build_stig.add_references(reference, destination)

For a given reference XCCDF file and destination file, process all STIG references in the rules from destination and correctly link them to the corresponding reference rule.

Returns the updated ElementTree containing updated reference elements.

ssg.build_yaml module

ssg.checks module

ssg.constants module

ssg.contributors module

ssg.contributors.generate()

ssg.fixes module

ssg.id_translate module

class ssg.id_translate.IDTranslator(content_id)

Bases: object

This class is designed to handle the mapping of meaningful, human-readable names to IDs in the formats required by the SCAP checking systems, such as OVAL and OCIL.

generate_id(tagname, name)

translate(tree, store_defname=False)

ssg.jinja module

class ssg.jinja.AbsolutePathFileSystemLoader(encoding='utf-8')

Bases: jinja2.loaders.BaseLoader

Loads templates from the file system. This loader insists on absolute paths and fails if a relative path is provided.

>>> loader = AbsolutePathFileSystemLoader()

Per default the template encoding is 'utf-8' which can be changed by setting the encoding parameter to something else.

get_source(environment, template)

Get the template source, filename and reload helper for a template. It’s passed the environment and template name and has to return a tuple in the form (source, filename, uptodate) or raise a TemplateNotFound error if it can’t locate the template.

The source part of the returned tuple must be the source of the template as unicode string or a ASCII bytestring. The filename should be the name of the file on the filesystem if it was loaded from there, otherwise None. The filename is used by python for the tracebacks if no loader extension is used.

The last item in the tuple is the uptodate function. If auto reloading is enabled it’s always called to check if the template changed. No arguments are passed so the function must store the old state somewhere (for example in a closure). If it returns False the template will be reloaded.

exception ssg.jinja.MacroError

Bases: RuntimeError

ssg.jinja.add_python_functions(substitutions_dict)

ssg.jinja.load_macros(substitutions_dict=None)

Augment the substitutions_dict dict with project Jinja macros in /shared/.

ssg.jinja.process_file(filepath, substitutions_dict)

Process the jinja file at the given path with the specified substitutions. Return the result as a string. Note that this will not load the project macros; use process_file_with_macros(…) for that.

ssg.jinja.process_file_with_macros(filepath, substitutions_dict)

Process the file with jinja macros at the given path with the specified substitutions. Return the result as a string.

See also: process_file

ssg.jinja.raise_exception(message)

ssg.jinja.update_substitutions_dict(filename, substitutions_dict)

Treat the given filename as a jinja2 file containing macro definitions, and export definitions that don’t start with _ into the substitutions_dict, a name->macro dictionary. During macro compilation, symbols already existing in substitutions_dict may be used by those definitions.

ssg.jinja.url_encode(source)

ssg.oval module

ssg.parse_oval module

class ssg.parse_oval.ElementFinder(oval_groups)

Bases: object

find_element(start_element, target_element_name, sought_attrib)

ssg.parse_oval.find_extending_defs(oval_groups, defn)

ssg.parse_oval.get_container_groups(fname)

ssg.parse_oval.resolve_definition(oval_groups, defn)

ssg.playbook_builder module

ssg.products module

ssg.rule_dir_stats module

ssg.rule_yaml module

ssg.rules module

ssg.rules.applies_to_product(file_name, product)

A OVAL or fix is filtered by product iff product is Falsy, file_name is “shared”, or file_name is product. Note that this does not filter by contents of the fix or check, only by the name of the file.

ssg.rules.find_rule_dirs(base_dir)

Generator which yields all rule directories within a given base_dir, recursively

ssg.rules.find_rule_dirs_in_paths(base_dirs)

Generator which yields all rule directories within a given directories list, recursively

ssg.rules.get_rule_dir_id(path)

Returns the ID of a rule directory; correctly handles being passed either the directory path or the yaml metadata path.

ssg.rules.get_rule_dir_ovals(dir_path, product=None)

Gets a list of OVALs contained in a rule directory. If product is None, returns all OVALs. If product is not None, returns applicable OVALs in order of priority:

{{{ product }}}.xml -> shared.xml

Only returns OVALs which exist.

ssg.rules.get_rule_dir_yaml(dir_path)

Returns the path to the yaml metadata for a rule directory, regardless of if it exists.

ssg.rules.is_rule_dir(dir_path)

Returns True iff dir_path is a valid rule directory which exists

To be valid, dir_path must exist and be a directory and the file returned by get_rule_dir_yaml(dir_path) must exist.

ssg.shims module

ssg.shims.input_func(prompt=None)

ssg.templates module

ssg.utils module

exception ssg.utils.SSGError

Bases: RuntimeError

ssg.utils.banner_anchor_wrap(banner_text)

ssg.utils.banner_regexify(banner_text)

ssg.utils.escape_id(text)

ssg.utils.escape_regex(text)

ssg.utils.escape_yaml_key(text)

ssg.utils.get_cpu_count()

Returns the most likely estimate of the number of CPUs in the machine for threading purposes, gracefully handling errors and possible exceptions.

ssg.utils.is_applicable(platform, product)

Function to check if a platform is applicable for the product. Handles when a platform is really a list of products, i.e., a prodtype field from a rule.yml.

Returns true iff product is applicable for the platform or list of products

ssg.utils.is_applicable_for_product(platform, product)

Based on the platform dict specifier of the remediation script to determine if this remediation script is applicable for this product. Return ‘True’ if so, ‘False’ otherwise

ssg.utils.map_name(version)

Maps SSG Makefile internal product name to official product name

ssg.utils.merge_dicts(left, right)

Merges two dictionaries, keeing left and right as passed. If there are any common keys between left and right, the value from right is use.

Returns the merger of the left and right dictionaries

ssg.utils.mkdir_p(path)

ssg.utils.name_to_platform(names)

Converts one or more full names to a string containing one or more <platform> elements.

ssg.utils.parse_name(product)

Returns a namedtuple of (name, version) from parsing a given product; e.g., “rhel7” -> (“rhel”, “7”)

ssg.utils.prodtype_to_name(prod)

Converts a vaguely-prodtype-like thing into one or more full product names.

ssg.utils.prodtype_to_platform(prods)

Converts one or more prodtypes into a string with one or more <platform> elements.

ssg.utils.read_file_list(path)

Reads the given file path and returns the contents as a list.

ssg.utils.required_key(_dict, _key)

Returns the value of _key if it is in _dict; otherwise, raise an exception stating that it was not found but is required.

ssg.utils.split_string_content(content)

Split the string content and returns as a list.

ssg.utils.subset_dict(dictionary, keys)

Restricts dictionary to only have keys from keys. Does not modify either dictionary or keys, returning the result instead.

ssg.utils.write_list_file(path, contents)

Writes the given contents to path.

ssg.xccdf module

A couple generic XCCDF utilities used by build_all_guides.py and build_all_remediations.py

Author: Martin Preisler <mpreisle@redhat.com>

ssg.xccdf.get_benchmark_id_title_map(input_tree)

ssg.xccdf.get_profile_choices_for_input(input_tree, benchmark_id, tailoring_tree)

Returns a dictionary that maps profile_ids to their respective titles.

ssg.xccdf.get_profile_short_id(long_id)

If given profile ID is the XCCDF 1.2 long ID this function shortens it

ssg.xccdf.scrape_benchmarks(root, namespace, dest)

Add all benchmark elements in root to dest list

ssg.xml module

ssg.xml.map_elements_to_their_ids(tree, xpath_expr)

Given an ElementTree and an XPath expression, iterate through matching elements and create 1:1 id->element mapping.

Raises AssertionError if a matching element doesn’t have the id attribute.

Returns mapping as a dictionary

ssg.xml.open_xml(filename)

Given a filename, register all possible namespaces, and return the XML tree.

ssg.xml.oval_generated_header(product_name, schema_version, ssg_version)

ssg.xml.parse_file(filename)

Given a filename, return the root of the ElementTree

ssg.yaml module

Module contents