ssg package
ssg.ansible module
Common functions for processing Ansible in SSG
- ssg.ansible.add_minimum_version(ansible_src)
Adds minimum ansible version to an Ansible script
- ssg.ansible.remove_multiple_blank_lines(ansible_src)
Removes multiple blank lines in an Ansible script
- ssg.ansible.remove_trailing_whitespace(ansible_src)
Removes trailing whitespace in an Ansible script
- ssg.ansible.update_yaml_list_or_string(current_contents, new_contents)
ssg.build_cpe module
ssg.build_derivatives module
ssg.build_guides module
- ssg.build_guides.build_index(benchmarks, input_basename, index_links, index_options, index_initial_src)
- ssg.build_guides.builder(queue)
Fetch from a queue of tasks, process tasks until the queue is empty. Each task is processed with generate_for_input_content, and the guide is written as output.
Raises: when an error occurred when processing a task.
- ssg.build_guides.fill_queue(benchmarks, benchmark_profile_pairs, input_path, path_base, output_dir)
For each benchmark and profile in the benchmark, create a queue of tasks for later processing. A task is a named tuple (benchmark_id, profile_id, input_path, guide_path).
Returns: queue of tasks.
- ssg.build_guides.generate_for_input_content(input_content, benchmark_id, profile_id)
Returns HTML guide for given input_content and profile_id combination. This function assumes only one Benchmark exists in given input_content!
- ssg.build_guides.get_benchmark_profile_pairs(input_tree, benchmarks)
- ssg.build_guides.get_output_guide_paths(benchmarks, benchmark_profile_pairs, path_base, output_dir)
Return a list of guide paths containing guides for each non-blacklisted profile_id in a benchmark.
- ssg.build_guides.get_path_args(args)
Return a namedtuple of (input_path, input_basename, path_base, output_dir) from an argparse containing args.input and args.output.
ssg.build_ovals module
ssg.build_profile module
ssg.build_profile_remediations module
- ssg.build_profile_remediations.builder(queue)
While there are tasks in the queue, process them with generate_input_for_content and write their output to the correct location.
Raises any exceptions which occur during handling of a task.
- ssg.build_profile_remediations.fill_queue(benchmarks, benchmark_profile_pairs, input_path, path_base, extension, output_dir, template)
Returns a queue containing tasks to create each remediation. A task is a namedtuple of (benchmark_id, profile_id, input_path, extension, remediation_path, template).
- ssg.build_profile_remediations.generate_for_input_content(input_content, benchmark_id, profile_id, template)
Returns remediation for given input_content and profile_id combination. This function assumes only one Benchmark exists in given input_content!
- ssg.build_profile_remediations.get_output_paths(benchmarks, benchmark_profile_pairs, path_base, extension, output_dir, template)
Returns a list of output filenames for each non-blacklisted profile in the benchmark.
ssg.build_remediations module
ssg.build_renumber module
ssg.build_stig module
- ssg.build_stig.add_references(reference, destination)
For a given reference XCCDF file and destination file, process all STIG references in the rules from destination and correctly link them to the corresponding reference rule.
Returns the updated ElementTree containing updated reference elements.
ssg.build_yaml module
ssg.checks module
ssg.constants module
ssg.contributors module
- ssg.contributors.generate()
ssg.fixes module
ssg.id_translate module
ssg.jinja module
- class ssg.jinja.AbsolutePathFileSystemLoader(encoding='utf-8')
Bases:
jinja2.loaders.BaseLoader
Loads templates from the file system. This loader insists on absolute paths and fails if a relative path is provided.
>>> loader = AbsolutePathFileSystemLoader()
Per default the template encoding is
'utf-8'
which can be changed by setting the encoding parameter to something else.- get_source(environment, template)
Get the template source, filename and reload helper for a template. It’s passed the environment and template name and has to return a tuple in the form
(source, filename, uptodate)
or raise a TemplateNotFound error if it can’t locate the template.The source part of the returned tuple must be the source of the template as a string. The filename should be the name of the file on the filesystem if it was loaded from there, otherwise
None
. The filename is used by Python for the tracebacks if no loader extension is used.The last item in the tuple is the uptodate function. If auto reloading is enabled it’s always called to check if the template changed. No arguments are passed so the function must store the old state somewhere (for example in a closure). If it returns False the template will be reloaded.
- exception ssg.jinja.MacroError
Bases:
RuntimeError
- ssg.jinja.add_python_functions(substitutions_dict)
- ssg.jinja.expand_yaml_path(path, parameter)
- ssg.jinja.load_macros(substitutions_dict=None)
Augment the substitutions_dict dict with project Jinja macros in /shared/.
- ssg.jinja.process_file(filepath, substitutions_dict)
Process the jinja file at the given path with the specified substitutions. Return the result as a string. Note that this will not load the project macros; use process_file_with_macros(…) for that.
- ssg.jinja.process_file_with_macros(filepath, substitutions_dict)
Process the file with jinja macros at the given path with the specified substitutions. Return the result as a string.
See also: process_file
- ssg.jinja.raise_exception(message)
- ssg.jinja.update_substitutions_dict(filename, substitutions_dict)
Treat the given filename as a jinja2 file containing macro definitions, and export definitions that don’t start with _ into the substitutions_dict, a name->macro dictionary. During macro compilation, symbols already existing in substitutions_dict may be used by those definitions.
- ssg.jinja.url_encode(source)
ssg.oval module
ssg.parse_oval module
- class ssg.parse_oval.ElementFinder(oval_groups)
Bases:
object
- find_element(start_element, target_element_name, sought_attrib)
- ssg.parse_oval.find_extending_defs(oval_groups, defn)
- ssg.parse_oval.get_container_groups(fname)
- ssg.parse_oval.resolve_definition(oval_groups, defn)
ssg.playbook_builder module
ssg.products module
ssg.rule_dir_stats module
ssg.rule_yaml module
ssg.rules module
- ssg.rules.applies_to_product(file_name, product)
A OVAL or fix is filtered by product iff product is Falsy, file_name is “shared”, or file_name is product. Note that this does not filter by contents of the fix or check, only by the name of the file.
- ssg.rules.find_rule_dirs(base_dir)
Generator which yields all rule directories within a given base_dir, recursively
- ssg.rules.find_rule_dirs_in_paths(base_dirs)
Generator which yields all rule directories within a given directories list, recursively
- ssg.rules.get_rule_dir_id(path)
Returns the ID of a rule directory; correctly handles being passed either the directory path or the yaml metadata path.
- ssg.rules.get_rule_dir_ovals(dir_path, product=None)
Gets a list of OVALs contained in a rule directory. If product is None, returns all OVALs. If product is not None, returns applicable OVALs in order of priority:
{{{ product }}}.xml -> shared.xml
Only returns OVALs which exist.
- ssg.rules.get_rule_dir_sces(dir_path, product=None)
Get a list of SCEs contained in a rule directory. If product is None, returns all SCEs. If product is not None, returns applicable SCEs in order of priority:
{{{ product }}}.{{{ ext }}} -> shared.{{{ ext }}}
Only returns SCEs which exist.
- ssg.rules.get_rule_dir_yaml(dir_path)
Returns the path to the yaml metadata for a rule directory, regardless of if it exists.
- ssg.rules.is_rule_dir(dir_path)
Returns True iff dir_path is a valid rule directory which exists
To be valid, dir_path must exist and be a directory and the file returned by get_rule_dir_yaml(dir_path) must exist.
ssg.shims module
- ssg.shims.input_func(prompt=None)
ssg.templates module
ssg.utils module
- exception ssg.utils.SSGError
Bases:
RuntimeError
- ssg.utils.banner_anchor_wrap(banner_text)
- ssg.utils.banner_regexify(banner_text)
- ssg.utils.check_conflict_regex_directory(data)
Validate that either all path are directories OR file_regex exists.
Throws ValueError.
- ssg.utils.escape_id(text)
- ssg.utils.escape_regex(text)
- ssg.utils.escape_yaml_key(text)
- ssg.utils.get_cpu_count()
Returns the most likely estimate of the number of CPUs in the machine for threading purposes, gracefully handling errors and possible exceptions.
- ssg.utils.is_applicable(platform, product)
Function to check if a platform is applicable for the product. Handles when a platform is really a list of products, i.e., a prodtype field from a rule.yml.
Returns true iff product is applicable for the platform or list of products
- ssg.utils.is_applicable_for_product(platform, product)
Based on the platform dict specifier of the remediation script to determine if this remediation script is applicable for this product. Return ‘True’ if so, ‘False’ otherwise
- ssg.utils.map_name(version)
Maps SSG Makefile internal product name to official product name
- ssg.utils.merge_dicts(left, right)
Merges two dictionaries, keeing left and right as passed. If there are any common keys between left and right, the value from right is use.
Returns the merger of the left and right dictionaries
- ssg.utils.mkdir_p(path)
- ssg.utils.name_to_platform(names)
Converts one or more full names to a string containing one or more <platform> elements.
- ssg.utils.parse_name(product)
Returns a namedtuple of (name, version) from parsing a given product; e.g., “rhel7” -> (“rhel”, “7”)
- ssg.utils.parse_template_boolean_value(data, parameter, default_value)
- ssg.utils.prodtype_to_name(prod)
Converts a vaguely-prodtype-like thing into one or more full product names.
- ssg.utils.prodtype_to_platform(prods)
Converts one or more prodtypes into a string with one or more <platform> elements.
- ssg.utils.read_file_list(path)
Reads the given file path and returns the contents as a list.
- ssg.utils.required_key(_dict, _key)
Returns the value of _key if it is in _dict; otherwise, raise an exception stating that it was not found but is required.
- ssg.utils.sha256(text)
- ssg.utils.split_string_content(content)
Split the string content and returns as a list.
- ssg.utils.subset_dict(dictionary, keys)
Restricts dictionary to only have keys from keys. Does not modify either dictionary or keys, returning the result instead.
- ssg.utils.write_list_file(path, contents)
Writes the given contents to path.
ssg.xccdf module
A couple generic XCCDF utilities used by build_all_guides.py and build_all_remediations.py
Author: Martin Preisler <mpreisle@redhat.com>
- ssg.xccdf.get_benchmark_id_title_map(input_tree)
- ssg.xccdf.get_profile_choices_for_input(input_tree, benchmark_id, tailoring_tree)
Returns a dictionary that maps profile_ids to their respective titles.
- ssg.xccdf.get_profile_short_id(long_id)
If given profile ID is the XCCDF 1.2 long ID this function shortens it
- ssg.xccdf.scrape_benchmarks(root, namespace, dest)
Add all benchmark elements in root to dest list
ssg.xml module
- ssg.xml.add_xhtml_namespace(data)
Given a xml blob, adds the xhtml namespace to all relevant tags.
- ssg.xml.map_elements_to_their_ids(tree, xpath_expr)
Given an ElementTree and an XPath expression, iterate through matching elements and create 1:1 id->element mapping.
Raises AssertionError if a matching element doesn’t have the
id
attribute.Returns mapping as a dictionary
- ssg.xml.open_xml(filename)
Given a filename, register all possible namespaces, and return the XML tree.
- ssg.xml.oval_generated_header(product_name, schema_version, ssg_version)
- ssg.xml.parse_file(filename)
Given a filename, return the root of the ElementTree
- ssg.xml.register_namespaces()
Register all possible namespaces