Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Present references in a table #217

Merged
merged 6 commits into from
Dec 7, 2023
Merged

Present references in a table #217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
510a456
Present references in a table
jan-cerny Nov 3, 2023
fe3f507
Add pragmas to avoid PEP8 warnings
jan-cerny Nov 28, 2023
6b7a537
Account for missing reference href attribute
jan-cerny Nov 28, 2023
e3b1852
Add special classes to table element
jan-cerny Nov 28, 2023
5fb4271
Add comments for the pylint tool
jan-cerny Nov 30, 2023
74218c0
Extend the condition to account empty strings in href
jan-cerny Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 17 additions & 12 deletions openscap_report/report_generators/html_templates/rule_detail.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,20 +136,25 @@
<tr role="row">
<th class="pf-m-fit-content" role="rowheader" scope="row"><p class="pf-c-table__text"><b>References:</b></p></th>
<td role="cell">
<div class="pf-l-flex pf-m-column"><div class="pf-l-flex__item">
<p class="pf-c-table__text">
<div>
<table class="pf-c-table pf-m-grid-md" role="grid">
{%- for reference in rule.references -%}
{%- if reference.href -%}
<a href="{{ reference.href | replace('&', ';') }}">{{ reference.text }}</a>
{%- else -%}
<span>{{ reference.text }}</span>
{%- endif -%}
{{- ", " if not loop.last else "" -}}
<tr>
<td>
{% if reference.href == "UNKNOWN" %}
Unknown:
{% else %}
<a href="{{ reference.href | replace('&', ';') }}">{{ reference.name }}</a>:
{% endif %}
</td>
<td>
{%- for ref_id in reference.ref_ids -%}
{{ ref_id }}
{{- ", " if not loop.last else "" -}}
{%- endfor -%}
</td>
</tr>
{%- endfor -%}
</div>
</p>
</div></div>
</table>
</td>
</tr>
{% endif %}
Expand Down
5 changes: 1 addition & 4 deletions openscap_report/scap_results_parser/data_structures/json_transformation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@
def rearrange_references(dictionary_json):
global_references = {}
for rule in dictionary_json["rules"].values():
new_rule_references = []
for ref in rule["references"]:
global_references[ref["text"]] = ref["href"]
new_rule_references.append(ref["text"])
rule["references"] = new_rule_references
global_references[ref["name"]] = ref["href"]
dictionary_json["references"] = global_references


Expand Down
7 changes: 5 additions & 2 deletions openscap_report/scap_results_parser/data_structures/reference.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,20 @@
# SPDX-License-Identifier: LGPL-2.1-or-later

from dataclasses import asdict, dataclass
from typing import List

REFERENCE_JSON_KEYS = [
"name",
"href",
"text",
"ref_ids",
]


@dataclass
class Reference:
name: str
href: str
text: str
ref_ids: List[str]

def as_dict(self):
return asdict(self)
44 changes: 41 additions & 3 deletions openscap_report/scap_results_parser/parsers/rule_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,43 @@
# Copyright 2022, Red Hat, Inc.
# SPDX-License-Identifier: LGPL-2.1-or-later

import collections
from dataclasses import replace

from ..data_structures import Identifier, Reference, Rule, RuleWarning
from ..namespaces import NAMESPACES
from .full_text_parser import FullTextParser
from .remediation_parser import RemediationParser

# pylint: disable=line-too-long
KNOWN_REFERENCES = {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add comments to the code to turn off long-line warnings for this constant.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have add the comments.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pylint is not happy. Please use # pylint: disable=line-too-long before the constant definition and # pylint: enable=line-too-long after the constant definition. You can check this with the tox -e code_style command.

"http://www.ssi.gouv.fr/administration/bonnes-pratiques/": "ANSSI",
"https://public.cyber.mil/stigs/cci/": "CCI",
"https://www.ccn-cert.cni.es/pdf/guias/series-ccn-stic/guias-de-acceso-publico-ccn-stic/6768-ccn-stic-610a22-perfilado-de-seguridad-red-hat-enterprise-linux-9-0/file.html": "CCN for RHEL 9", # noqa: E501
"https://www.cisecurity.org/controls/": "CIS",
"https://www.cisecurity.org/benchmark/red_hat_linux/": "CIS for RHEL",
"https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf": "CJIS", # noqa: E501
"http://www.cnss.gov/Assets/pdf/CNSSI-1253.pdf": "CNSS",
"https://www.isaca.org/resources/cobit": "COBIT",
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf": "CUI", # noqa: E501
"https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf": "HIPAA", # noqa: E501
"https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu": "ISA-62443-2013", # noqa: E501
"https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat": "ISA-62443-2009", # noqa: E501
"https://www.cyber.gov.au/acsc/view-all-content/ism": "ISM",
"https://www.iso.org/standard/54534.html": "ISO 27001-2013",
"https://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xlsx": "NERC-CIP", # noqa: E501
"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf": "NIST 800-53", # noqa: E501
"https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf": "NIST CSF", # noqa: E501
"https://www.niap-ccevs.org/Profile/PP.cfm": "OSPP",
"https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf": "PCI-DSS v3", # noqa: E501
"https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf": "PCI-DSS v4", # noqa: E501
"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers": "SRG-APP", # noqa: E501
"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os": "SRG-OS", # noqa: E501
"https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux": "STIG ID", # noqa: E501
"https://public.cyber.mil/stigs/srg-stig-tools/": "STIG ref",
}
# pylint: enable=line-too-long


class RuleParser():
def __init__(self, root, test_results, ref_values):
Expand All @@ -20,10 +50,18 @@ def __init__(self, root, test_results, ref_values):

@staticmethod
def _get_references(rule):
url_to_ref_ids = collections.defaultdict(list)
for reference_el in rule.findall(".//xccdf:reference", NAMESPACES):
url = reference_el.get("href")
if url is None or url == "":
url = "UNKNOWN"
ref_id = reference_el.text
url_to_ref_ids[url].append(ref_id)
references = []
for referenc in rule.findall(".//xccdf:reference", NAMESPACES):
references.append(Reference(referenc.get("href"), referenc.text))
return references
for url, ref_ids in url_to_ref_ids.items():
name = KNOWN_REFERENCES.get(url, url)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest creating a default value for the name if the href attribute is an empty string.
For example, reference SRG-OS-000003-VMM-000030 of the xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration rule.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch! You're right, the href attribute of the reference element is optional.

I have add code that accounts for this situation.

However, this situation shouldn't happen in our content. The reference without href makes little sense. Do you have a specific SCAP content or its version where this happens?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the latest content and all the href attributes are not empty strings.

I found this in:
SSG: [0, 1, 63]
Rule: xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration
Reference: SRG-OS-000003-VMM-000030

references.append(Reference(name, url, sorted(ref_ids)))
return sorted(references, key=lambda x: x.name)

@staticmethod
def _get_identifiers(rule):
Expand Down
19 changes: 18 additions & 1 deletion tests/json_schema_of_report.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,24 @@
"title": "References",
"type": "array",
"items": {
"type": "string"
"type": "object",
"properties": {
"name": {
"title": "Name",
"type": "string"
},
"href": {
"title": "Href",
"type": "string"
},
"ref_ids": {
"title": "IDs",
"type": "array",
"items": {
"type": "string"
}
}
}
}
},
"description": {
Expand Down
11 changes: 8 additions & 3 deletions tests/unit_tests/test_json_transitions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@
],
"references": [
{
"text": "11",
"name": "IDK",
"href": "idk-link.com",
"ref_ids": ["11"],
}
],
}
Expand All @@ -44,11 +45,15 @@
}
],
"references": [
"11",
{
"name": "IDK",
"href": "idk-link.com",
"ref_ids": ["11"],
}
],
}
},
"references": {"11": "idk-link.com"},
"references": {"IDK": "idk-link.com"},
},
)
],
Expand Down