On 04/05/2013 09:08 PM, Francisco Slavin wrote: > If all of the bash scripts will live within one XCCDF XML file, each > in discrete <fix> tags, I'm not sure what approach the community > would like to take regarding function re-use. It seems like some > pre-processing may be necessary; i.e. resolve the source operator > before inserting the script content into the <fix> tag. The goal is > to only have one copy of a specific function saved in the SSG repo > but to be able to use it for multiple <fix>es which differ only in > one parameter.
Maybe the text substitution of <plain-text> could be considered for this task. According to NISTIR-7275r4, the <xccdf:sub> element within <xccdf:fix> may refer to the <xccdf:plain-text> element. Hence, SSG may use plain-text elements for definition of common scripts or functions. And only refer to such single plain-text from all of the Rules. The example of <plain-text> usage is in OpenSCAP unittests at: http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unittests/test_remediation_subs_plain_text.xccdf.xml and http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unittests/test_remediate_python_subs.xccdf.xml Best regards, -- Simon Lukasik Security Technologies _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
