On Apr 6, 2013, at 8:08 AM, Simon Lukasik <[email protected]> wrote:
> On 04/05/2013 09:08 PM, Francisco Slavin wrote: >> If all of the bash scripts will live within one XCCDF XML file, each > > in discrete <fix> tags, I'm not sure what approach the community >> would like to take regarding function re-use. It seems like some >> pre-processing may be necessary; i.e. resolve the source operator >> before inserting the script content into the <fix> tag. The goal is >> to only have one copy of a specific function saved in the SSG repo >> but to be able to use it for multiple <fix>es which differ only in >> one parameter. > > Maybe the text substitution of <plain-text> could be considered for this > task. According to NISTIR-7275r4, the <xccdf:sub> element within > <xccdf:fix> may refer to the <xccdf:plain-text> element. > > Hence, SSG may use plain-text elements for definition of common scripts > or functions. And only refer to such single plain-text from all of the > Rules. > > The example of <plain-text> usage is in OpenSCAP unittests at: > > http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unittests/test_remediation_subs_plain_text.xccdf.xml > > and > > http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unittests/ This is fantastic, thank you Simon! I went through your unit test scripts and got a few ideas on improving SSG (outside of remediation). I won't get a chance to try this until late Sunday, but we should easily be able to transform "functions" as existing in current Tresys scripts. Someone feel free to shoot out a first draft/patch! _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
