--- RHEL6/transforms/combinefixes.py | 25 +++++++++++++++++++++++-- RHEL6/transforms/xccdf-addfixes.xslt | 30 +++++++++++++++++++++++++++++- 2 files changed, 52 insertions(+), 3 deletions(-)
diff --git a/RHEL6/transforms/combinefixes.py b/RHEL6/transforms/combinefixes.py index 4c4bb55..307cac3 100755 --- a/RHEL6/transforms/combinefixes.py +++ b/RHEL6/transforms/combinefixes.py @@ -2,8 +2,12 @@ import sys, os -header = '''<fix-group id="bash" system="urn:xccdf:fix:script:sh" xmlns="http://checklists.nist.gov/xccdf/1.1";>\n''' -footer = '</fix-group>\n' +header = '''<fix-content system="urn:xccdf:fix:script:sh" xmlns="http://checklists.nist.gov/xccdf/1.1";>\n''' +footer = '</fix-content>\n' +fixGroupHeader = '''<fix-group id="bash" system="urn:xccdf:fix:script:sh" xmlns="http://checklists.nist.gov/xccdf/1.1";>\n''' +fixGroupFooter = '</fix-group>\n' +fixCommonGroupHeader = '''<fix-common-group id="bash-common" xmlns="http://checklists.nist.gov/xccdf/1.1";>\n''' +fixCommonGroupFooter = '</fix-common-group>\n' def encode(text): text = text.replace('&','&') @@ -20,6 +24,7 @@ def main(): output = sys.argv[2] out = open(output,'w') out.write(header) + out.write(fixGroupHeader) for filename in os.listdir(fixDir): if filename.endswith(".sh"): body = "" @@ -30,7 +35,23 @@ def main(): out.write(body+"\n") out.write("</fix>\n") + out.write(fixGroupFooter) + + out.write(fixCommonGroupHeader) + for filename in os.listdir(fixDir): + if filename.endswith("common"): + body = "" + with open( fixDir + "/" + filename, 'r') as f: + body = body + encode(f.read()) + fixName = os.path.splitext(filename)[0] + out.write("<fix-common id=\""+fixName+"\">\n") + out.write(body+"\n") + out.write("</fix-common>\n") + + out.write(fixCommonGroupFooter) out.write(footer) + + out.close() sys.exit(0) if __name__ == "__main__": diff --git a/RHEL6/transforms/xccdf-addfixes.xslt b/RHEL6/transforms/xccdf-addfixes.xslt index 26a14bd..d3c4598 100644 --- a/RHEL6/transforms/xccdf-addfixes.xslt +++ b/RHEL6/transforms/xccdf-addfixes.xslt @@ -5,8 +5,9 @@ containing a list of fixes. It inserts these into the Rules specified inside the fixes file. --> -<xsl:variable name="fixgroup" select="document($fixes)/xccdf:fix-group" /> +<xsl:variable name="fixgroup" select="document($fixes)/xccdf:fix-content/xccdf:fix-group" /> <xsl:variable name="fixsystem" select="$fixgroup/@system"/> +<xsl:variable name="fixcommongroup" select="document($fixes)/xccdf:fix-content/xccdf:fix-common-group" /> <xsl:template match="xccdf:Rule"> <xsl:copy> @@ -27,6 +28,33 @@ </xsl:copy> </xsl:template> + <xsl:template match="xccdf:Benchmark"> + <xsl:copy> + + <!-- plain-text elements must appear in sequence --> + <xsl:apply-templates select="@*"/> + <xsl:apply-templates select="xccdf:status"/> + <xsl:apply-templates select="xccdf:dc-status"/> + <xsl:apply-templates select="xccdf:title"/> + <xsl:apply-templates select="xccdf:description"/> + <xsl:apply-templates select="xccdf:notice"/> + <xsl:apply-templates select="xccdf:front-matter"/> + <xsl:apply-templates select="xccdf:rear-matter"/> + <xsl:apply-templates select="xccdf:reference"/> + + <xsl:for-each select="$fixcommongroup/xccdf:fix-common"> + <xsl:variable name="fix_common_id" select="@id"/> + <xsl:element name="plain-text" namespace="http://checklists.nist.gov/xccdf/1.1";> + <xsl:attribute name="id"><xsl:value-of select="$fix_common_id"/></xsl:attribute> + <xsl:value-of select="text()"/> + </xsl:element> + </xsl:for-each> + <xsl:apply-templates select="node()[not(self::xccdf:status|self::xccdf:dc-title|self::xccdf:title|self::xccdf:description|self::xccdf:notice|self::xccdf:front-matter|self::xccdf:rear-matter|self::xccdf:reference)]"/> +<!-- + <xsl:apply-templates select="node()[not(self::xccdf:status)]"/> +--> + </xsl:copy> + </xsl:template> <!-- copy everything else through to final output --> <xsl:template match="@*|node()"> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
