From fce616aa88e84bccd2fc699447f7994a3907e51e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Wed, 30 Oct 2024 15:26:29 +0100 Subject: [PATCH] Improve Benchmark detection in Automatus The SCE checks are inserted to SCAP source data stream in a form of `extended-component` element, each SCE check as a separate `extended-component` element. We shouldn't treat these extended component as XCCDF Benchmarks. Instead, when resolving a component reference we should check if the reference really points to an XCCDF Benchmark. This fix will remove these annoying messages from automatus output: ``` INFO - The data stream contains 132 Benchmarks INFO - 0 - scap_org.open-scap_cref_ssg-rhel9-xccdf.xml INFO - 1 - scap_org.open-scap_cref_rhel9-checks-sce-timer_dnf-automatic_enabled.sh INFO - 2 - scap_org.open-scap_cref_rhel9-checks-sce-service_debug-shell_disabled.sh INFO - 3 - scap_org.open-scap_cref_rhel9-checks-sce-service_pcscd_enabled.sh ... ``` --- tests/ssg_test_suite/xml_operations.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/ssg_test_suite/xml_operations.py b/tests/ssg_test_suite/xml_operations.py index 3675416668c..b1aeb008088 100644 --- a/tests/ssg_test_suite/xml_operations.py +++ b/tests/ssg_test_suite/xml_operations.py @@ -42,9 +42,14 @@ def get_all_xccdf_ids_in_datastream(datastream): logging.error( "Checklists not found within data stream") - all_checklist_components = checklists_node.findall('ds:component-ref', - PREFIX_TO_NS) - xccdf_ids = [component.get("id") for component in all_checklist_components] + xccdf_ids = [] + for cref in checklists_node.findall("ds:component-ref", PREFIX_TO_NS): + href = cref.get('{%s}href' % PREFIX_TO_NS["xlink"]) + comp_id = href.lstrip("#") + query = ".//ds:component[@id='%s']/xccdf-1.2:Benchmark" % (comp_id) + benchmark_node = root.find(query, PREFIX_TO_NS) + if benchmark_node is not None: + xccdf_ids.append(cref.get("id")) return xccdf_ids