Tool for identifying the most used rules

[Honny1]

Description:

This PR adds a subcommand profile_tool.py that generates a list of rules with the number of uses in profiles in different formats.

Rationale:

It is known that many rules are common among profiles so we can infer that much less than 1825 rules are in fact used for RHEL, but we are including thousands of rules in the data stream because we don't know exactly what is needed or not.

We have many rules without Ansible remediation, some rules without Bash remediation and some few rules without OVAL check. It is great to close the gaps, but it would be smart to prioritize the most used rules.

It is hard to identify these most used rules and consequently optimize our efforts.

Review Hints:

To generate a list of the most used rules in the rhel9 benchmark you can run this command:

    $ ./build_product rhel9
    $ ./build-scripts/profile_tool.py most-used-rules  build/ssg-rhel9-xccdf.xml

Or you can run this command to get info about the whole project:

    $ ./build-scripts/profile_tool.py most-used-rules

Depends on: #11438

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment

Oracle Linux 8 Environment

[jan-cerny]

@Honny1 It would be great to sort the output by the count of the rules.

[Honny1]

@jan-cerny The rules are listed in descending order.

[jan-cerny]

@Honny1 It doesn't sort for me

[Honny1]

@jan-cerny Fixed!

[jan-cerny]

now it sorts for me, thanks

[marcusburghardt]

@Honny1 , I saw the changes in #11438 are also incorporated here. Did I miss any change there but not here?

[Honny1]

@marcusburghardt Yes, the changes from #11438 should be incorporated into this PR. I will rebase on the master after merging #11438.

[jan-cerny]

/packit build

[marcusburghardt]

I have tested all the functions and they are working as expected. I have only some minor comments mainly about readability. After that I believe it would be good to be merged.

[marcusburghardt]

Have you considered to also count the variables? I think it is easy to extend and this information might be useful as well.

If so, the next function can also be renamed from add_rule to add_rule_or_var, for example. However, it would be probably better to extend this in another PR.

[Honny1]

Yes, it can easily be expanded if necessary.

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11439

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11439

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11439 make deploy-local

[codeclimate]

Code Climate has analyzed commit 18bfd53 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 83.3% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.8% (2.0% change).

View more on Code Climate.

[Honny1]

/packit retest-failed

[marcusburghardt]

Nice work @Honny1 . This capability will open space for good insights. Thanks