Merge pull request #2127 from Mab879/remove_ds2

Remove Select DS Commands
OpenSCAP · Jun 25, 2024 · 7266305 · 7266305
2 parents 4acea91 + 6c74b45
commit 7266305
Show file tree

Hide file tree

Showing 41 changed files with 590 additions and 84,123 deletions.
diff --git a/dist/bash_completion.d/oscap b/dist/bash_completion.d/oscap
@@ -18,7 +18,7 @@ function _oscap {
     cmds[oscap:oval:generate]="report"
     cmds[oscap:xccdf]="eval remediate resolve validate export-oval-variables generate"
     cmds[oscap:xccdf:generate]="report guide fix custom"
-    cmds[oscap:ds]="sds-add sds-compose sds-split sds-validate rds-create rds-split rds-validate"
+    cmds[oscap:ds]="sds-validate rds-validate"
     cmds[oscap:cpe]="check match validate"
 
     # command options
@@ -39,11 +39,6 @@ function _oscap {
     opts[oscap:xccdf:generate:guide]="-o --output --hide-profile-info --profile --benchmark-id --xccdf-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature"
     opts[oscap:xccdf:generate:fix]="-o --output --template --profile --result-id --profile --fix-type --xccdf-id --benchmark-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature"
     opts[oscap:xccdf:generate:custom]="-o --output --stylesheet"
-    opts[oscap:ds:sds-add]="--datastream-id --skip-validation"
-    opts[oscap:ds:sds-compose]="--skip-validation"
-    opts[oscap:ds:sds-split]="--datastream-id --xccdf-id --skip-validation --fetch-remote-resources --local-files"
-    opts[oscap:ds:rds-create]="--skip-validation"
-    opts[oscap:ds:rds-split]="--report-id --skip-validation"
     opts[oscap:info]="--fetch-remote-resources --local-files --profile --profiles"
 
     # local variables

diff --git a/docs/manual/manual.adoc b/docs/manual/manual.adoc
@@ -516,24 +516,6 @@ can open it in a text editor.
 
 You can use `oscap info` with source data stream files as well. Source
 data stream will often reference OVAL files that are bundled in it.
-It is also possible to extract OVAL files from source data stream using
-`oscap ds sds-split`.
-
-----
-$ oscap ds sds-split ssg-rhel7-ds.xml extracted/
-$ ls -1 extracted/
-scap_org.open-scap_cref_output--ssg-rhel7-cpe-dictionary.xml
-scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml
-ssg-rhel7-cpe-oval.xml
-ssg-rhel7-ocil.xml
-ssg-rhel7-oval.xml
-----
-
-After splitting the source data stream you can inspect OVAL and XCCDF files
-individually using a text editor. Keep in mind that this is only an example and
-file names depend on contents of the source data stream you are splitting and
-that you can also inspect XCCDF and OVAL content directly in a source data
-stream or a result data stream.
 
 
 === Evaluating XCCDF
@@ -1522,61 +1504,6 @@ multiset evaluation.
 </tests>
 ----
 
-
-=== Evaluating XCCDF rules with multiple checks
-
-Normally, each XCCDF rule references to a single check with a specified name.
-However, if `@name` attribute of `xccdf:check-content-ref` of a given rule is omitted,
-multiple checks can be executed to evaluate the rule.
-This is common for `security_patches_up_to_date` check.
-By default, only a single result is produced for an XCCDF rule in such case, and the
-result is computed from all results of checks in the referenced location.
-In case user wants to see separate results for each check (one `xccdf:check-result` element
-in results document for each check evaluated), then `multi-check` attribute
-of `xccdf:check` element must be set to *true*.
-
-----
-<Rule
-  id="xccdf_org.nist-testsuite.content_rule_security_patches_up_to_date"
-  selected="false" weight="10.0">
-  <title xml:lang="en-US">Security Patches Up-To-Date</title>
-  <description xml:lang="en-US">All known security patches have been installed.</description>
-  <requires idref="xccdf_org.nist-testsuite.content_group_CM-6"/>
-  <requires idref="xccdf_org.nist-testsuite.content_group_SI-2"/>
-  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" multi-check="true">
-    <check-content-ref href="r1100-scap11-win_rhel-patches.xml"/>
-  </check>
-</Rule>
-----
-
-In XCCDF specification older than 1.2, the `multi-check` element is not defined,
-which means that only a single result is always produced.
-To produce separate results for each check from the content older than XCCDF version 1.2,
-you need to convert it first into XCCDF 1.2 using the following command:
-
-----
-$ xsltproc --stringparam reverse_DNS com.example.www /usr/share/openscap/xsl/xccdf_1.1_to_1.2.xsl xccdf.xml > xccdf-1.2.xml
-----
-
-And then patch the content using a text editor, adding `multi-check` as
-shown in the example Rule snippet above.
-
-To create a source data stream from the patched content, the following command can be used:
-
-----
-$ oscap ds sds-compose xccdf-1.2.xml source_ds.xml
-----
-
-If the original XCCDF file referenced a custom CPE dictionary, you also have to inject
-the CPE dictionary into the source data stream in order to create a valid source data stream.
-To add a CPE dictionary component into your data stream in place, use this command:
-
-----
-$ oscap ds sds-add cpe_dictionary.xml source_ds.xml
-----
-
-Now the `source_ds.xml` data stream can be evaluated as usual.
-
 === Identifying SWID tags
 
 OpenSCAP identifies SWID tags using OVAL inventory class definitions that are
@@ -1654,7 +1581,7 @@ If OpenSCAP is executed with verbosity level INFO or DEVEL their runtime values
 * `OSCAP_PCRE_EXEC_RECURSION_LIMIT` - Set recursion limit of regular expression matching using `pcre_exec`/`pcre2_match` functions.
 * `OSCAP_PROBE_ROOT` - Path to a directory which contains mounted filesystem to be evaluated. Used for offline scanning.
 * `SEXP_VALIDATE_DISABLE` - If set, `oscap` will not validate SEXP expressions during its execution.
-* `SOURCE_DATE_EPOCH` - Timestamp in seconds since epoch. This timestamp will be used instead of the current time to populate `timestamp` attributes in SCAP source data streams created by `oscap ds sds-compose` sub-module. This is used for reproducible builds of data streams.
+* `SOURCE_DATE_EPOCH` - Timestamp in seconds since epoch. This timestamp will be used instead of the current time to populate `timestamp` attributes in SCAP source data streams. This is used for reproducible builds of data streams.
 * `OSCAP_PROBE_MEMORY_USAGE_RATIO` - maximum memory usage ratio (used/total) for OpenSCAP probes, default: 0.1
 * `OSCAP_PROBE_MAX_COLLECTED_ITEMS` - maximal count of collected items by OpenSCAP probe for a single OVAL object evaluation
 * `OSCAP_PROBE_IGNORE_PATHS` - Skip given paths during evaluation. If multiple paths should be skipped they need to be separated by a colon. The paths should be absolute canonical paths.

diff --git a/src/DS/ds_common.c b/src/DS/ds_common.c
@@ -28,7 +28,6 @@
 #include "common/_error.h"
 #include "common/list.h"
 #include "common/oscap_acquire.h"
-#include "source/oscap_source_priv.h"
 #include "source/public/oscap_source.h"
 #include "oscap_helpers.h"
 

diff --git a/src/DS/ds_rds_session.c b/src/DS/ds_rds_session.c
@@ -174,15 +174,3 @@ int ds_rds_session_replace_report_with_source(struct ds_rds_session *session, st
 	return ds_rds_create_report(doc, reports_node, oscap_source_get_xmlDoc(source), session->report_id) == NULL;
 }
 
-char *ds_rds_session_get_html_report(struct ds_rds_session *rds_session)
-{
-	const char *params[] = {
-		"show",              "",
-		"verbosity",         "",
-		"hide-profile-info", NULL,
-		"oscap-version",     oscap_get_version(),
-		"pwd",               NULL,
-		NULL
-        };
-	return oscap_source_apply_xslt_path_mem(rds_session->source, "xccdf-report.xsl", params, oscap_path_to_xslt());
-}
diff --git a/src/DS/ds_sds_session.c b/src/DS/ds_sds_session.c
@@ -26,7 +26,6 @@
 
 #include "common/debug_priv.h"
 #include "common/oscap_acquire.h"
-#include "common/elements.h"
 #include "common/_error.h"
 #include "common/list.h"
 #include "common/oscapxml.h"
@@ -345,11 +344,6 @@ void ds_sds_session_configure_remote_resources(struct ds_sds_session *session, b
 	session->progress = (callback != NULL) ? callback : download_progress_empty_calllback;
 }
 
-void ds_sds_session_set_remote_resources(struct ds_sds_session *session, bool allowed, download_progress_calllback_t callback)
-{
-	ds_sds_session_configure_remote_resources(session, allowed, NULL, callback);
-}
-
 const char *ds_sds_session_local_files(struct ds_sds_session *session)
 {
 	return session->local_files;
@@ -370,21 +364,3 @@ download_progress_calllback_t ds_sds_session_remote_resources_progress(struct ds
 	return session->progress;
 }
 
-char *ds_sds_session_get_html_guide(struct ds_sds_session *session, const char *profile_id)
-{
-	const char *params[] = {
-		"show", "",
-		"verbosity", "",
-		"hide-profile-info", NULL,
-		"oscap-version", oscap_get_version(),
-		"pwd", NULL,
-		"profile_id", profile_id,
-		NULL
-	};
-	struct oscap_source *xccdf = oscap_htable_get(session->component_sources, session->checklist_id);
-	if (xccdf == NULL) {
-		oscap_seterr(OSCAP_EFAMILY_OSCAP, "Internal error: Could not acquire handle to '%s' source.", session->checklist_id);
-		return NULL;
-	}
-	return oscap_source_apply_xslt_path_mem(xccdf, "xccdf-guide.xsl", params, oscap_path_to_xslt());
-}
diff --git a/src/DS/public/ds_rds_session.h b/src/DS/public/ds_rds_session.h
@@ -120,6 +120,5 @@ OSCAP_API int ds_rds_session_replace_report_with_source(struct ds_rds_session *s
  * @param rds_session The ds_rds_session to build HTML from
  * @returns a buffer of HTML content that should be freed by the caller
  */
-OSCAP_API char *ds_rds_session_get_html_report(struct ds_rds_session *rds_session);
 
 #endif
diff --git a/src/DS/public/ds_sds_session.h b/src/DS/public/ds_sds_session.h
@@ -192,16 +192,6 @@ OSCAP_API int ds_sds_session_set_target_dir(struct ds_sds_session *session, cons
  */
 OSCAP_API void ds_sds_session_reset(struct ds_sds_session *session);
 
-/**
- * Set property of remote content.
- * @memberof ds_sds_session
- * @param session The Source DataStream Session
- * @param allowed Whether is download of remote resources allowed in this session (defaults to false)
- * @param callback used to notify user about download proceeds. This might be safely set
- * to NULL -- ignoring user notification.
- */
-OSCAP_API OSCAP_DEPRECATED(void ds_sds_session_set_remote_resources(struct ds_sds_session *session, bool allowed, download_progress_calllback_t callback));
-
 /**
  * Set property of remote content.
  * @memberof ds_sds_session
@@ -216,14 +206,4 @@ OSCAP_API OSCAP_DEPRECATED(void ds_sds_session_set_remote_resources(struct ds_sd
  */
 OSCAP_API void ds_sds_session_configure_remote_resources(struct ds_sds_session *session, bool allowed, const char *local_files, download_progress_calllback_t callback);
 
-/**
- * Returns HTML representation of selected checklist in form of OpenSCAP guide.
- * @memberof ds_sds_session
- * @param session The Source DataStream session to generate guide from
- * @param profile_id ID of XCCDF profile within selected checklist to
- * generate guide for
- * @returns a buffer of HTML content that should be freed by the caller
- */
-OSCAP_API char *ds_sds_session_get_html_guide(struct ds_sds_session *session, const char *profile_id);
-
 #endif
diff --git a/src/DS/public/scap_ds.h b/src/DS/public/scap_ds.h
@@ -165,7 +165,6 @@ OSCAP_API struct oscap_string_iterator* ds_stream_index_get_dictionaries(struct
  *
  * @memberof ds_stream_index
  */
-OSCAP_API struct oscap_string_iterator* ds_stream_index_get_extended_components(struct ds_stream_index* s);
 
 /**
  * @struct ds_sds_index

diff --git a/src/DS/rds.c b/src/DS/rds.c
@@ -26,7 +26,6 @@
 
 #include "public/scap_ds.h"
 #include "public/oscap_text.h"
-#include "public/oscap.h"
 
 #include "common/_error.h"
 #include "common/util.h"

diff --git a/src/DS/rds_asset_index.c b/src/DS/rds_asset_index.c
@@ -24,13 +24,11 @@
 #include <config.h>
 #endif
 
-#include "public/oscap.h"
 #include "public/scap_ds.h"
 #include "public/oscap_text.h"
 
 #include "common/list.h"
 #include "common/_error.h"
-#include "common/elements.h"
 #include "rds_index_priv.h"
 
 #include <libxml/xmlreader.h>

diff --git a/src/DS/rds_index.c b/src/DS/rds_index.c
@@ -31,8 +31,7 @@
 #include "common/elements.h"
 #include "common/debug_priv.h"
 #include "rds_index_priv.h"
-#include "source/oscap_source_priv.h"
-#include "source/public/oscap_source.h"
+
 
 #include <libxml/xmlreader.h>
 #include <string.h>

diff --git a/src/DS/rds_report_index.c b/src/DS/rds_report_index.c
@@ -27,10 +27,8 @@
 #include "public/scap_ds.h"
 #include "common/list.h"
 #include "common/_error.h"
-#include "common/elements.h"
 #include "rds_index_priv.h"
-#include "source/oscap_source_priv.h"
-#include "source/public/oscap_source.h"
+
 
 #include <libxml/xmlreader.h>
 #include <string.h>

diff --git a/src/DS/rds_report_request_index.c b/src/DS/rds_report_request_index.c
@@ -27,10 +27,8 @@
 #include "public/scap_ds.h"
 #include "common/list.h"
 #include "common/_error.h"
-#include "common/elements.h"
 #include "rds_index_priv.h"
-#include "source/oscap_source_priv.h"
-#include "source/public/oscap_source.h"
+
 
 #include <libxml/xmlreader.h>
 #include <string.h>

diff --git a/src/DS/sds.c b/src/DS/sds.c
@@ -24,10 +24,8 @@
 #include <config.h>
 #endif
 
-#include "public/ds_sds_session.h"
 #include "public/scap_ds.h"
-#include "public/xccdf_benchmark.h"
-#include "public/oval_definitions.h"
+
 #include "public/oscap.h"
 #include "public/oscap_text.h"
 

diff --git a/src/DS/sds_index.c b/src/DS/sds_index.c
@@ -29,8 +29,7 @@
 #include "common/_error.h"
 #include "common/elements.h"
 #include "sds_index_priv.h"
-#include "source/oscap_source_priv.h"
-#include "source/public/oscap_source.h"
+
 
 #include <libxml/xmlreader.h>
 #include <string.h>
@@ -113,11 +112,6 @@ struct oscap_string_iterator* ds_stream_index_get_dictionaries(struct ds_stream_
 	return oscap_iterator_new((struct oscap_list*)s->dictionary_components);
 }
 
-struct oscap_string_iterator* ds_stream_index_get_extended_components(struct ds_stream_index* s)
-{
-	return oscap_iterator_new((struct oscap_list*)s->extended_components);
-}
-
 static struct ds_stream_index* ds_stream_index_parse(xmlTextReaderPtr reader)
 {
 	// sanity check