You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[ Results of tests printed to stdout ]
...
XPath error : Memory allocation failed : growing nodeset hit limit
growing nodeset hit limit
^
runtime error: file /usr/share/openscap/xsl/xccdf-report.xsl line 91 element value-of
XPath evaluation returned no result.
OpenSCAP Error: Could not apply XSLT /usr/share/openscap/xsl/xccdf-report.xsl to XML file: oscap-results.xml [/builddir/build/BUILD/openscap-1.3.8/src/source/xslt.c:183]
Expected Results:
Successful completion, and a HTML report.
Additional Information / Debugging Steps:
The eval works when NOT using the "--report oscap-results.html" switch.
The eval works when generating the HTML report, AND when running a customized profile with--
xccdf_org.ssgproject.content_rule_no_files_unowned_by_user selected="false"
xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned selected="false"
In my quick research I don't find that much can be done about the libxml2 limit. I think that the oscap html report writer needs to shield itself from this underlying limit.
Thanks! Andrew
The text was updated successfully, but these errors were encountered:
Description of Problem:
"oscap xccdf eval" fails on a system with a large number of files (> 1_350_000) when producing a HTML report.
I am pretty sure this is really an issue in libxml2, but impacts oscap, when generating the html report
See https://stackoverflow.com/questions/40159864/getting-memory-allocation-failed-growing-nodeset-hit-limit-with-xml2-package
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.3.8
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
Operating System & Version:
Red Hat Enterprise Linux release 8.9 (Ootpa)
Steps to Reproduce:
Actual Results:
[ Results of tests printed to stdout ]
...
XPath error : Memory allocation failed : growing nodeset hit limit
growing nodeset hit limit
^
runtime error: file /usr/share/openscap/xsl/xccdf-report.xsl line 91 element value-of
XPath evaluation returned no result.
OpenSCAP Error: Could not apply XSLT /usr/share/openscap/xsl/xccdf-report.xsl to XML file: oscap-results.xml [/builddir/build/BUILD/openscap-1.3.8/src/source/xslt.c:183]
Expected Results:
Successful completion, and a HTML report.
Additional Information / Debugging Steps:
The eval works when NOT using the "--report oscap-results.html" switch.
The eval works when generating the HTML report, AND when running a customized profile with--
xccdf_org.ssgproject.content_rule_no_files_unowned_by_user selected="false"
xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned selected="false"
In my quick research I don't find that much can be done about the libxml2 limit. I think that the oscap html report writer needs to shield itself from this underlying limit.
Thanks! Andrew
The text was updated successfully, but these errors were encountered: