[WIP] Compose SCAP 1.3 DataStreams

[yuumasato]

This is a very early and rough patch to update openscap to compose SCAP 1.3 compliant Data Streams.

What this PR does for now:

• When a check-content-ref's href attribute is a supported URL (i.e.: http:// or https://)
  • Add a uri entry in the Benchmarks component-ref catalog, but don't include its contents in DS
  • Add a component-ref to datastream's <ds:checks>

What it needs to do:

• Get the path from the URL and generate the component name and uri.
• oscap_source_new_from_url not sure if makes sense to implement it.

Related to ComplianceAsCode/content#4302

[jan-cerny]

This is suspicious for me. Is it remote when the file path starts with "com."?

Also, ds_sds_compose_add_component_source_with_ref is called from ds_sds_compose_add_component_with_ref which is called from ds_sds_compose_add_component which is used when composing datastreams.
What if I have a local file com.example.xml in current working directory and I run this:
oscap ds sds-compose com.example.xml ds.xml

[yuumasato]

Is it remote when the file path starts with "com."?

No. I just used a hardcoded string, and a dumb match to it just to see how the output would lookl ike. This PR is very rough, take it with a grain of salt, :)

[jan-cerny]

Does this mean after this change it will get included?

[yuumasato]

Not the contents, just a component-ref in the <ds:checks> that will reference the remote content, and a <uri> in each Benchmark component that uses the remote resource.

[jan-cerny]

I don't understand. If content references any remote content from anywhere, will it always get replaced by RHEL 7 RHSA? Hard coding anything here seems suspicious.

[yuumasato]

I was just lazy to implement a URL parser before I could test that this is a good approach.

[jan-cerny]

I think we will need a test for this.

[evgenyz]

We are not using OpenSCAP to compose DS anymore. Closing.