def main():
args = parse_args()
env_yaml = ssg.yaml.open_environment(
args.build_config_yaml, args.product_yaml)
product = ssg.utils.required_key(env_yaml, "product")
product_dir = os.path.dirname(args.product_yaml)
relative_guide_dir = ssg.utils.required_key(env_yaml, "benchmark_root")
guide_dir = os.path.abspath(os.path.join(product_dir, relative_guide_dir))
# As fixes is continually updated, the last seen fix that is applicable for a
# given fix_name is chosen to replace newer fix_names
remediation_cls = remediation.REMEDIATION_TO_CLASS[args.remediation_type]
rule_id_to_remediation_map = collect_fixes(
product, guide_dir, args.fix_dirs, args.remediation_type)
fixes = dict()
for rule_id, fix_path in rule_id_to_remediation_map.items():
remediation_obj = remediation_cls(fix_path)
rule_path = os.path.join(args.resolved_rules_dir, rule_id + ".yml")
if os.path.isfile(rule_path):
remediation_obj.load_rule_from(rule_path)
# Fixes gets updated with the contents of the fix
# if it is applicable
remediation.process(remediation_obj, env_yaml, fixes, rule_id)
remediation.write_fixes_to_dir(fixes, args.remediation_type,
args.output_dir)
sys.stderr.write("Collected %d %s remediations.\n" % (len(fixes), args.remediation_type))
sys.exit(0)
def test_process_fix():
remediation_cls = sbr.REMEDIATION_TO_CLASS["bash"]
fixes = {}
env_yaml = dict(product="rhel7")
remediation_obj = remediation_cls(rhel_bash)
sbr.process(remediation_obj, env_yaml, fixes, "rule_dir")
assert 'rule_dir' in fixes
assert len(fixes['rule_dir']) == 2
do_test_contents(fixes['rule_dir'].contents, fixes['rule_dir'].config)
def process_remediation(rule, fix_path, lang, output_dirs, expected_file_name,
env_yaml, cpe_platforms):
remediation_cls = remediation.REMEDIATION_TO_CLASS[lang]
remediation_obj = remediation_cls(fix_path)
remediation_obj.associate_rule(rule)
fix = remediation.process(remediation_obj, env_yaml, cpe_platforms)
if fix:
output_file_path = os.path.join(output_dirs[lang], expected_file_name)
remediation.write_fix_to_file(fix, output_file_path)
def test_process_fix(env_yaml, cpe_platforms):
remediation_cls = sbr.REMEDIATION_TO_CLASS["bash"]
fixes = {}
remediation_obj = remediation_cls(rhel_bash)
result = sbr.process(remediation_obj, env_yaml, cpe_platforms)
assert result is not None
assert len(result) == 2
do_test_contents(result.contents, result.config)
def test_process_fix():
remediation_cls = sbr.REMEDIATION_TO_CLASS["bash"]
fixes = {}
env_yaml = dict(product="rhel7")
remediation_obj = remediation_cls(rhel_bash)
result = sbr.process(remediation_obj, env_yaml)
assert result is not None
assert len(result) == 2
do_test_contents(result.contents, result.config)