def _ensure_by_xccdf_referenced_oval_def_is_defined_in_oval_file(
self, indexed_oval_defs):
# Ensure all OVAL checks referenced by XCCDF are implemented in OVAL file
# Drop the reference from XCCDF to OVAL definition if:
# * Particular OVAL definition isn't present in OVAL file,
# * That OVAL definition doesn't constitute a remote OVAL
# (@href of <check-content-ref> doesn't start with 'http'
for xccdfid, rule in rules_with_ids_generator(self.xccdftree):
# Search OVAL ID in OVAL document
ovalid = indexed_oval_defs.get(xccdfid)
if ovalid is not None:
# The OVAL check was found, we can continue
continue
for check in rule.findall(".//{%s}check" % (xccdf_ns)):
if check.get("system") != oval_cs:
continue
if ssgcommon.get_check_content_ref_if_exists_and_not_remote(
check) is None:
continue
# For local OVAL drop the reference to OVAL definition from XCCDF document
# in the case:
# * OVAL definition is referenced from XCCDF file,
# * But not defined in OVAL file
print("WARNING: OVAL check '{0}' was not found, removing "
"<check-content> element from the XCCDF rule.".format(
xccdfid),
file=sys.stderr)
rule.remove(check)
def link_xccdf(self):
for check in self.checks_related_to_us:
checkcontentref = ssgcommon.get_check_content_ref_if_exists_and_not_remote(
check)
if checkcontentref is None:
continue
checkexports = check.findall("./{%s}check-export" % xccdf_ns)
self._link_xccdf_checkcontentref(checkcontentref, checkexports)
def _get_fnames_from_related_checks(self):
checkfiles = set()
for check in self.checks_related_to_us:
# Include the file in the particular check system only if it's NOT
# a remotely located file (to allow OVAL checks to reference http://
# and https:// formatted URLs)
checkcontentref = ssgcommon.get_check_content_ref_if_exists_and_not_remote(
check)
if checkcontentref is not None:
checkfiles.add(checkcontentref.get("href"))
return checkfiles