-
Notifications
You must be signed in to change notification settings - Fork 15
/
check_test_requirements.py
30 lines (25 loc) · 1.21 KB
/
check_test_requirements.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import lxml.etree
# Check for rules that use tests that won't work on Ubuntu and print their IDs.
unsupported_tests = (
"{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}rpminfo_test",
"{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}rpmverifyfile_test",
"{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}runlevel_test",
)
xccdf = lxml.etree.parse("ubuntu-xccdf.xml")
oval = lxml.etree.parse("ssg-rhel6-oval.xml")
# Get a list of selected rules.
selected_rules = set()
for rule in xccdf.findall("//{http://checklists.nist.gov/xccdf/1.2}select"):
selected_rules.add(rule.get("idref"))
# Loop through the rules.
for rule in xccdf.findall('//{http://checklists.nist.gov/xccdf/1.2}Rule'):
if rule.get("id") not in selected_rules: continue
for check in rule.findall('.//{http://checklists.nist.gov/xccdf/1.2}check-content-ref'):
name = check.get("name")
href = check.get("href")
definition = oval.find("//*[@id='" + name + "']")
if definition is None: continue
for criterion in definition.findall('.//{http://oval.mitre.org/XMLSchema/oval-definitions-5}criterion'):
test = oval.find("//*[@id='" + criterion.get("test_ref") + "']")
if test.tag in unsupported_tests:
print (rule.get("id"))