From 953ecd912b30e2988744c236d786c6640a091e2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
Date: Tue, 20 Jun 2023 15:04:59 +0200
Subject: [PATCH] Fix issues when parsing profiles

When there is no white space between `<xccdf:select>` elements in
a profile in a benchmark, or in a custom profile in a tailoring,
every odd element was ignored because the XML node was skipped
by OpenSCAP when parsing.

This is caused by the situation that `xmlTextReaderRead` in
`oscap_to_start_element` in `xccdf_parse_remarks` jumps to the
next node but then `xmlTextReaderRead` at the end of the
`while loop` in `xccdf_profile_parse` jumps again to the next node.
If there is a white space node in between the element nodes, this
works fine, but if there is no node in between, an element gets
skipped.

The commit also adds some unit tests:
- `test_no_newline_between_select_elements` checks if no elements are
  skipped when parsing `<xccdf:select>` elements within `<xccdf:Profile>`
  elements
- `test_single_line_tailoring` checks if a tailoring file with no newlines
  between XML elements is processed correctly.

This is related to #1817.
---
 src/XCCDF/profile.c                           |  3 +-
 tests/API/XCCDF/unittests/CMakeLists.txt      |  2 +
 ...test_no_newline_between_select_elements.sh | 15 +++
 ...est_no_newline_between_select_elements.xml | 81 +++++++++++++++
 .../unittests/test_single_line_tailoring.sh   | 16 +++
 .../test_single_line_tailoring.tailoring.xml  |  1 +
 .../unittests/test_single_line_tailoring.xml  | 99 +++++++++++++++++++
 7 files changed, 216 insertions(+), 1 deletion(-)
 create mode 100755 tests/API/XCCDF/unittests/test_no_newline_between_select_elements.sh
 create mode 100644 tests/API/XCCDF/unittests/test_no_newline_between_select_elements.xml
 create mode 100755 tests/API/XCCDF/unittests/test_single_line_tailoring.sh
 create mode 100644 tests/API/XCCDF/unittests/test_single_line_tailoring.tailoring.xml
 create mode 100644 tests/API/XCCDF/unittests/test_single_line_tailoring.xml

diff --git a/src/XCCDF/profile.c b/src/XCCDF/profile.c
index 115434032f0..a50b838aca7 100644
--- a/src/XCCDF/profile.c
+++ b/src/XCCDF/profile.c
@@ -287,14 +287,15 @@ struct xccdf_item *xccdf_profile_parse(xmlTextReaderPtr reader, struct xccdf_ite
 			}
 		case XCCDFE_SET_VALUE:{
 				oscap_list_add(prof->sub.profile.setvalues, xccdf_setvalue_new_parse(reader));
+				xmlTextReaderRead(reader);
 				break;
 			}
 		default:
 			if (!xccdf_item_process_element(prof, reader))
 				dW("Encountered an unknown element '%s' while parsing XCCDF profile.",
 				   xmlTextReaderConstLocalName(reader));
+			xmlTextReaderRead(reader);
 		}
-		xmlTextReaderRead(reader);
 	}
 
 	return prof;
diff --git a/tests/API/XCCDF/unittests/CMakeLists.txt b/tests/API/XCCDF/unittests/CMakeLists.txt
index a1c7da67ff4..c9c507791ce 100644
--- a/tests/API/XCCDF/unittests/CMakeLists.txt
+++ b/tests/API/XCCDF/unittests/CMakeLists.txt
@@ -106,3 +106,5 @@ add_oscap_test("test_generate_fix_ansible_vars.sh")
 add_oscap_test("test_xccdf_requires_conflicts.sh")
 add_oscap_test("test_results_hostname.sh")
 add_oscap_test("test_skip_rule.sh")
+add_oscap_test("test_no_newline_between_select_elements.sh")
+add_oscap_test("test_single_line_tailoring.sh")
diff --git a/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.sh b/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.sh
new file mode 100755
index 00000000000..59b38e78ae1
--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+. $builddir/tests/test_common.sh
+
+set -e
+set -o pipefail
+
+stdout=$(mktemp)
+
+$OSCAP xccdf eval --progress --profile "xccdf_com.example.www_profile_test" "$srcdir/test_no_newline_between_select_elements.xml" > "$stdout" || true
+
+# test if both rules selected in the profile were evaluated
+grep -q "xccdf_com.example.www_rule_first:pass" "$stdout"
+grep -q "xccdf_com.example.www_rule_second:fail" "$stdout"
+
+rm -f "$stdout"
diff --git a/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.xml b/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.xml
new file mode 100644
index 00000000000..ad8eaa95b4c
--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_no_newline_between_select_elements.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.2">
+  <ds:data-stream id="scap_org.open-scap_datastream_from_xccdf_test_single_rule.xccdf.xml" scap-version="1.2" use-case="OTHER">
+    <ds:checklists>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
+        <cat:catalog>
+          <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
+        </cat:catalog>
+      </ds:component-ref>
+    </ds:checklists>
+    <ds:checks>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
+    </ds:checks>
+  </ds:data-stream>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2017-06-09T09:15:45">
+    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="false" xml:lang="en-US">
+      <status>accepted</status>
+      <version>1.0</version>
+      <Profile id="xccdf_com.example.www_profile_test">
+        <title>xccdf_test_profile</title>
+        <description>This profile is for testing.</description>
+        <select idref="xccdf_com.example.www_rule_first" selected="true"/><select idref="xccdf_com.example.www_rule_second" selected="true"/>
+      </Profile>
+      <Rule selected="false" id="xccdf_com.example.www_rule_first">
+        <title>This rule always pass</title>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="false" id="xccdf_com.example.www_rule_second">
+        <title>This rule always fails</title>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:2"/>
+        </check>
+      </Rule>
+    </Benchmark>
+  </ds:component>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2017-06-09T07:07:38">
+    <oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd    http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd   http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
+      <generator>
+        <oval:schema_version>5.11</oval:schema_version>
+        <oval:timestamp>2009-01-12T10:41:00-05:00</oval:timestamp>
+      </generator>
+      <definitions>
+        <definition class="compliance" id="oval:x:def:1" version="1">
+          <metadata>
+            <title>PASS</title>
+            <description>pass</description>
+          </metadata>
+          <criteria>
+            <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
+          </criteria>
+        </definition>
+        <definition class="compliance" id="oval:x:def:2" version="1">
+          <metadata>
+            <title>PASS</title>
+            <description>pass</description>
+          </metadata>
+          <criteria>
+            <criterion negate="true" comment="PASS test" test_ref="oval:x:tst:1"/>
+          </criteria>
+        </definition>
+      </definitions>
+      <tests>
+        <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
+          <object object_ref="oval:x:obj:1"/>
+        </variable_test>
+      </tests>
+      <objects>
+        <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
+          <var_ref>oval:x:var:1</var_ref>
+        </variable_object>
+      </objects>
+      <variables>
+        <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="int">
+          <value>100</value>
+        </constant_variable>
+      </variables>
+    </oval_definitions>
+  </ds:component>
+</ds:data-stream-collection>
diff --git a/tests/API/XCCDF/unittests/test_single_line_tailoring.sh b/tests/API/XCCDF/unittests/test_single_line_tailoring.sh
new file mode 100755
index 00000000000..9e0f5a6c96a
--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_single_line_tailoring.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+. $builddir/tests/test_common.sh
+
+set -e
+set -o pipefail
+
+result=$(mktemp)
+
+$OSCAP xccdf eval --profile "xccdf_com.example.www_profile_custom" --results "$result" --tailoring-file "$srcdir/test_single_line_tailoring.tailoring.xml" "$srcdir/test_single_line_tailoring.xml"
+
+assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]'
+assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="notselected"]'
+assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
+assert_exists 1 '//rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
+
+rm -f "$result"
diff --git a/tests/API/XCCDF/unittests/test_single_line_tailoring.tailoring.xml b/tests/API/XCCDF/unittests/test_single_line_tailoring.tailoring.xml
new file mode 100644
index 00000000000..3bada781428
--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_single_line_tailoring.tailoring.xml
@@ -0,0 +1 @@
+<xccdf-1.2:Tailoring xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" id="xccdf_auto_tailoring_default"><xccdf-1.2:benchmark href="file:///home/jcerny/work/git/openscap/tests/API/XCCDF/unittests/tests/API/XCCDF/unittests/test_single_line_tailoring.xml" /><xccdf-1.2:version time="2023-06-20T13:57:09.735106">1</xccdf-1.2:version><xccdf-1.2:Profile id="xccdf_com.example.www_profile_custom" extends="xccdf_com.example.www_profile_P1"><xccdf-1.2:title override="false" /><xccdf-1.2:select idref="xccdf_com.example.www_rule_R2" selected="false" /><xccdf-1.2:select idref="xccdf_com.example.www_rule_R3" selected="false" /><xccdf-1.2:select idref="xccdf_com.example.www_rule_R4" selected="false" /></xccdf-1.2:Profile></xccdf-1.2:Tailoring>
diff --git a/tests/API/XCCDF/unittests/test_single_line_tailoring.xml b/tests/API/XCCDF/unittests/test_single_line_tailoring.xml
new file mode 100644
index 00000000000..a9e112a8717
--- /dev/null
+++ b/tests/API/XCCDF/unittests/test_single_line_tailoring.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3" xsi:schemaLocation="http://scap.nist.gov/schema/scap/source/1.2 https://scap.nist.gov/schema/scap/1.3/scap-source-data-stream_1.3.xsd">
+  <ds:data-stream id="scap_org.open-scap_datastream_simple" scap-version="1.3" use-case="OTHER">
+    <ds:checklists>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
+        <cat:catalog>
+          <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
+        </cat:catalog>
+      </ds:component-ref>
+    </ds:checklists>
+    <ds:checks>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
+    </ds:checks>
+  </ds:data-stream>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2021-02-01T08:07:06+01:00">
+    <oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd    http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
+      <generator>
+        <oval:schema_version>5.11.2</oval:schema_version>
+        <oval:timestamp>2021-02-01T08:07:06+01:00</oval:timestamp>
+      </generator>
+      <definitions>
+        <definition class="compliance" id="oval:x:def:1" version="1">
+          <metadata>
+            <title>PASS</title>
+            <description>pass</description>
+          </metadata>
+          <criteria>
+            <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
+          </criteria>
+        </definition>
+      </definitions>
+      <tests>
+        <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
+          <object object_ref="oval:x:obj:1"/>
+        </variable_test>
+      </tests>
+      <objects>
+        <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
+          <var_ref>oval:x:var:1</var_ref>
+        </variable_object>
+      </objects>
+      <variables>
+        <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="int">
+          <value>100</value>
+        </constant_variable>
+      </variables>
+    </oval_definitions>
+  </ds:component>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2021-02-01T08:07:06+01:00">
+    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="false" xml:lang="en-US">
+      <status date="2021-01-21">accepted</status>
+      <title>Test Benchmark</title>
+      <description>Description</description>
+      <version>1.0</version>
+      <metadata>
+        <dc:contributor xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:contributor>
+        <dc:publisher xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:publisher>
+        <dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:creator>
+        <dc:source xmlns:dc="http://purl.org/dc/elements/1.1/">http://scap.nist.gov</dc:source>
+      </metadata>
+      <Profile id="xccdf_com.example.www_profile_P1">
+        <title>xccdf_test_profile</title>
+        <description>This profile is for testing.</description>
+        <select idref="xccdf_com.example.www_rule_R1" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R2" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R3" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R4" selected="true"/>
+      </Profile>
+      <Rule selected="false" id="xccdf_com.example.www_rule_R1">
+        <title>Rule R1</title>
+        <description>Description</description>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="false" id="xccdf_com.example.www_rule_R2">
+        <title>Rule R2</title>
+        <description>Description</description>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="false" id="xccdf_com.example.www_rule_R3">
+        <title>Rule R3</title>
+        <description>Description</description>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="false" id="xccdf_com.example.www_rule_R4">
+        <title>Rule R4</title>
+        <description>Description</description>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+    </Benchmark>
+  </ds:component>
+</ds:data-stream-collection>