RHICOMPL-3348: Add Values to openscap parser

marleystipich2 · skateman · commit 0c0c10ffead0 · 2022-11-29T19:25:39.000+01:00
diff --git a/lib/openscap_parser.rb b/lib/openscap_parser.rb
@@ -7,6 +7,7 @@
 require 'openscap_parser/profiles'
 require 'openscap_parser/rules'
 require 'openscap_parser/groups'
+require 'openscap_parser/value_definitions'
 require 'openscap_parser/rule_results'
 require 'openscap_parser/tailorings'
 
diff --git a/lib/openscap_parser/benchmark.rb b/lib/openscap_parser/benchmark.rb
@@ -6,6 +6,7 @@
 require 'openscap_parser/profiles'
 require 'openscap_parser/rule_references'
 require 'openscap_parser/groups'
+require 'openscap_parser/value_definitions'
 
 # Mimics openscap-ruby Benchmark interface
 module OpenscapParser
@@ -15,6 +16,7 @@ class Benchmark < XmlNode
     include OpenscapParser::RuleReferences
     include OpenscapParser::Profiles
     include OpenscapParser::Groups
+    include OpenscapParser::ValueDefinitions
 
     def id
       @id ||= @parsed_xml['id']
diff --git a/lib/openscap_parser/value_definition.rb b/lib/openscap_parser/value_definition.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+module OpenscapParser
+  class ValueDefinition < XmlNode
+    include OpenscapParser::Util
+
+    def id
+      @id ||= parsed_xml['id']
+    end
+
+    def description
+      @description ||= newline_to_whitespace(parsed_xml.at_css('description')&.text)
+    end
+
+    def title
+      @title ||= parsed_xml.at_css('title')&.text
+    end
+
+    def type
+      @type ||= parsed_xml['type'] || 'string'
+    end
+
+    def lower_bound
+      @lower_bound ||= begin
+        lower_bound_element = parsed_xml.at_xpath("lower-bound[@selector='']") || parsed_xml.at_xpath('lower-bound[not(@selector)]')
+        lower_bound_element&.text
+      end
+    end
+
+    def upper_bound
+      @upper_bound ||= begin
+        upper_bound_element = parsed_xml.at_xpath("upper-bound[@selector='']") || parsed_xml.at_xpath('upper-bound[not(@selector)]')
+        upper_bound_element&.text
+      end
+    end
+
+    def default_value
+      # The default value is the value element with a empty or absent @selector
+      # If there is no value element with an empty or absent @selector, the first value in
+      # the top down processing shall be the default element
+      @default_value ||= begin
+        value_element = parsed_xml.at_xpath("value[@selector='']") || parsed_xml.at_xpath('value[not(@selector)]') || parsed_xml.xpath("value")[0]
+        value_element&.text
+      end
+    end
+
+    def to_h
+      {
+        :id => id,
+        :title => title,
+        :description => description,
+        :type => type,
+        :lower_bound => lower_bound,
+        :upper_bound => upper_bound,
+        :default_value => default_value
+      }
+    end
+  end
+end
diff --git a/lib/openscap_parser/value_definitions.rb b/lib/openscap_parser/value_definitions.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'openscap_parser/value_definition'
+
+module OpenscapParser
+  # Methods related to parsing values
+  module ValueDefinitions
+    def self.included(base)
+      base.class_eval do
+        def value_definitions
+          @value_definitions ||= value_definition_nodes.map do |vdn|
+            ValueDefinition.new(parsed_xml: vdn)
+          end
+        end
+
+        def value_definition_nodes(xpath = ".//Value")
+          xpath_nodes(xpath)
+        end
+      end
+    end
+  end
+end
diff --git a/test/fixtures/files/xccdf_report_with_conflicts_and_requires.xml b/test/fixtures/files/xccdf_report_with_conflicts_and_requires.xml
@@ -9199,7 +9199,10 @@ files installed on the system.</description>
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Integrity Scan Notification Email Address</title>
             <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Specify the email address for designated personnel if baseline
 configurations are changed in an unauthorized manner.</description>
-            <value>root@localhost</value>
+            <value selector='5345'>51882M</value>
+            <value selector="512M">212M</value>
+            <value selector="5435">1G</value>
+            <value selector='5345'>512M</value>
           </Value>
           <Group id="xccdf_org.ssgproject.content_group_rpm_verification">
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Verify Integrity with RPM</title>
@@ -11840,15 +11843,15 @@ Currently the supported backends are:
 <html:ul xmlns:html="http://www.w3.org/1999/xhtml"><html:li>GnuTLS library</html:li><html:li>OpenSSL library</html:li><html:li>NSS library</html:li><html:li>OpenJDK</html:li><html:li>Libkrb5</html:li><html:li>BIND</html:li><html:li>OpenSSH</html:li></html:ul>
 Applications and languages which rely on any of these backends will follow the
 system policies as well. Examples are apache httpd, nginx, php, and others.</description>
-          <Value id="xccdf_org.ssgproject.content_value_var_ssh_client_rekey_limit_size" type="string" interactive="true">
+          <Value id="xccdf_org.ssgproject.content_value_var_ssh_client_rekey_limit_size" interactive="true">
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">SSH client RekeyLimit - size</title>
             <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Specify the size component of the rekey limit. This limit signifies amount
 of data. After this amount of data is transferred through the connection,
 the session key is renegotiated. The number is followed by K, M or G for
 kilobytes, megabytes or gigabytes. Note that the RekeyLimit can be also
 configured according to elapsed time.</description>
             <value>512M</value>
-            <value selector="512M">512M</value>
+            <value selector="512M">513M</value>
             <value selector="1G">1G</value>
           </Value>
           <Value id="xccdf_org.ssgproject.content_value_var_ssh_client_rekey_limit_time" type="string" interactive="true">
@@ -11857,18 +11860,18 @@ configured according to elapsed time.</description>
 renegotiated after the defined amount of time passes. The number is followed
 by units such as H or M for hours or minutes. Note that the RekeyLimit can
 be also configured according to amount of transfered data.</description>
-            <value>1h</value>
+            <value selector="3hour">3h</value>
             <value selector="1hour">1h</value>
           </Value>
           <Value id="xccdf_org.ssgproject.content_value_var_system_crypto_policy" type="string">
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">The system-provided crypto policies</title>
             <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Specify the crypto policy for the system.</description>
-            <value>DEFAULT</value>
-            <value selector="default_policy">DEFAULT</value>
+            <value selector="default_policy">DEFAULT2</value>
             <value selector="default_nosha1">DEFAULT:NO-SHA1</value>
             <value selector="fips">FIPS</value>
             <value selector="fips_ospp">FIPS:OSPP</value>
             <value selector="legacy">LEGACY</value>
+            <value selector="">DEFAULT</value>
             <value selector="future">FUTURE</value>
             <value selector="next">NEXT</value>
           </Value>
@@ -12227,10 +12230,14 @@ VirusScan Enterprise for Linux (VSEL) is required to be installed on all systems
               <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">The age of McAfee defintion file before requiring updating</title>
               <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Specify the amount of time (in seconds) before McAfee definition files need to be
 updated.</description>
-              <value>2592000</value>
-              <value selector="1_day">86400</value>
+              <value selector="1_day">2592000</value>
+              <value selector="2_day">86400</value>
               <value selector="1_week">604800</value>
-              <value selector="30_days">2592000</value>
+              <value selector="30_days">2592001</value>
+              <lower-bound>0</lower-bound>
+              <lower-bound selector="1_day">1</lower-bound>
+              <upper-bound>40000000</upper-bound>
+              <upper-bound selector="1_day">70000000</upper-bound>
             </Value>
             <Rule id="xccdf_org.ssgproject.content_rule_service_nails_enabled" selected="false" role="full" severity="medium">
               <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Enable nails Service</title>
@@ -16249,10 +16256,9 @@ the man page <html:code xmlns:html="http://www.w3.org/1999/xhtml">dconf(1)</html
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Screensaver Inactivity timeout</title>
             <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Choose allowed duration (in seconds) of inactive graphical sessions</description>
             <value selector="10_minutes">600</value>
-            <value selector="15_minutes">900</value>
+            <value selector="15_minutes">901</value>
             <value selector="30_minutes">1800</value>
             <value selector="5_minutes">300</value>
-            <value>900</value>
           </Value>
           <Value id="xccdf_org.ssgproject.content_value_var_screensaver_lock_delay" type="number">
             <title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Screensaver Lock Delay</title>
diff --git a/test/openscap_parser/test_result_file_test.rb b/test/openscap_parser/test_result_file_test.rb
@@ -182,6 +182,36 @@ def setup
       end
     end
 
+    context 'value_definitions' do
+      test 'value_description' do
+        assert_match(/^Specify the email address for designated personnel if baseline configurations are changed in an unauthorized manner./,
+                     @test_result_file2.benchmark.value_definitions.first.description)
+      end
+
+      test 'type' do
+        assert_equal("string", @test_result_file2.benchmark.value_definitions[0].type)
+        assert_equal("string", @test_result_file2.benchmark.value_definitions[1].type)
+        assert_equal("number", @test_result_file2.benchmark.value_definitions[4].type)
+      end
+
+      test 'lower bound' do
+        assert_equal(nil, @test_result_file2.benchmark.value_definitions[0].lower_bound)
+        assert_equal("0", @test_result_file2.benchmark.value_definitions[4].lower_bound)
+      end
+
+      test 'upper bound' do
+        assert_equal(nil, @test_result_file2.benchmark.value_definitions[0].upper_bound)
+        assert_equal("40000000", @test_result_file2.benchmark.value_definitions[4].upper_bound)
+      end
+
+      test 'default value' do
+        assert_equal("51882M", @test_result_file2.benchmark.value_definitions[0].default_value)
+        assert_equal("512M", @test_result_file2.benchmark.value_definitions[1].default_value)
+        assert_equal("3h", @test_result_file2.benchmark.value_definitions[2].default_value)
+        assert_equal("DEFAULT", @test_result_file2.benchmark.value_definitions[3].default_value)
+      end
+    end
+
     context 'rule_references' do
       test 'rule references' do
         rule = @test_result_file.benchmark.rules.find do |r|
