Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount_option_* References an Undefined CPE Check #10440

Closed
Mab879 opened this issue Apr 6, 2023 · 0 comments · Fixed by #10442
Closed

mount_option_* References an Undefined CPE Check #10440

Mab879 opened this issue Apr 6, 2023 · 0 comments · Fixed by #10442
Assignees
@Mab879
Labels
BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax Infrastructure Our content build system
Milestone
0.1.67

Comments

@Mab879
Copy link
Member

Mab879 commented Apr 6, 2023

Description of problem:

The removal of CPE checks in #10431 seems to be premature as it is causing some errors.

SCAP Security Guide Version:

9c26f77

Operating System Version:

RHEL 9.2

Most likely others as well

Steps to Reproduce:

$ oscap xccdf eval --progress --profile '(all)' --rule xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid ssg-rhel9-ds.xml 
xccdf_org.ssgproject.content_rule_mount_option_var_tmp_nosuid:notapplicable
OpenSCAP Error: No definition with ID: oval:ssg-installed_env_mount_var-tmp:def:1 in definition model. [/builddir/build/BUILD/openscap-1.3.7/src/OVAL/results/oval_resultSystem.c:388]
No definition with ID: oval:ssg-installed_env_mount_var-tmp:def:1 in result model. [/builddir/build/BUILD/openscap-1.3.7/src/OVAL/oval_agent.c:202]

Actual Results:

Return notapplicable with errors.

Expected Results:

Returns notapplicable with no errors

Additional Information/Debugging Steps:

Automatus will pass these checks as well.

mount_option_tmp_nodev is just one example.
@Mab879 Mab879 added the BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax label Apr 6, 2023
@Mab879 Mab879 added this to the 0.1.67 milestone Apr 6, 2023
@Mab879 Mab879 changed the title mount_option_* Eeferences an Undefined CPE check mount_option_* References an Undefined CPE check Apr 6, 2023
@Mab879 Mab879 self-assigned this Apr 6, 2023
Mab879 added a commit to Mab879/content that referenced this issue Apr 6, 2023
@Mab879
Remove platform_mount to cpe-oval vs oval
e377ff3 
Just using OVAL will cause issues, see ComplianceAsCode#10440.

Fixes ComplianceAsCode#10440
Mab879 added a commit to Mab879/content that referenced this issue Apr 6, 2023
@Mab879
Move template platform_mount to use cpe-oval from oval
06b77dd 
Just using OVAL will cause issues, see ComplianceAsCode#10440.

Fixes ComplianceAsCode#10440
@Mab879 Mab879 mentioned this issue Apr 6, 2023
Merged
Mab879 added a commit to Mab879/content that referenced this issue Apr 6, 2023
@Mab879
Move template platform_mount to use cpe-oval from oval
74296a8 
Just using OVAL will cause issues, see ComplianceAsCode#10440.

Fixes ComplianceAsCode#10440
@Mab879 Mab879 mentioned this issue Apr 6, 2023
Merged
@evgenyz evgenyz mentioned this issue Apr 7, 2023
Open
@Mab879 Mab879 changed the title mount_option_* References an Undefined CPE check mount_option_* References an Undefined CPE Check Apr 7, 2023
@Mab879 Mab879 added the Infrastructure Our content build system label Apr 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mab879 Mab879

Labels
BLOCKER Impediments to release, like failure to build content, or content built is out of standard's syntax Infrastructure Our content build system
Projects
None yet
Milestone
0.1.67
Development

Successfully merging a pull request may close this issue.

Move template platform_mount to use cpe-oval from oval Mab879/content
1 participant
@Mab879