BUG: Importing SCAP for Windows Server 2016/2019 error #275
Comments
|
Curious. Which SCAP engine produced these results? The XCCDF standard does not require that property, but the SCC tool has always included it, at least up through this winter. SCC is the tool I've written our parser against. If possible, please look into the XCCDF content for instances of the It looks like the parser did not expect either of these elements to be missing. I can fix that, but I'd like to understand the toolchain that produced an XCCDF without one or more of these elements. Thank you. |
|
@18gold Also, please provide the version of STIG Manager you're using. The latest release actually regressed a bit in supporting XCCDF so the fact you got as far as you did suggests you might not be using 1.0.0-beta.30? I've been refactoring the parsers to cope with the nuances of CKL processing and I know that XCCDF support has regressed. I intend to deal with that the next day or so. There are some challenges matching SCAP to Manual STIGs because very often the Manual |
|
@csmig I looked into the XCCDF file and the formatting is a bit different than the supposedly expected element you suggested above. Could be causing the issue: |
|
@18gold Thanks for the very helpful info. One more question -- do results from other Benchmarks import okay for you? The error you got suggests at least one of the Annoyingly, this is really not a critical element for us to process, it is informational. I'm rearchitecting SCAP handling this next week so this will work properly soon. Very much appreciate your report. |
|
Hi @18gold I can't recreate this issue with files generated by SCC 5.4, either in our latest STIGMan or the one you specified. Are you having this issue with every XCCDF file you try to import, or just this one? Can you verify that the XML element you provided was from within a |
|
@csmig yes, other Benchmarks import okay. Only Windows Server 2016/2019 are erroring. @cd-rite We've only had issues specifically with Windows Server 2016/2019 Benchmarks. I'm linking the element from the last section of the file I last tried. |
|
I would like to understand why there are missing elements, even if I can code around around them. Perhaps you could share a redacted version of your file? To assist with that, here is an XSLT that redacts an XCCDF TestResult, removing any target identifying info and setting all results to redact-scc.xsltYou'll need an XSLT processor, there are many choices depending on your platform. I used
If possible, please run this transform against a file that is not importing and attach the redacted result. You'll need to change the extension to TXT. Thanks for any further assistance you can provide. |
* feat: Collection export management (NUWCDIVNPT#169) * fix: case-insensitive filename matching (NUWCDIVNPT#192) * fix: Improved output when importing STIG XML (NUWCDIVNPT#192) * doc: Show Export CKLs in screenshots * chore: Bump release to 1.0.0-beta.22 * adjust path to docker readme (NUWCDIVNPT#196) * doc: Added some documentation about new .ckl archive export feature. (NUWCDIVNPT#203) * removed some todos * stig archive export feature * feat: name-match params and duplicate handling (NUWCDIVNPT#204) * feat: case-sensitive collation for benchmarkId in MySQL (NUWCDIVNPT#206) * Common tasks elaboration, other edits (NUWCDIVNPT#208) * feat: progress bar styling (NUWCDIVNPT#209) * feat: UI shows collectionId (NUWCDIVNPT#210) * fix: remove hard-coded reference to schema (NUWCDIVNPT#211) * chore: Bump release to 1.0.0-beta.23 * fix: reduce deadlock potential (NUWCDIVNPT#216) * api links (NUWCDIVNPT#219) * build(deps): bump y18n from 3.2.1 to 3.2.2 in /api/source Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/yargs/y18n/releases) - [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md) - [Commits](https://github.com/yargs/y18n/commits) Signed-off-by: dependabot[bot] <support@github.com> * doc: Added a little more about .ckl and data handling (NUWCDIVNPT#223) * just rst changes * sphinx generation * fix: Exports on multiple reports (NUWCDIVNPT#224) * Multiple fixes and features (NUWCDIVNPT#225) * feat: return 401 when no token provided * feat: home-widget-bwrap * fix: collectionReview buttons * fix: deadlock prevention status updates * chore: Bump release to 1.0.0-beta.24 * fix: fetch STIG/SCAP if configured at bootstrap (NUWCDIVNPT#227) Fixes NUWCDIVNPT#213 * Multiple fix and features (NUWCDIVNPT#228) * feat: CKL parser retains empty comments * feat: enable accept when selections include accept * fix: review form button behaviors, etc. (NUWCDIVNPT#215) * chore: remove unused oracledb dependency (NUWCDIVNPT#229) * chore: remove unused oracledb dependency * Remove unused require * chore: Bump release to 1.0.0-beta.25 * feat: Manage Assets -> multi-delete (NUWCDIVNPT#232), columns (NUWCDIVNPT#236) * fix: include promisfied confirm (NUWCDIVNPT#237) * build(deps): bump urllib3 from 1.26.3 to 1.26.4 in /docs (NUWCDIVNPT#238) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@1.26.3...1.26.4) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * doc: updates regarding ckl -> stigman field mappings, clients folder when running from source (NUWCDIVNPT#241) doc: updates regarding ckl -> stigman field mappings, clients folder when running from source * feat: Tooltips for Review labels and headers (NUWCDIVNPT#240) (NUWCDIVNPT#242) * feat: mercury-medium color is more blue (NUWCDIVNPT#243) * fix: sticky bit for world-writable dirs created by npm (NUWCDIVNPT#245) * chore: Bump release to 1.0.0-beta.26 * fix: increased length of asset name,ip,mac,fqdn and allow more nulls (NUWCDIVNPT#251) * added maxLength properties of 255 for ip, mac, asset name, and fqdn; added nullable:true for collection description properties * removed vtype specification for ip address, as we will no longer be validating ip address field. * Added migration file to alter varchar sizes for asset ip, mac, and name * fix: batch import continues on error, refreshes grids (NUWCDIVNPT#252) * feat: Ext.LoadMask looks for store.smMaskDelay (NUWCDIVNPT#254) * chore: Bump release to 1.0.0-beta.27 * fix: log servicename if present (NUWCDIVNPT#198) * fix: Attach => Assign STIG (NUWCDIVNPT#118) * fix: response schema for /opt/configuration (NUWCDIVNPT#147) * fix: create date is not ISO8601 UTC (NUWCDIVNPT#189) * fix: handle property chains with hyphens (NUWCDIVNPT#257) * fix: cast userId as char (NUWCDIVNPT#249) * feat: format roles claim with bracket notation and optional chaining (NUWCDIVNPT#190) * fix: SET NAME to utf8mb4 encoding (NUWCDIVNPT#262) * fix: New/Delete => Assign/Unassign (NUWCDIVNPT#261) * fix: New/Delete => Assign/Unassign (NUWCDIVNPT#118) * dump docker logs on failure or cancellation * fix: Filter members only on .xml extension (NUWCDIVNPT#260) * Removed attempts to filter STIG processing based on filename, since they do not seem to follow any reliable convention. Restricted error responses to just parser error message (removed stack trace portion so it does not show up in user's import log). * added specific try/catch blocks around xml parsing * fix NUWCDIVNPT#264: Display feedback for rejected reviews (NUWCDIVNPT#265) * chore: Bump release to 1.0.0-beta.28 * fix NUWCDIVNPT#256: CKL site/instance handling; UI refactor (NUWCDIVNPT#268) * chore: Bump release to 1.0.0-beta.29 * ironbank => development sign+image * fix NUWCDIVNPT#266: sanitize exported filenames (NUWCDIVNPT#273) * fix NUWCDIVNPT#270: ROLE element default value 'None' (NUWCDIVNPT#272) * chore: Bump release to 1.0.0-beta.30 * fix NUWCDIVNPT#276: remove reference to database 'stigman' * chore: remove obsolete docker dir (NUWCDIVNPT#278) * Docs: Added default_group to prevent guid generation, removed doctrees, added a bit of info to Contributing doc. (NUWCDIVNPT#281) * added default_group for images to stop guid generation * removed doctrees * added doctrees to .gitignore * added a couple paragraphs to contributing doc * Endpoint updates (NUWCDIVNPT#284) * feat: GET /assets metadata parameter * feat: PUT /assets/{assetId}/stigs/{benchmarkId} * tests match OpenAPI spec * fix NUWCDIVNPT#145: Review vetting for all users (NUWCDIVNPT#285) * fix NUWCDIVNPT#145: Review vetting for lvl1 users * lvl1 cross-boundary tests, xccdf test file added, workflow updated to run new folder. Removed extra folders from Collection * refactor adminStats, scc parser, tests, workflow Co-authored-by: cd-rite <github-rite@notdoneyet.net> * feat: Drag from Review History (NUWCDIVNPT#288) * fix NUWCDIVNPT#275: handle rule-result without check (NUWCDIVNPT#290) * fix NUWCDIVNPT#275: handle rule-result without check * asset properties and benchmarkId check * chore: Bump release to 1.0.0-beta.31 * checks for asset with no assigned STIGs, changed lvl1 checks to look for existing rule to which it does not have access (as opposed to non-existent rule) * marked tests as continue-on-error so remaining tests would still run. Co-authored-by: csmig <carlsmigielski@gmail.com> Co-authored-by: csmig <33138761+csmig@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bug Location
I found a bug in the:
Bug Description:
Importing SCAP (XCCDF) results for Windows Server 2016/2019 results in:
Cannot read property 'check-content-ref' of undefinedTo Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected to import SCAP results
Actual behavior
Error and no results are impoted
Environment or Configuration:
The text was updated successfully, but these errors were encountered: