Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: parse and import XCCDF with root-level TestResult #45

Merged
merged 1 commit into from
Mar 1, 2023
Merged

feat: parse and import XCCDF with root-level TestResult #45

merged 1 commit into from
Mar 1, 2023

Conversation

csmig
Copy link
Member

@csmig csmig commented Mar 1, 2023

This PR synchronizes XCCDF parsing code between the STIG Manager web app and Watcher. See this STIG Manager pull request.

This code successfully processes the sanitized sample files from ACAS and HBSS which were provided with here. We hope for additional feedback from the community to establish we can handle all of the real-world XCCDF from those tools.

This PR handles the non-standard value for <TestResult test-system> that is seen in the HBSS file. According to the XCCDF specification the test-system attribute "SHOULD be either a CPE name or a CPE applicability language expression", but HBSS does not follow this suggestion and our existing code expected a CPE name.

Unlike SCC and OpenSCAP, neither ACAS nor HBSS provide a timestamp for each <rule-result>. I've instead used the required attribute <TestResult end-time> as a common timestamp for each result.

@csmig csmig merged commit a24ba89 into NUWCDIVNPT:main Mar 1, 2023
@csmig csmig deleted the xccdf-import branch March 1, 2023 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@csmig