Merge pull request #2079 from evgenyz/add-json-to-autotailor

Introduce JSON tailoring import option for `autotailor`

Author: jan-cerny

.gitignore

@@ -17,6 +17,7 @@ build/
 *.a
 *.la
 .cproject
+.idea
 .project
 .settings/language.settings.xml
 

docs/manual/manual.adoc

@@ -1,6 +1,7 @@
 = OpenSCAP User Manual
 :imagesdir: ./images
 :workbench_url: https://www.open-scap.org/tools/scap-workbench/
+:json_tailoring_url: https://github.com/ComplianceAsCode/schemas/tree/main/tailoring
 :sce_web:       https://www.open-scap.org/features/other-standards/sce/
 :openscap_web: https://open-scap.org/
 :oscap_git:     https://github.com/OpenSCAP/openscap
@@ -868,6 +869,12 @@ $ autotailor --unselect service_usbguard_enabled --output /tmp/tailoring.xml \
 --new-profile-id custom /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml ospp
 ----
 
+The `autotailor` tool can also consume {json_tailoring_url}[JSON tailoring] files and convert them into XCCDF Tailoring.
+
+----
+$ autotailor --json-tailoring custom.json /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
+----
+
 For more details about other options of the `autotailor` program please read the `autotailor(8)` man page or run `autotailor --help`.
 
 

tests/utils/autotailor_integration_test.sh

@@ -7,6 +7,7 @@ set -e -o pipefail
 autotailor="$top_srcdir/utils/autotailor"
 tailoring="$(mktemp)"
 ds="$srcdir/data_stream.xml"
+json_tailoring="$srcdir/custom.json"
 stdout="$(mktemp)"
 original_profile="P1"
 result="$(mktemp)"
@@ -93,11 +94,33 @@ assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="pass"]'
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
 
-# refine value v1 to 30
+# set value v1 to thirty
 python3 $autotailor --id-namespace "com.example.www" --var-value V1=thirty $ds $original_profile > $tailoring
 $OSCAP xccdf eval --profile P1_customized --progress --tailoring-file $tailoring --results $result $ds
 assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="thirty"]'
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]'
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
 assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
+
+# refine value v1 to 'thirty' (30) and v2 to 'other' (Other Value)
+python3 $autotailor --id-namespace "com.example.www" --var-select V1=thirty --var-select V2=other $ds $original_profile > $tailoring
+$OSCAP xccdf eval --profile P1_customized --progress --tailoring-file $tailoring --results $result $ds
+assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="30"]'
+assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V2" and text()="Other Value"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="pass"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
+
+# use JSON tailoring
+python3 $autotailor $ds --id-namespace "com.example.www" --json-tailoring $json_tailoring > $tailoring
+$OSCAP xccdf eval --profile JSON_P1 --progress --tailoring-file $tailoring --results $result $ds
+assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V1" and text()="New Value"]'
+assert_exists 1 '/Benchmark/TestResult/set-value[@idref="xccdf_com.example.www_value_V2" and text()="Some Value"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R1"]/result[text()="notselected"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R2"]/result[text()="pass"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3"]/result[text()="notselected"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R3" and @severity="unknown"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4"]/result[text()="notselected"]'
+assert_exists 1 '/Benchmark/TestResult/rule-result[@idref="xccdf_com.example.www_rule_R4" and @role="unchecked"]'

tests/utils/custom.json

@@ -0,0 +1,35 @@
+{
+  "profiles": [
+    {
+      "id": "JSON_P1",
+      "title": "JSON Tailored Profile P1",
+      "base_profile_id": "P1",
+      "groups": {
+        "G34": {
+          "evaluate": false
+        }
+      },
+      "rules": {
+        "R1": {
+          "evaluate": false
+        },
+        "R3": {
+          "evaluate": true,
+          "severity": "unknown"
+        },
+        "R4": {
+          "evaluate": true,
+          "role": "unchecked"
+        }
+      },
+      "variables": {
+        "V1": {
+          "value": "New Value"
+        },
+        "V2": {
+          "option_id": "some"
+        }
+      }
+    }
+  ]
+}

tests/utils/data_stream.xml

@@ -65,12 +65,20 @@
         <select idref="xccdf_com.example.www_rule_R2" selected="true"/>
       </Profile>
       <Value id="xccdf_com.example.www_value_V1" operator="equals" type="number">
-        <title>value</title>
+        <title>value 1</title>
         <description xml:lang="en">cccc</description>
         <question xml:lang="en">ssss</question>
         <value>5</value>
         <value selector="thirty">30</value>
       </Value>
+      <Value id="xccdf_com.example.www_value_V2" operator="equals" type="string">
+        <title>value 2</title>
+        <description xml:lang="en">22222</description>
+        <question xml:lang="en">Q2</question>
+        <value>Default</value>
+        <value selector="some">Some Value</value>
+        <value selector="other">Other Value</value>
+      </Value>
       <Rule selected="false" id="xccdf_com.example.www_rule_R1">
         <title>Rule R1</title>
         <description>Description</description>
@@ -85,20 +93,24 @@
           <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
         </check>
       </Rule>
-      <Rule selected="false" id="xccdf_com.example.www_rule_R3">
-        <title>Rule R3</title>
-        <description>Description</description>
-        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
-        </check>
-      </Rule>
-      <Rule selected="false" id="xccdf_com.example.www_rule_R4">
-        <title>Rule R4</title>
-        <description>Description</description>
-        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
-        </check>
-      </Rule>
-    </Benchmark>
+      <Group selected="true" id="xccdf_com.example.www_group_G34">
+        <title>group R3, R4</title>
+        <description>description</description>
+        <Rule selected="false" id="xccdf_com.example.www_rule_R3">
+          <title>Rule R3</title>
+          <description>Description</description>
+          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+          </check>
+        </Rule>
+        <Rule selected="false" id="xccdf_com.example.www_rule_R4">
+          <title>Rule R4</title>
+          <description>Description</description>
+          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+            <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+          </check>
+        </Rule>
+      </Group>
+      </Benchmark>
   </ds:component>
 </ds:data-stream-collection>