| from __future__ import absolute_import |
| import tempfile |
| import os |
| from oscap.utils import build_tailoring, normalize_id, run |
| from oscap.utils import xccdf_xml_to_json, oval_xml_to_json |
| |
| def oscap_has_sce(): |
| (stdout, _, _) = run('oscap -V') |
| return any([x for x in stdout.splitlines() if x.startswith('SCE Vers')]) |
| |
| def xccdf(benchmark, |
| pillar_data=None, |
| xccdf_version='1.2', |
| profile='default', |
| tailoring_id=None): |
| |
| tailoring_file = None |
| profile = normalize_id(profile, xccdf_version=xccdf_version) |
| |
| tempdir = tempfile.mkdtemp(prefix='oscap-') |
| |
| if pillar_data: |
| if not tailoring_id: |
| raise Exception('Tailoring id must be set!') |
| profile = normalize_id(pillar_data['profile'], typeof='profile') |
| tailoring_file = os.path.join(tempdir, 'tailoring.xml') |
| |
| cmd = 'oscap xccdf eval --profile {profile} ' +\ |
| '--results results.xml --report report.html' |
| if oscap_has_sce(): |
| cmd += ' --sce-results' |
| if tailoring_file: |
| cmd += ' --tailoring-file {tailoring_file}' |
| cmd += ' {benchmark}' |
| cmd = cmd.format(profile=profile, |
| tailoring_file=tailoring_file, |
| benchmark=benchmark) |
| |
| if tailoring_file: |
| with open(tailoring_file, 'w') as f: |
| f.write(build_tailoring(pillar_data, tailoring_id)) |
| |
| stdout, stderr, rc = run(cmd, tempdir) |
| res_file = os.path.join(tempdir, 'results.xml') |
| if os.path.isfile(res_file): |
| xccdf_xml_to_json(res_file) |
| return stdout, stderr, rc, tempdir |
| |
| def oval(benchmark): |
| tempdir = tempfile.mkdtemp(prefix='oscap-') |
| cmd = 'oscap oval eval --results results.xml --report report.html {}' |
| cmd = cmd.format(benchmark) |
| |
| stdout, stderr, rc = run(cmd, tempdir) |
| res_file = os.path.join(tempdir, 'results.xml') |
| if os.path.isfile(res_file): |
| oval_xml_to_json(res_file) |
| return stdout, stderr, rc, tempdir |