openscap / oval-graph Goto Github PK

View Code? Open in Web Editor NEW

34.0 11.0 19.0 7.86 MB

Understand OVAL results in a blink of an eye

License: Apache License 2.0

Python 88.91% Shell 7.68% JavaScript 3.41%

oval xcddf scap oval-reports arf openscap xml security-tools security graph visualization hacktoberfest

oval-graph's Introduction

oval-graph

Understanding result in the blink of an eye

This tool generates an OVAL result in the form of a tree graph from an ARF xml report from an OpenSCAP scan.

Installation

Learn how to install tool in the Guide.

Example usage

More usage examples are in user Guide

This commands consumes the rule name or regular expression of rule name and the ARF file, which is one of possible standardized format for results of SCAP-compliant scanners. You can read about generating ARF report files using OpenSCAP in the OpenSCAP User Manual. Or you can use test arf files from repository /tests/test_data.

arf-to-graph scan-data/ssg-fedora-ds-arf.xml xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat

This command generates a graph and saves file named graph-of-<rule_id>-<date>.html (The date the graph was created.) in the working directory. Then, it opens the generated file in your web browser. Default web browser is Firefox. If Firefox is not installed, the default web browser in OS is used.

Execute the test suite

Learn how to execute the test suite in the Guide.

oval-graph's People

Contributors

Stargazers

Watchers

Forkers

honny1 jan-cerny benhe119 rajkrishnamurthy webzcc kevinlowrie dahaic systemonkey pombredanne dhk-bt matejak ggbecker marvel-works tomastomecek matusmarhefka kevindiffily automatecompliance mdedonno1337 smileqiny

oval-graph's Issues

[packit] Propose downstream failed for release v1.2.6

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`main`	`Failed to download file from URL https://files.pythonhosted.org/packages/source/o/oval-graph/oval_graph-v1.2.6.tar.gz. Reason: 'Not Found'.`

You can retrigger the update by adding a comment (/packit propose-downstream) into this issue.

Update REDME.md

[packit] Propose update failed for release 1.2.0

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`epelplayground`	`Ref 'remotes/origin/epelplayground' did not resolve to an object`

You can re-trigger the update by adding /packit propose-update to the issue comment.

Missing information about tests execution

The project has an extensive pytest-powered test suite.

However, it isn't clear how to execute it, and what dependencies does it have.

Things became a bit tricky, as setup.py test became deprecated in 2019, but it is IMO enough to document this in the README.

Output html directory

Change the default graph output directory. The current solution is not good, because it is inside the package. And the user needs permission to run the command.

Rework OvalNode

Use named arguments in constructor of OvalNode
Improve the code style in help function for the OVAL operators evaluation
Reduce the susceptibility of OvalNode changes

Install instructions lead installed arf-to-graph binary to restrict permission for owner (root) only

Not sure exactly if I am doing something wrong but when I run sudo pip3 install . it restrict permissions to owner only.

$ls -la /usr/bin/arf-to-graph
-rwx------. 1 root root 400 Oct 14 21:55 /usr/bin/arf-to-graph*

Am I missing something?

No --version argument

I have noticed that your utilities don't recognize the --version argument, which is a standard way to identify a script and to get information for bug reports.

As you have more scripts in the package, it would be nice to report both their version and that they come from this utility.

Utilities pring verbose-class output by default.

Tools should obey the silent by default convention, e.g. so it is more convenient to wrap them.

Right now, I see messages Results are saved: ... - those are fine for verbose/debug output, but they shouldn't be displayed by default.

Inappropriate files in the repository

The root of the repository contains files that are "private", e.g.:

notes.txt
playground-old.py
playground-xml.py
playground-xml1.py
playground-xml2.py
playground.py
playground1.py

they don't have value to random people that are interested in the project. They should be either moved out of the repository, or put into a special directory where they don't attract attention.

[packit] Propose update failed for release 1.2.1

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`epelplayground`	`Ref 'remotes/origin/epelplayground' did not resolve to an object`

You can re-trigger the update by adding /packit propose-update to the issue comment.

Problem loading arf results

There is some problem in the following line that node key is not found for node_of_comment.

oval-graph/oval_graph/_xml_parser_comments.py

Line 63 in 0c0ea10

node_of_comment['node'], node['node'])

If we add a check in the if statement and node_of_comment.get('node'), it prevents from erroring and show the graph, but I don't know exactly what's the impact.

The code change I made:

                if 'operator' in node and node_of_comment.get('node'):
                    self._recursive_help_fill_comments(
                        node_of_comment['node'], node['node'])

ARF Results file that causes the issue: xccdf_org.ssgproject.content_profile_anssi_bp28_high-xccdf-arf-results.xml.txt (I had to rename the file with extension .txt so github let me upload this file)

Change output of the test_commands.sh

Modify test_command.sh to show results only when something is wrong and remove showing of the oval-graph version. Then the test_commands.sh script would create a log file with the complete result.

Embed OVAL details into the graph

The oscap HTML report with OVAL details (default in oscap>=1.3) contains list of tests, and under each test, one can usually see detailed information, usually collected objects and a hint that either objects were found, but not expected, or that they were expected, but weren't found etc.
It would be nice if one could click on a test result, and the test details would pop up, or to show test details by another means.

Use same code to create report with one rule.

Remove unnecessary code to create html report. Use the code that is used when --all-in-one is applied.
Append a title with the rule name. As in the --all-in-one case.

Bad practices in tests

By looking at test_sigmaJs.py, one can see some issues:

Duplicate occurrence of test_parsing_and_evaluate_scan_1, test_get_def_id_by_notselected_rule_id and test_str_to_bool test cases.
Assignment to dict in test_get_rule_dict - rewriting builtins is a bad practice, different name should be used.

Save output files where i want

Option define directory where i want save output files.

Problem generating report for some rules

With OpenSCAP v1.2.16 from the Ubuntu distribution, on SSG-built content, we get something like the following:

$ arf-to-graph ~/ssg-ubuntu2004-ds-1-arf.xml file_permissions_audit_configuration 
Traceback (most recent call last):
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/xml_parser.py", line 45, in __init__
    self.scan_definitions = _XmlParserScanDefinitions(
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/_xml_parser_oval_scan_definitions.py", line 9, in __init__
    self.test_info_parser = _XmlParserTestInfo(report_data)
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/_xml_parser_test_info.py", line 20, in __init__
    self.system_data = self._get_system_data()
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/_xml_parser_test_info.py", line 39, in _get_system_data
    for item in data:
TypeError: 'NoneType' object is not iterable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line.py", line 30, in arf_to_graph
    main(ArfToHtml(args))
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line_client/arf_to_html.py", line 8, in __init__
    super().__init__(args)
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line_client/client_arf_input.py", line 10, in __init__
    self.arf_xml_parser = XmlParser(self.source_filename)
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/xml_parser.py", line 48, in __init__
    raise ValueError(
ValueError: This file "/home/cipherboy/ssg-ubuntu2004-ds-1-arf.xml" is not arf report file or there are no results

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/cipherboy/.local/bin/arf-to-graph", line 33, in <module>
    sys.exit(load_entry_point('oval-graph', 'console_scripts', 'arf-to-graph')())
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line.py", line 32, in arf_to_graph
    print_detail_traceback_if_verbose(args)
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line.py", line 24, in print_detail_traceback_if_verbose
    if any(arg in args for arg in ("-v", "--verbose")):
  File "/home/cipherboy/GitHub/OpenSCAP/oval-graph/oval_graph/command_line.py", line 24, in <genexpr>
    if any(arg in args for arg in ("-v", "--verbose")):
TypeError: argument of type 'NoneType' is not iterable

In _XmlParserTestInfo I see:

    def _get_system_data(self):
        data = self.report_data.find(
            ('.//XMLSchema:oval_results/XMLSchema:results/'
             'XMLSchema:system/oval-characteristics:oval_system_characteristics'
             '/oval-characteristics:system_data'), ns)
        out = {}
        for item in data:
            out[item.attrib.get('id')] = item
        return out

If I change it as so:

    def _get_system_data(self):
        data = self.report_data.find(
            ('.//XMLSchema:oval_results/XMLSchema:results/'
             'XMLSchema:system/oval-characteristics:oval_system_characteristics'
             '/oval-characteristics:system_data'), ns)
        out = {}
        if not data:
            return out
        for item in data:
            out[item.attrib.get('id')] = item
        return out

it works, but I'm wondering if this is the right result. Perhaps the element tree is corrupted/modified during loading?

Oddly, if I print the children of oval-characteristics:oval_system_characteristics I see:

        x = self.report_data.find(
            ('.//XMLSchema:oval_results/XMLSchema:results/'
             'XMLSchema:system/oval-characteristics:oval_system_characteristics'), ns)
        print(x)
        for element in x.findall(".//"):
            print("\t", element)
        print(ElementTree.tostring(x, encoding='utf8'))

<Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}oval_system_characteristics at 0x7fb36088cfc0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}generator at 0x7fb36088ce80>
	 <Element {http://oval.mitre.org/XMLSchema/oval-common-5}product_name at 0x7fb36088cdc0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-common-5}product_version at 0x7fb36088ce40>
	 <Element {http://oval.mitre.org/XMLSchema/oval-common-5}schema_version at 0x7fb36088cf00>
	 <Element {http://oval.mitre.org/XMLSchema/oval-common-5}timestamp at 0x7fb36088cf80>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}system_info at 0x7fb360891040>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}os_name at 0x7fb360891080>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}os_version at 0x7fb3608910c0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}architecture at 0x7fb360891100>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}primary_host_name at 0x7fb360891140>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interfaces at 0x7fb36088cf40>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface at 0x7fb360891180>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface_name at 0x7fb3608911c0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}ip_address at 0x7fb360891200>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}mac_address at 0x7fb360891240>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface at 0x7fb360891280>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface_name at 0x7fb3608912c0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}ip_address at 0x7fb360891300>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}mac_address at 0x7fb360891340>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface at 0x7fb360891380>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface_name at 0x7fb3608913c0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}ip_address at 0x7fb360891400>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}mac_address at 0x7fb360891440>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface at 0x7fb360891480>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}interface_name at 0x7fb3608914c0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}ip_address at 0x7fb360891500>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}mac_address at 0x7fb360891540>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}collected_objects at 0x7fb360891580>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}object at 0x7fb36088cac0>
	 <Element {http://oval.mitre.org/XMLSchema/oval-system-characteristics-5}object at 0x7fb36088ca00>
Rule "xccdf_org.ssgproject.content_rule_file_permissions_audit_configuration" done!
Result is saved:"/tmp/graph-of-xccdf_org.ssgproject.content_rule_file_permissions_audit_configuration-02_07_2021-08_36_51.html"

And it just stops parsing the objects and stuff under it collected_objects before getting to system_data!

Snippet of XML below:

Subset of ARF file

...

  <arf:reports>

...

    <arf:report id="oval1">
      <arf:content>
        <oval_results xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-results-5 oval-results-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">

...

          <results>
            <system>

...

              <oval_system_characteristics xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:unix-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix" xmlns:ind-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent" xmlns:lin-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux" xmlns:win-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#windows" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5 oval-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent independent-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix unix-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux linux-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
                <generator>
                  <oval:product_name>combine_ovals.py from SCAP Security Guide</oval:product_name>
                  <oval:product_version>ssg: [0, 1, 57], python: 3.9.5</oval:product_version>
                  <oval:schema_version>5.11</oval:schema_version>
                  <oval:timestamp>2021-07-02T12:20:01</oval:timestamp>
                </generator>
                <system_info>
                  <os_name>Linux</os_name>
                  <os_version>#82-Ubuntu SMP Wed Apr 14 17:39:42 UTC 2021</os_version>
                  <architecture>x86_64</architecture>
                  <primary_host_name>ubuntu-2004-base</primary_host_name>
                  <interfaces>
                    <interface>
                      <interface_name>lo</interface_name>
                      <ip_address>127.0.0.1</ip_address>
                      <mac_address>00:00:00:00:00:00</mac_address>
                    </interface>
                    <interface>
                      <interface_name>enp1s0</interface_name>
                      <ip_address>192.168.122.145</ip_address>
                      <mac_address>52:54:00:95:12:ED</mac_address>
                    </interface>
                    <interface>
                      <interface_name>lo</interface_name>
                      <ip_address>::1</ip_address>
                      <mac_address>00:00:00:00:00:00</mac_address>
                    </interface>
                    <interface>
                      <interface_name>enp1s0</interface_name>
                      <ip_address>fe80::5054:ff:fe95:12ed</ip_address>
                      <mac_address>52:54:00:95:12:ED</mac_address>
                    </interface>
                  </interfaces>
                </system_info>
                <collected_objects>
                  <object id="oval:ssg-obj_lsb:obj:1" version="1" flag="complete">
                    <reference item_ref="1345581"/>
                  </object>
                  <object id="oval:ssg-obj_ubuntu:obj:1" version="1" flag="complete">
                    <reference item_ref="1345631"/>
                  </object>
                  <object id="oval:ssg-obj_ubuntu_focal:obj:1" version="1" flag="complete">
                    <reference item_ref="1345632"/>
                  </object>
                  <object id="oval:ssg-object_installed_env_is_a_docker_container:obj:1" version="1" flag="does not exist"/>
                  <object id="oval:ssg-object_installed_env_is_a_podman_container:obj:1" version="1" flag="does not exist"/>
                  <object id="oval:ssg-object_unix_family:obj:1" version="1" flag="complete">
                    <reference item_ref="1345531"/>
                  </object>
                </collected_objects>
                <system_data>
                  <ind-sys:textfilecontent_item id="1345632" status="exists">
                    <ind-sys:filepath>/etc/lsb-release</ind-sys:filepath>

 ...

            </system>
          </results>

XMLLint runs fine on the output (and doesn't detect any dropped closing tags or anything), so I'm really confused.

The report generates fine once the if not data is added though:

Problem displaying test information

See picture:

Issues running arf-to-graph on Fedora 32

On Fedora 32, arf-to-graph Tracebacks.

$ arf-to-graph tests/test_data/ssg-fedora-ds-arf.xml xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat
Traceback (most recent call last):
  File "/usr/local/bin/arf-to-graph", line 11, in <module>
    load_entry_point('oval-graph==1.2.4', 'console_scripts', 'arf-to-graph')()
TypeError: arf_to_graph() missing 1 required positional argument: 'args'

Tried installing from packaged oval-graph-1.2.4-1.fc32 and latest master.
Am I missing something?

Edit: help doesn't work too: $ arf-to-graph -h

Improve storing the result of the OVAL tree

It will be a good idea to store the tree result in a different structure than the dictionary. Rename the items in the new structure to make them easier to understand. For example, cnt_true to number_of_true.

[packit] Propose downstream failed for release v1.2.6

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`main`	`Failed to download file from URL https://files.pythonhosted.org/packages/source/o/oval-graph/oval_graph-v1.2.6.tar.gz. Reason: 'Not Found'.`

You can retrigger the update by adding a comment (/packit propose-downstream) into this issue.

Duplicated definitions of command-line parsers

The command-line utilities share the command-line interface, but the parsers are defined separately, i.e. they are not shared by utilities that use them. Check it out:

This kind of duplication allows introduction of inconsistencies e.g. when fixing typos, or when you decide to change an interface for one utility and forget to make the same change for the other one.
I recommend use functions or mixin classes to remove the duplication.

Embed Search bar

Embed Search bar to HTML report with graphs when is used option --all-in-one.

Output to single JSON file.

The when --output XXX argument is given to arf-to-json, it saves JSONs into a directory XXX, which contains one or more files. It would be better not to create any directories, and to save everything into a file XXX.

Running run.py from outside of the projects directory doesnt work

The source code seems to assume that the current directory is the project's root. Therefore, when executing run.py, one gets this error:

OSError: Error reading file './schemas/arf/1.1/asset-reporting-format_1.1.0.xsd': failed to load external entity "./schemas/arf/1.1/asset-reporting-format_1.1.0.xsd"

Remove last date from file name produced by json-to-graph command

Remove date when was generated file with graph from JSON. Leave date when was produced JSON in name of file.

```--all-in-one``` for json-to-graph command

Add the --all-in-one option to the json-to-graph command.

Optional argument --show-fail-rules

It should be --show-failed-rules.

Redirecting command arf-to-json to file

Problem with redirecting command arf-to-json to file when rule name is not unique.

Rework CLI classes

The classes ArfToHtml, ArfToJson, JsonToHtml,Client needs to be reworked. Because they are confusing.

Help text needs improvement

python3 ./run.py --help

The description says client. That's not useful, please replace it with a description of purpose of the tool.
I suggest replacing rule_name and Name of rule form scan by rule_id and Rule ID to be visualized

Command that put the OVAL graphs into an oscap HTML report

Command that put the OVAL graphs into an oscap HTML report. Command should have parameters arf and html report or only arf report. If it have only arf report it will generated HTML report with oscap.

Don't use sys.argv in the project

This variable shares all risks of using global variables - other parts of the program may change their contents.
A better approach than "this program has been called with -v or --verbose" is "the program knows, that the verbose_mode is true".

Solution of https://github.com/OpenSCAP/oval-graph/blob/master/oval_graph/command_line.py#L73 can be implemented using argparse subcommands together with parse_known_args.

Save and load graph/report as JSON

Will be good, if user will have option save to small JSON of graph/report. And restore them.

[packit] Propose update failed for release 1.2.2

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`master`	`Cmd('git') failed due to: exit code(128) cmdline: git reset --hard remotes/origin/1.2.2-master-update stderr: 'fatal: ambiguous argument 'remotes/origin/1.2.2-master-update': unknown revision or path not in the working tree. Use '--' to separate paths from revisions, like this: 'git <command> [<revision>...] -- [<file>...]''`

You can re-trigger the update by adding /packit propose-update to the issue comment.

Distinguish between OVAL tests and OVAL definitons

It would be nice if we could spot if a graph node is an OVAL test, OVAL definition or a criteria. Think of a text in label, different color or shape of the node. That would be helpful when a defintion contains another definition reference using extend_definition.

Improve error messages

More user-friendly and representative - current error messages are quite geeky, and the client should not show the traceback, but it should only print the message.

Allow a part of rule ID as input to run.py

Rule IDs in the CAC project have the annoying xccdf_org.ssgproject.content_rule_ prefix. And sometimes one knows part of the rule ID that is unique (e.g. PAE is only in the xccdf_org.ssgproject.content_rule_install_PAE_kernel_on_x86-32 rule ID), but one still has to get the whole ID from the ARF to visualize rule's results.

It would be nice to treat the rule ID input as a regular expression, and if it matches exactly one rule ID, assume that this is the rule ID that we want to show. If it matches more of them, then notifying the user which rules matched would greatly improve the script's usability.

Traceback in `get_data_form_xml`

Hello, I am not able to create the graph, can you take a look?

python3 run.py xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout-comment.fail.sh-xccdf_org.ssgproject.content_profile_ospp-results-initial.txt xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout

Traceback (most recent call last):
  File "run.py", line 30, in <module>
    arg.func(arg)
  File "run.py", line 22, in run
    oval_tree = graph.oval_graph.build_nodes_form_xml(args.source_filename, args.rule_name)
  File "/home/dahaic/RH/git/upstream/origins/OVAL-visualization-as-graph/graph/oval_graph.py", line 450, in build_nodes_form_xml
    return parser.get_oval_graph(rule_id)
  File "/home/dahaic/RH/git/upstream/origins/OVAL-visualization-as-graph/graph/xml_parser.py", line 103, in get_oval_graph
    return self.xml_dict_of_rule_to_node(self.parse_data_to_dict(rule_id))
  File "/home/dahaic/RH/git/upstream/origins/OVAL-visualization-as-graph/graph/xml_parser.py", line 55, in parse_data_to_dict
    for i in self.get_data_form_xml(used_rules[0]['href']):
  File "/home/dahaic/RH/git/upstream/origins/OVAL-visualization-as-graph/graph/xml_parser.py", line 24, in get_data_form_xml
    for report in reports:
TypeError: 'NoneType' object is not iterable

I am on RHEL7, python 3.6.8
xccdf_org.ssgproject.content_rule_sssd_ssh_known_hosts_timeout-comment.fail.sh-xccdf_org.ssgproject.content_profile_ospp-results-initial.txt

Problem with search in OVAL tree

Metode find_node_with_id() doesn't find all nodes in complex tree.

Notselected rules reported as not found.

When there is an ARF that contains a definition of a rule, but the rule itself was not tested, the run.py will produce the err- 404 rule not found! error.

This leaves the user wondering whether they got the rule ID right, which is not the problem. A better message would be no results found for rule ..., but even better would be rule ... was not selected, so there are no results.

Improve performance

When a more complex rule check result is converted to JSON or to visualization, it may take a considerable amount of time. I think that there is a huge room to improve the performance.

Append description from oval-def to second node

[packit] Propose downstream failed for release v1.2.6

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`main`	`Failed to download file from URL https://files.pythonhosted.org/packages/source/o/oval-graph/oval_graph-v1.2.6.tar.gz. Reason: 'Not Found'.`

You can retrigger the update by adding a comment (/packit propose-downstream) into this issue.

Processing only filed rules

Automatic processing if one rule is found. Not work when is used parameter --show-failed-rules. And if the --all parameter is used with a combination of the --show-failed-rules parameter, the command will process all the rules. I think a command with these parameters should handle all failed rules.

python3 -m oval_graph.command_line arf-to-graph --show-failed-rules  tests/test_data/ssg-fedora-ds-arf.xml "_package_\w+_removed"

Insuffient handling of unusual result values

This traceback occured while evaluating arf file containing 'error' result.

Traceback (most recent call last):
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/arf_to_html.py", line 31, in prepare_data
    oval_tree_dict = self.create_dict_of_rule(rule)
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/arf_to_html.py", line 25, in create_dict_of_rule
    return converter.to_JsTree_dict(self.hide_passing_tests)
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in to_JsTree_dict
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in <listcomp>
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in to_JsTree_dict
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in <listcomp>
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in to_JsTree_dict
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 72, in <listcomp>
    hide_passing_tests) for child in self.tree.children]
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 56, in to_JsTree_dict
    icons = self._get_node_icon()
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 39, in _get_node_icon
    values = self._get_node_style()
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 88, in _get_node_style
    out_color = self.negate_bool(self.tree.value)
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/converter.py", line 133, in negate_bool
    return values[str(value)]
KeyError: 'error'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib64/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib64/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/command_line.py", line 50, in <module>
    arf_to_graph(sys.argv[2:])
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/command_line.py", line 17, in arf_to_graph
    main(ArfToHtml(args))
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/command_line.py", line 42, in main
    results_src = client.prepare_data(answers)
  File "/home/dahaic/RH/git/upstream/dahaic/OVAL-visualization-as-graph/oval_graph/arf_to_html.py", line 40, in prepare_data
    raise ValueError('Rule: "{}" Error: "{}"'.format(rule, error))
ValueError: Rule: "xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" Error: "'error'"

[packit] Propose downstream failed for release v1.2.6

Packit failed on creating pull-requests in dist-git:

dist-git branch	error
`main`	`Failed to download file from URL https://files.pythonhosted.org/packages/source/o/oval-graph/oval_graph-v1.2.6.tar.gz. Reason: 'Not Found'.`

You can retrigger the update by adding a comment (/packit propose-downstream) into this issue.

Listing of rules contain strange characters

Running

arf-to-json tests/test_data/ssg-fedora-ds-arf.xml creat

yields

== The Rule IDs ==
'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_creat\b'
'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_o_creat\b'
'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_openat_o_creat\b'
'xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat\b'
You haven't got installed inquirer lib. Please copy id rule with you want use and put it in command

Notice the \b that follow rule IDs, those look like some omissions.

Option to show only the failing tests

Does it make sense to have an option to show only the failing tests? As you can see, sometimes is hard to navigate between the tests

openscap / oval-graph Goto Github PK

oval-graph's Introduction

oval-graph

Installation

Example usage

Execute the test suite

oval-graph's People

Contributors

Stargazers

Watchers

Forkers

oval-graph's Issues

Recommend Projects

Recommend Topics

Recommend Org