import scap-workbench-1.2.0-5.el8
This commit is contained in:
parent
efcd7c1697
commit
d97680dee6
@ -0,0 +1,519 @@
|
||||
From 69e988df963cb184062814e75c737fe080f303df Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Tue, 25 Feb 2020 10:50:46 +0100
|
||||
Subject: [PATCH] Generate result-based remediation from tailored profile
|
||||
|
||||
Users can generate remediation script from scan results
|
||||
of a tailored profile.
|
||||
|
||||
Unfortunately, the current design of SCAP Workbench doesn't allow
|
||||
a clear way of doing this. The scan is run in a separated oscap
|
||||
process. SCAP Workbench doesn't have access to oscap internal
|
||||
xccdf_session which creates the ARF. It can't obtain the Tailoring
|
||||
component reference ID.
|
||||
|
||||
Instead, we will save the tailoring document to a temporary file
|
||||
and use the temporary file when generating the remediation.
|
||||
|
||||
Resolves: RHBZ#1640715
|
||||
---
|
||||
include/RemediationRoleSaver.h | 19 +++++++++-------
|
||||
include/ResultViewer.h | 2 ++
|
||||
src/RemediationRoleSaver.cpp | 40 ++++++++++++++++++++++------------
|
||||
src/ResultViewer.cpp | 9 +++++---
|
||||
4 files changed, 45 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/include/RemediationRoleSaver.h b/include/RemediationRoleSaver.h
|
||||
index 1681b901..dfeea0c9 100644
|
||||
--- a/include/RemediationRoleSaver.h
|
||||
+++ b/include/RemediationRoleSaver.h
|
||||
@@ -98,33 +98,35 @@ class PuppetProfileRemediationSaver : public ProfileBasedRemediationSaver
|
||||
class ResultBasedProcessRemediationSaver : public RemediationSaverBase
|
||||
{
|
||||
public:
|
||||
- ResultBasedProcessRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
|
||||
+ ResultBasedProcessRemediationSaver(
|
||||
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
|
||||
|
||||
private:
|
||||
virtual void saveToFile(const QString& filename);
|
||||
SpacelessQTemporaryFile mArfFile;
|
||||
+ QString tailoring;
|
||||
};
|
||||
|
||||
|
||||
class BashResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
{
|
||||
public:
|
||||
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
|
||||
class AnsibleResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
{
|
||||
public:
|
||||
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
|
||||
class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
{
|
||||
public:
|
||||
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
|
||||
@@ -133,33 +135,34 @@ class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
class ResultBasedLibraryRemediationSaver : public RemediationSaverBase
|
||||
{
|
||||
public:
|
||||
- ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
|
||||
+ ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
|
||||
|
||||
private:
|
||||
virtual void saveToFile(const QString& filename);
|
||||
SpacelessQTemporaryFile mArfFile;
|
||||
+ QString tailoring;
|
||||
};
|
||||
|
||||
|
||||
class BashResultRemediationSaver : public ResultBasedLibraryRemediationSaver
|
||||
{
|
||||
public:
|
||||
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
|
||||
class AnsibleResultRemediationSaver : public ResultBasedLibraryRemediationSaver
|
||||
{
|
||||
public:
|
||||
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
|
||||
class PuppetResultRemediationSaver : public ResultBasedLibraryRemediationSaver
|
||||
{
|
||||
public:
|
||||
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents);
|
||||
+ PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
diff --git a/include/ResultViewer.h b/include/ResultViewer.h
|
||||
index a6da89da..2ec8d576 100644
|
||||
--- a/include/ResultViewer.h
|
||||
+++ b/include/ResultViewer.h
|
||||
@@ -99,6 +99,8 @@ class ResultViewer : public QWidget
|
||||
/// If user requests to open the file via desktop services
|
||||
SpacelessQTemporaryFile* mReportFile;
|
||||
QByteArray mARF;
|
||||
+
|
||||
+ QString tailoringFilePath;
|
||||
};
|
||||
|
||||
#endif
|
||||
diff --git a/src/RemediationRoleSaver.cpp b/src/RemediationRoleSaver.cpp
|
||||
index 900a221d..28389dbb 100644
|
||||
--- a/src/RemediationRoleSaver.cpp
|
||||
+++ b/src/RemediationRoleSaver.cpp
|
||||
@@ -164,7 +164,8 @@ PuppetProfileRemediationSaver::PuppetProfileRemediationSaver(QWidget* parentWind
|
||||
{}
|
||||
|
||||
#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
-ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
|
||||
+ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(
|
||||
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
|
||||
RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
|
||||
{
|
||||
@@ -172,6 +173,7 @@ ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(QWidget*
|
||||
mArfFile.open();
|
||||
mArfFile.write(arfContents);
|
||||
mArfFile.close();
|
||||
+ tailoring = tailoringFilePath;
|
||||
}
|
||||
|
||||
void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
|
||||
@@ -191,6 +193,11 @@ void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
|
||||
args.append("--result-id");
|
||||
args.append("");
|
||||
|
||||
+ if (!tailoring.isNull()) {
|
||||
+ args.append("--tailoring-file");
|
||||
+ args.append(tailoring.toUtf8().constData());
|
||||
+ }
|
||||
+
|
||||
args.append(mArfFile.fileName());
|
||||
|
||||
// Launching a process and going through its output is something we do already in OscapScannerLocal::evaluate()
|
||||
@@ -222,23 +229,24 @@ void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
|
||||
}
|
||||
}
|
||||
|
||||
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
|
||||
+BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
|
||||
{}
|
||||
|
||||
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
|
||||
+AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
|
||||
{}
|
||||
|
||||
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents,
|
||||
+PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
|
||||
{}
|
||||
|
||||
#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
|
||||
-ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents,
|
||||
+ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(
|
||||
+ QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
|
||||
RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
|
||||
{
|
||||
@@ -246,6 +254,7 @@ ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(QWidget*
|
||||
mArfFile.open();
|
||||
mArfFile.write(arfContents);
|
||||
mArfFile.close();
|
||||
+ tailoring = tailoringFilePath;
|
||||
}
|
||||
|
||||
void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
|
||||
@@ -282,6 +291,9 @@ void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
|
||||
|
||||
if (session == NULL)
|
||||
throw std::runtime_error("Couldn't get XCCDF session from the report source");
|
||||
+ if (!tailoring.isNull()) {
|
||||
+ xccdf_session_set_user_tailoring_file(session, tailoring.toUtf8().constData());
|
||||
+ }
|
||||
|
||||
xccdf_session_set_loading_flags(session, XCCDF_SESSION_LOAD_XCCDF);
|
||||
if (xccdf_session_load(session) != 0)
|
||||
@@ -316,18 +328,18 @@ void ResultBasedLibraryRemediationSaver::saveToFile(const QString& filename)
|
||||
}
|
||||
}
|
||||
|
||||
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
|
||||
+BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
|
||||
{}
|
||||
|
||||
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
|
||||
+AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
|
||||
{}
|
||||
|
||||
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents):
|
||||
- ResultBasedLibraryRemediationSaver(parentWindow, arfContents,
|
||||
+PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
+ ResultBasedLibraryRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
|
||||
{}
|
||||
|
||||
diff --git a/src/ResultViewer.cpp b/src/ResultViewer.cpp
|
||||
index 1e730e99..c5444746 100644
|
||||
--- a/src/ResultViewer.cpp
|
||||
+++ b/src/ResultViewer.cpp
|
||||
@@ -114,6 +114,9 @@ void ResultViewer::loadContent(Scanner* scanner)
|
||||
if (mInputBaseName.endsWith("-xccdf"))
|
||||
mInputBaseName.chop(QString("-xccdf").length());
|
||||
}
|
||||
+ if (session->isSelectedProfileTailoring()) {
|
||||
+ tailoringFilePath = session->getTailoringFilePath();
|
||||
+ }
|
||||
|
||||
mReport.clear();
|
||||
scanner->getReport(mReport);
|
||||
@@ -173,19 +176,19 @@ void ResultViewer::openReport()
|
||||
|
||||
void ResultViewer::generateBashRemediationRole()
|
||||
{
|
||||
- BashResultRemediationSaver remediation(this, mARF);
|
||||
+ BashResultRemediationSaver remediation(this, mARF, tailoringFilePath);
|
||||
remediation.selectFilenameAndSaveRole();
|
||||
}
|
||||
|
||||
void ResultViewer::generateAnsibleRemediationRole()
|
||||
{
|
||||
- AnsibleResultRemediationSaver remediation(this, mARF);
|
||||
+ AnsibleResultRemediationSaver remediation(this, mARF, tailoringFilePath);
|
||||
remediation.selectFilenameAndSaveRole();
|
||||
}
|
||||
|
||||
void ResultViewer::generatePuppetRemediationRole()
|
||||
{
|
||||
- PuppetResultRemediationSaver remediation(this, mARF);
|
||||
+ PuppetResultRemediationSaver remediation(this, mARF, tailoringFilePath);
|
||||
remediation.selectFilenameAndSaveRole();
|
||||
}
|
||||
|
||||
From e97539b824202e91c9cd551316836935046e53ca Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Mon, 2 Mar 2020 14:14:49 +0100
|
||||
Subject: [PATCH] Use only library calls to generate remediation
|
||||
|
||||
Removes CMake option
|
||||
SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
and removes the code that is used when this option is not set.
|
||||
That means the remediations will be generated using libopenscap
|
||||
library calls. The removed code executed "oscap" command to
|
||||
do the same thing.
|
||||
---
|
||||
CMakeLists.txt | 8 +---
|
||||
include/Config.h.in | 1 -
|
||||
include/RemediationRoleSaver.h | 41 ----------------
|
||||
src/RemediationRoleSaver.cpp | 87 ----------------------------------
|
||||
4 files changed, 2 insertions(+), 135 deletions(-)
|
||||
|
||||
diff --git a/CMakeLists.txt b/CMakeLists.txt
|
||||
index 060df785..8d16d3c5 100644
|
||||
--- a/CMakeLists.txt
|
||||
+++ b/CMakeLists.txt
|
||||
@@ -49,12 +49,8 @@ endif()
|
||||
# Local scanning tools
|
||||
option(SCAP_WORKBENCH_LOCAL_SCAN_ENABLED "If enabled, scanning of local machine is possible from workbench. Else the option is disabled in the GUI." TRUE)
|
||||
|
||||
-option(SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION "If enabled, result-based remediation roles will be generated by calls to the libopenscap library (instead of being generated by the oscap subprocess). Requires openscap>=1.2.16" FALSE)
|
||||
-
|
||||
-if (SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION)
|
||||
- if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16) # i.e. oscap<1.2.16
|
||||
- message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
|
||||
- endif()
|
||||
+if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16) # i.e. oscap<1.2.16
|
||||
+ message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
|
||||
endif()
|
||||
|
||||
find_program(NICE_EXECUTABLE NAMES nice) # fully optional, local scan still available when missing
|
||||
diff --git a/include/Config.h.in b/include/Config.h.in
|
||||
index 21b3f373..a9bc718f 100644
|
||||
--- a/include/Config.h.in
|
||||
+++ b/include/Config.h.in
|
||||
@@ -40,7 +40,6 @@
|
||||
#define SCAP_WORKBENCH_LOCAL_PKEXEC_OSCAP_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-pkexec-oscap.sh"
|
||||
#define SCAP_WORKBENCH_LOCAL_RPM_EXTRACT_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-rpm-extract.sh"
|
||||
#define SCAP_WORKBENCH_REMOTE_OSCAP_PATH "oscap"
|
||||
-#cmakedefine SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
#cmakedefine SCAP_WORKBENCH_LOCAL_SSH_FOUND
|
||||
#define SCAP_WORKBENCH_LOCAL_SSH_PATH "@SSH_EXECUTABLE@"
|
||||
#cmakedefine SCAP_WORKBENCH_LOCAL_SETSID_FOUND
|
||||
diff --git a/include/RemediationRoleSaver.h b/include/RemediationRoleSaver.h
|
||||
index dfeea0c9..95938db8 100644
|
||||
--- a/include/RemediationRoleSaver.h
|
||||
+++ b/include/RemediationRoleSaver.h
|
||||
@@ -93,45 +93,6 @@ class PuppetProfileRemediationSaver : public ProfileBasedRemediationSaver
|
||||
};
|
||||
|
||||
|
||||
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
-/// Base for all result-based remediation generators that uses oscap process
|
||||
-class ResultBasedProcessRemediationSaver : public RemediationSaverBase
|
||||
-{
|
||||
- public:
|
||||
- ResultBasedProcessRemediationSaver(
|
||||
- QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
- const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
|
||||
-
|
||||
- private:
|
||||
- virtual void saveToFile(const QString& filename);
|
||||
- SpacelessQTemporaryFile mArfFile;
|
||||
- QString tailoring;
|
||||
-};
|
||||
-
|
||||
-
|
||||
-class BashResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
-{
|
||||
- public:
|
||||
- BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
-};
|
||||
-
|
||||
-
|
||||
-class AnsibleResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
-{
|
||||
- public:
|
||||
- AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
-};
|
||||
-
|
||||
-
|
||||
-class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
|
||||
-{
|
||||
- public:
|
||||
- PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
-};
|
||||
-
|
||||
-#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
|
||||
-
|
||||
-/// Base for all result-based remediation generators that uses the openscap library
|
||||
class ResultBasedLibraryRemediationSaver : public RemediationSaverBase
|
||||
{
|
||||
public:
|
||||
@@ -165,7 +126,5 @@ class PuppetResultRemediationSaver : public ResultBasedLibraryRemediationSaver
|
||||
PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
|
||||
};
|
||||
|
||||
-#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
-
|
||||
|
||||
#endif // SCAP_WORKBENCH_REMEDIATION_ROLE_SAVER_H_
|
||||
diff --git a/src/RemediationRoleSaver.cpp b/src/RemediationRoleSaver.cpp
|
||||
index 28389dbb..a9866738 100644
|
||||
--- a/src/RemediationRoleSaver.cpp
|
||||
+++ b/src/RemediationRoleSaver.cpp
|
||||
@@ -35,11 +35,7 @@ extern "C"
|
||||
#include <xccdf_benchmark.h>
|
||||
#include <xccdf_policy.h>
|
||||
#include <xccdf_session.h>
|
||||
-#ifdef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
- // vvv This include is used only for library-based generation of result-base remediation roles
|
||||
- // vvv and it requires (relatively recent) openscap 1.2.16
|
||||
#include <ds_rds_session.h>
|
||||
-#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -163,88 +159,6 @@ PuppetProfileRemediationSaver::PuppetProfileRemediationSaver(QWidget* parentWind
|
||||
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
|
||||
{}
|
||||
|
||||
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
-ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(
|
||||
- QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
- const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
|
||||
- RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
|
||||
-{
|
||||
- mArfFile.setAutoRemove(true);
|
||||
- mArfFile.open();
|
||||
- mArfFile.write(arfContents);
|
||||
- mArfFile.close();
|
||||
- tailoring = tailoringFilePath;
|
||||
-}
|
||||
-
|
||||
-void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
|
||||
-{
|
||||
- QStringList args;
|
||||
- args.append("xccdf");
|
||||
- args.append("generate");
|
||||
- args.append("fix");
|
||||
-
|
||||
- args.append("--template");
|
||||
- args.append(mTemplateString);
|
||||
- args.append("--output");
|
||||
- args.append(filename);
|
||||
-
|
||||
- // vvv This will work, if there is only one result ID in the ARF file, it will be picked no matter what the argument value is.
|
||||
- // However, ommitting --result-id "" won't work.
|
||||
- args.append("--result-id");
|
||||
- args.append("");
|
||||
-
|
||||
- if (!tailoring.isNull()) {
|
||||
- args.append("--tailoring-file");
|
||||
- args.append(tailoring.toUtf8().constData());
|
||||
- }
|
||||
-
|
||||
- args.append(mArfFile.fileName());
|
||||
-
|
||||
- // Launching a process and going through its output is something we do already in OscapScannerLocal::evaluate()
|
||||
- // This is a lightweight launch though.
|
||||
- QProcess process(mParentWindow);
|
||||
-
|
||||
- SpacelessQTemporaryDir workingDir;
|
||||
- process.setWorkingDirectory(workingDir.path());
|
||||
- QString program(SCAP_WORKBENCH_LOCAL_OSCAP_PATH);
|
||||
-
|
||||
- process.start(program, args);
|
||||
- process.waitForStarted();
|
||||
-
|
||||
- const unsigned int remediationGenerationTimeout = 10000;
|
||||
-
|
||||
- const int process_finished_on_time = process.waitForFinished(remediationGenerationTimeout);
|
||||
-
|
||||
- if (!process_finished_on_time)
|
||||
- {
|
||||
- QString message = QObject::tr("The process that was supposed to generate remediations didn't finish on time (i.e. within %1 secs), so it was terminated.").arg(remediationGenerationTimeout / 1000);
|
||||
- process.kill();
|
||||
- throw std::runtime_error(message.toUtf8().constData());
|
||||
- }
|
||||
-
|
||||
- if (process.exitCode() != 0)
|
||||
- {
|
||||
- QString completeErrorMessage(QObject::tr("Exit code of 'oscap' was %1: %2"));
|
||||
- throw std::runtime_error(completeErrorMessage.arg(process.exitCode()).arg(QString(process.readAllStandardError())).toUtf8().constData());
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
- bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
|
||||
-{}
|
||||
-
|
||||
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
- ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
|
||||
-{}
|
||||
-
|
||||
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
|
||||
- ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
|
||||
- puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
|
||||
-{}
|
||||
-
|
||||
-#else // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
|
||||
ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(
|
||||
QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
|
||||
const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
|
||||
@@ -343,4 +257,3 @@ PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow
|
||||
puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
|
||||
{}
|
||||
|
||||
-#endif // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
|
||||
From 550fc786d2cdec391544cd7bc3a33325ba545803 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
|
||||
Date: Tue, 3 Mar 2020 09:36:20 +0100
|
||||
Subject: [PATCH] Remove known issue
|
||||
|
||||
This issue has been fixed by 69e988df963cb184062814e75c737fe080f303df.
|
||||
---
|
||||
doc/user_manual.adoc | 14 --------------
|
||||
1 file changed, 14 deletions(-)
|
||||
|
||||
diff --git a/doc/user_manual.adoc b/doc/user_manual.adoc
|
||||
index fa47d4fc..48933dd9 100644
|
||||
--- a/doc/user_manual.adoc
|
||||
+++ b/doc/user_manual.adoc
|
||||
@@ -524,20 +524,6 @@ Both while opening the files and when scanning. This option is discouraged and
|
||||
should only be used by content creators and/or people who really know what they
|
||||
are doing.
|
||||
|
||||
-== Known issues
|
||||
-
|
||||
-=== Result-based remediations of tailored profiles
|
||||
-
|
||||
-Saving remediation roles to the disk may not work for a customized profile. Specifically, it won't work if you add additional rules to it.
|
||||
-If this limitation affects you, follow these steps:
|
||||
-
|
||||
-Remark: You will need to use the oscap command-line utility, which is bundled together with scap-workbench.
|
||||
-
|
||||
-1. Save the scan results
|
||||
-2. Save your profile customization to a file using the "File->Save customization only" option.
|
||||
-3. Run this command: oscap xccdf generate fix --output <role filename> --result-id '' --tailoring-file <saved-customization> <saved-result>.
|
||||
-Refer to oscap xccdf generate fix -h if you want other than Bash output.
|
||||
-
|
||||
== Where to Get Help?
|
||||
|
||||
You ask for help with the application using
|
87
SOURCES/scap-workbench-1.2.2-ui_dimensions.patch
Normal file
87
SOURCES/scap-workbench-1.2.2-ui_dimensions.patch
Normal file
@ -0,0 +1,87 @@
|
||||
diff --git a/ui/SSGIntegrationDialog.ui b/ui/SSGIntegrationDialog.ui
|
||||
index 2e613740..519773f1 100644
|
||||
--- a/ui/SSGIntegrationDialog.ui
|
||||
+++ b/ui/SSGIntegrationDialog.ui
|
||||
@@ -7,7 +7,7 @@
|
||||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>889</width>
|
||||
- <height>288</height>
|
||||
+ <height>330</height>
|
||||
</rect>
|
||||
</property>
|
||||
<property name="sizePolicy">
|
||||
@@ -28,6 +28,9 @@
|
||||
<layout class="QVBoxLayout" name="verticalLayout">
|
||||
<item>
|
||||
<layout class="QHBoxLayout" name="horizontalLayout_3">
|
||||
+ <property name="spacing">
|
||||
+ <number>12</number>
|
||||
+ </property>
|
||||
<item>
|
||||
<widget class="QLabel" name="ssgLogo">
|
||||
<property name="sizePolicy">
|
||||
@@ -52,15 +55,19 @@
|
||||
</item>
|
||||
<item>
|
||||
<layout class="QVBoxLayout" name="verticalLayout_3">
|
||||
+ <property name="sizeConstraint">
|
||||
+ <enum>QLayout::SetMinimumSize</enum>
|
||||
+ </property>
|
||||
<property name="leftMargin">
|
||||
<number>0</number>
|
||||
</property>
|
||||
<item>
|
||||
<widget class="QLabel" name="label">
|
||||
- <property name="font">
|
||||
- <font>
|
||||
- <pointsize>11</pointsize>
|
||||
- </font>
|
||||
+ <property name="sizePolicy">
|
||||
+ <sizepolicy hsizetype="Preferred" vsizetype="Minimum">
|
||||
+ <horstretch>0</horstretch>
|
||||
+ <verstretch>0</verstretch>
|
||||
+ </sizepolicy>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string><html><head/><body><p>SCAP Security Guide was found installed on this machine.</p><p>The content provided by SCAP Security Guide allows you to quickly scan your machine according to well stablished security baselines.</p><p>Also, these guides are a good starting point if you'd like to customize a policy or profile for your own needs.</p><p>Select one of the default guides to load, or select Other SCAP Content option to load your own content.</p></body></html></string>
|
||||
@@ -111,10 +118,13 @@
|
||||
<property name="orientation">
|
||||
<enum>Qt::Vertical</enum>
|
||||
</property>
|
||||
+ <property name="sizeType">
|
||||
+ <enum>QSizePolicy::MinimumExpanding</enum>
|
||||
+ </property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
- <height>40</height>
|
||||
+ <height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
@@ -157,24 +167,6 @@
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
- <item>
|
||||
- <widget class="QWidget" name="widget" native="true">
|
||||
- <property name="sizePolicy">
|
||||
- <sizepolicy hsizetype="Preferred" vsizetype="Maximum">
|
||||
- <horstretch>0</horstretch>
|
||||
- <verstretch>0</verstretch>
|
||||
- </sizepolicy>
|
||||
- </property>
|
||||
- <layout class="QHBoxLayout" name="horizontalLayout">
|
||||
- <property name="spacing">
|
||||
- <number>6</number>
|
||||
- </property>
|
||||
- <property name="margin">
|
||||
- <number>0</number>
|
||||
- </property>
|
||||
- </layout>
|
||||
- </widget>
|
||||
- </item>
|
||||
</layout>
|
||||
</widget>
|
||||
<resources/>
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: scap-workbench
|
||||
Version: 1.2.0
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: Scanning, tailoring, editing and validation tool for SCAP content
|
||||
|
||||
License: GPLv3+
|
||||
@ -11,6 +11,8 @@ Source0: https://github.com/OpenSCAP/scap-workbench/releases/download/%{versi
|
||||
Patch1: oscap_version_suffix.patch
|
||||
Patch2: scap-workbench-1.2.1-missing-quotes.patch
|
||||
Patch3: scap-workbench-1.2.1-no-spaces-in-temporary-file-names.patch
|
||||
Patch4: scap-workbench-1.2.2-generate-result-based-remediation-from-tailored-profile.patch
|
||||
Patch5: scap-workbench-1.2.2-ui_dimensions.patch
|
||||
Group: System Environment/Base
|
||||
|
||||
BuildRequires: cmake >= 2.6
|
||||
@ -42,6 +44,8 @@ content. The tool is based on OpenSCAP library.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
%build
|
||||
%cmake -D CMAKE_INSTALL_DOCDIR=%{_pkgdocdir} .
|
||||
@ -68,6 +72,12 @@ make install DESTDIR=%{buildroot}
|
||||
%doc %{_pkgdocdir}/README.md
|
||||
|
||||
%changelog
|
||||
* Wed May 27 2020 Matěj Týč <matyc@redhat.com> - 1.2.0-5
|
||||
- Adjust the GUI dimensions, so text fits to the screen (RHBZ#1743713)
|
||||
|
||||
* Wed Apr 29 2020 Jan Černý <jcerny@redhat.com> - 1.2.0-5
|
||||
- Generate result-based remediation from tailored profile (RHBZ#1640715)
|
||||
|
||||
* Tue Jan 28 2020 Jan Černý <jcerny@redhat.com> 1.2.0-4
|
||||
- Fix error messages in the diagnostics window (RHBZ#1781074)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user