Test that all rules have references #11610
Conversation
The constants.xslt in the `eks` product is the only product-specific constants XSLT file file that defines the variable `disa-stigs-uri`. Other products don't define this variable. But, this product doesn't have a STIG profile. So I think we can remove this variable. The definition of this variable seems to be a copy paste problem, from other products it was removed.
The XSLT variable `disa-stigs-uri` has been removed completely which made this part of the code useless.
There is no reason to store the variable into the object because it's just renaming the imported constant. Let's decrease the confusion.
The variable `generic_stig_ns` isn't used anywhere.
The option `--missing-stig-ids` is actually checking the references that are represented using `stigref` key in references in resolved rule YAML files. The naming of the option makes a confusion with `stigid` references. Therefore, we will rename the option to `--missing-stigref-refs` which will align this option name with the other options of this script, eg.` --missing-anssi-refs` is checking for missing `anssi` references in rules so `--missing-stigref-refs` will check for missing `stigref` references in rules.
This commit extends the CTest test missing-references-ssg-rhel9-ds.xml to verify that all rules in the RHEL 9 STIG profile in the data stream have a `stigid` reference.
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
|
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
We don't need to rename the constant and we don't need to copy it into the object instances.
This commit solves Code Climate problem that the RuleStats ctor has too many parameters.
Instead of having a dictionary in the object the items of the dictionary can be direct members of the class.
|
Code Climate has analyzed commit 46170d6 and detected 2 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 2.1% (50% is the threshold). This pull request will bring the total coverage in the repository to 57.9% (-0.3% change). View more on Code Climate. |
|
I don't want to solve the Code Climate problems |
Description:
Extend existing CTest tests "missing-references-ssg-${PRODUCT}-ds.xml". We will use it to test references that are automatically added to rules based on data from control files. The test checks that all rules in given profiles have a reference of the given type.
The test will now test references added from the following control files:
Rationale:
Ensures that references from control files are propagated to the rules in the built SCAP source data stream. Provides an integration test for #11540.
Review Hints:
Build product, open the built data stream and remove some
referenceelements from your favorite rules. Then run this test, eg.ctest --verbose -R missing-references-ssg-rhel9-ds.xml.