-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test that all rules have references #11610
Test that all rules have references #11610
Conversation
The constants.xslt in the `eks` product is the only product-specific constants XSLT file file that defines the variable `disa-stigs-uri`. Other products don't define this variable. But, this product doesn't have a STIG profile. So I think we can remove this variable. The definition of this variable seems to be a copy paste problem, from other products it was removed.
The XSLT variable `disa-stigs-uri` has been removed completely which made this part of the code useless.
There is no reason to store the variable into the object because it's just renaming the imported constant. Let's decrease the confusion.
The variable `generic_stig_ns` isn't used anywhere.
The option `--missing-stig-ids` is actually checking the references that are represented using `stigref` key in references in resolved rule YAML files. The naming of the option makes a confusion with `stigid` references. Therefore, we will rename the option to `--missing-stigref-refs` which will align this option name with the other options of this script, eg.` --missing-anssi-refs` is checking for missing `anssi` references in rules so `--missing-stigref-refs` will check for missing `stigref` references in rules.
This commit extends the CTest test missing-references-ssg-rhel9-ds.xml to verify that all rules in the RHEL 9 STIG profile in the data stream have a `stigid` reference.
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
We don't need to rename the constant and we don't need to copy it into the object instances.
This commit solves Code Climate problem that the RuleStats ctor has too many parameters.
Instead of having a dictionary in the object the items of the dictionary can be direct members of the class.
Code Climate has analyzed commit 46170d6 and detected 2 issues on this pull request. Here's the issue category breakdown:
The test coverage on the diff in this pull request is 2.1% (50% is the threshold). This pull request will bring the total coverage in the repository to 57.9% (-0.3% change). View more on Code Climate. |
I don't want to solve the Code Climate problems |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
Thanks!
Description:
Extend existing CTest tests "missing-references-ssg-${PRODUCT}-ds.xml". We will use it to test references that are automatically added to rules based on data from control files. The test checks that all rules in given profiles have a reference of the given type.
The test will now test references added from the following control files:
Rationale:
Ensures that references from control files are propagated to the rules in the built SCAP source data stream. Provides an integration test for #11540.
Review Hints:
Build product, open the built data stream and remove some
reference
elements from your favorite rules. Then run this test, eg.ctest --verbose -R missing-references-ssg-rhel9-ds.xml
.