Warn when user asks to remediate rules that don't have a remediation

[iankko]

Disclaimer: Didn't check latest version, so feel free to close this, if already implemented, or decided as wontfix.

Use case:
User scans the system (baremetal, vm, container, whatever) and requests online remediation. Since not all remediations might be implemented in the benchmark, user might expect the system will be corrected / remediated as a whole, though this obviously won't happen.

Thus rather to confuse users, and make them to later find out, why the scan is still failing, it's better right at the scan issue a NOTE / WARNING in the case, rule is present in the original (modified) profile, and online remediation was requested, but the corresponding remediation for that rule is missing (thus oscap won't correct this system property).

Current user experience (see above disclaimer though, didn't check latest version):
User requests remediation. After completion, some rules are still failing.

Expected user experience:
User requests remediation. Rules not having remediation implemented yet, would be printed by oscap either beforehand -- something like:

The following rules are missing remediation:

• Rule_1
• Rule_2
  Remediation won't be performed for these rules.

or during the scan (if oscap knows if remediation is available only at the moment rule is "touched") -- something like:

Rule: Audit rules privileged commands (or whatever rule title here):
Result: Pass / Fail
Note: The rule is missing remediation. The corrective operation won't be performed.

Thank you for consideration!
Jan

[mpreisler]

Makes sense to me. We should issue the same warning for generate fix as well. This would clearly communicate that the resulting fixes aren't complete for those test results.

[shawndwells]

Love this. Would really be great for UX.