probes/yamlfilecontent: Bump yaml-filter, extend the schema and probe to be able to work with a set of values in maps #1552
Conversation
|
Example of a check for the "Upgradable" problem: <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:5">
<ind-def:path>/tmp</ind-def:path>
<ind-def:filename>openshift-logging.yaml</ind-def:filename>
<ind-def:yamlpath>.status.conditions[:]['status','type']</ind-def:yamlpath>
</ind-def:yamlfilecontent_object>
<ind-def:yamlfilecontent_state version="1" id="oval:0:ste:5">
<ind-def:value datatype="record">
<field name="status" datatype="string">True</field>
<field name="type" datatype="string">Upgradeable</field>
</ind-def:value>
</ind-def:yamlfilecontent_state>More details in CC @JAORMX |
|
Problems so far: this thing <field name="value_of" datatype="string" var_ref="oval:0:var:2" var_check="at least one" entity_check="at least one"/>is not working, no idea why. (CC @jan-cerny) Edit: fixed. |
|
As a bonus side of this change – we can now address any map, given that there is no values with complex objects (selection syntax could help if that's not the case). |
evgenyz
force-pushed
the
improve-yaml-probe
branch
from
5941773 to
a648dc9
Compare
evgenyz
force-pushed
the
improve-yaml-probe
branch
from
a648dc9 to
c4f3537
Compare
|
This is a possible fix for ComplianceAsCode/content#5822. |
evgenyz
changed the title
It could be because |
Yeah, but it's a field (child of it, not record itself). I'm not sure here, but I understood that should be possible for field. |
matejak
left a comment
matejak
left a comment
There was a problem hiding this comment.
I have provided some comments about the OVAL.
Would it be possible to split the C code into more functions that would make it more obvious what is going on there? The code is starting to be complex, and it is said that function names document better than comments that tend to become obsolete very quickly.
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
The idea to use record datatype is interesting, and makes sense to me.
There are a few caveats that should be considered though:
No variablesOnlyequalsoperator, nopattern matchingnameshould be all lower case
Edit: the remarks on the standard are about the record not the field.
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
Outdated
Show resolved
Hide resolved
schemas/oval/5.11.3/independent-system-characteristics-schema.xsd
Outdated
Show resolved
Hide resolved
Well noted, it makes sense that records cannot be compared to variables, and there is nothing related to fields comparison with variables. |
I will brush it up during the final implementation of all the details we are currently discussing (like having |
So, it just wasn't implemented. I fixed it. |
evgenyz
force-pushed
the
improve-yaml-probe
branch
from
396cfd4 to
bc37fce
Compare
yuumasato
left a comment
yuumasato
left a comment
There was a problem hiding this comment.
I'd go with value.
Changes in the scanner look good to me.
evgenyz
force-pushed
the
improve-yaml-probe
branch
2 times, most recently
from
37f4fb6 to
be38435
Compare
tests/probes/yamlfilecontent/test_probes_yamlfilecontent_types.sh
Outdated
Show resolved
Hide resolved
|
All current issues were addressed, waiting for reaction in OVAL-Community/OVAL#91. |
evgenyz
force-pushed
the
improve-yaml-probe
branch
2 times, most recently
from
571d179 to
46cf732
Compare
Add proper evaluation implementation for operation, var_check and var_ref attributes in the field entry of a record.
be able to work with a set of values in maps This introduces YAML Path selection ($.blah['key1','key2']) syntax and enriches yamlfilecontent test and schema with EntityStateRecordType and EntityItemRecordType result elements for collecting and checking complex objects in YAML/JSON documents. This change also depend on removal of the 'only lower case' restriction from the name attribute of the field element (EntityXxxFieldType).
And adjust probe implementation and tests for the workaround (lowercase and escape capital letters in field names with ^, use # instead of empty field names for scalars).
evgenyz
force-pushed
the
improve-yaml-probe
branch
from
46cf732 to
5f9b9b6
Compare
schemas/oval/5.11.3/independent-system-characteristics-schema.xsd
Outdated
Show resolved
Hide resolved
|
looks great |
evgenyz
force-pushed
the
improve-yaml-probe
branch
from
dde5fb8 to
227cce0
Compare
|
Let's merge it now, any other improvements can be opened separately. |
6 participants
This introduces YAML Path selection
$.blah['key1','key2']syntax andenriches yamlfilecontent test and schema with
EntityStateRecordTypeandEntityItemRecordTyperesult elements for collecting and checkingcomplex objects in YAML/JSON documents.
This change also depends on removal of the 'only lower case' restriction
from the
nameattribute of the field element (EntityXxxFieldType).