Signed-off-by: David Smith <dsmith(a)eclipse.ncsc.mil>
---
RHEL6/utils/verify-cce.py | 47 +++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 47 insertions(+), 0 deletions(-)
create mode 100755 RHEL6/utils/verify-cce.py
diff --git a/RHEL6/utils/verify-cce.py b/RHEL6/utils/verify-cce.py
new file mode 100755
index 0000000..d22fab5
--- /dev/null
+++ b/RHEL6/utils/verify-cce.py
@@ -0,0 +1,47 @@
+#!/usr/bin/python
+
+import sys, os
+from lxml import etree
+
+# This script checks the validity of assigned CCEs, lists granted and remaining available
CCEs, and checks for duplicates.
+
+
+xccdf_ns = "http://checklists.nist.gov/xccdf/1.1"
+
+
+tree = etree.parse('../output/unlinked-rhel6-xccdf.xml')
+
+cces_assigned =
tree.findall("//{%s}ident[@system='http://cce.mitre.org']" % xccdf_ns)
+
+assigned_ids = []
+granted_ids = []
+
+# print the list of assigned CCEs
+print "Assigned CCEs:"
+for item in cces_assigned:
+ print item.text
+ assigned_ids.append(item.text)
+print "-------------"
+
+# open the available CCE file
+with open('../references/cce-rhel6-avail.txt', 'r') as f:
+ for line in f:
+ granted_ids = [line.rstrip('\n') for line in f]
+# print granted_ids
+
+# print CCEs that appear in content but are not valid
+ for item in assigned_ids:
+ if item not in granted_ids:
+ print "Invalid CCE: %s" % item
+
+# print CCEs that are available (i.e. in granted but not assigned)
+ for item in granted_ids:
+ if item not in assigned_ids:
+ print "Available CCE: %s" % item
+
+# check for duplicates in the assigned CCE list
+if len(set(assigned_ids)) != len(assigned_ids):
+ print "duplicate"
+
+sys.exit()
+
--
1.7.1