On Apr 6, 2013, at 8:08 AM, Simon Lukasik <slukasik(a)redhat.com>
wrote:
> On 04/05/2013 09:08 PM, Francisco Slavin wrote:
>> If all of the bash scripts will live within one XCCDF XML file, each
>> >
> in discrete <fix> tags, I'm not sure what approach the community
>> would like to take regarding function re-use. It seems like some
>> pre-processing may be necessary; i.e. resolve the source operator
>> before inserting the script content into the <fix> tag. The goal is
>> to only have one copy of a specific function saved in the SSG repo
>> but to be able to use it for multiple <fix>es which differ only in
>> one parameter.
>
> Maybe the text substitution of <plain-text> could be considered for
> this task. According to NISTIR-7275r4, the <xccdf:sub> element within
> <xccdf:fix> may refer to the <xccdf:plain-text> element.
>
> Hence, SSG may use plain-text elements for definition of common
> scripts or functions. And only refer to such single plain-text from
> all of the Rules.
>
> The example of <plain-text> usage is in OpenSCAP unittests at:
>
>
http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/uni
> ttests/test_remediation_subs_plain_text.xccdf.xml
>
> and
>
>
http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/uni
> ttests/
This is fantastic, thank you Simon! I went through your unit test scripts and
got a few ideas on improving SSG (outside of remediation).
I won't get a chance to try this until late Sunday, but we should easily be able
to transform "functions" as existing in current Tresys scripts. Someone feel
free to shoot out a first draft/patch!
The <plain-text> usage does look like an excellent approach here. I'll try to
find some time today to hack together a patch based on the scripts I sent previously.
- Francisco