Signed-off-by: Jeffrey Blank <blank(a)eclipse.ncsc.mil>
---
RHEL6/transforms/table-srgmap.xslt | 120 ++++++++++++++++++++++++-----------
1 files changed, 82 insertions(+), 38 deletions(-)
diff --git a/RHEL6/transforms/table-srgmap.xslt b/RHEL6/transforms/table-srgmap.xslt
index c60bcf1..53a3fef 100644
--- a/RHEL6/transforms/table-srgmap.xslt
+++ b/RHEL6/transforms/table-srgmap.xslt
@@ -3,7 +3,10 @@
<!-- this style sheet is designed to take as input the OS SRG and a body of XCCDF
content (e.g. draft STIG),
and to map the requirements from the SRG to Rules in the XCCDF (which include CCIs
as references).
- The output shows how a body of XCCDF meets SRG requirements. -->
+ The output shows how a body of XCCDF meets SRG requirements. If the stylesheet is
provided a stringparam
+ "flat", then it will output a separate row for every Rule which satisfies
an SRG requirement. -->
+
+<xsl:param name="flat" select="''"/>
<xsl:include href="constants.xslt"/>
@@ -55,53 +58,94 @@
<td>CCI ID</td>
<td>SRG Title</td>
<td>SRG Description</td>
- <td>Rules Mapped</td>
+ <xsl:choose>
+ <xsl:when test="$flat">
+ <td>Rule ID</td>
+ <td>Rule Title</td>
+ <td>Rule Desc</td>
+ </xsl:when>
+ <xsl:otherwise>
+ <td>Rules Mapped</td>
+ </xsl:otherwise>
+ </xsl:choose>
</thead>
<xsl:for-each select=".//cdf:Rule">
<xsl:sort select="cdf:version"/>
- <xsl:call-template name="output-rule-info">
- <xsl:with-param name="srg_id"><xsl:value-of
select="cdf:version"/></xsl:with-param>
- <xsl:with-param name="srg_cci"><xsl:value-of
select="cdf:ident"/></xsl:with-param>
- <xsl:with-param name="srg_title"><xsl:value-of
select="cdf:title"/></xsl:with-param>
- <xsl:with-param name="srg_desc"><xsl:value-of
select="cdf:description"/></xsl:with-param>
- </xsl:call-template>
+ <xsl:choose>
+ <xsl:when test="$flat">
+ <xsl:call-template name="output-rows-flat"> <xsl:with-param
name="rule" select="."/> </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="output-row-nested"> <xsl:with-param
name="rule" select="."/> </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
</xsl:for-each>
</table>
</xsl:template>
- <xsl:template name="output-rule-info">
- <xsl:param name="srg_id" />
- <xsl:param name="srg_cci" />
- <xsl:param name="srg_title" />
- <xsl:param name="srg_desc" />
- <tr>
- <td> <xsl:value-of select="$srg_id"/> </td>
- <td> <xsl:value-of select="$srg_cci"/> </td>
- <td> <xsl:value-of select="$srg_title"/> </td>
- <td> <xsl:call-template
name="extract-vulndiscussion"><xsl:with-param name="desc"
select="$srg_desc"/></xsl:call-template> </td>
- <td>
- <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
- <xsl:for-each select="$items">
- <xsl:variable name="item" select="."/>
- <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
- <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
- <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
- <xsl:variable name="cci_expanded"
select="concat('CCI-', $cci_formatted)" />
- <xsl:if test="$cci_expanded=$srg_cci" >
- <table>
- <tr>
- <td> <xsl:value-of select="$item/cdf:title"/> </td>
- <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
- </tr>
- </table>
- </xsl:if>
- </xsl:for-each>
- </xsl:if>
+
+ <xsl:template name="output-row-nested">
+ <xsl:param name="rule" />
+ <tr>
+ <td> <xsl:value-of select="$rule/cdf:version"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:ident"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:title"/> </td>
+ <td> <xsl:call-template name="extract-vulndiscussion">
+ <xsl:with-param name="desc"
select="$rule/cdf:description"/>
+ </xsl:call-template>
+ </td>
+ <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
+ <td>
+ <xsl:for-each select="$items">
+ <xsl:variable name="item" select="."/>
+ <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
+ <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
+ <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
+ <xsl:variable name="cci_expanded" select="concat('CCI-',
$cci_formatted)" />
+ <xsl:variable name="srg_cci" select="$rule/cdf:ident"
/>
+ <xsl:if test="$cci_expanded=$srg_cci" >
+ <table>
+ <tr>
+ <td> <xsl:value-of select="$item/cdf:title"/> </td>
+ <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
+ </tr>
+ </table>
+ </xsl:if>
</xsl:for-each>
- </td>
- </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </td>
+ </tr>
</xsl:template>
+ <xsl:template name="output-rows-flat">
+ <xsl:param name="rule" />
+ <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
+ <xsl:for-each select="$items">
+ <xsl:variable name="item" select="."/>
+ <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
+ <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
+ <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
+ <xsl:variable name="cci_expanded" select="concat('CCI-',
$cci_formatted)" />
+ <xsl:variable name="srg_cci" select="$rule/cdf:ident"
/>
+ <xsl:if test="$cci_expanded=$srg_cci" >
+ <tr>
+ <td> <xsl:value-of select="$rule/cdf:version"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:ident"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:title"/> </td>
+ <td> <xsl:call-template name="extract-vulndiscussion">
+ <xsl:with-param name="desc"
select="$rule/cdf:description"/>
+ </xsl:call-template>
+ </td>
+ <td> <xsl:value-of select="$item/@id"/> </td>
+ <td> <xsl:value-of select="$item/cdf:title"/> </td>
+ <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:template>
<!-- return only the text between the "VulnDiscussion" (non-XCCDF) tags
-->
<!-- this should be removed as soon as SRGs include only a description instead of odd
tags -->
--
1.7.1