On Apr 6, 2013, at 8:08 AM, Simon Lukasik <slukasik(a)redhat.com> wrote:
On 04/05/2013 09:08 PM, Francisco Slavin wrote:
> If all of the bash scripts will live within one XCCDF XML file, each >
in discrete <fix> tags, I'm not sure what approach the community
> would like to take regarding function re-use. It seems like some
> pre-processing may be necessary; i.e. resolve the source operator
> before inserting the script content into the <fix> tag. The goal is
> to only have one copy of a specific function saved in the SSG repo
> but to be able to use it for multiple <fix>es which differ only in
> one parameter.
Maybe the text substitution of <plain-text> could be considered for this
task. According to NISTIR-7275r4, the <xccdf:sub> element within
<xccdf:fix> may refer to the <xccdf:plain-text> element.
Hence, SSG may use plain-text elements for definition of common scripts
or functions. And only refer to such single plain-text from all of the
Rules.
The example of <plain-text> usage is in OpenSCAP unittests at:
http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unitte...
and
http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/unitte...
This is fantastic, thank you Simon! I went through your unit test scripts and got a few
ideas on improving SSG (outside of remediation).
I won't get a chance to try this until late Sunday, but we should easily be able to
transform "functions" as existing in current Tresys scripts. Someone feel free
to shoot out a first draft/patch!