This patchset provides the ability to output SRG mapping information
in additional formats. (Thanks Leland; please pardon the delay).
This should also make it fairly easy/clear how to
add additional output formats in a relatively modular fashion,
simply as a new template (plus modifying a <when> element).
There's also re-insertion of the ident-tables as a dependency for the
table Makerule, which was accidentally removed by me
at one point. This allows for the creation of a chart which demonstrates
the true value of CCE description and technical mechanism text.
Jeffrey Blank (3):
addition to SRG mapping Makerule for additional output format
support for new output format for SRG mapping
added table-idents back in to Makerule for all tables
Show replies by thread
Signed-off-by: Jeffrey Blank <blank(a)eclipse.ncsc.mil>
---
RHEL6/Makefile | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/RHEL6/Makefile b/RHEL6/Makefile
index 371d38a..d74c759 100644
--- a/RHEL6/Makefile
+++ b/RHEL6/Makefile
@@ -67,6 +67,8 @@ table-srgmap: shorthand-guide shorthand2xccdf
# the map-to-items filename must be provided relative to the root of the main document
being processed
xsltproc -stringparam map-to-items "../$(OUT)/unlinked-rhel6-xccdf.xml" -o
$(OUT)/table-rhel6-srgmap.html \
$(TRANS)/table-srgmap.xslt $(REFS)/disa-os-srg-v1r1.xml
+ xsltproc -stringparam flat "y" -stringparam map-to-items
"../$(OUT)/unlinked-rhel6-xccdf.xml" -o $(OUT)/table-rhel6-srgmap-flat.html \
+ $(TRANS)/table-srgmap.xslt $(REFS)/disa-os-srg-v1r1.xml
table-stigs: shorthand2xccdf
xsltproc -o $(OUT)/table-rhel5-stig.html $(TRANS)/xccdf2table-stig.xslt
$(REFS)/disa-stig-rhel5-v1r0.6-xccdf.xml
--
1.7.1
Signed-off-by: Jeffrey Blank <blank(a)eclipse.ncsc.mil>
---
RHEL6/transforms/table-srgmap.xslt | 120 ++++++++++++++++++++++++-----------
1 files changed, 82 insertions(+), 38 deletions(-)
diff --git a/RHEL6/transforms/table-srgmap.xslt b/RHEL6/transforms/table-srgmap.xslt
index c60bcf1..53a3fef 100644
--- a/RHEL6/transforms/table-srgmap.xslt
+++ b/RHEL6/transforms/table-srgmap.xslt
@@ -3,7 +3,10 @@
<!-- this style sheet is designed to take as input the OS SRG and a body of XCCDF
content (e.g. draft STIG),
and to map the requirements from the SRG to Rules in the XCCDF (which include CCIs
as references).
- The output shows how a body of XCCDF meets SRG requirements. -->
+ The output shows how a body of XCCDF meets SRG requirements. If the stylesheet is
provided a stringparam
+ "flat", then it will output a separate row for every Rule which satisfies
an SRG requirement. -->
+
+<xsl:param name="flat" select="''"/>
<xsl:include href="constants.xslt"/>
@@ -55,53 +58,94 @@
<td>CCI ID</td>
<td>SRG Title</td>
<td>SRG Description</td>
- <td>Rules Mapped</td>
+ <xsl:choose>
+ <xsl:when test="$flat">
+ <td>Rule ID</td>
+ <td>Rule Title</td>
+ <td>Rule Desc</td>
+ </xsl:when>
+ <xsl:otherwise>
+ <td>Rules Mapped</td>
+ </xsl:otherwise>
+ </xsl:choose>
</thead>
<xsl:for-each select=".//cdf:Rule">
<xsl:sort select="cdf:version"/>
- <xsl:call-template name="output-rule-info">
- <xsl:with-param name="srg_id"><xsl:value-of
select="cdf:version"/></xsl:with-param>
- <xsl:with-param name="srg_cci"><xsl:value-of
select="cdf:ident"/></xsl:with-param>
- <xsl:with-param name="srg_title"><xsl:value-of
select="cdf:title"/></xsl:with-param>
- <xsl:with-param name="srg_desc"><xsl:value-of
select="cdf:description"/></xsl:with-param>
- </xsl:call-template>
+ <xsl:choose>
+ <xsl:when test="$flat">
+ <xsl:call-template name="output-rows-flat"> <xsl:with-param
name="rule" select="."/> </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="output-row-nested"> <xsl:with-param
name="rule" select="."/> </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
</xsl:for-each>
</table>
</xsl:template>
- <xsl:template name="output-rule-info">
- <xsl:param name="srg_id" />
- <xsl:param name="srg_cci" />
- <xsl:param name="srg_title" />
- <xsl:param name="srg_desc" />
- <tr>
- <td> <xsl:value-of select="$srg_id"/> </td>
- <td> <xsl:value-of select="$srg_cci"/> </td>
- <td> <xsl:value-of select="$srg_title"/> </td>
- <td> <xsl:call-template
name="extract-vulndiscussion"><xsl:with-param name="desc"
select="$srg_desc"/></xsl:call-template> </td>
- <td>
- <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
- <xsl:for-each select="$items">
- <xsl:variable name="item" select="."/>
- <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
- <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
- <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
- <xsl:variable name="cci_expanded"
select="concat('CCI-', $cci_formatted)" />
- <xsl:if test="$cci_expanded=$srg_cci" >
- <table>
- <tr>
- <td> <xsl:value-of select="$item/cdf:title"/> </td>
- <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
- </tr>
- </table>
- </xsl:if>
- </xsl:for-each>
- </xsl:if>
+
+ <xsl:template name="output-row-nested">
+ <xsl:param name="rule" />
+ <tr>
+ <td> <xsl:value-of select="$rule/cdf:version"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:ident"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:title"/> </td>
+ <td> <xsl:call-template name="extract-vulndiscussion">
+ <xsl:with-param name="desc"
select="$rule/cdf:description"/>
+ </xsl:call-template>
+ </td>
+ <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
+ <td>
+ <xsl:for-each select="$items">
+ <xsl:variable name="item" select="."/>
+ <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
+ <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
+ <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
+ <xsl:variable name="cci_expanded" select="concat('CCI-',
$cci_formatted)" />
+ <xsl:variable name="srg_cci" select="$rule/cdf:ident"
/>
+ <xsl:if test="$cci_expanded=$srg_cci" >
+ <table>
+ <tr>
+ <td> <xsl:value-of select="$item/cdf:title"/> </td>
+ <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
+ </tr>
+ </table>
+ </xsl:if>
</xsl:for-each>
- </td>
- </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </td>
+ </tr>
</xsl:template>
+ <xsl:template name="output-rows-flat">
+ <xsl:param name="rule" />
+ <!-- iterate over the items (everything with references) in the
(externally-provided) XCCDF document -->
+ <xsl:for-each select="$items">
+ <xsl:variable name="item" select="."/>
+ <xsl:if test="cdf:reference[@href=$disa-cciuri]" >
+ <xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
+ <xsl:variable name="cci_formatted"
select='format-number(self::node()[text()], "000000")' />
+ <xsl:variable name="cci_expanded" select="concat('CCI-',
$cci_formatted)" />
+ <xsl:variable name="srg_cci" select="$rule/cdf:ident"
/>
+ <xsl:if test="$cci_expanded=$srg_cci" >
+ <tr>
+ <td> <xsl:value-of select="$rule/cdf:version"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:ident"/> </td>
+ <td> <xsl:value-of select="$rule/cdf:title"/> </td>
+ <td> <xsl:call-template name="extract-vulndiscussion">
+ <xsl:with-param name="desc"
select="$rule/cdf:description"/>
+ </xsl:call-template>
+ </td>
+ <td> <xsl:value-of select="$item/@id"/> </td>
+ <td> <xsl:value-of select="$item/cdf:title"/> </td>
+ <td> <xsl:apply-templates select="$item/cdf:description"/>
</td>
+ </tr>
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:template>
<!-- return only the text between the "VulnDiscussion" (non-XCCDF) tags
-->
<!-- this should be removed as soon as SRGs include only a description instead of odd
tags -->
--
1.7.1
Signed-off-by: Jeffrey Blank <blank(a)eclipse.ncsc.mil>
---
RHEL6/Makefile | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/RHEL6/Makefile b/RHEL6/Makefile
index d74c759..0046727 100644
--- a/RHEL6/Makefile
+++ b/RHEL6/Makefile
@@ -88,7 +88,7 @@ table-stigs: shorthand2xccdf
$(TRANS)/xccdf2table-profileccirefs.xslt \
$(OUT)/unlinked-stig-rhel6-xccdf.xml
-tables: table-refs table-profilenistrefs table-srgmap table-stigs
+tables: table-refs table-idents table-profilenistrefs table-srgmap table-stigs
alt-titles: shorthand2xccdf
$(UTILS)/sync-alt-titles.py -p stig-server -f $(IN)/auxiliary/alt-titles-stig.xml
$(OUT)/unlinked-rhel6-xccdf.xml
--
1.7.1