You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.
Problem: When a rule with multi-check is evaluated, only the last result of checks is disaplyed and all other check results are ignored. Also, the rule is displayed only once in SCAP Workbench window. Moreover, there is no information displayed to the user that the rule consists of multiple checks. This is against XCCDF 1.2 specification Section 7.2.3.5.2, which states:
if an xccdf:check element leads to the execution of
multiple checks (i.e., an xccdf:check-content-ref that lacks a @name attribute is used) and
the @multi-check attribute is set to true, each check executed MUST be reported separately.
In practice, this problem happens when evaluating rule "Security patches are up-to-date" in SCAP 1.3 content. The rule results displayed in SCAP Workbench are wrong, because it displays results for the last vulnerability in the CVE list and it doesn't even show which one.
I think the implementation of this feature in Workbench will not trivial.
Currently, SCAP Workbench first obtains a list of XCCDF rules and displays them in the main window (libopenscap API is used to get the list). During the evaluation it updates the result column based on parsing of oscap stdout. oscap is running in --progress mode.
My proposal is:
create a new API function in OpenSCAP library which will fetch rules including the used checks
change --progress output of openscap to show also check ID (OVAL ID) to distinguish between results of the same rule ID. Optionally create a new output format of oscap if change of --progress output format would break something.
change SCAP Workbench to use the previous 2 points.
The text was updated successfully, but these errors were encountered:
Problem: When a rule with multi-check is evaluated, only the last result of checks is disaplyed and all other check results are ignored. Also, the rule is displayed only once in SCAP Workbench window. Moreover, there is no information displayed to the user that the rule consists of multiple checks. This is against XCCDF 1.2 specification Section 7.2.3.5.2, which states:
In practice, this problem happens when evaluating rule "Security patches are up-to-date" in SCAP 1.3 content. The rule results displayed in SCAP Workbench are wrong, because it displays results for the last vulnerability in the CVE list and it doesn't even show which one.
We have discovered this problem in Workbench when we were working on improving the standard output of OpenSCAP and HTML report for these types of rules - see https://bugzilla.redhat.com/show_bug.cgi?id=1771438 and OpenSCAP/openscap#1426
I think the implementation of this feature in Workbench will not trivial.
Currently, SCAP Workbench first obtains a list of XCCDF rules and displays them in the main window (libopenscap API is used to get the list). During the evaluation it updates the result column based on parsing of
oscap
stdout.oscap
is running in--progress
mode.My proposal is:
--progress
output ofopenscap
to show also check ID (OVAL ID) to distinguish between results of the same rule ID. Optionally create a new output format ofoscap
if change of--progress
output format would break something.The text was updated successfully, but these errors were encountered: