Skip to content

Commit

Permalink
Remove intermediary dictionary
Browse files Browse the repository at this point in the history 
Instead of having a dictionary in the object the items of the
dictionary can be direct members of the class.
  • Loading branch information
@jan-cerny
jan-cerny committed Feb 21, 2024
1 parent 8c75957 commit 12a2f6e
Showing 1 changed file with 72 additions and 93 deletions.
165 changes: 72 additions & 93 deletions ssg/build_profile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,80 +47,59 @@ class RuleStats(object):
purposes.
"""
def __init__(self, rule, cis_ns):
rid = rule.get("id")
oval = rule.find('./{%s}check[@system="%s"]' % (XCCDF12_NS, oval_ns))
sce = rule.find('./{%s}check[@system="%s"]' % (XCCDF12_NS, sce_ns))
bash_fix = rule.find('./{%s}fix[@system="%s"]' % (XCCDF12_NS, bash_rem_system))
ansible_fix = rule.find(
self.id = rule.get("id")
self.oval = rule.find('./{%s}check[@system="%s"]' % (XCCDF12_NS, oval_ns))
self.sce = rule.find('./{%s}check[@system="%s"]' % (XCCDF12_NS, sce_ns))
self.bash_fix = rule.find('./{%s}fix[@system="%s"]' % (XCCDF12_NS, bash_rem_system))
self.ansible_fix = rule.find(
'./{%s}fix[@system="%s"]' % (XCCDF12_NS, ansible_rem_system)
)
ignition_fix = rule.find(
self.ignition_fix = rule.find(
'./{%s}fix[@system="%s"]' % (XCCDF12_NS, ignition_rem_system)
)
kubernetes_fix = rule.find(
self.kubernetes_fix = rule.find(
'./{%s}fix[@system="%s"]' % (XCCDF12_NS, kubernetes_rem_system)
)
puppet_fix = rule.find(
self.puppet_fix = rule.find(
'./{%s}fix[@system="%s"]' % (XCCDF12_NS, puppet_rem_system)
)
anaconda_fix = rule.find(
self.anaconda_fix = rule.find(
'./{%s}fix[@system="%s"]' % (XCCDF12_NS, anaconda_rem_system)
)
cce = rule.find('./{%s}ident[@system="%s"]' % (XCCDF12_NS, cce_uri))
stigid_ref = rule.find(
self.cce = rule.find('./{%s}ident[@system="%s"]' % (XCCDF12_NS, cce_uri))
self.stigid_ref = rule.find(
'./{%s}reference[@href="%s"]' % (XCCDF12_NS, SSG_REF_URIS["stigid"])
)
stigref_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, stig_ns))
ccn_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, ccn_ns))
cis_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, cis_ns))
hipaa_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, hipaa_ns))
anssi_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, anssi_ns))
ospp_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, ospp_ns))
pcidss4_ref = rule.find(
self.stigref_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, stig_ns))
self.ccn_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, ccn_ns))
self.cis_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, cis_ns))
self.hipaa_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, hipaa_ns))
self.anssi_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, anssi_ns))
self.ospp_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, ospp_ns))
self.pcidss4_ref = rule.find(
'./{%s}reference[@href="%s"]' % (XCCDF12_NS, pcidss4_ns)
)
cui_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, cui_ns))
self.dict = {
'id': rid,
'oval': oval,
'sce': sce,
'check': None,
'bash_fix': bash_fix,
'ansible_fix': ansible_fix,
'ignition_fix': ignition_fix,
'kubernetes_fix': kubernetes_fix,
'puppet_fix': puppet_fix,
'anaconda_fix': anaconda_fix,
'fix': None,
'cce': cce,
'stigid_ref': stigid_ref,
'stigref_ref': stigref_ref,
'ccn_ref': ccn_ref,
'cis_ref': cis_ref,
'hipaa_ref': hipaa_ref,
'anssi_ref': anssi_ref,
'ospp_ref': ospp_ref,
'pcidss4_ref': pcidss4_ref,
'cui_ref': cui_ref,
}

if oval is not None:
self.dict['check'] = oval
elif sce is not None:
self.dict['check'] = sce

if bash_fix is not None:
self.dict['fix'] = bash_fix
elif ansible_fix is not None:
self.dict['fix'] = ansible_fix
elif ignition_fix is not None:
self.dict['fix'] = ignition_fix
elif kubernetes_fix is not None:
self.dict['fix'] = kubernetes_fix
elif puppet_fix is not None:
self.dict['fix'] = puppet_fix
elif anaconda_fix is not None:
self.dict['fix'] = anaconda_fix
self.cui_ref = rule.find('./{%s}reference[@href="%s"]' % (XCCDF12_NS, cui_ns))

self.check = None
if self.oval is not None:
self.check = self.oval
elif self.sce is not None:
self.check = self.sce

self.fix = None
if self.bash_fix is not None:
self.fix = self.bash_fix
elif self.ansible_fix is not None:
self.fix = self.ansible_fix
elif self.ignition_fix is not None:
self.fix = self.ignition_fix
elif self.kubernetes_fix is not None:
self.fix = self.kubernetes_fix
elif self.puppet_fix is not None:
self.fix = self.puppet_fix
elif self.anaconda_fix is not None:
self.fix = self.anaconda_fix


def get_cis_uri(product):
Expand Down Expand Up @@ -269,149 +248,149 @@ def get_profile_stats(self, profile):
print('Unable to retrieve statistics for %s profile' % profile)
sys.exit(1)

rule_stats.sort(key=lambda r: r.dict['id'])
rule_stats.sort(key=lambda r: r.id)

for rule in rule_stats:
profile_stats['rules'].append(rule.dict['id'])
profile_stats['rules'].append(rule.id)

profile_stats['profile_id'] = profile.replace(OSCAP_PROFILE, "")
if ssg_version_elem is not None:
profile_stats['ssg_version'] = \
'SCAP Security Guide %s' % ssg_version_elem.text
profile_stats['rules_count'] = len(rule_stats)
profile_stats['implemented_ovals'] = \
[x.dict['id'] for x in rule_stats if x.dict['oval'] is not None]
[x.id for x in rule_stats if x.oval is not None]
profile_stats['implemented_ovals_pct'] = \
float(len(profile_stats['implemented_ovals'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_ovals'] = \
[x.dict['id'] for x in rule_stats if x.dict['oval'] is None]
[x.id for x in rule_stats if x.oval is None]

profile_stats['implemented_sces'] = \
[x.dict['id'] for x in rule_stats if x.dict['sce'] is not None]
[x.id for x in rule_stats if x.sce is not None]
profile_stats['implemented_sces_pct'] = \
float(len(profile_stats['implemented_sces'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_sces'] = \
[x.dict['id'] for x in rule_stats if x.dict['sce'] is None]
[x.id for x in rule_stats if x.sce is None]

profile_stats['implemented_checks'] = \
[x.dict['id'] for x in rule_stats if x.dict['check'] is not None]
[x.id for x in rule_stats if x.check is not None]
profile_stats['implemented_checks_pct'] = \
float(len(profile_stats['implemented_checks'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_checks'] = \
[x.dict['id'] for x in rule_stats if x.dict['check'] is None]
[x.id for x in rule_stats if x.check is None]

profile_stats['implemented_bash_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['bash_fix'] is not None]
[x.id for x in rule_stats if x.bash_fix is not None]
profile_stats['implemented_bash_fixes_pct'] = \
float(len(profile_stats['implemented_bash_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_bash_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['bash_fix'] is None]
[x.id for x in rule_stats if x.bash_fix is None]

profile_stats['implemented_ansible_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['ansible_fix'] is not None]
[x.id for x in rule_stats if x.ansible_fix is not None]
profile_stats['implemented_ansible_fixes_pct'] = \
float(len(profile_stats['implemented_ansible_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_ansible_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['ansible_fix'] is None]
[x.id for x in rule_stats if x.ansible_fix is None]

profile_stats['implemented_ignition_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['ignition_fix'] is not None]
[x.id for x in rule_stats if x.ignition_fix is not None]
profile_stats['implemented_ignition_fixes_pct'] = \
float(len(profile_stats['implemented_ignition_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_ignition_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['ignition_fix'] is None]
[x.id for x in rule_stats if x.ignition_fix is None]

profile_stats['implemented_kubernetes_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['kubernetes_fix'] is not None]
[x.id for x in rule_stats if x.kubernetes_fix is not None]
profile_stats['implemented_kubernetes_fixes_pct'] = \
float(len(profile_stats['implemented_kubernetes_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_kubernetes_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['kubernetes_fix'] is None]
[x.id for x in rule_stats if x.kubernetes_fix is None]

profile_stats['implemented_puppet_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['puppet_fix'] is not None]
[x.id for x in rule_stats if x.puppet_fix is not None]
profile_stats['implemented_puppet_fixes_pct'] = \
float(len(profile_stats['implemented_puppet_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_puppet_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['puppet_fix'] is None]
[x.id for x in rule_stats if x.puppet_fix is None]

profile_stats['implemented_anaconda_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['anaconda_fix'] is not None]
[x.id for x in rule_stats if x.anaconda_fix is not None]

profile_stats['implemented_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['fix'] is not None]
[x.id for x in rule_stats if x.fix is not None]
profile_stats['implemented_fixes_pct'] = \
float(len(profile_stats['implemented_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['fix'] is None]
[x.id for x in rule_stats if x.fix is None]

profile_stats['missing_stigid_refs'] = []
if 'stig' in profile_stats['profile_id']:
profile_stats['missing_stigid_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['stigid_ref'] is None]
[x.id for x in rule_stats if x.stigid_ref is None]

profile_stats['missing_stigref_refs'] = []
if 'stig' in profile_stats['profile_id']:
profile_stats['missing_stigref_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['stigref_ref'] is None]
[x.id for x in rule_stats if x.stigref_ref is None]

profile_stats['missing_ccn_refs'] = []
if 'ccn' in profile_stats['profile_id']:
profile_stats['missing_ccn_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['ccn_ref'] is None]
[x.id for x in rule_stats if x.ccn_ref is None]

profile_stats['missing_cis_refs'] = []
if 'cis' in profile_stats['profile_id']:
profile_stats['missing_cis_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['cis_ref'] is None]
[x.id for x in rule_stats if x.cis_ref is None]

profile_stats['missing_hipaa_refs'] = []
if 'hipaa' in profile_stats['profile_id']:
profile_stats['missing_hipaa_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['hipaa_ref'] is None]
[x.id for x in rule_stats if x.hipaa_ref is None]

profile_stats['missing_anssi_refs'] = []
if 'anssi' in profile_stats['profile_id']:
profile_stats['missing_anssi_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['anssi_ref'] is None]
[x.id for x in rule_stats if x.anssi_ref is None]

profile_stats['missing_ospp_refs'] = []
if 'ospp' in profile_stats['profile_id']:
profile_stats['missing_ospp_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['ospp_ref'] is None]
[x.id for x in rule_stats if x.ospp_ref is None]

profile_stats['missing_pcidss4_refs'] = []
if 'pci-dss' in profile_stats['profile_id']:
profile_stats['missing_pcidss4_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['pcidss4_ref'] is None]
[x.id for x in rule_stats if x.pcidss4_ref is None]

profile_stats['missing_cui_refs'] = []
if 'cui' in profile_stats['profile_id']:
profile_stats['missing_cui_refs'] = \
[x.dict['id'] for x in rule_stats if x.dict['cui_ref'] is None]
[x.id for x in rule_stats if x.cui_ref is None]

profile_stats['implemented_anaconda_fixes_pct'] = \
float(len(profile_stats['implemented_anaconda_fixes'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_anaconda_fixes'] = \
[x.dict['id'] for x in rule_stats if x.dict['anaconda_fix'] is None]
[x.id for x in rule_stats if x.anaconda_fix is None]

profile_stats['assigned_cces'] = \
[x.dict['id'] for x in rule_stats if x.dict['cce'] is not None]
[x.id for x in rule_stats if x.cce is not None]
profile_stats['assigned_cces_pct'] = \
float(len(profile_stats['assigned_cces'])) / \
profile_stats['rules_count'] * 100
profile_stats['missing_cces'] = \
[x.dict['id'] for x in rule_stats if x.dict['cce'] is None]
[x.id for x in rule_stats if x.cce is None]

profile_stats['ansible_parity'] = \
[rule_id for rule_id in profile_stats["missing_ansible_fixes"] if rule_id not in profile_stats["missing_bash_fixes"]]
Expand Down

0 comments on commit 12a2f6e

Please sign in to comment.