Prepare OVAL object model for integration #11206
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
Start a new ephemeral environment with changes proposed in this pull request: Fedora Environment Oracle Linux 8 Environment |
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
from
4b54a04 to
853d46b
Compare
Honny1
added
enhancement
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
4 times, most recently
from
f3913d4 to
f6fbece
Compare
|
@Honny1 What is the intention behind |
|
@jan-cerny |
|
@Honny1 Cool, that sounds natural. But, I'm curious about their purpose. Won't the shorthand format be parsed and converted to objects? |
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
9 times, most recently
from
5ccd6e8 to
d71e097
Compare
|
/test all |
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
3 times, most recently
from
c31c2e6 to
a6cdb3f
Compare
|
@jan-cerny Yes, |
|
@Honny1 And why do we need this representation? Feel free to reply in a more detailed way. |
|
@jan-cerny When loading shortcuts, you can load a shortcut containing several OVAL definitions. One of them may be applicable for a given platform and the other may not. For this reason, I decided to load the entire shortcut into an |
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
from
a6cdb3f to
8efe315
Compare
| return "external_variable" in component.tag | ||
|
|
||
|
|
||
| def _handle_existing_id(component, component_dict): |
There was a problem hiding this comment.
This function looks very similar to a part of append function in ssg/build_ovals.py. You should first extract the common code out to a function and then call that function both here and there to prevent unwanted code duplication and responsibility duplication.
There was a problem hiding this comment.
In the next PR, I plan to rework ssg/build_ovals.py and combine_ovals.py and remove some duplicated and unused code. So this duplication will be resolved.
|
|
||
|
|
||
| def _handle_existing_id(component, component_dict): | ||
| # ID is identical, but OVAL entities are semantically difference => |
There was a problem hiding this comment.
| # ID is identical, but OVAL entities are semantically difference => | |
| # ID is identical, but OVAL entities are semantically different => |
| if value is None: | ||
| return True | ||
| return False |
There was a problem hiding this comment.
This could be simplified to return value is None.
| "ERROR: A definition that does not match the rule ID '{}'" | ||
| " is not present in the shorthand." |
There was a problem hiding this comment.
I'm confused by this. Should the "does not" be there?
| @@ -0,0 +1,51 @@ | |||
| import pytest | |||
|
|
|||
| from test_load_and_store import _load_oval_document, OVAL_DOCUMENT_PATH | |||
There was a problem hiding this comment.
A small nit pick: I think that the tests are somehow exceptional and it actually could be more readable if the path is redefined here in this file instead of importing the constant from other unit test file.
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
2 times, most recently
from
265ea7a to
7ccbeea
Compare
|
/packit retest-failed |
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
from
7ccbeea to
51c55f5
Compare
…tadata field is not empty
Honny1
force-pushed
the
integration-of-OVAL-Object-mode
branch
from
51c55f5 to
5eb2824
Compare
|
Code Climate has analyzed commit 5eb2824 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 88.2% (50% is the threshold). This pull request will bring the total coverage in the repository to 58.4%. View more on Code Climate. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
I hav found that the feedback from previous drive-by's has been addressed, but I'm sad that there are no PR comments that would make this situation transparent for everyone.
I can see that almost all the changes are in the oval_object_model module and the unit tests for the oval_object_model module. At this moment, the oval_object_model module isn't used anywhere in the build system. The only changes outside of this that indeed affect our build system are small refactoring changes in ssg/build_ovals.py and ssg/utils.py that is the extraction of code to the get_fixed_product_version function. From this point of view, the changes are safe for the project. However, I'm missing this information in the PR description. Also, I would prefer if this specific refactoring change would be submitted as a separate PR.
I have played with the attached test.py script. I have noticed that it assumes the existence of the ./build/single_ovals/ directory which isn't created by that. But if I create this directory manually, it creates the expected OVAL files.
Overall, I evaluate the contents of this PR as a good preparation for further steps. Thanks for having the unit tests!
This PR adds and enhances the OVAL object model capabilities for integration into
combine_ovals.py.New capabilities:
Enhanced capabilities:
Review Hints:
Test script
test.py
Execution of test script:
This test script generates one document for each OVAL definition with all referenced OVAL components and then performs validation using
oscap oval validate FILE_PATH, but ignores validation for theocpandeksproducts.Note: the test script processes all OVAL documents in the build directory.
Unit tests
Run unit tests: