Generate rule references from control files #11540
Merged
Commits on Feb 5, 2024
-
Represent references as lists internally
The reference values are stored in rule.yml files as strings that are comma-separated lists of identifiers. We won't change the rule.yml files stored in git because that would be a massive change, but we will change the way how the references are stored internally in build system and also in the resolved files. This should simplify the code but won't have impact on built SCAP data streams.
-
Extend control file schema to support references
With this change we will be able to use controls IDs as reference keys, which will allow us to add references to rules based on control files.
-
Add references from control files to rules
Starting from this change the references can be added to rules automatically based on control files control IDs.
-
Add a one-off script to remove references
Remove references from rule.ymls
-
Use references from control files
For RHEL CIS profiles we will used the control files as the source of reference data.
-
Remove refcheck test for CIS profiles
The CIS references will now be set automatically based on data in control files. They will not be assigned manually to rule.ymls, therefore they won't be present in rule.ymls, therefore we shouldn't test if they're present there.
-
This commit adds a simple unit test for the feature of compiling rule references by adding references based on control file.
-
Remove CIS references from rules
Remove CIS RHEL 7, RHEL 8, RHEL 9 references from rules because they are added automatically based on control files.
-
-
Reduce code complexity by extracting a code to a method.
-
Reduce code complexity by extracting a code to a new function.
-
Configuration menu
