From 5aaa4ffc13bdbb46eebc6181fd4ee05e1027517d Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 14 Nov 2022 08:12:39 -0600 Subject: [PATCH 1/3] Add --quiet to rule_dir_json To make the script not output when used in things like the build system. --- utils/rule_dir_json.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/utils/rule_dir_json.py b/utils/rule_dir_json.py index 503161128ac..7db0f80108d 100755 --- a/utils/rule_dir_json.py +++ b/utils/rule_dir_json.py @@ -27,6 +27,7 @@ def parse_args(): help="Path to SSG root directory (defaults to %s)" % SSG_ROOT) parser.add_argument("-o", "--output", type=str, action="store", default=BUILD_OUTPUT, help="File to write json output to (defaults to build/rule_dirs.json)") + parser.add_argument("-q", "--quiet", action="store_true", help="Hides output from the script, just creates the file.") return parser.parse_args() @@ -173,6 +174,11 @@ def handle_remediations(product_list, product_yamls, rule_obj): return rule_remediations, r_products +def quiet_print(msg, quiet, file): + if not quiet: + print(msg, file) + + def main(): args = parse_args() @@ -201,7 +207,8 @@ def main(): all_ovals = ','.join(oval_products[key]) msg = "Product {0} has multiple ovals in rule {1}: {2}" msg = msg.format(key, rule_id, all_ovals) - print(msg, file=sys.stderr) + if not args.quiet: + print(msg, file=sys.stderr) rule_obj['oval_products'] = oval_products @@ -215,7 +222,8 @@ def main(): msg = "Product {0} has multiple remediations of the same type " msg += "in rule {1}: {2}" msg = msg.format(key, rule_id, all_fixes) - print(msg, file=sys.stderr) + if not args.quiet: + print(msg, file=sys.stderr) rule_obj['remediation_products'] = r_products From 6cfe5bc4f935bf6532e51e65e89912a06defbaa0 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Fri, 11 Nov 2022 16:11:59 -0600 Subject: [PATCH 2/3] Add SRG XLSX files to the build system So that SRG diff creation process is taken from a four-step process to a two-step process. --- CMakeLists.txt | 1 + cmake/SSGCommon.cmake | 30 ++++++++++++++++++++++++++++++ products/rhel9/CMakeLists.txt | 4 ++++ utils/rule_dir_json.py | 10 +++++----- 4 files changed, 40 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 8fb233257f2..4f12279be7c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -54,6 +54,7 @@ option(SSG_JINJA2_CACHE_ENABLED "If enabled, the jinja2 templating files will be option(SSG_BATS_TESTS_ENABLED "If enabled, bats will be used to run unit-tests of bash remediations." TRUE) option(SSG_BUILD_DISA_DELTA_FILES "If enabled, If the product has automated content from DISA for its STIG a tailoring file will be created with rules not covered by DISA's content enabled." TRUE) option(SSG_SCE_ENABLED "If enabled, additional SCE audit content will be enabled alongside OVAL-based auditing." FALSE) +option(SSG_SRG_XLSX_EXPORT "If enabled, an XLSX of SRG Export will be ceated." FALSE) set(SSG_JINJA2_CACHE_DIR "${CMAKE_BINARY_DIR}/jinja2_cache" CACHE PATH "Where the jinja2 cached bytecode should be stored. This speeds up builds at the expense of disk space. You can use one location for multiple SSG builds for performance improvements.") # SSG_PRODUCT_DEFAULT modifies the behavior of all other options. Products diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake index 131ad5f6415..d3c87ff7870 100644 --- a/cmake/SSGCommon.cmake +++ b/cmake/SSGCommon.cmake @@ -1144,6 +1144,36 @@ macro(ssg_build_html_stig_tables PRODUCT) DESTINATION "${SSG_TABLE_INSTALL_DIR}") endmacro() +macro(rule_dir_json) + add_custom_command( + OUTPUT "${CMAKE_BINARY_DIR}/rule_dirs.json" + COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/rule_dir_json.py" "--root" "${CMAKE_SOURCE_DIR}" "--output" "${CMAKE_BINARY_DIR}/rule_dirs.json" --quiet + COMMENT "[rule-dir-json] creating build/rule_dirs.json" + ) + add_custom_target( + rule_dir_json + DEPENDS "${CMAKE_SOURCE_DIR}/build/rule_dirs.json" + ) +endmacro() + + +macro(ssg_build_xlsx_srg_export PRODUCT CONTROL) + rule_dir_json() + add_custom_command( + OUTPUT "${CMAKE_BINARY_DIR}/${PRODUCT}/${PRODUCT}_${CONTROL}_srg_export.xlsx" + DEPENDS "${CMAKE_BINARY_DIR}/ssg-${PRODUCT}-ds.xml" + DEPENDS "${CMAKE_BINARY_DIR}/rule_dirs.json" + COMMAND "${CMAKE_COMMAND}" -E make_directory "${CMAKE_BINARY_DIR}/${PRODUCT}" + COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_SOURCE_DIR}/utils/create_srg_export.py" --root "${CMAKE_SOURCE_DIR}" --json "${CMAKE_BINARY_DIR}/rule_dirs.json" --control "${CMAKE_SOURCE_DIR}/controls/${CONTROL}.yml" --product "${PRODUCT}" --out-format xlsx --output "${CMAKE_BINARY_DIR}/${PRODUCT}/${PRODUCT}_${CONTROL}_srg_export.xlsx" --build-config-yaml "${CMAKE_BINARY_DIR}/build_config.yml" + COMMENT "[${PRODUCT}-tables] generating XLSX SRG Export" + ) + add_custom_target( + generate-${PRODUCT}_${CONTROL}_srg_export + DEPENDS "${CMAKE_BINARY_DIR}/${PRODUCT}/${PRODUCT}_${CONTROL}_srg_export.xlsx" + ) + add_dependencies(${PRODUCT}-tables generate-${PRODUCT}_${CONTROL}_srg_export) +endmacro() + macro(ssg_build_html_stig_tables_per_profile PRODUCT STIG_PROFILE) add_custom_command( OUTPUT "${CMAKE_BINARY_DIR}/tables/table-${PRODUCT}-${STIG_PROFILE}-testinfo.html" diff --git a/products/rhel9/CMakeLists.txt b/products/rhel9/CMakeLists.txt index 386f616ceb3..e4dc662d0d9 100644 --- a/products/rhel9/CMakeLists.txt +++ b/products/rhel9/CMakeLists.txt @@ -11,6 +11,10 @@ ssg_build_html_cce_table(${PRODUCT}) ssg_build_html_srgmap_tables(${PRODUCT}) +if (SSG_SRG_XLSX_EXPORT) + ssg_build_xlsx_srg_export(${PRODUCT} "srg_gpos") +endif() + # ssg_build_html_stig_tables(${PRODUCT} "stig") #ssg_build_html_stig_tables(${PRODUCT} "ospp") diff --git a/utils/rule_dir_json.py b/utils/rule_dir_json.py index 7db0f80108d..95ddf374c77 100755 --- a/utils/rule_dir_json.py +++ b/utils/rule_dir_json.py @@ -8,6 +8,7 @@ from collections import defaultdict import json +from typing import TextIO import ssg.build_yaml import ssg.oval @@ -27,7 +28,8 @@ def parse_args(): help="Path to SSG root directory (defaults to %s)" % SSG_ROOT) parser.add_argument("-o", "--output", type=str, action="store", default=BUILD_OUTPUT, help="File to write json output to (defaults to build/rule_dirs.json)") - parser.add_argument("-q", "--quiet", action="store_true", help="Hides output from the script, just creates the file.") + parser.add_argument("-q", "--quiet", action="store_true", + help="Hides output from the script, just creates the file.") return parser.parse_args() @@ -207,8 +209,7 @@ def main(): all_ovals = ','.join(oval_products[key]) msg = "Product {0} has multiple ovals in rule {1}: {2}" msg = msg.format(key, rule_id, all_ovals) - if not args.quiet: - print(msg, file=sys.stderr) + quiet_print(msg, args.quiet, sys.stderr) rule_obj['oval_products'] = oval_products @@ -222,8 +223,7 @@ def main(): msg = "Product {0} has multiple remediations of the same type " msg += "in rule {1}: {2}" msg = msg.format(key, rule_id, all_fixes) - if not args.quiet: - print(msg, file=sys.stderr) + quiet_print(msg, args.quiet, sys.stderr) rule_obj['remediation_products'] = r_products From 2a10bef43ff0b3f2910aa150ad38ef7f2777a35b Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 14 Nov 2022 09:12:10 -0600 Subject: [PATCH 3/3] clean up rule_dir_json.py import --- utils/rule_dir_json.py | 1 - 1 file changed, 1 deletion(-) diff --git a/utils/rule_dir_json.py b/utils/rule_dir_json.py index 95ddf374c77..3fdb43b925b 100755 --- a/utils/rule_dir_json.py +++ b/utils/rule_dir_json.py @@ -8,7 +8,6 @@ from collections import defaultdict import json -from typing import TextIO import ssg.build_yaml import ssg.oval