Bug 1182242
| Summary: | USGCB, OVAL validating: var_check has been supplied, var_ref missing | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Žember <mzember> |
| Component: | openscap | Assignee: | Šimon Lukašík <slukasik> |
| Status: | CLOSED ERRATA | QA Contact: | Martin Žember <mzember> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 7.1 | CC: | ebenes, ksrot, mpreisle, openscap-maint, ovasik, pvrabec |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openscap-1.1.1-3.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-03-05 09:07:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Martin Žember
2015-01-14 17:06:31 UTC
I have just reproduced this issue with openscap from maint-1.0. Are you sure this issue is not reproducible with openscap-1.0.3-2.el7? It could be that it was introduced between 1.0.3 and maint-1.0 HEAD. $ ../run ../utils/.libs/oscap --v OpenSCAP command line tool (oscap) 1.0.10 ... $ ../run ../utils/.libs/oscap xccdf eval --profile united_states_government_configuration_baseline --results usgcb-xccdf-results.xml --oval-results usgcb-rhel5desktop-xccdf.xml ... $ ../run ../utils/.libs/oscap oval validate-xml --results --schematron usgcb-rhel5desktop-oval.xml.result.xml <?xml version="1.0"?> oval:gov.nist.usgcb.rhel:obj:256 - a var_check has been supplied for the ind-def:var_ref entity so a var_ref should also be provided oval:gov.nist.usgcb.rhel:obj:201061 - a var_check has been supplied for the ind-def:var_ref entity so a var_ref should also be provided oval:gov.nist.usgcb.rhel:obj:200841 - a var_check has been supplied for the ind-def:var_ref entity so a var_ref should also be provided oval:gov.nist.usgcb.rhel:obj:200831 - a var_check has been supplied for the ind-def:var_ref entity so a var_ref should also be provided oval:gov.nist.usgcb.rhel:obj:200800 - a var_check has been supplied for the ind-def:var_ref entity so a var_ref should also be provided Invalid OVAL Results content(5.8) in usgcb-rhel5desktop-oval.xml.result.xml. Have bisected the revision tree and this is the commit that breaks.
$ git bisect good
aebc254a4e6993ef79a549c2f71b5a6a4eb3ed01 is the first bad commit
commit aebc254a4e6993ef79a549c2f71b5a6a4eb3ed01
Author: Martin Preisler <mpreisle>
Date: Mon Nov 3 19:49:06 2014 +0100
Export var_check in OVAL object when var_ref is present
Fixes validation issues with schematron, such as:
oval:mil.disa.fso.redhat.rhel6:obj:3184 - a var_ref has been supplied for the
ind-def:pattern entity so a var_check should also be provided
That is the fix for bz#1159289.
Seems we used to export var_check too rarely and now we export it too often. Will investigate further.
Fixed upstream by https://github.com/OpenSCAP/openscap/commit/0e3c7e6833630d55d00ac3e91cdb2ae067fabcb6 Note to myself, there was another commit by Martin, that needs to be cherry-picked here. Thanks for the acks, sir. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-0392.html |