Bug 1257592

Summary: Don't exit with traceback if provided XCCDF / DS benchmark contains dangling selector
Product: Red Hat Enterprise Linux 7 Reporter: Jan Lieskovsky <jlieskov>
Component: oscap-anaconda-addonAssignee: Vratislav Podzimek <vpodzime>
Status: CLOSED WONTFIX QA Contact: Release Test Team <release-test-team-automation>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: jikortus, slukasik
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-02-05 14:26:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2015-08-27 12:16:25 UTC 
Description of problem:

Oscap Anaconda Add-on currently exits with traceback in the scenario when some profile in the provided XCCDF / DataStream benchmark references a non-existing XCCDF rule (dangling selector).

While it's true, the issue should be caught sooner (the scanner should identify such a situation, and refuse to proceed further. The content shouldn't reference un-implemented rules), there's a use case with the tailoring benchmark example yet (though SCAP content being valid in default settings, after tailoring it's possible to create a profile containing un-implemented rules).

Therefore OAA should more gracefully handle this situation. Upstream openscap bug is here:
  [1] https://fedorahosted.org/openscap/ticket/474

Once the openscap scanner is able properly to handle this situation, OAA should display relevant openscap message in some OAA dialog (rather than fail with traceback).

How reproducible:
Always

Steps to Reproduce:
1. Provide XCCDF / DS benchmark to OAA having profile containing referenced, but un-implemented XCCDF rule
2. Start the Anaconda install (load the SCAP content etc.)

Actual results:
Anaconda traceback.

Expected results:
Anaconda displays an error dialog reporting there's missing rule definition in the benchmark (the error message provided by oscap is propagated to Anaconda UI), and ask the user to provide different SCAP content.
Comment 1 Jiri Kortus 2016-02-05 14:22:28 UTC 
I'm not able to reproduce this bug on RHEL-7.2, it seems that it has been fixed, probably with fix for bug #1247654 which is very similar to this one and presumably resulted in the same traceback.

When an invalid security content is used (even the content in the upstream bug referenced in bug description), no traceback occurs and an error message is displayed.
Comment 2 RHEL Program Management 2016-02-05 14:26:05 UTC 
Quality Engineering Management has reviewed and declined this request.
You may appeal this decision by reopening this request.