Bug 825841 - XCCDF results should always comprise <score> element
XCCDF results should always comprise <score> element
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openscap (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Peter Vrabec
BaseOS QE Security Team
Depends On:
Blocks: 825843
  Show dependency treegraph
Reported: 2012-05-28 13:07 EDT by Šimon Lukašík
Modified: 2012-12-11 06:18 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 825843 (view as bug list)
Last Closed: 2012-12-11 06:18:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Šimon Lukašík 2012-05-28 13:07:56 EDT
Description of problem:
Consider XCCDF document without 'Profile' element.

When evaluating such document openscap does not generate <xccdf:score>
element. Acording to standard, the result is not valid XCCDF.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Get content at http://isimluk.fedorapeople.org/sw_openscap/content/
2. # oscap xccdf eval --results /tmp/invalid-output.xml first_xccdf.xml
Actual results:
1 1871 In file '/tmp/invalid-output.xml' on line 40: Element '{http://checklists.nist.gov/xccdf/1.1}TestResult': Missing child element(s). Expected is one of ( {http://checklists.nist.gov/xccdf/1.1}rule-result, {http://checklists.nist.gov/xccdf/1.1}score ).
XCCDF Results are NOT exported correctly.

Expected results:
The tool generates valid xccdf.

Additional info:
According to Martin, this has been fixed upstream.
Comment 1 Šimon Lukašík 2012-05-28 13:10:08 EDT
This, together with bug 825839 might cause some headache to Spacewalk users.
Comment 2 RHEL Product and Program Management 2012-07-10 04:09:42 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 RHEL Product and Program Management 2012-07-10 21:45:16 EDT
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 5 Peter Vrabec 2012-12-11 06:18:17 EST
$ ./oscap-local.sh .libs/oscap xccdf eval --results /tmp/invalid-output.xml ~/first_xccdf.xml
Title   Verify All Account Password Hashes are Shadowed
Rule    no_hashes_outside_shadow
Ident   CCE-14300-8
Result  pass

$ ./oscap-local.sh .libs/oscap xccdf  validate /tmp/invalid-output.xml

It works for me with openscap 0.9.2.

Note You need to log in before you can comment on or make changes to this bug.