oscap

Module Contents

oscap.parse_xml(path)

Parse an XML file, yielding tuples of

(frames, elements)

where each is an ordered list of namespace-free tag names (‘frames’) and the actual ElementTree objects (‘elements’) as it appears during a top-down recursive traversal. The yielded tuples are returned as child-first (as the parser exits the elements) in order to return complete Element objects.

Ie. for a <Tag1> containing <Tag2>, this would yield:

([‘Tag1’, ‘Tag2’], [Element <Tag1> at 0x…>, <Element ‘Tag2’ at 0x…>]) ([‘Tag1’], [Element <Tag1> at 0x…>])

The intention is for the caller to match a specific part of the XML file by comparing the last N members of the frames list, and/or the element list, extracting further details from the last element.

class oscap.Datastream(xml_file)

FixType

profiles

rules

path

has_remediation(rule)

Return True if ‘rule’ has bash remediation, False otherwise.

get_all_profiles_rules()

Return a deduplicated unified set of all rules from all profiles.

oscap.global_ds()

oscap.rule_from_verbose(line)

Get (rulename, status) from an oscap info verbose output line.

Return None if the input line is not a valid oscap verbose result line.

oscap.rules_from_verbose(lines)

Yield (rulename, status) from oscap info verbose output lines.

oscap.report_from_verbose(lines)

Report results from oscap output.

Note that this expects ‘oscap xccdf eval’ to be run:

• with –progress

• with stdout parsed into lines, fed to this function

• with stderr discarded or left on the console

oscap.unselect_rules(orig_ds, new_ds, rules)

Given - a source XML file path as ‘orig_ds’, - a destination XML file path as ‘new_ds’, - an iterable of rules (partial or full rule names), copy the source datastream to the destination one, disabling the specified rules.