File: compare_ds.py

package info (click to toggle)
scap-security-guide 0.1.76-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 110,644 kB
  • sloc: xml: 241,883; sh: 73,777; python: 32,527; makefile: 27
file content (85 lines) | stat: -rwxr-xr-x 3,116 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
#!/usr/bin/python3

import argparse
import sys

from ssg.content_diff import StandardContentDiffer, StigContentDiffer
from ssg.xml import XMLContent
import xml.etree.ElementTree as ET


def parse_args():
    parser = argparse.ArgumentParser(
        description="Compares two data streams with regards to presence of"
        "OVAL checks and all remediations")
    parser.add_argument(
        "old", metavar="OLD_DS_PATH",
        help="Path to the old data stream")
    parser.add_argument(
        "new", metavar="NEW_DS_PATH",
        help="Path to the new data stream")
    parser.add_argument(
        "--rule", metavar="RULE_ID",
        help="Compare only the rule specified by given RULE_ID"
    )
    parser.add_argument(
        "--no-diffs", action="store_true",
        help="Do not perform detailed comparison of checks and remediations contents."
    )
    parser.add_argument(
        "--only-rules", action="store_true",
        help="Print only removals from rule set."
    )
    parser.add_argument(
        "--rule-diffs", action="store_true",
        help="Output diffs per rule, instead of a single diff. "
             "The rule diffs are output to directory './compare_ds-diffs/'."
    )
    parser.add_argument(
        "--output-dir", metavar="OUTPUT_DIR",
        type=str, action="store", default="./compare_ds-diffs",
        help="Directory where rule diff files will be saved. Only used with --rule-diffs option. "
             "If the directory doesn't exist, it will be created."
    )
    parser.add_argument(
        "--disa-content", action="store_true",
        help="This option enables comparison between DISA contents by ignoring the release "
             "number in rule IDs."
    )
    return parser.parse_args()


def main():
    args = parse_args()
    old_tree = ET.parse(args.old)
    new_tree = ET.parse(args.new)
    old_root = old_tree.getroot()
    new_root = new_tree.getroot()

    old_xml_content = XMLContent(old_root)
    new_xml_content = XMLContent(new_root)

    if args.disa_content:
        content_differ = StigContentDiffer(old_xml_content, new_xml_content, args.rule,
                                           not args.no_diffs, args.rule_diffs,
                                           args.only_rules, args.output_dir)
    else:
        content_differ = StandardContentDiffer(old_xml_content, new_xml_content, args.rule,
                                               not args.no_diffs, args.rule_diffs,
                                               args.only_rules, args.output_dir)

    for old_benchmark in old_xml_content.get_benchmarks():
        old_benchmark_id = old_benchmark.get_attr("id")
        new_benchmark = new_xml_content.find_benchmark(old_benchmark_id)
        if not new_benchmark:
            print(
                "Warning: Skipping comparison of the following benchmark "
                "because it was not found in the new data stream: {}".format(old_benchmark_id))
            continue

        content_differ.compare_rules(old_benchmark, new_benchmark)
    return 0


if __name__ == "__main__":
    sys.exit(main())