diff --git a/dist/bash_completion.d/oscap b/dist/bash_completion.d/oscap index d2767edb1f..458349b134 100644 --- a/dist/bash_completion.d/oscap +++ b/dist/bash_completion.d/oscap @@ -27,25 +27,25 @@ function _oscap { local -A opts=() opts[oscap]="--version --quiet --help -V -q -h" opts[oscap:oval:validate]="--version --definitions --variables --syschar --results --directives --schematron" - opts[oscap:oval:eval]="--datastream-id --oval-id --id --variables --directives --without-syschar --results --report --skip-valid --fetch-remote-resources --verbose --verbose-log-file" + opts[oscap:oval:eval]="--datastream-id --oval-id --id --variables --directives --without-syschar --results --report --skip-valid --skip-validation --fetch-remote-resources --verbose --verbose-log-file" opts[oscap:oval:analyse]="--variables --directives --verbose --verbose-log-file" opts[oscap:oval:collect]="--variables --verbose --verbose-log-file" opts[oscap:oval:generate:report]="-o --output" opts[oscap:xccdf:eval]="--benchmark-id --check-engine-results --cpe --datastream-id --export-variables --fetch-remote-resources --oval-results --profile --progress --remediate --report --results --results-arf --rule --skip-valid --stig-viewer --tailoring-file --tailoring-id --thin-results --verbose --verbose-log-file --without-syschar --xccdf-id" opts[oscap:xccdf:validate]="--schematron" - opts[oscap:xccdf:export-oval-variables]="--datastream-id --xccdf-id --profile --skip-valid --fetch-remote-resources --cpe" - opts[oscap:xccdf:remediate]="--result-id --skip-valid --fetch-remote-resources --results --results-arf --report --oval-results --export-variables --cpe" + opts[oscap:xccdf:export-oval-variables]="--datastream-id --xccdf-id --profile --skip-valid --skip-validation --fetch-remote-resources --cpe" + opts[oscap:xccdf:remediate]="--result-id --skip-valid --skip-validation --fetch-remote-resources --results --results-arf --report --oval-results --export-variables --cpe" opts[oscap:xccdf:resolve]="-o --output -f --force" opts[oscap:xccdf:generate]="--profile" opts[oscap:xccdf:generate:report]="-o --output -i --result-id --profile --oval-template" opts[oscap:xccdf:generate:guide]="-o --output --hide-profile-info --profile" opts[oscap:xccdf:generate:fix]="-o --output --template --profile --result-id --profile" opts[oscap:xccdf:generate:custom]="-o --output --stylesheet" - opts[oscap:ds:sds-add]="--datastream-id --skip-valid" - opts[oscap:ds:sds-compose]="--skip-valid" - opts[oscap:ds:sds-split]="--datastream-id --xccdf-id --skip-valid --fetch-remote-resources" - opts[oscap:ds:rds-create]="--skip-valid" - opts[oscap:ds:rds-split]="--report-id --skip-valid" + opts[oscap:ds:sds-add]="--datastream-id --skip-valid --skip-validation" + opts[oscap:ds:sds-compose]="--skip-valid --skip-validation" + opts[oscap:ds:sds-split]="--datastream-id --xccdf-id --skip-valid --skip-validation --fetch-remote-resources" + opts[oscap:ds:rds-create]="--skip-valid --skip-validation" + opts[oscap:ds:rds-split]="--report-id --skip-valid --skip-validation" opts[oscap:cvss:score]="" opts[oscap:cvss:describe]="" opts[oscap:info]="--fetch-remote-resources --profile --profiles" diff --git a/docs/manual/manual.adoc b/docs/manual/manual.adoc index 9060779641..0988359e20 100644 --- a/docs/manual/manual.adoc +++ b/docs/manual/manual.adoc @@ -897,7 +897,7 @@ $ oscap oval validate --schematron oval-file.xml The results of validation are printed to standard error stream (stderr). NOTE: Please note that for the rest of `oscap` functionality, unless you specify ---skip-valid, validation will automatically occur before files are used. +--skip-validation (--skip-valid), validation will automatically occur before files are used. Therefore, you do not need to explicitly validate a datastream before use. diff --git a/tests/API/OVAL/unittests/test_skip_valid.sh b/tests/API/OVAL/unittests/test_skip_valid.sh index 6bc44a0d41..b82ee95ca6 100755 --- a/tests/API/OVAL/unittests/test_skip_valid.sh +++ b/tests/API/OVAL/unittests/test_skip_valid.sh @@ -7,7 +7,7 @@ stderr=`mktemp` set -e set -o pipefail -$OSCAP oval eval --results $result --skip-valid $srcdir/test_skip_valid.oval.xml 2> $stderr +$OSCAP oval eval --results $result --skip-validation $srcdir/test_skip_valid.oval.xml 2> $stderr grep -q "Unable to export unknown state" $stderr diff --git a/tests/API/XCCDF/unittests/test_remediate_python_subs.sh b/tests/API/XCCDF/unittests/test_remediate_python_subs.sh index 27444a87c5..f841b4e512 100755 --- a/tests/API/XCCDF/unittests/test_remediate_python_subs.sh +++ b/tests/API/XCCDF/unittests/test_remediate_python_subs.sh @@ -11,7 +11,7 @@ echo "Stderr file = $stderr" echo "Result file = $stderr" rm -f test_file -$OSCAP xccdf remediate --skip-valid --results $result $srcdir/${name}.xccdf.xml 2> $stderr +$OSCAP xccdf remediate --skip-validation --results $result $srcdir/${name}.xccdf.xml 2> $stderr [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr [ -f test_file ]; rm test_file diff --git a/tests/API/XCCDF/unittests/test_remediate_unresolved.sh b/tests/API/XCCDF/unittests/test_remediate_unresolved.sh index c5d69cd469..7cfb80d4c8 100755 --- a/tests/API/XCCDF/unittests/test_remediate_unresolved.sh +++ b/tests/API/XCCDF/unittests/test_remediate_unresolved.sh @@ -12,7 +12,7 @@ echo "Stderr file = $stderr" echo "Result file = $stderr" rm -f test_file -$OSCAP xccdf remediate --skip-valid --results $result $srcdir/${name}.xccdf.xml 2> $stderr || ret=$? +$OSCAP xccdf remediate --skip-validation --results $result $srcdir/${name}.xccdf.xml 2> $stderr || ret=$? [ $ret -eq 2 ] [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr diff --git a/tests/API/XCCDF/unittests/test_xccdf_check_processing_complex_priority.sh b/tests/API/XCCDF/unittests/test_xccdf_check_processing_complex_priority.sh index 0233f5a082..31274a32ab 100755 --- a/tests/API/XCCDF/unittests/test_xccdf_check_processing_complex_priority.sh +++ b/tests/API/XCCDF/unittests/test_xccdf_check_processing_complex_priority.sh @@ -12,7 +12,7 @@ for args in "" "--profile xccdf_moc.elpmaxe.www_profile_1"; do stderr=$(mktemp -t ${name}.out.XXXXXX) # If an contains an , then the benchmark consumer MUST process it # and MUST ignore any elements that are also contained by the . - $OSCAP xccdf eval --skip-valid --results $result $srcdir/${name}.xccdf.xml 2> $stderr + $OSCAP xccdf eval --skip-validation --results $result $srcdir/${name}.xccdf.xml 2> $stderr echo "Stderr file = $stderr" echo "Result file = $result" diff --git a/utils/oscap-chroot b/utils/oscap-chroot index 674baee89f..c1e35aa652 100755 --- a/utils/oscap-chroot +++ b/utils/oscap-chroot @@ -51,6 +51,7 @@ function usage() echo " --results-arf" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --fetch-remote-resources" echo " --progress" echo " --datastream-id" @@ -66,6 +67,7 @@ function usage() echo " --results" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --datastream-id" echo " --oval-id" echo @@ -76,6 +78,7 @@ function usage() echo " --syschar" echo " --variables" echo " --skip-valid" + echo " --skip-validation" echo echo "See \`man oscap\` to learn more about semantics of these options." } diff --git a/utils/oscap-chroot.8 b/utils/oscap-chroot.8 index 978da42be4..d0c75c68e3 100644 --- a/utils/oscap-chroot.8 +++ b/utils/oscap-chroot.8 @@ -21,6 +21,7 @@ supported oscap xccdf eval options are: --results-arf --report --skip-valid + --skip-validation --fetch-remote-resources --progress --datastream-id @@ -37,6 +38,7 @@ supported oscap oval eval options are: --results --report --skip-valid + --skip-validation --datastream-id --oval-id @@ -48,6 +50,7 @@ supported oscap oval collect options are: --syschar --variables --skip-valid + --skip-validation .SH REPORTING BUGS diff --git a/utils/oscap-ds.c b/utils/oscap-ds.c index 7027882b52..82ea9e8332 100644 --- a/utils/oscap-ds.c +++ b/utils/oscap-ds.c @@ -81,6 +81,7 @@ static struct oscap_module DS_SDS_SPLIT_MODULE = { " --datastream-id - ID of the datastream in the collection to use.\n" " --xccdf-id - ID of XCCDF in the datastream that should be evaluated.\n" " --skip-valid - Skips validating of given XCCDF.\n" + " --skip-validation\n" " --fetch-remote-resources - Download remote content referenced by DataStream.\n", .opt_parser = getopt_ds, .func = app_ds_sds_split @@ -92,7 +93,8 @@ static struct oscap_module DS_SDS_COMPOSE_MODULE = { .summary = "Compose SourceDataStream from given XCCDF", .usage = "[options] xccdf-file.xml target_datastream.xml", .help = "Options:\n" - " --skip-valid - Skips validating of given XCCDF.\n", + " --skip-valid - Skips validating of given XCCDF.\n" + " --skip-validation\n", .opt_parser = getopt_ds, .func = app_ds_sds_compose }; @@ -104,7 +106,8 @@ static struct oscap_module DS_SDS_ADD_MODULE = { .usage = "[options] new-component.xml existing_datastream.xml", .help = "Options:\n" " --datastream-id - ID of the datastream in the collection for adding to.\n" - " --skip-valid - Skips validating of given XCCDF.\n", + " --skip-valid - Skips validating of given XCCDF.\n" + " --skip-validation\n", .opt_parser = getopt_ds, .func = app_ds_sds_add }; @@ -126,7 +129,8 @@ static struct oscap_module DS_RDS_SPLIT_MODULE = { .usage = "[OPTIONS] rds.xml TARGET_DIRECTORY", .help = "Options:\n" " --report-id - ID of report inside ARF that should be split.\n" - " --skip-valid - Skips validating of given XCCDF.\n", + " --skip-valid - Skips validating of given XCCDF.\n" + " --skip-validation\n", .opt_parser = getopt_ds, .func = app_ds_rds_split }; @@ -137,7 +141,8 @@ static struct oscap_module DS_RDS_CREATE_MODULE = { .summary = "Create a ResultDataStream from given SourceDataStream, XCCDF results and one or more OVAL results", .usage = "[options] sds.xml target-arf.xml results-xccdf.xml [results-oval1.xml [results-oval2.xml]]", .help = "Options:\n" - " --skip-valid - Skips validating of given XCCDF.\n", + " --skip-valid - Skips validating of given XCCDF.\n" + " --skip-validation\n", .opt_parser = getopt_ds, .func = app_ds_rds_create }; @@ -176,6 +181,7 @@ bool getopt_ds(int argc, char **argv, struct oscap_action *action) { const struct option long_options[] = { // options {"skip-valid", no_argument, &action->validate, 0}, + {"skip-validation", no_argument, &action->validate, 0}, {"datastream-id", required_argument, NULL, DS_OPT_DATASTREAM_ID}, {"xccdf-id", required_argument, NULL, DS_OPT_XCCDF_ID}, {"report-id", required_argument, NULL, DS_OPT_REPORT_ID}, diff --git a/utils/oscap-oval.c b/utils/oscap-oval.c index fbb2d50949..1e73f6ef13 100644 --- a/utils/oscap-oval.c +++ b/utils/oscap-oval.c @@ -109,6 +109,7 @@ static struct oscap_module OVAL_EVAL = { " --results - Write OVAL Results into file.\n" " --report - Create human readable (HTML) report from OVAL Results.\n" " --skip-valid - Skip validation.\n" + " --skip-validation\n" " --datastream-id - ID of the datastream in the collection to use.\n" " (only applicable for source datastreams)\n" " --oval-id - ID of the OVAL component ref in the datastream to use.\n" @@ -129,7 +130,8 @@ static struct oscap_module OVAL_COLLECT = { " --id - Collect system characteristics ONLY for specified OVAL Object.\n" " --syschar - Write OVAL System Characteristic into file.\n" " --variables - Provide external variables expected by OVAL Definitions.\n" - " --skip-valid - Skip validation.\n", + " --skip-valid - Skip validation.\n" + " --skip-validation\n", .opt_parser = getopt_oval_collect, .func = app_collect_oval }; @@ -144,7 +146,8 @@ static struct oscap_module OVAL_ANALYSE = { "Options:\n" " --variables - Provide external variables expected by OVAL Definitions.\n" " --directives - Use OVAL Directives content to specify desired results content.\n" - " --skip-valid - Skip validation.\n", + " --skip-valid - Skip validation.\n" + " --skip-validation\n", .opt_parser = getopt_oval_analyse, .func = app_analyse_oval }; @@ -515,6 +518,7 @@ bool getopt_oval_eval(int argc, char **argv, struct oscap_action *action) { "datastream-id",required_argument, NULL, OVAL_OPT_DATASTREAM_ID}, { "oval-id", required_argument, NULL, OVAL_OPT_OVAL_ID}, { "skip-valid", no_argument, &action->validate, 0 }, + { "skip-validation", no_argument, &action->validate, 0 }, { "fetch-remote-resources", no_argument, &action->remote_resources, 1}, { 0, 0, 0, 0 } }; @@ -554,6 +558,7 @@ bool getopt_oval_collect(int argc, char **argv, struct oscap_action *action) { "variables", required_argument, NULL, OVAL_OPT_VARIABLES }, { "syschar", required_argument, NULL, OVAL_OPT_SYSCHAR }, { "skip-valid", no_argument, &action->validate, 0 }, + { "skip-validation", no_argument, &action->validate, 0 }, { 0, 0, 0, 0 } }; @@ -587,6 +592,7 @@ bool getopt_oval_analyse(int argc, char **argv, struct oscap_action *action) { "variables", required_argument, NULL, OVAL_OPT_VARIABLES }, { "directives", required_argument, NULL, OVAL_OPT_DIRECTIVES }, { "skip-valid", no_argument, &action->validate, 0 }, + { "skip-validation", no_argument, &action->validate, 0 }, { 0, 0, 0, 0 } }; diff --git a/utils/oscap-ssh b/utils/oscap-ssh index 1f5885dbab..854b39a688 100755 --- a/utils/oscap-ssh +++ b/utils/oscap-ssh @@ -52,6 +52,7 @@ function usage() echo " --results-arf" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --fetch-remote-resources" echo " --progress" echo " --datastream-id" @@ -68,6 +69,7 @@ function usage() echo " --results" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --datastream-id" echo " --oval-id" echo @@ -78,6 +80,7 @@ function usage() echo " --syschar" echo " --variables" echo " --skip-valid" + echo " --skip-validation" echo echo "specific option for oscap-ssh (must be first argument):" echo " --sudo" diff --git a/utils/oscap-ssh.8 b/utils/oscap-ssh.8 index 2af306bdba..138584348c 100644 --- a/utils/oscap-ssh.8 +++ b/utils/oscap-ssh.8 @@ -27,6 +27,7 @@ Supported options are: --results-arf --report --skip-valid + --skip-validation --fetch-remote-resources --progress --datastream-id @@ -44,6 +45,7 @@ Supported options are: --results --report --skip-valid + --skip-validation --datastream-id --oval-id @@ -55,6 +57,7 @@ Supported options are: --syschar --variables --skip-valid + --skip-validation Specific option for oscap-ssh (must be first argument): --sudo diff --git a/utils/oscap-vm b/utils/oscap-vm index 42b49ffe23..1a9d6b3bf6 100755 --- a/utils/oscap-vm +++ b/utils/oscap-vm @@ -49,6 +49,7 @@ function usage() echo " --results-arf" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --fetch-remote-resources" echo " --progress" echo " --datastream-id" @@ -65,6 +66,7 @@ function usage() echo " --results" echo " --report" echo " --skip-valid" + echo " --skip-validation" echo " --datastream-id" echo " --oval-id" echo @@ -76,6 +78,7 @@ function usage() echo " --syschar" echo " --variables" echo " --skip-valid" + echo " --skip-validation" echo echo "See \`man oscap\` to learn more about semantics of these options." } diff --git a/utils/oscap-vm.8 b/utils/oscap-vm.8 index 30b2eb5759..a0a7b57957 100644 --- a/utils/oscap-vm.8 +++ b/utils/oscap-vm.8 @@ -63,6 +63,7 @@ Supported oscap xccdf eval options are: \-\-without-syschar \-\-report \-\-skip-valid + \-\-skip-validation \-\-fetch-remote-resources \-\-progress \-\-datastream-id @@ -92,6 +93,7 @@ Supported oscap oval eval options are: \-\-results \-\-report \-\-skip-valid + \-\-skip-validation \-\-datastream-id \-\-oval-id @@ -113,6 +115,7 @@ Supported oscap oval collect options are: \-\-syschar \-\-variables \-\-skip-valid + \-\-skip-validation .SH EXAMPLES diff --git a/utils/oscap-xccdf.c b/utils/oscap-xccdf.c index 0a9ae52702..1de29ebd68 100644 --- a/utils/oscap-xccdf.c +++ b/utils/oscap-xccdf.c @@ -127,6 +127,7 @@ static struct oscap_module XCCDF_EXPORT_OVAL_VARIABLES = { .help = "Options:\n" " --profile - The name of Profile to be evaluated.\n" " --skip-valid - Skip validation.\n" + " --skip-validation\n" " --fetch-remote-resources - Download remote content referenced by XCCDF.\n" " --datastream-id - ID of the datastream in the collection to use.\n" " (only applicable for source datastreams)\n" @@ -165,6 +166,7 @@ static struct oscap_module XCCDF_EVAL = { " --without-syschar - Don't provide system characteristic in OVAL/ARF result files.\n" " --report - Write HTML report into file.\n" " --skip-valid - Skip validation.\n" + " --skip-validation\n" " --fetch-remote-resources - Download remote content referenced by XCCDF.\n" " --progress - Switch to sparse output suitable for progress reporting.\n" " Format is \"$rule_id:$result\\n\".\n" @@ -190,6 +192,7 @@ static struct oscap_module XCCDF_REMEDIATE = { "Options:\n" " --result-id - TestResult ID to be processed. Default is the most recent one.\n" " --skip-valid - Skip validation.\n" + " --skip-validation\n" " --cpe - Use given CPE dictionary or language (autodetected)\n" " for applicability checks.\n" " --fetch-remote-resources - Download remote content referenced by XCCDF.\n" @@ -1141,6 +1144,7 @@ bool getopt_xccdf(int argc, char **argv, struct oscap_action *action) {"oval-results", no_argument, &action->oval_results, 1}, {"check-engine-results", no_argument, &action->check_engine_results, 1}, {"skip-valid", no_argument, &action->validate, 0}, + {"skip-validation", no_argument, &action->validate, 0}, {"fetch-remote-resources", no_argument, &action->remote_resources, 1}, {"progress", no_argument, &action->progress, 1}, {"remediate", no_argument, &action->remediate, 1}, diff --git a/utils/oscap.8 b/utils/oscap.8 index 0dbf0fca4b..ff933b6071 100644 --- a/utils/oscap.8 +++ b/utils/oscap.8 @@ -89,7 +89,7 @@ Perform evaluation of XCCDF document file given as INPUT_FILE. Print result of e oscap returns 0 if all rules pass. If there is an error during evaluation, the return code is 1. If there is at least one rule with either fail or unknown result, oscap-scan finishes with return code 2. .PP .PP -Unless --skip-valid is used, the INPUT_FILE is validated using XSD schemas (depending on document type of INPUT_FILE) and rejected if invalid. +Unless --skip-validation (--skip-valid) is used, the INPUT_FILE is validated using XSD schemas (depending on document type of INPUT_FILE) and rejected if invalid. .PP You may specify OVAL Definition files as the last parameter, XCCDF evaluation will then proceed only with those specified files. Otherwise, when \fIoval-definitions-files\fR parameter is missing, oscap tool will try to load all OVAL Definition files referenced from XCCDF automatically (search in the same path as XCCDF). .PP @@ -180,6 +180,7 @@ Selects a component ref from any datastream that references a component with XCC .RE .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR .RS Do not validate input/output files. .RE @@ -205,6 +206,7 @@ ID of the XCCDF TestResult element which shall be remedied. If this option is mi .RE .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR .RS Do not validate input/output files. .RE @@ -292,6 +294,7 @@ Allow download of remote OVAL content referenced from XCCDF by check-content-ref .RE .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR .RS Do not validate input/output files. .RE @@ -413,7 +416,7 @@ Probe the system and evaluate all definitions from OVAL Definition file. Print r .PP INPUT_FILE can be either OVAL Definition File or SCAP Source Datastream, it depends on used options. .PP -Unless --skip-valid is used, the INPUT_FILE is validated using XSD schemas (depending on document type of INPUT_FILE) and rejected if invalid. +Unless --skip-validation (--skip-valid) is used, the INPUT_FILE is validated using XSD schemas (depending on document type of INPUT_FILE) and rejected if invalid. .TP \fB\-\-id DEFINITION-ID\fR Evaluate ONLY specified OVAL Definition from OVAL Definition File. @@ -440,6 +443,7 @@ Uses a datastream with that particular ID from the given datastream collection. Takes component ref with given ID from checks. This allows to select a particular OVAL component even in cases where there are 2 OVALs in one datastream. .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR Do not validate input/output files. .TP \fB\-\-fetch-remote-resources\fR @@ -462,6 +466,7 @@ Provide external variables expected by OVAL Definitions. Write OVAL System Characteristic into file. .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR Do not validate input/output files. .TP .RE @@ -478,6 +483,7 @@ Provide external variables expected by OVAL Definitions. Use OVAL Directives content to specify desired results content. .TP \fB\-\-skip-valid\fR +\fB\-\-skip-validation\fR Do not validate input/output files. .RE @@ -576,6 +582,7 @@ AR:[ND|L|M|H] E Availability requirement: Not Defined, Low, Medium, Hi Creates a source datastream from the XCCDF file given in SOURCE_XCCDF and stores the result in TARGET_SDS. Dependencies like OVAL files are automatically detected and bundled in target source datastream. .TP \fB\-\-skip-valid +\fB\-\-skip-validation Do not validate input/output files. .RE .TP @@ -587,6 +594,7 @@ Adds given NEW_COMPONENT file to the existing source datastream (EXISTING_SDS). Uses a datastream with that particular ID from the given datastream collection. If not given the first datastream is used. .TP \fB\-\-skip-valid +\fB\-\-skip-validation Do not validate input/output files. .RE .TP @@ -601,6 +609,7 @@ Uses a datastream with that particular ID from the given datastream collection. Takes component ref with given ID from checklists. This allows to select a particular XCCDF component even in cases where there are 2 XCCDFs in one datastream. .TP \fB\-\-skip-valid +\fB\-\-skip-validation Do not validate input/output files. .TP \fB\-\-fetch-remote-resources\fR @@ -617,6 +626,7 @@ Validate given source datastream file against a XML schema. Every found error is Takes given source datastream, XCCDF and OVAL results and creates a result datastream (in Asset Reporting Format) and saves it to file given in TARGET_ARF. .TP \fB\-\-skip-valid +\fB\-\-skip-validation Do not validate input/output files. .RE .TP @@ -625,6 +635,7 @@ Do not validate input/output files. Takes given result datastream (also called ARF = asset reporting format) and splits given report and its respective report-request to given target directory. If no report-id is given, we assume user wants the first applicable report in top-down order in the file. .TP \fB\-\-skip-valid +\fB\-\-skip-validation Do not validate input/output files. .RE .TP