XCCDF-Results to HDF

[zacharylc-mitre]

• Added hyperlinks to README.md
• Added mapping tool for SCC XCCDF-Results to HDF
• Made changes to heimdall_tools.rb and cli.rb to account for xccdf_mapper

Fixes #95

Signed-off-by: zacharylc [email protected]

[Bialogs]

needs a rebase

[Bialogs]

Needs a review by @ejaronne

[ejaronne]

The SCC xml sample doesn't seem to produce the check-content field, as seen in the base (non-results) xccdf of the STIG. Otherwise, mappings look correct. Is it possible to see a generic expected xccdf results xml that isn't generated by any particular client? Otherwise, I fear this has been tailored to SCC's own special XML interpretation, and therefore should be renamed "SCC-xxcdf-mapper"

Actual STIG:

Sample from SCC (lacks Check Text):

[rx294]

@zacharylc-mitre Please resolve merge conflicts on the Readme

[rx294]

@zacharylc-mitre I agree with @ejaronne that the scope should be limited to SCC xccdf type.

Possibly scc_xccdf_mapper is the correct title ... @aaronlippold @Bialogs please add you thoughts.

Besides xccdf_results_mapper breaks your current naming pattern, we don't specify results in our other mappers.

[rx294]

Just the naming change and associated metadata changes..

mapper code LTGM

[rx294]

Update to SCC Compliance Validation tool

[Bialogs]

It was originally named xccdf_mapper which I renamed to xccdf_results because the XCCDF schema and the XCCDF-results schema are different. Can we point to a SCC XCCDF-Results schema? I'm trying to call it what it is. Maybe we just call it an SCC mapper.

[ejaronne]

Eventually, @aaronlippold wanted this to translate any client that generates the xccdf_results format. This has only been tested to convert SCC output. I agree though that leading with xccdf_results_mapper will go over the heads of many non-data-schema folks who just want that "SCAP mapper", but won't see it. How about we revamp:

The upper list should have links to the converters later in the README.

In the upper list, put in an entry called "SCC (SCAP Compliance Checker) results mapper", but link it to the xccdf_results_mapper later in the README. As the xccdf_results_mapper adapts to work with other SCAP validated tools such as OpenSCAP, place a new entry in the upper list, but link it to the same xcddf_results_mapper lower on the list.

[rx294]

Adding some notes for info

looks like test-system field identifies the test tool that generated xccdf

openscap
<TestResult xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_org.open-scap_testresult_xccdf_mil.disa.stig_profile_MAC-1_Public" start-time="2021-06-16T16:01:29-05:00" end-time="2021-06-16T16:01:37-05:00" version="001.001" test-system="cpe:/a:redhat:openscap:1.3.4">

scc
<cdf:TestResult start-time="2021-04-29T14:16:20" end-time="2021-04-29T14:24:10" id="xccdf_mil.disa.stig_testresult_scap_mil.disa.stig_comp_U_RHEL_7_V3R2_STIG_SCAP_1-2_Benchmark-xccdf.xml---xccdf_mil.disa.stig_profile_MAC-1_Classified-1" version="003.002" test-system="cpe:/a:spawar:scc:5.4">

test-system seems to be universal field

https://csrc.nist.rip/library/alt-SP800-126r3.pdf
section: 4.5 XCCDF Results

[rx294]

Taking back my objection re xccdf_results_mapper

[Bialogs]

Okay so it seems the way ahead should just update the README to be clear