[Open-scap] OpenSCAP 0.8.5 Issue - xccdf_benchmark_get_item return value

Simon Lukasik slukasik at redhat.com
Fri Sep 14 09:15:07 UTC 2012 

On 09/13/2012 09:39 PM, Francisco Slavin wrote:
> Hello,
> 
> We have recently begun testing SecState with the latest OpenSCAP build (0.8.5) to pull in bug fixes.  We have found an issue which seems to break our XCCDF profile selection & manipulation handling.  I have included an example script which demonstrates the issue.
> 
> The error our team is seeing regarding profile selection appears to be caused by the xccdf_benchmark_get_item function.  We are seeing the xccdf_benchmark_get_item function return "NULL" both when the specified item exists and when the item does not exist.
> 
> According to the API Docs: http://open-scap.et.redhat.com/doc/group__XCCDF.html#ga92afdc66eed4d0c691327da277e9766b
> It looks like the xccdf_benchmark_get_item function is supposed to return an item if the specified item exists, or 'NULL' if it fails to find an item.  In 0.8.0, this was the behavior we saw; we based our profile manipulation & error handling around this behavior accordingly.  It appears that in 0.8.5 this function no longer behaves as documented.
> 
> I hope you guys can point me in the right direction for a resolution on this.  Has the function call been updated, and is our usage now out of date?  Or is this a bug?

It is feature now.

We are sorry for the trouble, but this change had to be made to amend
imperfect design. For more information about the problem you also
consult referenced trac ticket.


    commit b53d88418b9cb85cbf2c8c5ca503940179916eda
    Author: Simon Lukasik <slukasik at redhat.com>
    Date: Mon Aug 20 11:07:14 2012 +0200

    trac#162: disjoin internal hashtable of xccdf_benchmark

    With scap 1.1, certain members of benchmark are not guaranteed
    to have different ID (e.g. a profile and a group with the very
    same ID might co-exists in a valid content). Alas, they cannot
    be stored within a single dictionary.

    This brings change of semantics (!) in public API. Function
    xccdf_benchmark_get_item now returns only xccdf:Items.
    The xccdf:Profiles and xccdf:TestResult are no longer returned.

    In an unlikely case that your dependent code uses
xccdf_benchmark_get_item
    and expects Profiles and TestResults to be returned,
    please amend it to use new xccdf_benchmark_get_member instead.

    Addressing:
    Assertion `xccdf_benchmark_get_item(bench, xccdf_item_get_id(item))
== item' failed. Aborted

    Signed-off-by: Martin Preisler <mpreisle at redhat.com>

Best regards,

-- 
Simon Lukasik

More information about the Open-scap-list mailing list