Project

General

Profile

Actions
Copy link

Bug #34554

closed

Uploading external DISA SCAP content to satellite 6.10 fails with exception "Invalid SCAP file type"

Added by Marek Hulán about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
High
Assignee:
Marek Hulán
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
2053478
Pull request:
https://github.com/theforeman/smart_proxy_openscap/pull/87
Fixed in Releases:
smart_proxy_openscap 0.9.2
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2053478

Description of problem:

Uploading external DISA SCAP content to satellite 6.10 fails with the exception "Invalid SCAP content type"

Sources from where the content was derived:-

https://public.cyber.mil/stigs/scap/
https://cyber.mil/stigs/scap/

Version-Release number of selected component (if applicable):

6.10.2

How reproducible:

100%

Steps to Reproduce:
1. Satellite GUI > Hosts > Scap Contents
2. Provide a name, set Organization and location
3. Choose to upload the file U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark.xml

Actual results:

Failed with Error:- Failed to save: Scap file Invalid SCAP file type

Logs:- =========

> /var/log/foreman/production.log <
2022-02-11T06:27:03 [I|app|14a97a45] Started POST "/compliance/scap_contents" for 10.74.8.47 at 2022-02-11 06:27:03 -0500
2022-02-11T06:27:03 [I|app|14a97a45] Processing by ScapContentsController#create as HTML
2022-02-11T06:27:03 [I|app|14a97a45] Parameters: {"utf8"=>"✓", "authenticity_token"=>"vNsQp6nW07PjcUdVargJdZj9+GCfEqXO6+yv8Dpphal377z9rmNUsZY3ro13r8lzrLdzIb/KUzjxe63MCryY3A==", "scap_content"=>{"title"=>"U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark.xml", "scap_file"=>"[FILTERED]", "location_ids"=>["", "2"], "organization_ids"=>["", "1"]}, "commit"=>"Submit"}
2022-02-11T06:27:03 [D|tax|14a97a45] Current location set to GSS
2022-02-11T06:27:03 [D|tax|14a97a45] Current organization set to RedHat
2022-02-11T06:27:04 [E|app|14a97a45] Failed to save: Scap file Invalid SCAP file type
2022-02-11T06:27:04 [I|app|14a97a45] Rendering /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-4.3.3/app/views/scap_contents/new.html.erb within layouts/application
2022-02-11T06:27:04 [I|app|14a97a45] Rendered taxonomies/_loc_org_tabs.html.erb (Duration: 12.3ms | Allocations: 4123)
2022-02-11T06:27:04 [I|app|14a97a45] Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-4.3.3/app/views/scap_contents/_form.html.erb (Duration: 21.1ms | Allocations: 10509)
2022-02-11T06:27:04 [I|app|14a97a45] Rendered /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-4.3.3/app/views/scap_contents/new.html.erb within layouts/application (Duration: 23.1ms | Allocations: 11678)
2022-02-11T06:27:04 [I|app|14a97a45] Rendered layouts/_application_content.html.erb (Duration: 1.9ms | Allocations: 1324)
2022-02-11T06:27:04 [D|app|14a97a45] [[1;32mDeface:[[0m 3 overrides found for 'layouts/base'
2022-02-11T06:27:04 [D|app|14a97a45] [[1;32mDeface:[[0m 'theme_react_root' matched 1 times with 'body'
2022-02-11T06:27:04 [I|app|14a97a45] [[1;32mDeface: [WARNING][[0m No :original defined for 'theme_react_root', you should change its definition to include:
14a97a45 | :original => 'faac6c90abe8438bc58ea181c88ba0ed95ef7ff8'

Expected results:

External SCAP Content derived from an external source should be compatible with the satellite 6.10 version.

Additional info:

=> Tried to upload the same content in satellite 6.9 as well as in the older version of satellite, it uploaded successfully.

Tried to verify the content in satellite CLI, it is working as expected:-
~~~~~~~~~~~~~~~~~~~
tmp]# oscap ds sds-validate U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark.xml
~~~~~~~~~~~~~~~~~~~
tmp]# oscap info U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark.xml
Document type: Source Data Stream
Imported: 2022-02-09T15:14:01

Stream: scap_mil.disa.stig_datastream_U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark
Generated: 2022-01-01T20:00:07
Version: 1.2
Checklists:
Ref-Id: scap_mil.disa.stig_cref_U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark-xccdf.xml
Status: accepted
Generated: 2021-12-02
Resolved: false
Profiles:

~~~~~~~~~~~~~~~~~~~
tmp]# oscap xccdf eval --datastream-id scap_mil.disa.stig_datastream_U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark U_RHEL_7_V3R6_STIG_SCAP_1-2_Benchmark.xml
Title The Red Hat Enterprise Linux operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.
Rule xccdf_mil.disa.stig_rule_SV-204393r603261_rule
Ident CCE-26970-4
Ident V-71859
Ident SV-86483
Ident CCI-000048
Result pass
~~~~~~~~~~~~~~~~~~~

Actions
Copy link
 #1

Updated by The Foreman Bot about 2 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán
  • Pull request https://github.com/theforeman/smart_proxy_openscap/pull/87 added
Actions
Copy link
 #2

Updated by The Foreman Bot about 2 years ago

  • Fixed in Releases smart_proxy_openscap 0.9.2 added
Actions
Copy link
 #3

Updated by Marek Hulán about 2 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF