Merge pull request #687 from brodjieski/dev_2.0

Fix handling of supplementals in SCAP processing
2026-06-12 12:00:26 +01:00 · 2026-05-19 16:23:17 -04:00
parent 5962e47836 0a5e5dd67b
commit 54ba0d7bbc
4 changed files with 11 additions and 5 deletions
--- a/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml
+++ b/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml
@@ -4,6 +4,9 @@ discussion: |
  The ability for the user to roll back Background Security Improvements _MUST_ be disabled.
 references:
  nist:
+    cce:
+      macos_26:
+        - 'CCE-123456-7'
    800-53r5:
      - SI-2
      - SI-2(5)
--- a/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml
+++ b/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml
@@ -113,6 +113,7 @@ platforms:
 odv:
  hint:
    description: Maximum Days of Deferral (e.g. 30d)
+    datatype: string
  recommended: 30d
  cis_lvl1: 30d
  cis_lvl2: 30d
--- a/src/mscp/generate/guidance.py
+++ b/src/mscp/generate/guidance.py
@@ -139,7 +139,7 @@ def generate_guidance(sp: Yaspin, args: argparse.Namespace) -> None:
    else:
        logo_path = Path(
            config["images_dir"],
-            f"mscp_banner_{baseline.platform['os']}_{'dark' if args.dark else 'light'}.png",
+            f"mscp_banner_{baseline.platform['os'].lower()}_{'dark' if args.dark else 'light'}.png",
        ).absolute()

    if not logo_path.exists():
--- a/src/mscp/generate/scap.py
+++ b/src/mscp/generate/scap.py
@@ -19,7 +19,7 @@ from xml.dom import minidom


 # Additional python modules
-from ..common_utils import conditional_inject_spinner
+from ..common_utils import conditional_inject_spinner, create_file
 from yaspin.core import Yaspin
 from yaspin.spinners import Spinners

@@ -213,6 +213,8 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None:
            xccdfProfiles = xccdfProfiles + "</Profile>"

    for rule in all_rules:
+        if "supplemental" in rule.tags:
+            continue
        if args.baseline != "all_rules":
            if (
                not rule_has_benchmark_for_version(
@@ -502,6 +504,7 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None:
                if rule.result_value == 0:
                    check_existence = "none_exist"

+            
            xccdfrules = (
                xccdfrules
                + """<Rule id="xccdf_gov.nist.mscp.content_rule_{0}_{1}" selected="false" role="full" severity="{2}" weight="1.0"><title>{3}</title><description>{4}
@@ -733,9 +736,8 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None:

    sp.text = "Writing output files"
    time.sleep(1)
-    with open(output_file, "w") as rite:
-        rite.write(totaloutput)
-        rite.close()
+    
+    create_file(output_file, totaloutput)

    sp.text = f"Generated new SCAP file: {output_file}"
    sp.ok("✔")