From e9abaac812aca3e932c68d314a0549ddf782ed66 Mon Sep 17 00:00:00 2001 From: Dan Brodjieski Date: Tue, 19 May 2026 11:58:59 -0400 Subject: [PATCH 1/2] fix: ignore supplementals in scap --- ...ttings_background_security_improvement_removal_disable.yaml | 3 +++ .../system_settings_softwareupdate_current.yaml | 1 + src/mscp/generate/guidance.py | 2 +- src/mscp/generate/scap.py | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml b/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml index 44dde4e0..ca3e91d7 100644 --- a/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml +++ b/src/mscp/data/rules/system_settings/system_settings_background_security_improvement_removal_disable.yaml @@ -4,6 +4,9 @@ discussion: | The ability for the user to roll back Background Security Improvements _MUST_ be disabled. references: nist: + cce: + macos_26: + - 'CCE-123456-7' 800-53r5: - SI-2 - SI-2(5) diff --git a/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml b/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml index b22f4f82..fee681c6 100644 --- a/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml +++ b/src/mscp/data/rules/system_settings/system_settings_softwareupdate_current.yaml @@ -113,6 +113,7 @@ platforms: odv: hint: description: Maximum Days of Deferral (e.g. 30d) + datatype: string recommended: 30d cis_lvl1: 30d cis_lvl2: 30d diff --git a/src/mscp/generate/guidance.py b/src/mscp/generate/guidance.py index cd7c2496..79c5e296 100644 --- a/src/mscp/generate/guidance.py +++ b/src/mscp/generate/guidance.py @@ -139,7 +139,7 @@ def generate_guidance(sp: Yaspin, args: argparse.Namespace) -> None: else: logo_path = Path( config["images_dir"], - f"mscp_banner_{baseline.platform['os']}_{'dark' if args.dark else 'light'}.png", + f"mscp_banner_{baseline.platform['os'].lower()}_{'dark' if args.dark else 'light'}.png", ).absolute() if not logo_path.exists(): diff --git a/src/mscp/generate/scap.py b/src/mscp/generate/scap.py index c9cfebfd..db6c5d36 100644 --- a/src/mscp/generate/scap.py +++ b/src/mscp/generate/scap.py @@ -213,6 +213,8 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None: xccdfProfiles = xccdfProfiles + "" for rule in all_rules: + if "supplemental" in rule.tags: + continue if args.baseline != "all_rules": if ( not rule_has_benchmark_for_version( @@ -502,6 +504,7 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None: if rule.result_value == 0: check_existence = "none_exist" + xccdfrules = ( xccdfrules + """{3}{4} From 0a5e5dd67b6296af6a34acb977d7f7e30c827a71 Mon Sep 17 00:00:00 2001 From: Dan Brodjieski Date: Tue, 19 May 2026 16:11:42 -0400 Subject: [PATCH 2/2] fix: scap generator for container --- src/mscp/generate/scap.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/mscp/generate/scap.py b/src/mscp/generate/scap.py index db6c5d36..1f9b50e1 100644 --- a/src/mscp/generate/scap.py +++ b/src/mscp/generate/scap.py @@ -19,7 +19,7 @@ from xml.dom import minidom # Additional python modules -from ..common_utils import conditional_inject_spinner +from ..common_utils import conditional_inject_spinner, create_file from yaspin.core import Yaspin from yaspin.spinners import Spinners @@ -736,9 +736,8 @@ def generate_scap(sp: Yaspin, args: argparse.Namespace) -> None: sp.text = "Writing output files" time.sleep(1) - with open(output_file, "w") as rite: - rite.write(totaloutput) - rite.close() + + create_file(output_file, totaloutput) sp.text = f"Generated new SCAP file: {output_file}" sp.ok("✔")