Merge pull request #1891 from jan-cerny/rhbz2138884

Don't emit items if XPath doesn't match

Author: evgenyz

src/OVAL/probes/independent/xmlfilecontent_probe.c

@@ -297,9 +297,8 @@ static int process_file(const char *prefix, const char *path, const char *filena
 		node_cnt = nodes->nodeNr;
 		dD("node_cnt: %d.", node_cnt);
 		if (node_cnt <= 0) {
-			probe_item_setstatus(item, SYSCHAR_STATUS_DOES_NOT_EXIST);
-			probe_item_ent_add(item, "value_of", NULL, NULL);
-			probe_itement_setstatus(item, "value_of", 1, SYSCHAR_STATUS_DOES_NOT_EXIST);
+			ret = -5;
+			goto cleanup;
 		} else {
 			node_tab = nodes->nodeTab;
 			for (i = 0; i < node_cnt; ++i) {

tests/probes/xmlfilecontent/test_xmlfilecontent_probe.sh

@@ -6,9 +6,15 @@ set -e -o pipefail
 cp $srcdir/example.xml /tmp/
 result=$(mktemp)
 $OSCAP oval eval --results $result $srcdir/test_xmlfilecontent_probe.xml
+# Even if OSCAP_FULL_VALIDATION is set, an invalid OVAL result doesn't cause
+# the "oscap oval eval" to return a non-zero value, so let's run validation
+# as a separate command
+$OSCAP oval validate "$result"
 assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:1" and @result="true"]'
 assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:2" and @result="true"]'
 assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:3" and @result="true"]'
 assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:4" and @result="true"]'
 assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:5" and @result="true"]'
+assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:6" and @result="true"]'
+assert_exists 1 '/oval_results/results/system/definitions/definition[@definition_id="oval:x:def:7" and @result="true"]'
 rm -f $result

tests/probes/xmlfilecontent/test_xmlfilecontent_probe.xml

@@ -66,6 +66,30 @@
         <criterion test_ref="oval:x:tst:5" comment="test"/>
       </criteria>
     </definition>
+    <definition class="compliance" version="1" id="oval:x:def:6">
+      <metadata>
+        <title>A simple test OVAL for xmlfilecontent test - check nonexisting attribute</title>
+        <description>x</description>
+        <affected family="unix">
+          <platform>x</platform>
+        </affected>
+      </metadata>
+      <criteria>
+        <criterion test_ref="oval:x:tst:6" comment="test"/>
+      </criteria>
+    </definition>
+    <definition class="compliance" version="1" id="oval:x:def:7">
+      <metadata>
+        <title>A simple test OVAL for xmlfilecontent test - check nonexisting element</title>
+        <description>x</description>
+        <affected family="unix">
+          <platform>x</platform>
+        </affected>
+      </metadata>
+      <criteria>
+        <criterion test_ref="oval:x:tst:7" comment="test"/>
+      </criteria>
+    </definition>
   </definitions>
 
   <tests>
@@ -89,6 +113,12 @@
       <ind:object object_ref="oval:x:obj:5"/>
       <ind:state state_ref="oval:x:ste:5"/>
     </ind:xmlfilecontent_test>
+    <ind:xmlfilecontent_test id="oval:x:tst:6" version="1" comment="test an xpath expression" check="all" check_existence="none_exist">
+      <ind:object object_ref="oval:x:obj:6"/>
+    </ind:xmlfilecontent_test>
+    <ind:xmlfilecontent_test id="oval:x:tst:7" version="1" comment="test an xpath expression" check="all" check_existence="none_exist">
+      <ind:object object_ref="oval:x:obj:7"/>
+    </ind:xmlfilecontent_test>
   </tests>
 
   <objects>
@@ -112,6 +142,14 @@
         <ind:filepath>/tmp/example.xml</ind:filepath>
         <ind:xpath>//*[@regid="mycoyote.com"]/@name</ind:xpath>
     </ind:xmlfilecontent_object>
+    <ind:xmlfilecontent_object id="oval:x:obj:6" version="1" comment="xpath query">
+        <ind:filepath>/tmp/example.xml</ind:filepath>
+        <ind:xpath>/SoftwareIdentity/@thisattributedoesnotexist</ind:xpath>
+    </ind:xmlfilecontent_object>
+    <ind:xmlfilecontent_object id="oval:x:obj:7" version="1" comment="xpath query">
+        <ind:filepath>/tmp/example.xml</ind:filepath>
+        <ind:xpath>/SoftwareIdentity/thiselementdoesnotexist</ind:xpath>
+    </ind:xmlfilecontent_object>
   </objects>
 
   <states>