Merge pull request #2268 from jan-cerny/RHEL-104651

Show rule details in output

Author: evgenyz

docs/manual/manual.adoc

@@ -294,6 +294,12 @@ TIP: Instead of the complete profile ID you can provide only a suffix of the
 profile ID. For example, instead of `--profile
 xccdf_org.ssgproject.content_profile_ospp` you can use just `--profile ospp`.
 
+Rule description, rule rationale and rule warnings will be displayed in the output if the `--show-rule-details` option is provided.
+
+----
+# oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results-arf results.xml --show-rule-details /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
+----
+
 === Selecting SCAP source data stream components
 
 To evaluate a specific XCCDF benchmark that is part of a specific SCAP source

src/XCCDF/public/xccdf_benchmark.h

@@ -2074,6 +2074,10 @@ OSCAP_API struct oscap_text_iterator *xccdf_rule_get_question(const struct xccdf
  * @memberof xccdf_rule
  */
 OSCAP_API struct xccdf_warning_iterator *xccdf_rule_get_warnings(const struct xccdf_rule *rule);
+/**
+ * @memberof xccdf_rule
+ */
+OSCAP_API struct oscap_stringlist *xccdf_rule_get_warnings_strings(struct xccdf_rule *rule);
 /**
  * @memberof xccdf_rule
  */

src/XCCDF/public/xccdf_session.h

@@ -653,6 +653,14 @@ OSCAP_API int xccdf_session_export_all(struct xccdf_session *session);
  * @param reference_filter a string in a form "key:identifier"
  */
 OSCAP_API void xccdf_session_set_reference_filter(struct xccdf_session *session, const char *reference_filter);
+
+/**
+ * Enable or disable showing rule details such as description or rationale in command line output.
+ * @param session XCCDF session
+ * @param show_rule_details whether to show rule details in command line output
+ */
+OSCAP_API void xccdf_session_set_show_rule_details(struct xccdf_session *session, bool show_rule_details);
+
 /// @}
 /// @}
 #endif

src/XCCDF/rule.c

@@ -1115,6 +1115,23 @@ void xccdf_group_to_dom(struct xccdf_group *group, xmlNode *group_node, xmlDoc *
 
 }
 
+struct oscap_stringlist *xccdf_rule_get_warnings_strings(struct xccdf_rule *rule)
+{
+	struct oscap_stringlist *warnings_list = oscap_stringlist_new();
+	/* Handle generic item child nodes */
+	struct xccdf_warning_iterator *warnings = xccdf_rule_get_warnings(rule);
+	while (xccdf_warning_iterator_has_more(warnings)) {
+		struct xccdf_warning *warning = xccdf_warning_iterator_next(warnings);
+		struct oscap_text *warning_text = xccdf_warning_get_text(warning);
+		const char *warning_cstr = oscap_text_get_text(warning_text);
+		char *warning_plaintext = _xhtml_to_plaintext(warning_cstr);
+		oscap_stringlist_add_string(warnings_list, warning_plaintext);
+		free(warning_plaintext);
+	}
+	xccdf_warning_iterator_free(warnings);
+	return warnings_list;
+}
+
 XCCDF_STATUS_CURRENT(rule)
 XCCDF_STATUS_CURRENT(group)
 XCCDF_GROUP_IGETTER(item, content)

src/XCCDF/xccdf_session.c

@@ -121,6 +121,7 @@ struct xccdf_session {
 	bool full_validation;				///< True value indicates that every possible step will be validated by XSD.
 	bool validate_signature;		///< False value indicates to skip XML signature validation.
 	bool enforce_signature; 		///< True value forces session to treat all XMLs without signature as invalid.
+	bool show_rule_details;		///< True value indicates that rule details will be shown.
 	struct oscap_signature_ctx *signature_ctx; ///< Paths to public keys, certificates, signature related info
 
 	struct oscap_list *check_engine_plugins; ///< Extra non-OVAL check engines that may or may not have been loaded
@@ -160,6 +161,7 @@ struct xccdf_session *xccdf_session_new_from_source(struct oscap_source *source)
 	session->validate = true;
 	session->validate_signature = true;
 	session->enforce_signature = false;
+	session->show_rule_details = false;
 	session->signature_ctx = oscap_signature_ctx_new();
 	session->xccdf.base_score = 0;
 	session->oval.progress = download_progress_empty_calllback;
@@ -797,6 +799,7 @@ static inline int _xccdf_session_load_xccdf_benchmark(struct xccdf_session *sess
 		xccdf_benchmark_free(benchmark);
 		return 1;
 	}
+	xccdf_policy_model_set_show_rule_details(session->xccdf.policy_model, session->show_rule_details);
 	return 0;
 }
 
@@ -2073,3 +2076,8 @@ void xccdf_session_set_reference_filter(struct xccdf_session *session, const cha
 {
 	session->reference_parameter = reference_filter;
 }
+
+void xccdf_session_set_show_rule_details(struct xccdf_session *session, bool show_rule_details)
+{
+	session->show_rule_details = show_rule_details;
+}

src/XCCDF_POLICY/public/xccdf_policy.h

@@ -171,6 +171,20 @@ OSCAP_API bool xccdf_policy_model_set_tailoring(struct xccdf_policy_model *model
  */
 OSCAP_API struct xccdf_tailoring *xccdf_policy_model_get_tailoring(struct xccdf_policy_model *model);
 
+/**
+ * Get whether rule details such as description or rationale should be shown in command line output.
+ * @param policy XCCDF policy
+ * @returns true if rule details should be shown, false otherwise
+ */
+OSCAP_API bool xccdf_policy_get_show_rule_details(struct xccdf_policy *policy);
+
+/**
+ * Set whether rule details such as description or rationale should be shown in command line output.
+ * @param policy_model XCCDF policy model
+ * @param show_rule_details true if rule details should be shown, false otherwise
+ */
+OSCAP_API void xccdf_policy_model_set_show_rule_details(struct xccdf_policy_model *policy_model, bool show_rule_details);
+
 /**
  * Get human readable title of given XCCDF Item. This finds title with best matching language
  * and resolves <xccdf:sub> substitution in accordance with the given XCCDF Policy.
@@ -182,6 +196,18 @@ OSCAP_API struct xccdf_tailoring *xccdf_policy_model_get_tailoring(struct xccdf_
  */
 OSCAP_API char *xccdf_policy_get_readable_item_title(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang);
 
+/**
+ * Get human readable rationale of given XCCDF Item. This function searches for description
+ * with the best matching language and resolves any inner <xccdf:sub> substitution (in accordance
+ * with the given XCCDF Policy.
+ * @memberof xccdf_policy
+ * @param policy XCCDF Policy
+ * @param item XCCDF Item to query rationale from
+ * @param preferred_lang Language of your choice, Null value for the default.
+ * @returns plaintext C string which must be freed by caller
+ */
+OSCAP_API char *xccdf_policy_get_readable_item_rationale(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang);
+
 /**
  * Get human readable description of given XCCDF Item. This function searches for description
  * with the best matching language and resolves any inner <xccdf:sub> substitution (in accordance

src/XCCDF_POLICY/xccdf_policy.c

@@ -132,33 +132,53 @@ static struct oscap_iterator *_xccdf_policy_get_engines_by_sysname(struct xccdf_
 	return oscap_iterator_new_filter(policy->model->engines, (oscap_filter_func) xccdf_policy_engine_filter, (void *) sysname);
 }
 
+static char *_xccdf_policy_get_readable_item_text(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang, struct oscap_text_iterator *it)
+{
+	struct oscap_text *unresolved_text = oscap_textlist_get_preferred_text(it, preferred_lang);
+	if (!unresolved_text)
+		return oscap_strdup("");
+	const char *unresolved = oscap_text_get_text(unresolved_text);
+	/* Resolve <xccdf:sub> elements */
+	char *resolved = xccdf_policy_substitute(unresolved, policy);
+	/* Get rid of xhtml elements */
+	char *plaintext = _xhtml_to_plaintext(resolved);
+	free(resolved);
+	char *filtered_plaintext = oscap_remove_excess_whitespace(plaintext);
+	free(plaintext);
+	return filtered_plaintext;
+}
+
 char *xccdf_policy_get_readable_item_title(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang)
 {
 	struct oscap_text_iterator *title_it = xccdf_item_get_title(item);
-	char *unresolved = oscap_textlist_get_preferred_plaintext(title_it, preferred_lang);
+	char *readable_text = _xccdf_policy_get_readable_item_text(policy, item, preferred_lang, title_it);
 	oscap_text_iterator_free(title_it);
-	if (!unresolved)
-		return oscap_strdup("");
-	char *resolved = xccdf_policy_substitute(unresolved, policy);
-	free(unresolved);
-	return resolved;
+	return readable_text;
+}
+
+bool xccdf_policy_get_show_rule_details(struct xccdf_policy *policy)
+{
+	if (policy == NULL)
+		return false;
+	return policy->show_rule_details;
 }
 
 char *xccdf_policy_get_readable_item_description(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang)
 {
-	/* Get description in prefered language */
+	/* Get description in preferred language */
 	struct oscap_text_iterator *description_it = xccdf_item_get_description(item);
-	struct oscap_text *unresolved_text = oscap_textlist_get_preferred_text(description_it, preferred_lang);
+	char *readable_text = _xccdf_policy_get_readable_item_text(policy, item, preferred_lang, description_it);
 	oscap_text_iterator_free(description_it);
-	if (!unresolved_text)
-		return oscap_strdup("");
-	const char *unresolved = oscap_text_get_text(unresolved_text);
-	/* Resolve <xccdf:sub> elements */
-	char *resolved = xccdf_policy_substitute(unresolved, policy);
-	/* Get a rid of xhtml elements */
-	char *plaintext = _xhtml_to_plaintext(resolved);
-	free(resolved);
-	return plaintext;
+	return readable_text;
+}
+
+char *xccdf_policy_get_readable_item_rationale(struct xccdf_policy *policy, struct xccdf_item *item, const char *preferred_lang)
+{
+	/* Get rationale in preferred language */
+	struct oscap_text_iterator *rat_it = xccdf_item_get_rationale(item);
+	char *readable_text = _xccdf_policy_get_readable_item_text(policy, item, preferred_lang, rat_it);
+	oscap_text_iterator_free(rat_it);
+	return readable_text;
 }
 
 /**
@@ -1934,6 +1954,7 @@ struct xccdf_policy * xccdf_policy_new(struct xccdf_policy_model * model, struct
             xccdf_policy_resolve_item(policy, item, true);
         }
         xccdf_item_iterator_free(item_it);
+	policy->show_rule_details = model->show_rule_details;
 	return policy;
 }
 
@@ -2371,4 +2392,7 @@ void xccdf_value_binding_free(struct xccdf_value_binding * binding) {
         free(binding);
 }
 
-
+void xccdf_policy_model_set_show_rule_details(struct xccdf_policy_model *policy_model, bool show_rule_details)
+{
+	policy_model->show_rule_details = show_rule_details;
+}

src/XCCDF_POLICY/xccdf_policy_priv.h

@@ -44,6 +44,7 @@ struct xccdf_policy_model {
 	struct oscap_list       * engines;      ///< Callbacks for checking engines (see xccdf_policy_engine)
 
 	struct cpe_session *cpe;
+	bool show_rule_details;
 };
 
 /**
@@ -77,6 +78,7 @@ struct xccdf_policy {
 		char *href;
 		char *title;
 	} reference_filter;
+	bool show_rule_details;
 };
 
 

src/common/public/oscap_helpers.h

@@ -69,4 +69,12 @@ OSCAP_API char *oscap_dirname(char *path);
  */
 OSCAP_API char *oscap_strtok_r(char *str, const char *delim, char **saveptr);
 
+/**
+ * Indent a string
+ * @param str string to indent
+ * @param indent number of spaces to indent
+ * @return indented string
+ */
+OSCAP_API char *oscap_indent(const char *str, int indent);
+
 #endif /* OSCAP_HELPERS_H */

src/common/util.c

@@ -504,3 +504,94 @@ char *oscap_concat(char *str1, char *str2)
 	strncat(str1, str2, str2_len);
 	return str1;
 }
+
+char *oscap_indent(const char *str, int indent)
+{
+	if (str == NULL) {
+		return NULL;
+	}
+	if (indent <= 0) {
+		return oscap_strdup(str);
+	}
+
+	size_t line_count = 1;
+	for (const char *p = str; *p; p++) {
+		if (*p == '\n' && *(p + 1) != '\0') {
+			line_count++;
+		}
+	}
+
+	size_t str_len = strlen(str);
+	size_t result_len = str_len + (indent * line_count);
+	char *result = malloc(result_len + 1);
+	if (result == NULL) {
+		return NULL;
+	}
+
+	char *dst = result;
+	const char *src = str;
+
+	if (*src != '\n') {
+		for (int i = 0; i < indent; i++) {
+			*dst++ = ' ';
+		}
+	}
+
+	while (*src) {
+		*dst++ = *src;
+		if (*src == '\n' && *(src + 1) != '\0' && *(src + 1) != '\n') {
+			// Add indent after newline (unless it's the last character)
+			for (int i = 0; i < indent; i++) {
+				*dst++ = ' ';
+			}
+		}
+		src++;
+	}
+	
+	*dst = '\0';
+	return result;
+}
+
+char *oscap_remove_excess_whitespace(const char *str)
+{
+	if (str == NULL) {
+		return NULL;
+	}
+
+	size_t str_len = strlen(str);
+	char *result = malloc(str_len + 1);
+	if (result == NULL) {
+		return NULL;
+	}
+
+	const char *src = str;
+	char *dst = result;
+	bool at_line_start = true;
+	int trailing_spaces = 0;
+
+	while (*src) {
+		if (*src == '\n') {
+			trailing_spaces = 0;
+			if (!at_line_start) {
+				*dst++ = '\n';
+			}
+			at_line_start = true;
+			src++;
+		} else if (at_line_start && isspace(*src)) {
+			src++;
+		} else if (isspace(*src)) {
+			trailing_spaces++;
+			src++;
+		} else {
+			at_line_start = false;
+			for (int i = 0; i < trailing_spaces; i++) {
+				*dst++ = ' ';
+			}
+			trailing_spaces = 0;
+			*dst++ = *src++;
+		}
+	}
+
+	*dst = '\0';
+	return result;
+}