Merge pull request #249 from jan-cerny/remove_old_code

matejak · web-flow · commit 6c595ad640e5 · 2020-03-02T14:43:14.000+01:00
Use only library calls to generate remediation
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -49,12 +49,8 @@ endif()
 # Local scanning tools
 option(SCAP_WORKBENCH_LOCAL_SCAN_ENABLED "If enabled, scanning of local machine is possible from workbench. Else the option is disabled in the GUI." TRUE)
 
-option(SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION "If enabled, result-based remediation roles will be generated by calls to the libopenscap library (instead of being generated by the oscap subprocess). Requires openscap>=1.2.16" FALSE)
-
-if (SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION)
-    if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16)  # i.e. oscap<1.2.16
-        message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
-    endif()
+if(${OPENSCAP_VERSION_MAJOR} LESS 2 AND ${OPENSCAP_VERSION_MINOR} LESS 3 AND ${OPENSCAP_VERSION_PATCH} LESS 16)  # i.e. oscap<1.2.16
+    message(FATAL_ERROR "Library-powered generation of result-based remediation roles is supported only if you have oscap>=1.2.16, whereas you have oscap==${OPENSCAP_VERSION}")
 endif()
 
 find_program(NICE_EXECUTABLE NAMES nice) # fully optional, local scan still available when missing
diff --git a/include/Config.h.in b/include/Config.h.in
@@ -40,7 +40,6 @@
 #define SCAP_WORKBENCH_LOCAL_PKEXEC_OSCAP_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-pkexec-oscap.sh"
 #define SCAP_WORKBENCH_LOCAL_RPM_EXTRACT_PATH "@CMAKE_INSTALL_FULL_LIBEXECDIR@/scap-workbench-rpm-extract.sh"
 #define SCAP_WORKBENCH_REMOTE_OSCAP_PATH "oscap"
-#cmakedefine SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
 #cmakedefine SCAP_WORKBENCH_LOCAL_SSH_FOUND
 #define SCAP_WORKBENCH_LOCAL_SSH_PATH "@SSH_EXECUTABLE@"
 #cmakedefine SCAP_WORKBENCH_LOCAL_SETSID_FOUND
diff --git a/include/RemediationRoleSaver.h b/include/RemediationRoleSaver.h
@@ -93,45 +93,6 @@ class PuppetProfileRemediationSaver : public ProfileBasedRemediationSaver
 };
 
 
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-/// Base for all result-based remediation generators that uses oscap process
-class ResultBasedProcessRemediationSaver : public RemediationSaverBase
-{
-    public:
-        ResultBasedProcessRemediationSaver(
-                QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
-                const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType);
-
-    private:
-        virtual void saveToFile(const QString& filename);
-        SpacelessQTemporaryFile mArfFile;
-        QString tailoring;
-};
-
-
-class BashResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
-    public:
-        BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-
-class AnsibleResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
-    public:
-        AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-
-class PuppetResultRemediationSaver : public ResultBasedProcessRemediationSaver
-{
-    public:
-        PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
-};
-
-#else  // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
-
-/// Base for all result-based remediation generators that uses the openscap library
 class ResultBasedLibraryRemediationSaver : public RemediationSaverBase
 {
     public:
@@ -165,7 +126,5 @@ class PuppetResultRemediationSaver : public ResultBasedLibraryRemediationSaver
         PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath);
 };
 
-#endif  // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-
 
 #endif // SCAP_WORKBENCH_REMEDIATION_ROLE_SAVER_H_
diff --git a/src/RemediationRoleSaver.cpp b/src/RemediationRoleSaver.cpp
@@ -35,11 +35,7 @@ extern "C"
 #include <xccdf_benchmark.h>
 #include <xccdf_policy.h>
 #include <xccdf_session.h>
-#ifdef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-    // vvv This include is used only for library-based generation of result-base remediation roles
-    // vvv and it requires (relatively recent) openscap 1.2.16
 #include <ds_rds_session.h>
-#endif
 }
 
 
@@ -163,88 +159,6 @@ PuppetProfileRemediationSaver::PuppetProfileRemediationSaver(QWidget* parentWind
             puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
 {}
 
-#ifndef SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
-ResultBasedProcessRemediationSaver::ResultBasedProcessRemediationSaver(
-        QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
-        const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
-    RemediationSaverBase(parentWindow, saveMessage, filetypeExtension, filetypeTemplate, fixType)
-{
-    mArfFile.setAutoRemove(true);
-    mArfFile.open();
-    mArfFile.write(arfContents);
-    mArfFile.close();
-    tailoring = tailoringFilePath;
-}
-
-void ResultBasedProcessRemediationSaver::saveToFile(const QString& filename)
-{
-    QStringList args;
-    args.append("xccdf");
-    args.append("generate");
-    args.append("fix");
-
-    args.append("--template");
-    args.append(mTemplateString);
-    args.append("--output");
-    args.append(filename);
-
-    // vvv This will work, if there is only one result ID in the ARF file, it will be picked no matter what the argument value is.
-    // However, ommitting --result-id "" won't work.
-    args.append("--result-id");
-    args.append("");
-
-    if (!tailoring.isNull()) {
-        args.append("--tailoring-file");
-        args.append(tailoring.toUtf8().constData());
-    }
-
-    args.append(mArfFile.fileName());
-
-    // Launching a process and going through its output is something we do already in OscapScannerLocal::evaluate()
-    // This is a lightweight launch though.
-    QProcess process(mParentWindow);
-
-    SpacelessQTemporaryDir workingDir;
-    process.setWorkingDirectory(workingDir.path());
-    QString program(SCAP_WORKBENCH_LOCAL_OSCAP_PATH);
-
-    process.start(program, args);
-    process.waitForStarted();
-
-    const unsigned int remediationGenerationTimeout = 10000;
-
-    const int process_finished_on_time = process.waitForFinished(remediationGenerationTimeout);
-
-    if (!process_finished_on_time)
-    {
-        QString message = QObject::tr("The process that was supposed to generate remediations didn't finish on time (i.e. within %1 secs), so it was terminated.").arg(remediationGenerationTimeout / 1000);
-        process.kill();
-        throw std::runtime_error(message.toUtf8().constData());
-    }
-
-    if (process.exitCode() != 0)
-    {
-        QString completeErrorMessage(QObject::tr("Exit code of 'oscap' was %1: %2"));
-        throw std::runtime_error(completeErrorMessage.arg(process.exitCode()).arg(QString(process.readAllStandardError())).toUtf8().constData());
-    }
-}
-
-BashResultRemediationSaver::BashResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
-    ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
-            bashSaveMessage, bashFiletypeExtension, bashFiletypeTemplate, bashFixTemplate)
-{}
-
-AnsibleResultRemediationSaver::AnsibleResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
-    ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
-            ansibleSaveMessage, ansibleFiletypeExtension, ansibleFiletypeTemplate, ansibleFixType)
-{}
-
-PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath):
-    ResultBasedProcessRemediationSaver(parentWindow, arfContents, tailoringFilePath,
-            puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
-{}
-
-#else  // i.e. SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION is defined
 ResultBasedLibraryRemediationSaver::ResultBasedLibraryRemediationSaver(
         QWidget* parentWindow, const QByteArray& arfContents, const QString& tailoringFilePath,
         const QString& saveMessage, const QString& filetypeExtension, const QString& filetypeTemplate, const QString& fixType):
@@ -343,4 +257,3 @@ PuppetResultRemediationSaver::PuppetResultRemediationSaver(QWidget* parentWindow
             puppetSaveMessage, puppetFiletypeExtension, puppetFiletypeTemplate, puppetFixType)
 {}
 
-#endif  // SCAP_WORKBENCH_USE_LIBRARY_FOR_RESULT_BASED_REMEDIATION_ROLES_GENERATION
