[Open-scap] XSLT 1.0 transformation for XCCDF 1.1 to 1.2 migration
Peter Vrabec
pvrabec at redhat.com
Wed Mar 21 12:31:01 UTC 2012
Hi,
it seems it can handle scap-security guide too.
$ xsltproc --stringparam reverse_DNS scap-security-guide
~/project/openscap/xsl/xccdf_1.1_to_1.2.xsl rhel6-xccdf-scap-security-
guide.xml > rhel6-xccdf12-scap-security-guide.xml
$ xmllint --noout --schema ~/tmp/xccdf_1.2.xsd rhel6-xccdf12-scap-security-
guide.xml
/home/pvrabec/tmp/cpe-language_2.3.xsd:6: element import: Schemas parser
warning : Element '{http://www.w3.org/2001/XMLSchema}import': Skipping import
of schema located at 'http://www.w3.org/2001/xml.xsd' for the namespace
'http://www.w3.org/XML/1998/namespace', since this namespace was already
imported with the schema located at '/home/pvrabec/tmp/xml.xsd'.
rhel6-xccdf12-scap-security-guide.xml validates
Peter.
---
And now we need a transformation that can convert SCAP 1.0 Zip Bundle to SCAP
1.2 Data Stream and vice versa. In XSLT 1.0! ;)
On Wednesday, March 21, 2012 07:43:59 AM Martin Preisler wrote:
> Hi,
> even though there is an XSLT 2.0 transformation provided [1] it is
> unsuitable for openscap because there are no lightweight XSLT 2.0
> transformators in the open source world (Saxon requires Java which is too
> heavy a dependency for us).
>
> Initially I tried to just port the provided transformation to XSLT 1.0
> (getting rid of xsl:attribute @select and other 2.0-only bits). This proved
> really hard to do as I had a lot of trouble following the flow of the
> provided transformation. So I have decided to write a new transformation
> from scratch instead.
>
> The result can be downloaded from the openscap git repository.
>
> http://git.fedorahosted.org/git?p=openscap.git;a=blob_plain;f=xsl/xccdf_1.1_
> to_1.2.xsl
>
> Differences to the XSLT 2.0 transformation that I know of:
> - deprecated elements that have been removed from XCCDF 1.2 are commented
> (surrounded by <!-- and -->) and a text saying that this element was
> removed from XCCDF 1.2 is added, instead of just moved to metadata - there
> is no separate file to define the reverse DNS namespace in, it's passed as
> a parameter instead - it doesn't touch xsi:schemaLocation attributes at all
> - dangling/invalid references are migrated in a way that will fail XCCDF 1.2
> XSD validation (they will say 'dangling reference to $old_idref')
>
> Usage:
> $ xsltproc --stringparam reverse_DNS YOUR_REVERSE_DNS_NAMESPACE
> xccdf_1.1_to_1.2.xsl FILE_YOU_WANT_TO_MIGRATE > DESTINATION_FILE
>
> example:
> $ xsltproc --stringparam reverse_DNS org.open-scap xccdf_1.1_to_1.2.xsl
> ../dist/fedora/scap-fedora14-xccdf.xml > scap-fedora14-xccdf1.2.xml
>
> Hope this helps, I appreciate all comments!
>
> [1]
> http://making-security-measurable.1364806.n2.nabble.com/Converting-XCCDF-1-
> 1-4-to-XCCDF-1-2-td7308782.html
More information about the Open-scap-list
mailing list