Blame SOURCES/openscap-1.2.14-warning-by-default-PR-630.patch

160b6f
From bb66711ed1151a5dfaa52a9ba4ad3658bdf546f7 Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Wed, 4 Jan 2017 16:41:31 -0500
160b6f
Subject: [PATCH 1/9] Make WARNING the default verbosity level
160b6f
160b6f
---
160b6f
 src/common/debug.c | 2 +-
160b6f
 1 file changed, 1 insertion(+), 1 deletion(-)
160b6f
160b6f
diff --git a/src/common/debug.c b/src/common/debug.c
160b6f
index bbcad4583..71d345a9d 100644
160b6f
--- a/src/common/debug.c
160b6f
+++ b/src/common/debug.c
160b6f
@@ -85,7 +85,7 @@ oscap_verbosity_levels oscap_verbosity_level_from_cstr(const char *level_name)
160b6f
 bool oscap_set_verbose(const char *verbosity_level, const char *filename, bool is_probe)
160b6f
 {
160b6f
 	if (verbosity_level == NULL) {
160b6f
-		return true;
160b6f
+		verbosity_level = "WARNING";
160b6f
 	}
160b6f
 	__debuglog_level = oscap_verbosity_level_from_cstr(verbosity_level);
160b6f
 	if (__debuglog_level == DBG_UNKNOWN) {
160b6f
160b6f
From 54d66d5db6ab4e3fc24c05e239b7a4c474e3b20e Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Wed, 1 Feb 2017 13:24:47 -0500
160b6f
Subject: [PATCH 3/9] Changed a warning about parsing without benchmark
160b6f
 reference to info
160b6f
160b6f
It's not a serious warning and in many use-cases is expected.
160b6f
---
160b6f
 src/XCCDF/tailoring.c | 2 +-
160b6f
 1 file changed, 1 insertion(+), 1 deletion(-)
160b6f
160b6f
diff --git a/src/XCCDF/tailoring.c b/src/XCCDF/tailoring.c
160b6f
index dd2379e5f..4fe9e5d88 100644
160b6f
--- a/src/XCCDF/tailoring.c
160b6f
+++ b/src/XCCDF/tailoring.c
160b6f
@@ -187,7 +187,7 @@ struct xccdf_tailoring *xccdf_tailoring_parse(xmlTextReaderPtr reader, struct xc
160b6f
 		}
160b6f
 		case XCCDFE_PROFILE: {
160b6f
 			if (benchmark != NULL) {
160b6f
-				dW("Parsing Tailoring Profiles without reference to Benchmark");
160b6f
+				dI("Parsing Tailoring Profiles without reference to Benchmark");
160b6f
 			}
160b6f
 			struct xccdf_item *item = xccdf_profile_parse(reader, benchmark);
160b6f
 			if (!xccdf_tailoring_add_profile(tailoring, XPROFILE(item))) {
160b6f
160b6f
From 3ef6685ae05007f7328b9284c0fcb22732b38f00 Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Wed, 1 Feb 2017 14:00:54 -0500
160b6f
Subject: [PATCH 4/9] Filter expected permission errors from stderr in
160b6f
 test_sysctl_probe_all.sh
160b6f
160b6f
---
160b6f
 tests/probes/sysctl/test_sysctl_probe_all.sh | 2 ++
160b6f
 1 file changed, 2 insertions(+)
160b6f
160b6f
diff --git a/tests/probes/sysctl/test_sysctl_probe_all.sh b/tests/probes/sysctl/test_sysctl_probe_all.sh
160b6f
index 1b725231d..8e763ac37 100755
160b6f
--- a/tests/probes/sysctl/test_sysctl_probe_all.sh
160b6f
+++ b/tests/probes/sysctl/test_sysctl_probe_all.sh
160b6f
@@ -28,6 +28,8 @@ grep unix-sys:name "$result" | sed -E 's;.*>(.*)<.*;\1;g' | sort > "$ourNames"
160b6f
 
160b6f
 diff "$sysctlNames" "$ourNames"
160b6f
 
160b6f
+# remove oscap error message related to permissions from stderr
160b6f
+sed -i -E "/^E: lt-probe_sysctl: Can't read sysctl value from /d" "$stderr"
160b6f
 [ ! -s $stderr ]
160b6f
 
160b6f
 rm $stderr $result $ourNames $sysctlNames
160b6f
160b6f
From 789486ee35410af0fc5739e2d68436470f2b3006 Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Wed, 1 Feb 2017 14:51:34 -0500
160b6f
Subject: [PATCH 5/9] Filter out the expected error in sql57 probe test
160b6f
160b6f
---
160b6f
 tests/probes/sql57/unsupported_engine.sh | 2 ++
160b6f
 1 file changed, 2 insertions(+)
160b6f
160b6f
diff --git a/tests/probes/sql57/unsupported_engine.sh b/tests/probes/sql57/unsupported_engine.sh
160b6f
index f90d6c8b7..6243cff35 100755
160b6f
--- a/tests/probes/sql57/unsupported_engine.sh
160b6f
+++ b/tests/probes/sql57/unsupported_engine.sh
160b6f
@@ -10,6 +10,8 @@ echo "stderr file: $stderr"
160b6f
 
160b6f
 echo "Evaluating content."
160b6f
 $OSCAP oval eval --results $result $srcdir/${name}.oval.xml 2> $stderr
160b6f
+# filter out the expected error in stderr
160b6f
+sed -i -E "/^E: lt-probe_sql57: DB engine not supported: sqlserver/d" "$stderr"
160b6f
 [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr
160b6f
 echo "Validating results."
160b6f
 #$OSCAP oval validate-xml --results --schematron $result
160b6f
160b6f
From cdff2e8504c19f473cbe3b1c64f56b99f13106af Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Wed, 8 Feb 2017 15:04:17 -0500
160b6f
Subject: [PATCH 6/9] Do not output errors if check engine plugin auto-loading
160b6f
 fails
160b6f
160b6f
If SCE is not installed it will fail in an expected way and it makes no
160b6f
sense to clutter the error log with it. Explicit plugin loading via the
160b6f
API will still fail with errors.
160b6f
---
160b6f
 src/XCCDF/public/xccdf_session.h              |  3 +++
160b6f
 src/XCCDF/xccdf_session.c                     | 11 ++++++++---
160b6f
 src/XCCDF_POLICY/check_engine_plugin.c        | 26 +++++++++++++++++---------
160b6f
 src/XCCDF_POLICY/public/check_engine_plugin.h |  1 +
160b6f
 utils/oscap.c                                 |  3 ++-
160b6f
 5 files changed, 31 insertions(+), 13 deletions(-)
160b6f
160b6f
diff --git a/src/XCCDF/public/xccdf_session.h b/src/XCCDF/public/xccdf_session.h
160b6f
index e1473aebe..2f1bf87c1 100644
160b6f
--- a/src/XCCDF/public/xccdf_session.h
160b6f
+++ b/src/XCCDF/public/xccdf_session.h
160b6f
@@ -358,8 +358,11 @@ int xccdf_session_load_oval(struct xccdf_session *session);
160b6f
  *
160b6f
  * @memberof xccdf_session
160b6f
  * @param session XCCDF Session
160b6f
+ * @param plugin_name Name of the plugin to load
160b6f
+ * @param quiet If true we will not output errors if loading fails
160b6f
  * @returns zero on success
160b6f
  */
160b6f
+int xccdf_session_load_check_engine_plugin2(struct xccdf_session *session, const char* plugin_name, bool quiet);
160b6f
 int xccdf_session_load_check_engine_plugin(struct xccdf_session *session, const char* plugin_name);
160b6f
 
160b6f
 /**
160b6f
diff --git a/src/XCCDF/xccdf_session.c b/src/XCCDF/xccdf_session.c
160b6f
index 3474e265e..60ea38bae 100644
160b6f
--- a/src/XCCDF/xccdf_session.c
160b6f
+++ b/src/XCCDF/xccdf_session.c
160b6f
@@ -945,9 +945,9 @@ int xccdf_session_load_oval(struct xccdf_session *session)
160b6f
 	return 0;
160b6f
 }
160b6f
 
160b6f
-int xccdf_session_load_check_engine_plugin(struct xccdf_session *session, const char *plugin_name)
160b6f
+int xccdf_session_load_check_engine_plugin2(struct xccdf_session *session, const char *plugin_name, bool quiet)
160b6f
 {
160b6f
-	struct check_engine_plugin_def *plugin = check_engine_plugin_load(plugin_name);
160b6f
+	struct check_engine_plugin_def *plugin = check_engine_plugin_load2(plugin_name, quiet);
160b6f
 
160b6f
 	if (!plugin)
160b6f
 		return -1; // error already set
160b6f
@@ -964,6 +964,11 @@ int xccdf_session_load_check_engine_plugin(struct xccdf_session *session, const
160b6f
 	}
160b6f
 }
160b6f
 
160b6f
+int xccdf_session_load_check_engine_plugin(struct xccdf_session *session, const char *plugin_name)
160b6f
+{
160b6f
+	return xccdf_session_load_check_engine_plugin2(session, plugin_name, false);
160b6f
+}
160b6f
+
160b6f
 int xccdf_session_load_check_engine_plugins(struct xccdf_session *session)
160b6f
 {
160b6f
 	xccdf_session_unload_check_engine_plugins(session);
160b6f
@@ -973,7 +978,7 @@ int xccdf_session_load_check_engine_plugins(struct xccdf_session *session)
160b6f
 	while (*known_plugins) {
160b6f
 		// We do not report failure when a known plugin doesn't load properly, that's because they
160b6f
 		// are optional and we don't know if it's not there or if it just failed to load.
160b6f
-		if (xccdf_session_load_check_engine_plugin(session, *known_plugins) != 0)
160b6f
+		if (xccdf_session_load_check_engine_plugin2(session, *known_plugins, true) != 0)
160b6f
 			oscap_clearerr();
160b6f
 
160b6f
 		known_plugins++;
160b6f
diff --git a/src/XCCDF_POLICY/check_engine_plugin.c b/src/XCCDF_POLICY/check_engine_plugin.c
160b6f
index af9791a46..ea9e821b6 100644
160b6f
--- a/src/XCCDF_POLICY/check_engine_plugin.c
160b6f
+++ b/src/XCCDF_POLICY/check_engine_plugin.c
160b6f
@@ -47,7 +47,7 @@ static void check_engine_plugin_def_free(struct check_engine_plugin_def *plugin)
160b6f
 	oscap_free(plugin);
160b6f
 }
160b6f
 
160b6f
-struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
+struct check_engine_plugin_def *check_engine_plugin_load2(const char* path, bool quiet)
160b6f
 {
160b6f
 	struct check_engine_plugin_def *ret = check_engine_plugin_def_new();
160b6f
 
160b6f
@@ -61,9 +61,10 @@ struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
 	if (!ret->module_handle) {
160b6f
 		error = dlerror();
160b6f
 
160b6f
-		oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
-			"Failed to load extra check engine from '%s'. Details: '%s'.",
160b6f
-			path, error);
160b6f
+		if (!quiet)
160b6f
+			oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
+				"Failed to load extra check engine from '%s'. Details: '%s'.",
160b6f
+				path, error);
160b6f
 
160b6f
 		check_engine_plugin_def_free(ret);
160b6f
 		return NULL;
160b6f
@@ -73,9 +74,10 @@ struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
 	*(void **)(&entry_fn) = dlsym(ret->module_handle, STRINGIZE(OPENSCAP_CHECK_ENGINE_PLUGIN_ENTRY));
160b6f
 
160b6f
 	if ((error = dlerror()) != NULL) {
160b6f
-		oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
-			"Failed to retrieve module entry '%s' from loaded extra check engine '%s'. Details: '%s'.",
160b6f
-			STRINGIZE(OPENSCAP_CHECK_ENGINE_PLUGIN_ENTRY), path, error);
160b6f
+		if (!quiet)
160b6f
+			oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
+				"Failed to retrieve module entry '%s' from loaded extra check engine '%s'. Details: '%s'.",
160b6f
+				STRINGIZE(OPENSCAP_CHECK_ENGINE_PLUGIN_ENTRY), path, error);
160b6f
 
160b6f
 		dlclose(ret->module_handle);
160b6f
 		check_engine_plugin_def_free(ret);
160b6f
@@ -83,8 +85,9 @@ struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
 	}
160b6f
 
160b6f
 	if ((*entry_fn)(ret) != 0) {
160b6f
-		oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
-			"Failed to fill check_engine_plugin_def when loading check engine plugin '%s'.", path);
160b6f
+		if (!quiet)
160b6f
+			oscap_seterr(OSCAP_EFAMILY_GLIBC,
160b6f
+				"Failed to fill check_engine_plugin_def when loading check engine plugin '%s'.", path);
160b6f
 
160b6f
 		dlclose(ret->module_handle);
160b6f
 		check_engine_plugin_def_free(ret);
160b6f
@@ -94,6 +97,11 @@ struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
 	return ret;
160b6f
 }
160b6f
 
160b6f
+struct check_engine_plugin_def *check_engine_plugin_load(const char* path)
160b6f
+{
160b6f
+	return check_engine_plugin_load2(path, false);
160b6f
+}
160b6f
+
160b6f
 void check_engine_plugin_unload(struct check_engine_plugin_def *plugin)
160b6f
 {
160b6f
 	if (!plugin->module_handle) {
160b6f
diff --git a/src/XCCDF_POLICY/public/check_engine_plugin.h b/src/XCCDF_POLICY/public/check_engine_plugin.h
160b6f
index 7878fe07f..4a992ae34 100644
160b6f
--- a/src/XCCDF_POLICY/public/check_engine_plugin.h
160b6f
+++ b/src/XCCDF_POLICY/public/check_engine_plugin.h
160b6f
@@ -52,6 +52,7 @@ struct check_engine_plugin_def
160b6f
 	const char *(*get_capabilities_fn)(void**);
160b6f
 };
160b6f
 
160b6f
+struct check_engine_plugin_def *check_engine_plugin_load2(const char* path, bool quiet);
160b6f
 struct check_engine_plugin_def *check_engine_plugin_load(const char* path);
160b6f
 void check_engine_plugin_unload(struct check_engine_plugin_def *plugin);
160b6f
 
160b6f
diff --git a/utils/oscap.c b/utils/oscap.c
160b6f
index 7396101a8..1e966540c 100644
160b6f
--- a/utils/oscap.c
160b6f
+++ b/utils/oscap.c
160b6f
@@ -126,7 +126,8 @@ static int print_versions(const struct oscap_action *action)
160b6f
 	const char * const *known_plugins = check_engine_plugin_get_known_plugins();
160b6f
 	bool known_plugin_found = false;
160b6f
 	while (*known_plugins) {
160b6f
-		struct check_engine_plugin_def *plugin = check_engine_plugin_load(*known_plugins);
160b6f
+		// try to load the plugin but output no errors if it fails (quiet=true)
160b6f
+		struct check_engine_plugin_def *plugin = check_engine_plugin_load2(*known_plugins, true);
160b6f
 		if (plugin) {
160b6f
 			printf("%s (from %s)\n", check_engine_plugin_get_capabilities(plugin), *known_plugins);
160b6f
 			check_engine_plugin_unload(plugin);
160b6f
160b6f
From 703c1045aedf1f826f007a01cf8b387b525c1d55 Mon Sep 17 00:00:00 2001
160b6f
From: Martin Preisler <mpreisle@redhat.com>
160b6f
Date: Thu, 9 Feb 2017 13:54:53 -0500
160b6f
Subject: [PATCH 7/9] Filter out the expected warning in
160b6f
 test_remediation_subs_unresolved
160b6f
160b6f
---
160b6f
 tests/API/XCCDF/unittests/test_remediation_subs_unresolved.sh | 2 ++
160b6f
 1 file changed, 2 insertions(+)
160b6f
160b6f
diff --git a/tests/API/XCCDF/unittests/test_remediation_subs_unresolved.sh b/tests/API/XCCDF/unittests/test_remediation_subs_unresolved.sh
160b6f
index f48239d93..44ae2f772 100755
160b6f
--- a/tests/API/XCCDF/unittests/test_remediation_subs_unresolved.sh
160b6f
+++ b/tests/API/XCCDF/unittests/test_remediation_subs_unresolved.sh
160b6f
@@ -35,6 +35,8 @@ assert_exists 1 '//score[text()="0.000000"]'
160b6f
 ret=0
160b6f
 $OSCAP xccdf eval --remediate --results $result $srcdir/${name}.xccdf.xml 2> $stderr || ret=$?
160b6f
 [ $ret -eq 2 ]
160b6f
+# filter out the expected warning in stderr
160b6f
+sed -i -E "/^W: oscap: The xccdf:rule-result\/xccdf:instance element was not found./d" "$stderr"
160b6f
 [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr
160b6f
 
160b6f
 $OSCAP xccdf validate-xml $result
160b6f