Add new independent test to support running shell commands called shellcommand #192
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Modified to refine shellcommand_test. Removed 'label' element from object and state. Added 'shell' element to object and state. Removed 'result' element from state and replaced with 'exist_status', 'stdout_line', and 'stderror_line'. There is still some question about how to handle stderr output as the stderr info will not necessarily be directly related to a specific item.
Changes to shellcommand_item. Added 'shell' element. Removed 'label' element. Added 'exit_status, 'stdout_line', and 'stderr_line'. There is still some question about how to handle stderr output as the stderr info will not necessarily be directly related to a specific item.
In SHELLCOMMAND_TEST: - Added 'shell' element to object. - Removed 'label' elements from object and state. - Added 'stdout_line' element to object and state. - Added 'exit_status' element to object and state. - Added 'stderr' element to object and state.
In SHELLCOMMAND_ITEM: - Added 'shell' element. - Removed 'label' element. - Added 'stdout_line' element. - Added 'exit_status' element. - Added 'stderr' element.
Modified shellcommand item so that each line of STDOUT produces a new item 'stdout_line' element and each line of STDERR produces a new item 'stderr_line' element. Corrected some documentation and min and max occurs to reflect these changes.
Changed to reflect that each line of STDOUT will produce an item 'stdout_line' element and each line of STDERR will produce an item 'stderr_line' element.
|
I've added anyone who commented on issue #150 as a reviewer of this. We really just need one person to sign off on this, as it's not a complex addition. As soon as this is pulled into developed OVAL 5.12 is essentially 'done' |
solind
requested changes
Nov 25, 2024
| <xsd:annotation> | ||
| <xsd:documentation>The shellcommand_object is used by a shellcommand_test to define a shell to use (e.g. sh, bash, ksh, etc.), a command (or shell script) to be run, and a pattern to filter result lines. The default shell is bash. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. | ||
|
|
||
| The evaluation of the object should always produce at least one item. If the object evaluation does not produce output that should result in an item, one should be created with a status of 'does not exist' and, if possible, the exit_status and any STDERR from the system call should be captured in that item. |
There was a problem hiding this comment.
Should read: "... should always produce one item."
There was a problem hiding this comment.
... per variable value permutation, naturally, being implied.
There was a problem hiding this comment.
But you didn't change the text to say: "The evaluation of the object should always produce one item."
There was a problem hiding this comment.
Actually, I think you should rewrite it as follows:
The evaluation of the object should always produce one item. If the command execution does not produce output, an item should still be created with the exit_status (AKA process exit code), a stdout entity with a status of 'does not exist', and any STDERR from the execution captured in stderr_line entities.
| <xsd:annotation> | ||
| <xsd:documentation>The 'pattern' is a regular expression that identifies lines in 'command' results that are to produce OVAL items. Any result line via STDOUT that matches the pattern is kept as an item stdout_line element. Any that do not are discarded. If the pattern element is empty or does not exist, all results lines are kept. | ||
|
|
||
| A subexpression (using parentheses) can call out a piece of the matched stdout_line to test. For example, the pattern abc(.*)xyz would look for a block of text in the file that starts with abc and ends with xyz, with the subexpression being all the characters that exist in between. The value of the subexpression can then be tested using the subexpression entity of a shellcommand_state. Note that if the pattern, starting at the same point in the line, matches more than one block of text, then it matches the longest. For example, given a file with abcdefxyzxyzabc, then the pattern abc(.*)xyz would match the block abcdefxyzxyz. Subexpressions also match the longest possible substrings, subject to the constraint that the whole match be as long as possible, with subexpressions starting earlier in the pattern taking priority over ones starting later. |
There was a problem hiding this comment.
"... in the file ..." should be changed to "... in the output ..."
also "... given a file with ..." -> "... given output with ..."
Fixed shell to use be ShellType Added platform specific default shell Added Zsh for macOS (and some linux) Fixed subexpression notes from 'file' to 'output'
|
@solind with the exception of the subexpression entity item type (which matches methods from textfilecontent) I think I've made all of your recommended changes. I'm open to changing the subexpression as well, just feels wrong to have it different from the other test we are basing it on. |
|
@solind unless you have a solution for the different default shells per OS, I think it's ready for merge. |
solind
requested changes
Nov 26, 2024
| <xsd:annotation> | ||
| <xsd:documentation>The shellcommand_object is used by a shellcommand_test to define a shell to use (e.g. sh, bash, ksh, etc.), a command (or shell script) to be run, and a pattern to filter result lines. The default shell is bash. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. | ||
|
|
||
| The evaluation of the object should always produce at least one item. If the object evaluation does not produce output that should result in an item, one should be created with a status of 'does not exist' and, if possible, the exit_status and any STDERR from the system call should be captured in that item. |
There was a problem hiding this comment.
But you didn't change the text to say: "The evaluation of the object should always produce one item."
| <xsd:annotation> | ||
| <xsd:documentation>The shellcommand_object is used by a shellcommand_test to define a shell to use (e.g. sh, bash, ksh, etc.), a command (or shell script) to be run, and a pattern to filter result lines. The default shell is bash. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. | ||
|
|
||
| The evaluation of the object should always produce at least one item. If the object evaluation does not produce output that should result in an item, one should be created with a status of 'does not exist' and, if possible, the exit_status and any STDERR from the system call should be captured in that item. |
There was a problem hiding this comment.
Actually, I think you should rewrite it as follows:
The evaluation of the object should always produce one item. If the command execution does not produce output, an item should still be created with the exit_status (AKA process exit code), a stdout entity with a status of 'does not exist', and any STDERR from the execution captured in stderr_line entities.
|
Thanks @solind, I thought I changed that, but it either I missed it, or it existed in more than one location. Committed based on your latest recommendation. |
solind
approved these changes
Nov 26, 2024
vanderpol
deleted the
150-add-new-independent-test-to-support-running-shell-commands-called-shellcommand
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds the capability discussed in #150