search

OpenSCAP / scap-workbench

SCAP Scanner And Tailoring Graphical User Interface
https://www.open-scap.org/tools/scap-workbench
GNU General Public License v3.0
226 stars 64 forks source link

Option 'Fetch remote resources' is displayed and available for use while target is a local machine #255

Closed Ricky-Tigg closed 4 years ago

Ricky-Tigg commented 4 years ago

Component/OS: scap-workbench.x86_64 1.2.1-2.fc32 @fedora; compiled with Qt 5.13.2, using OpenSCAP 1.3.2

Option Fetch remote resources is displayed and available for use while the target is Local Machine. Probably it is aimed to not be so in that case.

scap-workbench_v 1 2 1_local_machine

redhatrises commented 4 years ago

@Ricky-Tigg this is expected behavior. In this case, the content pulls down remote CVE OVAL feed.

Ricky-Tigg commented 4 years ago

Tool-tip tied to that option:

workbench_1 2 1_fetch-remote_resources_tool-tip

I might have misinterpreted the context if not the key-words upon winch the present report was sent. In the expression "download of remote" download implicitly refers to download from and remote implicitly refers to remote resource.

evgenyz commented 4 years ago

@Ricky-Tigg What change you are suggesting, exactly?

Ricky-Tigg commented 4 years ago 
$ man oscap
--fetch-remote-resources
Allow download of remote components referenced from Datastream.

Output while that option is selected alone along with Dry run:

oscap xccdf eval --fetch-remote-resources --datastream-id scap_org.open-scap_datastream_from_xccdf_ssg-fedora-xccdf-1.2.xml --xccdf-id scap_org.open-scap_cref_ssg-fedora-xccdf-1.2.xml --profile xccdf_org.ssgproject.content_profile_ospp --oval-results --results /tmp/xccdf-results.xml --results-arf /tmp/arf.xml --report /tmp/report.html /tmp/scap-workbench-ChfcwQ/ssg-fedora-ds.xml

Tha very command did not require from user any interaction that would achieve the task suggested by tool-tip "download of remote". It even behaved the same as without the option --fetch-remote-resources.

evgenyz commented 4 years ago

The option will affect behaviour of the scanner only when DataStream used for scanning would contain some remote resources (like CVE OVAL feed reference).

evgenyz commented 4 years ago

It is absolutely unrelated to the fact that target machine is local or remote. The only thing in common is the very word 'remote', which is unavoidable, I guess.

Ricky-Tigg commented 4 years ago

in manual page there is no complementary syntax tied to option --fetch-remote-resources; you note it there by yourself it is mentioned alone. No mention indeed referring to "contain some remote resources (like CVE OVAL feed reference).".