Added --control-id flag

mitre / inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data

https://inspec-tools.mitre.org/

Other

92 stars 30 forks source link

Added --control-id flag #229

Closed wdower closed 3 years ago

wdower commented 3 years ago

Added --control-id flag to xccdf2inspec to allow user to specify if they want the created profile to use legacy vuln IDs (ex. 'V-XXXXX') or rule IDs as the control IDs for the generated profile

resolves #218

Signed-off-by: Will Dower wdower@mitre.org

aaronlippold commented 3 years ago

I'd use a v3 RedHat xccdf

wdower commented 3 years ago

Updated the RHEL7 V1R4 example profile to V3R3

wdower commented 3 years ago

I think we left it a string so that we could eventually use any tag for the control_id as opposed to just a flag for using the legacy vulnID (which for now would need to default to true anyway). But the logic using the variable does expect it to be either ruleID or vulnID.

aaronlippold commented 3 years ago

note that there seem to be at least two ids hat are considered 'legecy' so it looks like it need to be an array

rbclark commented 3 years ago

note that there seem to be at least two ids hat are considered 'legecy' so it looks like it need to be an array

We are already mapping over the legacy array so this shouldn't be an issue.