The convert_stig function crashes on Rules containing an array of `ident` values instead of single `ident` value.

The convert_stig function crashes on Rules containing an array of ident values instead of single ident value.

Example STIG: U_AAA_Services_V1R2_SRG See: 33rd Rule, title: SRG-APP-000516-AAA-000350

SRG-APP-000516-AAA-000350AAA Services must be configured to use at least two NTP servers to synchronize time.<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside of the configured acceptable allowance (drift) may be inaccurate. Additionally, unnecessary synchronization may have an adverse impact on system performance and may indicate malicious activity. If the internal clock is not used, the system may not be able to provide time stamps for log messages. Additionally, externally generated time stamps may not be accurate. Applications can use the capability of an operating system or purpose-built module for this purpose. Synchronizing the internal clock using NTP provides uniformity for all system clocks over a network. NTP provides an efficient and scalable method for network devices to synchronize to an accurate time source.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target SRG-APP-AAADISADPMS TargetSRG-APP-AAA3357CCI-000366CCI-001891Configure AAA Services to use two separate NTP servers. Both a primary and backup NTP server must be identified in the configuration.Verify AAA Services are configured to use at least two NTP servers to synchronize time. Both a primary and backup NTP server must be identified in the configuration. AAA Services may leverage the capability of an operating system. If AAA Services are not configured to use at least two separate NTP servers, this is a finding.

The problematic code starts at line #113.

        ## HANDLE MULTIPLE IDENT ENTRIES (CCI)
        if len(IDENT) == 2:
            IDENT = IDENT['#text']
        else:
            ## DEFINE EMPTY RESULTS
            RESULTS = ""

            ## LOOP THROUGH ALL CCI NUMBERS
            for RESULT in IDENT:
                RESULTS += RESULT['#text'] + ","

            ## REMOVE LAST ','
            IDENT = RESULTS.rstrip(RESULTS[-1])

Here is some output with some print statements added showing what happens:

RESULTS = convert_xccdf(RAW_STIG)
1 =================
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000382'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000382'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000015'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000016'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001682'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001682'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000017'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000018'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001403'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001404'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001405'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001683'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001684'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001685'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001686'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-002130'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-002132'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-002169'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000044'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-002238'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000130'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000131'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000132'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000133'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000134'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001487'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001851'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000139'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000140'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000140'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000159'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001889'}
2 ======= {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001890'}
2 ======= [{'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-000366'}, {'@system': 'http://iase.disa.mil/cci', '#text': 'CCI-001891'}]
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "<stdin>", line 27, in convert_xccdf
TypeError: list indices must be integers or slices, not str

pkeech / stig_parser

The convert_stig function crashes on Rules containing an array of `ident` values instead of single `ident` value. #37