django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

openscap: also importing description and rationale

Open dd-alexander opened this issue 6 months ago • 3 comments

Description

Importing more than just IdRef and Title of XCCDF Findings.

before image

after image

notes

results in the OpenSCAP XCCDF result.xml contain <code> and <pre> boxes for code. html2text seem to not be able to convert those boxes to proper markup for DefunctDojo. Has anybody an idea to somehow improve the style for descriptions?

example description of the result.xml (yes indention is that bad in the original file):

...
          <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Disallow SSH login with empty passwords.
The default SSH configuration disables logins with empty passwords. The appropriate
configuration is used if no value is set for <html:code xmlns:html="http://www.w3.org/1999/xhtml">PermitEmptyPasswords</html:code>.
<html:br xmlns:html="http://www.w3.org/1999/xhtml"/>
To explicitly disallow SSH login from accounts with empty passwords,
add or correct the following line in


<html:code xmlns:html="http://www.w3.org/1999/xhtml">/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf</html:code>:

<html:br xmlns:html="http://www.w3.org/1999/xhtml"/>
        <html:pre xmlns:html="http://www.w3.org/1999/xhtml">PermitEmptyPasswords no</html:pre>
Any accounts with empty passwords should be disabled immediately, and PAM configuration
should prevent users from being able to assign themselves empty passwords.</description>
...

Test results

No unit tests, but checked functionality on running DefectDojo instance.

Checklist

This checklist is for your information.

  • [x] Make sure to rebase your PR against the very latest dev.
  • [x] Features/Changes should be submitted against the dev.
  • [x] Bugfixes should be submitted against the bugfix branch.
  • [x] Give a meaningful name to your PR, as it may end up being used in the release notes.
  • [x] Your code is flake8 compliant.
  • [x] Your code is python 3.11 compliant.
  • [ ] If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
  • [ ] Model changes must include the necessary migrations in the dojo/db_migrations folder.
  • [ ] Add applicable tests to the unit tests.
  • [ ] Add the proper label to categorize your PR.

dd-alexander avatar Jun 13 '25 13:06 dd-alexander