saf icon indicating copy to clipboard operation
saf copied to clipboard

Published 20 hours ago verified publisher icon mitre

Vulnerability discussion with URL not converted properly in 1.2.7 when converting xccdf to inspec.

Open rlakey opened this issue 2 years ago • 4 comments

Given the following vulnerability discussion:

The ESXi Host Client is the UI served up by the host itself, outside of vCenter. It is accessed by browsing to "https://<ESX FQDN>/ui". ESXi is not usually administered via this interface for long periods, and all users will be highly privileged. Implementing a mandatory session idle limit will ensure that orphaned, forgotten, or ignored sessions will be closed promptly.

The InSpec profile discussion contains this:

desc '<0> [object Object]'

I assume the URL is causing this as it's the only piece of text that is different from other controls that are converting ok.

rlakey avatar Mar 15 '23 16:03 rlakey

Is it because it is a URI or a double-quote string inside a string kind of issue

aaronlippold avatar Mar 15 '23 16:03 aaronlippold

Double quoted strings inside strings are handled ok in other controls.

rlakey avatar Mar 15 '23 16:03 rlakey

@rlakey what xccdf file are you using? That way we can reproduce exactly.

em-c-rod avatar Mar 23 '23 21:03 em-c-rod

Try the ESXi one in here: https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y23M03_STIG.zip

Also noticed this same thing for discussions that have <> in them.

rlakey avatar Mar 23 '23 22:03 rlakey