saf icon indicating copy to clipboard operation
saf copied to clipboard

Published 20 hours ago verified publisher icon mitre

Explain SAF attest apply error - improve debug output

Open em-c-rod opened this issue 2 years ago • 0 comments

When running the command:

saf attest apply -i ./results/nginx_hardened_results.json ./results/manual_attestation_results.json -o ./results/nginx_hardened_with_manual_attestations.json

with an improperly formatted manual attestations file (./results/manual_attestation_results.json)

the error message just states:

Unknown input file: ./results/manual_attestation_results.json which is not very helpful.

The issue with the file itself is that there was a manual attestation entry with no control ID listed like the following:

[
  {
    "control_id": "",
    "explanation": "V-40792",
    "frequency": "1d",
    "status": "failed",
    "updated": "2023-02-14T17:32:48.002Z",
    "updated_by": "Emily"
  },
  {
    "control_id": "V-40792",
    "explanation": "Verified that the server-side session management is configured correctly.",
    "frequency": "3m",
    "status": "passed",
    "updated": "2023-02-14T17:33:36.895Z",
    "updated_by": "Emily"
  },
  {
    "control_id": "V-41674",
    "explanation": "The log data and records from the NGINX web server must be backed up onto a different system or media.",
    "frequency": "3m",
    "status": "failed",
    "updated": "2023-02-14T17:35:05.625Z",
    "updated_by": "Emily"
  }
]

Can we improve the output to the user so it is clear why their saf attest apply command is failing? This specific example comes from the SAF User class.

em-c-rod avatar Feb 15 '23 16:02 em-c-rod