From d0756bf3bc5023542020656b9211b775799fe0a9 Mon Sep 17 00:00:00 2001 From: Christian Fischer Date: Wed, 12 Jun 2024 12:08:36 +0200 Subject: [PATCH] Change: Various deprecated PCIDSS VT relevant clean-ups - Update exclusion pattern after moving some VTs - Remove various exclusion pattern which are no longer required / not valid anymore - Remove multiple TODOs which are no longer required / valid - Adjust tests accordingly --- tests/plugins/test_duplicated_script_tags.py | 4 ++-- troubadix/plugins/dependencies.py | 10 +--------- .../plugins/dependency_category_order.py | 7 ------- troubadix/plugins/deprecated_dependency.py | 7 ------- troubadix/plugins/duplicated_script_tags.py | 4 +--- troubadix/plugins/misplaced_compare_in_if.py | 19 ------------------- troubadix/plugins/reporting_consistency.py | 1 - troubadix/plugins/security_messages.py | 6 +----- troubadix/plugins/spelling.py | 10 +++++----- 9 files changed, 10 insertions(+), 58 deletions(-) diff --git a/tests/plugins/test_duplicated_script_tags.py b/tests/plugins/test_duplicated_script_tags.py index 6946f790..68a35cb4 100644 --- a/tests/plugins/test_duplicated_script_tags.py +++ b/tests/plugins/test_duplicated_script_tags.py @@ -108,7 +108,7 @@ def test_excluded_tag(self): self.assertEqual(len(results), 0) def test_excluded_dependencies(self): - path = Path("gsf/PCIDSS/v2.0/PCI-DSS-2.0.nasl") + path = Path("some/file/just/for/unit/tests.nasl") content = ( ' script_dependencies("vt1.nasl", "vt2.nasl");\n' ' script_dependencies("vt3.nasl", "vt4.nasl");\n' @@ -123,7 +123,7 @@ def test_excluded_dependencies(self): self.assertEqual(len(results), 0) def test_not_excluded_dependencies(self): - path = Path("v2.0/PCI-DSS-2.0.nasl") + path = Path("unit/tests.nasl") content = ( ' script_dependencies("vt1.nasl", "vt2.nasl");\n' ' script_dependencies("vt3.nasl", "vt4.nasl");\n' diff --git a/troubadix/plugins/dependencies.py b/troubadix/plugins/dependencies.py index b3a8e41d..dca3c71d 100644 --- a/troubadix/plugins/dependencies.py +++ b/troubadix/plugins/dependencies.py @@ -71,14 +71,6 @@ def run( dependencies += [dep for dep in _dependencies if dep != ""] for dep in dependencies: - # TODO: gsf/PCIDSS/PCI-DSS.nasl, - # gsf/PCIDSS/v2.0/PCI-DSS-2.0.nasl - # and GSHB/EL15/GSHB.nasl - # are using a variable which we currently - # can't handle. - if "+d+.nasl" in dep: - continue - if not any( (root / vers / dep).exists() for vers in FEED_VERSIONS ): @@ -103,7 +95,7 @@ def run( continue parent_folder = parts[0] - if parent_folder in ["PCIDSS", "Policy", "GSHB"]: + if parent_folder in ["Policy", "GSHB"]: yield LinterWarning( f"The script dependency {dep} is in a " "subdirectory, which might be misplaced.", diff --git a/troubadix/plugins/dependency_category_order.py b/troubadix/plugins/dependency_category_order.py index 2d26c512..c590aa9a 100644 --- a/troubadix/plugins/dependency_category_order.py +++ b/troubadix/plugins/dependency_category_order.py @@ -135,13 +135,6 @@ def check_content( ).split(",") for dep in dependencies: - # TODO: gsf/PCIDSS/PCI-DSS.nasl, - # gsf/PCIDSS/v2.0/PCI-DSS-2.0.nasl - # and GSHB/EL15/GSHB.nasl - # are using a variable which we currently can't handle. - if "+d+.nasl" in dep: - continue - dependency_path = None for vers in FEED_VERSIONS: if (root / vers / dep).exists(): diff --git a/troubadix/plugins/deprecated_dependency.py b/troubadix/plugins/deprecated_dependency.py index 022f9aef..56f485b9 100644 --- a/troubadix/plugins/deprecated_dependency.py +++ b/troubadix/plugins/deprecated_dependency.py @@ -75,13 +75,6 @@ def run(self) -> Iterator[LinterResult]: ).split(",") for dep in dependencies: - # TODO: gsf/PCIDSS/PCI-DSS.nasl, - # gsf/PCIDSS/v2.0/PCI-DSS-2.0.nasl - # and GSHB/EL15/GSHB.nasl - # are using a variable which we currently can't handle. - if "+d+.nasl" in dep: - continue - dependency_path = None for vers in FEED_VERSIONS: if (root / vers / dep).exists(): diff --git a/troubadix/plugins/duplicated_script_tags.py b/troubadix/plugins/duplicated_script_tags.py index c39508d0..99b07980 100644 --- a/troubadix/plugins/duplicated_script_tags.py +++ b/troubadix/plugins/duplicated_script_tags.py @@ -24,9 +24,7 @@ from troubadix.plugin import FilePlugin, LinterError, LinterResult allowed_dup_dependencies = [ - "GSHB/EL15/GSHB.nasl", - "gsf/PCIDSS/PCI-DSS.nasl", - "gsf/PCIDSS/v2.0/PCI-DSS-2.0.nasl", + "some/file/just/for/unit/tests.nasl", ] diff --git a/troubadix/plugins/misplaced_compare_in_if.py b/troubadix/plugins/misplaced_compare_in_if.py index 985bda98..05181a3e 100644 --- a/troubadix/plugins/misplaced_compare_in_if.py +++ b/troubadix/plugins/misplaced_compare_in_if.py @@ -25,25 +25,6 @@ # version. As changing the if now might change their behavior and the VTs are # candidates for deprecation they are ignored for now. IGNORE_FILES = [ - "PCIDSS_M8.2.4.a.nasl", - "PCIDSS_M10.3.2.nasl", - "PCIDSS_M10.2.6.nasl", - "PCIDSS_M10.2.4.nasl", - "PCIDSS_M8.2.5.a.nasl", - "PCIDSS_M10.3.1.nasl", - "PCI-DSS.nasl", - "PCIDSS_M8.1.4.nasl", - "PCIDSS_M10.3.3.nasl", - "PCIDSS_M10.2.5.nasl", - "PCIDSS_M8.1.7.nasl", - "PCIDSS_M10.3.5.nasl", - "PCIDSS_M8.1.8.nasl", - "PCIDSS_M10.3.6.nasl", - "PCIDSS_M8.2.3.a.nasl", - "PCIDSS_M8.1.6.a.nasl", - "PCIDSS_M10.3.4.nasl", - "PCIDSS_M5.2.a.nasl", - "PCIDSS_M5.1.nasl", "GSHB_WMI_Apache.nasl", "GSHB_WMI_EFS.nasl", "GSHB_WMI_Antivir.nasl", diff --git a/troubadix/plugins/reporting_consistency.py b/troubadix/plugins/reporting_consistency.py index 365b6aa9..2c9bbeb9 100644 --- a/troubadix/plugins/reporting_consistency.py +++ b/troubadix/plugins/reporting_consistency.py @@ -44,7 +44,6 @@ "GSHB/GSHB_WMI_CD-FD-User-only-access.nasl", "gb_dicom_service_ae_title_brute_force.nasl", "Policy/policy_controls_fail.nasl", - "PCIDSS/PCI-DSS.nasl", "2016/gb_ssl_tls_weak_hash_algo.nasl", "2018/gb_unquoted_path_vulnerabilities_win.nasl", "2009/remote-net-hub-3com.nasl", diff --git a/troubadix/plugins/security_messages.py b/troubadix/plugins/security_messages.py index dabb3b30..3ef0b731 100644 --- a/troubadix/plugins/security_messages.py +++ b/troubadix/plugins/security_messages.py @@ -79,11 +79,7 @@ def _check_security_message_absent( file_content (str): The content of the VT """ # Policy VTs might use both, security_message and log_message - if ( - "Policy/" in str(nasl_file) - or "PCIDSS/" in str(nasl_file) - or "GSHB/" in str(nasl_file) - ): + if "Policy/" in str(nasl_file) or "GSHB/" in str(nasl_file): return if _file_contains_security_message(file_content): diff --git a/troubadix/plugins/spelling.py b/troubadix/plugins/spelling.py index 64160e57..901b23f9 100644 --- a/troubadix/plugins/spelling.py +++ b/troubadix/plugins/spelling.py @@ -75,16 +75,16 @@ r"(deb_(dla_)?[0-9]+(_[0-9]+)?|gb_ubuntu_.+)\.nasl", r"ure\s+==>\s+sure", ), - # gsf/PCIDSS VTs are currently using some german text parts + # gsf/attic/PCIDSS*/ VTs are currently using some german text parts # nb: codespell seems to have some issues with # german umlauts in the codespell.exclude so a few of these # were also excluded here instead of directly # via codespell.exclude. PatternInFilesCheck( [ - "PCIDSS/", + "attic/PCIDSS/", "GSHB/", - "attic/PCIDSS_", + "attic/PCIDSS-2.0/", "ITG_Kompendium/", "Policy/ITG/", ], @@ -95,12 +95,12 @@ r"modell|klick|generell|vor)\s+==>\s+", re.IGNORECASE, ), - # False positives in the gsf/PCIDSS and GSHB/ VTs: + # False positives in the gsf/attic/PCIDSS*/ and GSHB/ VTs: # string('\nIn the file sent\nin milliseconds # There are too many hits to maintain # them in codespell.exclude so exclude them for now here. PatternInFilesCheck( - ["PCIDSS/", "GSHB/", "attic/PCIDSS_", "Policy/ITG/"], + ["attic/PCIDSS/", "GSHB/", "attic/PCIDSS-2.0/", "Policy/ITG/"], r"n[iI]n\s+==>\s+inn", ), # False positive in this VT in German example responses.