@@ -158,12 +158,13 @@ def type
158158
159159 def apply ( value )
160160 value = value . gsub ( '&' , 'and' )
161- DescriptionDetails . parse "<Details>#{ value }
161+ value = value . gsub ( '"<"' , 'less than (converted less than)' )
162+ DescriptionDetails . parse ( "<Details>#{ value } )
162163 rescue Nokogiri ::XML ::SyntaxError => e
163- if e . to_s . include? ( 'StartTag' )
164- report_invalid_start_tag ( value , e )
164+ if report_disallowed_tags ( value ) # if there was a bad tag
165+ exit ( 1 )
165166 else
166- report_disallowed_tags ( value )
167+ report_error ( value , e )
167168 end
168169 end
169170
@@ -173,7 +174,7 @@ def apply?(value, _convert_to_type)
173174
174175 private
175176
176- def report_invalid_start_tag ( value , error )
177+ def report_error ( value , error )
177178 puts error . to_s . colorize ( :red )
178179 column = error . column - '<Details>' . length - 2
179180 puts "Error around #{ value [ column -10 ..column +10 ] . colorize ( :light_yellow ) }
@@ -184,39 +185,38 @@ def report_disallowed_tags(value)
184185 allowed_tags = %w{ VulnDiscussion FalsePositives FalseNegatives Documentable
185186 Mitigations SeverityOverrideGuidance PotentialImpacts
186187 PotentialImpacts ThirdPartyTools MitigationControl
187- Responsibility IAControl SecurityOverrideGuidance }
188+ Responsibility IAControl IAControls SecurityOverrideGuidance }
188189
189190 tags_found = value . scan ( %r{(?<=<)([^\/ ]*?)((?= \/ >)|(?=>))} ) . to_a
190191
191192 tags_found = tags_found . uniq . flatten . reject! ( &:empty? )
192193 offending_tags = tags_found - allowed_tags
193194
194- if offending_tags . count > 1
195- puts "\n \n The non-standard tags : #{ offending_tags . to_s . colorize ( :red ) } \
195+ unless offending_tags . count . zero?
196+ puts "\n \n The non-standard tag(s) : #{ offending_tags . to_s . colorize ( :red ) } \
196197 ' were found in: ' + "\n \n #{ value }
197- else
198- puts "\n \n The non-standard tag: #{ offending_tags . to_s . colorize ( :red ) } \
199- ' was found in: ' + "\n \n #{ value }
198+ puts "\n \n Please:\n "
199+ option_one = '(1) ' + '(best)' . colorize ( :green ) + ' Use the ' +
200+ '`-r --replace-tags array` ' . colorize ( :light_yellow ) +
201+ '(case sensitive) option to replace the offending tags ' \
202+ 'during processing of the XCCDF ' \
203+ 'file to use the ' +
204+ "`$#{ offending_tags [ 0 ] } . colorize ( :light_green ) +
205+ 'syntax in your InSpec profile.'
206+ option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
207+ 'elements within ' +
208+ '`<`,`>`, `<` ' . colorize ( :red ) +
209+ 'or ' . colorize ( :default ) +
210+ '`>` ' . colorize ( :red ) +
211+ 'as "placeholders", and use something that doesn\'t confuse ' \
212+ 'the XML parser, such as : ' +
213+ "`$#{ offending_tags [ 0 ] } . colorize ( :light_green )
214+ puts option_one
215+ puts "\n "
216+ puts option_two
217+ return true
200218 end
201- puts "\n \n Please:\n "
202- option_one = '(1) ' + '(best)' . colorize ( :green ) + ' Use the ' +
203- '`-r --replace-tags array` ' . colorize ( :light_yellow ) +
204- '(case sensitive) option to replace the offending tags ' \
205- 'during processing of the XCCDF ' \
206- 'file to use the ' +
207- "`$#{ offending_tags [ 0 ] } . colorize ( :light_green ) +
208- 'syntax in your InSpec profile.'
209- option_two = '(2) Update your XCCDF file to *not use* non-standard XCCDF ' \
210- 'elements within ' +
211- '`<`,`>`, `<` ' . colorize ( :red ) +
212- 'or ' . colorize ( :default ) +
213- '`>` ' . colorize ( :red ) +
214- 'as "placeholders", and use something that doesn\'t confuse ' \
215- 'the XML parser, such as : ' +
216- "`$#{ offending_tags [ 0 ] } . colorize ( :light_green )
217- puts option_one
218- puts "\n "
219- puts option_two
219+ false
220220 end
221221 end
222222 HappyMapper ::SupportedTypes . register DescriptionDetailsType
0 commit comments