Improve format of generated script

jan-cerny · jan-cerny · commit 24c283f4c455 · 2026-04-08T08:56:14.000+02:00
Improve format of the generated hummingbird remediation script.
The main improvement is that it won't print an error message
if the rule doesn't have any remediation, because in hummingbird
remediation it's expected that most rules don't have any remediation,
for example all package rules.
diff --git a/build-scripts/generate_profile_remediations.py b/build-scripts/generate_profile_remediations.py
@@ -206,8 +206,8 @@ def load_all_remediations(self, benchmark):
     def generate_profile_remediation_script(self, profile_el):
         if self.language == "ansible":
             output = self.create_output_ansible(profile_el)
-        elif self.language == "bash" or self.language == "hummingbird":
-            output = self.create_output_bash(profile_el)
+        else:
+            output = self.create_output_linear(profile_el)
         file_path = self.get_output_file_path(profile_el)
         with open(file_path, "wb") as f:
             f.write(output.encode("utf-8"))
@@ -254,7 +254,7 @@ def collect_ansible_vars_and_tasks(self, profile_el):
             all_tasks.extend(rule_tasks)
         return (all_vars, all_tasks)
 
-    def create_output_bash(self, profile):
+    def create_output_linear(self, profile):
         output = []
         selected_rules = get_selected_rules(profile)
         refinements = get_value_refinenements(profile)
@@ -266,8 +266,12 @@ def create_output_bash(self, profile):
             if rule_id not in selected_rules:
                 continue
             status = (current, total)
-            rule_remediation = self.generate_bash_rule_remediation(
-                rule_id, status, refinements)
+            if self.language == "bash":
+                rule_remediation = self.generate_bash_rule_remediation(
+                    rule_id, status, refinements)
+            elif self.language == "hummingbird":
+                rule_remediation = self.generate_hummingbird_rule_remediation(
+                    rule_id, refinements)
             output.append(rule_remediation)
             current += 1
         return "".join(output)
@@ -295,6 +299,13 @@ def create_header(self, profile):
         commented_profile_description = comment(description)
         xccdf_version_name = "1.2"
         profile_id = profile.get("id")
+        if self.language == "bash":
+            generation_text = (
+                "# This file can be generated by OpenSCAP using:\n"
+                "# $ oscap xccdf generate fix --profile %s --fix-type %s %s\n"
+                "#\n" % (profile_id, self.language, self.ds_file_name))
+        else:
+            generation_text = ""
         fix_header = (
             "%s"
             "%s\n"
@@ -309,9 +320,7 @@ def create_header(self, profile):
             "# Benchmark Version:  %s\n"
             "# XCCDF Version:  %s\n"
             "#\n"
-            "# This file can be generated by OpenSCAP using:\n"
-            "# $ oscap xccdf generate fix --profile %s --fix-type %s %s\n"
-            "#\n"
+            "%s"
             "# This %s is generated from an XCCDF profile without"
             " preliminary evaluation.\n"
             "# It attempts to fix every selected rule, even if the system is"
@@ -324,7 +333,7 @@ def create_header(self, profile):
                 shebang_with_newline, HASH_ROW, remediation_type,
                 profile_title, commented_profile_description, profile_id,
                 self.benchmark_id, self.benchmark_version, xccdf_version_name,
-                profile_id, self.language, self.ds_file_name,
+                generation_text,
                 remediation_type, remediation_type, how_to_apply, HASH_ROW))
         return fix_header
 
@@ -355,6 +364,27 @@ def generate_bash_rule_remediation(self, rule_id, status, refinements):
         output.append(end_msg)
         return "".join(output)
 
+
+    def generate_hummingbird_rule_remediation(self, rule_id, refinements):
+        fix_el = self.remediations[rule_id]
+        if fix_el is None:
+            return ""
+        expanded_remediation = expand_variables(
+            fix_el, refinements, self.variables)
+        if expanded_remediation is None:
+            return ""
+        output = []
+        header = (
+            "%s\n"
+            "# BEGIN fix for '%s'\n"
+            "%s\n" % (HASH_ROW, rule_id, HASH_ROW))
+        output.append(header)
+        output.append(expanded_remediation)
+        end_msg = "\n# END fix for '%s'\n\n" % (rule_id)
+        output.append(end_msg)
+        return "".join(output)
+
+
     def generate_ansible_rule_remediation(self, fix_el, refinements):
         rule_vars = {}
         tasks = []
