Entity: line 1: parser error : StartTag: invalid element name <!doctype html>
hectoralicea opened this issue · comments
- Is this an issue with SCAP Workbench?
- No
- Is this an issue with SCAP Security Guide (i.e., related to the content of scans, not the scanner proper)?
- Yes
- Is this an issue during the OS installation process?
- No
Description of Problem:
Unable to run openscap on Amazon Linux 2 using the amazon or redhat7 profile
OpenSCAP Version:
# oscap --version
OpenSCAP command line tool (oscap) 1.2.17
Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
Operating System & Version:
# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
SUPPORT_END="2025-06-30"
Steps to Reproduce:
- After installing openscap on an Amazon Linux, execute the following command
oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_stig --stig-viewer /var/tmp/results-stig.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
or
oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --stig-viewer /var/tmp/amzn2-stig-latest/results-stig.xml /usr/share/xml/scap/ssg/content/ssg-amzn2-ds.xml
or any other permutation.
Actual Results:
[root@ip-10-70-4-35 tmp]# oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_stig --stig-viewer /var/tmp/rhel8-stig-latest/results-stig.xml /usr/share/xml/scap/ssg/content/ssg-amzn2-ds.xml > /var/tmp/rhel8-stig-latest/results-stig.stdout.txt
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok
OpenSCAP Error: Extra content at the end of the document [oscap_source.c:272]
Entity: line 1: parser error : StartTag: invalid element name
<!doctype html>
^
Entity: line 1: parser error : Extra content at the end of the document
<!doctype html>
^
Unable to parse XML from user memory buffer [oscap_source.c:274]
Failed to create OVAL definition model from: 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2'. [xccdf_session.c:1030]
Expected Results:
a valid run without error
Additional Information / Debugging Steps:
No other
I am facing the same issue
The remote resource content doesn't exist anymore:
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2
It should use this instead I believe:
https://www.redhat.com/security/data/oval/v2/RHEL7/rhel-7.oval.xml.bz2
But this is a content related issue and should be reported in https://github.com/ComplianceAsCode/content/
It might be even fixed already.
The URL was fixed in ComplianceAsCode/content#10842
And removed in ComplianceAsCode/content#11547