From 0cb28f3a8f529cd5a774eed89994a3d9c2afb5dd Mon Sep 17 00:00:00 2001
From: Gianluca Zuccarelli <gzuccare@redhat.com>
Date: Wed, 6 Jul 2022 15:06:20 +0100
Subject: [PATCH] oscap: add oscap package

Add a package with the constants of the
valid oscap profiles. Add a function to
validate the available profiles against
an allow map of supported profiles. The
allowed function checks for both exact
matches and shorthand versions of the
oscap profiles.
---
 internal/oscap/oscap.go | 45 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 internal/oscap/oscap.go

diff --git a/internal/oscap/oscap.go b/internal/oscap/oscap.go
new file mode 100644
index 000000000..32fbc38df
--- /dev/null
+++ b/internal/oscap/oscap.go
@@ -0,0 +1,45 @@
+package oscap
+
+import "strings"
+
+type Profile string
+
+func (p Profile) String() string {
+	return string(p)
+}
+
+const (
+	AnssiBp28Enhanced     Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced"
+	AnssiBp28High         Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_high"
+	AnssiBp28Intermediary Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary"
+	AnssiBp28Minimal      Profile = "xccdf_org.ssgproject.content_profile_anssi_bp28_minimal"
+	Cis                   Profile = "xccdf_org.ssgproject.content_profile_cis"
+	CisServerL1           Profile = "xccdf_org.ssgproject.content_profile_cis_server_l1"
+	CisWorkstationL1      Profile = "xccdf_org.ssgproject.content_profile_cis_workstation_l1"
+	CisWorkstationL2      Profile = "xccdf_org.ssgproject.content_profile_cis_workstation_l2"
+	Cui                   Profile = "xccdf_org.ssgproject.content_profile_cui"
+	E8                    Profile = "xccdf_org.ssgproject.content_profile_e8"
+	Hippa                 Profile = "xccdf_org.ssgproject.content_profile_hipaa"
+	IsmO                  Profile = "xccdf_org.ssgproject.content_profile_ism_o"
+	Ospp                  Profile = "xccdf_org.ssgproject.content_profile_ospp"
+	PciDss                Profile = "xccdf_org.ssgproject.content_profile_pci-dss"
+	Standard              Profile = "xccdf_org.ssgproject.content_profile_standard"
+	Stig                  Profile = "xccdf_org.ssgproject.content_profile_stig"
+	StigGui               Profile = "xccdf_org.ssgproject.content_profile_stig_gui"
+)
+
+func IsProfileAllowed(profile string, allowlist []Profile) bool {
+	for _, a := range allowlist {
+		if a.String() == profile {
+			return true
+		}
+		// this enables a user to specify
+		// the full profile or the short
+		// profile id
+		if strings.HasSuffix(a.String(), profile) {
+			return true
+		}
+	}
+
+	return false
+}