From 66679f04984995ff4ee0058de1ff4ac1912b9f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= Date: Tue, 16 Jan 2024 15:45:22 +0100 Subject: [PATCH] Print environment variables If OpenSCAP is executed with verbosity level INFO or DEVEL all environment variable values that can affect OpenSCAP behavior will be listed at the beginning of the log. Fixes: #2063 --- docs/manual/manual.adoc | 3 +++ src/common/debug.c | 24 ++++++++++++++++++++++++ src/common/public/oscap_debug.h | 7 +++++++ utils/oscap-tool.c | 1 + 4 files changed, 35 insertions(+) diff --git a/docs/manual/manual.adoc b/docs/manual/manual.adoc index a461482268..3dfb9e9396 100644 --- a/docs/manual/manual.adoc +++ b/docs/manual/manual.adoc @@ -1636,6 +1636,9 @@ not considered local by the scanner: == List of accepted environment variables +OpenSCAP accepts the following environment variables. +If OpenSCAP is executed with verbosity level INFO or DEVEL their runtime values will be listed at the beginning of the log. + * `OSCAP_CHECK_ENGINE_PLUGIN_DIR` - Defines path to a directory that contains plug-in libraries implementing additional check engines, eg. SCE. * `OSCAP_CONTAINER_VARS` - Additional environment variables read by environmentvariable58_probe. The variables are separated by `\n`. It is used by `oscap-podman` and `oscap-docker` scripts during container scanning. * `OSCAP_EVALUATION_TARGET` - Change value of target facts `urn:xccdf:fact:identifier` and `urn:xccdf:fact:asset:identifier:ein` in XCCDF results. Used during offline scanning to pass the name of the target system. diff --git a/src/common/debug.c b/src/common/debug.c index c4b78a0c8f..30d37845dc 100644 --- a/src/common/debug.c +++ b/src/common/debug.c @@ -295,3 +295,27 @@ void __oscap_debuglog_object (const char *file, const char *fn, size_t line, int debug_message_devel_metadata(file, fn, line); debug_message_end(); } + +void oscap_print_env_vars() +{ + const char *known_env_vars[] = { + "OSCAP_CHECK_ENGINE_PLUGIN_DIR", + "OSCAP_CONTAINER_VARS", + "OSCAP_EVALUATION_TARGET", + "OSCAP_FULL_VALIDATION", + "OSCAP_OVAL_COMMAND_OPTIONS", + "OSCAP_PCRE_EXEC_RECURSION_LIMIT", + "OSCAP_PROBE_ROOT", + "SEXP_VALIDATE_DISABLE", + "SOURCE_DATE_EPOCH", + "OSCAP_PROBE_MEMORY_USAGE_RATIO", + "OSCAP_PROBE_MAX_COLLECTED_ITEMS", + "OSCAP_PROBE_IGNORE_PATHS", + NULL + }; + dI("Using environment variables:"); + for (int i = 0; known_env_vars[i]; i++) { + char *env_var_val = getenv(known_env_vars[i]); + dI("%s='%s'", known_env_vars[i], env_var_val ? env_var_val : ""); + } +} diff --git a/src/common/public/oscap_debug.h b/src/common/public/oscap_debug.h index c057ec0619..e8292ba091 100644 --- a/src/common/public/oscap_debug.h +++ b/src/common/public/oscap_debug.h @@ -62,6 +62,13 @@ OSCAP_API bool oscap_set_verbose(const char *verbosity_level, const char *filena */ OSCAP_API oscap_verbosity_levels oscap_verbosity_level_from_cstr(const char *level_name); +/** + * Print an informational message (verbose level INFO) listing the values + * of all environment variables known by oscap. + * See the "List of accepted environment variables" section of the OpenSCAP User Manual. + */ +OSCAP_API void oscap_print_env_vars(void); + #if defined(_WIN32) int setenv(const char *name, const char *value, int overwrite); #endif diff --git a/utils/oscap-tool.c b/utils/oscap-tool.c index b91866ed14..b63b9305c4 100644 --- a/utils/oscap-tool.c +++ b/utils/oscap-tool.c @@ -386,6 +386,7 @@ int oscap_module_process(struct oscap_module *module, int argc, char **argv) if (!oscap_set_verbose(action.verbosity_level, action.f_verbose_log)) { goto cleanup; } + oscap_print_env_vars(); ret = oscap_module_call(&action); goto cleanup; }