OpenSCAP · jan-cerny · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026
diff --git a/dist/bash_completion.d/oscap b/dist/bash_completion.d/oscap
@@ -39,7 +39,7 @@ function _oscap {
     opts[oscap:xccdf:generate:guide]="-o --output --hide-profile-info --profile --benchmark-id --xccdf-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature"
     opts[oscap:xccdf:generate:fix]="-o --output --profile --result-id --profile --fix-type --xccdf-id --benchmark-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature"
     opts[oscap:xccdf:generate:custom]="-o --output --stylesheet"
-    opts[oscap:info]="--fetch-remote-resources --local-files --profile --profiles --references"
+    opts[oscap:info]="--fetch-remote-resources --local-files --profile --profiles --references --list-rules --list-vars"
 
     # local variables
 	local std cmd i prev

diff --git a/docs/manual/manual.adoc b/docs/manual/manual.adoc
@@ -217,6 +217,39 @@ description, use the `--profile` option followed by the profile ID.
 $ oscap info --profile xccdf_org.ssgproject.content_profile_ospp /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
 ----
 
+=== Listing rules selected by a profile
+
+To list the IDs of all XCCDF rules that are selected by a given profile, use
+the `--list-rules` option together with `--profile`. The output contains one
+rule ID per line and is machine-readable, which makes it suitable for scripting,
+CI/CD pipelines, and tailoring validation workflows.
+
+----
+$ oscap info --profile ospp --list-rules /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
+xccdf_org.ssgproject.content_rule_partition_for_tmp
+xccdf_org.ssgproject.content_rule_partition_for_var
+...
+----
+
+The `--list-rules` option requires `--profile`. Running `--list-rules` without
+`--profile` will produce an error.
+
+=== Listing variables set by a profile
+
+To list the XCCDF Values (variables) and their resolved values for a given
+profile, use the `--list-vars` option together with `--profile`. Each line
+contains a Value ID and its resolved value, separated by a tab character.
+
+----
+$ oscap info --profile ospp --list-vars /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
+xccdf_org.ssgproject.content_value_var_password_minlen	15
+xccdf_org.ssgproject.content_value_var_accounts_max_concurrent_login_sessions	10
+...
+----
+
+The `--list-vars` option requires `--profile`. Running `--list-vars` without
+`--profile` will produce an error.
+
 === Displaying information about SCAP result data streams
 
 The `oscap info` command is also helpful with other SCAP file types such as

@@ -67,7 +67,19 @@
         <select idref="xccdf_com.example.www_rule_R2" selected="true"/>
         <select idref="xccdf_com.example.www_rule_R3" selected="true"/>
         <select idref="xccdf_com.example.www_rule_R4" selected="true"/>
+        <set-value idref="xccdf_com.example.www_value_V1">42</set-value>
+        <refine-value idref="xccdf_com.example.www_value_V2" selector="custom"/>
       </Profile>
+      <Value id="xccdf_com.example.www_value_V1" type="number">
+        <title>Value V1</title>
+        <value>10</value>
+        <value selector="twenty">20</value>
+      </Value>
+      <Value id="xccdf_com.example.www_value_V2" type="string">
+        <title>Value V2</title>
+        <value>default_val</value>
+        <value selector="custom">custom_val</value>
+      </Value>
       <Rule selected="true" id="xccdf_com.example.www_rule_R1">
         <title>Rule R1</title>
         <description>Description</description>

@@ -31,6 +31,7 @@ add_subdirectory("CPE")
 add_subdirectory("DS")
 add_subdirectory("mitre")
 add_subdirectory("nist")
+add_subdirectory("oscap_info_profiles")
 add_subdirectory("oscap_string")
 add_subdirectory("oval_details")
 add_subdirectory("probe_behavior")

@@ -0,0 +1,2 @@
+add_oscap_test("test_list_rules.sh")
+add_oscap_test("test_list_vars.sh")
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+. $builddir/tests/test_common.sh
+
+set -e
+set -o pipefail
+
+stderr=$(mktemp -t ${name}.err.XXXXXX)
+stdout=$(mktemp -t ${name}.out.XXXXXX)
+
+ds="$srcdir/test_reference_ds.xml"
+p1="xccdf_com.example.www_profile_P1"
+
+# Test 1: --list-rules with --profile prints selected rule IDs
+$OSCAP info --profile $p1 --list-rules $ds > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+grep -q "xccdf_com.example.www_rule_R1" $stdout
+grep -q "xccdf_com.example.www_rule_R2" $stdout
+grep -q "xccdf_com.example.www_rule_R3" $stdout
+grep -q "xccdf_com.example.www_rule_R4" $stdout
+# Verify output contains only rule IDs, one per line (4 rules = 4 lines)
+[[ "$(wc -l < $stdout)" -eq 4 ]]
+:> $stdout
+
+# Test 2: --list-rules without --profile produces an error
+$OSCAP info --list-rules $ds > $stdout 2> $stderr && exit 1 || true
+grep -q "\-\-list-rules option requires \-\-profile" $stderr
+:> $stdout
+:> $stderr
+
+# Test 3: --list-rules with standalone XCCDF tailoring file
+tailoring="$srcdir/test_tailoring_file.xml"
+tp="xccdf_com.example.www_profile_P1_tailored"
+$OSCAP info --profile $tp --list-rules $tailoring > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+grep -q "xccdf_com.example.www_rule_R1" $stdout
+grep -q "xccdf_com.example.www_rule_R2" $stdout
+# R3 and R4 are deselected by tailoring
+! grep -q "xccdf_com.example.www_rule_R3" $stdout
+! grep -q "xccdf_com.example.www_rule_R4" $stdout
+[[ "$(wc -l < $stdout)" -eq 2 ]]
+:> $stdout
+
+# Test 4: --list-rules with SDS containing tailoring
+ds_tailoring="$srcdir/test_reference_ds_with_tailoring.xml"
+$OSCAP info --profile $tp --list-rules $ds_tailoring > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+grep -q "xccdf_com.example.www_rule_R1" $stdout
+grep -q "xccdf_com.example.www_rule_R2" $stdout
+! grep -q "xccdf_com.example.www_rule_R3" $stdout
+! grep -q "xccdf_com.example.www_rule_R4" $stdout
+[[ "$(wc -l < $stdout)" -eq 2 ]]
+:> $stdout
+
+rm -f $stdout $stderr
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+. $builddir/tests/test_common.sh
+
+set -e
+set -o pipefail
+
+stderr=$(mktemp -t ${name}.err.XXXXXX)
+stdout=$(mktemp -t ${name}.out.XXXXXX)
+
+ds="$srcdir/test_reference_ds.xml"
+p1="xccdf_com.example.www_profile_P1"
+
+# Test 1: --list-vars with --profile prints value IDs and resolved values
+$OSCAP info --profile $p1 --list-vars $ds > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+grep -q "xccdf_com.example.www_value_V1	42" $stdout
+grep -q "xccdf_com.example.www_value_V2	custom_val" $stdout
+# Verify output contains exactly 2 lines
+[[ "$(wc -l < $stdout)" -eq 2 ]]
+:> $stdout
+
+# Test 2: --list-vars without --profile produces an error
+$OSCAP info --list-vars $ds > $stdout 2> $stderr && exit 1 || true
+grep -q "\-\-list-vars option requires \-\-profile" $stderr
+:> $stdout
+:> $stderr
+
+# Test 3: --list-vars with --list-rules produces an error
+$OSCAP info --profile $p1 --list-vars --list-rules $ds > $stdout 2> $stderr && exit 1 || true
+grep -q "The \-\-list-rules and \-\-list-vars options can't be used at the same time." $stderr
+:> $stdout
+:> $stderr
+
+# Test 4: --list-vars with standalone XCCDF tailoring file
+tailoring="$srcdir/test_tailoring_file.xml"
+tp="xccdf_com.example.www_profile_P1_tailored"
+$OSCAP info --profile $tp --list-vars $tailoring > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+# V1 is overridden to 99 by tailoring, V2 is inherited from base profile
+grep -q "xccdf_com.example.www_value_V1	99" $stdout
+grep -q "xccdf_com.example.www_value_V2	custom_val" $stdout
+[[ "$(wc -l < $stdout)" -eq 2 ]]
+:> $stdout
+
+# Test 5: --list-vars with SDS containing tailoring
+ds_tailoring="$srcdir/test_reference_ds_with_tailoring.xml"
+$OSCAP info --profile $tp --list-vars $ds_tailoring > $stdout 2> $stderr
+[[ -f $stderr ]]; [[ ! -s $stderr ]]; :> $stderr
+grep -q "xccdf_com.example.www_value_V1	99" $stdout
+grep -q "xccdf_com.example.www_value_V2	custom_val" $stdout
+[[ "$(wc -l < $stdout)" -eq 2 ]]
+:> $stdout
+
+rm -f $stdout $stderr
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.open-scap_collection_from_xccdf_test_single_rule.xccdf.xml" schematron-version="1.3" xsi:schemaLocation="http://scap.nist.gov/schema/scap/source/1.2 https://scap.nist.gov/schema/scap/1.3/scap-source-data-stream_1.3.xsd">
+  <ds:data-stream id="scap_org.open-scap_datastream_simple" scap-version="1.3" use-case="OTHER">
+    <ds:checklists>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.xccdf.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.xccdf.xml">
+        <cat:catalog>
+          <cat:uri name="test_single_rule.oval.xml" uri="#scap_org.open-scap_cref_test_single_rule.oval.xml"/>
+        </cat:catalog>
+      </ds:component-ref>
+    </ds:checklists>
+    <ds:checks>
+      <ds:component-ref id="scap_org.open-scap_cref_test_single_rule.oval.xml" xlink:href="#scap_org.open-scap_comp_test_single_rule.oval.xml"/>
+    </ds:checks>
+  </ds:data-stream>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.oval.xml" timestamp="2021-02-01T08:07:06+01:00">
+    <oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd    http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd">
+      <generator>
+        <oval:schema_version>5.11.2</oval:schema_version>
+        <oval:timestamp>2021-02-01T08:07:06+01:00</oval:timestamp>
+      </generator>
+      <definitions>
+        <definition class="compliance" id="oval:x:def:1" version="1">
+          <metadata>
+            <title>PASS</title>
+            <description>pass</description>
+          </metadata>
+          <criteria>
+            <criterion comment="PASS test" test_ref="oval:x:tst:1"/>
+          </criteria>
+        </definition>
+      </definitions>
+      <tests>
+        <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="always pass" version="1">
+          <object object_ref="oval:x:obj:1"/>
+        </variable_test>
+      </tests>
+      <objects>
+        <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
+          <var_ref>oval:x:var:1</var_ref>
+        </variable_object>
+      </objects>
+      <variables>
+        <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="int">
+          <value>100</value>
+        </constant_variable>
+      </variables>
+    </oval_definitions>
+  </ds:component>
+  <ds:component id="scap_org.open-scap_comp_test_single_rule.xccdf.xml" timestamp="2021-02-01T08:07:06+01:00">
+    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_com.example.www_benchmark_dummy" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="false" xml:lang="en-US">
+      <status date="2021-01-21">accepted</status>
+      <title>Test Benchmark</title>
+      <description>Description</description>
+      <reference href="https://www.animals.com">animals</reference>
+      <reference href="https://www.fruit.com">fruit</reference>
+      <version>1.0</version>
+      <metadata>
+        <dc:contributor xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:contributor>
+        <dc:publisher xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:publisher>
+        <dc:creator xmlns:dc="http://purl.org/dc/elements/1.1/">OpenSCAP</dc:creator>
+        <dc:source xmlns:dc="http://purl.org/dc/elements/1.1/">http://scap.nist.gov</dc:source>
+      </metadata>
+      <Profile id="xccdf_com.example.www_profile_P1">
+        <title>xccdf_test_profile</title>
+        <description>This profile is for testing.</description>
+        <select idref="xccdf_com.example.www_rule_R1" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R2" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R3" selected="true"/>
+        <select idref="xccdf_com.example.www_rule_R4" selected="true"/>
+        <set-value idref="xccdf_com.example.www_value_V1">42</set-value>
+        <refine-value idref="xccdf_com.example.www_value_V2" selector="custom"/>
+      </Profile>
+      <Value id="xccdf_com.example.www_value_V1" type="number">
+        <title>Value V1</title>
+        <value>10</value>
+        <value selector="twenty">20</value>
+      </Value>
+      <Value id="xccdf_com.example.www_value_V2" type="string">
+        <title>Value V2</title>
+        <value>default_val</value>
+        <value selector="custom">custom_val</value>
+      </Value>
+      <Rule selected="true" id="xccdf_com.example.www_rule_R1">
+        <title>Rule R1</title>
+        <description>Description</description>
+        <reference href="https://www.animals.com">3.14</reference>
+        <reference href="https://www.fruit.com">42.42</reference>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="true" id="xccdf_com.example.www_rule_R2">
+        <title>Rule R2</title>
+        <description>Description</description>
+        <reference href="https://www.animals.com">17.71.777</reference>
+        <reference href="https://www.fruit.com">88888888</reference>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="true" id="xccdf_com.example.www_rule_R3">
+        <title>Rule R3</title>
+        <description>Description</description>
+        <reference href="https://www.animals.com">17.71.777</reference>
+        <reference href="https://www.fruit.com">666</reference>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+      <Rule selected="true" id="xccdf_com.example.www_rule_R4">
+        <title>Rule R4</title>
+        <description>Description</description>
+        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+          <check-content-ref href="test_single_rule.oval.xml" name="oval:x:def:1"/>
+        </check>
+      </Rule>
+    </Benchmark>
+  </ds:component>
+</ds:data-stream-collection>
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		add_oscap_test("test_list_rules.sh")
		add_oscap_test("test_list_vars.sh")