static bool valid_inputs(const struct oscap_action *action) {
bool result = true;
/* validate SDS or OVAL Definitions & Variables & Syschars,
depending on the data */
struct oscap_source *definitions_source = oscap_source_new_from_file(action->f_oval);
if (oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_OVAL_DEFINITIONS &&
oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_SDS) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Definition or Source DataStream, but found %s.\n",
action->f_oval, oscap_document_type_to_string(oscap_source_get_scap_type(definitions_source)));
result = false;
}
if (oscap_source_validate(definitions_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(definitions_source);
if (action->f_variables) {
struct oscap_source *variables_source = oscap_source_new_from_file(action->f_variables);
if (oscap_source_get_scap_type(variables_source) != OSCAP_DOCUMENT_OVAL_VARIABLES) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Variables, but found %s.\n",
action->f_variables, oscap_document_type_to_string(oscap_source_get_scap_type(variables_source)));
result = false;
}
if (oscap_source_validate(variables_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(variables_source);
}
if (action->f_directives) {
struct oscap_source *directives_source = oscap_source_new_from_file(action->f_directives);
if (oscap_source_get_scap_type(directives_source) != OSCAP_DOCUMENT_OVAL_DIRECTIVES) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Directives, but found %s.\n",
action->f_directives, oscap_document_type_to_string(oscap_source_get_scap_type(directives_source)));
result = false;
}
if (oscap_source_validate(directives_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(directives_source);
}
if (action->module == &OVAL_ANALYSE && action->f_syschar) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_get_scap_type(syschar_source) != OSCAP_DOCUMENT_OVAL_SYSCHAR) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL System Characteristic, but found %s.\n",
action->f_syschar, oscap_document_type_to_string(oscap_source_get_scap_type(syschar_source)));
result = false;
}
if (oscap_source_validate(syschar_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(syschar_source);
}
return result;
}
static int app_oval_validate(const struct oscap_action *action) {
int ret;
int result = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
ret = oscap_source_validate(source, reporter, (void *) action);
if (ret == -1) {
result = OSCAP_ERROR;
goto cleanup;
}
else {
result = ret == 1 ? OSCAP_FAIL : OSCAP_OK;
}
/* schematron-based validation requested
We can only do schematron validation if the file isn't a source datastream
*/
if (action->schematron && oscap_source_get_scap_type(source) != OSCAP_DOCUMENT_SDS) {
ret = oscap_source_validate_schematron(source, NULL);
if (ret==-1) {
result=OSCAP_ERROR;
}
else if (ret>0) {
result=OSCAP_FAIL;
}
}
cleanup:
oscap_source_free(source);
if (oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
return result;
}
int app_xccdf_validate(const struct oscap_action *action) {
int ret;
int result;
struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf);
ret = oscap_source_validate(source, reporter, (void *) action);
if (ret==-1) {
result=OSCAP_ERROR;
goto cleanup;
}
else if (ret==1) {
result=OSCAP_FAIL;
}
else
result=OSCAP_OK;
if (action->schematron) {
ret = oscap_source_validate_schematron(source, NULL);
if (ret == -1) {
result = OSCAP_ERROR;
} else if (ret > 0) {
result = OSCAP_FAIL;
}
}
oscap_source_free(source);
cleanup:
oscap_print_error();
return result;
}
int app_ds_rds_split(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
struct ds_rds_session *session = NULL;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (action->validate)
{
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
goto cleanup;
}
}
session = ds_rds_session_new_from_source(source);
if (session == NULL
|| ds_rds_session_set_target_dir(session, action->ds_action->target) != 0
|| ds_rds_session_select_report(session, action->f_report_id) == NULL
|| ds_rds_session_select_report_request(session, NULL) == NULL
|| ds_rds_session_dump_component_files(session) != 0) {
fprintf(stdout, "Failed to split given result datastream '%s'.\n", action->ds_action->file);
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
ds_rds_session_free(session);
free(action->ds_action);
oscap_source_free(source);
return ret;
}
int app_ds_sds_compose(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
// The API will correctly deal with the file parameter having directory
// references in it. However this will create a hard to navigate mangled
// component IDs in the resulting datastream.
//
// To fix this we will chdir to parent dir of the given XCCDF and chdir
// back after we are done.
char *previous_cwd = _gcwd();
if (previous_cwd == NULL) {
goto cleanup;
}
char target_abs_path[PATH_MAX + 1];
// if the path is already absolute we just use it as it is
if (*action->ds_action->target == '/')
snprintf(target_abs_path, PATH_MAX, "%s", action->ds_action->target);
else
snprintf(target_abs_path, PATH_MAX, "%s/%s", previous_cwd, action->ds_action->target);
char* temp_cwd = strdup(action->ds_action->file);
chdir(dirname(temp_cwd));
free(temp_cwd);
char* source_xccdf = strdup(action->ds_action->file);
ds_sds_compose_from_xccdf(basename(source_xccdf), target_abs_path);
free(source_xccdf);
chdir(previous_cwd);
free(previous_cwd);
if (action->validate)
{
struct oscap_source *source = oscap_source_new_from_file(target_abs_path);
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
oscap_source_free(source);
goto cleanup;
}
oscap_source_free(source);
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
free(action->ds_action);
return ret;
}
int app_ds_sds_split(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
const char* f_datastream_id = action->f_datastream_id;
const char* f_component_id = action->f_xccdf_id;
struct ds_sds_session *session = NULL;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
/* Validate */
if (action->validate)
{
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
goto cleanup;
}
}
session = ds_sds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
if (ds_sds_index_select_checklist(ds_sds_session_get_sds_idx(session), &f_datastream_id, &f_component_id) != 0) {
fprintf(stdout, "Failed to locate a datastream with ID matching '%s' ID "
"and checklist inside matching '%s' ID.\n",
action->f_datastream_id == NULL ? "<any>" : action->f_datastream_id,
action->f_xccdf_id == NULL ? "<any>" : action->f_xccdf_id);
goto cleanup;
}
ds_sds_session_set_datastream_id(session, f_datastream_id);
ds_sds_session_set_remote_resources(session, action->remote_resources, download_reporting_callback);
ds_sds_session_set_target_dir(session, action->ds_action->target);
if (ds_sds_session_register_component_with_dependencies(session, "checklists", f_component_id, NULL) != 0) {
goto cleanup;
}
if (ds_sds_session_dump_component_files(session) != 0) {
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
ds_sds_session_free(session);
oscap_source_free(source);
free(action->ds_action);
return ret;
}
int app_ds_sds_validate(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (oscap_source_validate(source, reporter, (void*) action) != 0) {
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
free(action->ds_action);
oscap_source_free(source);
return ret;
}
static int app_cvrf_validate(const struct oscap_action *action) {
int result;
struct oscap_source *source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
int ret = oscap_source_validate(source, reporter, (void *) action);
if (ret==-1) {
result=OSCAP_ERROR;
} else if (ret==1) {
result=OSCAP_FAIL;
} else {
result=OSCAP_OK;
}
oscap_source_free(source);
oscap_print_error();
return result;
}
int app_ds_sds_add(const struct oscap_action *action)
{
int ret = OSCAP_ERROR;
// TODO: chdir to the directory of the component (same as when composing new sds)
ret = ds_sds_compose_add_component(action->ds_action->target, action->f_datastream_id, action->ds_action->file, false);
if (action->validate) {
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
}
oscap_source_free(source);
}
oscap_print_error();
free(action->ds_action);
return ret;
}
int main(int argc, char **argv)
{
if (argc < 2) return 1;
if (strcmp(argv[1], "--export") == 0) {
if (argc != 4) return 1;
struct oscap_source *source = oscap_source_new_from_file(argv[2]);
struct xccdf_benchmark *bench = xccdf_benchmark_import_source(source);
oscap_source_free(source);
if (bench == NULL) return 1;
xccdf_benchmark_export(bench, argv[3]);
xccdf_benchmark_free(bench);
oscap_cleanup();
return 0;
}
else if (strcmp(argv[1], "--validate") == 0) {
if (argc != 4) {
fprintf(stderr, "Usage: %s --validate ver xccdf\n", argv[0]);
return 1;
}
struct oscap_source *source = oscap_source_new_from_file(argv[3]);
if (oscap_source_validate(source, NULL, stdout)) {
fprintf(stderr, "ERROR: %s\n", oscap_err_desc());
oscap_source_free(source);
return 1;
}
oscap_source_free(source);
return 0;
}
else {
fprintf(stderr, "Unknown mode: %s\n", argv[1]);
}
return 1;
}
int main(int argc, char **argv)
{
/* test export */
if (argc == 4 && !strcmp(argv[1], "--export-all")) {
struct cvrf_model *model = cvrf_model_import(oscap_source_new_from_file(argv[2]));
if(!model)
return 1;
struct oscap_source *export_source = cvrf_model_get_export_source(model);
int ret = oscap_source_save_as(export_source, argv[3]);
cvrf_model_free(model);
oscap_source_free(export_source);
return ret;
} else if (argc == 4 && !strcmp(argv[1], "--eval")) {
const char *cpe = "Managment Agent for RHEL 7 Hosts";
struct oscap_source *import_source = oscap_source_new_from_file(argv[2]);
struct oscap_source *export_source = cvrf_model_get_results_source(import_source, cpe);
int ret = oscap_source_save_as(export_source, argv[3]);
oscap_source_free(export_source);
return ret;
} else if (argc == 3 && !strcmp(argv[1], "--validate")) {
struct oscap_source *source = oscap_source_new_from_file(argv[2]);
int ret = oscap_source_validate(source, reporter, NULL);
oscap_source_free(source);
return ret;
}
fprintf(stdout,
"Usage: \n\n"
" %s --help\n"
" %s --export-all input.xml output.xml\n"
" %s --eval input.xml results.xml\n"
" %s --validate input.xml\n",
argv[0], argv[0], argv[0], argv[0]);
return 0;
}
static int app_analyse_oval(const struct oscap_action *action) {
struct oval_definition_model *def_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_results_model *res_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_directives_model *dir_model = NULL;
struct oval_syschar_model *sys_models[2];
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* load defnitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* load system characteristics */
sys_model = oval_syschar_model_new(def_model);
source = oscap_source_new_from_file(action->f_syschar);
if (oval_syschar_model_import_source(sys_model, source) == -1 ) {
fprintf(stderr, "Failed to import the System Characteristics from '%s'.\n", action->f_syschar);
oscap_source_free(source);
goto cleanup;
}
oscap_source_free(source);
/* evaluate */
sys_models[0] = sys_model;
sys_models[1] = NULL;
res_model = oval_results_model_new(def_model, sys_models);
/* set product name */
generator = oval_results_model_get_generator(res_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
oval_generator_set_product_version(generator, oscap_get_version());
oval_results_model_eval(res_model);
/* export results */
if (action->f_results != NULL) {
/* import directives */
if (action->f_directives != NULL) {
dir_model = oval_directives_model_new();
struct oscap_source *dir_source = oscap_source_new_from_file(action->f_directives);
oval_directives_model_import_source(dir_model, dir_source);
oscap_source_free(dir_source);
}
/* export result model to XML */
oval_results_model_export(res_model, dir_model, action->f_results);
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* validate OVAL Results */
if (action->validate && full_validation) {
struct oscap_source *result_source = oscap_source_new_from_file(action->f_results);
if (oscap_source_validate(result_source, reporter, (void *) action)) {
oscap_source_free(result_source);
goto cleanup;
}
fprintf(stdout, "OVAL Results are exported correctly.\n");
oscap_source_free(result_source);
}
}
ret = OSCAP_OK;
/* clean up */
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if(res_model) oval_results_model_free(res_model);
if(sys_model) oval_syschar_model_free(sys_model);
if(def_model) oval_definition_model_free(def_model);
if(dir_model) oval_directives_model_free(dir_model);
return ret;
}
int app_collect_oval(const struct oscap_action *action)
{
struct oval_definition_model *def_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_sysinfo *sysinfo = NULL;
struct oval_probe_session *pb_sess = NULL;
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* import definitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* create empty syschar model */
sys_model = oval_syschar_model_new(def_model);
/* set product name */
generator = oval_syschar_model_get_generator(sys_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
/* create probe session */
pb_sess = oval_probe_session_new(sys_model);
/* query sysinfo */
ret = oval_probe_query_sysinfo(pb_sess, &sysinfo);
if (ret != 0) {
fprintf(stderr, "Failed to query sysinfo\n");
goto cleanup;
}
oval_syschar_model_set_sysinfo(sys_model, sysinfo);
/* query objects */
struct oval_object *object;
struct oval_syschar *syschar;
oval_syschar_collection_flag_t sc_flg;
if (action->id) {
object = oval_definition_model_get_object(def_model, action->id);
if (!object) {
fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval);
goto cleanup;
}
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
else {
struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model);
while (oval_object_iterator_has_more(objects)) {
object = oval_object_iterator_next(objects);
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
oval_object_iterator_free(objects);
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* output */
if (action->f_syschar != NULL) {
/* export OVAL System Characteristics */
oval_syschar_model_export(sys_model, action->f_syschar);
/* validate OVAL System Characteristics */
if (action->validate && full_validation) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_validate(syschar_source, reporter, (void *)action)) {
oscap_source_free(syschar_source);
goto cleanup;
}
fprintf(stdout, "OVAL System Characteristics are exported correctly.\n");
oscap_source_free(syschar_source);
}
}
ret = OSCAP_OK;
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if (sysinfo) oval_sysinfo_free(sysinfo);
if (pb_sess) oval_probe_session_destroy(pb_sess);
if (sys_model) oval_syschar_model_free(sys_model);
if (def_model) oval_definition_model_free(def_model);
return ret;
}
int app_xccdf_resolve(const struct oscap_action *action)
{
int ret = OSCAP_ERROR;
struct xccdf_benchmark *bench = NULL;
if (!action->f_xccdf) {
fprintf(stderr, "No input document specified!\n");
return OSCAP_ERROR;
}
if (!action->f_results) {
fprintf(stderr, "No output document filename specified!\n");
return OSCAP_ERROR;
}
struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf);
/* validate input */
if (action->validate) {
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
oscap_source_free(source);
goto cleanup;
}
}
bench = xccdf_benchmark_import_source(source);
oscap_source_free(source);
if (!bench)
goto cleanup;
if (action->force)
xccdf_benchmark_set_resolved(bench, false);
if (xccdf_benchmark_get_resolved(bench))
fprintf(stderr, "Benchmark is already resolved!\n");
else {
if (!xccdf_benchmark_resolve(bench))
fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n");
else
{
if (xccdf_benchmark_export(bench, action->f_results) == 0) {
ret = OSCAP_OK;
/* validate exported results */
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
if (action->validate && full_validation) {
struct oscap_source *result_source = oscap_source_new_from_file(action->f_results);
if (oscap_source_validate(result_source, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
}
else
fprintf(stdout, "Resolved XCCDF has been exported correctly.\n");
oscap_source_free(result_source);
}
}
}
}
cleanup:
oscap_print_error();
if (bench)
xccdf_benchmark_free(bench);
return ret;
}
int app_ds_rds_create(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
if (action->validate)
{
struct oscap_source *sds = oscap_source_new_from_file(action->ds_action->file);
if (oscap_source_validate(sds, reporter, (void *) action) != 0) {
oscap_source_free(sds);
goto cleanup;
}
oscap_source_free(sds);
struct oscap_source *result = oscap_source_new_from_file(action->ds_action->xccdf_result);
if (oscap_source_validate(result, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
oscap_source_free(result);
goto cleanup;
}
oscap_source_free(result);
}
char** oval_result_files = malloc(sizeof(char*) * (action->ds_action->oval_result_count + 1));
size_t i;
for (i = 0; i < action->ds_action->oval_result_count; ++i)
{
oval_result_files[i] = action->ds_action->oval_results[i];
if (action->validate)
{
struct oscap_source *source = oscap_source_new_from_file(oval_result_files[i]);
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
oscap_source_free(source);
free(oval_result_files);
goto cleanup;
}
oscap_source_free(source);
}
}
oval_result_files[i] = NULL;
ret = ds_rds_create(action->ds_action->file, action->ds_action->xccdf_result,
(const char**)oval_result_files, action->ds_action->target);
free(oval_result_files);
if (ret != 0)
{
fprintf(stdout, "Failed to create result datastream in ARF.");
ret = OSCAP_ERROR;
goto cleanup;
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
if (action->validate && full_validation)
{
struct oscap_source *rds = oscap_source_new_from_file(action->ds_action->target);
if (oscap_source_validate(rds, reporter, (void *) action) != 0) {
oscap_source_free(rds);
goto cleanup;
}
oscap_source_free(rds);
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
free(action->ds_action);
return ret;
}
