struct oval_definition_model * oval_definition_model_import(const char *file)
{
struct oscap_source *source = oscap_source_new_from_file(file);
struct oval_definition_model *model = oval_definition_model_import_source(source);
oscap_source_free(source);
return model;
}
int app_collect_oval(const struct oscap_action *action)
{
struct oval_definition_model *def_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_sysinfo *sysinfo = NULL;
struct oval_probe_session *pb_sess = NULL;
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* import definitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* create empty syschar model */
sys_model = oval_syschar_model_new(def_model);
/* set product name */
generator = oval_syschar_model_get_generator(sys_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
/* create probe session */
pb_sess = oval_probe_session_new(sys_model);
/* query sysinfo */
ret = oval_probe_query_sysinfo(pb_sess, &sysinfo);
if (ret != 0) {
fprintf(stderr, "Failed to query sysinfo\n");
goto cleanup;
}
oval_syschar_model_set_sysinfo(sys_model, sysinfo);
/* query objects */
struct oval_object *object;
struct oval_syschar *syschar;
oval_syschar_collection_flag_t sc_flg;
if (action->id) {
object = oval_definition_model_get_object(def_model, action->id);
if (!object) {
fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval);
goto cleanup;
}
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
else {
struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model);
while (oval_object_iterator_has_more(objects)) {
object = oval_object_iterator_next(objects);
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
oval_object_iterator_free(objects);
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* output */
if (action->f_syschar != NULL) {
/* export OVAL System Characteristics */
oval_syschar_model_export(sys_model, action->f_syschar);
/* validate OVAL System Characteristics */
if (action->validate && full_validation) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_validate(syschar_source, reporter, (void *)action)) {
oscap_source_free(syschar_source);
goto cleanup;
}
fprintf(stdout, "OVAL System Characteristics are exported correctly.\n");
oscap_source_free(syschar_source);
}
}
ret = OSCAP_OK;
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if (sysinfo) oval_sysinfo_free(sysinfo);
if (pb_sess) oval_probe_session_destroy(pb_sess);
if (sys_model) oval_syschar_model_free(sys_model);
if (def_model) oval_definition_model_free(def_model);
return ret;
}
static int app_analyse_oval(const struct oscap_action *action) {
struct oval_definition_model *def_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_results_model *res_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_directives_model *dir_model = NULL;
struct oval_syschar_model *sys_models[2];
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* load defnitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* load system characteristics */
sys_model = oval_syschar_model_new(def_model);
source = oscap_source_new_from_file(action->f_syschar);
if (oval_syschar_model_import_source(sys_model, source) == -1 ) {
fprintf(stderr, "Failed to import the System Characteristics from '%s'.\n", action->f_syschar);
oscap_source_free(source);
goto cleanup;
}
oscap_source_free(source);
/* evaluate */
sys_models[0] = sys_model;
sys_models[1] = NULL;
res_model = oval_results_model_new(def_model, sys_models);
/* set product name */
generator = oval_results_model_get_generator(res_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
oval_generator_set_product_version(generator, oscap_get_version());
oval_results_model_eval(res_model);
/* export results */
if (action->f_results != NULL) {
/* import directives */
if (action->f_directives != NULL) {
dir_model = oval_directives_model_new();
struct oscap_source *dir_source = oscap_source_new_from_file(action->f_directives);
oval_directives_model_import_source(dir_model, dir_source);
oscap_source_free(dir_source);
}
/* export result model to XML */
oval_results_model_export(res_model, dir_model, action->f_results);
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* validate OVAL Results */
if (action->validate && full_validation) {
struct oscap_source *result_source = oscap_source_new_from_file(action->f_results);
if (oscap_source_validate(result_source, reporter, (void *) action)) {
oscap_source_free(result_source);
goto cleanup;
}
fprintf(stdout, "OVAL Results are exported correctly.\n");
oscap_source_free(result_source);
}
}
ret = OSCAP_OK;
/* clean up */
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if(res_model) oval_results_model_free(res_model);
if(sys_model) oval_syschar_model_free(sys_model);
if(def_model) oval_definition_model_free(def_model);
if(dir_model) oval_directives_model_free(dir_model);
return ret;
}
static int app_info(const struct oscap_action *action)
{
int result = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->file);
switch (oscap_source_get_scap_type(source)) {
case OSCAP_DOCUMENT_OVAL_DEFINITIONS: {
printf("Document type: OVAL Definitions\n");
struct oval_definition_model *def_model = oval_definition_model_import_source(source);
if(!def_model)
goto cleanup;
struct oval_generator *gen = oval_definition_model_get_generator(def_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_OVAL_VARIABLES: {
printf("Document type: OVAL Variables\n");
struct oval_variable_model *var_model = oval_variable_model_import_source(source);
if(!var_model)
goto cleanup;
struct oval_generator *gen = oval_variable_model_get_generator(var_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_variable_model_free(var_model);
}
break;
case OSCAP_DOCUMENT_OVAL_DIRECTIVES: {
printf("Document type: OVAL Directives\n");
struct oval_directives_model *dir_model = oval_directives_model_new();
int ret = oval_directives_model_import_source(dir_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_directives_model_get_generator(dir_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_directives_model_free(dir_model);
}
break;
case OSCAP_DOCUMENT_OVAL_SYSCHAR: {
printf("Document type: OVAL System Characteristics\n");
struct oval_definition_model * def_model = oval_definition_model_new();
struct oval_syschar_model * sys_model = oval_syschar_model_new(def_model);
int ret = oval_syschar_model_import_source(sys_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_syschar_model_get_generator(sys_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_syschar_model_free(sys_model);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_OVAL_RESULTS: {
printf("Document type: OVAL Results\n");
struct oval_definition_model * def_model=oval_definition_model_new();
struct oval_results_model * res_model = oval_results_model_new(def_model,NULL);
int ret = oval_results_model_import_source(res_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_results_model_get_generator(res_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_results_model_free(res_model);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_XCCDF: {
printf("Document type: XCCDF Checklist\n");
struct xccdf_benchmark* bench = xccdf_benchmark_import_source(source);
if(!bench)
goto cleanup;
printf("Checklist version: %s\n", oscap_source_get_schema_version(source));
print_time(action->file);
_print_xccdf_benchmark(bench, "");
}
break;
case OSCAP_DOCUMENT_CPE_LANGUAGE: {
printf("Document type: CPE Language\n");
print_time(action->file);
}
break;
case OSCAP_DOCUMENT_CPE_DICTIONARY: {
printf("Document type: CPE Dictionary\n");
struct cpe_dict_model *dict_model = cpe_dict_model_import_source(source);
if (!dict_model)
goto cleanup;
struct cpe_generator *gen = cpe_dict_model_get_generator(dict_model);
if (gen != NULL) {
printf("CPE version: %s\n", cpe_generator_get_schema_version(gen));
printf("Generated: %s\n", cpe_generator_get_timestamp(gen));
}
print_time(action->file);
cpe_dict_model_free(dict_model);
}
break;
case OSCAP_DOCUMENT_SDS: {
printf("Document type: Source Data Stream\n");
print_time(action->file);
struct ds_sds_session *session = ds_sds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
/* get collection */
struct ds_sds_index *sds = ds_sds_session_get_sds_idx(session);
if (!sds) {
ds_sds_session_free(session);
goto cleanup;
}
/* iterate over streams */
struct ds_stream_index_iterator* sds_it = ds_sds_index_get_streams(sds);
while (ds_stream_index_iterator_has_more(sds_it)) {
struct ds_stream_index * stream = ds_stream_index_iterator_next(sds_it);
printf("\nStream: %s\n", ds_stream_index_get_id(stream));
printf("Generated: %s\n", ds_stream_index_get_timestamp(stream));
printf("Version: %s\n", ds_stream_index_get_version(stream));
printf("Checklists:\n");
struct oscap_string_iterator* checklist_it = ds_stream_index_get_checklists(stream);
while (oscap_string_iterator_has_more(checklist_it)) {
const char * id = oscap_string_iterator_next(checklist_it);
printf("\tRef-Id: %s\n", id);
/* decompose */
struct oscap_source *xccdf_source = ds_sds_session_select_checklist(session, ds_stream_index_get_id(stream), id, NULL);
if (xccdf_source == NULL) {
oscap_string_iterator_free(checklist_it);
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
goto cleanup;
}
const char *prefix = "\t\t";
if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF) {
struct xccdf_benchmark* bench = xccdf_benchmark_import_source(xccdf_source);
if(!bench) {
oscap_string_iterator_free(checklist_it);
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
goto cleanup;
}
_print_xccdf_benchmark(bench, prefix);
} else if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF_TAILORING) {
_print_xccdf_tailoring(xccdf_source, prefix);
}
ds_sds_session_reset(session);
}
oscap_string_iterator_free(checklist_it);
printf("Checks:\n");
struct oscap_string_iterator* checks_it = ds_stream_index_get_checks(stream);
while (oscap_string_iterator_has_more(checks_it)) {
const char * id = oscap_string_iterator_next(checks_it);
printf("\tRef-Id: %s\n", id);
}
oscap_string_iterator_free(checks_it);
struct oscap_string_iterator* dict_it = ds_stream_index_get_dictionaries(stream);
if (oscap_string_iterator_has_more(dict_it))
printf("Dictionaries:\n");
else
printf("No dictionaries.\n");
while (oscap_string_iterator_has_more(dict_it)) {
const char * id = oscap_string_iterator_next(dict_it);
printf("\tRef-Id: %s\n", id);
}
oscap_string_iterator_free(dict_it);
}
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
}
break;
case OSCAP_DOCUMENT_ARF: {
printf("Document type: Result Data Stream\n");
struct ds_rds_session *session = ds_rds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
struct rds_index *rds = ds_rds_session_get_rds_idx(session);
if (!rds) {
ds_rds_session_free(session);
goto cleanup;
}
struct rds_asset_index_iterator* asset_it = rds_index_get_assets(rds);
while (rds_asset_index_iterator_has_more(asset_it)) {
struct rds_asset_index* asset = rds_asset_index_iterator_next(asset_it);
printf("\nAsset: %s\n", rds_asset_index_get_id(asset));
struct rds_report_index_iterator* report_it = rds_asset_index_get_reports(asset);
while (rds_report_index_iterator_has_more(report_it)) {
struct rds_report_index* report = rds_report_index_iterator_next(report_it);
struct rds_report_request_index* request = rds_report_index_get_request(report);
printf(" - %s -> %s\n",
rds_report_request_index_get_id(request),
rds_report_index_get_id(report));
}
rds_report_index_iterator_free(report_it);
}
rds_asset_index_iterator_free(asset_it);
ds_rds_session_free(session);
}
break;
case OSCAP_DOCUMENT_XCCDF_TAILORING:
printf("Document type: XCCDF Tailoring\n");
print_time(action->file);
_print_xccdf_tailoring(source, "");
break;
case OSCAP_DOCUMENT_CVE_FEED:
printf("Document type: CVE Feed\n");
// TODO: Provide more info about CVE feeds
break;
case OSCAP_DOCUMENT_SCE_RESULT:
printf("Document type: SCE Result File\n");
// Currently, we do not have any SCE result file parsing capabilities.
break;
default:
printf("Could not determine document type\n");
goto cleanup;
break;
}
result=OSCAP_OK;
cleanup:
oscap_source_free(source);
oscap_print_error();
return result;
}
