static bool _some_oval_result_exists(struct oscap_source *xccdf_source) { struct xccdf_benchmark *benchmark = NULL; struct xccdf_policy_model *policy_model = NULL; struct oscap_file_entry_list *files = NULL; struct oscap_file_entry_iterator *files_it = NULL; char *oval_result = NULL; bool result = false; benchmark = xccdf_benchmark_import_source(xccdf_source); if (benchmark == NULL) return false; policy_model = xccdf_policy_model_new(benchmark); files = xccdf_policy_model_get_systems_and_files(policy_model); files_it = oscap_file_entry_list_get_files(files); oval_result = malloc(PATH_MAX * sizeof(char)); while (oscap_file_entry_iterator_has_more(files_it)) { struct oscap_file_entry *file_entry = (struct oscap_file_entry *) oscap_file_entry_iterator_next(files_it);; struct stat sb; if (strcmp(oscap_file_entry_get_system(file_entry), "http://oval.mitre.org/XMLSchema/oval-definitions-5")) continue; snprintf(oval_result, PATH_MAX, "./%s.result.xml", oscap_file_entry_get_file(file_entry)); if (stat(oval_result, &sb) == 0) { result = true; break; } } free(oval_result); oscap_file_entry_iterator_free(files_it); oscap_file_entry_list_free(files); xccdf_policy_model_free(policy_model); return result; }
struct xccdf_benchmark *xccdf_benchmark_import(const char *file) { struct oscap_source *source = oscap_source_new_from_file(file); struct xccdf_benchmark *benchmark = xccdf_benchmark_import_source(source); oscap_source_free(source); return benchmark; }
int main(int argc, char **argv) { if (argc < 2) return 1; if (strcmp(argv[1], "--export") == 0) { if (argc != 4) return 1; struct oscap_source *source = oscap_source_new_from_file(argv[2]); struct xccdf_benchmark *bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (bench == NULL) return 1; xccdf_benchmark_export(bench, argv[3]); xccdf_benchmark_free(bench); oscap_cleanup(); return 0; } else if (strcmp(argv[1], "--validate") == 0) { if (argc != 4) { fprintf(stderr, "Usage: %s --validate ver xccdf\n", argv[0]); return 1; } struct oscap_source *source = oscap_source_new_from_file(argv[3]); if (oscap_source_validate(source, NULL, stdout)) { fprintf(stderr, "ERROR: %s\n", oscap_err_desc()); oscap_source_free(source); return 1; } oscap_source_free(source); return 0; } else { fprintf(stderr, "Unknown mode: %s\n", argv[1]); } return 1; }
static int app_info(const struct oscap_action *action) { int result = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->file); switch (oscap_source_get_scap_type(source)) { case OSCAP_DOCUMENT_OVAL_DEFINITIONS: { printf("Document type: OVAL Definitions\n"); struct oval_definition_model *def_model = oval_definition_model_import_source(source); if(!def_model) goto cleanup; struct oval_generator *gen = oval_definition_model_get_generator(def_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_OVAL_VARIABLES: { printf("Document type: OVAL Variables\n"); struct oval_variable_model *var_model = oval_variable_model_import_source(source); if(!var_model) goto cleanup; struct oval_generator *gen = oval_variable_model_get_generator(var_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_variable_model_free(var_model); } break; case OSCAP_DOCUMENT_OVAL_DIRECTIVES: { printf("Document type: OVAL Directives\n"); struct oval_directives_model *dir_model = oval_directives_model_new(); int ret = oval_directives_model_import_source(dir_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_directives_model_get_generator(dir_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_directives_model_free(dir_model); } break; case OSCAP_DOCUMENT_OVAL_SYSCHAR: { printf("Document type: OVAL System Characteristics\n"); struct oval_definition_model * def_model = oval_definition_model_new(); struct oval_syschar_model * sys_model = oval_syschar_model_new(def_model); int ret = oval_syschar_model_import_source(sys_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_syschar_model_get_generator(sys_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_syschar_model_free(sys_model); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_OVAL_RESULTS: { printf("Document type: OVAL Results\n"); struct oval_definition_model * def_model=oval_definition_model_new(); struct oval_results_model * res_model = oval_results_model_new(def_model,NULL); int ret = oval_results_model_import_source(res_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_results_model_get_generator(res_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_results_model_free(res_model); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_XCCDF: { printf("Document type: XCCDF Checklist\n"); struct xccdf_benchmark* bench = xccdf_benchmark_import_source(source); if(!bench) goto cleanup; printf("Checklist version: %s\n", oscap_source_get_schema_version(source)); print_time(action->file); _print_xccdf_benchmark(bench, ""); } break; case OSCAP_DOCUMENT_CPE_LANGUAGE: { printf("Document type: CPE Language\n"); print_time(action->file); } break; case OSCAP_DOCUMENT_CPE_DICTIONARY: { printf("Document type: CPE Dictionary\n"); struct cpe_dict_model *dict_model = cpe_dict_model_import_source(source); if (!dict_model) goto cleanup; struct cpe_generator *gen = cpe_dict_model_get_generator(dict_model); if (gen != NULL) { printf("CPE version: %s\n", cpe_generator_get_schema_version(gen)); printf("Generated: %s\n", cpe_generator_get_timestamp(gen)); } print_time(action->file); cpe_dict_model_free(dict_model); } break; case OSCAP_DOCUMENT_SDS: { printf("Document type: Source Data Stream\n"); print_time(action->file); struct ds_sds_session *session = ds_sds_session_new_from_source(source); if (session == NULL) { goto cleanup; } /* get collection */ struct ds_sds_index *sds = ds_sds_session_get_sds_idx(session); if (!sds) { ds_sds_session_free(session); goto cleanup; } /* iterate over streams */ struct ds_stream_index_iterator* sds_it = ds_sds_index_get_streams(sds); while (ds_stream_index_iterator_has_more(sds_it)) { struct ds_stream_index * stream = ds_stream_index_iterator_next(sds_it); printf("\nStream: %s\n", ds_stream_index_get_id(stream)); printf("Generated: %s\n", ds_stream_index_get_timestamp(stream)); printf("Version: %s\n", ds_stream_index_get_version(stream)); printf("Checklists:\n"); struct oscap_string_iterator* checklist_it = ds_stream_index_get_checklists(stream); while (oscap_string_iterator_has_more(checklist_it)) { const char * id = oscap_string_iterator_next(checklist_it); printf("\tRef-Id: %s\n", id); /* decompose */ struct oscap_source *xccdf_source = ds_sds_session_select_checklist(session, ds_stream_index_get_id(stream), id, NULL); if (xccdf_source == NULL) { oscap_string_iterator_free(checklist_it); ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); goto cleanup; } const char *prefix = "\t\t"; if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF) { struct xccdf_benchmark* bench = xccdf_benchmark_import_source(xccdf_source); if(!bench) { oscap_string_iterator_free(checklist_it); ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); goto cleanup; } _print_xccdf_benchmark(bench, prefix); } else if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF_TAILORING) { _print_xccdf_tailoring(xccdf_source, prefix); } ds_sds_session_reset(session); } oscap_string_iterator_free(checklist_it); printf("Checks:\n"); struct oscap_string_iterator* checks_it = ds_stream_index_get_checks(stream); while (oscap_string_iterator_has_more(checks_it)) { const char * id = oscap_string_iterator_next(checks_it); printf("\tRef-Id: %s\n", id); } oscap_string_iterator_free(checks_it); struct oscap_string_iterator* dict_it = ds_stream_index_get_dictionaries(stream); if (oscap_string_iterator_has_more(dict_it)) printf("Dictionaries:\n"); else printf("No dictionaries.\n"); while (oscap_string_iterator_has_more(dict_it)) { const char * id = oscap_string_iterator_next(dict_it); printf("\tRef-Id: %s\n", id); } oscap_string_iterator_free(dict_it); } ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); } break; case OSCAP_DOCUMENT_ARF: { printf("Document type: Result Data Stream\n"); struct ds_rds_session *session = ds_rds_session_new_from_source(source); if (session == NULL) { goto cleanup; } struct rds_index *rds = ds_rds_session_get_rds_idx(session); if (!rds) { ds_rds_session_free(session); goto cleanup; } struct rds_asset_index_iterator* asset_it = rds_index_get_assets(rds); while (rds_asset_index_iterator_has_more(asset_it)) { struct rds_asset_index* asset = rds_asset_index_iterator_next(asset_it); printf("\nAsset: %s\n", rds_asset_index_get_id(asset)); struct rds_report_index_iterator* report_it = rds_asset_index_get_reports(asset); while (rds_report_index_iterator_has_more(report_it)) { struct rds_report_index* report = rds_report_index_iterator_next(report_it); struct rds_report_request_index* request = rds_report_index_get_request(report); printf(" - %s -> %s\n", rds_report_request_index_get_id(request), rds_report_index_get_id(report)); } rds_report_index_iterator_free(report_it); } rds_asset_index_iterator_free(asset_it); ds_rds_session_free(session); } break; case OSCAP_DOCUMENT_XCCDF_TAILORING: printf("Document type: XCCDF Tailoring\n"); print_time(action->file); _print_xccdf_tailoring(source, ""); break; case OSCAP_DOCUMENT_CVE_FEED: printf("Document type: CVE Feed\n"); // TODO: Provide more info about CVE feeds break; case OSCAP_DOCUMENT_SCE_RESULT: printf("Document type: SCE Result File\n"); // Currently, we do not have any SCE result file parsing capabilities. break; default: printf("Could not determine document type\n"); goto cleanup; break; } result=OSCAP_OK; cleanup: oscap_source_free(source); oscap_print_error(); return result; }
int app_xccdf_resolve(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct xccdf_benchmark *bench = NULL; if (!action->f_xccdf) { fprintf(stderr, "No input document specified!\n"); return OSCAP_ERROR; } if (!action->f_results) { fprintf(stderr, "No output document filename specified!\n"); return OSCAP_ERROR; } struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf); /* validate input */ if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { oscap_source_free(source); goto cleanup; } } bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (!bench) goto cleanup; if (action->force) xccdf_benchmark_set_resolved(bench, false); if (xccdf_benchmark_get_resolved(bench)) fprintf(stderr, "Benchmark is already resolved!\n"); else { if (!xccdf_benchmark_resolve(bench)) fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n"); else { if (xccdf_benchmark_export(bench, action->f_results) == 0) { ret = OSCAP_OK; /* validate exported results */ const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); if (action->validate && full_validation) { struct oscap_source *result_source = oscap_source_new_from_file(action->f_results); if (oscap_source_validate(result_source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; } else fprintf(stdout, "Resolved XCCDF has been exported correctly.\n"); oscap_source_free(result_source); } } } } cleanup: oscap_print_error(); if (bench) xccdf_benchmark_free(bench); return ret; }