int oval_result_test_parse_tag(xmlTextReaderPtr reader, struct oval_parser_context *context, void *usr) {
struct oval_result_system *sys = (struct oval_result_system *) usr;
int return_code = 0;
struct oval_definition_model *dmod;
struct oval_test *dtst;
struct oval_result_test *test;
xmlChar *test_id = xmlTextReaderGetAttribute(reader, BAD_CAST "test_id");
dmod = context->definition_model;
dtst = oval_definition_model_get_new_test(dmod, (char *) test_id);
oval_result_t result = oval_result_parse(reader, "result", 0);
int variable_instance = oval_parser_int_attribute(reader, "variable_instance", 1);
test = oval_result_system_get_new_test(sys, dtst, variable_instance);
if (test == NULL)
return -1;
oval_result_test_set_result(test, result);
oval_result_test_set_instance(test, variable_instance);
struct oval_test *ovaltst = oval_result_test_get_test(test);
oval_existence_t check_existence = oval_existence_parse(reader, "check_existence", OVAL_AT_LEAST_ONE_EXISTS);
oval_existence_t tst_check_existence = oval_test_get_existence(ovaltst);
if (tst_check_existence == OVAL_EXISTENCE_UNKNOWN) {
oval_test_set_existence(ovaltst, check_existence);
} else if (tst_check_existence != check_existence) {
oscap_dlprintf(DBG_W, "@check_existence does not match, test_id: %s.\n", test_id);
}
oval_check_t check = oval_check_parse(reader, "check", OVAL_CHECK_UNKNOWN);
oval_check_t tst_check = oval_test_get_check(ovaltst);
if (tst_check == OVAL_CHECK_UNKNOWN) {
oval_test_set_check(ovaltst, check);
} else if (tst_check != check) {
oscap_dlprintf(DBG_W, "@check does not match, test_id: %s.\n", test_id);
}
int version = oval_parser_int_attribute(reader, "version", 0);
int tst_version = oval_test_get_version(ovaltst);
if (tst_version == 0) {
oval_test_set_version(ovaltst, version);
} else if (tst_version != version) {
oscap_dlprintf(DBG_W, "@version does not match, test_id: %s.\n", test_id);
}
struct oval_string_map *itemmap = oval_string_map_new();
void *args[] = { sys, test, itemmap };
return_code = oval_parser_parse_tag(reader, context, (oval_xml_tag_parser) _oval_result_test_parse, args);
oval_string_map_free(itemmap, NULL);
test->bindings_initialized = true;
oscap_free(test_id);
return return_code;
}
xmlNode *oval_result_test_to_dom(struct oval_result_test *rslt_test, xmlDocPtr doc, xmlNode * parent) {
__attribute__nonnull__(rslt_test);
xmlNs *ns_results = xmlSearchNsByHref(doc, parent, OVAL_RESULTS_NAMESPACE);
xmlNode *test_node = xmlNewTextChild(parent, ns_results, BAD_CAST "test", NULL);
struct oval_test *oval_test = oval_result_test_get_test(rslt_test);
char *test_id = oval_test_get_id(oval_test);
xmlNewProp(test_node, BAD_CAST "test_id", BAD_CAST test_id);
char version[10];
*version = '\0';
snprintf(version, sizeof(version), "%d", oval_test_get_version(oval_test));
xmlNewProp(test_node, BAD_CAST "version", BAD_CAST version);
oval_existence_t existence = oval_test_get_existence(oval_test);
if (existence != OVAL_AT_LEAST_ONE_EXISTS) {
xmlNewProp(test_node, BAD_CAST "check_existence", BAD_CAST oval_existence_get_text(existence));
}
oval_check_t check = oval_test_get_check(oval_test);
xmlNewProp(test_node, BAD_CAST "check", BAD_CAST oval_check_get_text(check));
int instance_val = oval_result_test_get_instance(rslt_test);
if (instance_val > 1) {
char instance[10];
*instance = '\0';
snprintf(instance, sizeof(instance), "%d", instance_val);
xmlNewProp(test_node, BAD_CAST "variable_instance", BAD_CAST instance);
}
oval_result_t result = oval_result_test_get_result(rslt_test);
xmlNewProp(test_node, BAD_CAST "result", BAD_CAST oval_result_get_text(result));
/* does not make sense to report these when test(definition) is not evaluated */
if( result != OVAL_RESULT_NOT_EVALUATED) {
struct oval_result_item_iterator *items = oval_result_test_get_items(rslt_test);
while (oval_result_item_iterator_has_more(items)) {
struct oval_result_item *item = oval_result_item_iterator_next(items);
oval_result_item_to_dom(item, doc, test_node);
}
oval_result_item_iterator_free(items);
struct oval_variable_binding_iterator *bindings = oval_result_test_get_bindings(rslt_test);
while (oval_variable_binding_iterator_has_more(bindings)) {
struct oval_variable_binding *binding = oval_variable_binding_iterator_next(bindings);
_oval_result_binding_to_dom(binding, doc, test_node);
}
oval_variable_binding_iterator_free(bindings);
}
return test_node;
}
static oval_result_t
_oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args)
{
struct oval_sysitem_iterator *collected_items_itr;
oval_result_t result;
int exists_cnt, error_cnt;
bool hasstate;
oval_check_t test_check;
oval_existence_t test_check_existence;
struct oval_state_iterator *ste_itr;
exists_cnt = error_cnt = 0;
collected_items_itr = oval_syschar_get_sysitem(syschar_object);
while (oval_sysitem_iterator_has_more(collected_items_itr)) {
struct oval_sysitem *item;
char *item_id;
oval_syschar_status_t item_status;
struct oval_result_item *ritem;
item = oval_sysitem_iterator_next(collected_items_itr);
if (item == NULL) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null.");
oval_sysitem_iterator_free(collected_items_itr);
return OVAL_RESULT_ERROR;
}
item_status = oval_sysitem_get_status(item);
if (item_status == SYSCHAR_STATUS_EXISTS)
exists_cnt++;
if (item_status == SYSCHAR_STATUS_ERROR)
error_cnt++;
item_id = oval_sysitem_get_id(item);
ritem = oval_result_item_new(SYSTEM, item_id);
oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED);
_oval_test_item_consumer(ritem, args);
}
oval_sysitem_iterator_free(collected_items_itr);
test_check = oval_test_get_check(test);
test_check_existence = oval_test_get_existence(test);
ste_itr = oval_test_get_states(test);
hasstate = oval_state_iterator_has_more(ste_itr);
oval_state_iterator_free(ste_itr);
switch (oval_syschar_get_flag(syschar_object)) {
case SYSCHAR_FLAG_ERROR:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_ERROR;
}
break;
case SYSCHAR_FLAG_NOT_COLLECTED:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
break;
case SYSCHAR_FLAG_NOT_APPLICABLE:
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_NOT_APPLICABLE;
}
break;
case SYSCHAR_FLAG_DOES_NOT_EXIST:
if (test_check_existence == OVAL_NONE_EXIST
|| test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_FALSE;
}
break;
case SYSCHAR_FLAG_COMPLETE:
result = eval_check_existence(test_check_existence, exists_cnt, error_cnt);
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
}
break;
case SYSCHAR_FLAG_INCOMPLETE:
if (test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS
&& exists_cnt > 0) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_NONE_EXIST
&& exists_cnt > 0) {
result = OVAL_RESULT_FALSE;
} else if (test_check_existence == OVAL_ONLY_ONE_EXISTS
&& exists_cnt > 1) {
result = OVAL_RESULT_FALSE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
if (result == OVAL_RESULT_TRUE) {
if (test_check != OVAL_CHECK_AT_LEAST_ONE) {
result = OVAL_RESULT_UNKNOWN;
}
} else if (result != OVAL_RESULT_FALSE) {
result = OVAL_RESULT_UNKNOWN;
}
}
break;
default: {
const char *object_id = oval_syschar_get_object(syschar_object) ? oval_object_get_id(oval_syschar_get_object(syschar_object)) : "<UNKNOWN>";
oscap_seterr(OSCAP_EFAMILY_OVAL, "Unknown syschar flag: '%d' when evaluating object: '%s' from test: '%s' ",
oval_syschar_get_flag(syschar_object), object_id, oval_test_get_id(test));
return OVAL_RESULT_ERROR;
}
}
return result;
}
static oval_result_t
_oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args)
{
struct oval_sysitem_iterator *collected_items_itr;
oval_result_t result;
int exists_cnt, error_cnt;
bool hasstate;
const char *test_id, *object_id, *flag_text;
oval_check_t test_check;
oval_existence_t test_check_existence;
struct oval_state_iterator *ste_itr;
oval_syschar_collection_flag_t flag;
struct oval_object *object;
exists_cnt = error_cnt = 0;
test_id = oval_test_get_id(test);
collected_items_itr = oval_syschar_get_sysitem(syschar_object);
while (oval_sysitem_iterator_has_more(collected_items_itr)) {
struct oval_sysitem *item;
char *item_id;
oval_syschar_status_t item_status;
struct oval_result_item *ritem;
item = oval_sysitem_iterator_next(collected_items_itr);
if (item == NULL) {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null.");
oval_sysitem_iterator_free(collected_items_itr);
return OVAL_RESULT_ERROR;
}
item_status = oval_sysitem_get_status(item);
if (item_status == SYSCHAR_STATUS_EXISTS)
exists_cnt++;
if (item_status == SYSCHAR_STATUS_ERROR)
error_cnt++;
item_id = oval_sysitem_get_id(item);
ritem = oval_result_item_new(SYSTEM, item_id);
oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED);
_oval_test_item_consumer(ritem, args);
}
oval_sysitem_iterator_free(collected_items_itr);
test_check = oval_test_get_check(test);
test_check_existence = oval_test_get_existence(test);
ste_itr = oval_test_get_states(test);
hasstate = oval_state_iterator_has_more(ste_itr);
oval_state_iterator_free(ste_itr);
object = oval_syschar_get_object(syschar_object);
object_id = object ? oval_object_get_id(object) : "<UNKNOWN>";
switch (test_check_existence) {
case OVAL_ALL_EXIST:
dI("Test '%s' requires that every object defined by '%s' exists on the system.", test_id, object_id);
break;
case OVAL_ANY_EXIST:
dI("Test '%s' requires that zero or more objects defined by '%s' exist on the system.", test_id, object_id);
break;
case OVAL_AT_LEAST_ONE_EXISTS:
dI("Test '%s' requires that at least one object defined by '%s' exists on the system.", test_id, object_id);
break;
case OVAL_NONE_EXIST:
dI("Test '%s' requires that none of the objects defined by '%s' exist on the system.", test_id, object_id);
break;
case OVAL_ONLY_ONE_EXISTS:
dI("Test '%s' requires that only one object defined by '%s' exists on the system.", test_id, object_id);
break;
default:
oscap_seterr(OSCAP_EFAMILY_OVAL, "Check_existence parameter of test '%s' is unknown. This may indicate a bug in OpenSCAP.", test_id);
}
dI("%d objects defined by '%s' exist on the system.", exists_cnt, object_id);
if (!hasstate) {
dI("Test '%s' does not contain any state to compare object with.", test_id);
}
flag = oval_syschar_get_flag(syschar_object);
flag_text = oval_syschar_collection_flag_get_text(flag);
switch (flag) {
case SYSCHAR_FLAG_ERROR:
dI("An error occured while collecting items matching object '%s'. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_ERROR;
}
break;
case SYSCHAR_FLAG_NOT_COLLECTED:
dI("No attempt was made to collect items matching object '%s'. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
break;
case SYSCHAR_FLAG_NOT_APPLICABLE:
dI("Object '%s' is not applicable to the system. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST
&& !hasstate) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_NOT_APPLICABLE;
}
break;
case SYSCHAR_FLAG_DOES_NOT_EXIST:
dI("No item matching object '%s' was found on the system. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_NONE_EXIST
|| test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else {
result = OVAL_RESULT_FALSE;
}
break;
case SYSCHAR_FLAG_COMPLETE:
dI("All items matching object '%s' were collected. (flag=%s)", object_id, flag_text);
result = eval_check_existence(test_check_existence, exists_cnt, error_cnt);
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
}
break;
case SYSCHAR_FLAG_INCOMPLETE:
dI("Only some of items matching object '%s' have been collected from the system. It is unknown if other matching items also exist. (flag=%s)", object_id, flag_text);
if (test_check_existence == OVAL_ANY_EXIST) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS
&& exists_cnt > 0) {
result = OVAL_RESULT_TRUE;
} else if (test_check_existence == OVAL_NONE_EXIST
&& exists_cnt > 0) {
result = OVAL_RESULT_FALSE;
} else if (test_check_existence == OVAL_ONLY_ONE_EXISTS
&& exists_cnt > 1) {
result = OVAL_RESULT_FALSE;
} else {
result = OVAL_RESULT_UNKNOWN;
}
if (result == OVAL_RESULT_TRUE
&& hasstate) {
result = eval_check_state(test, args);
if (result == OVAL_RESULT_TRUE) {
if (test_check != OVAL_CHECK_AT_LEAST_ONE) {
result = OVAL_RESULT_UNKNOWN;
}
} else if (result != OVAL_RESULT_FALSE) {
result = OVAL_RESULT_UNKNOWN;
}
}
break;
default: {
oscap_seterr(OSCAP_EFAMILY_OVAL, "Item corresponding to object '%s' from test '%s' has an unknown flag. This may indicate a bug in OpenSCAP.",
object_id, test_id);
return OVAL_RESULT_ERROR;
}
}
return result;
}
xmlNode *oval_test_to_dom(struct oval_test *test, xmlDoc * doc, xmlNode * parent)
{
xmlNode * test_node=NULL;
/* skip unknown test */
oval_subtype_t subtype = oval_test_get_subtype(test);
if ( subtype == OVAL_SUBTYPE_UNKNOWN ) {
oscap_dlprintf(DBG_E, "Unknown Test %s.\n", oval_test_get_id(test));
return test_node;
}
/* get test name */
const char *subtype_text = oval_subtype_get_text(subtype);
char test_name[strlen(subtype_text) + 6];
sprintf(test_name, "%s_test", subtype_text);
/* get family URI */
oval_family_t family = oval_test_get_family(test);
const char *family_text = oval_family_get_text(family);
char family_uri[strlen((const char *)OVAL_DEFINITIONS_NAMESPACE) + strlen(family_text) + 2];
sprintf(family_uri,"%s#%s", OVAL_DEFINITIONS_NAMESPACE, family_text);
/* search namespace & create child */
xmlNs *ns_family = xmlSearchNsByHref(doc, parent, BAD_CAST family_uri);
test_node = xmlNewTextChild(parent, ns_family, BAD_CAST test_name, NULL);
char *id = oval_test_get_id(test);
xmlNewProp(test_node, BAD_CAST "id", BAD_CAST id);
char version[10];
*version = '\0';
snprintf(version, sizeof(version), "%d", oval_test_get_version(test));
xmlNewProp(test_node, BAD_CAST "version", BAD_CAST version);
oval_existence_t existence = oval_test_get_existence(test);
if (existence != OVAL_AT_LEAST_ONE_EXISTS)
xmlNewProp(test_node, BAD_CAST "check_existence", BAD_CAST oval_existence_get_text(existence));
oval_check_t check = oval_test_get_check(test);
xmlNewProp(test_node, BAD_CAST "check", BAD_CAST oval_check_get_text(check));
oval_operator_t ste_operator = oval_test_get_state_operator(test);
if (ste_operator != OVAL_OPERATOR_AND)
xmlNewProp(test_node, BAD_CAST "state_operator", BAD_CAST oval_operator_get_text(ste_operator));
char *comm = oval_test_get_comment(test);
xmlNewProp(test_node, BAD_CAST "comment", BAD_CAST comm);
bool deprecated = oval_test_get_deprecated(test);
if (deprecated)
xmlNewProp(test_node, BAD_CAST "deprecated", BAD_CAST "true");
struct oval_string_iterator *notes = oval_test_get_notes(test);
if (oval_string_iterator_has_more(notes)) {
xmlNs *ns_definitions = xmlSearchNsByHref(doc, parent, OVAL_DEFINITIONS_NAMESPACE);
xmlNode *notes_node = xmlNewTextChild(test_node, ns_definitions, BAD_CAST "notes", NULL);
while (oval_string_iterator_has_more(notes)) {
char *note = oval_string_iterator_next(notes);
xmlNewTextChild(notes_node, ns_definitions, BAD_CAST "note", BAD_CAST note);
}
}
oval_string_iterator_free(notes);
struct oval_object *object = oval_test_get_object(test);
if (object) {
xmlNode *object_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "object", NULL);
xmlNewProp(object_node, BAD_CAST "object_ref", BAD_CAST oval_object_get_id(object));
}
struct oval_state_iterator *ste_itr = oval_test_get_states(test);
while (oval_state_iterator_has_more(ste_itr)) {
struct oval_state *state;
state = oval_state_iterator_next(ste_itr);
xmlNode *state_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "state", NULL);
xmlNewProp(state_node, BAD_CAST "state_ref", BAD_CAST oval_state_get_id(state));
}
oval_state_iterator_free(ste_itr);
return test_node;
}
