int oval_result_test_parse_tag(xmlTextReaderPtr reader, struct oval_parser_context *context, void *usr) { struct oval_result_system *sys = (struct oval_result_system *) usr; int return_code = 0; struct oval_definition_model *dmod; struct oval_test *dtst; struct oval_result_test *test; xmlChar *test_id = xmlTextReaderGetAttribute(reader, BAD_CAST "test_id"); dmod = context->definition_model; dtst = oval_definition_model_get_new_test(dmod, (char *) test_id); oval_result_t result = oval_result_parse(reader, "result", 0); int variable_instance = oval_parser_int_attribute(reader, "variable_instance", 1); test = oval_result_system_get_new_test(sys, dtst, variable_instance); if (test == NULL) return -1; oval_result_test_set_result(test, result); oval_result_test_set_instance(test, variable_instance); struct oval_test *ovaltst = oval_result_test_get_test(test); oval_existence_t check_existence = oval_existence_parse(reader, "check_existence", OVAL_AT_LEAST_ONE_EXISTS); oval_existence_t tst_check_existence = oval_test_get_existence(ovaltst); if (tst_check_existence == OVAL_EXISTENCE_UNKNOWN) { oval_test_set_existence(ovaltst, check_existence); } else if (tst_check_existence != check_existence) { oscap_dlprintf(DBG_W, "@check_existence does not match, test_id: %s.\n", test_id); } oval_check_t check = oval_check_parse(reader, "check", OVAL_CHECK_UNKNOWN); oval_check_t tst_check = oval_test_get_check(ovaltst); if (tst_check == OVAL_CHECK_UNKNOWN) { oval_test_set_check(ovaltst, check); } else if (tst_check != check) { oscap_dlprintf(DBG_W, "@check does not match, test_id: %s.\n", test_id); } int version = oval_parser_int_attribute(reader, "version", 0); int tst_version = oval_test_get_version(ovaltst); if (tst_version == 0) { oval_test_set_version(ovaltst, version); } else if (tst_version != version) { oscap_dlprintf(DBG_W, "@version does not match, test_id: %s.\n", test_id); } struct oval_string_map *itemmap = oval_string_map_new(); void *args[] = { sys, test, itemmap }; return_code = oval_parser_parse_tag(reader, context, (oval_xml_tag_parser) _oval_result_test_parse, args); oval_string_map_free(itemmap, NULL); test->bindings_initialized = true; oscap_free(test_id); return return_code; }
xmlNode *oval_result_test_to_dom(struct oval_result_test *rslt_test, xmlDocPtr doc, xmlNode * parent) { __attribute__nonnull__(rslt_test); xmlNs *ns_results = xmlSearchNsByHref(doc, parent, OVAL_RESULTS_NAMESPACE); xmlNode *test_node = xmlNewTextChild(parent, ns_results, BAD_CAST "test", NULL); struct oval_test *oval_test = oval_result_test_get_test(rslt_test); char *test_id = oval_test_get_id(oval_test); xmlNewProp(test_node, BAD_CAST "test_id", BAD_CAST test_id); char version[10]; *version = '\0'; snprintf(version, sizeof(version), "%d", oval_test_get_version(oval_test)); xmlNewProp(test_node, BAD_CAST "version", BAD_CAST version); oval_existence_t existence = oval_test_get_existence(oval_test); if (existence != OVAL_AT_LEAST_ONE_EXISTS) { xmlNewProp(test_node, BAD_CAST "check_existence", BAD_CAST oval_existence_get_text(existence)); } oval_check_t check = oval_test_get_check(oval_test); xmlNewProp(test_node, BAD_CAST "check", BAD_CAST oval_check_get_text(check)); int instance_val = oval_result_test_get_instance(rslt_test); if (instance_val > 1) { char instance[10]; *instance = '\0'; snprintf(instance, sizeof(instance), "%d", instance_val); xmlNewProp(test_node, BAD_CAST "variable_instance", BAD_CAST instance); } oval_result_t result = oval_result_test_get_result(rslt_test); xmlNewProp(test_node, BAD_CAST "result", BAD_CAST oval_result_get_text(result)); /* does not make sense to report these when test(definition) is not evaluated */ if( result != OVAL_RESULT_NOT_EVALUATED) { struct oval_result_item_iterator *items = oval_result_test_get_items(rslt_test); while (oval_result_item_iterator_has_more(items)) { struct oval_result_item *item = oval_result_item_iterator_next(items); oval_result_item_to_dom(item, doc, test_node); } oval_result_item_iterator_free(items); struct oval_variable_binding_iterator *bindings = oval_result_test_get_bindings(rslt_test); while (oval_variable_binding_iterator_has_more(bindings)) { struct oval_variable_binding *binding = oval_variable_binding_iterator_next(bindings); _oval_result_binding_to_dom(binding, doc, test_node); } oval_variable_binding_iterator_free(bindings); } return test_node; }
static oval_result_t _oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args) { struct oval_sysitem_iterator *collected_items_itr; oval_result_t result; int exists_cnt, error_cnt; bool hasstate; oval_check_t test_check; oval_existence_t test_check_existence; struct oval_state_iterator *ste_itr; exists_cnt = error_cnt = 0; collected_items_itr = oval_syschar_get_sysitem(syschar_object); while (oval_sysitem_iterator_has_more(collected_items_itr)) { struct oval_sysitem *item; char *item_id; oval_syschar_status_t item_status; struct oval_result_item *ritem; item = oval_sysitem_iterator_next(collected_items_itr); if (item == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null."); oval_sysitem_iterator_free(collected_items_itr); return OVAL_RESULT_ERROR; } item_status = oval_sysitem_get_status(item); if (item_status == SYSCHAR_STATUS_EXISTS) exists_cnt++; if (item_status == SYSCHAR_STATUS_ERROR) error_cnt++; item_id = oval_sysitem_get_id(item); ritem = oval_result_item_new(SYSTEM, item_id); oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED); _oval_test_item_consumer(ritem, args); } oval_sysitem_iterator_free(collected_items_itr); test_check = oval_test_get_check(test); test_check_existence = oval_test_get_existence(test); ste_itr = oval_test_get_states(test); hasstate = oval_state_iterator_has_more(ste_itr); oval_state_iterator_free(ste_itr); switch (oval_syschar_get_flag(syschar_object)) { case SYSCHAR_FLAG_ERROR: if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_ERROR; } break; case SYSCHAR_FLAG_NOT_COLLECTED: if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_UNKNOWN; } break; case SYSCHAR_FLAG_NOT_APPLICABLE: if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_NOT_APPLICABLE; } break; case SYSCHAR_FLAG_DOES_NOT_EXIST: if (test_check_existence == OVAL_NONE_EXIST || test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_FALSE; } break; case SYSCHAR_FLAG_COMPLETE: result = eval_check_existence(test_check_existence, exists_cnt, error_cnt); if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); } break; case SYSCHAR_FLAG_INCOMPLETE: if (test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS && exists_cnt > 0) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_NONE_EXIST && exists_cnt > 0) { result = OVAL_RESULT_FALSE; } else if (test_check_existence == OVAL_ONLY_ONE_EXISTS && exists_cnt > 1) { result = OVAL_RESULT_FALSE; } else { result = OVAL_RESULT_UNKNOWN; } if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); if (result == OVAL_RESULT_TRUE) { if (test_check != OVAL_CHECK_AT_LEAST_ONE) { result = OVAL_RESULT_UNKNOWN; } } else if (result != OVAL_RESULT_FALSE) { result = OVAL_RESULT_UNKNOWN; } } break; default: { const char *object_id = oval_syschar_get_object(syschar_object) ? oval_object_get_id(oval_syschar_get_object(syschar_object)) : "<UNKNOWN>"; oscap_seterr(OSCAP_EFAMILY_OVAL, "Unknown syschar flag: '%d' when evaluating object: '%s' from test: '%s' ", oval_syschar_get_flag(syschar_object), object_id, oval_test_get_id(test)); return OVAL_RESULT_ERROR; } } return result; }
static oval_result_t eval_check_state(struct oval_test *test, void **args) { struct oval_syschar_model *syschar_model; struct oval_result_item_iterator *ritems_itr; struct oresults item_ores; oval_result_t result; oval_check_t ste_check; oval_operator_t ste_opr; ste_check = oval_test_get_check(test); ste_opr = oval_test_get_state_operator(test); syschar_model = oval_result_system_get_syschar_model(SYSTEM); ores_clear(&item_ores); ritems_itr = oval_result_test_get_items(TEST); while (oval_result_item_iterator_has_more(ritems_itr)) { struct oval_result_item *ritem; struct oval_sysitem *item; oval_syschar_status_t item_status; struct oresults ste_ores; struct oval_state_iterator *ste_itr; oval_result_t item_res; ritem = oval_result_item_iterator_next(ritems_itr); item = oval_result_item_get_sysitem(ritem); item_status = oval_sysitem_get_status(item); switch (item_status) { case SYSCHAR_STATUS_ERROR: case SYSCHAR_STATUS_NOT_COLLECTED: item_res = OVAL_RESULT_ERROR; ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); continue; case SYSCHAR_STATUS_DOES_NOT_EXIST: item_res = OVAL_RESULT_FALSE; ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); continue; default: break; } ores_clear(&ste_ores); ste_itr = oval_test_get_states(test); while (oval_state_iterator_has_more(ste_itr)) { struct oval_state *ste; oval_result_t ste_res; ste = oval_state_iterator_next(ste_itr); ste_res = eval_item(syschar_model, item, ste); ores_add_res(&ste_ores, ste_res); } oval_state_iterator_free(ste_itr); item_res = ores_get_result_byopr(&ste_ores, ste_opr); ores_add_res(&item_ores, item_res); oval_result_item_set_result(ritem, item_res); } oval_result_item_iterator_free(ritems_itr); result = ores_get_result_bychk(&item_ores, ste_check); return result; }
static oval_result_t _oval_result_test_evaluate_items(struct oval_test *test, struct oval_syschar *syschar_object, void **args) { struct oval_sysitem_iterator *collected_items_itr; oval_result_t result; int exists_cnt, error_cnt; bool hasstate; const char *test_id, *object_id, *flag_text; oval_check_t test_check; oval_existence_t test_check_existence; struct oval_state_iterator *ste_itr; oval_syschar_collection_flag_t flag; struct oval_object *object; exists_cnt = error_cnt = 0; test_id = oval_test_get_id(test); collected_items_itr = oval_syschar_get_sysitem(syschar_object); while (oval_sysitem_iterator_has_more(collected_items_itr)) { struct oval_sysitem *item; char *item_id; oval_syschar_status_t item_status; struct oval_result_item *ritem; item = oval_sysitem_iterator_next(collected_items_itr); if (item == NULL) { oscap_seterr(OSCAP_EFAMILY_OVAL, "Iterator returned null."); oval_sysitem_iterator_free(collected_items_itr); return OVAL_RESULT_ERROR; } item_status = oval_sysitem_get_status(item); if (item_status == SYSCHAR_STATUS_EXISTS) exists_cnt++; if (item_status == SYSCHAR_STATUS_ERROR) error_cnt++; item_id = oval_sysitem_get_id(item); ritem = oval_result_item_new(SYSTEM, item_id); oval_result_item_set_result(ritem, OVAL_RESULT_NOT_EVALUATED); _oval_test_item_consumer(ritem, args); } oval_sysitem_iterator_free(collected_items_itr); test_check = oval_test_get_check(test); test_check_existence = oval_test_get_existence(test); ste_itr = oval_test_get_states(test); hasstate = oval_state_iterator_has_more(ste_itr); oval_state_iterator_free(ste_itr); object = oval_syschar_get_object(syschar_object); object_id = object ? oval_object_get_id(object) : "<UNKNOWN>"; switch (test_check_existence) { case OVAL_ALL_EXIST: dI("Test '%s' requires that every object defined by '%s' exists on the system.", test_id, object_id); break; case OVAL_ANY_EXIST: dI("Test '%s' requires that zero or more objects defined by '%s' exist on the system.", test_id, object_id); break; case OVAL_AT_LEAST_ONE_EXISTS: dI("Test '%s' requires that at least one object defined by '%s' exists on the system.", test_id, object_id); break; case OVAL_NONE_EXIST: dI("Test '%s' requires that none of the objects defined by '%s' exist on the system.", test_id, object_id); break; case OVAL_ONLY_ONE_EXISTS: dI("Test '%s' requires that only one object defined by '%s' exists on the system.", test_id, object_id); break; default: oscap_seterr(OSCAP_EFAMILY_OVAL, "Check_existence parameter of test '%s' is unknown. This may indicate a bug in OpenSCAP.", test_id); } dI("%d objects defined by '%s' exist on the system.", exists_cnt, object_id); if (!hasstate) { dI("Test '%s' does not contain any state to compare object with.", test_id); } flag = oval_syschar_get_flag(syschar_object); flag_text = oval_syschar_collection_flag_get_text(flag); switch (flag) { case SYSCHAR_FLAG_ERROR: dI("An error occured while collecting items matching object '%s'. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_ERROR; } break; case SYSCHAR_FLAG_NOT_COLLECTED: dI("No attempt was made to collect items matching object '%s'. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_UNKNOWN; } break; case SYSCHAR_FLAG_NOT_APPLICABLE: dI("Object '%s' is not applicable to the system. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST && !hasstate) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_NOT_APPLICABLE; } break; case SYSCHAR_FLAG_DOES_NOT_EXIST: dI("No item matching object '%s' was found on the system. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_NONE_EXIST || test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else { result = OVAL_RESULT_FALSE; } break; case SYSCHAR_FLAG_COMPLETE: dI("All items matching object '%s' were collected. (flag=%s)", object_id, flag_text); result = eval_check_existence(test_check_existence, exists_cnt, error_cnt); if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); } break; case SYSCHAR_FLAG_INCOMPLETE: dI("Only some of items matching object '%s' have been collected from the system. It is unknown if other matching items also exist. (flag=%s)", object_id, flag_text); if (test_check_existence == OVAL_ANY_EXIST) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_AT_LEAST_ONE_EXISTS && exists_cnt > 0) { result = OVAL_RESULT_TRUE; } else if (test_check_existence == OVAL_NONE_EXIST && exists_cnt > 0) { result = OVAL_RESULT_FALSE; } else if (test_check_existence == OVAL_ONLY_ONE_EXISTS && exists_cnt > 1) { result = OVAL_RESULT_FALSE; } else { result = OVAL_RESULT_UNKNOWN; } if (result == OVAL_RESULT_TRUE && hasstate) { result = eval_check_state(test, args); if (result == OVAL_RESULT_TRUE) { if (test_check != OVAL_CHECK_AT_LEAST_ONE) { result = OVAL_RESULT_UNKNOWN; } } else if (result != OVAL_RESULT_FALSE) { result = OVAL_RESULT_UNKNOWN; } } break; default: { oscap_seterr(OSCAP_EFAMILY_OVAL, "Item corresponding to object '%s' from test '%s' has an unknown flag. This may indicate a bug in OpenSCAP.", object_id, test_id); return OVAL_RESULT_ERROR; } } return result; }
xmlNode *oval_test_to_dom(struct oval_test *test, xmlDoc * doc, xmlNode * parent) { xmlNode * test_node=NULL; /* skip unknown test */ oval_subtype_t subtype = oval_test_get_subtype(test); if ( subtype == OVAL_SUBTYPE_UNKNOWN ) { oscap_dlprintf(DBG_E, "Unknown Test %s.\n", oval_test_get_id(test)); return test_node; } /* get test name */ const char *subtype_text = oval_subtype_get_text(subtype); char test_name[strlen(subtype_text) + 6]; sprintf(test_name, "%s_test", subtype_text); /* get family URI */ oval_family_t family = oval_test_get_family(test); const char *family_text = oval_family_get_text(family); char family_uri[strlen((const char *)OVAL_DEFINITIONS_NAMESPACE) + strlen(family_text) + 2]; sprintf(family_uri,"%s#%s", OVAL_DEFINITIONS_NAMESPACE, family_text); /* search namespace & create child */ xmlNs *ns_family = xmlSearchNsByHref(doc, parent, BAD_CAST family_uri); test_node = xmlNewTextChild(parent, ns_family, BAD_CAST test_name, NULL); char *id = oval_test_get_id(test); xmlNewProp(test_node, BAD_CAST "id", BAD_CAST id); char version[10]; *version = '\0'; snprintf(version, sizeof(version), "%d", oval_test_get_version(test)); xmlNewProp(test_node, BAD_CAST "version", BAD_CAST version); oval_existence_t existence = oval_test_get_existence(test); if (existence != OVAL_AT_LEAST_ONE_EXISTS) xmlNewProp(test_node, BAD_CAST "check_existence", BAD_CAST oval_existence_get_text(existence)); oval_check_t check = oval_test_get_check(test); xmlNewProp(test_node, BAD_CAST "check", BAD_CAST oval_check_get_text(check)); oval_operator_t ste_operator = oval_test_get_state_operator(test); if (ste_operator != OVAL_OPERATOR_AND) xmlNewProp(test_node, BAD_CAST "state_operator", BAD_CAST oval_operator_get_text(ste_operator)); char *comm = oval_test_get_comment(test); xmlNewProp(test_node, BAD_CAST "comment", BAD_CAST comm); bool deprecated = oval_test_get_deprecated(test); if (deprecated) xmlNewProp(test_node, BAD_CAST "deprecated", BAD_CAST "true"); struct oval_string_iterator *notes = oval_test_get_notes(test); if (oval_string_iterator_has_more(notes)) { xmlNs *ns_definitions = xmlSearchNsByHref(doc, parent, OVAL_DEFINITIONS_NAMESPACE); xmlNode *notes_node = xmlNewTextChild(test_node, ns_definitions, BAD_CAST "notes", NULL); while (oval_string_iterator_has_more(notes)) { char *note = oval_string_iterator_next(notes); xmlNewTextChild(notes_node, ns_definitions, BAD_CAST "note", BAD_CAST note); } } oval_string_iterator_free(notes); struct oval_object *object = oval_test_get_object(test); if (object) { xmlNode *object_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "object", NULL); xmlNewProp(object_node, BAD_CAST "object_ref", BAD_CAST oval_object_get_id(object)); } struct oval_state_iterator *ste_itr = oval_test_get_states(test); while (oval_state_iterator_has_more(ste_itr)) { struct oval_state *state; state = oval_state_iterator_next(ste_itr); xmlNode *state_node = xmlNewTextChild(test_node, ns_family, BAD_CAST "state", NULL); xmlNewProp(state_node, BAD_CAST "state_ref", BAD_CAST oval_state_get_id(state)); } oval_state_iterator_free(ste_itr); return test_node; }