static inline void _print_xccdf_benchmark(struct xccdf_benchmark *bench, const char *prefix)
{
_print_xccdf_status(xccdf_benchmark_get_status_current(bench), prefix);
printf("%sResolved: %s\n", prefix, xccdf_benchmark_get_resolved(bench) ? "true" : "false");
_print_xccdf_profiles(xccdf_benchmark_get_profiles(bench), prefix);
struct xccdf_policy_model *policy_model = xccdf_policy_model_new(bench);
_print_xccdf_referenced_files(policy_model, prefix);
_print_xccdf_testresults(bench, prefix);
xccdf_policy_model_free(policy_model);
// xccdf_benchmark_free not needed, it si already freed by the policy!
}
xmlNode *xccdf_benchmark_to_dom(struct xccdf_benchmark *benchmark, xmlDocPtr doc,
xmlNode *parent, void *user_args)
{
xmlNodePtr root_node = NULL;
if (parent) {
root_node = xccdf_item_to_dom(XITEM(benchmark), doc, parent);
} else {
root_node = xccdf_item_to_dom(XITEM(benchmark), doc, parent);
xmlDocSetRootElement(doc, root_node);
}
// FIXME!
//xmlNewProp(root_node, BAD_CAST "xsi:schemaLocation", BAD_CAST XCCDF_SCHEMA_LOCATION);
xmlNs *ns_xccdf = xmlNewNs(root_node,
(const xmlChar*)xccdf_version_info_get_namespace_uri(xccdf_benchmark_get_schema_version(benchmark)),
NULL);
xmlNs *ns_xsi = xmlNewNs(root_node, XCCDF_XSI_NAMESPACE, BAD_CAST "xsi");
xmlSetNs(root_node, ns_xsi);
xmlSetNs(root_node, ns_xccdf);
/* Handle attributes */
if (xccdf_benchmark_get_resolved(benchmark))
xmlNewProp(root_node, BAD_CAST "resolved", BAD_CAST "1");
else
xmlNewProp(root_node, BAD_CAST "resolved", BAD_CAST "0");
const char *xmllang = xccdf_benchmark_get_lang(benchmark);
if (xmllang)
xmlNewProp(root_node, BAD_CAST "xml:lang", BAD_CAST xmllang);
const char *style = xccdf_benchmark_get_style(benchmark);
if (style)
xmlNewProp(root_node, BAD_CAST "style", BAD_CAST style);
const char *style_href = xccdf_benchmark_get_style_href(benchmark);
if (style_href)
xmlNewProp(root_node, BAD_CAST "style-href", BAD_CAST style_href);
// Export plain-text elements
struct xccdf_plain_text_iterator *plain_text_it = xccdf_benchmark_get_plain_texts(benchmark);
while (xccdf_plain_text_iterator_has_more(plain_text_it)) {
struct xccdf_plain_text *plain_text = xccdf_plain_text_iterator_next(plain_text_it);
xccdf_plain_text_to_dom(plain_text, doc, root_node, xccdf_benchmark_get_schema_version(benchmark));
}
xccdf_plain_text_iterator_free(plain_text_it);
/* Handle children */
if (xccdf_benchmark_get_cpe_list(benchmark)) {
// CPE API can only export via xmlTextWriter, we export via DOM
// this is used to bridge both methods
xmlTextWriterPtr writer = xmlNewTextWriterTree(doc, root_node, 0);
cpe_dict_export(xccdf_benchmark_get_cpe_list(benchmark), writer);
xmlFreeTextWriter(writer);
}
if (xccdf_benchmark_get_cpe_lang_model(benchmark)) {
// CPE API can only export via xmlTextWriter, we export via DOM
// this is used to bridge both methods
xmlTextWriterPtr writer = xmlNewTextWriterTree(doc, root_node, 0);
cpe_lang_export(xccdf_benchmark_get_cpe_lang_model(benchmark), writer);
xmlFreeTextWriter(writer);
}
struct oscap_string_iterator *platforms = xccdf_benchmark_get_platforms(benchmark);
while (oscap_string_iterator_has_more(platforms)) {
xmlNode *platform_node = xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "platform", NULL);
const char *idref = oscap_string_iterator_next(platforms);
if (idref)
xmlNewProp(platform_node, BAD_CAST "idref", BAD_CAST idref);
}
oscap_string_iterator_free(platforms);
const char *version = xccdf_benchmark_get_version(benchmark);
if (version)
xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "version", BAD_CAST version);
struct oscap_string_iterator* metadata = xccdf_item_get_metadata(XITEM(benchmark));
while (oscap_string_iterator_has_more(metadata))
{
const char* meta = oscap_string_iterator_next(metadata);
oscap_xmlstr_to_dom(root_node, "metadata", meta);
}
oscap_string_iterator_free(metadata);
OSCAP_FOR(xccdf_model, model, xccdf_benchmark_get_models(benchmark)) {
xmlNode *model_node = xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "model", NULL);
xmlNewProp(model_node, BAD_CAST "system", BAD_CAST xccdf_model_get_system(model));
}
int app_xccdf_resolve(const struct oscap_action *action)
{
int ret = OSCAP_ERROR;
struct xccdf_benchmark *bench = NULL;
if (!action->f_xccdf) {
fprintf(stderr, "No input document specified!\n");
return OSCAP_ERROR;
}
if (!action->f_results) {
fprintf(stderr, "No output document filename specified!\n");
return OSCAP_ERROR;
}
struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf);
/* validate input */
if (action->validate) {
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
oscap_source_free(source);
goto cleanup;
}
}
bench = xccdf_benchmark_import_source(source);
oscap_source_free(source);
if (!bench)
goto cleanup;
if (action->force)
xccdf_benchmark_set_resolved(bench, false);
if (xccdf_benchmark_get_resolved(bench))
fprintf(stderr, "Benchmark is already resolved!\n");
else {
if (!xccdf_benchmark_resolve(bench))
fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n");
else
{
if (xccdf_benchmark_export(bench, action->f_results) == 0) {
ret = OSCAP_OK;
/* validate exported results */
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
if (action->validate && full_validation) {
struct oscap_source *result_source = oscap_source_new_from_file(action->f_results);
if (oscap_source_validate(result_source, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
}
else
fprintf(stdout, "Resolved XCCDF has been exported correctly.\n");
oscap_source_free(result_source);
}
}
}
}
cleanup:
oscap_print_error();
if (bench)
xccdf_benchmark_free(bench);
return ret;
}
int app_xccdf_resolve(const struct oscap_action *action)
{
char *doc_version = NULL;
int ret = OSCAP_ERROR;
struct xccdf_benchmark *bench = NULL;
if (!action->f_xccdf) {
fprintf(stderr, "No input document specified!\n");
return OSCAP_ERROR;
}
if (!action->f_results) {
fprintf(stderr, "No output document filename specified!\n");
return OSCAP_ERROR;
}
/* validate input */
if (action->validate) {
doc_version = xccdf_detect_version(action->f_xccdf);
if (!doc_version) {
return OSCAP_ERROR;
}
if (oscap_validate_document(action->f_xccdf, OSCAP_DOCUMENT_XCCDF, doc_version, reporter, (void*) action) != 0) {
validation_failed(action->f_xccdf, OSCAP_DOCUMENT_XCCDF, doc_version);
goto cleanup;
}
}
bench = xccdf_benchmark_import(action->f_xccdf);
if (!bench)
goto cleanup;
if (action->force)
xccdf_benchmark_set_resolved(bench, false);
if (xccdf_benchmark_get_resolved(bench))
fprintf(stderr, "Benchmark is already resolved!\n");
else {
if (!xccdf_benchmark_resolve(bench))
fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n");
else
{
if (xccdf_benchmark_export(bench, action->f_results)) {
ret = OSCAP_OK;
/* validate exported results */
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
if (action->validate && full_validation) {
/* reuse doc_version from unresolved document
it should be same in resolved one */
if (oscap_validate_document(action->f_results, OSCAP_DOCUMENT_XCCDF, doc_version, reporter, (void*)action)) {
validation_failed(action->f_results, OSCAP_DOCUMENT_XCCDF, doc_version);
ret = OSCAP_ERROR;
}
else
fprintf(stdout, "Resolved XCCDF has been exported correctly.\n");
}
}
}
}
cleanup:
oscap_print_error();
if (bench)
xccdf_benchmark_free(bench);
if (doc_version)
free(doc_version);
return ret;
}
