static bool valid_inputs(const struct oscap_action *action) { bool result = true; /* validate SDS or OVAL Definitions & Variables & Syschars, depending on the data */ struct oscap_source *definitions_source = oscap_source_new_from_file(action->f_oval); if (oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_OVAL_DEFINITIONS && oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_SDS) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Definition or Source DataStream, but found %s.\n", action->f_oval, oscap_document_type_to_string(oscap_source_get_scap_type(definitions_source))); result = false; } if (oscap_source_validate(definitions_source, reporter, (void *) action)) { result = false; } oscap_source_free(definitions_source); if (action->f_variables) { struct oscap_source *variables_source = oscap_source_new_from_file(action->f_variables); if (oscap_source_get_scap_type(variables_source) != OSCAP_DOCUMENT_OVAL_VARIABLES) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Variables, but found %s.\n", action->f_variables, oscap_document_type_to_string(oscap_source_get_scap_type(variables_source))); result = false; } if (oscap_source_validate(variables_source, reporter, (void *) action)) { result = false; } oscap_source_free(variables_source); } if (action->f_directives) { struct oscap_source *directives_source = oscap_source_new_from_file(action->f_directives); if (oscap_source_get_scap_type(directives_source) != OSCAP_DOCUMENT_OVAL_DIRECTIVES) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Directives, but found %s.\n", action->f_directives, oscap_document_type_to_string(oscap_source_get_scap_type(directives_source))); result = false; } if (oscap_source_validate(directives_source, reporter, (void *) action)) { result = false; } oscap_source_free(directives_source); } if (action->module == &OVAL_ANALYSE && action->f_syschar) { struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar); if (oscap_source_get_scap_type(syschar_source) != OSCAP_DOCUMENT_OVAL_SYSCHAR) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL System Characteristic, but found %s.\n", action->f_syschar, oscap_document_type_to_string(oscap_source_get_scap_type(syschar_source))); result = false; } if (oscap_source_validate(syschar_source, reporter, (void *) action)) { result = false; } oscap_source_free(syschar_source); } return result; }
int ds_sds_decompose_custom(const char* input_file, const char* id, const char* target_dir, const char* container_name, const char* component_id, const char* target_filename) { struct oscap_source *ds_source = oscap_source_new_from_file(input_file); struct ds_sds_session *session = ds_sds_session_new_from_source(ds_source); if (session == NULL) { oscap_source_free(ds_source); return -1; } if (ds_sds_session_set_datastream_id(session, id)) { ds_sds_session_free(session); oscap_source_free(ds_source); return -1; } if (ds_sds_session_set_target_dir(session, oscap_streq(target_dir, "") ? "." : target_dir)) { ds_sds_session_free(session); oscap_source_free(ds_source); return -1; } if (ds_sds_session_register_component_with_dependencies(session, container_name, component_id, target_filename) != 0) { ds_sds_session_free(session); oscap_source_free(ds_source); return -1; } int ret = ds_sds_session_dump_component_files(session); ds_sds_session_free(session); oscap_source_free(ds_source); return ret; }
int ds_rds_decompose(const char* input_file, const char* report_id, const char* request_id, const char* target_dir) { struct oscap_source *rds_source = oscap_source_new_from_file(input_file); struct ds_rds_session *session = ds_rds_session_new_from_source(rds_source); if (session == NULL) { ds_rds_session_free(session); oscap_source_free(rds_source); return -1; } ds_rds_session_set_target_dir(session, target_dir); if (ds_rds_dump_arf_content(session, "reports", "report", report_id) != 0) { ds_rds_session_free(session); oscap_source_free(rds_source); return -1; } if (request_id != NULL) { if (ds_rds_dump_arf_content(session, "report-requests", "report-request", request_id) != 0) { ds_rds_session_free(session); oscap_source_free(rds_source); return -1; } } int ret = ds_rds_session_dump_component_files(session); ds_rds_session_free(session); oscap_source_free(rds_source); return ret; }
int app_xccdf_xslt(const struct oscap_action *action) { const char *oval_template = action->oval_template; if (action->module == &XCCDF_GEN_REPORT && oval_template == NULL) { /* If generating the report and the option is missing -> use defaults */ struct oscap_source *xccdf_source = oscap_source_new_from_file(action->f_xccdf); if (_some_oval_result_exists(xccdf_source)) /* We want to define default template because we strive to serve user the * best. However, we must not offer a template, if there is a risk it might * be incorrect. Otherwise, libxml2 will throw a lot of misleading messages * to stderr. */ oval_template = "%.result.xml"; oscap_source_free(xccdf_source); } if (action->module == &XCCDF_GEN_CUSTOM) { action->module->user = (void*)action->stylesheet; } const char *params[] = { "result-id", action->id, "show", action->show, "profile_id", action->profile, "template", action->tmpl, "oval-template", oval_template, "sce-template", action->sce_template, "verbosity", "", "hide-profile-info", action->hide_profile_info ? "yes" : NULL, NULL }; int ret = app_xslt(action->f_xccdf, action->module->user, action->f_results, params); return ret; }
int app_xccdf_validate(const struct oscap_action *action) { int ret; int result; struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf); ret = oscap_source_validate(source, reporter, (void *) action); if (ret==-1) { result=OSCAP_ERROR; goto cleanup; } else if (ret==1) { result=OSCAP_FAIL; } else result=OSCAP_OK; if (action->schematron) { ret = oscap_source_validate_schematron(source, NULL); if (ret == -1) { result = OSCAP_ERROR; } else if (ret > 0) { result = OSCAP_FAIL; } } oscap_source_free(source); cleanup: oscap_print_error(); return result; }
int app_ds_rds_split(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct ds_rds_session *session = NULL; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { goto cleanup; } } session = ds_rds_session_new_from_source(source); if (session == NULL || ds_rds_session_set_target_dir(session, action->ds_action->target) != 0 || ds_rds_session_select_report(session, action->f_report_id) == NULL || ds_rds_session_select_report_request(session, NULL) == NULL || ds_rds_session_dump_component_files(session) != 0) { fprintf(stdout, "Failed to split given result datastream '%s'.\n", action->ds_action->file); goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); ds_rds_session_free(session); free(action->ds_action); oscap_source_free(source); return ret; }
static int app_oval_validate(const struct oscap_action *action) { int ret; int result = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->f_oval); ret = oscap_source_validate(source, reporter, (void *) action); if (ret == -1) { result = OSCAP_ERROR; goto cleanup; } else { result = ret == 1 ? OSCAP_FAIL : OSCAP_OK; } /* schematron-based validation requested We can only do schematron validation if the file isn't a source datastream */ if (action->schematron && oscap_source_get_scap_type(source) != OSCAP_DOCUMENT_SDS) { ret = oscap_source_validate_schematron(source, NULL); if (ret==-1) { result=OSCAP_ERROR; } else if (ret>0) { result=OSCAP_FAIL; } } cleanup: oscap_source_free(source); if (oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); return result; }
struct oval_definition_model * oval_definition_model_import(const char *file) { struct oscap_source *source = oscap_source_new_from_file(file); struct oval_definition_model *model = oval_definition_model_import_source(source); oscap_source_free(source); return model; }
int oscap_apply_xslt(const char *xmlfile, const char *xsltfile, const char *outfile, const char **params) { struct oscap_source *source = oscap_source_new_from_file(xmlfile); int ret = oscap_source_apply_xslt_path(source, xsltfile, outfile, params, oscap_path_to_xslt()); oscap_source_free(source); return ret; }
struct xccdf_benchmark *xccdf_benchmark_import(const char *file) { struct oscap_source *source = oscap_source_new_from_file(file); struct xccdf_benchmark *benchmark = xccdf_benchmark_import_source(source); oscap_source_free(source); return benchmark; }
int app_ds_sds_compose(const struct oscap_action *action) { int ret = OSCAP_ERROR; // The API will correctly deal with the file parameter having directory // references in it. However this will create a hard to navigate mangled // component IDs in the resulting datastream. // // To fix this we will chdir to parent dir of the given XCCDF and chdir // back after we are done. char *previous_cwd = _gcwd(); if (previous_cwd == NULL) { goto cleanup; } char target_abs_path[PATH_MAX + 1]; // if the path is already absolute we just use it as it is if (*action->ds_action->target == '/') snprintf(target_abs_path, PATH_MAX, "%s", action->ds_action->target); else snprintf(target_abs_path, PATH_MAX, "%s/%s", previous_cwd, action->ds_action->target); char* temp_cwd = strdup(action->ds_action->file); chdir(dirname(temp_cwd)); free(temp_cwd); char* source_xccdf = strdup(action->ds_action->file); ds_sds_compose_from_xccdf(basename(source_xccdf), target_abs_path); free(source_xccdf); chdir(previous_cwd); free(previous_cwd); if (action->validate) { struct oscap_source *source = oscap_source_new_from_file(target_abs_path); if (oscap_source_validate(source, reporter, (void *) action) != 0) { oscap_source_free(source); goto cleanup; } oscap_source_free(source); } ret = OSCAP_OK; cleanup: oscap_print_error(); free(action->ds_action); return ret; }
int oval_definition_model_merge(struct oval_definition_model *model, const char *file) { __attribute__nonnull__(model); int ret; struct oscap_source *source = oscap_source_new_from_file(file); ret = _oval_definition_model_merge_source(model, source); oscap_source_free(source); return ret; }
char * xccdf_detect_version(const char* file) { struct oscap_source *source = oscap_source_new_from_file(file); xmlTextReader *reader = oscap_source_get_xmlTextReader(source); if (!reader) { oscap_source_free(source); return NULL; } char *doc_version = xccdf_detect_version_priv(reader); xmlFreeTextReader(reader); oscap_source_free(source); return doc_version; }
int main(int argc, char *argv[]) { struct oval_directives_model *model; model=oval_directives_model_new(); struct oscap_source *source = oscap_source_new_from_file(argv[1]); oval_directives_model_import_source(model, source); oscap_source_free(source); oval_directives_model_export(model, argv[2]); oval_directives_model_free(model); oscap_cleanup(); return 0; }
int ds_rds_create(const char* sds_file, const char* xccdf_result_file, const char** oval_result_files, const char* target_file) { struct oscap_source *sds_source = oscap_source_new_from_file(sds_file); struct oscap_source *xccdf_result_source = oscap_source_new_from_file(xccdf_result_file); struct oscap_htable *oval_result_sources = oscap_htable_new(); int result = 0; // this check is there to allow passing NULL instead of having to allocate // an empty array if (oval_result_files != NULL) { while (*oval_result_files != NULL) { struct oscap_source *oval_source = oscap_source_new_from_file(*oval_result_files); if (oscap_source_get_xmlDoc(oval_source) == NULL) { result = -1; oscap_source_free(oval_source); } else { oscap_htable_add(oval_result_sources, *oval_result_files, oval_source); } oval_result_files++; } } if (result == 0) { struct oscap_source *target_rds = ds_rds_create_source(sds_source, xccdf_result_source, oval_result_sources, target_file); result = target_rds == NULL; if (result == 0) { result = oscap_source_save_as(target_rds, NULL); } oscap_source_free(target_rds); } oscap_htable_free(oval_result_sources, (oscap_destruct_func) oscap_source_free); oscap_source_free(sds_source); oscap_source_free(xccdf_result_source); return result; }
int main(int argc, char **argv) { if (argc < 2) return 1; if (strcmp(argv[1], "--export") == 0) { if (argc != 4) return 1; struct oscap_source *source = oscap_source_new_from_file(argv[2]); struct xccdf_benchmark *bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (bench == NULL) return 1; xccdf_benchmark_export(bench, argv[3]); xccdf_benchmark_free(bench); oscap_cleanup(); return 0; } else if (strcmp(argv[1], "--validate") == 0) { if (argc != 4) { fprintf(stderr, "Usage: %s --validate ver xccdf\n", argv[0]); return 1; } struct oscap_source *source = oscap_source_new_from_file(argv[3]); if (oscap_source_validate(source, NULL, stdout)) { fprintf(stderr, "ERROR: %s\n", oscap_err_desc()); oscap_source_free(source); return 1; } oscap_source_free(source); return 0; } else { fprintf(stderr, "Unknown mode: %s\n", argv[1]); } return 1; }
int main(int argc, char **argv) { /* test export */ if (argc == 4 && !strcmp(argv[1], "--export-all")) { struct cvrf_model *model = cvrf_model_import(oscap_source_new_from_file(argv[2])); if(!model) return 1; struct oscap_source *export_source = cvrf_model_get_export_source(model); int ret = oscap_source_save_as(export_source, argv[3]); cvrf_model_free(model); oscap_source_free(export_source); return ret; } else if (argc == 4 && !strcmp(argv[1], "--eval")) { const char *cpe = "Managment Agent for RHEL 7 Hosts"; struct oscap_source *import_source = oscap_source_new_from_file(argv[2]); struct oscap_source *export_source = cvrf_model_get_results_source(import_source, cpe); int ret = oscap_source_save_as(export_source, argv[3]); oscap_source_free(export_source); return ret; } else if (argc == 3 && !strcmp(argv[1], "--validate")) { struct oscap_source *source = oscap_source_new_from_file(argv[2]); int ret = oscap_source_validate(source, reporter, NULL); oscap_source_free(source); return ret; } fprintf(stdout, "Usage: \n\n" " %s --help\n" " %s --export-all input.xml output.xml\n" " %s --eval input.xml results.xml\n" " %s --validate input.xml\n", argv[0], argv[0], argv[0], argv[0]); return 0; }
int app_ds_sds_split(const struct oscap_action *action) { int ret = OSCAP_ERROR; const char* f_datastream_id = action->f_datastream_id; const char* f_component_id = action->f_xccdf_id; struct ds_sds_session *session = NULL; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); /* Validate */ if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { goto cleanup; } } session = ds_sds_session_new_from_source(source); if (session == NULL) { goto cleanup; } if (ds_sds_index_select_checklist(ds_sds_session_get_sds_idx(session), &f_datastream_id, &f_component_id) != 0) { fprintf(stdout, "Failed to locate a datastream with ID matching '%s' ID " "and checklist inside matching '%s' ID.\n", action->f_datastream_id == NULL ? "<any>" : action->f_datastream_id, action->f_xccdf_id == NULL ? "<any>" : action->f_xccdf_id); goto cleanup; } ds_sds_session_set_datastream_id(session, f_datastream_id); ds_sds_session_set_remote_resources(session, action->remote_resources, download_reporting_callback); ds_sds_session_set_target_dir(session, action->ds_action->target); if (ds_sds_session_register_component_with_dependencies(session, "checklists", f_component_id, NULL) != 0) { goto cleanup; } if (ds_sds_session_dump_component_files(session) != 0) { goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); ds_sds_session_free(session); oscap_source_free(source); free(action->ds_action); return ret; }
int app_ds_sds_validate(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (oscap_source_validate(source, reporter, (void*) action) != 0) { goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); free(action->ds_action); oscap_source_free(source); return ret; }
/** * Load oscap source from file * Filename is relatively to datastream file */ static struct oscap_source *load_referenced_source(const struct ds_sds_session *session, const char *filename) { const char* readable_origin = ds_sds_session_get_readable_origin(session); assert(readable_origin != NULL); char* readable_origin_cp = oscap_strdup(readable_origin); char* dir_name = dirname(readable_origin_cp); char* full_path = oscap_sprintf("%s/%s", dir_name, filename); struct oscap_source *source_file = oscap_source_new_from_file(full_path); oscap_free(full_path); oscap_free(readable_origin_cp); return source_file; }
int app_ds_sds_add(const struct oscap_action *action) { int ret = OSCAP_ERROR; // TODO: chdir to the directory of the component (same as when composing new sds) ret = ds_sds_compose_add_component(action->ds_action->target, action->f_datastream_id, action->ds_action->file, false); if (action->validate) { struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (oscap_source_validate(source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; } oscap_source_free(source); } oscap_print_error(); free(action->ds_action); return ret; }
static int app_cvrf_validate(const struct oscap_action *action) { int result; struct oscap_source *source = oscap_source_new_from_file(action->cvrf_action->f_cvrf); int ret = oscap_source_validate(source, reporter, (void *) action); if (ret==-1) { result=OSCAP_ERROR; } else if (ret==1) { result=OSCAP_FAIL; } else { result=OSCAP_OK; } oscap_source_free(source); oscap_print_error(); return result; }
static int app_cvrf_export(const struct oscap_action *action) { struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf); if (import_source == NULL) return OSCAP_ERROR; int result = OSCAP_OK; if (action->cvrf_action->index == 1) { struct cvrf_index *index = cvrf_index_import(import_source); if (index == NULL) { result = OSCAP_ERROR; goto cleanup; } struct oscap_source *export_source = cvrf_index_get_export_source(index); if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0) result = OSCAP_ERROR; oscap_source_free(export_source); cvrf_index_free(index); } else { struct cvrf_model *model = cvrf_model_import(import_source); if(model == NULL) { result = OSCAP_ERROR; goto cleanup; } struct oscap_source *export_source = cvrf_model_get_export_source(model); if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0) result = OSCAP_ERROR; oscap_source_free(export_source); cvrf_model_free(model); } cleanup: if (oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); /* TODO: Refactor, cvrf_index_parse_xml (called by oscap_source_new_from_file) frees its argument as an unexpected side-effect. * oscap_source_free(import_source); */ free(action->cvrf_action); return result; }
int ds_sds_compose_add_component(const char *target_datastream, const char *datastream_id, const char *new_component, bool extended) { struct oscap_source *sds_source = oscap_source_new_from_file(target_datastream); xmlDoc *doc = oscap_source_get_xmlDoc(sds_source); if (doc == NULL) { oscap_source_free(sds_source); return 1; } xmlNodePtr datastream = ds_sds_lookup_datastream_in_collection(doc, datastream_id); if (datastream == NULL) { const char* error = datastream_id ? oscap_sprintf("Could not find any datastream of id '%s'", datastream_id) : oscap_sprintf("Could not find any datastream inside the file"); oscap_seterr(OSCAP_EFAMILY_XML, error); oscap_free(error); oscap_source_free(sds_source); return 1; } char* mangled_path = ds_sds_mangle_filepath(new_component); char* cref_id = oscap_sprintf("scap_org.open-scap_cref_%s", mangled_path); oscap_free(mangled_path); if (ds_sds_compose_add_component_with_ref(doc, datastream, new_component, cref_id) != 0) { oscap_free(cref_id); oscap_source_free(sds_source); return 1; } oscap_free(cref_id); if (oscap_source_save_as(sds_source, NULL) != 0) { oscap_seterr(OSCAP_EFAMILY_GLIBC, "Error saving source datastream to '%s'.", target_datastream); oscap_source_free(sds_source); return 1; } oscap_source_free(sds_source); return 0; }
static int app_cvrf_evaluate(const struct oscap_action *action) { int result = OSCAP_OK; // Temporary hardcoded CPE until CPE name can be found without input by CVRF functions // themselves const char *os_name = "Red Hat Enterprise Linux Desktop Supplementary (v. 6)"; struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf); struct oscap_source *export_source = cvrf_model_get_results_source(import_source, os_name); if (export_source == NULL) return -1; if (oscap_source_save_as(export_source, action->cvrf_action->f_results) == -1) { result = OSCAP_ERROR; goto cleanup; } cleanup: if (oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); oscap_source_free(export_source); free(action->cvrf_action); return result; }
static int app_analyse_oval(const struct oscap_action *action) { struct oval_definition_model *def_model = NULL; struct oval_syschar_model *sys_model = NULL; struct oval_results_model *res_model = NULL; struct oval_variable_model *var_model = NULL; struct oval_directives_model *dir_model = NULL; struct oval_syschar_model *sys_models[2]; struct oval_generator *generator = NULL; int ret = OSCAP_ERROR; /* Turn on verbosity */ if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) { goto cleanup; } /* validate inputs */ if (action->validate) { if (!valid_inputs(action)) { goto cleanup; } } /* load defnitions */ struct oscap_source *source = oscap_source_new_from_file(action->f_oval); def_model = oval_definition_model_import_source(source); oscap_source_free(source); if (def_model == NULL) { fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval); goto cleanup; } /* bind external variables */ if(action->f_variables) { struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables); var_model = oval_variable_model_import_source(var_source); oscap_source_free(var_source); if (var_model == NULL) { fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables); goto cleanup; } if (oval_definition_model_bind_variable_model(def_model, var_model)) { fprintf(stderr, "Failed to bind Variables to Definitions\n"); goto cleanup; } } /* load system characteristics */ sys_model = oval_syschar_model_new(def_model); source = oscap_source_new_from_file(action->f_syschar); if (oval_syschar_model_import_source(sys_model, source) == -1 ) { fprintf(stderr, "Failed to import the System Characteristics from '%s'.\n", action->f_syschar); oscap_source_free(source); goto cleanup; } oscap_source_free(source); /* evaluate */ sys_models[0] = sys_model; sys_models[1] = NULL; res_model = oval_results_model_new(def_model, sys_models); /* set product name */ generator = oval_results_model_get_generator(res_model); oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME); oval_generator_set_product_version(generator, oscap_get_version()); oval_results_model_eval(res_model); /* export results */ if (action->f_results != NULL) { /* import directives */ if (action->f_directives != NULL) { dir_model = oval_directives_model_new(); struct oscap_source *dir_source = oscap_source_new_from_file(action->f_directives); oval_directives_model_import_source(dir_model, dir_source); oscap_source_free(dir_source); } /* export result model to XML */ oval_results_model_export(res_model, dir_model, action->f_results); const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); /* validate OVAL Results */ if (action->validate && full_validation) { struct oscap_source *result_source = oscap_source_new_from_file(action->f_results); if (oscap_source_validate(result_source, reporter, (void *) action)) { oscap_source_free(result_source); goto cleanup; } fprintf(stdout, "OVAL Results are exported correctly.\n"); oscap_source_free(result_source); } } ret = OSCAP_OK; /* clean up */ cleanup: if(oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); if(res_model) oval_results_model_free(res_model); if(sys_model) oval_syschar_model_free(sys_model); if(def_model) oval_definition_model_free(def_model); if(dir_model) oval_directives_model_free(dir_model); return ret; }
int app_collect_oval(const struct oscap_action *action) { struct oval_definition_model *def_model = NULL; struct oval_variable_model *var_model = NULL; struct oval_syschar_model *sys_model = NULL; struct oval_sysinfo *sysinfo = NULL; struct oval_probe_session *pb_sess = NULL; struct oval_generator *generator = NULL; int ret = OSCAP_ERROR; /* Turn on verbosity */ if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) { goto cleanup; } /* validate inputs */ if (action->validate) { if (!valid_inputs(action)) { goto cleanup; } } /* import definitions */ struct oscap_source *source = oscap_source_new_from_file(action->f_oval); def_model = oval_definition_model_import_source(source); oscap_source_free(source); if (def_model == NULL) { fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval); goto cleanup; } /* bind external variables */ if(action->f_variables) { struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables); var_model = oval_variable_model_import_source(var_source); oscap_source_free(var_source); if (var_model == NULL) { fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables); goto cleanup; } if (oval_definition_model_bind_variable_model(def_model, var_model)) { fprintf(stderr, "Failed to bind Variables to Definitions\n"); goto cleanup; } } /* create empty syschar model */ sys_model = oval_syschar_model_new(def_model); /* set product name */ generator = oval_syschar_model_get_generator(sys_model); oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME); /* create probe session */ pb_sess = oval_probe_session_new(sys_model); /* query sysinfo */ ret = oval_probe_query_sysinfo(pb_sess, &sysinfo); if (ret != 0) { fprintf(stderr, "Failed to query sysinfo\n"); goto cleanup; } oval_syschar_model_set_sysinfo(sys_model, sysinfo); /* query objects */ struct oval_object *object; struct oval_syschar *syschar; oval_syschar_collection_flag_t sc_flg; if (action->id) { object = oval_definition_model_get_object(def_model, action->id); if (!object) { fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval); goto cleanup; } printf("Collected: \"%s\" : ", oval_object_get_id(object)); oval_probe_query_object(pb_sess, object, 0, &syschar); sc_flg = oval_syschar_get_flag(syschar); printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg)); } else { struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model); while (oval_object_iterator_has_more(objects)) { object = oval_object_iterator_next(objects); printf("Collected: \"%s\" : ", oval_object_get_id(object)); oval_probe_query_object(pb_sess, object, 0, &syschar); sc_flg = oval_syschar_get_flag(syschar); printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg)); } oval_object_iterator_free(objects); } const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); /* output */ if (action->f_syschar != NULL) { /* export OVAL System Characteristics */ oval_syschar_model_export(sys_model, action->f_syschar); /* validate OVAL System Characteristics */ if (action->validate && full_validation) { struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar); if (oscap_source_validate(syschar_source, reporter, (void *)action)) { oscap_source_free(syschar_source); goto cleanup; } fprintf(stdout, "OVAL System Characteristics are exported correctly.\n"); oscap_source_free(syschar_source); } } ret = OSCAP_OK; cleanup: if(oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); if (sysinfo) oval_sysinfo_free(sysinfo); if (pb_sess) oval_probe_session_destroy(pb_sess); if (sys_model) oval_syschar_model_free(sys_model); if (def_model) oval_definition_model_free(def_model); return ret; }
static int print_versions(const struct oscap_action *action) { printf("OpenSCAP command line tool (oscap) %s\n" "Copyright 2009--2016 Red Hat Inc., Durham, North Carolina.\n\n", oscap_get_version()); printf("==== Supported specifications ====\n"); printf("XCCDF Version: %s\n", xccdf_benchmark_supported()); printf("OVAL Version: %s\n", oval_definition_model_supported()); printf("CPE Version: %s\n", cpe_dict_model_supported()); printf("CVSS Version: %s\n", cvss_model_supported()); printf("CVE Version: %s\n", cve_model_supported()); printf("Asset Identification Version: %s\n", "1.1"); printf("Asset Reporting Format Version: %s\n", "1.1"); printf("\n"); printf("==== Capabilities added by auto-loaded plugins ====\n"); const char * const *known_plugins = check_engine_plugin_get_known_plugins(); bool known_plugin_found = false; while (*known_plugins) { struct check_engine_plugin_def *plugin = check_engine_plugin_load(*known_plugins); if (plugin) { printf("%s (from %s)\n", check_engine_plugin_get_capabilities(plugin), *known_plugins); check_engine_plugin_unload(plugin); known_plugin_found = true; } known_plugins++; } if (!known_plugin_found) printf("No plugins have been auto-loaded...\n"); // We do not report failure when a known plugin doesn't load properly, that's because they // are optional and we don't know if it's not there or if it just failed to load. oscap_clearerr(); printf("\n"); printf("==== Paths ====\n"); printf("Schema files: %s\n", oscap_path_to_schemas()); printf("Default CPE files: %s\n", oscap_path_to_cpe()); #if defined(OVAL_PROBES_ENABLED) printf("Probes: %s\n", oval_probe_ext_getdir()); #endif printf("\n"); printf("==== Inbuilt CPE names ====\n"); char default_cpe_path[PATH_MAX]; snprintf(default_cpe_path, PATH_MAX, "%s/openscap-cpe-dict.xml", oscap_path_to_cpe()); struct oscap_source *source = oscap_source_new_from_file(default_cpe_path); struct cpe_dict_model* cpe_dict = cpe_dict_model_import_source(source); oscap_source_free(source); if (cpe_dict != NULL) { struct cpe_item_iterator* cpe_items = cpe_dict_model_get_items(cpe_dict); while (cpe_item_iterator_has_more(cpe_items)) { struct cpe_item* cpe_item = cpe_item_iterator_next(cpe_items); struct oscap_text_iterator* titles = cpe_item_get_titles(cpe_item); char* str_title = oscap_textlist_get_preferred_plaintext(titles, NULL); oscap_text_iterator_free(titles); struct cpe_name* name = cpe_item_get_name(cpe_item); char * str_name = cpe_name_get_as_format(name, CPE_FORMAT_URI); printf("%s - %s\n", str_title, str_name); free(str_name); free(str_title); } cpe_item_iterator_free(cpe_items); cpe_dict_model_free(cpe_dict); } printf("\n"); #if defined(OVAL_PROBES_ENABLED) printf("==== Supported OVAL objects and associated OpenSCAP probes ====\n"); printf("%-14s%-28s %-28s\n", "OVAL family", "OVAL object", "OpenSCAP probe"); printf("%-14s%-28s %-28s\n", "----------", "----------", "----------"); oval_probe_meta_list(stdout, OVAL_PROBEMETA_LIST_DYNAMIC | OVAL_PROBEMETA_LIST_OTYPE); #endif return OSCAP_OK; }
int ds_sds_compose_add_component_with_ref(xmlDocPtr doc, xmlNodePtr datastream, const char* filepath, const char* cref_id) { xmlNsPtr ds_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST datastream_ns_uri); xmlNsPtr xlink_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST xlink_ns_uri); xmlNsPtr cat_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST cat_ns_uri); // In case we already have this component we just return, no need to add // it twice. We will typically have many references to OVAL files, adding // component for each reference would create unnecessarily huge datastreams int result = ds_sds_compose_has_component_ref(doc, datastream, filepath, cref_id); if (result == 0) { return 0; } if (result == -1) { // no need to free anything // oscap_seterr has already been called return -1; } xmlNodePtr cref_catalog = xmlNewNode(cat_ns, BAD_CAST "catalog"); xmlNodePtr cref_parent; bool extended_component = false; struct oscap_source *component_source = oscap_source_new_from_file(filepath); oscap_document_type_t doc_type = oscap_source_get_scap_type(component_source); if (doc_type == OSCAP_DOCUMENT_XCCDF) { cref_parent = node_get_child_element(datastream, "checklists"); if (ds_sds_compose_add_component_dependencies(doc, datastream, component_source, cref_catalog, doc_type) != 0) { // oscap_seterr has already been called oscap_source_free(component_source); return -1; } } else if (doc_type == OSCAP_DOCUMENT_CPE_DICTIONARY || doc_type == OSCAP_DOCUMENT_CPE_LANGUAGE) { cref_parent = node_get_child_element(datastream, "dictionaries"); if (cref_parent == NULL) { cref_parent = xmlNewNode(ds_ns, BAD_CAST "dictionaries"); // The <ds:dictionaries element must as the first child of the datastream xmlNodePtr first_child = datastream->xmlChildrenNode; xmlNodePtr new_node = (first_child == NULL) ? xmlAddChild(datastream, cref_parent) : xmlAddPrevSibling(first_child, cref_parent); if (new_node == NULL) { oscap_seterr(OSCAP_EFAMILY_XML, "Failed to add dictionaries element to the DataStream."); xmlFreeNode(cref_parent); cref_parent = NULL; } } if (ds_sds_compose_add_component_dependencies(doc, datastream, component_source, cref_catalog, doc_type) != 0) { oscap_source_free(component_source); return -1; } } else if (doc_type == OSCAP_DOCUMENT_OVAL_DEFINITIONS || doc_type == OSCAP_DOCUMENT_OCIL) { cref_parent = node_get_child_element(datastream, "checks"); } else { // not an XCCDF file, not an OVAL file, not a dict/lang, assume it goes into extended components extended_component = true; cref_parent = node_get_child_element(datastream, "extended-components"); } oscap_source_free(component_source); char* mangled_filepath = ds_sds_mangle_filepath(filepath); // extended components (sadly :-/) use a different ID scheme and have // a different element name than "normal" components char* comp_id = oscap_sprintf("scap_org.open-scap_%scomp_%s", extended_component ? "e" : "", mangled_filepath); int counter = 0; while (_lookup_component_in_collection(doc, comp_id) != NULL) { // While a component of the given ID already exists, generate a new one oscap_free(comp_id); comp_id = oscap_sprintf("scap_org.open-scap_%scomp_%s%03d", extended_component ? "e" : "", mangled_filepath, counter++); } oscap_free(mangled_filepath); result = ds_sds_compose_add_component_internal(doc, datastream, filepath, comp_id, extended_component); if (result == 0) { xmlNodePtr cref = xmlNewNode(ds_ns, BAD_CAST "component-ref"); xmlAddChild(cref, cref_catalog); xmlSetProp(cref, BAD_CAST "id", BAD_CAST cref_id); const char* xlink_href = oscap_sprintf("#%s", comp_id); xmlSetNsProp(cref, xlink_ns, BAD_CAST "href", BAD_CAST xlink_href); oscap_free(xlink_href); if (xmlAddChild(cref_parent, cref) == NULL) { oscap_seterr(OSCAP_EFAMILY_XML, "Failed to add component-ref/@id='%s' to the DataStream.", cref_id); result = 1; } } oscap_free(comp_id); // the source data stream XSD requires either no catalog or a non-empty one if (cref_catalog->children == NULL) { xmlUnlinkNode(cref_catalog); xmlFreeNode(cref_catalog); } return result; }
static int app_info(const struct oscap_action *action) { int result = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->file); switch (oscap_source_get_scap_type(source)) { case OSCAP_DOCUMENT_OVAL_DEFINITIONS: { printf("Document type: OVAL Definitions\n"); struct oval_definition_model *def_model = oval_definition_model_import_source(source); if(!def_model) goto cleanup; struct oval_generator *gen = oval_definition_model_get_generator(def_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_OVAL_VARIABLES: { printf("Document type: OVAL Variables\n"); struct oval_variable_model *var_model = oval_variable_model_import_source(source); if(!var_model) goto cleanup; struct oval_generator *gen = oval_variable_model_get_generator(var_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_variable_model_free(var_model); } break; case OSCAP_DOCUMENT_OVAL_DIRECTIVES: { printf("Document type: OVAL Directives\n"); struct oval_directives_model *dir_model = oval_directives_model_new(); int ret = oval_directives_model_import_source(dir_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_directives_model_get_generator(dir_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_directives_model_free(dir_model); } break; case OSCAP_DOCUMENT_OVAL_SYSCHAR: { printf("Document type: OVAL System Characteristics\n"); struct oval_definition_model * def_model = oval_definition_model_new(); struct oval_syschar_model * sys_model = oval_syschar_model_new(def_model); int ret = oval_syschar_model_import_source(sys_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_syschar_model_get_generator(sys_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_syschar_model_free(sys_model); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_OVAL_RESULTS: { printf("Document type: OVAL Results\n"); struct oval_definition_model * def_model=oval_definition_model_new(); struct oval_results_model * res_model = oval_results_model_new(def_model,NULL); int ret = oval_results_model_import_source(res_model, source); if(ret) goto cleanup; struct oval_generator *gen = oval_results_model_get_generator(res_model); printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen)); printf("Generated: %s\n", oval_generator_get_timestamp(gen)); print_time(action->file); oval_results_model_free(res_model); oval_definition_model_free(def_model); } break; case OSCAP_DOCUMENT_XCCDF: { printf("Document type: XCCDF Checklist\n"); struct xccdf_benchmark* bench = xccdf_benchmark_import_source(source); if(!bench) goto cleanup; printf("Checklist version: %s\n", oscap_source_get_schema_version(source)); print_time(action->file); _print_xccdf_benchmark(bench, ""); } break; case OSCAP_DOCUMENT_CPE_LANGUAGE: { printf("Document type: CPE Language\n"); print_time(action->file); } break; case OSCAP_DOCUMENT_CPE_DICTIONARY: { printf("Document type: CPE Dictionary\n"); struct cpe_dict_model *dict_model = cpe_dict_model_import_source(source); if (!dict_model) goto cleanup; struct cpe_generator *gen = cpe_dict_model_get_generator(dict_model); if (gen != NULL) { printf("CPE version: %s\n", cpe_generator_get_schema_version(gen)); printf("Generated: %s\n", cpe_generator_get_timestamp(gen)); } print_time(action->file); cpe_dict_model_free(dict_model); } break; case OSCAP_DOCUMENT_SDS: { printf("Document type: Source Data Stream\n"); print_time(action->file); struct ds_sds_session *session = ds_sds_session_new_from_source(source); if (session == NULL) { goto cleanup; } /* get collection */ struct ds_sds_index *sds = ds_sds_session_get_sds_idx(session); if (!sds) { ds_sds_session_free(session); goto cleanup; } /* iterate over streams */ struct ds_stream_index_iterator* sds_it = ds_sds_index_get_streams(sds); while (ds_stream_index_iterator_has_more(sds_it)) { struct ds_stream_index * stream = ds_stream_index_iterator_next(sds_it); printf("\nStream: %s\n", ds_stream_index_get_id(stream)); printf("Generated: %s\n", ds_stream_index_get_timestamp(stream)); printf("Version: %s\n", ds_stream_index_get_version(stream)); printf("Checklists:\n"); struct oscap_string_iterator* checklist_it = ds_stream_index_get_checklists(stream); while (oscap_string_iterator_has_more(checklist_it)) { const char * id = oscap_string_iterator_next(checklist_it); printf("\tRef-Id: %s\n", id); /* decompose */ struct oscap_source *xccdf_source = ds_sds_session_select_checklist(session, ds_stream_index_get_id(stream), id, NULL); if (xccdf_source == NULL) { oscap_string_iterator_free(checklist_it); ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); goto cleanup; } const char *prefix = "\t\t"; if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF) { struct xccdf_benchmark* bench = xccdf_benchmark_import_source(xccdf_source); if(!bench) { oscap_string_iterator_free(checklist_it); ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); goto cleanup; } _print_xccdf_benchmark(bench, prefix); } else if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF_TAILORING) { _print_xccdf_tailoring(xccdf_source, prefix); } ds_sds_session_reset(session); } oscap_string_iterator_free(checklist_it); printf("Checks:\n"); struct oscap_string_iterator* checks_it = ds_stream_index_get_checks(stream); while (oscap_string_iterator_has_more(checks_it)) { const char * id = oscap_string_iterator_next(checks_it); printf("\tRef-Id: %s\n", id); } oscap_string_iterator_free(checks_it); struct oscap_string_iterator* dict_it = ds_stream_index_get_dictionaries(stream); if (oscap_string_iterator_has_more(dict_it)) printf("Dictionaries:\n"); else printf("No dictionaries.\n"); while (oscap_string_iterator_has_more(dict_it)) { const char * id = oscap_string_iterator_next(dict_it); printf("\tRef-Id: %s\n", id); } oscap_string_iterator_free(dict_it); } ds_stream_index_iterator_free(sds_it); ds_sds_session_free(session); } break; case OSCAP_DOCUMENT_ARF: { printf("Document type: Result Data Stream\n"); struct ds_rds_session *session = ds_rds_session_new_from_source(source); if (session == NULL) { goto cleanup; } struct rds_index *rds = ds_rds_session_get_rds_idx(session); if (!rds) { ds_rds_session_free(session); goto cleanup; } struct rds_asset_index_iterator* asset_it = rds_index_get_assets(rds); while (rds_asset_index_iterator_has_more(asset_it)) { struct rds_asset_index* asset = rds_asset_index_iterator_next(asset_it); printf("\nAsset: %s\n", rds_asset_index_get_id(asset)); struct rds_report_index_iterator* report_it = rds_asset_index_get_reports(asset); while (rds_report_index_iterator_has_more(report_it)) { struct rds_report_index* report = rds_report_index_iterator_next(report_it); struct rds_report_request_index* request = rds_report_index_get_request(report); printf(" - %s -> %s\n", rds_report_request_index_get_id(request), rds_report_index_get_id(report)); } rds_report_index_iterator_free(report_it); } rds_asset_index_iterator_free(asset_it); ds_rds_session_free(session); } break; case OSCAP_DOCUMENT_XCCDF_TAILORING: printf("Document type: XCCDF Tailoring\n"); print_time(action->file); _print_xccdf_tailoring(source, ""); break; case OSCAP_DOCUMENT_CVE_FEED: printf("Document type: CVE Feed\n"); // TODO: Provide more info about CVE feeds break; case OSCAP_DOCUMENT_SCE_RESULT: printf("Document type: SCE Result File\n"); // Currently, we do not have any SCE result file parsing capabilities. break; default: printf("Could not determine document type\n"); goto cleanup; break; } result=OSCAP_OK; cleanup: oscap_source_free(source); oscap_print_error(); return result; }