static bool valid_inputs(const struct oscap_action *action) { bool result = true; /* validate SDS or OVAL Definitions & Variables & Syschars, depending on the data */ struct oscap_source *definitions_source = oscap_source_new_from_file(action->f_oval); if (oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_OVAL_DEFINITIONS && oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_SDS) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Definition or Source DataStream, but found %s.\n", action->f_oval, oscap_document_type_to_string(oscap_source_get_scap_type(definitions_source))); result = false; } if (oscap_source_validate(definitions_source, reporter, (void *) action)) { result = false; } oscap_source_free(definitions_source); if (action->f_variables) { struct oscap_source *variables_source = oscap_source_new_from_file(action->f_variables); if (oscap_source_get_scap_type(variables_source) != OSCAP_DOCUMENT_OVAL_VARIABLES) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Variables, but found %s.\n", action->f_variables, oscap_document_type_to_string(oscap_source_get_scap_type(variables_source))); result = false; } if (oscap_source_validate(variables_source, reporter, (void *) action)) { result = false; } oscap_source_free(variables_source); } if (action->f_directives) { struct oscap_source *directives_source = oscap_source_new_from_file(action->f_directives); if (oscap_source_get_scap_type(directives_source) != OSCAP_DOCUMENT_OVAL_DIRECTIVES) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL Directives, but found %s.\n", action->f_directives, oscap_document_type_to_string(oscap_source_get_scap_type(directives_source))); result = false; } if (oscap_source_validate(directives_source, reporter, (void *) action)) { result = false; } oscap_source_free(directives_source); } if (action->module == &OVAL_ANALYSE && action->f_syschar) { struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar); if (oscap_source_get_scap_type(syschar_source) != OSCAP_DOCUMENT_OVAL_SYSCHAR) { fprintf(stderr, "Type mismatch: %s. Expecting OVAL System Characteristic, but found %s.\n", action->f_syschar, oscap_document_type_to_string(oscap_source_get_scap_type(syschar_source))); result = false; } if (oscap_source_validate(syschar_source, reporter, (void *) action)) { result = false; } oscap_source_free(syschar_source); } return result; }
static int app_oval_validate(const struct oscap_action *action) { int ret; int result = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->f_oval); ret = oscap_source_validate(source, reporter, (void *) action); if (ret == -1) { result = OSCAP_ERROR; goto cleanup; } else { result = ret == 1 ? OSCAP_FAIL : OSCAP_OK; } /* schematron-based validation requested We can only do schematron validation if the file isn't a source datastream */ if (action->schematron && oscap_source_get_scap_type(source) != OSCAP_DOCUMENT_SDS) { ret = oscap_source_validate_schematron(source, NULL); if (ret==-1) { result=OSCAP_ERROR; } else if (ret>0) { result=OSCAP_FAIL; } } cleanup: oscap_source_free(source); if (oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); return result; }
int app_xccdf_validate(const struct oscap_action *action) { int ret; int result; struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf); ret = oscap_source_validate(source, reporter, (void *) action); if (ret==-1) { result=OSCAP_ERROR; goto cleanup; } else if (ret==1) { result=OSCAP_FAIL; } else result=OSCAP_OK; if (action->schematron) { ret = oscap_source_validate_schematron(source, NULL); if (ret == -1) { result = OSCAP_ERROR; } else if (ret > 0) { result = OSCAP_FAIL; } } oscap_source_free(source); cleanup: oscap_print_error(); return result; }
int app_ds_rds_split(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct ds_rds_session *session = NULL; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { goto cleanup; } } session = ds_rds_session_new_from_source(source); if (session == NULL || ds_rds_session_set_target_dir(session, action->ds_action->target) != 0 || ds_rds_session_select_report(session, action->f_report_id) == NULL || ds_rds_session_select_report_request(session, NULL) == NULL || ds_rds_session_dump_component_files(session) != 0) { fprintf(stdout, "Failed to split given result datastream '%s'.\n", action->ds_action->file); goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); ds_rds_session_free(session); free(action->ds_action); oscap_source_free(source); return ret; }
int app_ds_sds_compose(const struct oscap_action *action) { int ret = OSCAP_ERROR; // The API will correctly deal with the file parameter having directory // references in it. However this will create a hard to navigate mangled // component IDs in the resulting datastream. // // To fix this we will chdir to parent dir of the given XCCDF and chdir // back after we are done. char *previous_cwd = _gcwd(); if (previous_cwd == NULL) { goto cleanup; } char target_abs_path[PATH_MAX + 1]; // if the path is already absolute we just use it as it is if (*action->ds_action->target == '/') snprintf(target_abs_path, PATH_MAX, "%s", action->ds_action->target); else snprintf(target_abs_path, PATH_MAX, "%s/%s", previous_cwd, action->ds_action->target); char* temp_cwd = strdup(action->ds_action->file); chdir(dirname(temp_cwd)); free(temp_cwd); char* source_xccdf = strdup(action->ds_action->file); ds_sds_compose_from_xccdf(basename(source_xccdf), target_abs_path); free(source_xccdf); chdir(previous_cwd); free(previous_cwd); if (action->validate) { struct oscap_source *source = oscap_source_new_from_file(target_abs_path); if (oscap_source_validate(source, reporter, (void *) action) != 0) { oscap_source_free(source); goto cleanup; } oscap_source_free(source); } ret = OSCAP_OK; cleanup: oscap_print_error(); free(action->ds_action); return ret; }
int app_ds_sds_split(const struct oscap_action *action) { int ret = OSCAP_ERROR; const char* f_datastream_id = action->f_datastream_id; const char* f_component_id = action->f_xccdf_id; struct ds_sds_session *session = NULL; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); /* Validate */ if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { goto cleanup; } } session = ds_sds_session_new_from_source(source); if (session == NULL) { goto cleanup; } if (ds_sds_index_select_checklist(ds_sds_session_get_sds_idx(session), &f_datastream_id, &f_component_id) != 0) { fprintf(stdout, "Failed to locate a datastream with ID matching '%s' ID " "and checklist inside matching '%s' ID.\n", action->f_datastream_id == NULL ? "<any>" : action->f_datastream_id, action->f_xccdf_id == NULL ? "<any>" : action->f_xccdf_id); goto cleanup; } ds_sds_session_set_datastream_id(session, f_datastream_id); ds_sds_session_set_remote_resources(session, action->remote_resources, download_reporting_callback); ds_sds_session_set_target_dir(session, action->ds_action->target); if (ds_sds_session_register_component_with_dependencies(session, "checklists", f_component_id, NULL) != 0) { goto cleanup; } if (ds_sds_session_dump_component_files(session) != 0) { goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); ds_sds_session_free(session); oscap_source_free(source); free(action->ds_action); return ret; }
int app_ds_sds_validate(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (oscap_source_validate(source, reporter, (void*) action) != 0) { goto cleanup; } ret = OSCAP_OK; cleanup: oscap_print_error(); free(action->ds_action); oscap_source_free(source); return ret; }
static int app_cvrf_validate(const struct oscap_action *action) { int result; struct oscap_source *source = oscap_source_new_from_file(action->cvrf_action->f_cvrf); int ret = oscap_source_validate(source, reporter, (void *) action); if (ret==-1) { result=OSCAP_ERROR; } else if (ret==1) { result=OSCAP_FAIL; } else { result=OSCAP_OK; } oscap_source_free(source); oscap_print_error(); return result; }
int app_ds_sds_add(const struct oscap_action *action) { int ret = OSCAP_ERROR; // TODO: chdir to the directory of the component (same as when composing new sds) ret = ds_sds_compose_add_component(action->ds_action->target, action->f_datastream_id, action->ds_action->file, false); if (action->validate) { struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file); if (oscap_source_validate(source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; } oscap_source_free(source); } oscap_print_error(); free(action->ds_action); return ret; }
int main(int argc, char **argv) { if (argc < 2) return 1; if (strcmp(argv[1], "--export") == 0) { if (argc != 4) return 1; struct oscap_source *source = oscap_source_new_from_file(argv[2]); struct xccdf_benchmark *bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (bench == NULL) return 1; xccdf_benchmark_export(bench, argv[3]); xccdf_benchmark_free(bench); oscap_cleanup(); return 0; } else if (strcmp(argv[1], "--validate") == 0) { if (argc != 4) { fprintf(stderr, "Usage: %s --validate ver xccdf\n", argv[0]); return 1; } struct oscap_source *source = oscap_source_new_from_file(argv[3]); if (oscap_source_validate(source, NULL, stdout)) { fprintf(stderr, "ERROR: %s\n", oscap_err_desc()); oscap_source_free(source); return 1; } oscap_source_free(source); return 0; } else { fprintf(stderr, "Unknown mode: %s\n", argv[1]); } return 1; }
int main(int argc, char **argv) { /* test export */ if (argc == 4 && !strcmp(argv[1], "--export-all")) { struct cvrf_model *model = cvrf_model_import(oscap_source_new_from_file(argv[2])); if(!model) return 1; struct oscap_source *export_source = cvrf_model_get_export_source(model); int ret = oscap_source_save_as(export_source, argv[3]); cvrf_model_free(model); oscap_source_free(export_source); return ret; } else if (argc == 4 && !strcmp(argv[1], "--eval")) { const char *cpe = "Managment Agent for RHEL 7 Hosts"; struct oscap_source *import_source = oscap_source_new_from_file(argv[2]); struct oscap_source *export_source = cvrf_model_get_results_source(import_source, cpe); int ret = oscap_source_save_as(export_source, argv[3]); oscap_source_free(export_source); return ret; } else if (argc == 3 && !strcmp(argv[1], "--validate")) { struct oscap_source *source = oscap_source_new_from_file(argv[2]); int ret = oscap_source_validate(source, reporter, NULL); oscap_source_free(source); return ret; } fprintf(stdout, "Usage: \n\n" " %s --help\n" " %s --export-all input.xml output.xml\n" " %s --eval input.xml results.xml\n" " %s --validate input.xml\n", argv[0], argv[0], argv[0], argv[0]); return 0; }
static int app_analyse_oval(const struct oscap_action *action) { struct oval_definition_model *def_model = NULL; struct oval_syschar_model *sys_model = NULL; struct oval_results_model *res_model = NULL; struct oval_variable_model *var_model = NULL; struct oval_directives_model *dir_model = NULL; struct oval_syschar_model *sys_models[2]; struct oval_generator *generator = NULL; int ret = OSCAP_ERROR; /* Turn on verbosity */ if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) { goto cleanup; } /* validate inputs */ if (action->validate) { if (!valid_inputs(action)) { goto cleanup; } } /* load defnitions */ struct oscap_source *source = oscap_source_new_from_file(action->f_oval); def_model = oval_definition_model_import_source(source); oscap_source_free(source); if (def_model == NULL) { fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval); goto cleanup; } /* bind external variables */ if(action->f_variables) { struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables); var_model = oval_variable_model_import_source(var_source); oscap_source_free(var_source); if (var_model == NULL) { fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables); goto cleanup; } if (oval_definition_model_bind_variable_model(def_model, var_model)) { fprintf(stderr, "Failed to bind Variables to Definitions\n"); goto cleanup; } } /* load system characteristics */ sys_model = oval_syschar_model_new(def_model); source = oscap_source_new_from_file(action->f_syschar); if (oval_syschar_model_import_source(sys_model, source) == -1 ) { fprintf(stderr, "Failed to import the System Characteristics from '%s'.\n", action->f_syschar); oscap_source_free(source); goto cleanup; } oscap_source_free(source); /* evaluate */ sys_models[0] = sys_model; sys_models[1] = NULL; res_model = oval_results_model_new(def_model, sys_models); /* set product name */ generator = oval_results_model_get_generator(res_model); oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME); oval_generator_set_product_version(generator, oscap_get_version()); oval_results_model_eval(res_model); /* export results */ if (action->f_results != NULL) { /* import directives */ if (action->f_directives != NULL) { dir_model = oval_directives_model_new(); struct oscap_source *dir_source = oscap_source_new_from_file(action->f_directives); oval_directives_model_import_source(dir_model, dir_source); oscap_source_free(dir_source); } /* export result model to XML */ oval_results_model_export(res_model, dir_model, action->f_results); const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); /* validate OVAL Results */ if (action->validate && full_validation) { struct oscap_source *result_source = oscap_source_new_from_file(action->f_results); if (oscap_source_validate(result_source, reporter, (void *) action)) { oscap_source_free(result_source); goto cleanup; } fprintf(stdout, "OVAL Results are exported correctly.\n"); oscap_source_free(result_source); } } ret = OSCAP_OK; /* clean up */ cleanup: if(oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); if(res_model) oval_results_model_free(res_model); if(sys_model) oval_syschar_model_free(sys_model); if(def_model) oval_definition_model_free(def_model); if(dir_model) oval_directives_model_free(dir_model); return ret; }
int app_collect_oval(const struct oscap_action *action) { struct oval_definition_model *def_model = NULL; struct oval_variable_model *var_model = NULL; struct oval_syschar_model *sys_model = NULL; struct oval_sysinfo *sysinfo = NULL; struct oval_probe_session *pb_sess = NULL; struct oval_generator *generator = NULL; int ret = OSCAP_ERROR; /* Turn on verbosity */ if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) { goto cleanup; } /* validate inputs */ if (action->validate) { if (!valid_inputs(action)) { goto cleanup; } } /* import definitions */ struct oscap_source *source = oscap_source_new_from_file(action->f_oval); def_model = oval_definition_model_import_source(source); oscap_source_free(source); if (def_model == NULL) { fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval); goto cleanup; } /* bind external variables */ if(action->f_variables) { struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables); var_model = oval_variable_model_import_source(var_source); oscap_source_free(var_source); if (var_model == NULL) { fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables); goto cleanup; } if (oval_definition_model_bind_variable_model(def_model, var_model)) { fprintf(stderr, "Failed to bind Variables to Definitions\n"); goto cleanup; } } /* create empty syschar model */ sys_model = oval_syschar_model_new(def_model); /* set product name */ generator = oval_syschar_model_get_generator(sys_model); oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME); /* create probe session */ pb_sess = oval_probe_session_new(sys_model); /* query sysinfo */ ret = oval_probe_query_sysinfo(pb_sess, &sysinfo); if (ret != 0) { fprintf(stderr, "Failed to query sysinfo\n"); goto cleanup; } oval_syschar_model_set_sysinfo(sys_model, sysinfo); /* query objects */ struct oval_object *object; struct oval_syschar *syschar; oval_syschar_collection_flag_t sc_flg; if (action->id) { object = oval_definition_model_get_object(def_model, action->id); if (!object) { fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval); goto cleanup; } printf("Collected: \"%s\" : ", oval_object_get_id(object)); oval_probe_query_object(pb_sess, object, 0, &syschar); sc_flg = oval_syschar_get_flag(syschar); printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg)); } else { struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model); while (oval_object_iterator_has_more(objects)) { object = oval_object_iterator_next(objects); printf("Collected: \"%s\" : ", oval_object_get_id(object)); oval_probe_query_object(pb_sess, object, 0, &syschar); sc_flg = oval_syschar_get_flag(syschar); printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg)); } oval_object_iterator_free(objects); } const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); /* output */ if (action->f_syschar != NULL) { /* export OVAL System Characteristics */ oval_syschar_model_export(sys_model, action->f_syschar); /* validate OVAL System Characteristics */ if (action->validate && full_validation) { struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar); if (oscap_source_validate(syschar_source, reporter, (void *)action)) { oscap_source_free(syschar_source); goto cleanup; } fprintf(stdout, "OVAL System Characteristics are exported correctly.\n"); oscap_source_free(syschar_source); } } ret = OSCAP_OK; cleanup: if(oscap_err()) fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc()); if (sysinfo) oval_sysinfo_free(sysinfo); if (pb_sess) oval_probe_session_destroy(pb_sess); if (sys_model) oval_syschar_model_free(sys_model); if (def_model) oval_definition_model_free(def_model); return ret; }
int app_xccdf_resolve(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct xccdf_benchmark *bench = NULL; if (!action->f_xccdf) { fprintf(stderr, "No input document specified!\n"); return OSCAP_ERROR; } if (!action->f_results) { fprintf(stderr, "No output document filename specified!\n"); return OSCAP_ERROR; } struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf); /* validate input */ if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { oscap_source_free(source); goto cleanup; } } bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (!bench) goto cleanup; if (action->force) xccdf_benchmark_set_resolved(bench, false); if (xccdf_benchmark_get_resolved(bench)) fprintf(stderr, "Benchmark is already resolved!\n"); else { if (!xccdf_benchmark_resolve(bench)) fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n"); else { if (xccdf_benchmark_export(bench, action->f_results) == 0) { ret = OSCAP_OK; /* validate exported results */ const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); if (action->validate && full_validation) { struct oscap_source *result_source = oscap_source_new_from_file(action->f_results); if (oscap_source_validate(result_source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; } else fprintf(stdout, "Resolved XCCDF has been exported correctly.\n"); oscap_source_free(result_source); } } } } cleanup: oscap_print_error(); if (bench) xccdf_benchmark_free(bench); return ret; }
int app_ds_rds_create(const struct oscap_action *action) { int ret = OSCAP_ERROR; if (action->validate) { struct oscap_source *sds = oscap_source_new_from_file(action->ds_action->file); if (oscap_source_validate(sds, reporter, (void *) action) != 0) { oscap_source_free(sds); goto cleanup; } oscap_source_free(sds); struct oscap_source *result = oscap_source_new_from_file(action->ds_action->xccdf_result); if (oscap_source_validate(result, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; oscap_source_free(result); goto cleanup; } oscap_source_free(result); } char** oval_result_files = malloc(sizeof(char*) * (action->ds_action->oval_result_count + 1)); size_t i; for (i = 0; i < action->ds_action->oval_result_count; ++i) { oval_result_files[i] = action->ds_action->oval_results[i]; if (action->validate) { struct oscap_source *source = oscap_source_new_from_file(oval_result_files[i]); if (oscap_source_validate(source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; oscap_source_free(source); free(oval_result_files); goto cleanup; } oscap_source_free(source); } } oval_result_files[i] = NULL; ret = ds_rds_create(action->ds_action->file, action->ds_action->xccdf_result, (const char**)oval_result_files, action->ds_action->target); free(oval_result_files); if (ret != 0) { fprintf(stdout, "Failed to create result datastream in ARF."); ret = OSCAP_ERROR; goto cleanup; } const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); if (action->validate && full_validation) { struct oscap_source *rds = oscap_source_new_from_file(action->ds_action->target); if (oscap_source_validate(rds, reporter, (void *) action) != 0) { oscap_source_free(rds); goto cleanup; } oscap_source_free(rds); } ret = OSCAP_OK; cleanup: oscap_print_error(); free(action->ds_action); return ret; }