static inline void _print_xccdf_benchmark(struct xccdf_benchmark *bench, const char *prefix) { _print_xccdf_status(xccdf_benchmark_get_status_current(bench), prefix); printf("%sResolved: %s\n", prefix, xccdf_benchmark_get_resolved(bench) ? "true" : "false"); _print_xccdf_profiles(xccdf_benchmark_get_profiles(bench), prefix); struct xccdf_policy_model *policy_model = xccdf_policy_model_new(bench); _print_xccdf_referenced_files(policy_model, prefix); _print_xccdf_testresults(bench, prefix); xccdf_policy_model_free(policy_model); // xccdf_benchmark_free not needed, it si already freed by the policy! }
xmlNode *xccdf_benchmark_to_dom(struct xccdf_benchmark *benchmark, xmlDocPtr doc, xmlNode *parent, void *user_args) { xmlNodePtr root_node = NULL; if (parent) { root_node = xccdf_item_to_dom(XITEM(benchmark), doc, parent); } else { root_node = xccdf_item_to_dom(XITEM(benchmark), doc, parent); xmlDocSetRootElement(doc, root_node); } // FIXME! //xmlNewProp(root_node, BAD_CAST "xsi:schemaLocation", BAD_CAST XCCDF_SCHEMA_LOCATION); xmlNs *ns_xccdf = xmlNewNs(root_node, (const xmlChar*)xccdf_version_info_get_namespace_uri(xccdf_benchmark_get_schema_version(benchmark)), NULL); xmlNs *ns_xsi = xmlNewNs(root_node, XCCDF_XSI_NAMESPACE, BAD_CAST "xsi"); xmlSetNs(root_node, ns_xsi); xmlSetNs(root_node, ns_xccdf); /* Handle attributes */ if (xccdf_benchmark_get_resolved(benchmark)) xmlNewProp(root_node, BAD_CAST "resolved", BAD_CAST "1"); else xmlNewProp(root_node, BAD_CAST "resolved", BAD_CAST "0"); const char *xmllang = xccdf_benchmark_get_lang(benchmark); if (xmllang) xmlNewProp(root_node, BAD_CAST "xml:lang", BAD_CAST xmllang); const char *style = xccdf_benchmark_get_style(benchmark); if (style) xmlNewProp(root_node, BAD_CAST "style", BAD_CAST style); const char *style_href = xccdf_benchmark_get_style_href(benchmark); if (style_href) xmlNewProp(root_node, BAD_CAST "style-href", BAD_CAST style_href); // Export plain-text elements struct xccdf_plain_text_iterator *plain_text_it = xccdf_benchmark_get_plain_texts(benchmark); while (xccdf_plain_text_iterator_has_more(plain_text_it)) { struct xccdf_plain_text *plain_text = xccdf_plain_text_iterator_next(plain_text_it); xccdf_plain_text_to_dom(plain_text, doc, root_node, xccdf_benchmark_get_schema_version(benchmark)); } xccdf_plain_text_iterator_free(plain_text_it); /* Handle children */ if (xccdf_benchmark_get_cpe_list(benchmark)) { // CPE API can only export via xmlTextWriter, we export via DOM // this is used to bridge both methods xmlTextWriterPtr writer = xmlNewTextWriterTree(doc, root_node, 0); cpe_dict_export(xccdf_benchmark_get_cpe_list(benchmark), writer); xmlFreeTextWriter(writer); } if (xccdf_benchmark_get_cpe_lang_model(benchmark)) { // CPE API can only export via xmlTextWriter, we export via DOM // this is used to bridge both methods xmlTextWriterPtr writer = xmlNewTextWriterTree(doc, root_node, 0); cpe_lang_export(xccdf_benchmark_get_cpe_lang_model(benchmark), writer); xmlFreeTextWriter(writer); } struct oscap_string_iterator *platforms = xccdf_benchmark_get_platforms(benchmark); while (oscap_string_iterator_has_more(platforms)) { xmlNode *platform_node = xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "platform", NULL); const char *idref = oscap_string_iterator_next(platforms); if (idref) xmlNewProp(platform_node, BAD_CAST "idref", BAD_CAST idref); } oscap_string_iterator_free(platforms); const char *version = xccdf_benchmark_get_version(benchmark); if (version) xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "version", BAD_CAST version); struct oscap_string_iterator* metadata = xccdf_item_get_metadata(XITEM(benchmark)); while (oscap_string_iterator_has_more(metadata)) { const char* meta = oscap_string_iterator_next(metadata); oscap_xmlstr_to_dom(root_node, "metadata", meta); } oscap_string_iterator_free(metadata); OSCAP_FOR(xccdf_model, model, xccdf_benchmark_get_models(benchmark)) { xmlNode *model_node = xmlNewTextChild(root_node, ns_xccdf, BAD_CAST "model", NULL); xmlNewProp(model_node, BAD_CAST "system", BAD_CAST xccdf_model_get_system(model)); }
int app_xccdf_resolve(const struct oscap_action *action) { int ret = OSCAP_ERROR; struct xccdf_benchmark *bench = NULL; if (!action->f_xccdf) { fprintf(stderr, "No input document specified!\n"); return OSCAP_ERROR; } if (!action->f_results) { fprintf(stderr, "No output document filename specified!\n"); return OSCAP_ERROR; } struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf); /* validate input */ if (action->validate) { if (oscap_source_validate(source, reporter, (void *) action) != 0) { oscap_source_free(source); goto cleanup; } } bench = xccdf_benchmark_import_source(source); oscap_source_free(source); if (!bench) goto cleanup; if (action->force) xccdf_benchmark_set_resolved(bench, false); if (xccdf_benchmark_get_resolved(bench)) fprintf(stderr, "Benchmark is already resolved!\n"); else { if (!xccdf_benchmark_resolve(bench)) fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n"); else { if (xccdf_benchmark_export(bench, action->f_results) == 0) { ret = OSCAP_OK; /* validate exported results */ const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); if (action->validate && full_validation) { struct oscap_source *result_source = oscap_source_new_from_file(action->f_results); if (oscap_source_validate(result_source, reporter, (void *) action) != 0) { ret = OSCAP_ERROR; } else fprintf(stdout, "Resolved XCCDF has been exported correctly.\n"); oscap_source_free(result_source); } } } } cleanup: oscap_print_error(); if (bench) xccdf_benchmark_free(bench); return ret; }
int app_xccdf_resolve(const struct oscap_action *action) { char *doc_version = NULL; int ret = OSCAP_ERROR; struct xccdf_benchmark *bench = NULL; if (!action->f_xccdf) { fprintf(stderr, "No input document specified!\n"); return OSCAP_ERROR; } if (!action->f_results) { fprintf(stderr, "No output document filename specified!\n"); return OSCAP_ERROR; } /* validate input */ if (action->validate) { doc_version = xccdf_detect_version(action->f_xccdf); if (!doc_version) { return OSCAP_ERROR; } if (oscap_validate_document(action->f_xccdf, OSCAP_DOCUMENT_XCCDF, doc_version, reporter, (void*) action) != 0) { validation_failed(action->f_xccdf, OSCAP_DOCUMENT_XCCDF, doc_version); goto cleanup; } } bench = xccdf_benchmark_import(action->f_xccdf); if (!bench) goto cleanup; if (action->force) xccdf_benchmark_set_resolved(bench, false); if (xccdf_benchmark_get_resolved(bench)) fprintf(stderr, "Benchmark is already resolved!\n"); else { if (!xccdf_benchmark_resolve(bench)) fprintf(stderr, "Benchmark resolving failure (probably a dependency loop)!\n"); else { if (xccdf_benchmark_export(bench, action->f_results)) { ret = OSCAP_OK; /* validate exported results */ const char* full_validation = getenv("OSCAP_FULL_VALIDATION"); if (action->validate && full_validation) { /* reuse doc_version from unresolved document it should be same in resolved one */ if (oscap_validate_document(action->f_results, OSCAP_DOCUMENT_XCCDF, doc_version, reporter, (void*)action)) { validation_failed(action->f_results, OSCAP_DOCUMENT_XCCDF, doc_version); ret = OSCAP_ERROR; } else fprintf(stdout, "Resolved XCCDF has been exported correctly.\n"); } } } } cleanup: oscap_print_error(); if (bench) xccdf_benchmark_free(bench); if (doc_version) free(doc_version); return ret; }