static bool valid_inputs(const struct oscap_action *action) {
bool result = true;
/* validate SDS or OVAL Definitions & Variables & Syschars,
depending on the data */
struct oscap_source *definitions_source = oscap_source_new_from_file(action->f_oval);
if (oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_OVAL_DEFINITIONS &&
oscap_source_get_scap_type(definitions_source) != OSCAP_DOCUMENT_SDS) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Definition or Source DataStream, but found %s.\n",
action->f_oval, oscap_document_type_to_string(oscap_source_get_scap_type(definitions_source)));
result = false;
}
if (oscap_source_validate(definitions_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(definitions_source);
if (action->f_variables) {
struct oscap_source *variables_source = oscap_source_new_from_file(action->f_variables);
if (oscap_source_get_scap_type(variables_source) != OSCAP_DOCUMENT_OVAL_VARIABLES) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Variables, but found %s.\n",
action->f_variables, oscap_document_type_to_string(oscap_source_get_scap_type(variables_source)));
result = false;
}
if (oscap_source_validate(variables_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(variables_source);
}
if (action->f_directives) {
struct oscap_source *directives_source = oscap_source_new_from_file(action->f_directives);
if (oscap_source_get_scap_type(directives_source) != OSCAP_DOCUMENT_OVAL_DIRECTIVES) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL Directives, but found %s.\n",
action->f_directives, oscap_document_type_to_string(oscap_source_get_scap_type(directives_source)));
result = false;
}
if (oscap_source_validate(directives_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(directives_source);
}
if (action->module == &OVAL_ANALYSE && action->f_syschar) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_get_scap_type(syschar_source) != OSCAP_DOCUMENT_OVAL_SYSCHAR) {
fprintf(stderr, "Type mismatch: %s. Expecting OVAL System Characteristic, but found %s.\n",
action->f_syschar, oscap_document_type_to_string(oscap_source_get_scap_type(syschar_source)));
result = false;
}
if (oscap_source_validate(syschar_source, reporter, (void *) action)) {
result = false;
}
oscap_source_free(syschar_source);
}
return result;
}
int ds_sds_decompose_custom(const char* input_file, const char* id, const char* target_dir,
const char* container_name, const char* component_id, const char* target_filename)
{
struct oscap_source *ds_source = oscap_source_new_from_file(input_file);
struct ds_sds_session *session = ds_sds_session_new_from_source(ds_source);
if (session == NULL) {
oscap_source_free(ds_source);
return -1;
}
if (ds_sds_session_set_datastream_id(session, id)) {
ds_sds_session_free(session);
oscap_source_free(ds_source);
return -1;
}
if (ds_sds_session_set_target_dir(session, oscap_streq(target_dir, "") ? "." : target_dir)) {
ds_sds_session_free(session);
oscap_source_free(ds_source);
return -1;
}
if (ds_sds_session_register_component_with_dependencies(session, container_name, component_id, target_filename) != 0) {
ds_sds_session_free(session);
oscap_source_free(ds_source);
return -1;
}
int ret = ds_sds_session_dump_component_files(session);
ds_sds_session_free(session);
oscap_source_free(ds_source);
return ret;
}
int ds_rds_decompose(const char* input_file, const char* report_id, const char* request_id, const char* target_dir)
{
struct oscap_source *rds_source = oscap_source_new_from_file(input_file);
struct ds_rds_session *session = ds_rds_session_new_from_source(rds_source);
if (session == NULL) {
ds_rds_session_free(session);
oscap_source_free(rds_source);
return -1;
}
ds_rds_session_set_target_dir(session, target_dir);
if (ds_rds_dump_arf_content(session, "reports", "report", report_id) != 0) {
ds_rds_session_free(session);
oscap_source_free(rds_source);
return -1;
}
if (request_id != NULL) {
if (ds_rds_dump_arf_content(session, "report-requests", "report-request", request_id) != 0) {
ds_rds_session_free(session);
oscap_source_free(rds_source);
return -1;
}
}
int ret = ds_rds_session_dump_component_files(session);
ds_rds_session_free(session);
oscap_source_free(rds_source);
return ret;
}
int app_xccdf_xslt(const struct oscap_action *action)
{
const char *oval_template = action->oval_template;
if (action->module == &XCCDF_GEN_REPORT && oval_template == NULL) {
/* If generating the report and the option is missing -> use defaults */
struct oscap_source *xccdf_source = oscap_source_new_from_file(action->f_xccdf);
if (_some_oval_result_exists(xccdf_source))
/* We want to define default template because we strive to serve user the
* best. However, we must not offer a template, if there is a risk it might
* be incorrect. Otherwise, libxml2 will throw a lot of misleading messages
* to stderr. */
oval_template = "%.result.xml";
oscap_source_free(xccdf_source);
}
if (action->module == &XCCDF_GEN_CUSTOM) {
action->module->user = (void*)action->stylesheet;
}
const char *params[] = {
"result-id", action->id,
"show", action->show,
"profile_id", action->profile,
"template", action->tmpl,
"oval-template", oval_template,
"sce-template", action->sce_template,
"verbosity", "",
"hide-profile-info", action->hide_profile_info ? "yes" : NULL,
NULL
};
int ret = app_xslt(action->f_xccdf, action->module->user, action->f_results, params);
return ret;
}
int app_xccdf_validate(const struct oscap_action *action) {
int ret;
int result;
struct oscap_source *source = oscap_source_new_from_file(action->f_xccdf);
ret = oscap_source_validate(source, reporter, (void *) action);
if (ret==-1) {
result=OSCAP_ERROR;
goto cleanup;
}
else if (ret==1) {
result=OSCAP_FAIL;
}
else
result=OSCAP_OK;
if (action->schematron) {
ret = oscap_source_validate_schematron(source, NULL);
if (ret == -1) {
result = OSCAP_ERROR;
} else if (ret > 0) {
result = OSCAP_FAIL;
}
}
oscap_source_free(source);
cleanup:
oscap_print_error();
return result;
}
int app_ds_rds_split(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
struct ds_rds_session *session = NULL;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (action->validate)
{
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
goto cleanup;
}
}
session = ds_rds_session_new_from_source(source);
if (session == NULL
|| ds_rds_session_set_target_dir(session, action->ds_action->target) != 0
|| ds_rds_session_select_report(session, action->f_report_id) == NULL
|| ds_rds_session_select_report_request(session, NULL) == NULL
|| ds_rds_session_dump_component_files(session) != 0) {
fprintf(stdout, "Failed to split given result datastream '%s'.\n", action->ds_action->file);
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
ds_rds_session_free(session);
free(action->ds_action);
oscap_source_free(source);
return ret;
}
static int app_oval_validate(const struct oscap_action *action) {
int ret;
int result = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
ret = oscap_source_validate(source, reporter, (void *) action);
if (ret == -1) {
result = OSCAP_ERROR;
goto cleanup;
}
else {
result = ret == 1 ? OSCAP_FAIL : OSCAP_OK;
}
/* schematron-based validation requested
We can only do schematron validation if the file isn't a source datastream
*/
if (action->schematron && oscap_source_get_scap_type(source) != OSCAP_DOCUMENT_SDS) {
ret = oscap_source_validate_schematron(source, NULL);
if (ret==-1) {
result=OSCAP_ERROR;
}
else if (ret>0) {
result=OSCAP_FAIL;
}
}
cleanup:
oscap_source_free(source);
if (oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
return result;
}
struct oval_definition_model * oval_definition_model_import(const char *file)
{
struct oscap_source *source = oscap_source_new_from_file(file);
struct oval_definition_model *model = oval_definition_model_import_source(source);
oscap_source_free(source);
return model;
}
int oscap_apply_xslt(const char *xmlfile, const char *xsltfile, const char *outfile, const char **params)
{
struct oscap_source *source = oscap_source_new_from_file(xmlfile);
int ret = oscap_source_apply_xslt_path(source, xsltfile, outfile, params, oscap_path_to_xslt());
oscap_source_free(source);
return ret;
}
struct xccdf_benchmark *xccdf_benchmark_import(const char *file)
{
struct oscap_source *source = oscap_source_new_from_file(file);
struct xccdf_benchmark *benchmark = xccdf_benchmark_import_source(source);
oscap_source_free(source);
return benchmark;
}
int app_ds_sds_compose(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
// The API will correctly deal with the file parameter having directory
// references in it. However this will create a hard to navigate mangled
// component IDs in the resulting datastream.
//
// To fix this we will chdir to parent dir of the given XCCDF and chdir
// back after we are done.
char *previous_cwd = _gcwd();
if (previous_cwd == NULL) {
goto cleanup;
}
char target_abs_path[PATH_MAX + 1];
// if the path is already absolute we just use it as it is
if (*action->ds_action->target == '/')
snprintf(target_abs_path, PATH_MAX, "%s", action->ds_action->target);
else
snprintf(target_abs_path, PATH_MAX, "%s/%s", previous_cwd, action->ds_action->target);
char* temp_cwd = strdup(action->ds_action->file);
chdir(dirname(temp_cwd));
free(temp_cwd);
char* source_xccdf = strdup(action->ds_action->file);
ds_sds_compose_from_xccdf(basename(source_xccdf), target_abs_path);
free(source_xccdf);
chdir(previous_cwd);
free(previous_cwd);
if (action->validate)
{
struct oscap_source *source = oscap_source_new_from_file(target_abs_path);
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
oscap_source_free(source);
goto cleanup;
}
oscap_source_free(source);
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
free(action->ds_action);
return ret;
}
int oval_definition_model_merge(struct oval_definition_model *model, const char *file)
{
__attribute__nonnull__(model);
int ret;
struct oscap_source *source = oscap_source_new_from_file(file);
ret = _oval_definition_model_merge_source(model, source);
oscap_source_free(source);
return ret;
}
char * xccdf_detect_version(const char* file)
{
struct oscap_source *source = oscap_source_new_from_file(file);
xmlTextReader *reader = oscap_source_get_xmlTextReader(source);
if (!reader) {
oscap_source_free(source);
return NULL;
}
char *doc_version = xccdf_detect_version_priv(reader);
xmlFreeTextReader(reader);
oscap_source_free(source);
return doc_version;
}
int main(int argc, char *argv[]) {
struct oval_directives_model *model;
model=oval_directives_model_new();
struct oscap_source *source = oscap_source_new_from_file(argv[1]);
oval_directives_model_import_source(model, source);
oscap_source_free(source);
oval_directives_model_export(model, argv[2]);
oval_directives_model_free(model);
oscap_cleanup();
return 0;
}
int ds_rds_create(const char* sds_file, const char* xccdf_result_file, const char** oval_result_files, const char* target_file)
{
struct oscap_source *sds_source = oscap_source_new_from_file(sds_file);
struct oscap_source *xccdf_result_source = oscap_source_new_from_file(xccdf_result_file);
struct oscap_htable *oval_result_sources = oscap_htable_new();
int result = 0;
// this check is there to allow passing NULL instead of having to allocate
// an empty array
if (oval_result_files != NULL)
{
while (*oval_result_files != NULL)
{
struct oscap_source *oval_source = oscap_source_new_from_file(*oval_result_files);
if (oscap_source_get_xmlDoc(oval_source) == NULL) {
result = -1;
oscap_source_free(oval_source);
} else {
oscap_htable_add(oval_result_sources, *oval_result_files, oval_source);
}
oval_result_files++;
}
}
if (result == 0) {
struct oscap_source *target_rds = ds_rds_create_source(sds_source, xccdf_result_source, oval_result_sources, target_file);
result = target_rds == NULL;
if (result == 0) {
result = oscap_source_save_as(target_rds, NULL);
}
oscap_source_free(target_rds);
}
oscap_htable_free(oval_result_sources, (oscap_destruct_func) oscap_source_free);
oscap_source_free(sds_source);
oscap_source_free(xccdf_result_source);
return result;
}
int main(int argc, char **argv)
{
if (argc < 2) return 1;
if (strcmp(argv[1], "--export") == 0) {
if (argc != 4) return 1;
struct oscap_source *source = oscap_source_new_from_file(argv[2]);
struct xccdf_benchmark *bench = xccdf_benchmark_import_source(source);
oscap_source_free(source);
if (bench == NULL) return 1;
xccdf_benchmark_export(bench, argv[3]);
xccdf_benchmark_free(bench);
oscap_cleanup();
return 0;
}
else if (strcmp(argv[1], "--validate") == 0) {
if (argc != 4) {
fprintf(stderr, "Usage: %s --validate ver xccdf\n", argv[0]);
return 1;
}
struct oscap_source *source = oscap_source_new_from_file(argv[3]);
if (oscap_source_validate(source, NULL, stdout)) {
fprintf(stderr, "ERROR: %s\n", oscap_err_desc());
oscap_source_free(source);
return 1;
}
oscap_source_free(source);
return 0;
}
else {
fprintf(stderr, "Unknown mode: %s\n", argv[1]);
}
return 1;
}
int main(int argc, char **argv)
{
/* test export */
if (argc == 4 && !strcmp(argv[1], "--export-all")) {
struct cvrf_model *model = cvrf_model_import(oscap_source_new_from_file(argv[2]));
if(!model)
return 1;
struct oscap_source *export_source = cvrf_model_get_export_source(model);
int ret = oscap_source_save_as(export_source, argv[3]);
cvrf_model_free(model);
oscap_source_free(export_source);
return ret;
} else if (argc == 4 && !strcmp(argv[1], "--eval")) {
const char *cpe = "Managment Agent for RHEL 7 Hosts";
struct oscap_source *import_source = oscap_source_new_from_file(argv[2]);
struct oscap_source *export_source = cvrf_model_get_results_source(import_source, cpe);
int ret = oscap_source_save_as(export_source, argv[3]);
oscap_source_free(export_source);
return ret;
} else if (argc == 3 && !strcmp(argv[1], "--validate")) {
struct oscap_source *source = oscap_source_new_from_file(argv[2]);
int ret = oscap_source_validate(source, reporter, NULL);
oscap_source_free(source);
return ret;
}
fprintf(stdout,
"Usage: \n\n"
" %s --help\n"
" %s --export-all input.xml output.xml\n"
" %s --eval input.xml results.xml\n"
" %s --validate input.xml\n",
argv[0], argv[0], argv[0], argv[0]);
return 0;
}
int app_ds_sds_split(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
const char* f_datastream_id = action->f_datastream_id;
const char* f_component_id = action->f_xccdf_id;
struct ds_sds_session *session = NULL;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
/* Validate */
if (action->validate)
{
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
goto cleanup;
}
}
session = ds_sds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
if (ds_sds_index_select_checklist(ds_sds_session_get_sds_idx(session), &f_datastream_id, &f_component_id) != 0) {
fprintf(stdout, "Failed to locate a datastream with ID matching '%s' ID "
"and checklist inside matching '%s' ID.\n",
action->f_datastream_id == NULL ? "<any>" : action->f_datastream_id,
action->f_xccdf_id == NULL ? "<any>" : action->f_xccdf_id);
goto cleanup;
}
ds_sds_session_set_datastream_id(session, f_datastream_id);
ds_sds_session_set_remote_resources(session, action->remote_resources, download_reporting_callback);
ds_sds_session_set_target_dir(session, action->ds_action->target);
if (ds_sds_session_register_component_with_dependencies(session, "checklists", f_component_id, NULL) != 0) {
goto cleanup;
}
if (ds_sds_session_dump_component_files(session) != 0) {
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
ds_sds_session_free(session);
oscap_source_free(source);
free(action->ds_action);
return ret;
}
int app_ds_sds_validate(const struct oscap_action *action) {
int ret = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (oscap_source_validate(source, reporter, (void*) action) != 0) {
goto cleanup;
}
ret = OSCAP_OK;
cleanup:
oscap_print_error();
free(action->ds_action);
oscap_source_free(source);
return ret;
}
/**
* Load oscap source from file
* Filename is relatively to datastream file
*/
static struct oscap_source *load_referenced_source(const struct ds_sds_session *session, const char *filename)
{
const char* readable_origin = ds_sds_session_get_readable_origin(session);
assert(readable_origin != NULL);
char* readable_origin_cp = oscap_strdup(readable_origin);
char* dir_name = dirname(readable_origin_cp);
char* full_path = oscap_sprintf("%s/%s", dir_name, filename);
struct oscap_source *source_file = oscap_source_new_from_file(full_path);
oscap_free(full_path);
oscap_free(readable_origin_cp);
return source_file;
}
int app_ds_sds_add(const struct oscap_action *action)
{
int ret = OSCAP_ERROR;
// TODO: chdir to the directory of the component (same as when composing new sds)
ret = ds_sds_compose_add_component(action->ds_action->target, action->f_datastream_id, action->ds_action->file, false);
if (action->validate) {
struct oscap_source *source = oscap_source_new_from_file(action->ds_action->file);
if (oscap_source_validate(source, reporter, (void *) action) != 0) {
ret = OSCAP_ERROR;
}
oscap_source_free(source);
}
oscap_print_error();
free(action->ds_action);
return ret;
}
static int app_cvrf_validate(const struct oscap_action *action) {
int result;
struct oscap_source *source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
int ret = oscap_source_validate(source, reporter, (void *) action);
if (ret==-1) {
result=OSCAP_ERROR;
} else if (ret==1) {
result=OSCAP_FAIL;
} else {
result=OSCAP_OK;
}
oscap_source_free(source);
oscap_print_error();
return result;
}
static int app_cvrf_export(const struct oscap_action *action) {
struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
if (import_source == NULL)
return OSCAP_ERROR;
int result = OSCAP_OK;
if (action->cvrf_action->index == 1) {
struct cvrf_index *index = cvrf_index_import(import_source);
if (index == NULL) {
result = OSCAP_ERROR;
goto cleanup;
}
struct oscap_source *export_source = cvrf_index_get_export_source(index);
if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0)
result = OSCAP_ERROR;
oscap_source_free(export_source);
cvrf_index_free(index);
} else {
struct cvrf_model *model = cvrf_model_import(import_source);
if(model == NULL) {
result = OSCAP_ERROR;
goto cleanup;
}
struct oscap_source *export_source = cvrf_model_get_export_source(model);
if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0)
result = OSCAP_ERROR;
oscap_source_free(export_source);
cvrf_model_free(model);
}
cleanup:
if (oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
/* TODO: Refactor, cvrf_index_parse_xml (called by oscap_source_new_from_file) frees its argument as an unexpected side-effect.
* oscap_source_free(import_source);
*/
free(action->cvrf_action);
return result;
}
int ds_sds_compose_add_component(const char *target_datastream, const char *datastream_id, const char *new_component, bool extended)
{
struct oscap_source *sds_source = oscap_source_new_from_file(target_datastream);
xmlDoc *doc = oscap_source_get_xmlDoc(sds_source);
if (doc == NULL) {
oscap_source_free(sds_source);
return 1;
}
xmlNodePtr datastream = ds_sds_lookup_datastream_in_collection(doc, datastream_id);
if (datastream == NULL) {
const char* error = datastream_id ?
oscap_sprintf("Could not find any datastream of id '%s'", datastream_id) :
oscap_sprintf("Could not find any datastream inside the file");
oscap_seterr(OSCAP_EFAMILY_XML, error);
oscap_free(error);
oscap_source_free(sds_source);
return 1;
}
char* mangled_path = ds_sds_mangle_filepath(new_component);
char* cref_id = oscap_sprintf("scap_org.open-scap_cref_%s", mangled_path);
oscap_free(mangled_path);
if (ds_sds_compose_add_component_with_ref(doc, datastream, new_component, cref_id) != 0) {
oscap_free(cref_id);
oscap_source_free(sds_source);
return 1;
}
oscap_free(cref_id);
if (oscap_source_save_as(sds_source, NULL) != 0) {
oscap_seterr(OSCAP_EFAMILY_GLIBC, "Error saving source datastream to '%s'.", target_datastream);
oscap_source_free(sds_source);
return 1;
}
oscap_source_free(sds_source);
return 0;
}
static int app_cvrf_evaluate(const struct oscap_action *action) {
int result = OSCAP_OK;
// Temporary hardcoded CPE until CPE name can be found without input by CVRF functions
// themselves
const char *os_name = "Red Hat Enterprise Linux Desktop Supplementary (v. 6)";
struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
struct oscap_source *export_source = cvrf_model_get_results_source(import_source, os_name);
if (export_source == NULL)
return -1;
if (oscap_source_save_as(export_source, action->cvrf_action->f_results) == -1) {
result = OSCAP_ERROR;
goto cleanup;
}
cleanup:
if (oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
oscap_source_free(export_source);
free(action->cvrf_action);
return result;
}
static int app_analyse_oval(const struct oscap_action *action) {
struct oval_definition_model *def_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_results_model *res_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_directives_model *dir_model = NULL;
struct oval_syschar_model *sys_models[2];
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* load defnitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* load system characteristics */
sys_model = oval_syschar_model_new(def_model);
source = oscap_source_new_from_file(action->f_syschar);
if (oval_syschar_model_import_source(sys_model, source) == -1 ) {
fprintf(stderr, "Failed to import the System Characteristics from '%s'.\n", action->f_syschar);
oscap_source_free(source);
goto cleanup;
}
oscap_source_free(source);
/* evaluate */
sys_models[0] = sys_model;
sys_models[1] = NULL;
res_model = oval_results_model_new(def_model, sys_models);
/* set product name */
generator = oval_results_model_get_generator(res_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
oval_generator_set_product_version(generator, oscap_get_version());
oval_results_model_eval(res_model);
/* export results */
if (action->f_results != NULL) {
/* import directives */
if (action->f_directives != NULL) {
dir_model = oval_directives_model_new();
struct oscap_source *dir_source = oscap_source_new_from_file(action->f_directives);
oval_directives_model_import_source(dir_model, dir_source);
oscap_source_free(dir_source);
}
/* export result model to XML */
oval_results_model_export(res_model, dir_model, action->f_results);
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* validate OVAL Results */
if (action->validate && full_validation) {
struct oscap_source *result_source = oscap_source_new_from_file(action->f_results);
if (oscap_source_validate(result_source, reporter, (void *) action)) {
oscap_source_free(result_source);
goto cleanup;
}
fprintf(stdout, "OVAL Results are exported correctly.\n");
oscap_source_free(result_source);
}
}
ret = OSCAP_OK;
/* clean up */
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if(res_model) oval_results_model_free(res_model);
if(sys_model) oval_syschar_model_free(sys_model);
if(def_model) oval_definition_model_free(def_model);
if(dir_model) oval_directives_model_free(dir_model);
return ret;
}
int app_collect_oval(const struct oscap_action *action)
{
struct oval_definition_model *def_model = NULL;
struct oval_variable_model *var_model = NULL;
struct oval_syschar_model *sys_model = NULL;
struct oval_sysinfo *sysinfo = NULL;
struct oval_probe_session *pb_sess = NULL;
struct oval_generator *generator = NULL;
int ret = OSCAP_ERROR;
/* Turn on verbosity */
if (!oscap_set_verbose(action->verbosity_level, action->f_verbose_log, false)) {
goto cleanup;
}
/* validate inputs */
if (action->validate) {
if (!valid_inputs(action)) {
goto cleanup;
}
}
/* import definitions */
struct oscap_source *source = oscap_source_new_from_file(action->f_oval);
def_model = oval_definition_model_import_source(source);
oscap_source_free(source);
if (def_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Definitions from '%s'.\n", action->f_oval);
goto cleanup;
}
/* bind external variables */
if(action->f_variables) {
struct oscap_source *var_source = oscap_source_new_from_file(action->f_variables);
var_model = oval_variable_model_import_source(var_source);
oscap_source_free(var_source);
if (var_model == NULL) {
fprintf(stderr, "Failed to import the OVAL Variables from '%s'.\n", action->f_variables);
goto cleanup;
}
if (oval_definition_model_bind_variable_model(def_model, var_model)) {
fprintf(stderr, "Failed to bind Variables to Definitions\n");
goto cleanup;
}
}
/* create empty syschar model */
sys_model = oval_syschar_model_new(def_model);
/* set product name */
generator = oval_syschar_model_get_generator(sys_model);
oval_generator_set_product_name(generator, OSCAP_PRODUCTNAME);
/* create probe session */
pb_sess = oval_probe_session_new(sys_model);
/* query sysinfo */
ret = oval_probe_query_sysinfo(pb_sess, &sysinfo);
if (ret != 0) {
fprintf(stderr, "Failed to query sysinfo\n");
goto cleanup;
}
oval_syschar_model_set_sysinfo(sys_model, sysinfo);
/* query objects */
struct oval_object *object;
struct oval_syschar *syschar;
oval_syschar_collection_flag_t sc_flg;
if (action->id) {
object = oval_definition_model_get_object(def_model, action->id);
if (!object) {
fprintf(stderr, "Object ID(%s) does not exist in '%s'.\n", action->id, action->f_oval);
goto cleanup;
}
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
else {
struct oval_object_iterator *objects = oval_definition_model_get_objects(def_model);
while (oval_object_iterator_has_more(objects)) {
object = oval_object_iterator_next(objects);
printf("Collected: \"%s\" : ", oval_object_get_id(object));
oval_probe_query_object(pb_sess, object, 0, &syschar);
sc_flg = oval_syschar_get_flag(syschar);
printf("%s\n", oval_syschar_collection_flag_get_text(sc_flg));
}
oval_object_iterator_free(objects);
}
const char* full_validation = getenv("OSCAP_FULL_VALIDATION");
/* output */
if (action->f_syschar != NULL) {
/* export OVAL System Characteristics */
oval_syschar_model_export(sys_model, action->f_syschar);
/* validate OVAL System Characteristics */
if (action->validate && full_validation) {
struct oscap_source *syschar_source = oscap_source_new_from_file(action->f_syschar);
if (oscap_source_validate(syschar_source, reporter, (void *)action)) {
oscap_source_free(syschar_source);
goto cleanup;
}
fprintf(stdout, "OVAL System Characteristics are exported correctly.\n");
oscap_source_free(syschar_source);
}
}
ret = OSCAP_OK;
cleanup:
if(oscap_err())
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
if (sysinfo) oval_sysinfo_free(sysinfo);
if (pb_sess) oval_probe_session_destroy(pb_sess);
if (sys_model) oval_syschar_model_free(sys_model);
if (def_model) oval_definition_model_free(def_model);
return ret;
}
static int print_versions(const struct oscap_action *action)
{
printf("OpenSCAP command line tool (oscap) %s\n" "Copyright 2009--2016 Red Hat Inc., Durham, North Carolina.\n\n",
oscap_get_version());
printf("==== Supported specifications ====\n");
printf("XCCDF Version: %s\n", xccdf_benchmark_supported());
printf("OVAL Version: %s\n", oval_definition_model_supported());
printf("CPE Version: %s\n", cpe_dict_model_supported());
printf("CVSS Version: %s\n", cvss_model_supported());
printf("CVE Version: %s\n", cve_model_supported());
printf("Asset Identification Version: %s\n", "1.1");
printf("Asset Reporting Format Version: %s\n", "1.1");
printf("\n");
printf("==== Capabilities added by auto-loaded plugins ====\n");
const char * const *known_plugins = check_engine_plugin_get_known_plugins();
bool known_plugin_found = false;
while (*known_plugins) {
struct check_engine_plugin_def *plugin = check_engine_plugin_load(*known_plugins);
if (plugin) {
printf("%s (from %s)\n", check_engine_plugin_get_capabilities(plugin), *known_plugins);
check_engine_plugin_unload(plugin);
known_plugin_found = true;
}
known_plugins++;
}
if (!known_plugin_found)
printf("No plugins have been auto-loaded...\n");
// We do not report failure when a known plugin doesn't load properly, that's because they
// are optional and we don't know if it's not there or if it just failed to load.
oscap_clearerr();
printf("\n");
printf("==== Paths ====\n");
printf("Schema files: %s\n", oscap_path_to_schemas());
printf("Default CPE files: %s\n", oscap_path_to_cpe());
#if defined(OVAL_PROBES_ENABLED)
printf("Probes: %s\n", oval_probe_ext_getdir());
#endif
printf("\n");
printf("==== Inbuilt CPE names ====\n");
char default_cpe_path[PATH_MAX];
snprintf(default_cpe_path, PATH_MAX, "%s/openscap-cpe-dict.xml", oscap_path_to_cpe());
struct oscap_source *source = oscap_source_new_from_file(default_cpe_path);
struct cpe_dict_model* cpe_dict = cpe_dict_model_import_source(source);
oscap_source_free(source);
if (cpe_dict != NULL) {
struct cpe_item_iterator* cpe_items = cpe_dict_model_get_items(cpe_dict);
while (cpe_item_iterator_has_more(cpe_items))
{
struct cpe_item* cpe_item = cpe_item_iterator_next(cpe_items);
struct oscap_text_iterator* titles = cpe_item_get_titles(cpe_item);
char* str_title = oscap_textlist_get_preferred_plaintext(titles, NULL);
oscap_text_iterator_free(titles);
struct cpe_name* name = cpe_item_get_name(cpe_item);
char * str_name = cpe_name_get_as_format(name, CPE_FORMAT_URI);
printf("%s - %s\n", str_title, str_name);
free(str_name);
free(str_title);
}
cpe_item_iterator_free(cpe_items);
cpe_dict_model_free(cpe_dict);
}
printf("\n");
#if defined(OVAL_PROBES_ENABLED)
printf("==== Supported OVAL objects and associated OpenSCAP probes ====\n");
printf("%-14s%-28s %-28s\n", "OVAL family", "OVAL object", "OpenSCAP probe");
printf("%-14s%-28s %-28s\n", "----------", "----------", "----------");
oval_probe_meta_list(stdout, OVAL_PROBEMETA_LIST_DYNAMIC | OVAL_PROBEMETA_LIST_OTYPE);
#endif
return OSCAP_OK;
}
int ds_sds_compose_add_component_with_ref(xmlDocPtr doc, xmlNodePtr datastream, const char* filepath, const char* cref_id)
{
xmlNsPtr ds_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST datastream_ns_uri);
xmlNsPtr xlink_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST xlink_ns_uri);
xmlNsPtr cat_ns = xmlSearchNsByHref(doc, datastream, BAD_CAST cat_ns_uri);
// In case we already have this component we just return, no need to add
// it twice. We will typically have many references to OVAL files, adding
// component for each reference would create unnecessarily huge datastreams
int result = ds_sds_compose_has_component_ref(doc, datastream, filepath, cref_id);
if (result == 0)
{
return 0;
}
if (result == -1)
{
// no need to free anything
// oscap_seterr has already been called
return -1;
}
xmlNodePtr cref_catalog = xmlNewNode(cat_ns, BAD_CAST "catalog");
xmlNodePtr cref_parent;
bool extended_component = false;
struct oscap_source *component_source = oscap_source_new_from_file(filepath);
oscap_document_type_t doc_type = oscap_source_get_scap_type(component_source);
if (doc_type == OSCAP_DOCUMENT_XCCDF)
{
cref_parent = node_get_child_element(datastream, "checklists");
if (ds_sds_compose_add_component_dependencies(doc, datastream, component_source, cref_catalog, doc_type) != 0)
{
// oscap_seterr has already been called
oscap_source_free(component_source);
return -1;
}
}
else if (doc_type == OSCAP_DOCUMENT_CPE_DICTIONARY || doc_type == OSCAP_DOCUMENT_CPE_LANGUAGE)
{
cref_parent = node_get_child_element(datastream, "dictionaries");
if (cref_parent == NULL) {
cref_parent = xmlNewNode(ds_ns, BAD_CAST "dictionaries");
// The <ds:dictionaries element must as the first child of the datastream
xmlNodePtr first_child = datastream->xmlChildrenNode;
xmlNodePtr new_node = (first_child == NULL) ?
xmlAddChild(datastream, cref_parent) : xmlAddPrevSibling(first_child, cref_parent);
if (new_node == NULL) {
oscap_seterr(OSCAP_EFAMILY_XML, "Failed to add dictionaries element to the DataStream.");
xmlFreeNode(cref_parent);
cref_parent = NULL;
}
}
if (ds_sds_compose_add_component_dependencies(doc, datastream, component_source, cref_catalog, doc_type) != 0) {
oscap_source_free(component_source);
return -1;
}
}
else if (doc_type == OSCAP_DOCUMENT_OVAL_DEFINITIONS || doc_type == OSCAP_DOCUMENT_OCIL)
{
cref_parent = node_get_child_element(datastream, "checks");
}
else
{
// not an XCCDF file, not an OVAL file, not a dict/lang, assume it goes into extended components
extended_component = true;
cref_parent = node_get_child_element(datastream, "extended-components");
}
oscap_source_free(component_source);
char* mangled_filepath = ds_sds_mangle_filepath(filepath);
// extended components (sadly :-/) use a different ID scheme and have
// a different element name than "normal" components
char* comp_id = oscap_sprintf("scap_org.open-scap_%scomp_%s",
extended_component ? "e" : "", mangled_filepath);
int counter = 0;
while (_lookup_component_in_collection(doc, comp_id) != NULL) {
// While a component of the given ID already exists, generate a new one
oscap_free(comp_id);
comp_id = oscap_sprintf("scap_org.open-scap_%scomp_%s%03d",
extended_component ? "e" : "", mangled_filepath, counter++);
}
oscap_free(mangled_filepath);
result = ds_sds_compose_add_component_internal(doc, datastream, filepath, comp_id, extended_component);
if (result == 0) {
xmlNodePtr cref = xmlNewNode(ds_ns, BAD_CAST "component-ref");
xmlAddChild(cref, cref_catalog);
xmlSetProp(cref, BAD_CAST "id", BAD_CAST cref_id);
const char* xlink_href = oscap_sprintf("#%s", comp_id);
xmlSetNsProp(cref, xlink_ns, BAD_CAST "href", BAD_CAST xlink_href);
oscap_free(xlink_href);
if (xmlAddChild(cref_parent, cref) == NULL) {
oscap_seterr(OSCAP_EFAMILY_XML, "Failed to add component-ref/@id='%s' to the DataStream.", cref_id);
result = 1;
}
}
oscap_free(comp_id);
// the source data stream XSD requires either no catalog or a non-empty one
if (cref_catalog->children == NULL)
{
xmlUnlinkNode(cref_catalog);
xmlFreeNode(cref_catalog);
}
return result;
}
static int app_info(const struct oscap_action *action)
{
int result = OSCAP_ERROR;
struct oscap_source *source = oscap_source_new_from_file(action->file);
switch (oscap_source_get_scap_type(source)) {
case OSCAP_DOCUMENT_OVAL_DEFINITIONS: {
printf("Document type: OVAL Definitions\n");
struct oval_definition_model *def_model = oval_definition_model_import_source(source);
if(!def_model)
goto cleanup;
struct oval_generator *gen = oval_definition_model_get_generator(def_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_OVAL_VARIABLES: {
printf("Document type: OVAL Variables\n");
struct oval_variable_model *var_model = oval_variable_model_import_source(source);
if(!var_model)
goto cleanup;
struct oval_generator *gen = oval_variable_model_get_generator(var_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_variable_model_free(var_model);
}
break;
case OSCAP_DOCUMENT_OVAL_DIRECTIVES: {
printf("Document type: OVAL Directives\n");
struct oval_directives_model *dir_model = oval_directives_model_new();
int ret = oval_directives_model_import_source(dir_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_directives_model_get_generator(dir_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_directives_model_free(dir_model);
}
break;
case OSCAP_DOCUMENT_OVAL_SYSCHAR: {
printf("Document type: OVAL System Characteristics\n");
struct oval_definition_model * def_model = oval_definition_model_new();
struct oval_syschar_model * sys_model = oval_syschar_model_new(def_model);
int ret = oval_syschar_model_import_source(sys_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_syschar_model_get_generator(sys_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_syschar_model_free(sys_model);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_OVAL_RESULTS: {
printf("Document type: OVAL Results\n");
struct oval_definition_model * def_model=oval_definition_model_new();
struct oval_results_model * res_model = oval_results_model_new(def_model,NULL);
int ret = oval_results_model_import_source(res_model, source);
if(ret)
goto cleanup;
struct oval_generator *gen = oval_results_model_get_generator(res_model);
printf("OVAL version: %s\n", oval_generator_get_core_schema_version(gen));
printf("Generated: %s\n", oval_generator_get_timestamp(gen));
print_time(action->file);
oval_results_model_free(res_model);
oval_definition_model_free(def_model);
}
break;
case OSCAP_DOCUMENT_XCCDF: {
printf("Document type: XCCDF Checklist\n");
struct xccdf_benchmark* bench = xccdf_benchmark_import_source(source);
if(!bench)
goto cleanup;
printf("Checklist version: %s\n", oscap_source_get_schema_version(source));
print_time(action->file);
_print_xccdf_benchmark(bench, "");
}
break;
case OSCAP_DOCUMENT_CPE_LANGUAGE: {
printf("Document type: CPE Language\n");
print_time(action->file);
}
break;
case OSCAP_DOCUMENT_CPE_DICTIONARY: {
printf("Document type: CPE Dictionary\n");
struct cpe_dict_model *dict_model = cpe_dict_model_import_source(source);
if (!dict_model)
goto cleanup;
struct cpe_generator *gen = cpe_dict_model_get_generator(dict_model);
if (gen != NULL) {
printf("CPE version: %s\n", cpe_generator_get_schema_version(gen));
printf("Generated: %s\n", cpe_generator_get_timestamp(gen));
}
print_time(action->file);
cpe_dict_model_free(dict_model);
}
break;
case OSCAP_DOCUMENT_SDS: {
printf("Document type: Source Data Stream\n");
print_time(action->file);
struct ds_sds_session *session = ds_sds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
/* get collection */
struct ds_sds_index *sds = ds_sds_session_get_sds_idx(session);
if (!sds) {
ds_sds_session_free(session);
goto cleanup;
}
/* iterate over streams */
struct ds_stream_index_iterator* sds_it = ds_sds_index_get_streams(sds);
while (ds_stream_index_iterator_has_more(sds_it)) {
struct ds_stream_index * stream = ds_stream_index_iterator_next(sds_it);
printf("\nStream: %s\n", ds_stream_index_get_id(stream));
printf("Generated: %s\n", ds_stream_index_get_timestamp(stream));
printf("Version: %s\n", ds_stream_index_get_version(stream));
printf("Checklists:\n");
struct oscap_string_iterator* checklist_it = ds_stream_index_get_checklists(stream);
while (oscap_string_iterator_has_more(checklist_it)) {
const char * id = oscap_string_iterator_next(checklist_it);
printf("\tRef-Id: %s\n", id);
/* decompose */
struct oscap_source *xccdf_source = ds_sds_session_select_checklist(session, ds_stream_index_get_id(stream), id, NULL);
if (xccdf_source == NULL) {
oscap_string_iterator_free(checklist_it);
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
goto cleanup;
}
const char *prefix = "\t\t";
if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF) {
struct xccdf_benchmark* bench = xccdf_benchmark_import_source(xccdf_source);
if(!bench) {
oscap_string_iterator_free(checklist_it);
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
goto cleanup;
}
_print_xccdf_benchmark(bench, prefix);
} else if (oscap_source_get_scap_type(xccdf_source) == OSCAP_DOCUMENT_XCCDF_TAILORING) {
_print_xccdf_tailoring(xccdf_source, prefix);
}
ds_sds_session_reset(session);
}
oscap_string_iterator_free(checklist_it);
printf("Checks:\n");
struct oscap_string_iterator* checks_it = ds_stream_index_get_checks(stream);
while (oscap_string_iterator_has_more(checks_it)) {
const char * id = oscap_string_iterator_next(checks_it);
printf("\tRef-Id: %s\n", id);
}
oscap_string_iterator_free(checks_it);
struct oscap_string_iterator* dict_it = ds_stream_index_get_dictionaries(stream);
if (oscap_string_iterator_has_more(dict_it))
printf("Dictionaries:\n");
else
printf("No dictionaries.\n");
while (oscap_string_iterator_has_more(dict_it)) {
const char * id = oscap_string_iterator_next(dict_it);
printf("\tRef-Id: %s\n", id);
}
oscap_string_iterator_free(dict_it);
}
ds_stream_index_iterator_free(sds_it);
ds_sds_session_free(session);
}
break;
case OSCAP_DOCUMENT_ARF: {
printf("Document type: Result Data Stream\n");
struct ds_rds_session *session = ds_rds_session_new_from_source(source);
if (session == NULL) {
goto cleanup;
}
struct rds_index *rds = ds_rds_session_get_rds_idx(session);
if (!rds) {
ds_rds_session_free(session);
goto cleanup;
}
struct rds_asset_index_iterator* asset_it = rds_index_get_assets(rds);
while (rds_asset_index_iterator_has_more(asset_it)) {
struct rds_asset_index* asset = rds_asset_index_iterator_next(asset_it);
printf("\nAsset: %s\n", rds_asset_index_get_id(asset));
struct rds_report_index_iterator* report_it = rds_asset_index_get_reports(asset);
while (rds_report_index_iterator_has_more(report_it)) {
struct rds_report_index* report = rds_report_index_iterator_next(report_it);
struct rds_report_request_index* request = rds_report_index_get_request(report);
printf(" - %s -> %s\n",
rds_report_request_index_get_id(request),
rds_report_index_get_id(report));
}
rds_report_index_iterator_free(report_it);
}
rds_asset_index_iterator_free(asset_it);
ds_rds_session_free(session);
}
break;
case OSCAP_DOCUMENT_XCCDF_TAILORING:
printf("Document type: XCCDF Tailoring\n");
print_time(action->file);
_print_xccdf_tailoring(source, "");
break;
case OSCAP_DOCUMENT_CVE_FEED:
printf("Document type: CVE Feed\n");
// TODO: Provide more info about CVE feeds
break;
case OSCAP_DOCUMENT_SCE_RESULT:
printf("Document type: SCE Result File\n");
// Currently, we do not have any SCE result file parsing capabilities.
break;
default:
printf("Could not determine document type\n");
goto cleanup;
break;
}
result=OSCAP_OK;
cleanup:
oscap_source_free(source);
oscap_print_error();
return result;
}
