|
Packit |
517ee8 |
/*
|
|
Packit |
517ee8 |
* Copyright 2010--2014 Red Hat Inc., Durham, North Carolina.
|
|
Packit |
517ee8 |
* All Rights Reserved.
|
|
Packit |
517ee8 |
*
|
|
Packit |
517ee8 |
* This library is free software; you can redistribute it and/or
|
|
Packit |
517ee8 |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit |
517ee8 |
* License as published by the Free Software Foundation; either
|
|
Packit |
517ee8 |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
517ee8 |
*
|
|
Packit |
517ee8 |
* This library is distributed in the hope that it will be useful,
|
|
Packit |
517ee8 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
517ee8 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
517ee8 |
* Lesser General Public License for more details.
|
|
Packit |
517ee8 |
*
|
|
Packit |
517ee8 |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
517ee8 |
* License along with this library; if not, write to the Free Software
|
|
Packit |
517ee8 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit |
517ee8 |
*
|
|
Packit |
517ee8 |
* Authors:
|
|
Packit |
517ee8 |
* Peter Vrabec <pvrabec@redhat.com>
|
|
Packit |
517ee8 |
*/
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
#ifdef HAVE_CONFIG_H
|
|
Packit |
517ee8 |
#include <config.h>
|
|
Packit |
517ee8 |
#endif
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
/* Standard header files */
|
|
Packit |
517ee8 |
#include <stdio.h>
|
|
Packit |
517ee8 |
#include <stdlib.h>
|
|
Packit |
517ee8 |
#include <string.h>
|
|
Packit |
517ee8 |
#ifdef HAVE_GETOPT_H
|
|
Packit |
517ee8 |
#include <getopt.h>
|
|
Packit |
517ee8 |
#endif
|
|
Packit |
517ee8 |
#include <assert.h>
|
|
Packit |
517ee8 |
#include <math.h>
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
#include <cve_nvd.h>
|
|
Packit |
517ee8 |
#include <oscap_source.h>
|
|
Packit |
517ee8 |
#include <xccdf_session.h>
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
#include "oscap-tool.h"
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static bool getopt_cve(int argc, char **argv, struct oscap_action *action);
|
|
Packit |
517ee8 |
static int app_cve_validate(const struct oscap_action *action);
|
|
Packit |
517ee8 |
static int app_cve_find(const struct oscap_action *action);
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
#define CVE_SUBMODULES_NUM 3 /* See actual CVE_SUBMODULES array
|
|
Packit |
517ee8 |
initialization below. */
|
|
Packit |
517ee8 |
static struct oscap_module* CVE_SUBMODULES[CVE_SUBMODULES_NUM];
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
struct oscap_module OSCAP_CVE_MODULE = {
|
|
Packit |
517ee8 |
.name = "cve",
|
|
Packit |
517ee8 |
.parent = &OSCAP_ROOT_MODULE,
|
|
Packit |
517ee8 |
.summary = "Common Vulnerabilities and Exposures",
|
|
Packit |
517ee8 |
.submodules = CVE_SUBMODULES
|
|
Packit |
517ee8 |
};
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static struct oscap_module CVE_VALIDATE_MODULE = {
|
|
Packit |
517ee8 |
.name = "validate",
|
|
Packit |
517ee8 |
.parent = &OSCAP_CVE_MODULE,
|
|
Packit |
517ee8 |
.summary = "Validate CVE NVD feed",
|
|
Packit |
517ee8 |
.usage = "nvd-feed.xml",
|
|
Packit |
517ee8 |
.help = "Validate CVE NVD feed.",
|
|
Packit |
517ee8 |
.opt_parser = getopt_cve,
|
|
Packit |
517ee8 |
.func = app_cve_validate
|
|
Packit |
517ee8 |
};
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static struct oscap_module CVE_FIND_MODULE = {
|
|
Packit |
517ee8 |
.name = "find",
|
|
Packit |
517ee8 |
.parent = &OSCAP_CVE_MODULE,
|
|
Packit |
517ee8 |
.summary = "Find particular CVE in CVE NVD feed",
|
|
Packit |
517ee8 |
.usage = "CVE nvd-feed.xml",
|
|
Packit |
517ee8 |
.help = "Find particular CVE in CVE NVD feed.",
|
|
Packit |
517ee8 |
.opt_parser = getopt_cve,
|
|
Packit |
517ee8 |
.func = app_cve_find
|
|
Packit |
517ee8 |
};
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static struct oscap_module* CVE_SUBMODULES[CVE_SUBMODULES_NUM] = {
|
|
Packit |
517ee8 |
&CVE_VALIDATE_MODULE,
|
|
Packit |
517ee8 |
&CVE_FIND_MODULE,
|
|
Packit |
517ee8 |
NULL
|
|
Packit |
517ee8 |
};
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static int app_cve_validate(const struct oscap_action *action)
|
|
Packit |
517ee8 |
{
|
|
Packit |
517ee8 |
int ret;
|
|
Packit |
517ee8 |
int result;
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
struct oscap_source *source = oscap_source_new_from_file(action->cve_action->file);
|
|
Packit |
517ee8 |
ret = oscap_source_validate(source, reporter, (void *) action);
|
|
Packit |
517ee8 |
oscap_source_free(source);
|
|
Packit |
517ee8 |
if (ret==-1) {
|
|
Packit |
517ee8 |
result=OSCAP_ERROR;
|
|
Packit |
517ee8 |
goto cleanup;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
else if (ret==1) {
|
|
Packit |
517ee8 |
result=OSCAP_FAIL;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
else
|
|
Packit |
517ee8 |
result=OSCAP_OK;
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
cleanup:
|
|
Packit |
517ee8 |
if (oscap_err())
|
|
Packit |
517ee8 |
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
free(action->cve_action);
|
|
Packit |
517ee8 |
return result;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
static int app_cve_find(const struct oscap_action *action)
|
|
Packit |
517ee8 |
{
|
|
Packit |
517ee8 |
struct cve_model *model = NULL;
|
|
Packit |
517ee8 |
struct cve_entry *entry = NULL;
|
|
Packit |
517ee8 |
struct cve_entry_iterator *entry_it;
|
|
Packit |
517ee8 |
const struct cvss_impact *cvss;
|
|
Packit |
517ee8 |
struct cvss_metrics *metrics;
|
|
Packit |
517ee8 |
float base_score;
|
|
Packit |
517ee8 |
char * vector;
|
|
Packit |
517ee8 |
int result;
|
|
Packit |
517ee8 |
struct cve_product_iterator *prod_it;
|
|
Packit |
517ee8 |
struct cve_product *product;
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
model = cve_model_import(action->cve_action->file);
|
|
Packit |
517ee8 |
if(!model) {
|
|
Packit |
517ee8 |
result=OSCAP_ERROR;
|
|
Packit |
517ee8 |
goto cleanup;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
entry_it = cve_model_get_entries(model);
|
|
Packit |
517ee8 |
while (cve_entry_iterator_has_more(entry_it)) {
|
|
Packit |
517ee8 |
entry = cve_entry_iterator_next(entry_it);
|
|
Packit |
517ee8 |
if (!strcmp(cve_entry_get_id(entry), action->cve_action->cve))
|
|
Packit |
517ee8 |
break;
|
|
Packit |
517ee8 |
entry = NULL;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
cve_entry_iterator_free(entry_it);
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
if (!entry) {
|
|
Packit |
517ee8 |
result=OSCAP_FAIL;
|
|
Packit |
517ee8 |
goto cleanup;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
printf("ID: %s\n", cve_entry_get_id(entry));
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
/* cvss content */
|
|
Packit |
517ee8 |
cvss = cve_entry_get_cvss(entry);
|
|
Packit |
517ee8 |
if (cvss) {
|
|
Packit |
517ee8 |
metrics = cvss_impact_get_base_metrics(cvss);
|
|
Packit |
517ee8 |
base_score = cvss_metrics_get_score(metrics);
|
|
Packit |
517ee8 |
vector = cvss_impact_to_vector(cvss);
|
|
Packit |
517ee8 |
printf("Base Score: %.1f\n", base_score);
|
|
Packit |
517ee8 |
printf("Vector String:\n\t%s\n", vector);
|
|
Packit |
517ee8 |
free(vector);
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
/* vulnerable-software-list */
|
|
Packit |
517ee8 |
printf("Vulnerable Software:\n");
|
|
Packit |
517ee8 |
prod_it=cve_entry_get_products(entry);
|
|
Packit |
517ee8 |
while(cve_product_iterator_has_more(prod_it)) {
|
|
Packit |
517ee8 |
product = cve_product_iterator_next(prod_it);
|
|
Packit |
517ee8 |
printf("\t%s\n", cve_product_get_value(product));
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
cve_product_iterator_free(prod_it);
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
result=OSCAP_OK;
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
cleanup:
|
|
Packit |
517ee8 |
if (oscap_err())
|
|
Packit |
517ee8 |
fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
if (model)
|
|
Packit |
517ee8 |
cve_model_free(model);
|
|
Packit |
517ee8 |
free(action->cve_action);
|
|
Packit |
517ee8 |
return result;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
bool getopt_cve(int argc, char **argv, struct oscap_action *action)
|
|
Packit |
517ee8 |
{
|
|
Packit Service |
deda86 |
if (action->module == &CVE_VALIDATE_MODULE) {
|
|
Packit |
517ee8 |
if( argc != 4 ) {
|
|
Packit |
517ee8 |
oscap_module_usage(action->module, stderr, "Wrong number of parameters.\n");
|
|
Packit |
517ee8 |
return false;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
action->doctype = OSCAP_DOCUMENT_CVE_FEED;
|
|
Packit |
517ee8 |
action->cve_action = malloc(sizeof(struct cve_action));
|
|
Packit |
517ee8 |
action->cve_action->file=argv[3];
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
else if (action->module == &CVE_FIND_MODULE) {
|
|
Packit |
517ee8 |
if( argc != 5 ) {
|
|
Packit |
517ee8 |
oscap_module_usage(action->module, stderr, "Wrong number of parameters.\n");
|
|
Packit |
517ee8 |
return false;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
action->doctype = OSCAP_DOCUMENT_CVE_FEED;
|
|
Packit |
517ee8 |
action->cve_action = malloc(sizeof(struct cve_action));
|
|
Packit |
517ee8 |
action->cve_action->cve=argv[3];
|
|
Packit |
517ee8 |
action->cve_action->file=argv[4];
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
return true;
|
|
Packit |
517ee8 |
}
|
|
Packit |
517ee8 |
|