source-git / openscap

Clone
Source Code
GIT

Blame utils/oscap-cve.c

c8 c8s master
  1.   1d6c5073488a43cf624c0d05d2d44f54b12ccd9e
  2.   utils
  3.   oscap-cve.c
Blob History Raw
Packit 517ee8 
/*
Packit 517ee8 
 * Copyright 2010--2014 Red Hat Inc., Durham, North Carolina.
Packit 517ee8 
 * All Rights Reserved.
Packit 517ee8 
 *
Packit 517ee8 
 * This library is free software; you can redistribute it and/or
Packit 517ee8 
 * modify it under the terms of the GNU Lesser General Public
Packit 517ee8 
 * License as published by the Free Software Foundation; either
Packit 517ee8 
 * version 2.1 of the License, or (at your option) any later version.
Packit 517ee8 
 *
Packit 517ee8 
 * This library is distributed in the hope that it will be useful,
Packit 517ee8 
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit 517ee8 
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit 517ee8 
 * Lesser General Public License for more details.
Packit 517ee8 
 *
Packit 517ee8 
 * You should have received a copy of the GNU Lesser General Public
Packit 517ee8 
 * License along with this library; if not, write to the Free Software
Packit 517ee8 
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Packit 517ee8 
 *
Packit 517ee8 
 * Authors:
Packit 517ee8 
 *      Peter Vrabec  <pvrabec@redhat.com>
Packit 517ee8 
 */
Packit 517ee8
Packit 517ee8 
#ifdef HAVE_CONFIG_H
Packit 517ee8 
#include <config.h>
Packit 517ee8 
#endif
Packit 517ee8
Packit 517ee8 
/* Standard header files */
Packit 517ee8 
#include <stdio.h>
Packit 517ee8 
#include <stdlib.h>
Packit 517ee8 
#include <string.h>
Packit 517ee8 
#ifdef HAVE_GETOPT_H
Packit 517ee8 
#include <getopt.h>
Packit 517ee8 
#endif
Packit 517ee8 
#include <assert.h>
Packit 517ee8 
#include <math.h>
Packit 517ee8
Packit 517ee8 
#include <cve_nvd.h>
Packit 517ee8 
#include <oscap_source.h>
Packit 517ee8 
#include <xccdf_session.h>
Packit 517ee8
Packit 517ee8 
#include "oscap-tool.h"
Packit 517ee8
Packit 517ee8 
static bool getopt_cve(int argc, char **argv, struct oscap_action *action);
Packit 517ee8 
static int app_cve_validate(const struct oscap_action *action);
Packit 517ee8 
static int app_cve_find(const struct oscap_action *action);
Packit 517ee8
Packit 517ee8 
#define CVE_SUBMODULES_NUM 3 /* See actual CVE_SUBMODULES array
Packit 517ee8 
				initialization below. */
Packit 517ee8 
static struct oscap_module* CVE_SUBMODULES[CVE_SUBMODULES_NUM];
Packit 517ee8
Packit 517ee8 
struct oscap_module OSCAP_CVE_MODULE = {
Packit 517ee8 
    .name = "cve",
Packit 517ee8 
    .parent = &OSCAP_ROOT_MODULE,
Packit 517ee8 
    .summary = "Common Vulnerabilities and Exposures",
Packit 517ee8 
    .submodules = CVE_SUBMODULES
Packit 517ee8 
};
Packit 517ee8
Packit 517ee8 
static struct oscap_module CVE_VALIDATE_MODULE = {
Packit 517ee8 
    .name = "validate",
Packit 517ee8 
    .parent = &OSCAP_CVE_MODULE,
Packit 517ee8 
    .summary = "Validate CVE NVD feed",
Packit 517ee8 
    .usage = "nvd-feed.xml",
Packit 517ee8 
    .help = "Validate CVE NVD feed.",
Packit 517ee8 
    .opt_parser = getopt_cve,
Packit 517ee8 
    .func = app_cve_validate
Packit 517ee8 
};
Packit 517ee8
Packit 517ee8 
static struct oscap_module CVE_FIND_MODULE = {
Packit 517ee8 
    .name = "find",
Packit 517ee8 
    .parent = &OSCAP_CVE_MODULE,
Packit 517ee8 
    .summary = "Find particular CVE in CVE NVD feed",
Packit 517ee8 
    .usage = "CVE nvd-feed.xml",
Packit 517ee8 
    .help = "Find particular CVE in CVE NVD feed.",
Packit 517ee8 
    .opt_parser = getopt_cve,
Packit 517ee8 
    .func = app_cve_find
Packit 517ee8 
};
Packit 517ee8
Packit 517ee8 
static struct oscap_module* CVE_SUBMODULES[CVE_SUBMODULES_NUM] = {
Packit 517ee8 
    &CVE_VALIDATE_MODULE,
Packit 517ee8 
    &CVE_FIND_MODULE,
Packit 517ee8 
    NULL
Packit 517ee8 
};
Packit 517ee8
Packit 517ee8 
static int app_cve_validate(const struct oscap_action *action)
Packit 517ee8 
{
Packit 517ee8 
	int ret;
Packit 517ee8 
        int result;
Packit 517ee8
Packit 517ee8 
	struct oscap_source *source = oscap_source_new_from_file(action->cve_action->file);
Packit 517ee8 
	ret = oscap_source_validate(source, reporter, (void *) action);
Packit 517ee8 
	oscap_source_free(source);
Packit 517ee8 
        if (ret==-1) {
Packit 517ee8 
                result=OSCAP_ERROR;
Packit 517ee8 
                goto cleanup;
Packit 517ee8 
        }
Packit 517ee8 
        else if (ret==1) {
Packit 517ee8 
                result=OSCAP_FAIL;
Packit 517ee8 
        }
Packit 517ee8 
        else
Packit 517ee8 
                result=OSCAP_OK;
Packit 517ee8
Packit 517ee8 
cleanup:
Packit 517ee8 
        if (oscap_err())
Packit 517ee8 
                fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
Packit 517ee8
Packit 517ee8 
        free(action->cve_action);
Packit 517ee8 
        return result;
Packit 517ee8 
}
Packit 517ee8
Packit 517ee8 
static int app_cve_find(const struct oscap_action *action)
Packit 517ee8 
{
Packit 517ee8 
        struct cve_model *model = NULL;
Packit 517ee8 
        struct cve_entry *entry = NULL;
Packit 517ee8 
	struct cve_entry_iterator *entry_it;
Packit 517ee8 
	const struct cvss_impact *cvss;
Packit 517ee8 
        struct cvss_metrics *metrics;
Packit 517ee8 
        float base_score;
Packit 517ee8 
	char * vector;
Packit 517ee8 
	int result;
Packit 517ee8 
	struct cve_product_iterator *prod_it;
Packit 517ee8 
	struct cve_product *product;
Packit 517ee8
Packit 517ee8 
	model = cve_model_import(action->cve_action->file);
Packit 517ee8 
	if(!model) {
Packit 517ee8 
		result=OSCAP_ERROR;
Packit 517ee8 
		goto cleanup;
Packit 517ee8 
	}
Packit 517ee8
Packit 517ee8 
	entry_it = cve_model_get_entries(model);
Packit 517ee8 
	while (cve_entry_iterator_has_more(entry_it)) {
Packit 517ee8 
		entry = cve_entry_iterator_next(entry_it);
Packit 517ee8 
		if (!strcmp(cve_entry_get_id(entry), action->cve_action->cve))
Packit 517ee8 
			break;
Packit 517ee8 
		entry = NULL;
Packit 517ee8 
	}
Packit 517ee8 
	cve_entry_iterator_free(entry_it);
Packit 517ee8
Packit 517ee8 
	if (!entry) {
Packit 517ee8 
		result=OSCAP_FAIL;
Packit 517ee8 
		goto cleanup;
Packit 517ee8 
	}
Packit 517ee8
Packit 517ee8 
	printf("ID: %s\n", cve_entry_get_id(entry));
Packit 517ee8
Packit 517ee8 
	/* cvss content */
Packit 517ee8 
	cvss = cve_entry_get_cvss(entry);
Packit 517ee8 
	if (cvss) {
Packit 517ee8 
		metrics = cvss_impact_get_base_metrics(cvss);
Packit 517ee8 
		base_score = cvss_metrics_get_score(metrics);
Packit 517ee8 
		vector =  cvss_impact_to_vector(cvss);
Packit 517ee8 
		printf("Base Score: %.1f\n", base_score);
Packit 517ee8 
		printf("Vector String:\n\t%s\n", vector);
Packit 517ee8 
		free(vector);
Packit 517ee8 
	}
Packit 517ee8
Packit 517ee8 
	/* vulnerable-software-list */
Packit 517ee8 
	printf("Vulnerable Software:\n");
Packit 517ee8 
	prod_it=cve_entry_get_products(entry);
Packit 517ee8 
	while(cve_product_iterator_has_more(prod_it)) {
Packit 517ee8 
		product = cve_product_iterator_next(prod_it);
Packit 517ee8 
		printf("\t%s\n", cve_product_get_value(product));
Packit 517ee8 
	}
Packit 517ee8 
	cve_product_iterator_free(prod_it);
Packit 517ee8
Packit 517ee8 
	result=OSCAP_OK;
Packit 517ee8
Packit 517ee8 
cleanup:
Packit 517ee8 
        if (oscap_err())
Packit 517ee8 
                fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
Packit 517ee8
Packit 517ee8 
        if (model)
Packit 517ee8 
		cve_model_free(model);
Packit 517ee8 
        free(action->cve_action);
Packit 517ee8 
        return result;
Packit 517ee8 
}
Packit 517ee8
Packit 517ee8 
bool getopt_cve(int argc, char **argv, struct oscap_action *action)
Packit 517ee8 
{
Packit Service deda86 
        if (action->module == &CVE_VALIDATE_MODULE) {
Packit 517ee8 
                if( argc != 4 ) {
Packit 517ee8 
                        oscap_module_usage(action->module, stderr, "Wrong number of parameters.\n");
Packit 517ee8 
                        return false;
Packit 517ee8 
                }
Packit 517ee8 
                action->doctype = OSCAP_DOCUMENT_CVE_FEED;
Packit 517ee8 
                action->cve_action = malloc(sizeof(struct cve_action));
Packit 517ee8 
                action->cve_action->file=argv[3];
Packit 517ee8 
        }
Packit 517ee8 
	else if (action->module == &CVE_FIND_MODULE) {
Packit 517ee8 
	        if( argc != 5 ) {
Packit 517ee8 
                        oscap_module_usage(action->module, stderr, "Wrong number of parameters.\n");
Packit 517ee8 
                        return false;
Packit 517ee8 
                }
Packit 517ee8 
		action->doctype = OSCAP_DOCUMENT_CVE_FEED;
Packit 517ee8 
		action->cve_action = malloc(sizeof(struct cve_action));
Packit 517ee8 
		action->cve_action->cve=argv[3];
Packit 517ee8 
		action->cve_action->file=argv[4];
Packit 517ee8 
	}
Packit 517ee8
Packit 517ee8 
	return true;
Packit 517ee8 
}
Packit 517ee8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation