source-git / openscap

Clone
Source Code
GIT

Files

  1.   1d6c5073488a43cf624c0d05d2d44f54b12ccd9e
  2.   utils
  3.   oscap-cvrf.c
Blob Blame History Raw 
/*
 * Copyright 2017 Red Hat Inc., Durham, North Carolina.
 * All Rights Reserved.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 *
 */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

/* Standard header files */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <assert.h>
#include <math.h>

#include <oscap.h>
#include <oscap_error.h>
#include <cvrf.h>
#include <oscap_source.h>

#include "oscap-tool.h"

static bool getopt_cvrf(int argc, char **argv, struct oscap_action *action);
static int app_cvrf_evaluate(const struct oscap_action *action);
static int app_cvrf_export(const struct oscap_action *action);
static int app_cvrf_validate(const struct oscap_action *action);

static struct oscap_module* CVRF_SUBMODULES[4];

struct oscap_module OSCAP_CVRF_MODULE = {
	.name = "cvrf",
	.parent = &OSCAP_ROOT_MODULE,
	.summary = "Common Vulnerability Reporting Framework",
	.submodules = CVRF_SUBMODULES
};

static struct oscap_module CVRF_EVALUATE_MODULE = {
	.name = "eval",
	.parent = &OSCAP_CVRF_MODULE,
	.summary = "Evaluate system for vulnerabilities",
	.usage = "[options] <cvrf file.xml>",
	.opt_parser = getopt_cvrf,
	.func = app_cvrf_evaluate,
	.help = "Options:\n"
		"   --index                       - Use index file to evaluate a directory of CVRF files.\n"
		"   --results                     - Filename to which evaluation results will be saved.\n",
};

static struct oscap_module CVRF_EXPORT_MODULE = {
	.name = "export",
	.parent = &OSCAP_CVRF_MODULE,
	.summary = "Download and export CVRF file to system",
	.usage = "[options] <cvrf file.xml>",
	.opt_parser = getopt_cvrf,
	.func = app_cvrf_export,
	.help = "Options:\n"
		"   --index                       - Use index file to export a directory of CVRF files \n"
		"   --output                      - Filename to which exported CVRF document will be saved.\n",
};

static struct oscap_module CVRF_VALIDATE_MODULE = {
	.name = "validate",
	.parent = &OSCAP_CVRF_MODULE,
	.summary = "Ensure that provided file input follows CVRF format correctly",
	.usage = "[options] <cvrf file.xml>",
	.opt_parser = getopt_cvrf,
	.func = app_cvrf_validate,
	.help = "Options:\n"
		"   --index                       - Use index file to validate a directory of CVRF files \n",
};

static struct oscap_module* CVRF_SUBMODULES[] = {
	&CVRF_EVALUATE_MODULE,
	&CVRF_EXPORT_MODULE,
	&CVRF_VALIDATE_MODULE,
	NULL
};

static int app_cvrf_evaluate(const struct oscap_action *action) {
	int result = OSCAP_OK;
	// Temporary hardcoded CPE until CPE name can be found without input by CVRF functions
	// themselves
	const char *os_name = "Red Hat Enterprise Linux Desktop Supplementary (v. 6)";
	struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
	if (import_source == NULL)
		return OSCAP_ERROR;

	int ret = oscap_source_validate(import_source, reporter, (void *) action);
	if (ret != 0) {
		result = OSCAP_ERROR;
		goto cleanup;
	}

	struct oscap_source *export_source = cvrf_model_get_results_source(import_source, os_name);
	if (export_source == NULL) {
		result = OSCAP_ERROR;
		goto cleanup;
	}

	if (oscap_source_save_as(export_source, action->cvrf_action->f_results) == -1) {
		result = OSCAP_ERROR;
	}
	oscap_source_free(export_source);

cleanup:
	if (oscap_err())
		fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());
	oscap_source_free(import_source);
	free(action->cvrf_action);
	return result;
}

static int app_cvrf_export(const struct oscap_action *action) {
	struct oscap_source *import_source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
	if (import_source == NULL)
		return OSCAP_ERROR;

	int result = OSCAP_OK;
	if (action->cvrf_action->index == 1) {
		struct cvrf_index *index = cvrf_index_import(import_source);
		if (index == NULL) {
			result = OSCAP_ERROR;
			goto cleanup;
		}
		struct oscap_source *export_source = cvrf_index_get_export_source(index);
		if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0)
			result = OSCAP_ERROR;
		oscap_source_free(export_source);
		cvrf_index_free(index);
	} else {
		struct cvrf_model *model = cvrf_model_import(import_source);
		if(model == NULL) {
			result = OSCAP_ERROR;
			goto cleanup;
		}
		struct oscap_source *export_source = cvrf_model_get_export_source(model);
		if (oscap_source_save_as(export_source, action->cvrf_action->f_output) != 0)
			result = OSCAP_ERROR;
		oscap_source_free(export_source);
		cvrf_model_free(model);
	}

	cleanup:
		if (oscap_err())
			fprintf(stderr, "%s %s\n", OSCAP_ERR_MSG, oscap_err_desc());

	oscap_source_free(import_source);
	free(action->cvrf_action);
	return result;
}

static int app_cvrf_validate(const struct oscap_action *action) {
	int result;
	struct oscap_source *source = oscap_source_new_from_file(action->cvrf_action->f_cvrf);
	int ret = oscap_source_validate(source, reporter, (void *) action);

	if (ret==-1) {
		result=OSCAP_ERROR;
	} else if (ret==1) {
		result=OSCAP_FAIL;
	} else {
		result=OSCAP_OK;
	}

	oscap_source_free(source);
	oscap_print_error();
	return result;
}

// There will likely be more options needed in the future; this is
// just a basic set up for the command line usage
enum cvrf_opt {
	CVRF_OPT_INDEX,
	CVRF_OPT_RESULT_FILE,
	CVRF_OPT_OUTPUT_FILE,
};

bool getopt_cvrf(int argc, char **argv, struct oscap_action *action) {
	action->doctype = OSCAP_DOCUMENT_CVRF_FEED;
	action->cvrf_action = malloc(sizeof(struct cvrf_action));
	struct cvrf_action *cvrf_action = action->cvrf_action;

	static const struct option long_options[] = {
		{"index", 0, NULL, CVRF_OPT_INDEX},
		{"results", 1, NULL, CVRF_OPT_RESULT_FILE},
		{"output", 1, NULL, CVRF_OPT_OUTPUT_FILE},
		{0, 0, 0, 0}
	};

	int c;
	while ((c = getopt_long(argc, argv, "+", long_options, NULL)) != -1) {
		switch (c) {
			case CVRF_OPT_INDEX:
				cvrf_action->index = 1;
				break;
			case CVRF_OPT_RESULT_FILE:
				cvrf_action->f_results = optarg;
				break;
			case CVRF_OPT_OUTPUT_FILE:
				cvrf_action->f_output = optarg;
				break;
			default:
				return oscap_module_usage(action->module, stderr, NULL);
		}
	}

	if (optind >= argc)
		return oscap_module_usage(action->module, stderr, "CVRF file needs to be specified!\n");
	cvrf_action->f_cvrf = argv[optind];
	return true;
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation