openscap 0.4.8 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +7 -18
- data/Rakefile +4 -2
- data/lib/openscap/all.rb +2 -11
- data/lib/openscap/ds/arf.rb +5 -13
- data/lib/openscap/ds/sds.rb +9 -12
- data/lib/openscap/exceptions.rb +1 -10
- data/lib/openscap/libc.rb +1 -10
- data/lib/openscap/openscap.rb +11 -11
- data/lib/openscap/source.rb +12 -17
- data/lib/openscap/text.rb +35 -15
- data/lib/openscap/version.rb +2 -11
- data/lib/openscap/xccdf/benchmark.rb +65 -22
- data/lib/openscap/xccdf/fix.rb +6 -14
- data/lib/openscap/xccdf/group.rb +33 -10
- data/lib/openscap/xccdf/ident.rb +2 -10
- data/lib/openscap/xccdf/item.rb +36 -71
- data/lib/openscap/xccdf/item_common.rb +40 -0
- data/lib/openscap/xccdf/policy.rb +11 -10
- data/lib/openscap/xccdf/policy_model.rb +16 -16
- data/lib/openscap/xccdf/profile.rb +10 -19
- data/lib/openscap/xccdf/reference.rb +5 -13
- data/lib/openscap/xccdf/rule.rb +12 -25
- data/lib/openscap/xccdf/ruleresult.rb +1 -10
- data/lib/openscap/xccdf/session.rb +20 -30
- data/lib/openscap/xccdf/status.rb +35 -0
- data/lib/openscap/xccdf/tailoring.rb +4 -16
- data/lib/openscap/xccdf/testresult.rb +11 -26
- data/lib/openscap/xccdf/value.rb +1 -10
- data/lib/openscap/xccdf.rb +2 -11
- data/lib/openscap.rb +1 -10
- data/test/common/testcase.rb +2 -11
- data/test/data/sds-complex.xml +1 -1
- data/test/data/xccdf.xml +2 -1
- data/test/ds/arf_test.rb +11 -20
- data/test/ds/sds_test.rb +24 -15
- data/test/integration/arf_waiver_test.rb +6 -15
- data/test/openscap_test.rb +1 -10
- data/test/source_test.rb +14 -23
- data/test/text_test.rb +1 -10
- data/test/xccdf/arf_test.rb +2 -12
- data/test/xccdf/benchmark_test.rb +97 -20
- data/test/xccdf/item_test.rb +82 -0
- data/test/xccdf/policy_test.rb +36 -17
- data/test/xccdf/profile_test.rb +51 -18
- data/test/xccdf/session_ds_test.rb +14 -23
- data/test/xccdf/session_test.rb +3 -12
- data/test/xccdf/tailoring_test.rb +1 -10
- data/test/xccdf/testresult_test.rb +10 -19
- data/test/xccdf/value_test.rb +67 -0
- metadata +16 -27
data/lib/openscap/xccdf/item.rb
CHANGED
@@ -1,26 +1,20 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2015--2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/exceptions'
|
13
4
|
require 'openscap/text'
|
5
|
+
require 'openscap/xccdf/item_common'
|
14
6
|
require 'openscap/xccdf/group'
|
15
7
|
require 'openscap/xccdf/rule'
|
16
|
-
require 'openscap/xccdf/reference'
|
17
8
|
|
18
9
|
module OpenSCAP
|
19
10
|
module Xccdf
|
20
11
|
class Item
|
12
|
+
include ItemCommon # reflects OpenSCAP's struct xccdf_item (thus operates with Benchmark, Profile, Group, Rule, and Value)
|
13
|
+
|
21
14
|
def self.build(t)
|
22
15
|
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} with #{t}" \
|
23
16
|
unless t.is_a?(FFI::Pointer)
|
17
|
+
|
24
18
|
# This is Abstract base class that enables you to build its child
|
25
19
|
case OpenSCAP.xccdf_item_get_type t
|
26
20
|
when :group
|
@@ -33,79 +27,36 @@ module OpenSCAP
|
|
33
27
|
end
|
34
28
|
|
35
29
|
def initialize(t)
|
36
|
-
|
37
|
-
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} abstract base class."
|
38
|
-
end
|
39
|
-
@raw = t
|
40
|
-
end
|
41
|
-
|
42
|
-
def id
|
43
|
-
OpenSCAP.xccdf_item_get_id @raw
|
44
|
-
end
|
30
|
+
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} abstract base class." if instance_of?(OpenSCAP::Xccdf::Item)
|
45
31
|
|
46
|
-
|
47
|
-
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_title(@raw))
|
48
|
-
title = textlist.plaintext(prefered_lang)
|
49
|
-
textlist.destroy
|
50
|
-
title
|
51
|
-
end
|
52
|
-
|
53
|
-
def description(prefered_lang = nil)
|
54
|
-
textlist = OpenSCAP::TextList.new(OpenSCAP.xccdf_item_get_description(@raw))
|
55
|
-
description = textlist.plaintext(prefered_lang)
|
56
|
-
textlist.destroy
|
57
|
-
description
|
32
|
+
@raw = t
|
58
33
|
end
|
59
34
|
|
60
|
-
def rationale(prefered_lang = nil)
|
61
|
-
|
62
|
-
rationale = textlist.plaintext(prefered_lang)
|
63
|
-
textlist.destroy
|
64
|
-
rationale
|
35
|
+
def rationale(prefered_lang = nil, markup: false)
|
36
|
+
TextList.extract(OpenSCAP.xccdf_item_get_rationale(@raw), lang: prefered_lang, markup:)
|
65
37
|
end
|
66
38
|
|
67
|
-
def
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
39
|
+
def warnings
|
40
|
+
@warnings ||= [].tap do |warns|
|
41
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_warnings(@raw), as: 'xccdf_warning' do |pointer|
|
42
|
+
warns << {
|
43
|
+
category: OpenSCAP.xccdf_warning_get_category(pointer),
|
44
|
+
text: Text.new(OpenSCAP.xccdf_warning_get_text(pointer))
|
45
|
+
}
|
46
|
+
end
|
73
47
|
end
|
74
|
-
OpenSCAP.oscap_reference_iterator_free refs_it
|
75
|
-
refs
|
76
48
|
end
|
77
49
|
|
78
|
-
def sub_items
|
79
|
-
@sub_items ||= sub_items_init
|
80
|
-
end
|
50
|
+
def sub_items = {}
|
81
51
|
|
82
52
|
def destroy
|
83
53
|
OpenSCAP.xccdf_item_free @raw
|
84
54
|
@raw = nil
|
85
55
|
end
|
86
|
-
|
87
|
-
private
|
88
|
-
|
89
|
-
def sub_items_init
|
90
|
-
collect = {}
|
91
|
-
items_it = OpenSCAP.xccdf_item_get_content @raw
|
92
|
-
while OpenSCAP.xccdf_item_iterator_has_more items_it
|
93
|
-
item_p = OpenSCAP.xccdf_item_iterator_next items_it
|
94
|
-
item = OpenSCAP::Xccdf::Item.build item_p
|
95
|
-
collect.merge! item.sub_items
|
96
|
-
collect[item.id] = item
|
97
|
-
end
|
98
|
-
OpenSCAP.xccdf_item_iterator_free items_it
|
99
|
-
collect
|
100
|
-
end
|
101
56
|
end
|
102
57
|
end
|
103
58
|
|
104
|
-
attach_function :xccdf_item_get_id, [:pointer], :string
|
105
|
-
attach_function :xccdf_item_get_content, [:pointer], :pointer
|
106
59
|
attach_function :xccdf_item_free, [:pointer], :void
|
107
|
-
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
108
|
-
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
109
60
|
attach_function :xccdf_item_get_rationale, [:pointer], :pointer
|
110
61
|
|
111
62
|
XccdfItemType = enum(:benchmark, 0x0100,
|
@@ -116,11 +67,25 @@ module OpenSCAP
|
|
116
67
|
:value, 0x4000)
|
117
68
|
attach_function :xccdf_item_get_type, [:pointer], XccdfItemType
|
118
69
|
|
119
|
-
|
120
|
-
|
121
|
-
|
70
|
+
enum :xccdf_warning_category_t, [
|
71
|
+
:not_specified, # empty value
|
72
|
+
:general, # General-purpose warning
|
73
|
+
:functionality, # Warning about possible impacts to functionality
|
74
|
+
:performance, # Warning about changes to target system performance
|
75
|
+
:hardware, # Warning about hardware restrictions or possible impacts to hardware
|
76
|
+
:legal, # Warning about legal implications
|
77
|
+
:regulatory, # Warning about regulatory obligations
|
78
|
+
:management, # Warning about impacts to the mgmt or administration of the target system
|
79
|
+
:audit, # Warning about impacts to audit or logging
|
80
|
+
:dependency # Warning about dependencies between this Rule and other parts of the target system
|
81
|
+
]
|
82
|
+
attach_function :xccdf_item_get_warnings, [:pointer], :pointer
|
83
|
+
attach_function :xccdf_warning_iterator_has_more, [:pointer], :bool
|
84
|
+
attach_function :xccdf_warning_iterator_next, [:pointer], :pointer
|
85
|
+
attach_function :xccdf_warning_iterator_free, [:pointer], :void
|
86
|
+
attach_function :xccdf_warning_get_category, [:pointer], :xccdf_warning_category_t
|
87
|
+
attach_function :xccdf_warning_get_text, [:pointer], :pointer
|
122
88
|
|
123
|
-
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
124
89
|
attach_function :oscap_reference_iterator_has_more, [:pointer], :bool
|
125
90
|
attach_function :oscap_reference_iterator_next, [:pointer], :pointer
|
126
91
|
attach_function :oscap_reference_iterator_free, [:pointer], :void
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'openscap/text'
|
4
|
+
require 'openscap/xccdf/reference'
|
5
|
+
|
6
|
+
module OpenSCAP
|
7
|
+
module Xccdf
|
8
|
+
module ItemCommon
|
9
|
+
def id
|
10
|
+
OpenSCAP.xccdf_item_get_id @raw
|
11
|
+
end
|
12
|
+
|
13
|
+
def version
|
14
|
+
OpenSCAP.xccdf_item_get_version @raw
|
15
|
+
end
|
16
|
+
|
17
|
+
def title lang: nil
|
18
|
+
TextList.extract OpenSCAP.xccdf_item_get_title(@raw), lang:, markup: false
|
19
|
+
end
|
20
|
+
|
21
|
+
def description prefered_lang: nil, markup: true
|
22
|
+
TextList.extract(OpenSCAP.xccdf_item_get_description(@raw), lang: prefered_lang, markup:)
|
23
|
+
end
|
24
|
+
|
25
|
+
def references
|
26
|
+
refs = []
|
27
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_item_get_references(@raw), as: 'oscap_reference' do |pointer|
|
28
|
+
refs << OpenSCAP::Xccdf::Reference.new(pointer)
|
29
|
+
end
|
30
|
+
refs
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
attach_function :xccdf_item_get_id, [:pointer], :string
|
36
|
+
attach_function :xccdf_item_get_title, [:pointer], :pointer
|
37
|
+
attach_function :xccdf_item_get_description, [:pointer], :pointer
|
38
|
+
attach_function :xccdf_item_get_references, [:pointer], :pointer
|
39
|
+
attach_function :xccdf_item_get_version, [:pointer], :string
|
40
|
+
end
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/exceptions'
|
13
4
|
|
@@ -30,8 +21,18 @@ module OpenSCAP
|
|
30
21
|
def id
|
31
22
|
OpenSCAP.xccdf_policy_get_id raw
|
32
23
|
end
|
24
|
+
|
25
|
+
def profile
|
26
|
+
Profile.new OpenSCAP.xccdf_policy_get_profile @raw
|
27
|
+
end
|
28
|
+
|
29
|
+
def selects_item?(item_idref)
|
30
|
+
OpenSCAP.xccdf_policy_is_item_selected @raw, item_idref
|
31
|
+
end
|
33
32
|
end
|
34
33
|
end
|
35
34
|
|
36
35
|
attach_function :xccdf_policy_get_id, [:pointer], :string
|
36
|
+
attach_function :xccdf_policy_get_profile, [:pointer], :pointer
|
37
|
+
attach_function :xccdf_policy_is_item_selected, %i[pointer string], :bool
|
37
38
|
end
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/exceptions'
|
13
4
|
require 'openscap/xccdf/benchmark'
|
@@ -27,6 +18,12 @@ module OpenSCAP
|
|
27
18
|
"Cannot initialize OpenSCAP::Xccdf::PolicyModel with '#{b}'"
|
28
19
|
end
|
29
20
|
OpenSCAP.raise! if @raw.null?
|
21
|
+
|
22
|
+
begin
|
23
|
+
yield self
|
24
|
+
ensure
|
25
|
+
destroy
|
26
|
+
end if block_given?
|
30
27
|
end
|
31
28
|
|
32
29
|
def policies
|
@@ -38,18 +35,21 @@ module OpenSCAP
|
|
38
35
|
@raw = nil
|
39
36
|
end
|
40
37
|
|
38
|
+
def each_policy(&)
|
39
|
+
OpenSCAP.raise! unless OpenSCAP.xccdf_policy_model_build_all_useful_policies(raw).zero?
|
40
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_policy_model_get_policies(@raw),
|
41
|
+
as: 'xccdf_policy' do |pointer|
|
42
|
+
yield OpenSCAP::Xccdf::Policy.new pointer
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
41
46
|
private
|
42
47
|
|
43
48
|
def policies_init
|
44
49
|
policies = {}
|
45
|
-
|
46
|
-
polit = OpenSCAP.xccdf_policy_model_get_policies raw
|
47
|
-
while OpenSCAP.xccdf_policy_iterator_has_more polit
|
48
|
-
policy_p = OpenSCAP.xccdf_policy_iterator_next polit
|
49
|
-
policy = OpenSCAP::Xccdf::Policy.new policy_p
|
50
|
+
each_policy do |policy|
|
50
51
|
policies[policy.id] = policy
|
51
52
|
end
|
52
|
-
OpenSCAP.xccdf_policy_iterator_free polit
|
53
53
|
policies
|
54
54
|
end
|
55
55
|
end
|
@@ -1,19 +1,12 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2014 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/text'
|
4
|
+
require 'openscap/xccdf/item_common'
|
13
5
|
|
14
6
|
module OpenSCAP
|
15
7
|
module Xccdf
|
16
8
|
class Profile
|
9
|
+
include ItemCommon
|
17
10
|
attr_reader :raw
|
18
11
|
|
19
12
|
def initialize(p)
|
@@ -25,19 +18,17 @@ module OpenSCAP
|
|
25
18
|
end
|
26
19
|
end
|
27
20
|
|
28
|
-
def
|
29
|
-
OpenSCAP.
|
21
|
+
def status_current
|
22
|
+
pointer = OpenSCAP.xccdf_profile_get_status_current @raw
|
23
|
+
Status.new pointer unless pointer.null?
|
30
24
|
end
|
31
25
|
|
32
|
-
def
|
33
|
-
|
34
|
-
title = textlist.plaintext(prefered_lang)
|
35
|
-
textlist.destroy
|
36
|
-
title
|
26
|
+
def abstract?
|
27
|
+
OpenSCAP.xccdf_profile_get_abstract @raw
|
37
28
|
end
|
38
29
|
end
|
39
30
|
end
|
40
31
|
|
41
|
-
attach_function :
|
42
|
-
attach_function :
|
32
|
+
attach_function :xccdf_profile_get_status_current, [:pointer], :pointer
|
33
|
+
attach_function :xccdf_profile_get_abstract, [:pointer], :bool
|
43
34
|
end
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2015--2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
module OpenSCAP
|
13
4
|
module Xccdf
|
@@ -15,6 +6,7 @@ module OpenSCAP
|
|
15
6
|
def initialize(raw)
|
16
7
|
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} with '#{raw}'" \
|
17
8
|
unless raw.is_a?(FFI::Pointer)
|
9
|
+
|
18
10
|
@raw = raw
|
19
11
|
end
|
20
12
|
|
@@ -32,9 +24,9 @@ module OpenSCAP
|
|
32
24
|
|
33
25
|
def to_hash
|
34
26
|
{
|
35
|
-
|
36
|
-
|
37
|
-
:
|
27
|
+
title:,
|
28
|
+
href:,
|
29
|
+
html_link:
|
38
30
|
}
|
39
31
|
end
|
40
32
|
end
|
data/lib/openscap/xccdf/rule.rb
CHANGED
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2015 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/exceptions'
|
13
4
|
require 'openscap/xccdf/item'
|
@@ -20,33 +11,29 @@ module OpenSCAP
|
|
20
11
|
def severity
|
21
12
|
severity = OpenSCAP.xccdf_rule_get_severity(@raw)
|
22
13
|
severity_mapping = {
|
23
|
-
:
|
24
|
-
:
|
25
|
-
:
|
26
|
-
:
|
27
|
-
:
|
28
|
-
:
|
14
|
+
xccdf_level_not_defined: 'Not defined',
|
15
|
+
xccdf_unknown: 'Unknown',
|
16
|
+
xccdf_info: 'Info',
|
17
|
+
xccdf_low: 'Low',
|
18
|
+
xccdf_medium: 'Medium',
|
19
|
+
xccdf_high: 'High'
|
29
20
|
}
|
30
|
-
severity_mapping[severity]
|
21
|
+
severity_mapping[severity] || severity_mapping[:xccdf_unknown]
|
31
22
|
end
|
32
23
|
|
33
24
|
def fixes
|
34
25
|
fixes = []
|
35
|
-
|
36
|
-
|
37
|
-
fixes << OpenSCAP::Xccdf::Fix.new(OpenSCAP.xccdf_fix_iterator_next(items_it))
|
26
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_rule_get_fixes(@raw), as: 'xccdf_fix' do |pointer|
|
27
|
+
fixes << OpenSCAP::Xccdf::Fix.new(pointer)
|
38
28
|
end
|
39
|
-
OpenSCAP.xccdf_fix_iterator_free items_it
|
40
29
|
fixes
|
41
30
|
end
|
42
31
|
|
43
32
|
def idents
|
44
33
|
idents = []
|
45
|
-
|
46
|
-
|
47
|
-
idents << OpenSCAP::Xccdf::Ident.new(OpenSCAP.xccdf_ident_iterator_next(idents_it))
|
34
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_rule_get_idents(@raw), as: 'xccdf_ident' do |pointer|
|
35
|
+
idents << OpenSCAP::Xccdf::Ident.new(pointer)
|
48
36
|
end
|
49
|
-
OpenSCAP.xccdf_ident_iterator_free idents_it
|
50
37
|
idents
|
51
38
|
end
|
52
39
|
end
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2014--2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/exceptions'
|
13
4
|
require 'openscap/text'
|
@@ -1,19 +1,11 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2014--2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
module OpenSCAP
|
13
4
|
module Xccdf
|
14
5
|
class Session
|
15
6
|
def initialize(input_filename)
|
16
7
|
raise OpenSCAPError, 'No filename specified!' unless input_filename
|
8
|
+
|
17
9
|
@input_filename = input_filename
|
18
10
|
@s = OpenSCAP.xccdf_session_new(input_filename)
|
19
11
|
OpenSCAP.raise! if @s.null?
|
@@ -25,8 +17,8 @@ module OpenSCAP
|
|
25
17
|
|
26
18
|
def load(opts = {})
|
27
19
|
o = {
|
28
|
-
:
|
29
|
-
:
|
20
|
+
datastream_id: nil,
|
21
|
+
component_id: nil
|
30
22
|
}.merge(opts)
|
31
23
|
if sds?
|
32
24
|
OpenSCAP.xccdf_session_set_datastream_id(@s, o[:datastream_id])
|
@@ -38,9 +30,7 @@ module OpenSCAP
|
|
38
30
|
|
39
31
|
def profile=(p)
|
40
32
|
@profile = p
|
41
|
-
if OpenSCAP.xccdf_session_set_profile_id(@s, p) == false
|
42
|
-
raise OpenSCAPError, "No profile '" + p + "' found"
|
43
|
-
end
|
33
|
+
raise OpenSCAPError, "No profile '#{p}' found" if OpenSCAP.xccdf_session_set_profile_id(@s, p) == false
|
44
34
|
end
|
45
35
|
|
46
36
|
def evaluate
|
@@ -53,12 +43,12 @@ module OpenSCAP
|
|
53
43
|
|
54
44
|
def export_results(opts = {})
|
55
45
|
o = {
|
56
|
-
:
|
57
|
-
:
|
58
|
-
:
|
59
|
-
:
|
60
|
-
:
|
61
|
-
:
|
46
|
+
rds_file: nil,
|
47
|
+
xccdf_file: nil,
|
48
|
+
report_file: nil,
|
49
|
+
oval_results: false,
|
50
|
+
oval_variables: false,
|
51
|
+
engines_results: false
|
62
52
|
}.merge!(opts)
|
63
53
|
export_targets o
|
64
54
|
export
|
@@ -102,13 +92,13 @@ module OpenSCAP
|
|
102
92
|
|
103
93
|
attach_function :xccdf_session_is_sds, [:pointer], :bool
|
104
94
|
|
105
|
-
attach_function :xccdf_session_set_profile_id, [
|
106
|
-
attach_function :xccdf_session_set_datastream_id, [
|
107
|
-
attach_function :xccdf_session_set_component_id, [
|
108
|
-
attach_function :xccdf_session_set_arf_export, [
|
109
|
-
attach_function :xccdf_session_set_xccdf_export, [
|
110
|
-
attach_function :xccdf_session_set_report_export, [
|
111
|
-
attach_function :xccdf_session_set_oval_variables_export, [
|
112
|
-
attach_function :xccdf_session_set_oval_results_export, [
|
113
|
-
attach_function :xccdf_session_set_check_engine_plugins_results_export, [
|
95
|
+
attach_function :xccdf_session_set_profile_id, %i[pointer string], :bool
|
96
|
+
attach_function :xccdf_session_set_datastream_id, %i[pointer string], :void
|
97
|
+
attach_function :xccdf_session_set_component_id, %i[pointer string], :void
|
98
|
+
attach_function :xccdf_session_set_arf_export, %i[pointer string], :bool
|
99
|
+
attach_function :xccdf_session_set_xccdf_export, %i[pointer string], :bool
|
100
|
+
attach_function :xccdf_session_set_report_export, %i[pointer string], :bool
|
101
|
+
attach_function :xccdf_session_set_oval_variables_export, %i[pointer bool], :void
|
102
|
+
attach_function :xccdf_session_set_oval_results_export, %i[pointer bool], :void
|
103
|
+
attach_function :xccdf_session_set_check_engine_plugins_results_export, %i[pointer bool], :void
|
114
104
|
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module OpenSCAP
|
4
|
+
module Xccdf
|
5
|
+
class Status
|
6
|
+
def initialize(raw)
|
7
|
+
raise OpenSCAP::OpenSCAPError, "Cannot initialize #{self.class.name} with '#{raw}'" \
|
8
|
+
unless raw.is_a?(FFI::Pointer)
|
9
|
+
|
10
|
+
@raw = raw
|
11
|
+
end
|
12
|
+
|
13
|
+
def status
|
14
|
+
OpenSCAP.xccdf_status_get_status @raw
|
15
|
+
end
|
16
|
+
|
17
|
+
def date
|
18
|
+
unix_t = OpenSCAP.xccdf_status_get_date @raw
|
19
|
+
Time.at unix_t
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
enum :xccdf_status_type_t, [
|
25
|
+
:not_specified, # empty value
|
26
|
+
:accepted,
|
27
|
+
:deprecated,
|
28
|
+
:draft,
|
29
|
+
:incomplete,
|
30
|
+
:interim
|
31
|
+
]
|
32
|
+
|
33
|
+
attach_function :xccdf_status_get_status, [:pointer], :xccdf_status_type_t
|
34
|
+
attach_function :xccdf_status_get_date, [:pointer], :time_t
|
35
|
+
end
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/source'
|
13
4
|
require 'openscap/xccdf/profile'
|
@@ -40,19 +31,16 @@ module OpenSCAP
|
|
40
31
|
|
41
32
|
def profiles_init
|
42
33
|
profiles = {}
|
43
|
-
|
44
|
-
|
45
|
-
profile_p = OpenSCAP.xccdf_profile_iterator_next profit
|
46
|
-
profile = OpenSCAP::Xccdf::Profile.new profile_p
|
34
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_tailoring_get_profiles(@raw), as: 'xccdf_profile' do |pointer|
|
35
|
+
profile = OpenSCAP::Xccdf::Profile.new pointer
|
47
36
|
profiles[profile.id] = profile
|
48
37
|
end
|
49
|
-
OpenSCAP.xccdf_profile_iterator_free profit
|
50
38
|
profiles
|
51
39
|
end
|
52
40
|
end
|
53
41
|
end
|
54
42
|
|
55
|
-
attach_function :xccdf_tailoring_import_source, [
|
43
|
+
attach_function :xccdf_tailoring_import_source, %i[pointer pointer], :pointer
|
56
44
|
attach_function :xccdf_tailoring_free, [:pointer], :void
|
57
45
|
|
58
46
|
attach_function :xccdf_tailoring_get_profiles, [:pointer], :pointer
|
@@ -1,13 +1,4 @@
|
|
1
|
-
#
|
2
|
-
# Copyright (c) 2014--2016 Red Hat Inc.
|
3
|
-
#
|
4
|
-
# This software is licensed to you under the GNU General Public License,
|
5
|
-
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
6
|
-
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
7
|
-
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
8
|
-
# along with this software; if not, see
|
9
|
-
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
10
|
-
#
|
1
|
+
# frozen_string_literal: true
|
11
2
|
|
12
3
|
require 'openscap/source'
|
13
4
|
require 'openscap/exceptions'
|
@@ -17,8 +8,7 @@ require 'openscap/xccdf/ruleresult'
|
|
17
8
|
module OpenSCAP
|
18
9
|
module Xccdf
|
19
10
|
class TestResult
|
20
|
-
attr_reader :rr
|
21
|
-
attr_reader :raw
|
11
|
+
attr_reader :rr, :raw
|
22
12
|
|
23
13
|
def initialize(t)
|
24
14
|
case t
|
@@ -67,27 +57,22 @@ module OpenSCAP
|
|
67
57
|
|
68
58
|
def init_ruleresults
|
69
59
|
@rr = {}
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
rr = OpenSCAP::Xccdf::RuleResult.new rr_raw
|
60
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_result_get_rule_results(@raw),
|
61
|
+
as: 'xccdf_rule_result' do |pointer|
|
62
|
+
rr = OpenSCAP::Xccdf::RuleResult.new pointer
|
74
63
|
@rr[rr.id] = rr
|
75
64
|
end
|
76
|
-
OpenSCAP.xccdf_rule_result_iterator_free(rr_it)
|
77
65
|
end
|
78
66
|
|
79
67
|
def score_init
|
80
68
|
scores = {}
|
81
|
-
|
82
|
-
while OpenSCAP.xccdf_score_iterator_has_more(scorit)
|
83
|
-
s = OpenSCAP.xccdf_score_iterator_next(scorit)
|
69
|
+
OpenSCAP._iterate over: OpenSCAP.xccdf_result_get_scores(@raw), as: 'xccdf_score' do |s|
|
84
70
|
scores[OpenSCAP.xccdf_score_get_system(s)] = {
|
85
|
-
:
|
86
|
-
:
|
87
|
-
:
|
71
|
+
system: OpenSCAP.xccdf_score_get_system(s),
|
72
|
+
value: OpenSCAP.xccdf_score_get_score(s),
|
73
|
+
max: OpenSCAP.xccdf_score_get_maximum(s)
|
88
74
|
}
|
89
75
|
end
|
90
|
-
OpenSCAP.xccdf_score_iterator_free(scorit)
|
91
76
|
scores
|
92
77
|
end
|
93
78
|
end
|
@@ -97,8 +82,8 @@ module OpenSCAP
|
|
97
82
|
attach_function :xccdf_result_free, [:pointer], :void
|
98
83
|
attach_function :xccdf_result_get_id, [:pointer], :string
|
99
84
|
attach_function :xccdf_result_get_profile, [:pointer], :string
|
100
|
-
attach_function :xccdf_result_recalculate_scores, [
|
101
|
-
attach_function :xccdf_result_export_source, [
|
85
|
+
attach_function :xccdf_result_recalculate_scores, %i[pointer pointer], :int
|
86
|
+
attach_function :xccdf_result_export_source, %i[pointer string], :pointer
|
102
87
|
|
103
88
|
attach_function :xccdf_result_get_rule_results, [:pointer], :pointer
|
104
89
|
attach_function :xccdf_rule_result_iterator_has_more, [:pointer], :bool
|