Mercurial > farol > farolluz
diff farolluz/templates/oval.j2 @ 0:e18b61a73a68
Initial Release
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 23 Sep 2014 15:19:14 +0200 |
parents | |
children | 2ee8fcfc99bc |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/farolluz/templates/oval.j2 Tue Sep 23 15:19:14 2014 +0200 @@ -0,0 +1,154 @@ +{# +# Description: +# Template for generation of OVAL documents +# +# Authors: +# Antu Sanadi <santu@secpod.com> +# +# Copyright: +# Copyright (C) 2014 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +-#} + +<?xml version="1.0" encoding="UTF-8"?> +{% import "oval_core.j2" as oval_core -%} +<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#esx esx-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#hpux hpux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#aix aix-definitions-schema.xsd"> + <generator> + <oval:product_name>SecPod SCAP Repository</oval:product_name> + <oval:schema_version>5.10</oval:schema_version> + <oval:timestamp>{{ now.isoformat() }}</oval:timestamp> + </generator> + <definitions> +{%- set done = [] %} +{% for prod in cvrf.getProductList() %} + {%- set os, package = cvrf._producttree.decomposeProduct(prod._productid) %} + {%- if os is not none %} + {%- set rls = os._name | release_map %} + {%- set rpm = package._name | for_rpmvuln %} + {%- if rls != 'UNKNOWN' %} + {%- if (rls, rpm) not in done %} + <definition version="1" class="inventory" id="oval:org.secpod.oval:def:501309"> + <metadata> + <title> {{ os._name }} is installed</title> + <affected family="unix"> + <platform>{{ os._name }}</platform> + </affected> + <reference source="CPE" ref_id="{{ os_cpe }}"/> + <description>{{ os._name }} is installed</description> + <oval_repository> + <dates> + <submitted date="{{ now.isoformat() }}"> + <contributor organization="SecPod Technologies">SecPod Team</contributor> + </submitted> + </dates> + <status>ACCEPTED</status> + </oval_repository> + </metadata> + <criteria> + <criterion comment="{{ os._name }} is installed" test_ref="oval:org.secpod.oval:tst:511359"/> + </criteria> + </definition> + <definition version="1" class="inventory" id="oval:org.secpod.oval:def:501309"> + <metadata> + <title> {{ package._name }} is installed</title> + <affected family="unix"> + <platform>{{ package._name }}</platform> + </affected> + <reference source="CPE" ref_id="{{ os_cpe }}"/> + <description>{{ package._name }} is installed</description> + <oval_repository> + <dates> + <submitted date="{{ now.isoformat() }}"> + <contributor organization="SecPod Technologies">SecPod Team</contributor> + </submitted> + </dates> + <status>ACCEPTED</status> + </oval_repository> + </metadata> + <criteria> + <criterion comment="{{ package._name }} is installed" test_ref="oval:org.secpod.oval:tst:511359"/> + </criteria> + </definition> + <definition version="0" class="patch" id="oval:org.secpod.oval:def:501352"> + <metadata> + <title>{{ cvrf._title }} ({{ cvrf._tracking._id }})</title> + <affected family="unix"> + <platform>{{ os._name }}</platform> + <product> {{ package._name }}</product> + </affected> + <reference source="VENDOR" ref_url="{% for ref in cvrf._references %} {%-if 'RHSA-' in ref._url %}{{ref._url}}{%- endif %} {%- endfor %}" ref_id="{{ cvrf._tracking._id }}"/> + + {%- for vuln in cvrf._vulnerabilities %} + <reference source="CVE" ref_url="http://www.scaprepo.com/view.jsp?id={{ vuln._cve }}" ref_id="{{ vuln._cve }}"/> + {%- endfor %}) + <description>{{ oval_core.notes(cvrf, 'Details') }}</description> + <oval_repository> + <dates> + <submitted date="{{ now.isoformat() }}"> + <contributor organization="SecPod Technologies">SecPod Team</contributor> + </submitted> + </dates> + <status>INITIAL SUBMISSION</status> + </oval_repository> + </metadata> + <criteria operator="AND"> + <extend_definition comment="{{ os._name }} is installed" definition_ref="oval:org.secpod.oval:def:501309"/> + <extend_definition comment=" {{ package._name }} is installed" definition_ref="oval:org.secpod.oval:def:203387"/> + <criteria comment="All dependent packages of {{ package._name }} " operator="OR"> + <criterion comment=" {{ package._name }} is earlier than 0:2.3.5-3.el7_0" test_ref="oval:org.secpod.oval:tst:215690"/> + </criteria> + </criteria> + </definition> + </definitions> + <tests> + <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Red Hat Enterprise Linux 7 is installed" id="oval:org.secpod.oval:tst:511359" version="1" check="all" check_existence="at_least_one_exists"> + <object object_ref="oval:org.secpod.oval:obj:500000"/> + <state state_ref="oval:org.secpod.oval:ste:502133"/> + </textfilecontent54_test> + <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="{{ package._name }} is installed" version="0" check="all" check_existence="at_least_one_exists"> + <object object_ref="oval:org.secpod.oval:obj:200887"/> + </rpminfo_test> + <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment=" {{ package._name }} is earlier than 0:2.3.5-3.el7_0" id="oval:org.secpod.oval:tst:215690" version="0" check="all" check_existence="at_least_one_exists"> + <object object_ref="oval:org.secpod.oval:obj:200887"/> + <state state_ref="oval:org.secpod.oval:ste:203835"/> + </rpminfo_test> + </tests> + <objects> + <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Object holds RHEL version" id="oval:org.secpod.oval:obj:500000" version="1"> + <path>/etc</path> + <filename>redhat-release</filename> + <pattern operation="pattern match">^Red Hat Enterprise.*release.*$</pattern> + <instance datatype="int">1</instance> + </textfilecontent54_object> + <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="resteasy-base package information" id="oval:org.secpod.oval:obj:200887" version="0"> + <name>{{ package._name }}</name> + </rpminfo_object> + </objects> + <states> + <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="State matches RHEL 7" id="oval:org.secpod.oval:ste:502133" version="1"> + <text operation="pattern match">^Red Hat Enterprise.*release 7.*$</text> + </textfilecontent54_state> + <rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="version is earlier than 0:2.3.5-3.el7_0" id="oval:org.secpod.oval:ste:203835" version="0"> + <evr datatype="evr_string" operation="less than">0:2.3.5-3.el7_0</evr> + </rpminfo_state> + </states> +</oval_definitions> + + {{- done.append((rls, rpm)) or '' }} + {%- endif %} + {%- endif %} + {%- endif %} +{%- endfor %}