benoit@0: {#
benoit@0: # Description:
benoit@0: # Template for generation of OVAL documents
benoit@0: #
benoit@0: # Authors:
benoit@0: # Antu Sanadi <santu@secpod.com>
benoit@0: #
benoit@0: # Copyright:
benoit@0: # Copyright (C) 2014 Greenbone Networks GmbH
benoit@0: #
benoit@0: # This program is free software; you can redistribute it and/or
benoit@0: # modify it under the terms of the GNU General Public License
benoit@0: # as published by the Free Software Foundation; either version 2
benoit@0: # of the License, or (at your option) any later version.
benoit@0: #
benoit@0: # This program is distributed in the hope that it will be useful,
benoit@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of
benoit@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
benoit@0: # GNU General Public License for more details.
benoit@0: #
benoit@0: # You should have received a copy of the GNU General Public License
benoit@0: # along with this program; if not, write to the Free Software
benoit@0: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
benoit@0: -#}
benoit@0: 
benoit@0: <?xml version="1.0" encoding="UTF-8"?>
benoit@0: {% import "oval_core.j2" as oval_core -%}
benoit@0: <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#esx esx-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#hpux hpux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#aix aix-definitions-schema.xsd">
benoit@0:   <generator>
benoit@0:     <oval:product_name>SecPod SCAP Repository</oval:product_name>
benoit@0:     <oval:schema_version>5.10</oval:schema_version>
benoit@0:     <oval:timestamp>{{ now.isoformat() }}</oval:timestamp>
benoit@0:   </generator>
benoit@0:   <definitions>
benoit@0: {%- set done = [] %}
benoit@0: {% for prod in cvrf.getProductList()   %}
benoit@0:   {%- set os, package = cvrf._producttree.decomposeProduct(prod._productid) %}
benoit@0:    {%- if os is not none %}
benoit@0:     {%- set rls = os._name | release_map %}
benoit@0:     {%- set rpm = package._name | for_rpmvuln %}
benoit@0:     {%- if rls != 'UNKNOWN' %}
benoit@0:       {%- if (rls, rpm) not in done %}
benoit@0:   <definition version="1" class="inventory" id="oval:org.secpod.oval:def:501309">
benoit@0:       <metadata>
benoit@0:         <title> {{ os._name }} is installed</title>
benoit@0:         <affected family="unix">
benoit@0:           <platform>{{ os._name }}</platform>
benoit@0:         </affected>
benoit@0:         <reference source="CPE" ref_id="{{ os_cpe }}"/>
benoit@0:         <description>{{ os._name }} is installed</description>
benoit@0:         <oval_repository>
benoit@0:           <dates>
benoit@0:             <submitted date="{{ now.isoformat() }}">
benoit@0:               <contributor organization="SecPod Technologies">SecPod Team</contributor>
benoit@0:             </submitted>
benoit@0:           </dates>
benoit@0:           <status>ACCEPTED</status>
benoit@0:         </oval_repository>
benoit@0:       </metadata>
benoit@0:       <criteria>
benoit@0:         <criterion comment="{{ os._name }} is installed" test_ref="oval:org.secpod.oval:tst:511359"/>
benoit@0:       </criteria>
benoit@0:    </definition>
benoit@0:     <definition version="1" class="inventory" id="oval:org.secpod.oval:def:501309">
benoit@0:       <metadata>
benoit@0:         <title> {{ package._name }} is installed</title>
benoit@0:         <affected family="unix">
benoit@0:           <platform>{{ package._name }}</platform>
benoit@0:         </affected>
benoit@0:         <reference source="CPE" ref_id="{{ os_cpe }}"/>
benoit@0:         <description>{{ package._name }} is installed</description>
benoit@0:         <oval_repository>
benoit@0:           <dates>
benoit@0:             <submitted date="{{ now.isoformat() }}">
benoit@0:               <contributor organization="SecPod Technologies">SecPod Team</contributor>
benoit@0:             </submitted>
benoit@0:           </dates>
benoit@0:           <status>ACCEPTED</status>
benoit@0:         </oval_repository>
benoit@0:       </metadata>
benoit@0:       <criteria>
benoit@0:         <criterion comment="{{ package._name }} is installed" test_ref="oval:org.secpod.oval:tst:511359"/>
benoit@0:       </criteria>
benoit@0:     </definition>
benoit@0:     <definition version="0" class="patch" id="oval:org.secpod.oval:def:501352">
benoit@0:       <metadata>
benoit@0:         <title>{{ cvrf._title }} ({{ cvrf._tracking._id }})</title>
benoit@0:         <affected family="unix">
benoit@0:           <platform>{{ os._name }}</platform>
benoit@0:           <product> {{ package._name }}</product>
benoit@0:         </affected>
benoit@0:         <reference source="VENDOR" ref_url="{% for ref in cvrf._references %} {%-if 'RHSA-' in ref._url %}{{ref._url}}{%- endif %} {%- endfor %}" ref_id="{{ cvrf._tracking._id }}"/>
benoit@0: 
benoit@0:         {%- for vuln in cvrf._vulnerabilities %}
benoit@0:         <reference source="CVE" ref_url="http://www.scaprepo.com/view.jsp?id={{ vuln._cve }}" ref_id="{{ vuln._cve }}"/>
benoit@0:         {%- endfor %})
benoit@0:         <description>{{ oval_core.notes(cvrf, 'Details') }}</description>
benoit@0:         <oval_repository>
benoit@0:           <dates>
benoit@0:             <submitted date="{{ now.isoformat() }}">
benoit@0:               <contributor organization="SecPod Technologies">SecPod Team</contributor>
benoit@0:             </submitted>
benoit@0:           </dates>
benoit@0:           <status>INITIAL SUBMISSION</status>
benoit@0:         </oval_repository>
benoit@0:       </metadata>
benoit@0:       <criteria operator="AND">
benoit@0:         <extend_definition comment="{{ os._name }} is installed" definition_ref="oval:org.secpod.oval:def:501309"/>
benoit@0:         <extend_definition comment=" {{ package._name }} is installed" definition_ref="oval:org.secpod.oval:def:203387"/>
benoit@0:         <criteria comment="All dependent packages of {{ package._name }} " operator="OR">
benoit@0:           <criterion comment=" {{ package._name }} is earlier than 0:2.3.5-3.el7_0" test_ref="oval:org.secpod.oval:tst:215690"/>
benoit@0:         </criteria>
benoit@0:       </criteria>
benoit@0:     </definition>
benoit@0:   </definitions>
benoit@0:   <tests>
benoit@0:     <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Red Hat Enterprise Linux 7 is installed" id="oval:org.secpod.oval:tst:511359" version="1" check="all" check_existence="at_least_one_exists">
benoit@0:       <object object_ref="oval:org.secpod.oval:obj:500000"/>
benoit@0:       <state state_ref="oval:org.secpod.oval:ste:502133"/>
benoit@0:     </textfilecontent54_test>
benoit@0:     <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="{{ package._name }} is installed" version="0" check="all" check_existence="at_least_one_exists">
benoit@0:       <object object_ref="oval:org.secpod.oval:obj:200887"/>
benoit@0:     </rpminfo_test>
benoit@0:     <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment=" {{ package._name }} is earlier than 0:2.3.5-3.el7_0" id="oval:org.secpod.oval:tst:215690" version="0" check="all" check_existence="at_least_one_exists">
benoit@0:       <object object_ref="oval:org.secpod.oval:obj:200887"/>
benoit@0:       <state state_ref="oval:org.secpod.oval:ste:203835"/>
benoit@0:     </rpminfo_test>
benoit@0:   </tests>
benoit@0:   <objects>
benoit@0:     <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Object holds RHEL version" id="oval:org.secpod.oval:obj:500000" version="1">
benoit@0:       <path>/etc</path>
benoit@0:       <filename>redhat-release</filename>
benoit@0:       <pattern operation="pattern match">^Red Hat Enterprise.*release.*$</pattern>
benoit@0:       <instance datatype="int">1</instance>
benoit@0:     </textfilecontent54_object>
benoit@0:     <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="resteasy-base package information" id="oval:org.secpod.oval:obj:200887" version="0">
benoit@0:       <name>{{ package._name }}</name>
benoit@0:     </rpminfo_object>
benoit@0:   </objects>
benoit@0:   <states>
benoit@0:     <textfilecontent54_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="State matches RHEL 7" id="oval:org.secpod.oval:ste:502133" version="1">
benoit@0:       <text operation="pattern match">^Red Hat Enterprise.*release 7.*$</text>
benoit@0:     </textfilecontent54_state>
benoit@0:     <rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" comment="version is earlier than 0:2.3.5-3.el7_0" id="oval:org.secpod.oval:ste:203835" version="0">
benoit@0:       <evr datatype="evr_string" operation="less than">0:2.3.5-3.el7_0</evr>
benoit@0:     </rpminfo_state>
benoit@0:   </states>
benoit@0: </oval_definitions>
benoit@0: 
benoit@0:   {{- done.append((rls, rpm)) or '' }}
benoit@0:       {%- endif %}
benoit@0:     {%- endif %}
benoit@0:   {%- endif %}
benoit@0: {%- endfor %}