oval

package

v2.0.0-pre.1+incompatible Latest Latest Go to latest Published: Dec 4, 2016 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/andrewwebber/clair

Documentation ¶

Overview ¶

This package contains the OvalFetcher definition which is being used for fetching update information on OVAL format see: https://oval.mitre.org/about/faqs.html#a1

Example of an oval definition <oval_definitions xmlns=.....>

<definitions>
  <definition>
    <metadata>
      <title>CVE-1111-11</title>
      <description>blablabla</description>
      <reference source="CVE" ref_id="CVE-1111-11" ref_url="http...."/>
      <reference source="RHSA" ref_id="RHSA-111:11" ref_url="http...."/>
    </metadata>
    <criteria operator="AND">
      <criterion test_ref="123" comment="glibc is ....">
      </criterion>
      <criterion test_ref="456" comment=".... is signed with Red Hat....">
      </criterion>
    </criteria>
  </definition>
</definitions>
<tests>
...
</tests>
<objects>
...
</objects>
<states>
...
</states>

</oval_definitions> see more complete examples here https://oval.mitre.org/language/about/definition.html The methods here use an interface (see below) that must be implemented for each Distribution in updated/fetchers/

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OSInfo ¶

type OSInfo interface {
	// ParsePackageNameVersion should, given a comment in a criterion, return
	// the name and the version of the package.
	// For example, if the comment is
	//   glibc is earlier than 3.2
	// it should return glibc and 3.2.
	//
	// This is based on the assumption that the distributions generate the
	// comments automatically and they won't change (I know, not very
	// reliable...).
	ParsePackageNameVersion(comment string) (string, string)

	// ParseOsVersion should, given a comment in a criterion, return the
	// version of the Operating System.
	// For example, if the comment is
	//   SUSE Linux Enterpise Server 12 is installed
	// should return 12
	//
	// This is based on the assumption that the distributions generate the
	// comments automatically and they won't change it (I know, not very
	// reliable...).
	ParseOsVersion(comment string) string

	// Given a line, parse for the xml file that contains the oval definition
	// and returns the filename.
	// For example if the line contains
	//	 com.redhat.rhsa-2003.xml, this will be returned.
	//
	// This is being used in conjunction with OvalUri (see below). Oval Uri
	// contains a list of files, and you need ParseFilenameDist to get the
	// right ones.
	ParseFilenameDist(line string) string

	// OvalUri returns the url where the oval definitions are stored for given
	// distributions. See examples:
	//   https://www.redhat.com/security/data/oval/
	//   http://ftp.suse.com/pub/projects/security/oval/
	OvalURI() string

	// DistName returns the distribution name. Mostly used for debugging
	// purposes.
	DistName() string

	// IgnoredCriterions returns a list of strings that must be ignored when
	// parsing the criterions.
	// Oval parses parses all criterions by default trying to identify either
	// package name and version or distribution version.
	IgnoredCriterions() []string

	// SecToken returns a string that is compared with the value of
	// reference.source in order to know if that is a security reference for,
	// for example, using its url value.
	// Example return values: CVE, RHSA.
	SecToken() string

	// Namespace stores the namespace that will be used in clair to store the
	// vulnerabilities.
	Namespace() string
}

OSInfo interface contains specifics methods for parsing OVAL definitions that must be implemented by each Linux Distribution that uses OVAL i.e. Red Hat and SUSE

type OvalFetcher ¶

type OvalFetcher struct {
	// OsInfo contains specifics to each Linux Distribution (see below)
	OsInfo OSInfo
}

OvalFetcher implements updater.Fetcher.

func (*OvalFetcher) Clean ¶

func (f *OvalFetcher) Clean()

Clean deletes any allocated resources.

func (*OvalFetcher) Criterions ¶

func (f *OvalFetcher) Criterions(node criteria) [][]criterion

Get Criterions elements from a criteria element

func (*OvalFetcher) FetchUpdate ¶

func (f *OvalFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error)

FetchUpdate gets vulnerability updates from the OVAL definitions.

func (*OvalFetcher) ParseOval ¶

func (f *OvalFetcher) ParseOval(ovalReader io.Reader) (vulnerabilities []database.Vulnerability, err error)

Parse an Oval file.

func (*OvalFetcher) Possibilities ¶

func (f *OvalFetcher) Possibilities(node criteria) [][]criterion

Get Possibilities from a criteria element

func (*OvalFetcher) ToFeatureVersions ¶

func (f *OvalFetcher) ToFeatureVersions(possibilities [][]criterion) []database.FeatureVersion

Parse criterions into an array of FeatureVersion for storing into the database

Source Files ¶

View all Source files

oval.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL