oval

package
v2.0.0-pre.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2016 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

This package contains the OvalFetcher definition which is being used for fetching update information on OVAL format see: https://oval.mitre.org/about/faqs.html#a1

Example of an oval definition <oval_definitions xmlns=.....>

<definitions>
  <definition>
    <metadata>
      <title>CVE-1111-11</title>
      <description>blablabla</description>
      <reference source="CVE" ref_id="CVE-1111-11" ref_url="http...."/>
      <reference source="RHSA" ref_id="RHSA-111:11" ref_url="http...."/>
    </metadata>
    <criteria operator="AND">
      <criterion test_ref="123" comment="glibc is ....">
      </criterion>
      <criterion test_ref="456" comment=".... is signed with Red Hat....">
      </criterion>
    </criteria>
  </definition>
</definitions>
<tests>
...
</tests>
<objects>
...
</objects>
<states>
...
</states>

</oval_definitions> see more complete examples here https://oval.mitre.org/language/about/definition.html The methods here use an interface (see below) that must be implemented for each Distribution in updated/fetchers/

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type OSInfo

type OSInfo interface {
	// ParsePackageNameVersion should, given a comment in a criterion, return
	// the name and the version of the package.
	// For example, if the comment is
	//   glibc is earlier than 3.2
	// it should return glibc and 3.2.
	//
	// This is based on the assumption that the distributions generate the
	// comments automatically and they won't change (I know, not very
	// reliable...).
	ParsePackageNameVersion(comment string) (string, string)

	// ParseOsVersion should, given a comment in a criterion, return the
	// version of the Operating System.
	// For example, if the comment is
	//   SUSE Linux Enterpise Server 12 is installed
	// should return 12
	//
	// This is based on the assumption that the distributions generate the
	// comments automatically and they won't change it (I know, not very
	// reliable...).
	ParseOsVersion(comment string) string

	// Given a line, parse for the xml file that contains the oval definition
	// and returns the filename.
	// For example if the line contains
	//	 com.redhat.rhsa-2003.xml, this will be returned.
	//
	// This is being used in conjunction with OvalUri (see below). Oval Uri
	// contains a list of files, and you need ParseFilenameDist to get the
	// right ones.
	ParseFilenameDist(line string) string

	// OvalUri returns the url where the oval definitions are stored for given
	// distributions. See examples:
	//   https://www.redhat.com/security/data/oval/
	//   http://ftp.suse.com/pub/projects/security/oval/
	OvalURI() string

	// DistName returns the distribution name. Mostly used for debugging
	// purposes.
	DistName() string

	// IgnoredCriterions returns a list of strings that must be ignored when
	// parsing the criterions.
	// Oval parses parses all criterions by default trying to identify either
	// package name and version or distribution version.
	IgnoredCriterions() []string

	// SecToken returns a string that is compared with the value of
	// reference.source in order to know if that is a security reference for,
	// for example, using its url value.
	// Example return values: CVE, RHSA.
	SecToken() string

	// Namespace stores the namespace that will be used in clair to store the
	// vulnerabilities.
	Namespace() string
}

OSInfo interface contains specifics methods for parsing OVAL definitions that must be implemented by each Linux Distribution that uses OVAL i.e. Red Hat and SUSE

type OvalFetcher

type OvalFetcher struct {
	// OsInfo contains specifics to each Linux Distribution (see below)
	OsInfo OSInfo
}

OvalFetcher implements updater.Fetcher.

func (*OvalFetcher) Clean

func (f *OvalFetcher) Clean()

Clean deletes any allocated resources.

func (*OvalFetcher) Criterions

func (f *OvalFetcher) Criterions(node criteria) [][]criterion

Get Criterions elements from a criteria element

func (*OvalFetcher) FetchUpdate

func (f *OvalFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error)

FetchUpdate gets vulnerability updates from the OVAL definitions.

func (*OvalFetcher) ParseOval

func (f *OvalFetcher) ParseOval(ovalReader io.Reader) (vulnerabilities []database.Vulnerability, err error)

Parse an Oval file.

func (*OvalFetcher) Possibilities

func (f *OvalFetcher) Possibilities(node criteria) [][]criterion

Get Possibilities from a criteria element

func (*OvalFetcher) ToFeatureVersions

func (f *OvalFetcher) ToFeatureVersions(possibilities [][]criterion) []database.FeatureVersion

Parse criterions into an array of FeatureVersion for storing into the database

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL