adamwill / rpms / openscap

Forked from rpms/openscap 3 years ago
Clone

Blame SOURCES/openscap-1.2.18-all_profile-scanner.patch

914530
From ff5d42dc9164c71d36bb7a3b21d961773d3e22d6 Mon Sep 17 00:00:00 2001
914530
From: Martin Preisler <mpreisle@redhat.com>
914530
Date: Mon, 17 Sep 2018 08:09:45 -0400
914530
Subject: [PATCH 1/4] Introduce a "virtual" "(all)" profile that will select
914530
 all groups and all rules
914530
914530
This is useful for testing and debugging. It will use default values but
914530
will select everything in the benchmark.
914530
---
914530
 src/XCCDF_POLICY/xccdf_policy.c       |  6 ++--
914530
 src/XCCDF_POLICY/xccdf_policy_model.c | 52 +++++++++++++++++++++++++--
914530
 2 files changed, 53 insertions(+), 5 deletions(-)
914530
914530
diff --git a/src/XCCDF_POLICY/xccdf_policy.c b/src/XCCDF_POLICY/xccdf_policy.c
914530
index b984d0273..c35fa8dfd 100644
914530
--- a/src/XCCDF_POLICY/xccdf_policy.c
914530
+++ b/src/XCCDF_POLICY/xccdf_policy.c
914530
@@ -2283,8 +2283,10 @@ void xccdf_policy_free(struct xccdf_policy * policy) {
914530
 	/* A policy which is set to use default profile has its profile member set to NULL,
914530
 	 * check it so we don't try to get the ID from a NULL profile.
914530
 	 * */
914530
-	if (policy->profile && xccdf_profile_get_id(policy->profile) == NULL)
914530
-		/* If ID of policy's profile is NULL then this
914530
+	if (policy->profile && (
914530
+			(xccdf_profile_get_id(policy->profile) == NULL) ||
914530
+			(strcmp(xccdf_profile_get_id(policy->profile), "(all)") == 0)))
914530
+		/* If ID of policy's profile is NULL or "(all)" then this
914530
 		 * profile is created by Policy layer and need
914530
 		 * to be freed
914530
 		 */
914530
diff --git a/src/XCCDF_POLICY/xccdf_policy_model.c b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
index 2ec913bbd..37187bc92 100644
914530
--- a/src/XCCDF_POLICY/xccdf_policy_model.c
914530
+++ b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
@@ -31,6 +31,7 @@
914530
 #include "xccdf_policy_model_priv.h"
914530
 #include "xccdf_policy_priv.h"
914530
 #include "XCCDF/item.h"
914530
+#include "XCCDF/helpers.h"
914530
 
914530
 struct xccdf_policy *xccdf_policy_model_get_existing_policy_by_id(struct xccdf_policy_model *policy_model, const char *profile_id)
914530
 {
914530
@@ -46,6 +47,38 @@ struct xccdf_policy *xccdf_policy_model_get_existing_policy_by_id(struct xccdf_p
914530
 	return NULL;
914530
 }
914530
 
914530
+static inline void _add_selectors_for_all_items(struct xccdf_profile *profile, struct xccdf_item *item)
914530
+{
914530
+	struct xccdf_item_iterator *children = NULL;
914530
+	if (xccdf_item_get_type(item) == XCCDF_BENCHMARK) {
914530
+		children = xccdf_benchmark_get_content(XBENCHMARK(item));
914530
+	}
914530
+	else if (xccdf_item_get_type(item) == XCCDF_GROUP) {
914530
+		children = xccdf_group_get_content(XGROUP(item));
914530
+
914530
+		struct xccdf_select *select = xccdf_select_new();
914530
+		xccdf_select_set_item(select, xccdf_item_get_id(item));
914530
+		xccdf_select_set_selected(select, true);
914530
+		xccdf_profile_add_select(profile, select);
914530
+		printf("g: %s\n", xccdf_item_get_id(item));
914530
+	}
914530
+	else if (xccdf_item_get_type(item) == XCCDF_RULE) {
914530
+		struct xccdf_select *select = xccdf_select_new();
914530
+		xccdf_select_set_item(select, xccdf_item_get_id(item));
914530
+		xccdf_select_set_selected(select, true);
914530
+		xccdf_profile_add_select(profile, select);
914530
+		printf("r: %s\n", xccdf_item_get_id(item));
914530
+	}
914530
+
914530
+	if (children) {
914530
+		while (xccdf_item_iterator_has_more(children)) {
914530
+			struct xccdf_item *current = xccdf_item_iterator_next(children);
914530
+			_add_selectors_for_all_items(profile, current);
914530
+		}
914530
+		xccdf_item_iterator_free(children);
914530
+	}
914530
+}
914530
+
914530
 struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_model *policy_model, const char *id)
914530
 {
914530
 	struct xccdf_profile *profile = NULL;
914530
@@ -71,9 +104,22 @@ struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_
914530
 				assert(benchmark != NULL);
914530
 				return NULL;
914530
 			}
914530
-			profile = xccdf_benchmark_get_profile_by_id(benchmark, id);
914530
-			if (profile == NULL)
914530
-				return NULL;
914530
+
914530
+			if (strcmp(id, "(all)") == 0) {
914530
+				profile = xccdf_profile_new();
914530
+				xccdf_profile_set_id(profile, "(all)");
914530
+				struct oscap_text *title = oscap_text_new();
914530
+				oscap_text_set_text(title, "(all) profile (all rules selected)");
914530
+				oscap_text_set_lang(title, "en");
914530
+				xccdf_profile_add_title(profile, title);
914530
+
914530
+				_add_selectors_for_all_items(profile, XITEM(benchmark));
914530
+			}
914530
+			else {
914530
+				profile = xccdf_benchmark_get_profile_by_id(benchmark, id);
914530
+				if (profile == NULL)
914530
+					return NULL;
914530
+			}
914530
 		}
914530
 	}
914530
 
914530
914530
From 884e8558dac6f8442e81a081f261cbd114931c31 Mon Sep 17 00:00:00 2001
914530
From: Martin Preisler <mpreisle@redhat.com>
914530
Date: Mon, 17 Sep 2018 09:11:37 -0400
914530
Subject: [PATCH 2/4] Comments, refactoring of the (all) profile feature
914530
914530
---
914530
 src/XCCDF_POLICY/xccdf_policy_model.c | 21 ++++++++++-----------
914530
 1 file changed, 10 insertions(+), 11 deletions(-)
914530
914530
diff --git a/src/XCCDF_POLICY/xccdf_policy_model.c b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
index 37187bc92..552229947 100644
914530
--- a/src/XCCDF_POLICY/xccdf_policy_model.c
914530
+++ b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
@@ -47,7 +47,7 @@ struct xccdf_policy *xccdf_policy_model_get_existing_policy_by_id(struct xccdf_p
914530
 	return NULL;
914530
 }
914530
 
914530
-static inline void _add_selectors_for_all_items(struct xccdf_profile *profile, struct xccdf_item *item)
914530
+static void _add_selectors_for_all_xccdf_items(struct xccdf_profile *profile, struct xccdf_item *item)
914530
 {
914530
 	struct xccdf_item_iterator *children = NULL;
914530
 	if (xccdf_item_get_type(item) == XCCDF_BENCHMARK) {
914530
@@ -55,25 +55,21 @@ static inline void _add_selectors_for_all_items(struct xccdf_profile *profile, s
914530
 	}
914530
 	else if (xccdf_item_get_type(item) == XCCDF_GROUP) {
914530
 		children = xccdf_group_get_content(XGROUP(item));
914530
-
914530
-		struct xccdf_select *select = xccdf_select_new();
914530
-		xccdf_select_set_item(select, xccdf_item_get_id(item));
914530
-		xccdf_select_set_selected(select, true);
914530
-		xccdf_profile_add_select(profile, select);
914530
-		printf("g: %s\n", xccdf_item_get_id(item));
914530
 	}
914530
-	else if (xccdf_item_get_type(item) == XCCDF_RULE) {
914530
+
914530
+	if (xccdf_item_get_type(item) == XCCDF_RULE ||
914530
+		xccdf_item_get_type(item) == XCCDF_GROUP)
914530
+	{
914530
 		struct xccdf_select *select = xccdf_select_new();
914530
 		xccdf_select_set_item(select, xccdf_item_get_id(item));
914530
 		xccdf_select_set_selected(select, true);
914530
 		xccdf_profile_add_select(profile, select);
914530
-		printf("r: %s\n", xccdf_item_get_id(item));
914530
 	}
914530
 
914530
 	if (children) {
914530
 		while (xccdf_item_iterator_has_more(children)) {
914530
 			struct xccdf_item *current = xccdf_item_iterator_next(children);
914530
-			_add_selectors_for_all_items(profile, current);
914530
+			_add_selectors_for_all_xccdf_items(profile, current);
914530
 		}
914530
 		xccdf_item_iterator_free(children);
914530
 	}
914530
@@ -89,6 +85,9 @@ struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_
914530
 		profile = xccdf_tailoring_get_profile_by_id(tailoring, id);
914530
 	}
914530
 
914530
+	// The (default) and (all) profiles are de-facto owned by the xccdf_policy
914530
+	// and will be freed by it when it's freed. See xccdf_policy_free.
914530
+
914530
 	if (!profile) {
914530
 		if (id == NULL) {
914530
 			profile = xccdf_profile_new();
914530
@@ -113,7 +112,7 @@ struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_
914530
 				oscap_text_set_lang(title, "en");
914530
 				xccdf_profile_add_title(profile, title);
914530
 
914530
-				_add_selectors_for_all_items(profile, XITEM(benchmark));
914530
+				_add_selectors_for_all_xccdf_items(profile, XITEM(benchmark));
914530
 			}
914530
 			else {
914530
 				profile = xccdf_benchmark_get_profile_by_id(benchmark, id);
914530
914530
From 6496649d6aaf8ccea3c5560f2492f294645378eb Mon Sep 17 00:00:00 2001
914530
From: Martin Preisler <mpreisle@redhat.com>
914530
Date: Mon, 17 Sep 2018 09:13:24 -0400
914530
Subject: [PATCH 3/4] Mention (all) profile in the man page
914530
914530
---
914530
 utils/oscap.8 | 2 +-
914530
 1 file changed, 1 insertion(+), 1 deletion(-)
914530
914530
diff --git a/utils/oscap.8 b/utils/oscap.8
914530
index 5af83ec3b..25724155c 100644
914530
--- a/utils/oscap.8
914530
+++ b/utils/oscap.8
914530
@@ -83,7 +83,7 @@ You may specify OVAL Definition files as the last parameter, XCCDF evaluation wi
914530
 .TP
914530
 \fB\-\-profile PROFILE\fR
914530
 .RS
914530
-Select a particular profile from XCCDF document.
914530
+Select a particular profile from XCCDF document. If "(all)" is given a virtual profile that selects all groups and rules will be used.
914530
 .RE
914530
 .TP
914530
 \fB\-\-rule RULE\fR
914530
914530
From a7e1395ca912b375c4702250dfde6026e1c54d6c Mon Sep 17 00:00:00 2001
914530
From: Martin Preisler <mpreisle@redhat.com>
914530
Date: Tue, 18 Sep 2018 07:58:08 -0400
914530
Subject: [PATCH 4/4] Fixed coding style issues
914530
914530
---
914530
 src/XCCDF_POLICY/xccdf_policy_model.c | 9 +++------
914530
 1 file changed, 3 insertions(+), 6 deletions(-)
914530
914530
diff --git a/src/XCCDF_POLICY/xccdf_policy_model.c b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
index 552229947..55f09fb03 100644
914530
--- a/src/XCCDF_POLICY/xccdf_policy_model.c
914530
+++ b/src/XCCDF_POLICY/xccdf_policy_model.c
914530
@@ -52,8 +52,7 @@ static void _add_selectors_for_all_xccdf_items(struct xccdf_profile *profile, st
914530
 	struct xccdf_item_iterator *children = NULL;
914530
 	if (xccdf_item_get_type(item) == XCCDF_BENCHMARK) {
914530
 		children = xccdf_benchmark_get_content(XBENCHMARK(item));
914530
-	}
914530
-	else if (xccdf_item_get_type(item) == XCCDF_GROUP) {
914530
+	} else if (xccdf_item_get_type(item) == XCCDF_GROUP) {
914530
 		children = xccdf_group_get_content(XGROUP(item));
914530
 	}
914530
 
914530
@@ -96,8 +95,7 @@ struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_
914530
 			oscap_text_set_text(title, "No profile (default benchmark)");
914530
 			oscap_text_set_lang(title, "en");
914530
 			xccdf_profile_add_title(profile, title);
914530
-		}
914530
-		else {
914530
+		} else {
914530
 			struct xccdf_benchmark *benchmark = xccdf_policy_model_get_benchmark(policy_model);
914530
 			if (benchmark == NULL) {
914530
 				assert(benchmark != NULL);
914530
@@ -113,8 +111,7 @@ struct xccdf_policy *xccdf_policy_model_create_policy_by_id(struct xccdf_policy_
914530
 				xccdf_profile_add_title(profile, title);
914530
 
914530
 				_add_selectors_for_all_xccdf_items(profile, XITEM(benchmark));
914530
-			}
914530
-			else {
914530
+			} else {
914530
 				profile = xccdf_benchmark_get_profile_by_id(benchmark, id);
914530
 				if (profile == NULL)
914530
 					return NULL;