|
 |
cf6bdb |
From 81ab472c579072229a61df32969cc027b0fa4b7f Mon Sep 17 00:00:00 2001
|
|
|
cf6bdb |
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
|
|
cf6bdb |
Date: Tue, 20 Oct 2020 08:55:32 +0200
|
|
|
cf6bdb |
Subject: [PATCH] probes/yamfilecontent: Fix field names for cases where key
|
|
|
cf6bdb |
selection section is followed by a set section
|
|
|
cf6bdb |
|
|
|
cf6bdb |
$.foo[:].bar[:], $.foo[:][:] and alike.
|
|
|
cf6bdb |
---
|
|
|
cf6bdb |
.../independent/yamlfilecontent_probe.c | 31 ++++++++--
|
|
|
cf6bdb |
.../yamlfilecontent/openshift-logging.yaml | 12 ++++
|
|
|
cf6bdb |
.../test_probes_yamlfilecontent_array.sh | 2 +-
|
|
|
cf6bdb |
.../test_probes_yamlfilecontent_array.xml | 45 ++++++++++++++
|
|
|
cf6bdb |
.../test_probes_yamlfilecontent_key.sh | 2 +-
|
|
|
cf6bdb |
.../test_probes_yamlfilecontent_key.xml | 59 ++++++++++++++++++-
|
|
|
cf6bdb |
6 files changed, 143 insertions(+), 8 deletions(-)
|
|
|
cf6bdb |
|
|
|
cf6bdb |
diff --git a/src/OVAL/probes/independent/yamlfilecontent_probe.c b/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
cf6bdb |
index 6f18abf83..17741a240 100644
|
|
|
cf6bdb |
--- a/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
cf6bdb |
+++ b/src/OVAL/probes/independent/yamlfilecontent_probe.c
|
|
|
cf6bdb |
@@ -206,6 +206,7 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
|
|
|
cf6bdb |
yaml_event_type_t event_type;
|
|
|
cf6bdb |
bool sequence = false;
|
|
|
cf6bdb |
bool mapping = false;
|
|
|
cf6bdb |
+ bool fake_mapping = false;
|
|
|
cf6bdb |
int index = 0;
|
|
|
cf6bdb |
char *key = strdup("#");
|
|
|
cf6bdb |
|
|
|
cf6bdb |
@@ -224,21 +225,39 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
|
|
|
cf6bdb |
|
|
|
cf6bdb |
if (sequence) {
|
|
|
cf6bdb |
if (event_type == YAML_SEQUENCE_END_EVENT) {
|
|
|
cf6bdb |
- sequence = false;
|
|
|
cf6bdb |
+ if (fake_mapping) {
|
|
|
cf6bdb |
+ fake_mapping = false;
|
|
|
cf6bdb |
+ if (record && record->itemcount > 0) {
|
|
|
cf6bdb |
+ oscap_list_add(values, record);
|
|
|
cf6bdb |
+ } else {
|
|
|
cf6bdb |
+ // Do not collect empty records
|
|
|
cf6bdb |
+ oscap_htable_free0(record);
|
|
|
cf6bdb |
+ }
|
|
|
cf6bdb |
+ record = NULL;
|
|
|
cf6bdb |
+ } else {
|
|
|
cf6bdb |
+ sequence = false;
|
|
|
cf6bdb |
+ }
|
|
|
cf6bdb |
} else if (event_type == YAML_SEQUENCE_START_EVENT) {
|
|
|
cf6bdb |
- result_error("YAML path '%s' points to a multi-dimensional structure (sequence containing another sequence)", yaml_path_cstr);
|
|
|
cf6bdb |
- goto cleanup;
|
|
|
cf6bdb |
+ if (mapping || fake_mapping) {
|
|
|
cf6bdb |
+ result_error("YAML path '%s' points to a multi-dimensional structure (a map or a sequence containing other sequences)", yaml_path_cstr);
|
|
|
cf6bdb |
+ goto cleanup;
|
|
|
cf6bdb |
+ } else {
|
|
|
cf6bdb |
+ fake_mapping = true;
|
|
|
cf6bdb |
+ record = oscap_htable_new();
|
|
|
cf6bdb |
+ }
|
|
|
cf6bdb |
}
|
|
|
cf6bdb |
} else {
|
|
|
cf6bdb |
if (event_type == YAML_SEQUENCE_START_EVENT) {
|
|
|
cf6bdb |
sequence = true;
|
|
|
cf6bdb |
+ if (mapping)
|
|
|
cf6bdb |
+ index++;
|
|
|
cf6bdb |
}
|
|
|
cf6bdb |
}
|
|
|
cf6bdb |
|
|
|
cf6bdb |
if (mapping) {
|
|
|
cf6bdb |
if (event_type == YAML_MAPPING_END_EVENT) {
|
|
|
cf6bdb |
mapping = false;
|
|
|
cf6bdb |
- if (record->itemcount > 0) {
|
|
|
cf6bdb |
+ if (record && record->itemcount > 0) {
|
|
|
cf6bdb |
oscap_list_add(values, record);
|
|
|
cf6bdb |
} else {
|
|
|
cf6bdb |
// Do not collect empty records
|
|
|
cf6bdb |
@@ -255,6 +274,10 @@ static int yaml_path_query(const char *filepath, const char *yaml_path_cstr, str
|
|
|
cf6bdb |
result_error("YAML path '%s' points to an invalid structure (map containing another map)", yaml_path_cstr);
|
|
|
cf6bdb |
goto cleanup;
|
|
|
cf6bdb |
}
|
|
|
cf6bdb |
+ if (fake_mapping) {
|
|
|
cf6bdb |
+ result_error("YAML path '%s' points to a multi-dimensional structure (two-dimensional sequence containing a map)", yaml_path_cstr);
|
|
|
cf6bdb |
+ goto cleanup;
|
|
|
cf6bdb |
+ }
|
|
|
cf6bdb |
mapping = true;
|
|
|
cf6bdb |
sequence = false;
|
|
|
cf6bdb |
index = 0;
|
|
|
cf6bdb |
diff --git a/tests/probes/yamlfilecontent/openshift-logging.yaml b/tests/probes/yamlfilecontent/openshift-logging.yaml
|
|
|
cf6bdb |
index fb6a9d8b6..581a700a3 100644
|
|
|
cf6bdb |
--- a/tests/probes/yamlfilecontent/openshift-logging.yaml
|
|
|
cf6bdb |
+++ b/tests/probes/yamlfilecontent/openshift-logging.yaml
|
|
|
cf6bdb |
@@ -3,6 +3,18 @@ kind: "LogForwarding"
|
|
|
cf6bdb |
metadata:
|
|
|
cf6bdb |
name: instance
|
|
|
cf6bdb |
namespace: openshift-logging
|
|
|
cf6bdb |
+arrs:
|
|
|
cf6bdb |
+- [1, 2, 3]
|
|
|
cf6bdb |
+- [4, 5, 6]
|
|
|
cf6bdb |
+items:
|
|
|
cf6bdb |
+- allowHostDirVolumePlugin: false
|
|
|
cf6bdb |
+ defaultAddCapabilities: null
|
|
|
cf6bdb |
+ requiredDropCapabilities: ['KILL', 'ALL']
|
|
|
cf6bdb |
+ name: ['Name', 'Oth']
|
|
|
cf6bdb |
+- allowHostDirVolumePlugin: false
|
|
|
cf6bdb |
+ defaultAddCapabilities: null
|
|
|
cf6bdb |
+ requiredDropCapabilities: ['OPS', 'KILL', 'ALL']
|
|
|
cf6bdb |
+ name: ['2 Name', '2 Oth']
|
|
|
cf6bdb |
spec:
|
|
|
cf6bdb |
disableDefaultForwarding: true
|
|
|
cf6bdb |
outputs:
|
|
|
cf6bdb |
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
|
|
|
cf6bdb |
index fd5e47538..695a247b3 100755
|
|
|
cf6bdb |
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
|
|
|
cf6bdb |
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.sh
|
|
|
cf6bdb |
@@ -19,7 +19,7 @@ function test_probes_yamlfilecontent_array {
|
|
|
cf6bdb |
$OSCAP oval eval --results $RF $DF
|
|
|
cf6bdb |
|
|
|
cf6bdb |
if [ -f $RF ]; then
|
|
|
cf6bdb |
- verify_results "def" $DF $RF 2 && verify_results "tst" $DF $RF 3
|
|
|
cf6bdb |
+ verify_results "def" $DF $RF 3 && verify_results "tst" $DF $RF 5
|
|
|
cf6bdb |
ret_val=$?
|
|
|
cf6bdb |
else
|
|
|
cf6bdb |
ret_val=1
|
|
|
cf6bdb |
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
|
|
|
cf6bdb |
index c05c5fbb9..77f57cd47 100644
|
|
|
cf6bdb |
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
|
|
|
cf6bdb |
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_array.xml
|
|
|
cf6bdb |
@@ -31,6 +31,17 @@
|
|
|
cf6bdb |
</criteria>
|
|
|
cf6bdb |
</definition>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <definition class="compliance" version="1" id="oval:0:def:3">
|
|
|
cf6bdb |
+ <metadata>
|
|
|
cf6bdb |
+ <title></title>
|
|
|
cf6bdb |
+ <description></description>
|
|
|
cf6bdb |
+ </metadata>
|
|
|
cf6bdb |
+ <criteria operator="AND">
|
|
|
cf6bdb |
+ <criterion comment="get_2_dim_array" test_ref="oval:0:tst:4"/>
|
|
|
cf6bdb |
+ <criterion comment="get_2_dim_array_set" test_ref="oval:0:tst:5"/>
|
|
|
cf6bdb |
+ </criteria>
|
|
|
cf6bdb |
+ </definition>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</definitions>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<tests>
|
|
|
cf6bdb |
@@ -49,6 +60,16 @@
|
|
|
cf6bdb |
<ind-def:object object_ref="oval:0:obj:3"/>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:4" check="all" comment="true">
|
|
|
cf6bdb |
+ <ind-def:object object_ref="oval:0:obj:4"/>
|
|
|
cf6bdb |
+ <ind-def:state state_ref="oval:0:ste:3"/>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:5" check="all" comment="true">
|
|
|
cf6bdb |
+ <ind-def:object object_ref="oval:0:obj:5"/>
|
|
|
cf6bdb |
+ <ind-def:state state_ref="oval:0:ste:3"/>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</tests>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<objects>
|
|
|
cf6bdb |
@@ -71,6 +92,18 @@
|
|
|
cf6bdb |
<ind-def:yamlpath>.spec.outputs[0]</ind-def:yamlpath>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:4">
|
|
|
cf6bdb |
+ <ind-def:path>/tmp</ind-def:path>
|
|
|
cf6bdb |
+ <ind-def:filename>openshift-logging.yaml</ind-def:filename>
|
|
|
cf6bdb |
+ <ind-def:yamlpath>.arrs[:][:]</ind-def:yamlpath>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:5">
|
|
|
cf6bdb |
+ <ind-def:path>/tmp</ind-def:path>
|
|
|
cf6bdb |
+ <ind-def:filename>openshift-logging.yaml</ind-def:filename>
|
|
|
cf6bdb |
+ <ind-def:yamlpath>.arrs</ind-def:yamlpath>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</objects>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<states>
|
|
|
cf6bdb |
@@ -87,6 +120,12 @@
|
|
|
cf6bdb |
</ind-def:value>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_state>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:3">
|
|
|
cf6bdb |
+ <ind-def:value datatype="record">
|
|
|
cf6bdb |
+ <field name="#" datatype="int" var_ref="oval:0:var:3" var_check="at least one" entity_check="at least one"/>
|
|
|
cf6bdb |
+ </ind-def:value>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_state>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</states>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<variables>
|
|
|
cf6bdb |
@@ -99,5 +138,11 @@
|
|
|
cf6bdb |
</split>
|
|
|
cf6bdb |
</local_variable>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <local_variable comment="variable with three values" datatype="int" version="1" id="oval:0:var:3">
|
|
|
cf6bdb |
+ <split delimiter="|">
|
|
|
cf6bdb |
+ <literal_component>1|2|3|4|5|6</literal_component>
|
|
|
cf6bdb |
+ </split>
|
|
|
cf6bdb |
+ </local_variable>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</variables>
|
|
|
cf6bdb |
</oval_definitions>
|
|
|
cf6bdb |
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
|
|
|
cf6bdb |
index fc1e0ae7e..a942552e9 100755
|
|
|
cf6bdb |
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
|
|
|
cf6bdb |
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.sh
|
|
|
cf6bdb |
@@ -19,7 +19,7 @@ function test_probes_yamlfilecontent_key {
|
|
|
cf6bdb |
$OSCAP oval eval --results $RF $DF
|
|
|
cf6bdb |
|
|
|
cf6bdb |
if [ -f $RF ]; then
|
|
|
cf6bdb |
- verify_results "def" $DF $RF 6 && verify_results "tst" $DF $RF 7
|
|
|
cf6bdb |
+ verify_results "def" $DF $RF 9 && verify_results "tst" $DF $RF 10
|
|
|
cf6bdb |
ret_val=$?
|
|
|
cf6bdb |
else
|
|
|
cf6bdb |
ret_val=1
|
|
|
cf6bdb |
diff --git a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
|
|
|
cf6bdb |
index 05757d0c8..1697b54fd 100644
|
|
|
cf6bdb |
--- a/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
|
|
|
cf6bdb |
+++ b/tests/probes/yamlfilecontent/test_probes_yamlfilecontent_key.xml
|
|
|
cf6bdb |
@@ -71,7 +71,7 @@
|
|
|
cf6bdb |
</criteria>
|
|
|
cf6bdb |
</definition>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
- <definition class="compliance" version="1" id="oval:0:def:7">
|
|
|
cf6bdb |
+ <definition class="compliance" version="1" id="oval:0:def:7">
|
|
|
cf6bdb |
<metadata>
|
|
|
cf6bdb |
<title></title>
|
|
|
cf6bdb |
<description></description>
|
|
|
cf6bdb |
@@ -80,6 +80,26 @@
|
|
|
cf6bdb |
<criterion comment="array_of_maps" test_ref="oval:0:tst:8"/>
|
|
|
cf6bdb |
</criteria>
|
|
|
cf6bdb |
</definition>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <definition class="compliance" version="1" id="oval:0:def:8">
|
|
|
cf6bdb |
+ <metadata>
|
|
|
cf6bdb |
+ <title></title>
|
|
|
cf6bdb |
+ <description></description>
|
|
|
cf6bdb |
+ </metadata>
|
|
|
cf6bdb |
+ <criteria operator="AND">
|
|
|
cf6bdb |
+ <criterion comment="array_of_maps_of_array" test_ref="oval:0:tst:9"/>
|
|
|
cf6bdb |
+ </criteria>
|
|
|
cf6bdb |
+ </definition>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <definition class="compliance" version="1" id="oval:0:def:9">
|
|
|
cf6bdb |
+ <metadata>
|
|
|
cf6bdb |
+ <title></title>
|
|
|
cf6bdb |
+ <description></description>
|
|
|
cf6bdb |
+ </metadata>
|
|
|
cf6bdb |
+ <criteria operator="AND">
|
|
|
cf6bdb |
+ <criterion comment="array_of_maps_of_array_2" test_ref="oval:0:tst:10"/>
|
|
|
cf6bdb |
+ </criteria>
|
|
|
cf6bdb |
+ </definition>
|
|
|
cf6bdb |
</definitions>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<tests>
|
|
|
cf6bdb |
@@ -116,9 +136,19 @@
|
|
|
cf6bdb |
<ind-def:object object_ref="oval:0:obj:7"/>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
- <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:8" check="all" comment="true">
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:8" check="all" comment="error">
|
|
|
cf6bdb |
<ind-def:object object_ref="oval:0:obj:8"/>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:9" check="all" comment="true">
|
|
|
cf6bdb |
+ <ind-def:object object_ref="oval:0:obj:9"/>
|
|
|
cf6bdb |
+ <ind-def:state state_ref="oval:0:ste:9"/>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_test version="1" id="oval:0:tst:10" check="all" comment="true">
|
|
|
cf6bdb |
+ <ind-def:object object_ref="oval:0:obj:10"/>
|
|
|
cf6bdb |
+ <ind-def:state state_ref="oval:0:ste:10"/>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_test>
|
|
|
cf6bdb |
</tests>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<objects>
|
|
|
cf6bdb |
@@ -170,6 +200,18 @@
|
|
|
cf6bdb |
<ind-def:filename>openshift-logging.yaml</ind-def:filename>
|
|
|
cf6bdb |
<ind-def:yamlpath>.spec.outputs</ind-def:yamlpath>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:9">
|
|
|
cf6bdb |
+ <ind-def:path>/tmp</ind-def:path>
|
|
|
cf6bdb |
+ <ind-def:filename>openshift-logging.yaml</ind-def:filename>
|
|
|
cf6bdb |
+ <ind-def:yamlpath>.items[:]['requiredDropCapabilities','name','q','z'][:]</ind-def:yamlpath>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_object version="1" id="oval:0:obj:10">
|
|
|
cf6bdb |
+ <ind-def:path>/tmp</ind-def:path>
|
|
|
cf6bdb |
+ <ind-def:filename>openshift-logging.yaml</ind-def:filename>
|
|
|
cf6bdb |
+ <ind-def:yamlpath>.items[:].requiredDropCapabilities[:]</ind-def:yamlpath>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_object>
|
|
|
cf6bdb |
</objects>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
<states>
|
|
|
cf6bdb |
@@ -202,6 +244,19 @@
|
|
|
cf6bdb |
</ind-def:value>
|
|
|
cf6bdb |
</ind-def:yamlfilecontent_state>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:9">
|
|
|
cf6bdb |
+ <ind-def:value datatype="record" entity_check="at least one">
|
|
|
cf6bdb |
+ <field name="required^drop^capabilities" operation="pattern match" entity_check="at least one">^KILL$</field>
|
|
|
cf6bdb |
+ <field name="name" entity_check="at least one">Name</field>
|
|
|
cf6bdb |
+ </ind-def:value>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_state>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
+ <ind-def:yamlfilecontent_state version="1" id="oval:0:ste:10">
|
|
|
cf6bdb |
+ <ind-def:value datatype="record" entity_check="at least one">
|
|
|
cf6bdb |
+ <field name="#" operation="pattern match" entity_check="at least one">^KILL$</field>
|
|
|
cf6bdb |
+ </ind-def:value>
|
|
|
cf6bdb |
+ </ind-def:yamlfilecontent_state>
|
|
|
cf6bdb |
+
|
|
|
cf6bdb |
</states>
|
|
|
cf6bdb |
|
|
|
cf6bdb |
</oval_definitions>
|