Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

# 

# Copyright (C) 2013 Red Hat, Inc. 

# 

# This copyrighted material is made available to anyone wishing to use, 

# modify, copy, or redistribute it subject to the terms and conditions of 

# the GNU General Public License v.2, or (at your option) any later version. 

# This program is distributed in the hope that it will be useful, but WITHOUT 

# ANY WARRANTY expressed or implied, including the implied warranties of 

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 

# Public License for more details. You should have received a copy of the 

# GNU General Public License along with this program; if not, write to the 

# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 

# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the 

# source code or documentation are not subject to the GNU General Public 

# License and may only be used or replicated with the express permission of 

# Red Hat, Inc. 

# 

# Red Hat Author(s): Vratislav Podzimek <vpodzime@redhat.com> 

# 

 

""" 

Module with various classes for SCAP content processing and retrieving data 

from it. 

 

""" 

 

import os.path 

 

from collections import namedtuple, OrderedDict 

from openscap_api import OSCAP 

from pyanaconda.core.util import execReadlines 

try: 

from html.parser import HTMLParser 

except ImportError: 

from HTMLParser import HTMLParser 

 

 

class ContentHandlingError(Exception): 

"""Exception class for errors related to SCAP content handling.""" 

 

pass 

 

 

class DataStreamHandlingError(ContentHandlingError): 

"""Exception class for errors related to data stream handling.""" 

 

pass 

 

 

class BenchmarkHandlingError(ContentHandlingError): 

"""Exception class for errors related to benchmark handling.""" 

 

pass 

 

 

class ContentCheckError(ContentHandlingError): 

"""Exception class for errors related to content (integrity,...) checking. 

 

""" 

 

pass 

 

 

class ParseHTMLContent(HTMLParser): 

"""Parser class for HTML tags within content""" 

 

def __init__(self): 

HTMLParser.__init__(self) 

self.content = "" 

 

def handle_starttag(self, tag, attrs): 

if tag == "html:ul": 

self.content += "\n" 

elif tag == "html:li": 

self.content += "\n" 

elif tag == "html:br": 

self.content += "\n" 

 

def handle_endtag(self, tag): 

if tag == "html:ul": 

self.content += "\n" 

elif tag == "html:li": 

self.content += "\n" 

 

def handle_data(self, data): 

self.content += data.strip() 

 

def get_content(self): 

return self.content 

 

 

def parse_HTML_from_content(content): 

"""This is a very simple HTML to text parser. 

 

HTML tags will be removed while trying to maintain readability 

of content. 

 

:param content: content whose HTML tags will be parsed 

:return: content without HTML tags 

""" 

 

parser = ParseHTMLContent() 

parser.feed(content) 

return parser.get_content() 

 

 

# namedtuple class (not a constant, pylint!) for info about a XCCDF profile 

# pylint: disable-msg=C0103 

ProfileInfo = namedtuple("ProfileInfo", ["id", "title", "description"]) 

 

# namedtuple class for info about content files found 

# pylint: disable-msg=C0103 

ContentFiles = namedtuple("ContentFiles", ["xccdf", "cpe", "tailoring"]) 

 

 

def oscap_text_itr_get_text(itr): 

""" 

Helper function for getting a text from the oscap_text_iterator. 

 

:param itr: oscap_text_iterator to get the text from 

:type itr: oscap_text_iterator 

:return: text gotten from the iterator 

:rtype: str 

 

""" 

 

ret = "" 

while OSCAP.oscap_text_iterator_has_more(itr): 

text_item = OSCAP.oscap_text_iterator_next(itr) 

ret += OSCAP.oscap_text_get_text(text_item) 

 

return ret 

 

 

def explore_content_files(fpaths): 

""" 

Function for finding content files in a list of file paths. SIMPLY PICKS 

THE FIRST USABLE CONTENT FILE OF A PARTICULAR TYPE AND JUST PREFERS DATA 

STREAMS OVER STANDALONE BENCHMARKS. 

 

:param fpaths: a list of file paths to search for content files in 

:type fpaths: [str] 

:return: a tuple containing the content handling class and an ContentFiles 

instance containing the file names of the XCCDF file, CPE 

dictionary and tailoring file or "" in place of those items if not 

found 

:rtype: (class, ContentFiles) 

 

""" 

 

def get_doc_type(file_path): 

try: 

for line in execReadlines("oscap", ["info", file_path]): 

if line.startswith("Document type:"): 

_prefix, _sep, type_info = line.partition(":") 

return type_info.strip() 

except OSError: 

# 'oscap info' exitted with a non-zero exit code -> unknown doc 

# type 

return None 

 

xccdf_file = "" 

cpe_file = "" 

tailoring_file = "" 

found_ds = False 

content_class = None 

 

for fpath in fpaths: 

doc_type = get_doc_type(fpath) 

if not doc_type: 

continue 

 

# prefer DS over standalone XCCDF 

if doc_type == "Source Data Stream" and (not xccdf_file or not found_ds): 

xccdf_file = fpath 

content_class = DataStreamHandler 

found_ds = True 

elif doc_type == "XCCDF Checklist" and not xccdf_file: 

xccdf_file = fpath 

content_class = BenchmarkHandler 

elif doc_type == "CPE Dictionary" and not cpe_file: 

cpe_file = fpath 

elif doc_type == "XCCDF Tailoring" and not tailoring_file: 

tailoring_file = fpath 

 

# TODO: raise exception if no xccdf_file is found? 

files = ContentFiles(xccdf_file, cpe_file, tailoring_file) 

return (content_class, files) 

 

 

class DataStreamHandler(object): 

""" 

Class for handling data streams in the data stream collection and 

retrieving data from it. For example a list of data stream indices, 

checklists in a given data stream of profiles. 

 

""" 

 

def __init__(self, dsc_file_path, tailoring_file_path=""): 

""" 

Constructor for the DataStreamHandler class. 

 

:param dsc_file_path: path to a file with a data stream collection 

:type dsc_file_path: str 

:param tailoring_file_path: path to a tailoring file 

:type tailoring_file_path: str 

 

""" 

 

# is used to speed up getting lists of profiles 

self._profiles_cache = dict() 

 

if not os.path.exists(dsc_file_path): 

msg = "Invalid file path: '%s'" % dsc_file_path 

raise DataStreamHandlingError(msg) 

 

self._dsc_file_path = dsc_file_path 

 

# create an XCCDF session for the file 

self._session = OSCAP.xccdf_session_new(dsc_file_path) 

if not self._session: 

msg = "'%s' is not a valid SCAP content file" % dsc_file_path 

raise DataStreamHandlingError(msg) 

if OSCAP.xccdf_session_load(self._session) != 0: 

raise DataStreamHandlingError(OSCAP.oscap_err_desc()) 

 

if tailoring_file_path: 

OSCAP.xccdf_session_set_user_tailoring_file(self._session, 

tailoring_file_path) 

 

if not OSCAP.xccdf_session_is_sds(self._session): 

msg = "'%s' is not a data stream collection" % dsc_file_path 

raise DataStreamHandlingError(msg) 

 

# dictionary holding the items gathered from DSC processing 

self._items = OrderedDict() 

 

# create an sds index for the content 

self._sds_idx = OSCAP.xccdf_session_get_sds_idx(self._session) 

 

# iterate over streams and get checklists from each stream 

streams_itr = OSCAP.ds_sds_index_get_streams(self._sds_idx) 

while OSCAP.ds_stream_index_iterator_has_more(streams_itr): 

stream_idx = OSCAP.ds_stream_index_iterator_next(streams_itr) 

 

# will be used to store the checklists for streams 

stream_id = OSCAP.ds_stream_index_get_id(stream_idx) 

checklists = [] 

 

# iterate over checklists and append their ids to the list 

chklist_itr = OSCAP.ds_stream_index_get_checklists(stream_idx) 

while OSCAP.oscap_string_iterator_has_more(chklist_itr): 

checklists.append(OSCAP.oscap_string_iterator_next(chklist_itr)) 

 

# store the list of checklist for the current stream 

self._items[stream_id] = checklists 

 

OSCAP.oscap_string_iterator_free(chklist_itr) 

 

OSCAP.ds_stream_index_iterator_free(streams_itr) 

 

def __del__(self): 

"""Destructor for the DataStreamHandler class.""" 

 

if '_session' in locals(): 

# we should free the session 

OSCAP.xccdf_session_free(self._session) 

 

def get_data_streams(self): 

""" 

Method to get a list of data streams found in the data stream 

collection. 

 

:return: list of data stream IDs 

:rtype: list of strings 

 

""" 

 

return list(self._items.keys()) 

 

def get_data_streams_checklists(self): 

""" 

Method to get data streams and their checklists found in the data 

stream collection. 

 

:return: a dictionary consisting of the IDs of the data streams as keys 

and lists of their checklists' IDs as values 

:rtype: dict(str -> list of strings) 

 

""" 

 

# easy, we already have exactly what should be returned, just create a 

# copy, so that the caller cannot modify our internal attributes 

return dict(self._items) 

 

def get_checklists(self, data_stream_id): 

""" 

Method to get a list of checklists found in the data stream given by 

the data_stream_id. 

 

:param data_stream_id: ID of the data stream to get checklists from 

:type data_stream_id: str 

:return: list of checklist IDs found in the data stream given by the ID 

:rtype: list of strings 

 

""" 

 

if data_stream_id not in self._items: 

msg = "Invalid data stream id given: '%s'" % data_stream_id 

raise DataStreamHandlingError(msg) 

 

return self._items[data_stream_id] 

 

def get_profiles(self, data_stream_id, checklist_id): 

""" 

Method to get a list of profiles defined in the checklist given by the 

checklist_id that is defined in the data stream given by the 

data_stream_id. 

 

:param data_stream_id: ID of the data stream to get checklists from 

:type data_stream_id: str 

:param checklist_id: ID of the checklist to get profiles from 

:type checklist_id: str 

:return: list of profiles found in the checklist 

:rtype: list of ProfileInfo instances 

 

""" 

 

cache_id = "%s;%s" % (data_stream_id, checklist_id) 

if cache_id in self._profiles_cache: 

# found in cache, return the value 

return self._profiles_cache[cache_id] 

 

# not found in the cache, needs to be gathered 

 

# set the data stream and component (checklist) for the session 

OSCAP.xccdf_session_free(self._session) 

 

self._session = OSCAP.xccdf_session_new(self._dsc_file_path) 

if not self._session: 

msg = "'%s' is not a valid SCAP content file" % self._dsc_file_path 

raise DataStreamHandlingError(msg) 

 

OSCAP.xccdf_session_set_datastream_id(self._session, data_stream_id) 

OSCAP.xccdf_session_set_component_id(self._session, checklist_id) 

if OSCAP.xccdf_session_load(self._session) != 0: 

raise DataStreamHandlingError(OSCAP.oscap_err_desc()) 

 

# get the benchmark (checklist) 

policy_model = OSCAP.xccdf_session_get_policy_model(self._session) 

 

default_policy = OSCAP.xccdf_policy_new(policy_model, None) 

default_rules_count = OSCAP.xccdf_policy_get_selected_rules_count(default_policy) 

 

# will hold items for the profiles for the speficied DS and checklist 

profiles = [] 

 

if default_rules_count > 0: 

profiles.append(ProfileInfo("default", "Default", 

"The implicit XCCDF profile. Usually, the default contains no rules.")) 

 

benchmark = OSCAP.xccdf_policy_model_get_benchmark(policy_model) 

 

# iterate over the profiles in the benchmark and store them 

profile_itr = OSCAP.xccdf_benchmark_get_profiles(benchmark) 

while OSCAP.xccdf_profile_iterator_has_more(profile_itr): 

profile = OSCAP.xccdf_profile_iterator_next(profile_itr) 

 

id_ = OSCAP.xccdf_profile_get_id(profile) 

title = oscap_text_itr_get_text(OSCAP.xccdf_profile_get_title(profile)) 

desc = parse_HTML_from_content(oscap_text_itr_get_text(OSCAP.xccdf_profile_get_description(profile))) 

info = ProfileInfo(id_, title, desc) 

 

profiles.append(info) 

 

OSCAP.xccdf_profile_iterator_free(profile_itr) 

 

# cache the result 

self._profiles_cache[cache_id] = profiles 

 

return profiles 

 

 

class BenchmarkHandler(object): 

""" 

Class for handling XCCDF benchmark and retrieving data from it (mainly the 

list of profiles). 

 

""" 

 

def __init__(self, xccdf_file_path, tailoring_file_path=""): 

""" 

Constructor for the BenchmarkHandler class. 

 

:param xccdf_file_path: path to a file with an XCCDF benchmark 

:type xccdf_file_path: str 

:param tailoring_file_path: path to a tailoring file 

:type tailoring_file_path: str 

""" 

 

if not os.path.exists(xccdf_file_path): 

msg = "Invalid file path: '%s'" % xccdf_file_path 

raise BenchmarkHandlingError(msg) 

 

session = OSCAP.xccdf_session_new(xccdf_file_path) 

if not session: 

msg = "'%s' is not a valid SCAP content file" % xccdf_file_path 

raise BenchmarkHandlingError(msg) 

 

if tailoring_file_path: 

OSCAP.xccdf_session_set_user_tailoring_file(session, 

tailoring_file_path) 

if OSCAP.xccdf_session_load(session) != 0: 

raise BenchmarkHandlingError(OSCAP.oscap_err_desc()) 

 

# get the benchmark object 

policy_model = OSCAP.xccdf_session_get_policy_model(session) 

benchmark = OSCAP.xccdf_policy_model_get_benchmark(policy_model) 

 

default_policy = OSCAP.xccdf_policy_new(policy_model, None) 

default_rules_count = OSCAP.xccdf_policy_get_selected_rules_count(default_policy) 

 

# stores a list of profiles in the benchmark 

self._profiles = [] 

 

if default_rules_count > 0: 

self._profiles.append(ProfileInfo("default", "Default", 

"The implicit XCCDF profile. Usually, the default contains no rules.")) 

 

if not benchmark: 

msg = "Not a valid benchmark file: '%s'" % xccdf_file_path 

raise BenchmarkHandlingError(msg) 

 

# iterate over the profiles in the benchmark and store them 

profile_itr = OSCAP.xccdf_benchmark_get_profiles(benchmark) 

while OSCAP.xccdf_profile_iterator_has_more(profile_itr): 

profile = OSCAP.xccdf_profile_iterator_next(profile_itr) 

 

id_ = OSCAP.xccdf_profile_get_id(profile) 

title = oscap_text_itr_get_text(OSCAP.xccdf_profile_get_title(profile)) 

desc = parse_HTML_from_content(oscap_text_itr_get_text(OSCAP.xccdf_profile_get_description(profile))) 

info = ProfileInfo(id_, title, desc) 

 

self._profiles.append(info) 

 

if tailoring_file_path: 

tailoring = OSCAP.xccdf_policy_model_get_tailoring(policy_model) 

profile_itr = OSCAP.xccdf_tailoring_get_profiles(tailoring) 

while OSCAP.xccdf_profile_iterator_has_more(profile_itr): 

profile = OSCAP.xccdf_profile_iterator_next(profile_itr) 

 

id_ = OSCAP.xccdf_profile_get_id(profile) 

title = oscap_text_itr_get_text(OSCAP.xccdf_profile_get_title(profile)) 

desc = parse_HTML_from_content(oscap_text_itr_get_text(OSCAP.xccdf_profile_get_description(profile))) 

info = ProfileInfo(id_, title, desc) 

 

self._profiles.append(info) 

 

OSCAP.xccdf_profile_iterator_free(profile_itr) 

OSCAP.xccdf_session_free(session) 

 

@property 

def profiles(self): 

"""Property for the list of profiles defined in the benchmark.""" 

 

return self._profiles