[Open-scap] [PATCH] Added Python implementation example and single rpminfo test. Updated Makefile.am
Spencer Shimko
sshimko at tresys.com
Wed Jan 13 20:53:34 UTC 2010
This patch adds a quick and dirty Python example that exercises the OVAL probes. It is effectively a port of the existing oval_probes.c example.
Thanks,
--Spencer Shimko
Core Technology Unit
Tresys Technology
sshimko at tresys.com | www.tresys.com
Signed-off-by: Spencer Shimko <sshimko at tresys.com>
Signed-off-by: Ed Sealing <esealing at tresys.com>
---
Makefile.am | 2 +-
docs/examples/oval_probes.py | 155 ++++++++++++++++++++++++++++++++++++++++
docs/examples/package-test.xml | 77 ++++++++++++++++++++
3 files changed, 233 insertions(+), 1 deletions(-)
create mode 100755 docs/examples/oval_probes.py
create mode 100644 docs/examples/package-test.xml
diff --git a/Makefile.am b/Makefile.am
index ed493bd..0b579cf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -11,7 +11,7 @@ if WANT_PROBES
SUBDIRS += src/OVAL/probes
endif
-EXTRA_DIST = dist/fedora/openscap.spec docs/Doxyfile docs/examples/oval_probes.c
+EXTRA_DIST = dist/fedora/openscap.spec docs/Doxyfile docs/examples/oval_probes.c docs/examples/oval_probes.py docs/examples/package.test.xml
dist-hook: ChangeLog
cd $(distdir)/docs && doxygen Doxyfile
diff --git a/docs/examples/oval_probes.py b/docs/examples/oval_probes.py
new file mode 100755
index 0000000..01bc83a
--- /dev/null
+++ b/docs/examples/oval_probes.py
@@ -0,0 +1,155 @@
+#!/usr/bin/env python
+
+# Author: Ed Sealing <eseaing at tresys.com>
+# Francisco Slavin <fslavin at tresys.com>
+#
+# Copyright (C) 2010 Tresys Technology, LLC
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+# Basic Python implementation of oval_probes.c
+# Printing of function names was done to discover possible performance gaps.
+#
+# Usage:
+# ./oval_probes.py -d oval_definition.xml
+# Output:
+# System Characteristics File
+# Results file
+
+
+import sys, getopt
+from platform import machine
+
+# Determine location of libraries using platform and Python Versioning
+pyVersion = str(sys.version_info[0])+'.'+str(sys.version_info[1])
+if machine() == 'x86_64':
+ libPath='/usr/local/lib64/python'+pyVersion+'/site-packages'
+else:
+ libPath='/usr/local/lib/python'+pyVersion+'/site-packages'
+sys.path.append(libPath)
+
+from openscap import *
+
+
+def main():
+ try:
+ # Defining usage
+ opts, args = getopt.getopt(sys.argv[1:], "d:r:h",
+ ["definition=", "results=", "help"])
+
+ except getopt.GetoptError, err:
+ print str(err)
+ usage()
+ sys.exit(2)
+
+
+ try:
+
+ # Default input file & output directory
+ def_file = ""
+ results_dir = "./"
+
+ # Handling arguments
+ for opt, arg in opts:
+ if opt in ("-h", "--help"):
+ usage()
+ sys.exit()
+ elif opt in ("-d", "--definition"):
+ def_file = arg
+ elif opt in ("-r", "--results"):
+ results_dir = arg
+
+ # Populate the definition model
+ if def_file == "":
+ print "You must select a definition file using the -d flag"
+ usage()
+ sys.exit(2)
+ deffile = oscap_import_source_new_file(def_file, 'UTF-8')
+ def_model = oval_definition_model_new()
+ print "Importing Definition File to Model..."
+ oval_definition_model_import(def_model, deffile, None)
+ oscap_import_source_free(deffile)
+
+ # Create the syschar model
+ print "Creating System Characteristics Model..."
+ sys_model = oval_syschar_model_new(def_model)
+
+ # Call the probes
+ print "Probing Objects..."
+ oval_syschar_model_probe_objects(sys_model)
+
+ # Report the syschars in an XML file
+# print "Exporting System Characteristics Model..."
+ print "oval_syschar_model_get_syschars..."
+ syschars = oval_syschar_model_get_syschars(sys_model)
+ outfile = results_dir + def_file + "sysChars.xml"
+ print "oscap_export_target_new_file..."
+ syschar_out = oscap_export_target_new_file(outfile, 'UTF-8')
+ print "oval_syschar_model_export..."
+ oval_syschar_model_export(sys_model, syschar_out)
+ print "oscap_export_target_free..."
+ oscap_export_target_free(syschar_out)
+
+
+ # Create the results model
+ print "Creating Results Model..."
+ sys_models = [sys_model, None]
+ print "oval_results_model_new..."
+ res_model = oval_results_model_new(def_model, sys_models)
+
+ # Set up directives
+ print "Setting up Directives..."
+ res_direct = oval_result_directives_new(res_model)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_INVALID, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_TRUE, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_FALSE, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_UNKNOWN, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_ERROR, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_NOT_EVALUATED, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_NOT_APPLICABLE, 1)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_FALSE, OVAL_DIRECTIVE_CONTENT_FULL)
+ oval_result_directives_set_reported(res_direct, OVAL_RESULT_TRUE, OVAL_DIRECTIVE_CONTENT_FULL)
+
+ # Report the results in an XML file
+ print "Exporting Results File..."
+ outfile = results_dir + def_file + "results.xml"
+ print "oscap_export_target_new_file..."
+ result_out = oscap_export_target_new_file(outfile, 'UTF-8')
+ print "oval_results_model_export..."
+ oval_results_model_export(res_model, res_direct, result_out)
+ print "oscap_export_target_free"
+ oscap_export_target_free(result_out)
+
+ oval_definition_model_free(def_model)
+ oval_syschar_model_free(sys_model)
+ oval_results_model_free(res_model)
+ oval_result_directives_free(res_direct)
+
+ except Exception, err:
+ print str(err)
+ sys.exit(2)
+
+
+# Instructions
+def usage():
+ print "Usage:\n \
+ -d --definition - set a specific OVAL definition file \n \
+ -r --result - set a specific directory for results"
+
+
+
+if __name__ == "__main__":
+ main()
diff --git a/docs/examples/package-test.xml b/docs/examples/package-test.xml
new file mode 100644
index 0000000..31fc41b
--- /dev/null
+++ b/docs/examples/package-test.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definition xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+ xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
+ xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
+ xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+ class="compliance"
+ version="1"
+ id="oval:tresys.example:def:1">
+ <generator>
+ <oval:product_name>oval_probes Python Example</oval:product_name>
+ <oval:product_version>1.0</oval:product_version>
+ <oval:schema_version>5.5</oval:schema_version>
+ <oval:timestamp>2010-01-12T00:00:00-00:00</oval:timestamp>
+ </generator>
+ <definitions>
+ <definition class="inventory" version="1" id="oval:tresys.example:def:1">
+ <metadata>
+ <title>Fedora OS installed</title>
+ <affected family="unix">
+ <platform>Fedora</platform>
+ </affected>
+ <reference ref_id="cpe:/o:fedoraproject:fedora" source="CPE"/>
+ <description>You are running the test on a Fedora System</description>
+ </metadata>
+ <criteria>
+ <criterion test_ref="oval:tresys.example:tst:1"
+ comment="Fedora is installed"/>
+ <criterion test_ref="oval:tresys.example:tst:2"
+ comment="Installed operating system is part of the unix family"/>
+ </criteria>
+ </definition>
+ </definitions>
+ <tests>
+ <rpminfo_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
+ check_existence="at_least_one_exists"
+ comment="Fedora Version is 1-12"
+ version="1"
+ id="oval:tresys.example:tst:1"
+ check="at least one">
+ <object object_ref="oval:tresys.example:obj:1"/>
+ <state state_ref="oval:tresys.example:ste:1"/>
+ </rpminfo_test>
+ <family_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
+ check_existence="at_least_one_exists"
+ comment="System is part of the Unix family"
+ version="1"
+ id="oval:tresys.example:tst:2"
+ check="only one">
+ <object object_ref="oval:tresys.example:obj:2"/>
+ <state state_ref="oval:tresys.example:ste:2"/>
+ </family_test>
+ </tests>
+ <objects>
+ <rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" version="1"
+ id="oval:tresys.example:obj:1">
+ <name>fedora-release</name>
+ </rpminfo_object>
+ <family_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
+ version="1"
+ id="oval:tresys.example:obj:2"/>
+
+ </objects>
+ <states>
+ <rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" version="1"
+ id="oval:tresys.example:ste:1">
+ <version operation="pattern match">[0-9]*</version>
+ </rpminfo_state>
+ <family_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
+ version="1"
+ id="oval:tresys.example:ste:2">
+ <family>unix</family>
+ </family_state>
+ </states>
+</definition>
--
1.5.5.6
More information about the Open-scap-list
mailing list