| xccdf_policy.c | xccdf_policy.c | |||
|---|---|---|---|---|
| skipping to change at line 615 | skipping to change at line 615 | |||
| benchmark = xccdf_policy_model_get_benchmark(model); | benchmark = xccdf_policy_model_get_benchmark(model); | |||
| while (xccdf_check_export_iterator_has_more(check_it)) { | while (xccdf_check_export_iterator_has_more(check_it)) { | |||
| check = xccdf_check_export_iterator_next(check_it); | check = xccdf_check_export_iterator_next(check_it); | |||
| binding = xccdf_value_binding_new(); | binding = xccdf_value_binding_new(); | |||
| value = (struct xccdf_value *) xccdf_benchmark_get_item(benchma rk, xccdf_check_export_get_value(check)); | value = (struct xccdf_value *) xccdf_benchmark_get_item(benchma rk, xccdf_check_export_get_value(check)); | |||
| if (value == NULL) { | if (value == NULL) { | |||
| oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EVALUE, "Value does not exist\n"); | oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EVALUE, "Value does not exist\n"); | |||
| oscap_dlprintf(DBG_E, "Value \"%s\" does not exist in bench mark\n", xccdf_check_export_get_value(check)); | oscap_dlprintf(DBG_E, "Value \"%s\" does not exist in bench mark\n", xccdf_check_export_get_value(check)); | |||
| oscap_list_free(list, oscap_free); | ||||
| return NULL; | return NULL; | |||
| } | } | |||
| /* Apply related setvalue from policy profile */ | /* Apply related setvalue from policy profile */ | |||
| s_value = xccdf_policy_get_setvalue(policy, xccdf_value_get_id( value)); | s_value = xccdf_policy_get_setvalue(policy, xccdf_value_get_id( value)); | |||
| if (s_value != NULL) binding->setvalue = oscap_strdup((char *) xccdf_setvalue_get_value(s_value)); | if (s_value != NULL) binding->setvalue = oscap_strdup((char *) xccdf_setvalue_get_value(s_value)); | |||
| /* Apply related refine value from policy profile */ | /* Apply related refine value from policy profile */ | |||
| const char * selector = NULL; | const char * selector = NULL; | |||
| r_value = xccdf_policy_get_refine_value(policy, xccdf_value_get _id(value)); | r_value = xccdf_policy_get_refine_value(policy, xccdf_value_get _id(value)); | |||
| skipping to change at line 638 | skipping to change at line 639 | |||
| if (xccdf_refine_value_get_oper(r_value) != NAN) { | if (xccdf_refine_value_get_oper(r_value) != NAN) { | |||
| binding->operator = xccdf_refine_value_get_oper(r_value ); | binding->operator = xccdf_refine_value_get_oper(r_value ); | |||
| } else binding->operator = xccdf_value_get_oper(value); | } else binding->operator = xccdf_value_get_oper(value); | |||
| } else binding->operator = xccdf_value_get_oper(value); | } else binding->operator = xccdf_value_get_oper(value); | |||
| const struct xccdf_value_instance * val = xccdf_value_get_insta nce_by_selector(value, selector); | const struct xccdf_value_instance * val = xccdf_value_get_insta nce_by_selector(value, selector); | |||
| if (val == NULL) { | if (val == NULL) { | |||
| oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EVALUE, "Value inst ance does not exist\n"); | oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EVALUE, "Value inst ance does not exist\n"); | |||
| oscap_dlprintf(DBG_E, "Attempt to get non-existent selector \"%s\" from variable \"%s\"\n", selector, xccdf_value_get_id(value)); | oscap_dlprintf(DBG_E, "Attempt to get non-existent selector \"%s\" from variable \"%s\"\n", selector, xccdf_value_get_id(value)); | |||
| oscap_list_free(list, oscap_free); | ||||
| return NULL; | return NULL; | |||
| } | } | |||
| binding->value = oscap_strdup(xccdf_value_instance_get_value(va l)); | binding->value = oscap_strdup(xccdf_value_instance_get_value(va l)); | |||
| binding->name = oscap_strdup((char *) xccdf_check_export_get_na me(check)); | binding->name = oscap_strdup((char *) xccdf_check_export_get_na me(check)); | |||
| binding->type = xccdf_value_get_type(value); | binding->type = xccdf_value_get_type(value); | |||
| oscap_list_add(list, binding); | oscap_list_add(list, binding); | |||
| } | } | |||
| xccdf_check_export_iterator_free(check_it); | xccdf_check_export_iterator_free(check_it); | |||
| return list; | return list; | |||
| skipping to change at line 675 | skipping to change at line 677 | |||
| int ret = 0; | int ret = 0; | |||
| int ret2 = 0; | int ret2 = 0; | |||
| /* At least one of check-content or check-content-ref must | /* At least one of check-content or check-content-ref must | |||
| * appear in each check element. */ | * appear in each check element. */ | |||
| if (xccdf_check_get_complex(check)) { /* we have complex subtree */ | if (xccdf_check_get_complex(check)) { /* we have complex subtree */ | |||
| child_it = xccdf_check_get_children(check); | child_it = xccdf_check_get_children(check); | |||
| while (xccdf_check_iterator_has_more(child_it)) { | while (xccdf_check_iterator_has_more(child_it)) { | |||
| child = xccdf_check_iterator_next(child_it); | child = xccdf_check_iterator_next(child_it); | |||
| ret2 = xccdf_policy_check_evaluate(policy, child, rule_id); | ret2 = xccdf_policy_check_evaluate(policy, child, rule_id); | |||
| if (ret2 == -1) return -1; | if (ret2 == -1) { | |||
| xccdf_check_iterator_free(child_it); | ||||
| return -1; | ||||
| } | ||||
| if (ret == 0) ret = ret2; | if (ret == 0) ret = ret2; | |||
| else { | else { | |||
| ret = (int) _resolve_operation((xccdf_test_result_type_ t) ret, (xccdf_test_result_type_t) ret2, xccdf_check_get_oper(check)); | ret = (int) _resolve_operation((xccdf_test_result_type_ t) ret, (xccdf_test_result_type_t) ret2, xccdf_check_get_oper(check)); | |||
| } | } | |||
| } | } | |||
| xccdf_check_iterator_free(child_it); | xccdf_check_iterator_free(child_it); | |||
| } else { /* This is <check> element */ | } else { /* This is <check> element */ | |||
| /* It depends on what operation we process - we do only Complia nce Check */ | /* It depends on what operation we process - we do only Complia nce Check */ | |||
| content_it = xccdf_check_get_content_refs(check); | content_it = xccdf_check_get_content_refs(check); | |||
| system_name = xccdf_check_get_system(check); | system_name = xccdf_check_get_system(check); | |||
| bindings = xccdf_policy_check_get_value_bindings(policy, xccdf_ check_get_exports(check)); | bindings = xccdf_policy_check_get_value_bindings(policy, xccdf_ check_get_exports(check)); | |||
| if (bindings == NULL) | if (bindings == NULL) { | |||
| xccdf_check_content_ref_iterator_free(content_it); | ||||
| return XCCDF_RESULT_UNKNOWN; | return XCCDF_RESULT_UNKNOWN; | |||
| } | ||||
| while (xccdf_check_content_ref_iterator_has_more(content_it)) { | while (xccdf_check_content_ref_iterator_has_more(content_it)) { | |||
| content = xccdf_check_content_ref_iterator_next(content_it) ; | content = xccdf_check_content_ref_iterator_next(content_it) ; | |||
| content_name = xccdf_check_content_ref_get_name(content); | content_name = xccdf_check_content_ref_get_name(content); | |||
| href = xccdf_check_content_ref_get_href(content); | href = xccdf_check_content_ref_get_href(content); | |||
| /* Check if this is OVAL ? Never mind. Added to TODO */ | /* Check if this is OVAL ? Never mind. Added to TODO */ | |||
| ret = xccdf_policy_evaluate_cb(policy, system_name, content _name, href, rule_id, bindings); | ret = xccdf_policy_evaluate_cb(policy, system_name, content _name, href, rule_id, bindings); | |||
| if ((xccdf_test_result_type_t) ret != XCCDF_RESULT_NOT_CHEC KED) break; | if ((xccdf_test_result_type_t) ret != XCCDF_RESULT_NOT_CHEC KED) break; | |||
| } | } | |||
| xccdf_check_content_ref_iterator_free(content_it); | xccdf_check_content_ref_iterator_free(content_it); | |||
| oscap_list_free(bindings, (oscap_destruct_func) xccdf_value_bin ding_free); | oscap_list_free(bindings, (oscap_destruct_func) xccdf_value_bin ding_free); | |||
| skipping to change at line 761 | skipping to change at line 768 | |||
| check_it = xccdf_rule_get_checks((struct xccdf_rule *)item) ; | check_it = xccdf_rule_get_checks((struct xccdf_rule *)item) ; | |||
| /* we need to evaluate all checks in rule, iteration begin */ | /* we need to evaluate all checks in rule, iteration begin */ | |||
| while(xccdf_check_iterator_has_more(check_it)) { | while(xccdf_check_iterator_has_more(check_it)) { | |||
| check = xccdf_check_iterator_next(check_it); | check = xccdf_check_iterator_next(check_it); | |||
| /************** Evaluation **************/ | /************** Evaluation **************/ | |||
| ret = xccdf_policy_check_evaluate(policy, check, (c har *) rule_id); | ret = xccdf_policy_check_evaluate(policy, check, (c har *) rule_id); | |||
| /*****************************************/ | /*****************************************/ | |||
| if (ret == -1) { | if (ret == -1) { | |||
| oscap_free(description); | oscap_free(description); | |||
| xccdf_check_iterator_free(check_it); | ||||
| return -1; | return -1; | |||
| } | } | |||
| if (ret == false) /* we got item that can't be proc essed */ | if (ret == false) /* we got item that can't be proc essed */ | |||
| break; | break; | |||
| } | } | |||
| xccdf_check_iterator_free(check_it); | xccdf_check_iterator_free(check_it); | |||
| /* iteration thorugh checks ends here */ | /* iteration thorugh checks ends here */ | |||
| } else { | } else { | |||
| ret = XCCDF_RESULT_NOT_SELECTED; | ret = XCCDF_RESULT_NOT_SELECTED; | |||
| skipping to change at line 816 | skipping to change at line 824 | |||
| oscap_free(description); | oscap_free(description); | |||
| if (retval != 0) return retval; | if (retval != 0) return retval; | |||
| } break; | } break; | |||
| case XCCDF_GROUP:{ | case XCCDF_GROUP:{ | |||
| child_it = xccdf_group_get_content((const struct xccdf_ group *)item); | child_it = xccdf_group_get_content((const struct xccdf_ group *)item); | |||
| while (xccdf_item_iterator_has_more(child_it)) { | while (xccdf_item_iterator_has_more(child_it)) { | |||
| child = xccdf_item_iterator_next(child_it); | child = xccdf_item_iterator_next(child_it); | |||
| ret = xccdf_policy_item_evaluate(policy, child, result); | ret = xccdf_policy_item_evaluate(policy, child, result); | |||
| if (ret == -1) return -1; | if (ret == -1) { | |||
| xccdf_item_iterator_free(child_it); | ||||
| return -1; | ||||
| } | ||||
| if (ret == false) /* we got item that can't be processed */ | if (ret == false) /* we got item that can't be processed */ | |||
| break; | break; | |||
| } | } | |||
| xccdf_item_iterator_free(child_it); | xccdf_item_iterator_free(child_it); | |||
| } break; | } break; | |||
| default: | default: | |||
| /* TODO: set warning bad argument and return ? */ | /* TODO: set warning bad argument and return ? */ | |||
| ret=false; | ret=false; | |||
| skipping to change at line 1371 | skipping to change at line 1382 | |||
| return (struct xccdf_select_iterator *) oscap_iterator_new_filter( poli cy->selects, | return (struct xccdf_select_iterator *) oscap_iterator_new_filter( poli cy->selects, | |||
| (osc ap_filter_func) xccdf_policy_filter_selected, | (osc ap_filter_func) xccdf_policy_filter_selected, | |||
| poli cy); | poli cy); | |||
| } | } | |||
| /** | /** | |||
| * Make the rule from benchmark selected in Policy | * Make the rule from benchmark selected in Policy | |||
| */ | */ | |||
| bool xccdf_policy_set_selected(struct xccdf_policy * policy, char * idref) { | bool xccdf_policy_set_selected(struct xccdf_policy * policy, char * idref) { | |||
| bool ret; | ||||
| struct oscap_iterator *sel_it = | struct oscap_iterator *sel_it = | |||
| oscap_iterator_new_filter( policy->selects, (oscap_filter_func) xcc df_policy_filter_select, idref); | oscap_iterator_new_filter( policy->selects, (oscap_filter_func) xcc df_policy_filter_select, idref); | |||
| if (oscap_iterator_get_itemcount(sel_it) > 0) { | if (oscap_iterator_get_itemcount(sel_it) > 0) { | |||
| /* There is rule already, skip */ | /* There is rule already, skip */ | |||
| return 0; | ret = 0; | |||
| } | } | |||
| else { | else { | |||
| /* There is no such rule, add */ | /* There is no such rule, add */ | |||
| struct xccdf_select * sel = NULL; | struct xccdf_select * sel = NULL; | |||
| //TODO: sel = xccdf_select_new <-- missing implementation | //TODO: sel = xccdf_select_new <-- missing implementation | |||
| oscap_list_add(policy->selects, sel); | oscap_list_add(policy->selects, sel); | |||
| return 1; | ret = 1; | |||
| } | } | |||
| oscap_iterator_free(sel_it); | ||||
| return ret; | ||||
| } | } | |||
| /** | /** | |||
| * Get Policy from Policy model by it's id. | * Get Policy from Policy model by it's id. | |||
| */ | */ | |||
| struct xccdf_policy * xccdf_policy_model_get_policy_by_id(struct xccdf_poli cy_model * policy_model, const char * id) | struct xccdf_policy * xccdf_policy_model_get_policy_by_id(struct xccdf_poli cy_model * policy_model, const char * id) | |||
| { | { | |||
| struct xccdf_policy_iterator * policy_it; | struct xccdf_policy_iterator * policy_it; | |||
| struct xccdf_policy * policy; | struct xccdf_policy * policy; | |||
| skipping to change at line 1451 | skipping to change at line 1464 | |||
| r_rule = xccdf_refine_rule_iterator_next(r_rule_it); | r_rule = xccdf_refine_rule_iterator_next(r_rule_it); | |||
| item = xccdf_benchmark_get_item(benchmark, xccdf_refine_rule_get_it em(r_rule)); | item = xccdf_benchmark_get_item(benchmark, xccdf_refine_rule_get_it em(r_rule)); | |||
| if (item != NULL) { | if (item != NULL) { | |||
| /* Proccess refine rule appliement */ | /* Proccess refine rule appliement */ | |||
| /* In r_rule we have refine rule that match - no more then one !*/ | /* In r_rule we have refine rule that match - no more then one !*/ | |||
| if (xccdf_item_get_type(item) == XCCDF_GROUP) { | if (xccdf_item_get_type(item) == XCCDF_GROUP) { | |||
| /* Perform check of weight attribute - ignore other attrib utes */ | /* Perform check of weight attribute - ignore other attrib utes */ | |||
| if (xccdf_refine_rule_get_weight(r_rule) == NAN) { | if (xccdf_refine_rule_get_weight(r_rule) == NAN) { | |||
| oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EREFGROUPAT TR, | oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EREFGROUPAT TR, | |||
| "'Weight' attribute not specified, only 'we ight' attribute applies to groups items"); | "'Weight' attribute not specified, only 'we ight' attribute applies to groups items"); | |||
| xccdf_refine_rule_iterator_free(r_rule_it); | ||||
| return false; | return false; | |||
| } | } | |||
| else { | else { | |||
| /* Apply the rule changes */ | /* Apply the rule changes */ | |||
| xccdf_group_set_weight((struct xccdf_group *) item, xcc df_refine_rule_get_weight(r_rule) ); | xccdf_group_set_weight((struct xccdf_group *) item, xcc df_refine_rule_get_weight(r_rule) ); | |||
| } | } | |||
| } else if (xccdf_item_get_type(item) == XCCDF_RULE) { | } else if (xccdf_item_get_type(item) == XCCDF_RULE) { | |||
| /* Perform all changes in rule */ | /* Perform all changes in rule */ | |||
| if (xccdf_refine_rule_get_role(r_rule) != NAN) | if (xccdf_refine_rule_get_role(r_rule) != NAN) | |||
| skipping to change at line 1526 | skipping to change at line 1540 | |||
| sel_it = xccdf_policy_get_selects(policy); | sel_it = xccdf_policy_get_selects(policy); | |||
| while (xccdf_select_iterator_has_more(sel_it)) { | while (xccdf_select_iterator_has_more(sel_it)) { | |||
| sel = xccdf_select_iterator_next(sel_it); | sel = xccdf_select_iterator_next(sel_it); | |||
| /* Get the refid string and find xccdf_item in benchmark */ | /* Get the refid string and find xccdf_item in benchmark */ | |||
| /* TODO: we need to check if every requirement is met - some of req uired Item has to be sleected too */ | /* TODO: we need to check if every requirement is met - some of req uired Item has to be sleected too */ | |||
| item = xccdf_benchmark_get_item(benchmark, xccdf_select_get_item(se l)); | item = xccdf_benchmark_get_item(benchmark, xccdf_select_get_item(se l)); | |||
| if (item == NULL) { | if (item == NULL) { | |||
| oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EBADID, "Check-exports | char msg[100]; | |||
| collection: ID of selector does not exist in Benchmark !"); | snprintf(msg, sizeof(msg), "Selector ID(%s) does not exist in Be | |||
| nchmark.", xccdf_select_get_item(sel)); | ||||
| oscap_seterr(OSCAP_EFAMILY_XCCDF, XCCDF_EBADID, msg); | ||||
| continue; /* TODO: Should we just skip that selector ? XCCDF is not valid here !! */ | continue; /* TODO: Should we just skip that selector ? XCCDF is not valid here !! */ | |||
| } | } | |||
| if (xccdf_item_get_type(item) == XCCDF_GROUP) continue; | if (xccdf_item_get_type(item) == XCCDF_GROUP) continue; | |||
| ret = xccdf_policy_item_evaluate(policy, item, result); | ret = xccdf_policy_item_evaluate(policy, item, result); | |||
| if (ret == -1) return NULL; | if (ret == -1) { | |||
| xccdf_select_iterator_free(sel_it); | ||||
| xccdf_result_free(result); | ||||
| return NULL; | ||||
| } | ||||
| if (ret != 0) break; | if (ret != 0) break; | |||
| } | } | |||
| xccdf_select_iterator_free(sel_it); | xccdf_select_iterator_free(sel_it); | |||
| xccdf_policy_add_result(policy, result); | xccdf_policy_add_result(policy, result); | |||
| xccdf_result_set_end_time(result, time(NULL)); | xccdf_result_set_end_time(result, time(NULL)); | |||
| return result; | return result; | |||
| } | } | |||
| struct xccdf_score * xccdf_policy_get_score(struct xccdf_policy * policy, s truct xccdf_result * test_result, const char * scsystem) | struct xccdf_score * xccdf_policy_get_score(struct xccdf_policy * policy, s truct xccdf_result * test_result, const char * scsystem) | |||
| End of changes. 14 change blocks. | ||||
| 9 lines changed or deleted | 29 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||