def from_yaml(yaml_file, env_yaml=None):
yaml_contents = open_and_macro_expand(yaml_file, env_yaml)
if yaml_contents is None:
return None
rule_id, _ = os.path.splitext(os.path.basename(yaml_file))
rule = Rule(rule_id)
rule.prodtype = yaml_contents.pop("prodtype", "all")
rule.title = required_key(yaml_contents, "title")
del yaml_contents["title"]
rule.description = required_key(yaml_contents, "description")
del yaml_contents["description"]
rule.rationale = required_key(yaml_contents, "rationale")
del yaml_contents["rationale"]
rule.severity = required_key(yaml_contents, "severity")
del yaml_contents["severity"]
rule.references = yaml_contents.pop("references", {})
rule.identifiers = yaml_contents.pop("identifiers", {})
rule.ocil_clause = yaml_contents.pop("ocil_clause", None)
rule.ocil = yaml_contents.pop("ocil", None)
rule.external_oval = yaml_contents.pop("oval_external_content", None)
rule.warnings = yaml_contents.pop("warnings", [])
for warning_list in rule.warnings:
if len(warning_list) != 1:
raise ValueError(
"Only one key/value pair should exist for each dictionary")
if yaml_contents:
raise RuntimeError("Unparsed YAML data in '%s'.\n\n%s" %
(yaml_file, yaml_contents))
rule.validate_identifiers(yaml_file)
rule.validate_references(yaml_file)
return rule
def from_yaml(yaml_file, id_, product_yaml=None):
yaml_contents = open_and_macro_expand(yaml_file, product_yaml)
if yaml_contents is None:
return None
benchmark = Benchmark(id_)
benchmark.title = required_key(yaml_contents, "title")
del yaml_contents["title"]
benchmark.status = required_key(yaml_contents, "status")
del yaml_contents["status"]
benchmark.description = required_key(yaml_contents, "description")
del yaml_contents["description"]
notice_contents = required_key(yaml_contents, "notice")
benchmark.notice_id = required_key(notice_contents, "id")
del notice_contents["id"]
benchmark.notice_description = required_key(notice_contents,
"description")
del notice_contents["description"]
if not notice_contents:
del yaml_contents["notice"]
benchmark.front_matter = required_key(yaml_contents, "front-matter")
del yaml_contents["front-matter"]
benchmark.rear_matter = required_key(yaml_contents, "rear-matter")
del yaml_contents["rear-matter"]
benchmark.version = str(required_key(yaml_contents, "version"))
del yaml_contents["version"]
if yaml_contents:
raise RuntimeError("Unparsed YAML data in '%s'.\n\n%s" %
(yaml_file, yaml_contents))
benchmark.cpes = product_yaml.get("cpes", [])
return benchmark
def _get_jinja_environment(substitutions_dict):
if _get_jinja_environment.env is None:
bytecode_cache = None
if required_key(substitutions_dict, "jinja2_cache_enabled") == "true":
bytecode_cache = jinja2.FileSystemBytecodeCache(
required_key(substitutions_dict, "jinja2_cache_dir"))
# TODO: Choose better syntax?
_get_jinja_environment.env = jinja2.Environment(
block_start_string="{{%",
block_end_string="%}}",
variable_start_string="{{{",
variable_end_string="}}}",
comment_start_string="{{#",
comment_end_string="#}}",
loader=AbsolutePathFileSystemLoader(),
bytecode_cache=bytecode_cache)
return _get_jinja_environment.env
def from_yaml(yaml_file, env_yaml=None):
yaml_contents = open_and_expand(yaml_file, env_yaml)
if yaml_contents is None:
return None
value_id, _ = os.path.splitext(os.path.basename(yaml_file))
value = Value(value_id)
value.title = required_key(yaml_contents, "title")
del yaml_contents["title"]
value.description = required_key(yaml_contents, "description")
del yaml_contents["description"]
value.type_ = required_key(yaml_contents, "type")
del yaml_contents["type"]
value.operator = yaml_contents.pop("operator", "equals")
possible_operators = [
"equals", "not equal", "greater than", "less than",
"greater than or equal", "less than or equal", "pattern match"
]
if value.operator not in possible_operators:
raise ValueError(
"Found an invalid operator value '%s' in '%s'. "
"Expected one of: %s" %
(value.operator, yaml_file, ", ".join(possible_operators)))
value.interactive = \
yaml_contents.pop("interactive", "false").lower() == "true"
value.options = required_key(yaml_contents, "options")
del yaml_contents["options"]
value.warnings = yaml_contents.pop("warnings", [])
for warning_list in value.warnings:
if len(warning_list) != 1:
raise ValueError(
"Only one key/value pair should exist for each dictionary")
if yaml_contents:
raise RuntimeError("Unparsed YAML data in '%s'.\n\n%s" %
(yaml_file, yaml_contents))
return value
def from_yaml(yaml_file, env_yaml=None):
yaml_contents = open_and_expand(yaml_file, env_yaml)
if yaml_contents is None:
return None
basename, _ = os.path.splitext(os.path.basename(yaml_file))
profile = Profile(basename)
profile.title = required_key(yaml_contents, "title")
del yaml_contents["title"]
profile.description = required_key(yaml_contents, "description")
del yaml_contents["description"]
profile.extends = yaml_contents.pop("extends", None)
profile.selections = required_key(yaml_contents, "selections")
del yaml_contents["selections"]
if yaml_contents:
raise RuntimeError("Unparsed YAML data in '%s'.\n\n%s" %
(yaml_file, yaml_contents))
return profile
def from_yaml(yaml_file, env_yaml=None):
yaml_contents = open_and_macro_expand(yaml_file, env_yaml)
if yaml_contents is None:
return None
group_id = os.path.basename(os.path.dirname(yaml_file))
group = Group(group_id)
group.prodtype = yaml_contents.pop("prodtype", "all")
group.title = required_key(yaml_contents, "title")
del yaml_contents["title"]
group.description = required_key(yaml_contents, "description")
del yaml_contents["description"]
group.warnings = yaml_contents.pop("warnings", [])
for warning_list in group.warnings:
if len(warning_list) != 1:
raise ValueError(
"Only one key/value pair should exist for each dictionary")
if yaml_contents:
raise RuntimeError("Unparsed YAML data in '%s'.\n\n%s" %
(yaml_file, yaml_contents))
return group
def checks(env_yaml, oval_version, oval_dirs):
"""Concatenate all XML files in the oval directory, to create the document
body
oval_dirs: list of directory with oval files (later has higher priority)
Return: The document body"""
body = []
included_checks_count = 0
reversed_dirs = oval_dirs[::-1] # earlier directory has higher priority
already_loaded = dict() # filename -> oval_version
for oval_dir in reversed_dirs:
try:
# sort the files to make output deterministic
for filename in sorted(os.listdir(oval_dir)):
if filename.endswith(".xml"):
xml_content = process_file(
os.path.join(oval_dir, filename), env_yaml
)
if not _check_is_applicable_for_product(
xml_content,
required_key(env_yaml, "product")
):
continue
if _check_is_loaded(already_loaded, filename, oval_version):
continue
if not _check_oval_version_from_oval(xml_content, oval_version):
continue
body.append(xml_content)
included_checks_count += 1
already_loaded[filename] = oval_version
except OSError as e:
if e.errno != errno.ENOENT:
raise
else:
sys.stderr.write("Not merging OVAL content from the "
"'%s' directory as the directory does not "
"exist\n" % (oval_dir))
sys.stderr.write("Merged %d OVAL checks.\n" % (included_checks_count))
return "".join(body)