def __saveScan(self, scan): scan_slug = datetime.now().strftime('%d.%m.%Y-%H:%M:%S') self.__cursor.execute(self.__mysql_templates['insert_scan'], (scan_slug, )) self.__commitToDB() stored_scan = Scan({ 'id': self.__cursor.lastrowid, 'slug': scan_slug, }) for rule in scan.rules(): stored_scan.addTestedRule(rule) return stored_scan
class ScanCommand(Command): def __init__(self, scan_manager, args): super().__init__(scan_manager) self.__xccdf_file = args.get('xccdf-file', None) self.__cpe_file = args.get('cpe-file', None) self.__scan = None @staticmethod def helpStr(): return 'Perform evaluation driven by XCCDF file (stig profile)' @staticmethod def addArguments(parser): parser.add_argument("xccdf-file", help="The XCCDF file to be used", type=argparse.FileType('r')) parser.add_argument( "--cpe", help= "Use given cpe dictionary or language (autodetected) for applicability checks", dest='cpe-file', type=argparse.FileType('r')) def ready(self): am_i_ready = (self.__xccdf_file is not None) if not am_i_ready: self._addError("No XCCDF file") return am_i_ready def _commandParams(self): params = [ "oscap", "xccdf", "eval", "--profile", "stig", ] if self.__cpe_file is not None: params.append("--cpe") params.append(self.__cpe_file.name) params.append(self.__xccdf_file.name) return params def exec(self): if not self.ready(): return ERROR self.__scan = Scan() process = subprocess.run( self._commandParams(), # ["cat", "scan.out"], # ["echo"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if process.returncode != SUCCESS: self._addError(process.stderr) excode = process.returncode self.__parseOutput(process.stdout) if len(self.__scan.rules()) > 0: self._smanager.saveScan(self.__scan) else: self.__scan = None self._addError( 'No rules tested, discarding scan. Check xccdf file validity') excode = ERROR return excode def __parseOutput(self, cmdout): aux_buff = cmdout.decode().split('\n\n') for rule in aux_buff: current_rule = {} rule_attr = rule.split('\n') if len(rule_attr) == 3: for attr in rule_attr: splitted_attr = attr.split('\r\t') if len(splitted_attr) == 2: if splitted_attr[0] == 'Title': current_rule['title'] = splitted_attr[1] elif splitted_attr[0] == 'Rule': current_rule['slug'] = splitted_attr[1] elif splitted_attr[0] == 'Result': current_rule['value'] = splitted_attr[1] rule = Rule(current_rule) result = Result(current_rule) self.__scan.addTestedRule(TestedRule(rule, result)) current_rule = {} def output(self): outp = 'Couldn\'t perform scan' if self.__scan is not None: outp = str(self.__scan) return outp