From 3706544cdb1f47a3501c5dfb5d41f7174b3a3ac2 Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Wed, 21 Jun 2023 14:22:17 +0100 Subject: [PATCH 01/53] Add basic oval types --- java/code/src/com/suse/oval/OsFamily.java | 38 ++++ .../src/com/suse/oval/ovaltypes/Advisory.java | 65 +++++++ .../oval/ovaltypes/AdvisoryAffectedType.java | 31 +++ .../suse/oval/ovaltypes/AdvisoryCveType.java | 21 +++ .../ovaltypes/AdvisoryResolutionType.java | 34 ++++ .../suse/oval/ovaltypes/AffectedCpeList.java | 52 +++++ .../com/suse/oval/ovaltypes/AffectedType.java | 67 +++++++ .../src/com/suse/oval/ovaltypes/ArchType.java | 35 ++++ .../com/suse/oval/ovaltypes/CriteriaType.java | 131 +++++++++++++ .../oval/ovaltypes/DefinitionClassEnum.java | 53 ++++++ .../suse/oval/ovaltypes/DefinitionType.java | 177 ++++++++++++++++++ .../suse/oval/ovaltypes/DefinitionsType.java | 52 +++++ .../suse/oval/ovaltypes/EVRDataTypeEnum.java | 14 ++ .../src/com/suse/oval/ovaltypes/EVRType.java | 45 +++++ .../com/suse/oval/ovaltypes/FamilyEnum.java | 105 +++++++++++ .../suse/oval/ovaltypes/GeneratorType.java | 106 +++++++++++ .../oval/ovaltypes/LogicOperatorType.java | 55 ++++++ .../com/suse/oval/ovaltypes/MetadataType.java | 86 +++++++++ .../com/suse/oval/ovaltypes/NotesType.java | 33 ++++ .../suse/oval/ovaltypes/ObjectRefType.java | 33 ++++ .../com/suse/oval/ovaltypes/ObjectType.java | 108 +++++++++++ .../com/suse/oval/ovaltypes/ObjectsType.java | 61 ++++++ .../oval/ovaltypes/OperationEnumeration.java | 167 +++++++++++++++++ .../com/suse/oval/ovaltypes/OvalRootType.java | 129 +++++++++++++ .../com/suse/oval/ovaltypes/StateRefType.java | 36 ++++ .../com/suse/oval/ovaltypes/StateType.java | 133 +++++++++++++ .../com/suse/oval/ovaltypes/StatesType.java | 61 ++++++ .../src/com/suse/oval/ovaltypes/TestType.java | 155 +++++++++++++++ .../com/suse/oval/ovaltypes/TestsType.java | 62 ++++++ .../com/suse/oval/ovaltypes/VersionType.java | 32 ++++ 30 files changed, 2177 insertions(+) create mode 100644 java/code/src/com/suse/oval/OsFamily.java create mode 100644 java/code/src/com/suse/oval/ovaltypes/Advisory.java create mode 100644 java/code/src/com/suse/oval/ovaltypes/AdvisoryAffectedType.java create mode 100644 java/code/src/com/suse/oval/ovaltypes/AdvisoryCveType.java create mode 100644 java/code/src/com/suse/oval/ovaltypes/AdvisoryResolutionType.java create mode 100644 java/code/src/com/suse/oval/ovaltypes/AffectedCpeList.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/AffectedType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/ArchType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/CriteriaType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/DefinitionClassEnum.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/DefinitionType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/DefinitionsType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/EVRDataTypeEnum.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/EVRType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/FamilyEnum.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/GeneratorType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/LogicOperatorType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/MetadataType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/NotesType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/ObjectRefType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/ObjectType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/ObjectsType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/OperationEnumeration.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/OvalRootType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/StateRefType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/StateType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/StatesType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/TestType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/TestsType.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/VersionType.java diff --git a/java/code/src/com/suse/oval/OsFamily.java b/java/code/src/com/suse/oval/OsFamily.java new file mode 100644 index 000000000000..59693508c6d7 --- /dev/null +++ b/java/code/src/com/suse/oval/OsFamily.java @@ -0,0 +1,38 @@ +package com.suse.oval; + +public enum OsFamily { + openSUSE_LEAP("openSUSE Leap", "leap", "opensuse"), + SUSE_LINUX_ENTERPRISE_SERVER("SUSE Linux Enterprise Server", "sles", "suse"), + SUSE_LINUX_ENTERPRISE_DESKTOP("SUSE Linux Enterprise Desktop", "sled", "suse"), + REDHAT_ENTERPRISE_LINUX("Red Hat Enterprise Linux", "enterprise_linux", "redhat"), + UBUNTU("Ubuntu", "ubuntu", "canonical"), + DEBIAN("Debian", "debian", "debian"); + + private final String vendor; + private final String fullname; + // Should consist of all lower case characters + private final String shortname; + + + OsFamily(String fullname, String shortname, String vendor) { + this.fullname = fullname; + this.shortname = shortname; + this.vendor = vendor; + } + OsFamily(String fullname, String vendor) { + this(fullname, fullname.toLowerCase(), vendor); + } + + + public String fullname() { + return fullname; + } + + public String shortname() { + return shortname; + } + + public String vendor() { + return vendor; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/Advisory.java b/java/code/src/com/suse/oval/ovaltypes/Advisory.java new file mode 100644 index 000000000000..2ed4301238ad --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/Advisory.java @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.Collections; +import java.util.List; +import java.util.Optional; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class Advisory { + @XmlElement(name = "affected_cpe_list", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + private AffectedCpeList affectedCpeList; + + @XmlElement(name = "cve", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + private List cveList; + + @XmlElement(name = "affected", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + private AdvisoryAffectedType affected; + + public void setAffectedCpeList(AffectedCpeList affectedCpeListIn) { + this.affectedCpeList = affectedCpeListIn; + } + + public List getAffectedCpeList() { + return Optional.ofNullable(affectedCpeList) + .map(AffectedCpeList::getCpeList) + .orElse(Collections.emptyList()); + } + + public List getAffectedComponents() { + return Optional.ofNullable(affected).map(AdvisoryAffectedType::getResolution) + .map(AdvisoryResolutionType::getAffectedComponents).orElse(Collections.emptyList()); + } + + public List getCveList() { + return Optional.ofNullable(cveList).orElse(Collections.emptyList()); + } + + public void setCveList(List cveListIn) { + this.cveList = cveListIn; + } + + public void setAffected(AdvisoryAffectedType affectedIn) { + this.affected = affectedIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/AdvisoryAffectedType.java b/java/code/src/com/suse/oval/ovaltypes/AdvisoryAffectedType.java new file mode 100644 index 000000000000..e18e9bd48551 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/AdvisoryAffectedType.java @@ -0,0 +1,31 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class AdvisoryAffectedType { + @XmlElement(name = "resolution", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + private AdvisoryResolutionType resolution; + + /** + * Gets the resolution + * + * @return the resolution + * */ + public AdvisoryResolutionType getResolution() { + return resolution; + } + + /** + * Sets the resolution type + * + * @param resolutionIn the resolution to set + * */ + public void setResolution(AdvisoryResolutionType resolutionIn) { + this.resolution = resolutionIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/AdvisoryCveType.java b/java/code/src/com/suse/oval/ovaltypes/AdvisoryCveType.java new file mode 100644 index 000000000000..08c057751e12 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/AdvisoryCveType.java @@ -0,0 +1,21 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class AdvisoryCveType { + @XmlValue + private String cve; + + public String getCve() { + return cve; + } + + public void setCve(String cve) { + this.cve = cve; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/AdvisoryResolutionType.java b/java/code/src/com/suse/oval/ovaltypes/AdvisoryResolutionType.java new file mode 100644 index 000000000000..e01c2865ec70 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/AdvisoryResolutionType.java @@ -0,0 +1,34 @@ +package com.suse.oval.ovaltypes; + +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class AdvisoryResolutionType { + @XmlElement(name = "component", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected List affectedComponents; + @XmlAttribute(name = "state", required = true) + protected String state; + + public List getAffectedComponents() { + return affectedComponents; + } + + public void setAffectedComponents(List affectedComponents) { + this.affectedComponents = affectedComponents; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/AffectedCpeList.java b/java/code/src/com/suse/oval/ovaltypes/AffectedCpeList.java new file mode 100644 index 000000000000..e00656e279b5 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/AffectedCpeList.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class AffectedCpeList { + @XmlElement(name = "cpe", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + private List cpeList; + + /** + * Gets the list of CPEs + * + * @return the CPEs or an empty list if none is set + * */ + public List getCpeList() { + if (cpeList == null) { + return new ArrayList<>(); + } + return cpeList; + } + + /** + * Sets the CPEs + * + * @param cpeListIn the CPEs to set + * */ + public void setCpeList(List cpeListIn) { + this.cpeList = cpeListIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/AffectedType.java b/java/code/src/com/suse/oval/ovaltypes/AffectedType.java new file mode 100755 index 000000000000..89f02b741450 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/AffectedType.java @@ -0,0 +1,67 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.01 at 01:02:18 PM CET +// + + +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; +import java.util.ArrayList; +import java.util.List; + + +/** + * Please note that the AffectedType will change in future versions of OVAL in order to support the Common Platform Enumeration (CPE). + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "AffectedType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class AffectedType { + @XmlElement(name = "platform", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected List platforms; + @XmlElement(name = "product", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected List products; + @XmlAttribute(name = "family", required = true) + protected FamilyEnum family; + + /** + * Gets the value of the list of affected platforms + */ + public List getPlatforms() { + if (platforms == null) { + platforms = new ArrayList<>(); + } + return this.platforms; + } + + /** + * Gets the value of the list of affected products + */ + public List getProducts() { + if (products == null) { + products = new ArrayList<>(); + } + return this.products; + } + + /** + * Gets the value of the family property. + */ + public FamilyEnum getFamily() { + return family; + } + + /** + * Sets the value of the family property. + */ + public void setFamily(FamilyEnum value) { + this.family = value; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/ArchType.java b/java/code/src/com/suse/oval/ovaltypes/ArchType.java new file mode 100755 index 000000000000..9569cfb68af3 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/ArchType.java @@ -0,0 +1,35 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + * This is the architecture for which the package was built, like : i386, ppc, sparc, noarch. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class ArchType { + @XmlValue + private String value; + @XmlAttribute(name = "operation", required = true) + private OperationEnumeration operation; + + public String getValue() { + return value; + } + + public void setValue(String value) { + this.value = value; + } + + public OperationEnumeration getOperation() { + return operation; + } + + public void setOperation(OperationEnumeration operation) { + this.operation = operation; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/CriteriaType.java b/java/code/src/com/suse/oval/ovaltypes/CriteriaType.java new file mode 100755 index 000000000000..fe3eb47ced62 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/CriteriaType.java @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElements; +import javax.xml.bind.annotation.XmlType; + +/** + * The required operator attribute provides the logical operator that binds the different statements inside a criteria + * together. The optional negate attribute signifies that the result of the criteria as a whole should be negated + * during analysis. + *

+ * For example, consider a criteria that evaluates to TRUE if certain software is installed. + *

+ * By negating this test, it now evaluates to TRUE if the software is NOT installed. The optional comment attribute + * provides a short description of the criteria. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "CriteriaType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class CriteriaType implements BaseCriteria { + + @XmlElements({ + @XmlElement(name = "criteria", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", type = CriteriaType.class), + @XmlElement(name = "criterion", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", type = CriterionType.class) + }) + protected List children; + @XmlAttribute(name = "operator") + protected LogicOperatorType operator; + @XmlAttribute(name = "negate") + protected Boolean negate; + @XmlAttribute(name = "comment") + protected String comment; + + /** + * Gets the value of the contained criteria or criterion objects. + * + * @return the list of criteria or criterion children under this criteria + */ + public List getChildren() { + if (children == null) { + children = new ArrayList<>(); + } + return this.children; + } + + /** + * Gets the value of the operator property. + * + * @return the operator property or {@link LogicOperatorType.AND} if none is specified + */ + public LogicOperatorType getOperator() { + if (operator == null) { + return LogicOperatorType.AND; + } + else { + return operator; + } + } + + /** + * Sets the value of the operator property. + * + * @param value the operator property to set + */ + public void setOperator(LogicOperatorType value) { + this.operator = value; + } + + /** + * Gets the value of the negate property. + * + * @return a boolean that indicates whether to negate result after evaluation or {@code false} if none is specified + */ + public boolean isNegate() { + if (negate == null) { + return false; + } + else { + return negate; + } + } + + /** + * Sets the value of the negate property. + * + * @param value a boolean that indicates whether to negate result after evaluation or not + */ + public void setNegate(Boolean value) { + this.negate = value; + } + + /** + * Gets the value of the comment property. + * + * @return the comment + */ + public String getComment() { + return comment; + } + + /** + * Sets the value of the comment property. + * + * @param value the comment to set + */ + public void setComment(String value) { + this.comment = value; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/DefinitionClassEnum.java b/java/code/src/com/suse/oval/ovaltypes/DefinitionClassEnum.java new file mode 100755 index 000000000000..7314774b6618 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/DefinitionClassEnum.java @@ -0,0 +1,53 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +@XmlType(name = "ClassEnumeration", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +@XmlEnum +public enum DefinitionClassEnum { + + /** + * A patch definition details the machine state of whether a patch executable should be installed. + *

+ * A definition of this class will evaluate to true when the specified patch is missing from the system. + * Another way of thinking about this is that a patch definition is stating "the patch should be installed if ...". Note that word SHOULD is intended to mean more than just CAN the patch executable be installed. In other words, if a more recent patch is already installed then the specified patch might not need to be installed. + */ + @XmlEnumValue("patch") + PATCH("patch"), + + /** + * A vulnerability definition describes the conditions under which a machine is vulnerable. + *

+ * A definition of this class will evaluate to true when the system is found to be vulnerable with the stated issue. + * Another way of thinking about this is that a vulnerability definition is stating "the system is vulnerable if ...". + */ + @XmlEnumValue("vulnerability") + VULNERABILITY("vulnerability"); + private final String value; + + DefinitionClassEnum(String v) { + value = v; + } + + public static DefinitionClassEnum fromValue(String v) { + for (DefinitionClassEnum c : DefinitionClassEnum.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + + /** + * Gets the string value + * + * @return the string value + * */ + public String value() { + return value; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/DefinitionType.java b/java/code/src/com/suse/oval/ovaltypes/DefinitionType.java new file mode 100755 index 000000000000..79de6daba3ae --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/DefinitionType.java @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import com.suse.oval.OsFamily; + +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; + +import javax.persistence.Transient; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + + +/** + * The required id attribute is the OVAL-ID of the Definition. The form of an OVAL-ID must follow the specific format + * described by the oval:DefinitionIDPattern. + *

+ * The required version attribute holds the current version of the definition. + *

+ * Versions are integers, starting at 1 and incrementing every time a definition is modified. The required class + * attribute indicates the specific class to which the definition belongs. The class gives a hint to a user, + * so they can know what the definition writer is trying to say. See the definition of oval-def:ClassEnumeration + * for more information about the different valid classes. + *

+ * The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information + * has been kept around for historic purposes. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "definition", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class DefinitionType { + + @XmlElement(name = "metadata", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected MetadataType metadata; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected CriteriaType criteria; + @XmlAttribute(name = "id", required = true) + protected String id; + @XmlAttribute(name = "class", required = true) + protected DefinitionClassEnum definitionClass; + + @Transient + protected List cves = new ArrayList<>(); + @Transient + protected OsFamily osFamily; + @Transient + private String osVersion; + + /** + * Gets the value of the metadata property. + * + * @return possible object is + * {@link MetadataType } + */ + public MetadataType getMetadata() { + return metadata; + } + + /** + * Sets the value of the metadata property. + * + * @param value the metadata to set + */ + public void setMetadata(MetadataType value) { + this.metadata = value; + } + + public CriteriaType getCriteria() { + return criteria; + } + + public void setCriteria(CriteriaType criteriaIn) { + this.criteria = criteriaIn; + } + + /** + * Gets the value of the id property. + * @return the id + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * @param valueIn the id to set + */ + public void setId(String valueIn) { + this.id = valueIn; + } + + /** + * Gets the value of the clazz property. + * @return the definition class + */ + public DefinitionClassEnum getDefinitionClass() { + return definitionClass; + } + + /** + * Sets the value of the clazz property. + * @param value the definition class to set + */ + public void setDefinitionClass(DefinitionClassEnum value) { + this.definitionClass = value; + } + + /** + * Returns any CVE in the list of associated CVEs. To be called when the caller knows that there is a single CVE + * associated with this definition. + * + * @return the CVE wrapped in an {@code Optional} + * */ + public Optional getSingleCve() { + if (cves.isEmpty()) { + return Optional.empty(); + } + return cves.stream().findFirst(); + } + + /** + * Clears the list of associated CVEs and add a single CVE. + * + * @param cve the cve to add + * */ + public void setSingleCve(String cve) { + this.cves.clear(); + this.cves.add(cve); + } + + /** + * Returns the list of associated CVEs + * + * @return the list of CVEs + * */ + public List getCves() { + return cves; + } + + public void setCves(List cvesIn) { + this.cves = cvesIn; + } + + public OsFamily getOsFamily() { + return osFamily; + } + + public void setOsFamily(OsFamily osFamilyIn) { + this.osFamily = osFamilyIn; + } + + public String getOsVersion() { + return osVersion; + } + + public void setOsVersion(String osVersionIn) { + this.osVersion = osVersionIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/DefinitionsType.java b/java/code/src/com/suse/oval/ovaltypes/DefinitionsType.java new file mode 100755 index 000000000000..4878de5d6d69 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/DefinitionsType.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + * The DefinitionsType complex type is a container for one or more definition elements. + * Each definition element describes a single OVAL Definition. + *

+ * Please refer to the description of the {@link DefinitionType} for more information about an individual definition. + *

+ */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "DefinitionsType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class DefinitionsType { + + @XmlElement(name = "definition", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected List definitions; + + /** + * Gets the list of definitions + * + * @return the list of contained OVAL definitions. + */ + public List getDefinitions() { + if (definitions == null) { + definitions = new ArrayList<>(); + } + return this.definitions; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/EVRDataTypeEnum.java b/java/code/src/com/suse/oval/ovaltypes/EVRDataTypeEnum.java new file mode 100755 index 000000000000..7a942ead9d4a --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/EVRDataTypeEnum.java @@ -0,0 +1,14 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + +@XmlType(namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +@XmlEnum +public enum EVRDataTypeEnum { + @XmlEnumValue("debian_evr_string") + DEBIAN_EVR, + @XmlEnumValue("evr_string") + RPM_EVR +} diff --git a/java/code/src/com/suse/oval/ovaltypes/EVRType.java b/java/code/src/com/suse/oval/ovaltypes/EVRType.java new file mode 100755 index 000000000000..fe0881aeb73e --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/EVRType.java @@ -0,0 +1,45 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + * This represents the epoch, version, and release fields as a single version string. It has the form "EPOCH:VERSION-RELEASE". + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class EVRType { + @XmlValue + private String value; + @XmlAttribute(name = "datatype") + private EVRDataTypeEnum datatype; + @XmlAttribute(name = "operation", required = true) + private OperationEnumeration operation; + + public String getValue() { + return value; + } + + public void setValue(String value) { + this.value = value; + } + + public EVRDataTypeEnum getDatatype() { + return datatype; + } + + public void setDatatype(EVRDataTypeEnum datatype) { + this.datatype = datatype; + } + + public OperationEnumeration getOperation() { + return operation; + } + + public void setOperation(OperationEnumeration operation) { + this.operation = operation; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/FamilyEnum.java b/java/code/src/com/suse/oval/ovaltypes/FamilyEnum.java new file mode 100755 index 000000000000..17e7eaec4f07 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/FamilyEnum.java @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +@XmlType(name = "FamilyEnumeration", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +@XmlEnum +public enum FamilyEnum { + + + /** + * The catos value describes the Cisco CatOS operating system. + */ + @XmlEnumValue("catos") + CATOS("catos"), + + /** + * The ios value describes the Cisco IOS operating system. + */ + @XmlEnumValue("ios") + IOS("ios"), + + /** + * The macos value describes the Mac operating system. + */ + @XmlEnumValue("macos") + MACOS("macos"), + + /** + * The pixos value describes the Cisco PIX operating system. + */ + @XmlEnumValue("pixos") + PIXOS("pixos"), + + /** + * The undefined value is to be used when the desired family is not available. + */ + @XmlEnumValue("undefined") + UNDEFINED("undefined"), + + /** + * The unix value describes the UNIX operating system. + */ + @XmlEnumValue("unix") + UNIX("unix"), + + /** + * The vmware_infrastructure value describes VMWare Infrastructure. + */ + @XmlEnumValue("vmware_infrastructure") + VMWARE_INFRASTRUCTURE("vmware_infrastructure"), + + /** + * The windows value describes the Microsoft Windows operating system. + */ + @XmlEnumValue("windows") + WINDOWS("windows"); + private final String value; + + FamilyEnum(String v) { + value = v; + } + + /** + * Returns the string value of this OS familty's enum + * + * @return the string value of OS family + * */ + public String value() { + return value; + } + + /** + * Returns an {@link FamilyEnum} object that correspond to the given OS family string + * + * @param v the string value + * @return an {@link FamilyEnum} + * */ + public static FamilyEnum fromValue(String v) { + for (FamilyEnum c: FamilyEnum.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/GeneratorType.java b/java/code/src/com/suse/oval/ovaltypes/GeneratorType.java new file mode 100755 index 000000000000..a97b7d79a905 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/GeneratorType.java @@ -0,0 +1,106 @@ +package com.suse.oval.ovaltypes; + +import org.w3c.dom.Element; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.datatype.XMLGregorianCalendar; +import java.math.BigDecimal; +import java.util.ArrayList; +import java.util.List; + + +/** + * Additional generator information is also allowed although it is not part of the official OVAL Schema. Individual + * organizations can place generator information that they feel are important and these will be skipped during the validation. + *

+ * All OVAL really cares about is that the stated generator information is there. + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "GeneratorType", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +public class GeneratorType { + + @XmlElement(name = "product_name", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") + protected String productName; + @XmlElement(name = "product_version", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") + protected String productVersion; + @XmlElement(name = "schema_version", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5", required = true) + protected BigDecimal schemaVersion; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-common-5", required = true) + @XmlSchemaType(name = "dateTime") + protected XMLGregorianCalendar timestamp; + @XmlAnyElement + protected List any; + + /** + * Gets the value of the productName property. + */ + public String getProductName() { + return productName; + } + + /** + * Sets the value of the productName property. + */ + public void setProductName(String value) { + this.productName = value; + } + + /** + * Gets the value of the productVersion property. + */ + public String getProductVersion() { + return productVersion; + } + + /** + * Sets the value of the productVersion property. + */ + public void setProductVersion(String value) { + this.productVersion = value; + } + + /** + * Gets the value of the schemaVersion property. + */ + public BigDecimal getSchemaVersion() { + return schemaVersion; + } + + /** + * Sets the value of the schemaVersion property. + */ + public void setSchemaVersion(BigDecimal value) { + this.schemaVersion = value; + } + + /** + * Gets the value of the timestamp property. + */ + public XMLGregorianCalendar getTimestamp() { + return timestamp; + } + + /** + * Sets the value of the timestamp property. + */ + public void setTimestamp(XMLGregorianCalendar value) { + this.timestamp = value; + } + + /** + * Gets the value of the any property. + */ + public List getAny() { + if (any == null) { + any = new ArrayList<>(); + } + return this.any; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/LogicOperatorType.java b/java/code/src/com/suse/oval/ovaltypes/LogicOperatorType.java new file mode 100755 index 000000000000..bb0ea3dee84e --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/LogicOperatorType.java @@ -0,0 +1,55 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + + +@XmlType(name = "OperatorEnumeration", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +@XmlEnum +public enum LogicOperatorType { + + + /** + * The AND operator produces a true result if every argument is true. If one or more arguments are false, the result of the AND is false. If one or more of the arguments are unknown, and if none of the arguments are false, then the AND operator produces a result of unknown. + * + */ + AND, + + /** + * The ONE operator produces a true result if one and only one argument is true. If there are more than argument is true (or if there are no true arguments), the result of the ONE is false. If one or more of the arguments are unknown, then the ONE operator produces a result of unknown. + * + */ + ONE, + + /** + * The OR operator produces a true result if one or more arguments is true. If every argument is false, the result of the OR is false. If one or more of the arguments are unknown and if none of arguments are true, then the OR operator produces a result of unknown. + * + */ + OR, + + /** + * XOR is defined to be true if an odd number of its arguments are true, and false otherwise. If any of the arguments are unknown, then the XOR operator produces a result of unknown. + * + */ + XOR; + + /** + * Gets the string value + * + * @return the string value + * */ + public String value() { + return name(); + } + + /** + * Returns an {@link LogicOperatorType} object that correspond to the given operator string + * + * @param v the value + * @return an {@link LogicOperatorType} + * */ + public static LogicOperatorType fromValue(String v) { + return valueOf(v); + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/MetadataType.java b/java/code/src/com/suse/oval/ovaltypes/MetadataType.java new file mode 100755 index 000000000000..41efdc003ab7 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/MetadataType.java @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.Optional; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + * Additional metadata is also allowed, although it is not part of the official OVAL Schema. + * Individual organizations can place metadata items that they feel are important and these will be skipped during + * the validation. + *

+ * All OVAL really cares about is that the stated metadata items are there. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "MetadataType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class MetadataType { + + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected String title; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected String description; + @XmlElement(name = "advisory", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected Advisory advisory; + + /** + * Gets the value of the title property. + * + * @return the title + */ + public String getTitle() { + return title; + } + + /** + * Sets the value of the title property. + * + * @param valueIn the title to set + */ + public void setTitle(String valueIn) { + this.title = valueIn; + } + + /** + * Gets the value of the description property. + * + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * Sets the value of the description property. + * + * @param valueIn the description to set + */ + public void setDescription(String valueIn) { + this.description = valueIn; + } + + public Optional getAdvisory() { + return Optional.ofNullable(advisory); + } + + public void setAdvisory(Advisory advisoryIn) { + this.advisory = advisoryIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/NotesType.java b/java/code/src/com/suse/oval/ovaltypes/NotesType.java new file mode 100755 index 000000000000..a6b5dabdf85f --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/NotesType.java @@ -0,0 +1,33 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; +import java.util.ArrayList; +import java.util.List; + + +/** + * The NotesType complex type is a container for one or more note child elements. Each note contains some information + * about the definition or tests that it references. A note may record an unresolved question about the definition or + * test or present the reason as to why a particular approach was taken. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "NotesType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class NotesType { + + @XmlElement(name = "note", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected List notes; + + /** + * Gets the list of notes + */ + public List getNotes() { + if (notes == null) { + notes = new ArrayList<>(); + } + return this.notes; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/ObjectRefType.java b/java/code/src/com/suse/oval/ovaltypes/ObjectRefType.java new file mode 100755 index 000000000000..ccc5d41fd863 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/ObjectRefType.java @@ -0,0 +1,33 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + +/** + * The ObjectRefType defines an object reference to be used by OVAL Tests that are defined in the component schemas. + * The required object_ref attribute specifies the id of the OVAL Object being referenced. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ObjectRefType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class ObjectRefType { + + @XmlAttribute(name = "object_ref", required = true) + protected String objectRef; + + /** + * Gets the value of the objectRef property. + */ + public String getObjectRef() { + return objectRef; + } + + /** + * Sets the value of the objectRef property. + */ + public void setObjectRef(String value) { + this.objectRef = value; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/ObjectType.java b/java/code/src/com/suse/oval/ovaltypes/ObjectType.java new file mode 100755 index 000000000000..29be99eada9c --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/ObjectType.java @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import com.suse.oval.ovaltypes.linux.DpkginfoObject; +import com.suse.oval.ovaltypes.linux.RpminfoObject; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * The required id attribute uniquely identifies each object, and must conform to the format specified by the + * ObjectIdPattern simple type. The required version attribute holds the current version of the object element. + *

+ * Versions are integers, starting at 1 and incrementing every time an object is modified. The optional comment + * attribute provides a short description of the object. + *

+ * The optional deprecated attribute signifies that an id is no longer to be used or referenced but the information + * has been kept around for historic purposes. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ObjectType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class ObjectType { + + @XmlAttribute(name = "id", required = true) + protected String id; + @XmlAttribute(name = "comment") + protected String comment; + + // These attributes are not specified for the base object type as per the schema; nevertheless, + // they have been included since both dpkg and rpm objects have them. + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux") + protected String name; + + /** + * Gets the value of the id property. + * + * @return the object id + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param valueIn the object id to set + */ + public void setId(String valueIn) { + this.id = valueIn; + } + + /** + * Gets the value of the comment property. + * + * @return the comment + */ + public String getComment() { + return comment; + } + + /** + * Sets the value of the comment property. + * + * @param valueIn the comment value to set + */ + public void setComment(String valueIn) { + this.comment = valueIn; + } + + /** + * Returns the package name. + * + * @return the package name + */ + public String getPackageName() { + return name; + } + + public void setPackageName(String nameIn) { + this.name = nameIn; + } + + public boolean isDpkg() { + return this instanceof DpkginfoObject; + } + + public boolean isRpm() { + return this instanceof RpminfoObject; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/ObjectsType.java b/java/code/src/com/suse/oval/ovaltypes/ObjectsType.java new file mode 100755 index 000000000000..3de393c5f04e --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/ObjectsType.java @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import com.suse.oval.ovaltypes.linux.DpkginfoObject; +import com.suse.oval.ovaltypes.linux.RpminfoObject; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElements; +import javax.xml.bind.annotation.XmlType; + +/** + * The ObjectsType is a container for one or more object child elements. + *

+ * Each object element provides details that define a unique set of matching items to be used by an OVAL Test. + * Please refer to the description of the object element for more information about an individual object. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ObjectsType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class ObjectsType { + + @XmlElements({ + @XmlElement(name = "rpminfo_object", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = RpminfoObject.class), + @XmlElement(name = "dpkginfo_object", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = DpkginfoObject.class), + @XmlElement(name = "object", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", type = ObjectType.class) + }) + protected List objects; + + /** + * Gets the list of contained objects. + * @return the objects + */ + public List getObjects() { + if (objects == null) { + objects = new ArrayList<>(); + } + return this.objects; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/OperationEnumeration.java b/java/code/src/com/suse/oval/ovaltypes/OperationEnumeration.java new file mode 100755 index 000000000000..6719375df3ed --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/OperationEnumeration.java @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + +@XmlType(name = "OperationEnumeration", namespace = "http://oval.mitre.org/XMLSchema/oval-common-5") +@XmlEnum +public enum OperationEnumeration { + + + /** + * The 'equals' operation returns true if the actual value on the system is equal to the stated entity. + * When the specified datatype is a string, this results in a case-sensitive comparison. + */ + @XmlEnumValue("equals") + EQUALS("equals"), + + /** + * The 'not equal' operation returns true if the actual value on the system is not equal to the stated entity. + * When the specified datatype is a string, this results in a case-sensitive comparison. + */ + @XmlEnumValue("not equal") + NOT_EQUAL("not equal"), + + /** + * The 'case insensitive equals' operation is meant for string data and returns true if the actual value on + * the system is equal (using a case insensitive comparison) to the stated entity. + */ + @XmlEnumValue("case insensitive equals") + CASE_INSENSITIVE_EQUALS("case insensitive equals"), + + /** + * The 'case insensitive not equal' operation is meant for string data and returns true if the actual value on + * the system is not equal (using a case insensitive comparison) to the stated entity. + */ + @XmlEnumValue("case insensitive not equal") + CASE_INSENSITIVE_NOT_EQUAL("case insensitive not equal"), + + /** + * The 'greater than' operation returns true if the actual value on the system is greater than the stated entity. + */ + @XmlEnumValue("greater than") + GREATER_THAN("greater than"), + + /** + * The 'less than' operation returns true if the actual value on the system is less than the stated entity. + */ + @XmlEnumValue("less than") + LESS_THAN("less than"), + + /** + * The 'greater than or equal' operation returns true if the actual value on the system is greater than or equal + * to the stated entity. + */ + @XmlEnumValue("greater than or equal") + GREATER_THAN_OR_EQUAL("greater than or equal"), + + /** + * The 'less than or equal' operation returns true if the actual value on the system is less than or + * equal to the stated entity. + */ + @XmlEnumValue("less than or equal") + LESS_THAN_OR_EQUAL("less than or equal"), + + /** + * The 'bitwise and' operation is used to determine if a specific bit is set. It returns true if performing + * a BITWISE AND with the binary representation of the stated entity against the binary representation of + * the actual value on the system results in a binary value that is equal to the binary representation of the + * stated entity. + *

+ * For example, assuming a datatype of 'int', if the actual integer value of the setting on your machine is + * 6 (same as 0110 in binary), then performing a 'bitwise and' with the stated integer 4 (0100) returns 4 (0100). + *

+ * Since the result is the same as the state mask, then the test returns true. If the actual value on your machine + * is 1 (0001), then the 'bitwise and' with the stated integer 4 (0100) returns 0 (0000). Since the result is not + * the same as the stated mask, then the test fails. + */ + @XmlEnumValue("bitwise and") + BITWISE_AND("bitwise and"), + + /** + * The 'bitwise or' operation is used to determine if a specific bit is not set. It returns true if performing + * a BITWISE OR with the binary representation of the stated entity against the binary representation of the actual + * value on the system results in a binary value that is equal to the binary representation of the stated entity. + *

+ * For example, assuming a datatype of 'int', if the actual integer value of the setting on your machine + * is 6 (same as 0110 in binary), then performing a 'bitwise or' with the stated integer 14 (1110) + * returns 14 (1110). + *

+ * Since the result is the same as the state mask, then the test returns true. If the actual value on your machine + * is 1 (0001), then the 'bitwise or' with the stated integer 14 (1110) returns 15 (1111). Since the result is not + * the same as the stated mask, then the test fails. + */ + @XmlEnumValue("bitwise or") + BITWISE_OR("bitwise or"), + + /** + * The 'pattern match' operation allows an item to be tested against a regular expression. + *

+ * When used by an entity in an OVAL Object, the regular expression represents the unique set of matching items + * on the system. OVAL supports a common subset of the regular expression character classes, operations, expressions + * and other lexical tokens defined within Perl 5's regular expression specification. For more information on + * the supported regular expression syntax in OVAL see: http://oval.mitre.org/language/about/re_support_5.6.html + */ + @XmlEnumValue("pattern match") + PATTERN_MATCH("pattern match"), + + /** + * The 'subset of' operation returns true if the actual set on the system is a subset of the set defined + * by the stated entity. + */ + @XmlEnumValue("subset of") + SUBSET_OF("subset of"), + + /** + * The 'superset of' operation returns true if the actual set on the system is a superset of the set defined + * by the stated entity. + */ + @XmlEnumValue("superset of") + SUPERSET_OF("superset of"); + private final String value; + + OperationEnumeration(String v) { + value = v; + } + + /** + * Gets the string value + * + * @return the string value + * */ + public String value() { + return value; + } + + /** + * Returns an {@link OperationEnumeration} object that correspond to the given operation string + * + * @param v the value + * @return an {@link OperationEnumeration} + * */ + public static OperationEnumeration fromValue(String v) { + for (OperationEnumeration c: OperationEnumeration.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/OvalRootType.java b/java/code/src/com/suse/oval/ovaltypes/OvalRootType.java new file mode 100755 index 000000000000..025d1fcc6fc8 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/OvalRootType.java @@ -0,0 +1,129 @@ +package com.suse.oval.ovaltypes; + +import com.suse.oval.OsFamily; + +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; + +import javax.persistence.Transient; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "") +@XmlRootElement(name = "oval_definitions", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class OvalRootType { + + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", required = true) + protected GeneratorType generator; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected DefinitionsType definitions; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected TestsType tests; + @XmlElement(name = "objects", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected ObjectsType objects; + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") + protected StatesType states; + @Transient + protected OsFamily osFamily; + @Transient + protected String osVersion; + + /** + * Gets the value of the generator property. + */ + public GeneratorType getGenerator() { + return generator; + } + + /** + * Sets the value of the generator property. + */ + public void setGenerator(GeneratorType value) { + this.generator = value; + } + + /** + * Gets the list of OVAL definitions. + */ + public List getDefinitions() { + if (definitions == null) { + return new ArrayList<>(); + } else { + return definitions.getDefinitions(); + } + } + + /** + * Sets the list of OVAL definitions. + */ + public void setDefinitions(List value) { + this.definitions = new DefinitionsType(); + this.definitions.definitions = new ArrayList<>(value); + } + + /** + * Gets the list of OVAL tests. + */ + public List getTests() { + return Optional.ofNullable(tests).map(TestsType::getTests).orElse(new ArrayList<>()); + } + + /** + * Sets the list of OVAL tests. + */ + public void setTests(List value) { + this.tests = new TestsType(); + this.tests.tests = new ArrayList<>(value); + } + + /** + * Gets the list of OVAL objects. + */ + public List getObjects() { + return Optional.ofNullable(objects).map(ObjectsType::getObjects).orElse(new ArrayList<>()); + } + + /** + * Sets the list of OVAL objects. + */ + public void setObjects(List value) { + this.objects = new ObjectsType(); + this.objects.objects = new ArrayList<>(value); + } + + /** + * Gets the list of OVAL states. + */ + public List getStates() { + return Optional.ofNullable(states).map(StatesType::getStates).orElse(new ArrayList<>()); + } + + /** + * Sets the list of OVAL states. + */ + public void setStates(List value) { + this.states = new StatesType(); + this.states.states = new ArrayList<>(value); + } + + public OsFamily getOsFamily() { + return osFamily; + } + + public void setOsFamily(OsFamily osFamily) { + this.osFamily = osFamily; + } + + public String getOsVersion() { + return osVersion; + } + + public void setOsVersion(String osVersion) { + this.osVersion = osVersion; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/StateRefType.java b/java/code/src/com/suse/oval/ovaltypes/StateRefType.java new file mode 100755 index 000000000000..893d897c2a2c --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/StateRefType.java @@ -0,0 +1,36 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + + +/** + * The StateRefType defines a state reference to be used by OVAL Tests that are defined in the component schemas. + * The required state_ref attribute specifies the id of the OVAL State being referenced. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "StateRefType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class StateRefType { + + @XmlAttribute(name = "state_ref", required = true) + protected String stateRef; + + /** + * Gets the value of the stateRef property. + * + * @return the contained state id + */ + public String getStateRef() { + return stateRef; + } + + /** + * Sets the value of the stateRef property. + */ + public void setStateRef(String value) { + this.stateRef = value; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/StateType.java b/java/code/src/com/suse/oval/ovaltypes/StateType.java new file mode 100755 index 000000000000..a1d42b9e5754 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/StateType.java @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.Optional; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * When evaluating a particular state against an object, one should evaluate each individual entity separately. + * The individual results are then combined by the operator to produce an overall result. + *

+ * This process holds true even when there are multiple instances of the same entity. Evaluate each instance separately, + * taking the entity check attribute into account, and then combine everything using the operator. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "StateType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class StateType { + + @XmlAttribute(name = "id", required = true) + protected String id; + @XmlAttribute(name = "operator") + protected LogicOperatorType operator; + @XmlAttribute(name = "comment") + protected String comment; + @XmlElement(name = "evr", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux") + protected EVRType packageEVR; + @XmlElement(name = "arch", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux") + protected ArchType packageArch; + @XmlElement(name = "version", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux") + protected VersionType packageVersion; + + /** + * Gets the value of the id property. + * + * @return the state id + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value the state id + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets the value of the operator property. + * + * @return the operator + */ + public LogicOperatorType getOperator() { + if (operator == null) { + return LogicOperatorType.AND; + } + else { + return operator; + } + } + + /** + * Sets the value of the operator property. + * + * @param value the operator + */ + public void setOperator(LogicOperatorType value) { + this.operator = value; + } + + /** + * Gets the value of the comment property. + * + * @return the comment associated with this state + */ + public String getComment() { + return comment; + } + + /** + * Sets the value of the comment property. + * + * @param value the comment value to set + */ + public void setComment(String value) { + this.comment = value; + } + + public Optional getPackageEVR() { + return Optional.ofNullable(packageEVR); + } + + public void setPackageEVR(EVRType packageEVRIn) { + this.packageEVR = packageEVRIn; + } + + public Optional getPackageArch() { + return Optional.ofNullable(packageArch); + } + + public void setPackageArch(ArchType packageArchIn) { + this.packageArch = packageArchIn; + } + + public Optional getPackageVersion() { + return Optional.ofNullable(packageVersion); + } + + public void setPackageVersion(VersionType packageVersionIn) { + this.packageVersion = packageVersionIn; + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/StatesType.java b/java/code/src/com/suse/oval/ovaltypes/StatesType.java new file mode 100755 index 000000000000..031ea7bb5cbe --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/StatesType.java @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import com.suse.oval.ovaltypes.linux.DpkginfoState; +import com.suse.oval.ovaltypes.linux.RpminfoState; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElements; +import javax.xml.bind.annotation.XmlType; + +/** + * The StatesType is a container for one or more state child elements. + * Each state provides details about specific characteristics that can be used during an evaluation of an object. + *

+ * Please refer to the description of the state element for more information about an individual state. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "StatesType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class StatesType { + + @XmlElements({ + @XmlElement(name = "rpminfo_state", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = RpminfoState.class), + @XmlElement(name = "dpkginfo_state", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = DpkginfoState.class), + @XmlElement(name = "state", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", type = StateType.class) + }) + protected List states; + + /** + * Gets the contained states. + * @return the states + */ + public List getStates() { + if (states == null) { + states = new ArrayList<>(); + } + return this.states; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/TestType.java b/java/code/src/com/suse/oval/ovaltypes/TestType.java new file mode 100755 index 000000000000..602a564adea7 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/TestType.java @@ -0,0 +1,155 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import java.util.List; +import java.util.Optional; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + * The optional state_operator attribute provides the logical operator that combines the evaluation results from + * each referenced state on a per item basis. Each matching item is compared to each referenced state. + *

+ * The result of comparing each state to a single item is combined based on the specified state_operator value to + * determine one result for each item. Finally, the results for each item are combined based on the specified + * check value. + *

+ * Note that if the test does not contain any references to OVAL States, then the state_operator attribute has no + * meaning and can be ignored during evaluation. + *

+ * Referencing multiple states in one test allows ranges of possible values to be expressed. For example, one state + * can check that a value greater than 8 is found and another state can check that a value of less than 16 is found. + * In this example the referenced states are combined with a state_operator = 'AND' indicating that the conditions + * of all referenced states must be satisfied and that the value must be between 8 AND 16. The valid state_operation + * values are explained in the description of the OperatorEnumeration simple type. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TestType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class TestType { + + @XmlAttribute(name = "id", required = true) + protected String id; + @XmlAttribute(name = "comment", required = true) + protected String comment; + + /** + * These attributes are not specified for the base test type as per the schema; nevertheless, it has been included + * since both dpkg and rpm test types have it. + */ + @XmlElement(namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", required = true) + protected ObjectRefType object; + @XmlElement(name = "state", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux") + protected List states; + + /** + * Gets the value of the id property. + * + * @return the test's id + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param valueIn the test id to set + */ + public void setId(String valueIn) { + this.id = valueIn; + } + + /** + * Gets the value of the comment property. + * + * @return the comment value + */ + public String getComment() { + return comment; + } + + /** + * Sets the value of the comment property. + * + * @param valueIn the comment value to set + */ + public void setComment(String valueIn) { + this.comment = valueIn; + } + + /** + * Gets the value of the object property. + * + * @return the id of the object associated with this test + */ + public String getObjectRef() { + if (object == null) { + throw new IllegalStateException("Objects cannot be null"); + } + return object.objectRef; + } + + /** + * Sets the value of the object property. + * @param valueIn the object id to set + */ + public void setObjectRef(String valueIn) { + ObjectRefType refType = new ObjectRefType(); + refType.setObjectRef(valueIn); + this.object = refType; + } + + /** + * Gets the value of the state property. + *


+ * NOTE: Although the OVAL specs says that an OVAL test could have 0 or more states but for the OVAL files that + * we are consuming, is always 0 or 1 state hence an {@code Optional} is used. + * + * @return an {@link Optional} that may or may not contain a state reference + */ + public Optional getStateRef() { + if (this.states == null) { + return Optional.empty(); + } + else if (this.states.size() == 1) { + return Optional.ofNullable(states.get(0).getStateRef()); + } + else { + throw new IllegalStateException("Each test is expected to have 0 or 1 state"); + } + } + + public void setStates(List statesIn) { + this.states = statesIn; + } + + /** + * Sets the associated state id + * + * @param valueIn the state id to set + * */ + public void setStateRef(String valueIn) { + states.clear(); + StateRefType stateRef = new StateRefType(); + stateRef.setStateRef(valueIn); + states.add(stateRef); + } +} diff --git a/java/code/src/com/suse/oval/ovaltypes/TestsType.java b/java/code/src/com/suse/oval/ovaltypes/TestsType.java new file mode 100755 index 000000000000..874b3e49c70c --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/TestsType.java @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval.ovaltypes; + +import com.suse.oval.ovaltypes.linux.DpkginfoTest; +import com.suse.oval.ovaltypes.linux.RpminfoTest; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElements; +import javax.xml.bind.annotation.XmlType; + +/** + * The TestsType complex type is a container for one or more test child elements. + *

+ * Each test element describes a single OVAL Test. Please refer to the description of the TestType for more information + * about an individual test. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TestsType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class TestsType { + + @XmlElements({ + @XmlElement(name = "rpminfo_test", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = RpminfoTest.class), + @XmlElement(name = "dpkginfo_test", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5#linux", type = DpkginfoTest.class), + @XmlElement(name = "test", + namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5", type = TestType.class) + }) + protected List tests; + + /** + * Gets the value of the contained tests. + * + * @return the list of contained tests + */ + public List getTests() { + if (tests == null) { + tests = new ArrayList<>(); + } + return this.tests; + } + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/VersionType.java b/java/code/src/com/suse/oval/ovaltypes/VersionType.java new file mode 100755 index 000000000000..e2aae7b62584 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/VersionType.java @@ -0,0 +1,32 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class VersionType { + @XmlValue + private String value; + @XmlAttribute(name = "operation", required = true) + private OperationEnumeration operation; + + public String getValue() { + return value; + } + + public void setValue(String value) { + this.value = value; + } + + public OperationEnumeration getOperation() { + return operation; + } + + public void setOperation(OperationEnumeration operation) { + this.operation = operation; + } +} \ No newline at end of file From 10f1ff47903e45c35d2c1bf1c737565120dec5a9 Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Wed, 21 Jun 2023 14:35:14 +0100 Subject: [PATCH 02/53] Add OVAL Criteria and Criterion types --- .../com/suse/oval/ovaltypes/BaseCriteria.java | 16 ++++ .../suse/oval/ovaltypes/CriterionType.java | 73 +++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 java/code/src/com/suse/oval/ovaltypes/BaseCriteria.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/CriterionType.java diff --git a/java/code/src/com/suse/oval/ovaltypes/BaseCriteria.java b/java/code/src/com/suse/oval/ovaltypes/BaseCriteria.java new file mode 100644 index 000000000000..12fa44166dae --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/BaseCriteria.java @@ -0,0 +1,16 @@ +package com.suse.oval.ovaltypes; + +import com.fasterxml.jackson.annotation.JsonSubTypes; +import com.fasterxml.jackson.annotation.JsonTypeInfo; + +import java.io.Serializable; + +@JsonTypeInfo( + use = JsonTypeInfo.Id.NAME, + property = "type") +@JsonSubTypes({ + @JsonSubTypes.Type(value = CriteriaType.class, name = "criteriaType"), + @JsonSubTypes.Type(value = CriterionType.class, name = "criterionType")} +) +public interface BaseCriteria extends Serializable { +} diff --git a/java/code/src/com/suse/oval/ovaltypes/CriterionType.java b/java/code/src/com/suse/oval/ovaltypes/CriterionType.java new file mode 100755 index 000000000000..3cea5779674c --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/CriterionType.java @@ -0,0 +1,73 @@ +package com.suse.oval.ovaltypes; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + + +/** + * The required test_ref attribute is the actual id of the test being referenced. The optional negate attribute signifies + * that the result of an individual test should be negated during analysis. For example, consider a test that evaluates to TRUE + * if a specific patch is installed. By negating this test, it now evaluates to TRUE if the patch is NOT installed. + *

+ * The optional comment attribute provides a short description of the specified test and should mirror the comment + * attribute of the actual test. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "CriterionType", namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5") +public class CriterionType implements BaseCriteria { + + @XmlAttribute(name = "test_ref", required = true) + protected String testRef; + @XmlAttribute(name = "negate") + protected Boolean negate; + @XmlAttribute(name = "comment") + protected String comment; + + /** + * Gets the value of the testRef property. + */ + public String getTestRef() { + return testRef; + } + + /** + * Sets the value of the testRef property. + */ + public void setTestRef(String value) { + this.testRef = value; + } + + /** + * Gets the value of the negate property. + */ + public boolean isNegate() { + if (negate == null) { + return false; + } else { + return negate; + } + } + + /** + * Sets the value of the negate property. + */ + public void setNegate(Boolean value) { + this.negate = value; + } + + /** + * Gets the value of the comment property. + */ + public String getComment() { + return comment; + } + + /** + * Sets the value of the comment property. + */ + public void setComment(String value) { + this.comment = value; + } +} From f879c193e2c0381d2c7cc7657b6bf1e51d886e42 Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Wed, 21 Jun 2023 14:37:32 +0100 Subject: [PATCH 03/53] Create OVAL Linux extension types --- .../oval/ovaltypes/linux/DpkginfoObject.java | 26 +++++++++++++++++++ .../oval/ovaltypes/linux/DpkginfoState.java | 26 +++++++++++++++++++ .../oval/ovaltypes/linux/DpkginfoTest.java | 26 +++++++++++++++++++ .../oval/ovaltypes/linux/RpminfoObject.java | 25 ++++++++++++++++++ .../oval/ovaltypes/linux/RpminfoState.java | 23 ++++++++++++++++ .../oval/ovaltypes/linux/RpminfoTest.java | 17 ++++++++++++ 6 files changed, 143 insertions(+) create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoObject.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoState.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoTest.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/RpminfoObject.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/RpminfoState.java create mode 100755 java/code/src/com/suse/oval/ovaltypes/linux/RpminfoTest.java diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoObject.java b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoObject.java new file mode 100755 index 000000000000..515ce3818d6c --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoObject.java @@ -0,0 +1,26 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.05 at 09:45:43 PM CET +// + + +package com.suse.oval.ovaltypes.linux; + + +import com.suse.oval.ovaltypes.ObjectType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + + +/** + * A dpkginfo object consists of a single name entity that identifies the package being checked. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "dpkginfo_object") +public class DpkginfoObject extends ObjectType { + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoState.java b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoState.java new file mode 100755 index 000000000000..5e3a85b275ec --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoState.java @@ -0,0 +1,26 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.05 at 09:45:43 PM CET +// + + +package com.suse.oval.ovaltypes.linux; + + +import com.suse.oval.ovaltypes.StateType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + + +/** + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "dpkginfo_state") +public class DpkginfoState extends StateType { + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoTest.java b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoTest.java new file mode 100755 index 000000000000..7b1652b9ddf2 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/DpkginfoTest.java @@ -0,0 +1,26 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.05 at 09:45:43 PM CET +// + + +package com.suse.oval.ovaltypes.linux; + +import com.suse.oval.ovaltypes.TestType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + + +/** + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "dpkginfo_test") +public class DpkginfoTest extends TestType { + + +} diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoObject.java b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoObject.java new file mode 100755 index 000000000000..4306b4ee18e9 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoObject.java @@ -0,0 +1,25 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.05 at 09:45:43 PM CET +// + + +package com.suse.oval.ovaltypes.linux; + + +import com.suse.oval.ovaltypes.ObjectType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + + +/** + * A rpm info object consists of a single name entity that identifies the package being checked. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "rpminfo_object") +public class RpminfoObject extends ObjectType { +} diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoState.java b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoState.java new file mode 100755 index 000000000000..0db99ff9f4ee --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoState.java @@ -0,0 +1,23 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.3.1 +// See https://javaee.github.io/jaxb-v2/ +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2023.06.05 at 09:45:43 PM CET +// + + +package com.suse.oval.ovaltypes.linux; + + +import com.suse.oval.ovaltypes.StateType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + +/** + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "rpminfo_state") +public class RpminfoState extends StateType { +} diff --git a/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoTest.java b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoTest.java new file mode 100755 index 000000000000..1fab354834a7 --- /dev/null +++ b/java/code/src/com/suse/oval/ovaltypes/linux/RpminfoTest.java @@ -0,0 +1,17 @@ +package com.suse.oval.ovaltypes.linux; + +import com.suse.oval.ovaltypes.TestType; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + + +/** + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "rpminfo_test") +public class RpminfoTest extends TestType { + +} From fdc3fd362839f6b598b75576ccdb88e7c7435358 Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Wed, 21 Jun 2023 14:42:21 +0100 Subject: [PATCH 04/53] Implement the OVAL parser - This is a temporary implementation based on JAXB API which consumes a lot of memory. I plan to rewrite it with StAX for better performance. --- java/code/src/com/suse/oval/OvalParser.java | 66 +++++++++++++++++++ .../oval/exceptions/OvalParserException.java | 19 ++++++ 2 files changed, 85 insertions(+) create mode 100755 java/code/src/com/suse/oval/OvalParser.java create mode 100755 java/code/src/com/suse/oval/exceptions/OvalParserException.java diff --git a/java/code/src/com/suse/oval/OvalParser.java b/java/code/src/com/suse/oval/OvalParser.java new file mode 100755 index 000000000000..babe3b0b22f7 --- /dev/null +++ b/java/code/src/com/suse/oval/OvalParser.java @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2023 SUSE LLC + * + * This software is licensed to you under the GNU General Public License, + * version 2 (GPLv2). There is NO WARRANTY for this software, express or + * implied, including the implied warranties of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 + * along with this software; if not, see + * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + * + * Red Hat trademarks are not licensed under GPLv2. No permission is + * granted to use or replicate Red Hat trademarks that are incorporated + * in this software or its documentation. + */ + +package com.suse.oval; + +import com.suse.oval.exceptions.OvalParserException; +import com.suse.oval.ovaltypes.OvalRootType; + +import java.io.File; +import java.net.URISyntaxException; +import java.net.URL; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +/** + * The Oval Parser is responsible for parsing OVAL(Open Vulnerability and Assessment Language) documents + */ +public class OvalParser { + + /** + * Parse the given OVAL file + * + * @param ovalFile the OVAL file to parse + * @return the parsed OVAL encapulated in a {@link OvalRootType} object= + * */ + public OvalRootType parse(File ovalFile) throws OvalParserException { + try { + JAXBContext jaxbContext = JAXBContext.newInstance(OvalRootType.class); + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + return (OvalRootType) unmarshaller.unmarshal(ovalFile); + } + catch (JAXBException e) { + throw new OvalParserException("Failed to parse the given OVAL file at: " + ovalFile.getAbsolutePath(), e); + } + } + + /** + * Parse the given OVAL file from a URL + * + * @param url the URL to get the OVAL file from + * @return the parsed OVAL encapsulated in a {@link OvalRootType} object + * */ + public OvalRootType parse(URL url) { + try { + return parse(new File(url.toURI())); + } + catch (URISyntaxException e) { + throw new RuntimeException(e); + } + } + +} diff --git a/java/code/src/com/suse/oval/exceptions/OvalParserException.java b/java/code/src/com/suse/oval/exceptions/OvalParserException.java new file mode 100755 index 000000000000..c4867948b5b6 --- /dev/null +++ b/java/code/src/com/suse/oval/exceptions/OvalParserException.java @@ -0,0 +1,19 @@ +package com.suse.oval.exceptions; + +public class OvalParserException extends RuntimeException { + public OvalParserException() { + super(); + } + + public OvalParserException(String message) { + super(message); + } + + public OvalParserException(Throwable cause) { + super(cause); + } + + public OvalParserException(String message, Throwable cause) { + super(message, cause); + } +} From 21143b625262fadfdc215c0cc5cdf61a3a2f4e3c Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Wed, 21 Jun 2023 14:27:02 +0100 Subject: [PATCH 05/53] Create OVALLookupHelper - A utility class to access OVAL resources (tests, objects and states) by id and quickly --- .../suse/oval/manager/OVALLookupHelper.java | 56 +++++++++++++++++++ .../suse/oval/manager/OvalObjectManager.java | 41 ++++++++++++++ .../suse/oval/manager/OvalStateManager.java | 49 ++++++++++++++++ .../suse/oval/manager/OvalTestManager.java | 50 +++++++++++++++++ 4 files changed, 196 insertions(+) create mode 100644 java/code/src/com/suse/oval/manager/OVALLookupHelper.java create mode 100755 java/code/src/com/suse/oval/manager/OvalObjectManager.java create mode 100755 java/code/src/com/suse/oval/manager/OvalStateManager.java create mode 100755 java/code/src/com/suse/oval/manager/OvalTestManager.java diff --git a/java/code/src/com/suse/oval/manager/OVALLookupHelper.java b/java/code/src/com/suse/oval/manager/OVALLookupHelper.java new file mode 100644 index 000000000000..8e03d64449f4 --- /dev/null +++ b/java/code/src/com/suse/oval/manager/OVALLookupHelper.java @@ -0,0 +1,56 @@ +package com.suse.oval.manager; + +import com.suse.oval.ovaltypes.ObjectType; +import com.suse.oval.ovaltypes.OvalRootType; +import com.suse.oval.ovaltypes.StateType; +import com.suse.oval.ovaltypes.TestType; + +import java.util.Optional; + +public class OVALLookupHelper { + private final OvalStateManager stateManager; + private final OvalTestManager testManager; + private final OvalObjectManager objectManager; + + /** + * Standard constructor + * + * @param rootType the root to get OVAL resources from + * */ + public OVALLookupHelper(OvalRootType rootType) { + this.stateManager = new OvalStateManager(rootType.getStates()); + this.testManager = new OvalTestManager(rootType.getTests()); + this.objectManager = new OvalObjectManager(rootType.getObjects()); + } + + /** + * Looks up an OVAL test with an id of {@code testId} + * + * @param testId the test id to look up + * @return the cached {@link TestType} object that correspond to the test id + * */ + public Optional lookupTestById(String testId) { + // TODO: testManager#get throws an exception if testId is invalid + return Optional.ofNullable(testManager.get(testId)); + } + + /** + * Looks up an OVAL state with an id of {@code stateId} + * + * @param stateId the object id to look up + * @return the cached StateType object that correspond to the state id + * */ + public Optional lookupStateById(String stateId) { + return Optional.ofNullable(stateManager.get(stateId)); + } + + /** + * Looks up an OVAL object with an id of {@code objectID} + * + * @param objectId the object id to look up + * @return the cached ObjectType object that correspond to the object id + * */ + public Optional lookupObjectById(String objectId) { + return Optional.ofNullable(objectManager.get(objectId)); + } +} diff --git a/java/code/src/com/suse/oval/manager/OvalObjectManager.java b/java/code/src/com/suse/oval/manager/OvalObjectManager.java new file mode 100755 index 000000000000..256dcbb03aca --- /dev/null +++ b/java/code/src/com/suse/oval/manager/OvalObjectManager.java @@ -0,0 +1,41 @@ +package com.suse.oval.manager; + +import com.suse.oval.ovaltypes.ObjectType; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * A cache for {@link ObjectType} to access OVAL objects quickly + */ +public class OvalObjectManager { + private final Map objectsMap = new HashMap<>(); + + /** + * Standard constructor + * + * @param objects the objects to store and lookup later + * */ + public OvalObjectManager(List objects) { + for (ObjectType objectType : objects) { + objectsMap.put(objectType.getId(), objectType); + } + } + + public ObjectType get(String objectId) { + ObjectType object = objectsMap.get(objectId); + if (object == null) { + throw new IllegalArgumentException("The object id is invalid: " + objectId); + } + return object; + } + + public boolean exists(String objectId) { + return objectsMap.containsKey(objectId); + } + + public void add(ObjectType objectType) { + objectsMap.put(objectType.getId(), objectType); + } +} diff --git a/java/code/src/com/suse/oval/manager/OvalStateManager.java b/java/code/src/com/suse/oval/manager/OvalStateManager.java new file mode 100755 index 000000000000..889900ab7d61 --- /dev/null +++ b/java/code/src/com/suse/oval/manager/OvalStateManager.java @@ -0,0 +1,49 @@ +package com.suse.oval.manager; + +import com.suse.oval.ovaltypes.StateType; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * A cache for {@link StateType} to access OVAL states quickly + */ +public class OvalStateManager { + private final Map statesMap = new HashMap<>(); + + /** + * Standard constructor + * + * @param states the states to store and lookup later + * */ + public OvalStateManager(List states) { + for (StateType state : states) { + statesMap.put(state.getId(), state); + } + } + + /** + * Looks up an OVAL state with an id of {@code stateId} or throws an exception if none is found. + * + * @param stateId the id of state to lookup + * @return the state + * */ + public StateType get(String stateId) { + StateType state = statesMap.get(stateId); + if (state == null) { + throw new IllegalArgumentException("The state id is invalid: " + stateId); + } + return state; + } + + /** + * Check if an OVAL state with an id of {@code stateId} exists + * + * @param stateId the state id to check if exists + * @return whether a state with {@code stateId} exist or not + * */ + protected boolean exists(String stateId) { + return statesMap.containsKey(stateId); + } +} diff --git a/java/code/src/com/suse/oval/manager/OvalTestManager.java b/java/code/src/com/suse/oval/manager/OvalTestManager.java new file mode 100755 index 000000000000..745c81f56a62 --- /dev/null +++ b/java/code/src/com/suse/oval/manager/OvalTestManager.java @@ -0,0 +1,50 @@ +package com.suse.oval.manager; + + +import com.suse.oval.ovaltypes.TestType; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * A cache for {@link TestType} to access OVAL tests quickly + */ +public class OvalTestManager { + private final Map testsMap = new HashMap<>(); + + /** + * Standard constructor + * + * @param tests the tests to store and lookup later + * */ + public OvalTestManager(List tests) { + for (TestType test : tests) { + testsMap.put(test.getId(), test); + } + } + + /** + * Looks up an OVAL test with an id of {@code testId} or throws an exception if none is found. + * + * @param testId the id of test to lookup + * @return the test + * */ + public TestType get(String testId) { + TestType test = testsMap.get(testId); + if (test == null) { + throw new IllegalArgumentException("The test id is invalid: " + testId); + } + return test; + } + + /** + * Check if an OVAL test with an id of {@code testId} exists + * + * @param testId the state id to check if exists + * @return whether a test with {@code testId} exist or not + * */ + public boolean exists(String testId) { + return testsMap.containsKey(testId); + } +} From 3517c70fd3e09133372c8813c6ca7e1c5f7af89c Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Mon, 11 Sep 2023 19:41:01 +0100 Subject: [PATCH 06/53] Define database schema --- .../common/tables/suseOVALPlatform.sql | 27 + .../suseOVALPlatformVulnerablePackage.sql | 26 + .../tables/suseOVALVulnerablePackage.sql | 27 + schema/spacewalk/common/tables/tables.deps | 549 +++++++++--------- 4 files changed, 356 insertions(+), 273 deletions(-) create mode 100644 schema/spacewalk/common/tables/suseOVALPlatform.sql create mode 100644 schema/spacewalk/common/tables/suseOVALPlatformVulnerablePackage.sql create mode 100644 schema/spacewalk/common/tables/suseOVALVulnerablePackage.sql diff --git a/schema/spacewalk/common/tables/suseOVALPlatform.sql b/schema/spacewalk/common/tables/suseOVALPlatform.sql new file mode 100644 index 000000000000..124d3498e9d2 --- /dev/null +++ b/schema/spacewalk/common/tables/suseOVALPlatform.sql @@ -0,0 +1,27 @@ +-- +-- Copyright (c) 2023 SUSE LLC +-- +-- This software is licensed to you under the GNU General Public License, +-- version 2 (GPLv2). There is NO WARRANTY for this software, express or +-- implied, including the implied warranties of MERCHANTABILITY or FITNESS +-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 +-- along with this software; if not, see +-- http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. +-- +-- Red Hat trademarks are not licensed under GPLv2. No permission is +-- granted to use or replicate Red Hat trademarks that are incorporated +-- in this software or its documentation. +-- + +CREATE TABLE suseOVALPlatform +( + id NUMERIC NOT NULL + CONSTRAINT suse_oval_platform_id_pk PRIMARY KEY, + cpe VARCHAR +); + + +CREATE SEQUENCE suse_oval_platform_id_seq START WITH 101; + +CREATE UNIQUE INDEX suse_oval_aff_platform_cpe_uq + ON suseovalplatform(cpe); \ No newline at end of file diff --git a/schema/spacewalk/common/tables/suseOVALPlatformVulnerablePackage.sql b/schema/spacewalk/common/tables/suseOVALPlatformVulnerablePackage.sql new file mode 100644 index 000000000000..e3b3b74f00de --- /dev/null +++ b/schema/spacewalk/common/tables/suseOVALPlatformVulnerablePackage.sql @@ -0,0 +1,26 @@ +-- +-- Copyright (c) 2023 SUSE LLC +-- +-- This software is licensed to you under the GNU General Public License, +-- version 2 (GPLv2). There is NO WARRANTY for this software, express or +-- implied, including the implied warranties of MERCHANTABILITY or FITNESS +-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 +-- along with this software; if not, see +-- http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. +-- +-- Red Hat trademarks are not licensed under GPLv2. No permission is +-- granted to use or replicate Red Hat trademarks that are incorporated +-- in this software or its documentation. +-- + + +CREATE TABLE suseOVALPlatformVulnerablePackage +( + platform_id NUMERIC NOT NULL + REFERENCES suseOVALPlatform (id), + cve_id NUMERIC NOT NULL + REFERENCES rhnCve (id), + vulnerable_pkg_id NUMERIC + REFERENCES suseOVALVulnerablePackage (id), + CONSTRAINT suse_oval_platform_vulnerable_pkg_id_pk PRIMARY KEY (platform_id, cve_id, vulnerable_pkg_id) +); \ No newline at end of file diff --git a/schema/spacewalk/common/tables/suseOVALVulnerablePackage.sql b/schema/spacewalk/common/tables/suseOVALVulnerablePackage.sql new file mode 100644 index 000000000000..d2aab243d13a --- /dev/null +++ b/schema/spacewalk/common/tables/suseOVALVulnerablePackage.sql @@ -0,0 +1,27 @@ +-- +-- Copyright (c) 2023 SUSE LLC +-- +-- This software is licensed to you under the GNU General Public License, +-- version 2 (GPLv2). There is NO WARRANTY for this software, express or +-- implied, including the implied warranties of MERCHANTABILITY or FITNESS +-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 +-- along with this software; if not, see +-- http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. +-- +-- Red Hat trademarks are not licensed under GPLv2. No permission is +-- granted to use or replicate Red Hat trademarks that are incorporated +-- in this software or its documentation. +-- + +CREATE TABLE suseOVALVulnerablePackage +( + id NUMERIC NOT NULL + CONSTRAINT suse_oval_vulnerable_pkg_id_pk PRIMARY KEY, + name VARCHAR NOT NULL, + fix_version VARCHAR +); + + +CREATE SEQUENCE suse_oval_vulnerable_pkg_id_seq START WITH 301; + +CREATE INDEX suse_oval_vulnerable_pkg_name_fix_version ON suseOVALVulnerablePackage(name, fix_version); \ No newline at end of file diff --git a/schema/spacewalk/common/tables/tables.deps b/schema/spacewalk/common/tables/tables.deps index 11c648615e66..af3be4e45e41 100644 --- a/schema/spacewalk/common/tables/tables.deps +++ b/schema/spacewalk/common/tables/tables.deps @@ -15,277 +15,280 @@ path = . class -log :: web_contact_all -PXTSessions :: web_contact -rhnAction :: rhnActionType web_customer web_contact -rhnActionApplyStates :: rhnAction -rhnActionApplyStatesResult :: rhnActionApplyStates rhnServer -rhnActionImageBuild :: rhnAction suseImageProfile -rhnActionImageBuildResult :: rhnActionImageBuild rhnServer -rhnActionInspect :: rhnAction suseImageStore -rhnActionImageInspectResult :: rhnActionInspect rhnServer -rhnActionScript :: rhnAction -rhnActionConfigChannel :: rhnServerAction rhnConfigChannel -rhnActionConfigDate :: rhnAction -rhnActionConfigDateFile :: rhnAction -rhnActionConfigFileName :: rhnServerAction rhnConfigFileName rhnConfigFileFailure \ - rhnConfigRevision -rhnActionConfigRevision :: rhnAction rhnServer rhnConfigRevision rhnConfigFileFailure -rhnActionConfigRevisionResult :: rhnActionConfigRevision -rhnActionDaemonConfig :: rhnAction -rhnActionDup :: rhnAction rhnServer -rhnActionDupChannel :: rhnAction rhnChannel -rhnActionDupProduct :: rhnAction suseProducts -rhnActionErrataUpdate :: rhnAction rhnErrata -rhnActionImageDeploy :: rhnAction -rhnActionKickstart :: rhnAction rhnKickstartableTree -rhnActionKickstartFileList :: rhnActionKickstart rhnFileList -rhnActionKickstartGuest :: rhnActionKickstart rhnKickstartSession rhnKickstartableTree -rhnActionPackage :: rhnPackage rhnPackageName rhnPackageArch rhnAction -rhnActionPackageAnswerfile :: rhnActionPackage -rhnActionPackageDelta :: rhnPackageDelta -rhnActionPackageRemovalFailure :: rhnServer rhnAction rhnPackageName \ - rhnPackageEVR rhnPackageCapability -rhnActivationKey :: rhnRegToken rhnKickstartSession -rhnArchTypeActions :: rhnArchType rhnActionType -rhnChannel :: web_customer rhnChannelArch rhnChannelProduct \ - rhnProductName rhnChecksum -rhnChannelArch :: rhnArchType -rhnChannelComps :: rhnChannel rhnCompsType -rhnChannelCloned :: rhnChannelComps -rhnChannelErrata :: rhnChannel rhnErrata -rhnChannelFamily :: web_customer -rhnChannelFamilyMembers :: rhnChannel rhnChannelFamily -rhnPrivateChannelFamily :: web_customer rhnChannelFamily -rhnPublicChannelFamily :: rhnChannelFamily -rhnChannelPackage :: rhnChannel rhnPackage -rhnChannelPackageArchCompat :: rhnPackageArch rhnChannelArch -rhnChannelPermission :: rhnChannelPermissionRole rhnChannel web_contact -rhnChannelTrust :: rhnChannel -rhnChannelContentSource :: rhnChannel rhnContentSourceType rhnContentSource -rhnChecksum :: rhnChecksumType -rhnClientCapability :: rhnClientCapabilityName -rhnConfigContent :: rhnChecksum -rhnConfigFile :: rhnConfigChannel rhnConfigFileState rhnConfigFileName -rhnConfigFile_foreignkeys :: rhnConfigRevision -rhnConfigChannel :: web_customer rhnConfigChannelType -rhnConfigRevision :: rhnConfigFile rhnConfigInfo rhnConfigContent rhnConfigFileType -rhnContentSourceSsl :: rhnContentSource rhnCryptoKey -rhnCpu :: rhnServer rhnCpuArch -rhnCryptoKey :: rhnCryptoKeyType -rhnCryptoKeyKickstart :: rhnCryptoKey rhnKSData -rhnDevice :: rhnServer -rhnDistChannelMap :: rhnChannel rhnChannelArch -rhnErrata :: rhnChecksum web_customer rhnErrataSeverity -rhnErrataBuglist :: rhnErrata -rhnErrataCVE :: rhnErrata rhnCVE -rhnErrataFile :: rhnChecksum rhnErrata rhnErrataFileType -rhnErrataFileChannel :: rhnChannel rhnErrataFile rhnChannelErrata -rhnErrataFilePackage :: rhnPackage rhnErrataFile rhnErrataPackage -rhnErrataFilePackageSource :: rhnErrataFile rhnPackageSource rhnErrataPackage -rhnErrataKeyword :: rhnErrata -rhnErrataPackage :: rhnPackage rhnErrata -rhnFile :: web_customer rhnChecksum -rhnFileLocation :: rhnFile -rhnImageNeededCache :: web_customer suseImageInfo rhnErrata rhnChannel -rhnKSData :: web_customer -rhnKickstartableTree :: rhnChannel rhnKSTreeType web_customer \ - rhnKSInstallType -rhnKickstartCommand :: rhnKSData rhnKickstartCommandName -rhnKickstartDefaults :: rhnKSData rhnKickstartableTree rhnServerProfile \ - rhnKickstartVirtualizationType -rhnKickstartDefaultRegToken :: rhnKSData rhnRegToken -rhnKickstartPreserveFileList :: rhnKSData rhnFileList -rhnKickstartScript :: rhnKSData -rhnKickstartSession :: rhnKSData web_customer rhnServer rhnAction \ - rhnKickstartSessionState rhnServerProfile \ - rhnKickstartVirtualizationType -rhnKickstartSessionHistory :: rhnKickstartSession rhnKickstartSessionState -rhnKSTreeFile :: rhnKickstartableTree rhnChannelErrata rhnErrata \ - rhnChecksum -rhnKickstartTimezone :: rhnKSInstallType -rhnServerNetAddress4 :: rhnServerNetInterface -rhnServerNetAddress6 :: rhnServerNetInterface -rhnOrgChannelSettings :: web_customer rhnChannel rhnOrgChannelSettingsType -rhnOrgErrataCacheQueue :: web_customer -rhnOrgExtGroupMapping :: rhnUserExtGroup rhnServerGroup -rhnPackage :: rhnPackageName rhnPackageEVR rhnPackageArch \ - rhnPackageGroup rhnSourceRPM web_customer \ - rhnChecksum -rhnPackageArch :: rhnArchType -rhnPackageDeltaElement :: rhnPackageDelta rhnTransactionPackage -rhnPackageEVR :: evr_t -rhnPackageChangeLogRec :: rhnPackage rhnPackageChangeLogData -rhnPackageConflicts :: rhnPackage rhnPackageCapability -rhnPackageFile :: rhnChecksum rhnPackage rhnPackageCapability -rhnPackageKeyAssociation :: rhnPackageKey rhnPackage -rhnPackageKey :: rhnPackageKeyType rhnPackageProvider -rhnPackageObsoletes :: rhnPackage rhnPackageCapability -rhnPackageNEVRA :: rhnPackageName rhnPackageEVR rhnPackageArch -rhnPackageProvides :: rhnPackage rhnPackageCapability -rhnPackageRequires :: rhnPackage rhnPackageCapability -rhnPackageSuggests :: rhnPackage rhnPackageCapability -rhnPackageSupplements :: rhnPackage rhnPackageCapability -rhnPackageEnhances :: rhnPackage rhnPackageCapability -rhnPackageRecommends :: rhnPackage rhnPackageCapability -rhnPackageBreaks :: rhnPackage rhnPackageCapability -rhnPackagePredepends :: rhnPackage rhnPackageCapability -rhnPackageSource :: web_customer rhnSourceRPM rhnFile rhnPackageGroup \ - rhnChecksum -rhnPackageSyncBlacklist :: rhnPackageName web_customer -rhnPackageExtraTagKey :: rhnPackage -rhnPackageExtraTag :: rhnPackage rhnPackageExtraTagKey -rhnProxyInfo :: rhnServer -rhnPushClient :: rhnServer rhnPushClientState -rhnRam :: rhnServer -rhnRegToken :: rhnServerGroupType suseServerContactMethod -rhnRegTokenChannels :: rhnRegToken rhnChannel -rhnRegTokenConfigChannels :: rhnRegToken rhnConfigChannel -rhnRegTokenEntitlement :: rhnRegToken rhnServerGroupType -rhnRegTokenGroups :: rhnRegToken rhnServerGroup -rhnRegTokenPackages :: rhnRegToken rhnPackageName +log :: web_contact_all +PXTSessions :: web_contact +rhnAction :: rhnActionType web_customer web_contact +rhnActionApplyStates :: rhnAction +rhnActionApplyStatesResult :: rhnActionApplyStates rhnServer +rhnActionImageBuild :: rhnAction suseImageProfile +rhnActionImageBuildResult :: rhnActionImageBuild rhnServer +rhnActionInspect :: rhnAction suseImageStore +rhnActionImageInspectResult :: rhnActionInspect rhnServer +rhnActionScript :: rhnAction +rhnActionConfigChannel :: rhnServerAction rhnConfigChannel +rhnActionConfigDate :: rhnAction +rhnActionConfigDateFile :: rhnAction +rhnActionConfigFileName :: rhnServerAction rhnConfigFileName rhnConfigFileFailure \ + rhnConfigRevision +rhnActionConfigRevision :: rhnAction rhnServer rhnConfigRevision rhnConfigFileFailure +rhnActionConfigRevisionResult :: rhnActionConfigRevision +rhnActionDaemonConfig :: rhnAction +rhnActionDup :: rhnAction rhnServer +rhnActionDupChannel :: rhnAction rhnChannel +rhnActionDupProduct :: rhnAction suseProducts +rhnActionErrataUpdate :: rhnAction rhnErrata +rhnActionImageDeploy :: rhnAction +rhnActionKickstart :: rhnAction rhnKickstartableTree +rhnActionKickstartFileList :: rhnActionKickstart rhnFileList +rhnActionKickstartGuest :: rhnActionKickstart rhnKickstartSession rhnKickstartableTree +rhnActionPackage :: rhnPackage rhnPackageName rhnPackageArch rhnAction +rhnActionPackageAnswerfile :: rhnActionPackage +rhnActionPackageDelta :: rhnPackageDelta +rhnActionPackageRemovalFailure :: rhnServer rhnAction rhnPackageName \ + rhnPackageEVR rhnPackageCapability +rhnActivationKey :: rhnRegToken rhnKickstartSession +rhnArchTypeActions :: rhnArchType rhnActionType +rhnChannel :: web_customer rhnChannelArch rhnChannelProduct \ + rhnProductName rhnChecksum +rhnChannelArch :: rhnArchType +rhnChannelComps :: rhnChannel rhnCompsType +rhnChannelCloned :: rhnChannelComps +rhnChannelErrata :: rhnChannel rhnErrata +rhnChannelFamily :: web_customer +rhnChannelFamilyMembers :: rhnChannel rhnChannelFamily +rhnPrivateChannelFamily :: web_customer rhnChannelFamily +rhnPublicChannelFamily :: rhnChannelFamily +rhnChannelPackage :: rhnChannel rhnPackage +rhnChannelPackageArchCompat :: rhnPackageArch rhnChannelArch +rhnChannelPermission :: rhnChannelPermissionRole rhnChannel web_contact +rhnChannelTrust :: rhnChannel +rhnChannelContentSource :: rhnChannel rhnContentSourceType rhnContentSource +rhnChecksum :: rhnChecksumType +rhnClientCapability :: rhnClientCapabilityName +rhnConfigContent :: rhnChecksum +rhnConfigFile :: rhnConfigChannel rhnConfigFileState rhnConfigFileName +rhnConfigFile_foreignkeys :: rhnConfigRevision +rhnConfigChannel :: web_customer rhnConfigChannelType +rhnConfigRevision :: rhnConfigFile rhnConfigInfo rhnConfigContent rhnConfigFileType +rhnContentSourceSsl :: rhnContentSource rhnCryptoKey +rhnCpu :: rhnServer rhnCpuArch +rhnCryptoKey :: rhnCryptoKeyType +rhnCryptoKeyKickstart :: rhnCryptoKey rhnKSData +rhnDevice :: rhnServer +rhnDistChannelMap :: rhnChannel rhnChannelArch +rhnErrata :: rhnChecksum web_customer rhnErrataSeverity +rhnErrataBuglist :: rhnErrata +rhnErrataCVE :: rhnErrata rhnCVE +rhnErrataFile :: rhnChecksum rhnErrata rhnErrataFileType +rhnErrataFileChannel :: rhnChannel rhnErrataFile rhnChannelErrata +rhnErrataFilePackage :: rhnPackage rhnErrataFile rhnErrataPackage +rhnErrataFilePackageSource :: rhnErrataFile rhnPackageSource rhnErrataPackage +rhnErrataKeyword :: rhnErrata +rhnErrataPackage :: rhnPackage rhnErrata +rhnFile :: web_customer rhnChecksum +rhnFileLocation :: rhnFile +rhnImageNeededCache :: web_customer suseImageInfo rhnErrata rhnChannel +rhnKSData :: web_customer +rhnKickstartableTree :: rhnChannel rhnKSTreeType web_customer \ + rhnKSInstallType +rhnKickstartCommand :: rhnKSData rhnKickstartCommandName +rhnKickstartDefaults :: rhnKSData rhnKickstartableTree rhnServerProfile \ + rhnKickstartVirtualizationType +rhnKickstartDefaultRegToken :: rhnKSData rhnRegToken +rhnKickstartPreserveFileList :: rhnKSData rhnFileList +rhnKickstartScript :: rhnKSData +rhnKickstartSession :: rhnKSData web_customer rhnServer rhnAction \ + rhnKickstartSessionState rhnServerProfile \ + rhnKickstartVirtualizationType +rhnKickstartSessionHistory :: rhnKickstartSession rhnKickstartSessionState +rhnKSTreeFile :: rhnKickstartableTree rhnChannelErrata rhnErrata \ + rhnChecksum +rhnKickstartTimezone :: rhnKSInstallType +rhnServerNetAddress4 :: rhnServerNetInterface +rhnServerNetAddress6 :: rhnServerNetInterface +rhnOrgChannelSettings :: web_customer rhnChannel rhnOrgChannelSettingsType +rhnOrgErrataCacheQueue :: web_customer +rhnOrgExtGroupMapping :: rhnUserExtGroup rhnServerGroup +rhnPackage :: rhnPackageName rhnPackageEVR rhnPackageArch \ + rhnPackageGroup rhnSourceRPM web_customer \ + rhnChecksum +rhnPackageArch :: rhnArchType +rhnPackageDeltaElement :: rhnPackageDelta rhnTransactionPackage +rhnPackageEVR :: evr_t +rhnPackageChangeLogRec :: rhnPackage rhnPackageChangeLogData +rhnPackageConflicts :: rhnPackage rhnPackageCapability +rhnPackageFile :: rhnChecksum rhnPackage rhnPackageCapability +rhnPackageKeyAssociation :: rhnPackageKey rhnPackage +rhnPackageKey :: rhnPackageKeyType rhnPackageProvider +rhnPackageObsoletes :: rhnPackage rhnPackageCapability +rhnPackageNEVRA :: rhnPackageName rhnPackageEVR rhnPackageArch +rhnPackageProvides :: rhnPackage rhnPackageCapability +rhnPackageRequires :: rhnPackage rhnPackageCapability +rhnPackageSuggests :: rhnPackage rhnPackageCapability +rhnPackageSupplements :: rhnPackage rhnPackageCapability +rhnPackageEnhances :: rhnPackage rhnPackageCapability +rhnPackageRecommends :: rhnPackage rhnPackageCapability +rhnPackageBreaks :: rhnPackage rhnPackageCapability +rhnPackagePredepends :: rhnPackage rhnPackageCapability +rhnPackageSource :: web_customer rhnSourceRPM rhnFile rhnPackageGroup \ + rhnChecksum +rhnPackageSyncBlacklist :: rhnPackageName web_customer +rhnPackageExtraTagKey :: rhnPackage +rhnPackageExtraTag :: rhnPackage rhnPackageExtraTagKey +rhnProxyInfo :: rhnServer +rhnPushClient :: rhnServer rhnPushClientState +rhnRam :: rhnServer +rhnRegToken :: rhnServerGroupType suseServerContactMethod +rhnRegTokenChannels :: rhnRegToken rhnChannel +rhnRegTokenConfigChannels :: rhnRegToken rhnConfigChannel +rhnRegTokenEntitlement :: rhnRegToken rhnServerGroupType +rhnRegTokenGroups :: rhnRegToken rhnServerGroup +rhnRegTokenPackages :: rhnRegToken rhnPackageName -rhnServer :: rhnServerArch web_contact web_customer \ - rhnProvisionState suseServerContactMethod \ - suseMaintenanceSchedule -rhnServerAction :: rhnServer rhnAction rhnActionStatus -rhnServerActionPackageResult :: rhnActionPackage -rhnServerActionScriptResult :: rhnActionScript rhnServer -rhnServerArch :: rhnArchType -rhnServerChannel :: rhnServer rhnChannel -rhnServerChannelArchCompat :: rhnServerArch rhnChannelArch -rhnServerConfigChannel :: rhnServer rhnConfigChannel -rhnServerCustomDataValue :: rhnCustomDataKey -rhnServerDMI :: rhnServer -rhnServerFQDN :: rhnServer -rhnServerGroup :: rhnServerGroupType web_customer -rhnServerGroupMembers :: rhnServer rhnServerGroup -rhnServerGroupTypeFeature :: rhnFeature rhnServerGroupType -rhnServerHistory :: rhnServer -rhnServerInfo :: rhnServer -rhnServerUuid :: rhnServer -rhnServerInstallInfo :: rhnServer -rhnServerLocation :: rhnServer -rhnServerNeededCache :: web_customer rhnServer rhnErrata rhnChannel -rhnServerNotes :: rhnServer web_contact -rhnServerPackage :: rhnServer rhnPackageArch rhnPackageName rhnPackageEVR -rhnServerPackageArchCompat :: rhnPackageArch rhnServerArch -rhnServerPath :: rhnServer -rhnServerPreserveFileList :: rhnServer rhnFileList -rhnServerProfile :: web_customer rhnChannel rhnServerProfileType -rhnServerProfilePackage :: rhnServerProfile rhnPackageName rhnPackageEVR -rhnServerTokenRegs :: rhnRegToken rhnServer -rhnServerServerGroupArchCompat :: rhnServerGroupType rhnServerArch -rhnSet :: web_contact -rhnSGTypeBaseAddonCompat :: rhnServerGroupType -rhnSnapshot :: web_customer rhnSnapshotInvalidReason -rhnSnapshotChannel :: rhnSnapshot rhnChannel -rhnSnapshotConfigChannel :: rhnSnapshot rhnConfigChannel -rhnSnapshotConfigRevision :: rhnSnapshot rhnConfigRevision -rhnSnapshotPackage :: rhnSnapshot -rhnSnapshotServerGroup :: rhnServerGroup rhnSnapshot -rhnSnapshotTag :: rhnSnapshot rhnTag -rhnSsmOperationServer :: rhnSsmOperation -rhnTag :: rhnTagName web_customer -rhnTaskoRun :: rhnTaskoTemplate rhnTaskoSchedule -rhnTaskoSchedule :: rhnTaskoBunch -rhnTaskoTemplate :: rhnTaskoBunch rhnTaskoTask -rhnTransactionPackage :: rhnTransactionOperation rhnPackageArch \ - rhnPackageEVR rhnPackageName -rhnUserExtGroup :: web_customer -rhnUserExtGroupMapping :: rhnUserExtGroup rhnUserGroupType -rhnUserGroupMembers :: web_contact rhnUserGroup -rhnUserGroup :: web_customer rhnUserGroupType -rhnUserInfo :: web_contact rhnTimezone -rhnUserInfoPane :: rhnInfoPane web_contact -rhnUserServerGroupPerms :: web_contact rhnServerGroup -rhnUserServerPerms :: web_contact rhnServer -rhnUserServerPrefs :: web_contact rhnServer -rhnVersionInfo :: rhnPackageName rhnPackageEVR -rhnVirtualInstance :: rhnServer -rhnVirtualInstanceInfo :: rhnVirtualInstance rhnVirtualInstanceType \ - rhnVirtualInstanceState -rhnVirtualInstanceInstallLog :: rhnKickstartSession -rhnVirtualInstanceEventLog :: rhnVirtualInstance rhnVirtualInstanceEventType \ - rhnVirtualInstanceState -rhnVisibleObjects :: PXTSessions -rhnWebContactChangeLog :: rhnWebContactChangeState -rhnActionChain :: web_contact -rhnActionChainEntry :: rhnActionChain rhnAction rhnServer -rhnActionSubChannels :: rhnAction rhnChannel -rhnActionSubChannelsList :: rhnActionSubChannels rhnChannel -rhnActionSubChannelsTokens :: suseChannelAccessToken rhnActionSubChannels -suseChannelAccessToken :: suseMinionInfo -suseChannelAccessTokenChannel :: suseChannelAccessToken rhnChannel -suseContentProject :: web_customer -suseContentProject_alters :: suseContentEnvironment -suseContentProjectSource :: suseContentProject rhnChannel -suseContentProjectHistoryEntry :: suseContentProject web_contact -suseContentFilter :: web_customer -suseContentFilterProject :: suseContentProject suseContentFilter -suseContentEnvironment :: suseContentProject -suseContentEnvironmentTarget :: suseContentEnvironment rhnChannel -suseCredentials :: suseCredentialsType web_contact susePaygSshData -suseCloudRmtHost :: susePaygSshData -suseCVEImageChannel :: suseImageInfo rhnChannel -suseCVEServerChannel :: rhnServer rhnChannel -suseDockerfileProfile :: suseImageProfile -suseKiwiProfile :: suseImageProfile -suseProfileCustomDataValue :: rhnCustomDataKey suseImageProfile web_contact -suseImageCustomDataValue :: rhnCustomDataKey suseImageInfo web_contact -suseImageInfo :: rhnServerAction suseImageProfile suseImageStore suseMinionInfo \ - rhnChecksum suseSaltPillar -suseImageInfoPackage :: suseImageInfo rhnPackageName rhnPackageEVR rhnPackageArch -suseImageInfoChannel :: suseImageInfo rhnChannel -suseImageInfoInstalledProduct :: suseInstalledProduct suseImageInfo -suseImageProfile :: rhnRegTokenChannels web_customer suseImageStore -suseImageStore :: suseCredentials web_customer suseImageStoreType -suseMaintenanceCalendar :: web_customer -suseMaintenanceSchedule :: web_customer suseMaintenanceCalendar -suseMgrServerInfo :: rhnServer rhnPackageEVR suseCredentials -suseMinionInfo :: rhnServer -suseInstalledProduct :: rhnPackageArch -suseMdData :: rhnChannel rhnPackage suseMdKeyword -susePackageEula :: rhnPackage suseEula -susePackageProductFile :: suseProductFile rhnPackage -susePackageState :: rhnPackageName rhnPackageEVR rhnPackageArch suseStateRevision \ - susePackageStateType suseVersionConstraintType -suseProducts :: rhnPackageArch rhnChannelFamily -suseProductChannel :: suseProducts rhnChannel -suseProductExtension :: suseProducts -suseProductSCCRepository :: suseProducts suseSCCRepository -suseSaltPillar :: rhnServer rhnServerGroup web_customer -suseSCCOrderItem :: suseCredentials -suseSCCRegCache :: suseCredentials rhnServer -suseSCCRepositoryAuth :: suseCredentials rhnContentSource -suseSCCSubscription :: suseCredentials -suseSCCSubscriptionProduct :: suseSCCSubscription suseProducts -suseServerInstalledProduct :: rhnServer suseInstalledProduct -suseServerStateRevision :: rhnServer suseStateRevision -susePinnedSubscription :: rhnServer -suseStateRevision :: web_contact -suseUpgradePath :: suseProducts -suseServerVirtualHostManager :: rhnServer suseVirtualHostManager suseVirtualHostManagerNodeInfo -suseVHMConfig :: suseVirtualHostManager -suseVirtualHostManager :: web_customer suseCredentials rhnServerGroup -suseServerGroupStateRevision :: rhnServerGroup suseStateRevision -suseOrgStateRevision :: web_customer suseStateRevision -web_contact :: web_customer -web_contact_all :: web_contact -web_user_contact_permission :: web_contact -web_user_site_info :: web_contact web_user_site_type -web_user_personal_info :: web_contact web_user_prefix -rhnActionScap :: rhnAction -rhnXccdfIdent :: rhnXccdfIdentSystem -rhnXccdfRuleresult :: rhnXccdfTestresult rhnXccdfIdent rhnXccdfRuleresultType -rhnXccdfTestresult :: rhnServer rhnActionScap rhnXccdfBenchmark rhnXccdfProfile -rhnXccdfRuleIdentMap :: rhnXccdfRuleresult -rhnISSSlaveOrgs :: rhnISSSlave web_customer -rhnISSMasterOrgs :: rhnISSMaster web_customer -rhnChildChannelArchCompat :: rhnChannelArch -rhnResetPassword :: web_contact -suseUserNotification :: suseNotificationMessage web_contact -suseRecurringAction :: web_customer web_contact rhnServerGroup suseMinionInfo -suseAnsiblePath :: rhnServer -rhnActionPlaybook :: rhnAction -susePaygDimensionResult :: billing_dimension_t susePaygDimensionComputation +rhnServer :: rhnServerArch web_contact web_customer \ + rhnProvisionState suseServerContactMethod \ + suseMaintenanceSchedule +rhnServerAction :: rhnServer rhnAction rhnActionStatus +rhnServerActionPackageResult :: rhnActionPackage +rhnServerActionScriptResult :: rhnActionScript rhnServer +rhnServerArch :: rhnArchType +rhnServerChannel :: rhnServer rhnChannel +rhnServerChannelArchCompat :: rhnServerArch rhnChannelArch +rhnServerConfigChannel :: rhnServer rhnConfigChannel +rhnServerCustomDataValue :: rhnCustomDataKey +rhnServerDMI :: rhnServer +rhnServerFQDN :: rhnServer +rhnServerGroup :: rhnServerGroupType web_customer +rhnServerGroupMembers :: rhnServer rhnServerGroup +rhnServerGroupTypeFeature :: rhnFeature rhnServerGroupType +rhnServerHistory :: rhnServer +rhnServerInfo :: rhnServer +rhnServerUuid :: rhnServer +rhnServerInstallInfo :: rhnServer +rhnServerLocation :: rhnServer +rhnServerNeededCache :: web_customer rhnServer rhnErrata rhnChannel +rhnServerNotes :: rhnServer web_contact +rhnServerPackage :: rhnServer rhnPackageArch rhnPackageName rhnPackageEVR +rhnServerPackageArchCompat :: rhnPackageArch rhnServerArch +rhnServerPath :: rhnServer +rhnServerPreserveFileList :: rhnServer rhnFileList +rhnServerProfile :: web_customer rhnChannel rhnServerProfileType +rhnServerProfilePackage :: rhnServerProfile rhnPackageName rhnPackageEVR +rhnServerTokenRegs :: rhnRegToken rhnServer +rhnServerServerGroupArchCompat :: rhnServerGroupType rhnServerArch +rhnSet :: web_contact +rhnSGTypeBaseAddonCompat :: rhnServerGroupType +rhnSnapshot :: web_customer rhnSnapshotInvalidReason +rhnSnapshotChannel :: rhnSnapshot rhnChannel +rhnSnapshotConfigChannel :: rhnSnapshot rhnConfigChannel +rhnSnapshotConfigRevision :: rhnSnapshot rhnConfigRevision +rhnSnapshotPackage :: rhnSnapshot +rhnSnapshotServerGroup :: rhnServerGroup rhnSnapshot +rhnSnapshotTag :: rhnSnapshot rhnTag +rhnSsmOperationServer :: rhnSsmOperation +rhnTag :: rhnTagName web_customer +rhnTaskoRun :: rhnTaskoTemplate rhnTaskoSchedule +rhnTaskoSchedule :: rhnTaskoBunch +rhnTaskoTemplate :: rhnTaskoBunch rhnTaskoTask +rhnTransactionPackage :: rhnTransactionOperation rhnPackageArch \ + rhnPackageEVR rhnPackageName +rhnUserExtGroup :: web_customer +rhnUserExtGroupMapping :: rhnUserExtGroup rhnUserGroupType +rhnUserGroupMembers :: web_contact rhnUserGroup +rhnUserGroup :: web_customer rhnUserGroupType +rhnUserInfo :: web_contact rhnTimezone +rhnUserInfoPane :: rhnInfoPane web_contact +rhnUserServerGroupPerms :: web_contact rhnServerGroup +rhnUserServerPerms :: web_contact rhnServer +rhnUserServerPrefs :: web_contact rhnServer +rhnVersionInfo :: rhnPackageName rhnPackageEVR +rhnVirtualInstance :: rhnServer +rhnVirtualInstanceInfo :: rhnVirtualInstance rhnVirtualInstanceType \ + rhnVirtualInstanceState +rhnVirtualInstanceInstallLog :: rhnKickstartSession +rhnVirtualInstanceEventLog :: rhnVirtualInstance rhnVirtualInstanceEventType \ + rhnVirtualInstanceState +rhnVisibleObjects :: PXTSessions +rhnWebContactChangeLog :: rhnWebContactChangeState +rhnActionChain :: web_contact +rhnActionChainEntry :: rhnActionChain rhnAction rhnServer +rhnActionSubChannels :: rhnAction rhnChannel +rhnActionSubChannelsList :: rhnActionSubChannels rhnChannel +rhnActionSubChannelsTokens :: suseChannelAccessToken rhnActionSubChannels +suseChannelAccessToken :: suseMinionInfo +suseChannelAccessTokenChannel :: suseChannelAccessToken rhnChannel +suseContentProject :: web_customer +suseContentProject_alters :: suseContentEnvironment +suseContentProjectSource :: suseContentProject rhnChannel +suseContentProjectHistoryEntry :: suseContentProject web_contact +suseContentFilter :: web_customer +suseContentFilterProject :: suseContentProject suseContentFilter +suseContentEnvironment :: suseContentProject +suseContentEnvironmentTarget :: suseContentEnvironment rhnChannel +suseCredentials :: suseCredentialsType web_contact susePaygSshData +suseCloudRmtHost :: susePaygSshData +suseCVEImageChannel :: suseImageInfo rhnChannel +suseCVEServerChannel :: rhnServer rhnChannel +suseDockerfileProfile :: suseImageProfile +suseKiwiProfile :: suseImageProfile +suseProfileCustomDataValue :: rhnCustomDataKey suseImageProfile web_contact +suseImageCustomDataValue :: rhnCustomDataKey suseImageInfo web_contact +suseImageInfo :: rhnServerAction suseImageProfile suseImageStore suseMinionInfo \ + rhnChecksum suseSaltPillar +suseImageInfoPackage :: suseImageInfo rhnPackageName rhnPackageEVR rhnPackageArch +suseImageInfoChannel :: suseImageInfo rhnChannel +suseImageInfoInstalledProduct :: suseInstalledProduct suseImageInfo +suseImageProfile :: rhnRegTokenChannels web_customer suseImageStore +suseImageStore :: suseCredentials web_customer suseImageStoreType +suseMaintenanceCalendar :: web_customer +suseMaintenanceSchedule :: web_customer suseMaintenanceCalendar +suseMgrServerInfo :: rhnServer rhnPackageEVR suseCredentials +suseMinionInfo :: rhnServer +suseInstalledProduct :: rhnPackageArch +suseMdData :: rhnChannel rhnPackage suseMdKeyword +suseOVALPlatform :: +suseOVALPlatformVulnerablePackage :: suseOVALPlatform rhnCVE suseOVALVulnerablePackage +suseOVALVulnerablePackage :: +susePackageEula :: rhnPackage suseEula +susePackageProductFile :: suseProductFile rhnPackage +susePackageState :: rhnPackageName rhnPackageEVR rhnPackageArch suseStateRevision \ + susePackageStateType suseVersionConstraintType +suseProducts :: rhnPackageArch rhnChannelFamily +suseProductChannel :: suseProducts rhnChannel +suseProductExtension :: suseProducts +suseProductSCCRepository :: suseProducts suseSCCRepository +suseSaltPillar :: rhnServer rhnServerGroup web_customer +suseSCCOrderItem :: suseCredentials +suseSCCRegCache :: suseCredentials rhnServer +suseSCCRepositoryAuth :: suseCredentials rhnContentSource +suseSCCSubscription :: suseCredentials +suseSCCSubscriptionProduct :: suseSCCSubscription suseProducts +suseServerInstalledProduct :: rhnServer suseInstalledProduct +suseServerStateRevision :: rhnServer suseStateRevision +susePinnedSubscription :: rhnServer +suseStateRevision :: web_contact +suseUpgradePath :: suseProducts +suseServerVirtualHostManager :: rhnServer suseVirtualHostManager suseVirtualHostManagerNodeInfo +suseVHMConfig :: suseVirtualHostManager +suseVirtualHostManager :: web_customer suseCredentials rhnServerGroup +suseServerGroupStateRevision :: rhnServerGroup suseStateRevision +suseOrgStateRevision :: web_customer suseStateRevision +web_contact :: web_customer +web_contact_all :: web_contact +web_user_contact_permission :: web_contact +web_user_site_info :: web_contact web_user_site_type +web_user_personal_info :: web_contact web_user_prefix +rhnActionScap :: rhnAction +rhnXccdfIdent :: rhnXccdfIdentSystem +rhnXccdfRuleresult :: rhnXccdfTestresult rhnXccdfIdent rhnXccdfRuleresultType +rhnXccdfTestresult :: rhnServer rhnActionScap rhnXccdfBenchmark rhnXccdfProfile +rhnXccdfRuleIdentMap :: rhnXccdfRuleresult +rhnISSSlaveOrgs :: rhnISSSlave web_customer +rhnISSMasterOrgs :: rhnISSMaster web_customer +rhnChildChannelArchCompat :: rhnChannelArch +rhnResetPassword :: web_contact +suseUserNotification :: suseNotificationMessage web_contact +suseRecurringAction :: web_customer web_contact rhnServerGroup suseMinionInfo +suseAnsiblePath :: rhnServer +rhnActionPlaybook :: rhnAction +susePaygDimensionResult :: billing_dimension_t susePaygDimensionComputation From e3f67fdaa880d226622202eec8dd6140bbb5644b Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Mon, 11 Sep 2023 19:49:08 +0100 Subject: [PATCH 07/53] Add SQL migration scripts --- .../001-oval-add-tables.sql | 36 ++++++++++ .../002-store-vulnerable-packages.sql | 70 +++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/001-oval-add-tables.sql create mode 100644 schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/002-store-vulnerable-packages.sql diff --git a/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/001-oval-add-tables.sql b/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/001-oval-add-tables.sql new file mode 100644 index 000000000000..0543419f284b --- /dev/null +++ b/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/001-oval-add-tables.sql @@ -0,0 +1,36 @@ +CREATE TABLE IF NOT EXISTS suseOVALPlatform +( + id NUMERIC NOT NULL + CONSTRAINT suse_oval_platform_id_pk PRIMARY KEY, + cpe VARCHAR +); + +CREATE SEQUENCE IF NOT EXISTS suse_oval_platform_id_seq START WITH 101; + +CREATE UNIQUE INDEX IF NOT EXISTS suse_oval_aff_platform_cpe_uq + ON suseovalplatform(cpe); + +CREATE TABLE IF NOT EXISTS suseOVALVulnerablePackage +( + id NUMERIC NOT NULL + CONSTRAINT suse_oval_vulnerable_pkg_id_pk PRIMARY KEY, + name VARCHAR NOT NULL, + fix_version VARCHAR +); + +CREATE SEQUENCE IF NOT EXISTS suse_oval_vulnerable_pkg_id_seq START WITH 301; + + +CREATE TABLE IF NOT EXISTS suseOVALPlatformVulnerablePackage +( + platform_id NUMERIC NOT NULL + REFERENCES suseOVALPlatform (id), + cve_id NUMERIC NOT NULL + REFERENCES rhnCve (id), + vulnerable_pkg_id NUMERIC + REFERENCES suseOVALVulnerablePackage (id), + CONSTRAINT suse_oval_platform_vulnerable_pkg_id_pk PRIMARY KEY (platform_id, cve_id, vulnerable_pkg_id) +); + +ALTER TABLE rhnServer + ADD COLUMN IF NOT EXISTS cpe VARCHAR; \ No newline at end of file diff --git a/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/002-store-vulnerable-packages.sql b/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/002-store-vulnerable-packages.sql new file mode 100644 index 000000000000..c3878194a898 --- /dev/null +++ b/schema/spacewalk/upgrade/susemanager-schema-4.4.6-to-susemanager-schema-4.4.7/002-store-vulnerable-packages.sql @@ -0,0 +1,70 @@ +CREATE TABLE IF NOT EXISTS suseOVALVulnerablePackage +( + id NUMERIC NOT NULL + CONSTRAINT suse_oval_vulnerable_pkg_id_pk PRIMARY KEY, + name VARCHAR NOT NULL, + fix_version VARCHAR +); + +CREATE SEQUENCE IF NOT EXISTS suse_oval_vulnerable_pkg_id_seq START WITH 301; + +CREATE UNIQUE INDEX IF NOT EXISTS suse_oval_vulnerable_pkg_name_fix_version ON suseOVALVulnerablePackage(name, fix_version); + +CREATE TABLE IF NOT EXISTS suseOVALPlatformVulnerablePackage +( + platform_id NUMERIC NOT NULL + REFERENCES suseOVALPlatform (id), + cve_id NUMERIC NOT NULL + REFERENCES rhnCve (id), + vulnerable_pkg_id NUMERIC + REFERENCES suseOVALVulnerablePackage (id), + CONSTRAINT suse_oval_platform_vulnerable_pkg_id_pk PRIMARY KEY (platform_id, cve_id, vulnerable_pkg_id) +); + +create or replace procedure insert_product_vulnerable_packages(package_name_in varchar, fix_version_in varchar, + product_cpe_in varchar, cve_name_in varchar) + language plpgsql +as +$$ +declare + cve_id_val numeric; + product_cpe_id_val numeric; + vulnerable_pkg_id_val numeric; +begin + + INSERT INTO rhncve(id, name) + VALUES (nextval('rhn_cve_id_seq'), cve_name_in) + ON CONFLICT(name) DO NOTHING; + + SELECT id INTO cve_id_val FROM rhncve WHERE name = cve_name_in; + + INSERT INTO suseovalplatform(id, cpe) + VALUES (nextval('suse_oval_platform_id_seq'), product_cpe_in) + ON CONFLICT(cpe) DO NOTHING; + + SELECT id INTO product_cpe_id_val FROM suseOVALPlatform WHERE cpe = product_cpe_in; + + IF not EXISTS(SELECT 1 + FROM suseovalvulnerablepackage + WHERE name = package_name_in + AND ((fix_version IS NOT NULL AND fix_version = fix_version_in) OR + (fix_version IS NULL AND fix_version_in IS NULL))) THEN + INSERT INTO suseovalvulnerablepackage(id, name, fix_version) + VALUES (nextval('suse_oval_vulnerable_pkg_id_seq'), package_name_in, fix_version_in); + END IF; + + SELECT id + INTO vulnerable_pkg_id_val + FROM suseovalvulnerablepackage + WHERE name = package_name_in + AND ((fix_version IS NOT NULL AND fix_version = fix_version_in) OR + (fix_version IS NULL AND fix_version_in IS NULL)); + + INSERT INTO suseOVALPlatformVulnerablePackage(platform_id, cve_id, vulnerable_pkg_id) + VALUES (product_cpe_id_val, cve_id_val, vulnerable_pkg_id_val) + ON CONFLICT(platform_id, cve_id, vulnerable_pkg_id) DO UPDATE + SET platform_id = EXCLUDED.platform_id, + cve_id = EXCLUDED.cve_id, + vulnerable_pkg_id = EXCLUDED.vulnerable_pkg_id; +end; +$$; \ No newline at end of file From 23a09853efead1f7dd934bafecee1a0352016c0b Mon Sep 17 00:00:00 2001 From: HoussemNasri Date: Mon, 11 Sep 2023 19:50:51 +0100 Subject: [PATCH 08/53] Define SQL queries for OVAL data --- .../common/db/datasource/xml/file-list.xml | 1 + .../common/db/datasource/xml/oval_queries.xml | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100755 java/code/src/com/redhat/rhn/common/db/datasource/xml/oval_queries.xml diff --git a/java/code/src/com/redhat/rhn/common/db/datasource/xml/file-list.xml b/java/code/src/com/redhat/rhn/common/db/datasource/xml/file-list.xml index 5c6379e9dcfc..5038130324de 100644 --- a/java/code/src/com/redhat/rhn/common/db/datasource/xml/file-list.xml +++ b/java/code/src/com/redhat/rhn/common/db/datasource/xml/file-list.xml @@ -25,6 +25,7 @@