Support RHEL OVAL

.gitignore

@@ -25,3 +25,5 @@ _testmain.go
 
 cisco-oval
 main
+
+goval-parser

example.go

@@ -26,12 +26,12 @@ func main() {
 }
 
 // readOval : Read OVAL definitions from file
-func readOval(file string) (*oval.OVALDefinitions, error) {
+func readOval(file string) (*oval.Root, error) {
 	str, err := ioutil.ReadFile(file)
 	if err != nil {
 		return nil, fmt.Errorf("Can't open file: %s", err)
 	}
-	oval := &oval.OVALDefinitions{}
+	oval := &oval.Root{}
 	err = xml.Unmarshal([]byte(str), oval)
 	if err != nil {
 		return nil, fmt.Errorf("Can't parse XML: %s", err)

oval/types.go

@@ -2,8 +2,8 @@ package oval
 
 import "encoding/xml"
 
-// OVALDefinitions : root object
-type OVALDefinitions struct {
+// Root : root object
+type Root struct {
 	XMLName     xml.Name    `xml:"oval_definitions"`
 	Generator   Generator   `xml:"generator"`
 	Definitions Definitions `xml:"definitions"`
@@ -36,6 +36,7 @@ type Definition struct {
 	Affecteds   []Affected  `xml:"metadata>affected"`
 	References  []Reference `xml:"metadata>reference"`
 	Description string      `xml:"metadata>description"`
+	Advisory    Advisory    `xml:"metadata>advisory"`
 	Criteria    Criteria    `xml:"criteria"`
 }
 
@@ -70,6 +71,23 @@ type Reference struct {
 	RefURL  string   `xml:"ref_url,attr"`
 }
 
+// Advisory : >definitions>definition>metadata>advisory
+type Advisory struct {
+	XMLName         xml.Name `xml:"advisory"`
+	Severity        string   `xml:"severity"`
+	CveID           string   `xml:"cve"`
+	Bugzilla        Bugzilla `xml:"bugzilla"`
+	AffectedCPEList []string `xml:"affected_cpe_list>cpe"`
+}
+
+// Bugzilla : >definitions>definition>metadata>advisory>bugzilla
+type Bugzilla struct {
+	XMLName xml.Name `xml:"bugzilla"`
+	ID      string   `xml:"id,attr"`
+	URL     string   `xml:"href,attr"`
+	Title   string   `xml:",chardata"`
+}
+
 // Tests : >tests
 type Tests struct {
 	XMLName        xml.Name        `xml:"tests"`

testfile/com.redhat.rhba-20070331.xml

@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
+  <generator>
+    <oval:product_name>Red Hat Errata System</oval:product_name>
+    <oval:schema_version>5.10.1</oval:schema_version>
+    <oval:timestamp>2016-11-18T05:41:16</oval:timestamp>
+  </generator>
+
+  <definitions>
+    <definition id="oval:com.redhat.rhba:def:20070331" version="602" class="patch">
+      <metadata>
+        <title>RHBA-2007:0331: conga bug fix update (None)</title>
+    <affected family="unix">
+      <platform>Red Hat Enterprise Linux 5</platform>
+    </affected>
+    <reference source="RHBA" ref_id="RHBA-2007:0331-01" ref_url="https://rhn.redhat.com/errata/RHBA-2007-0331.html"/>
+      <reference source="CVE" ref_id="CVE-2007-0240" ref_url="https://access.redhat.com/security/cve/CVE-2007-0240"/>
+      <reference source="CVE" ref_id="CVE-2007-1462" ref_url="https://access.redhat.com/security/cve/CVE-2007-1462"/>
+    <description>The Conga package is a web-based administration tool for remote cluster and
+storage management.
+
+This erratum applies the following bug fixes:
+
+- The borrowed Zope packages used by Conga have been patched to eliminate
+a possibility of XSS attack.
+- Passwords are no longer sent back from the server in cleartext for use as
+input values.
+- A form error was fixed so that Conga no longer allows for cluster
+names of over 15 characters.
+- An error wherein clusters and systems could not be deleted from the
+manage systems interface has been addressed.
+- Entering an incorrect password for a system no longer generates an
+Unbound Local Reference exception.
+- Luci failover domain forms are no longer empty
+- The fence_xvm string in cluster.conf for virtual cluster fencing has been
+corrected.
+- The advanced options parameters section has been fixed.
+- A bug where virtual services were unable for configuration has been
+addressed.
+- kmod-gfs-xen is now installed when necessary.
+- The &#x27;enable shared storage support&#x27; checkbox is now cleared when a
+configuration error is encountered.
+- When configuring an outer physical cluster, it is no longer necessary to
+add the fence_xvmd tag manually.
+
+Users of Conga are advised to upgrade to these updated packages, which
+apply these fixes.</description>
+
+<!-- ~~~~~~~~~~~~~~~~~~~~   advisory details   ~~~~~~~~~~~~~~~~~~~ -->
+
+<advisory from="secalert@redhat.com">
+        <severity>None</severity>
+        <rights>Copyright 2007 Red Hat, Inc.</rights>
+        <issued date="2007-05-18"/>
+        <updated date="2007-05-18"/>
+        <cve href="https://access.redhat.com/security/cve/CVE-2007-0240">CVE-2007-0240</cve>
+        <cve href="https://access.redhat.com/security/cve/CVE-2007-1462">CVE-2007-1462</cve>
+        <bugzilla href="https://bugzilla.redhat.com/228637" id="228637">CVE-2007-1462 security alert - passwords sent back from server as input value</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/233326" id="233326">CVE-2007-0240 Conga includes version of Zope that is vulnerable to a XSS attack</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236020" id="236020">Conga allows creation/rename of clusters with name greater than 15 characters</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236021" id="236021">Cluster cannot be deleted (from &#x27;Manage Systems&#x27;) - but no error results</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236025" id="236025">Entering bad password when creating a new cluster = UnboundLocalError: local variable &#x27;e&#x27; referenced before assignment</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236026" id="236026">luci failover domain forms are missing/empty</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236027" id="236027">fence_xvm is incorrectly listed as &quot;xmv&quot; in virtual cluster</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236048" id="236048">Advanced options parameters settings don&#x27;t do anything</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236050" id="236050">Unable to configure a virtual service</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236052" id="236052">kmod-gfs-xen not installed with Conga install</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236054" id="236054">&#x27;enable shared storage&#x27; option cleared whenever there is a configuration error</bugzilla>
+        <bugzilla href="https://bugzilla.redhat.com/236055" id="236055">Must manually edit cluster.conf on the dom0 cluster to add &quot;&lt;fence_xvmd/&gt;&quot;</bugzilla>
+    <affected_cpe_list>
+        <cpe>cpe:/a:redhat:rhel_cluster:5</cpe>
+        <cpe>cpe:/a:redhat:test:5</cpe>
+    </affected_cpe_list>
+</advisory>
+      </metadata>
+      <criteria operator="AND">
+ <criterion test_ref="oval:com.redhat.rhba:tst:20070331001" comment="Red Hat Enterprise Linux 5 is installed" />
+ <criteria operator="OR">
+
+ <criteria operator="AND">
+ <criterion test_ref="oval:com.redhat.rhba:tst:20070331002" comment="conga is earlier than 0:0.9.2-6.el5" /><criterion test_ref="oval:com.redhat.rhba:tst:20070331003" comment="conga is signed with Red Hat redhatrelease key" />
+
+</criteria>
+<criteria operator="AND">
+ <criterion test_ref="oval:com.redhat.rhba:tst:20070331006" comment="luci is earlier than 0:0.9.2-6.el5" /><criterion test_ref="oval:com.redhat.rhba:tst:20070331007" comment="luci is signed with Red Hat redhatrelease key" />
+
+</criteria>
+<criteria operator="AND">
+ <criterion test_ref="oval:com.redhat.rhba:tst:20070331004" comment="ricci is earlier than 0:0.9.2-6.el5" /><criterion test_ref="oval:com.redhat.rhba:tst:20070331005" comment="ricci is signed with Red Hat redhatrelease key" />
+
+</criteria>
+
+</criteria>
+
+</criteria>
+
+    </definition>
+  </definitions>
+  <tests>
+    <!-- ~~~~~~~~~~~~~~~~~~~~~   rpminfo tests   ~~~~~~~~~~~~~~~~~~~~~ -->
+    <rpminfo_test id="oval:com.redhat.rhba:tst:20070331001"  version="602" comment="Red Hat Enterprise Linux 5 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331001" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331002" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331002"  version="602" comment="conga is earlier than 0:0.9.2-6.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331002" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331003" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331003"  version="602" comment="conga is signed with Red Hat redhatrelease key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331002" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331001" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331004"  version="602" comment="ricci is earlier than 0:0.9.2-6.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331003" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331003" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331005"  version="602" comment="ricci is signed with Red Hat redhatrelease key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331003" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331001" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331006"  version="602" comment="luci is earlier than 0:0.9.2-6.el5" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331004" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331003" />
+</rpminfo_test>
+<rpminfo_test id="oval:com.redhat.rhba:tst:20070331007"  version="602" comment="luci is signed with Red Hat redhatrelease key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <object object_ref="oval:com.redhat.rhba:obj:20070331004" />
+  <state state_ref="oval:com.redhat.rhba:ste:20070331001" />
+</rpminfo_test>
+
+  </tests>
+
+  <objects>
+    <!-- ~~~~~~~~~~~~~~~~~~~~   rpminfo objects   ~~~~~~~~~~~~~~~~~~~~ -->
+    <rpminfo_object id="oval:com.redhat.rhba:obj:20070331002"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <name>conga</name>
+</rpminfo_object>
+<rpminfo_object id="oval:com.redhat.rhba:obj:20070331004"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <name>luci</name>
+</rpminfo_object>
+<rpminfo_object id="oval:com.redhat.rhba:obj:20070331001"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <name>redhat-release</name>
+</rpminfo_object>
+<rpminfo_object id="oval:com.redhat.rhba:obj:20070331003"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <name>ricci</name>
+</rpminfo_object>
+
+  </objects>
+  <states>
+    <!-- ~~~~~~~~~~~~~~~~~~~~   rpminfo states   ~~~~~~~~~~~~~~~~~~~~~ -->
+    <rpminfo_state id="oval:com.redhat.rhba:ste:20070331001"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <signature_keyid  operation="equals">5326810137017186</signature_keyid>
+</rpminfo_state>
+<rpminfo_state id="oval:com.redhat.rhba:ste:20070331002"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <version  operation="pattern match">^5[^\d]</version>
+</rpminfo_state>
+<rpminfo_state id="oval:com.redhat.rhba:ste:20070331003"  version="602" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
+  <evr datatype="evr_string" operation="less than">0:0.9.2-6.el5</evr>
+</rpminfo_state>
+
+  </states>
+</oval_definitions>
+