Author: mwiegand Date: 2008-09-09 11:17:48 +0200 (Tue, 09 Sep 2008) New Revision: 1299
Added: trunk/doc/website/pix/ovaldi-results.png trunk/doc/website/svndiff-ovaldi-rev138.patch Modified: trunk/doc/website/integrated-tools.htm4 Log: Added documentation for OVAL support. Modified: trunk/doc/website/integrated-tools.htm4 =================================================================== --- trunk/doc/website/integrated-tools.htm4 2008-09-09 07:45:45 UTC (rev 1298) +++ trunk/doc/website/integrated-tools.htm4 2008-09-09 09:17:48 UTC (rev 1299) @@ -93,3 +93,47 @@ Status (20080505): Works with OpenVAS, see hints <a href="using-slad.html">how to use SLAD with OpenVAS</a>. </p> + +<h3>OVAL</h3> + +<p> +Homepage: <a href="http://oval.mitre.org/";>OVAL website</a><br/> +OVAL definitions interpreter: <a href="http://sourceforge.net/projects/ovaldi/";>ovaldi</a> +</p> + +<p> +In order to extend the vulnerabilty coverage even further, the OpenVAS project +is working on support for OVAL, the Open Vulnerability and Assesment Language. +</p> + +<p> +Status (20080909): Proof-of-concept support for OVAL definitions is included in +OpenVAS. If you want to use OVAL definitions, the following steps are +neccessary: +</p> + +<ol> +<li>Download ovaldi (preferably from the +<a href="http://sourceforge.net/svn/?group_id=215469";>ovaldi SVN repository</a>; +revision 138 is recommend for best results with OpenVAS).</li> +<li>Apply <a href="svndiff-ovaldi-rev138.patch">this patch</a> to the ovaldi +source.</li> +<li>Compile and install ovaldi.</li> +<li>Copy the desired OVAL definitions into your OpenVAS plugin directory; make +sure to change the file extension from .xml to .oval.</li> +<li>Restart your OpenVAS server; clients connecting to this server will now see +a new plugin family called "OVAL definitions" in the plugin selection +section.</li> +<li>If you are using OVAL definitions that check for installed versions of +certain packages, be sure to enable the plugin "Determine OS and list of +installed packages (with keyid) via SSH login" (located in the "Misc." family) +and to provide login information for the remote machine.</li> +</ol> + +<p> +Be aware that support for OVAL definitions is still in an experimental stage and +only a subset of all OVAL features is supported. Please report any bugs +to the openvas-devel mailing list. +</p> + +<img src="pix/ovaldi-results.png"/> Added: trunk/doc/website/pix/ovaldi-results.png =================================================================== (Binary files differ) Property changes on: trunk/doc/website/pix/ovaldi-results.png ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/website/svndiff-ovaldi-rev138.patch =================================================================== --- trunk/doc/website/svndiff-ovaldi-rev138.patch 2008-09-09 07:45:45 UTC (rev 1298) +++ trunk/doc/website/svndiff-ovaldi-rev138.patch 2008-09-09 09:17:48 UTC (rev 1299) @@ -0,0 +1,443 @@ +Index: src/Test.h +=================================================================== +--- src/Test.h (Revision 138) ++++ src/Test.h (Arbeitskopie) +@@ -133,6 +133,11 @@ + /** Set the stateId field's value. */ + void SetStateId(string stateId); + ++ /** Return the name field's value. */ ++ string GetName(); ++ /** Set the name field's value. */ ++ void SetName(string name); ++ + /** Return the written field's value. */ + bool GetWritten(); + /** Set the written field's value. */ +@@ -211,6 +216,7 @@ + VariableValueVector testedVariables; + string objectId; + string stateId; ++ string name; + + static TestMap processedTestsMap; + }; +Index: src/Test.cpp +=================================================================== +--- src/Test.cpp (Revision 138) ++++ src/Test.cpp (Arbeitskopie) +@@ -138,6 +138,28 @@ + this->stateId = stateId; + } + ++string Test::GetName() { ++ // ----------------------------------------------------------------------- ++ // Abstract ++ // ++ // Return the name field's value ++ // ++ // ----------------------------------------------------------------------- ++ ++ return this->name; ++} ++ ++void Test::SetName(string name) { ++ // ----------------------------------------------------------------------- ++ // Abstract ++ // ++ // Set the name field's value ++ // ++ // ----------------------------------------------------------------------- ++ ++ this->name = name; ++} ++ + OvalEnum::ResultEnumeration Test::GetResult() { + + return this->result; +@@ -269,6 +291,8 @@ + // get id + string id = XmlCommon::GetAttributeByName(testElm, "id"); + ++ this->SetName(XmlCommon::GetElementName(testElm)); ++ + // get the attributes + this->SetId(XmlCommon::GetAttributeByName(testElm, "id")); + this->SetVersion(atoi(XmlCommon::GetAttributeByName(testElm, "version").c_str())); +@@ -310,13 +334,88 @@ + } else { + // get the collected object from the sc file + DOMElement* collectedObjElm = XmlCommon::FindElement(DocumentManager::GetSystemCharacterisitcsDocument(), "object", "id", this->GetObjectId()); ++ OvalEnum::Flag collectedObjFlag = OvalEnum::FLAG_NOT_COLLECTED; + ++ + if(collectedObjElm == NULL) { +- // this is an unknown result. the interpreter requires that all objects in a definition +- // file have a corresponding collected object in the sc file to successfully evaluate. +- Log::Info("Test::Analyze() - Test id: " + this->GetId() + " Unable to locate corresponding collected object in system characteristics file for object id: " + this->GetObjectId()); +- this->SetResult(OvalEnum::RESULT_UNKNOWN); +- ++ // If there are no collected objects available, the interpreter will try to find corresponding ++ // items in the system_data section. ++ cout << endl << " Note: No collected objects found for test " << this->GetId() << ". Using experimental object search." << endl; ++ ++ string componentName; ++ ++ this->SetCheck(OvalEnum::CHECK_AT_LEAST_ONE); ++ ++ // Get the component name from the first part of the test name ++ // NOTE: Due to the inconsistent OVAL definition, this won't work for inetlisteningserver(s) ++ string::size_type loc = this->name.find("_", 0); ++ if( loc != string::npos ) { ++ componentName = this->name.substr(0, loc); ++ } ++ ++ // Find potential matching items in the system_data section ++ ElementVector* dataElems = XmlCommon::FindAllElements(DocumentManager::GetSystemCharacterisitcsDocument(), componentName + "_item"); ++ ++ if(dataElems->size() == 0) { ++ // No potential matching items found ++ collectedObjFlag = OvalEnum::FLAG_NOT_COLLECTED; ++ this->SetResult(OvalEnum::RESULT_UNKNOWN); ++ } else { ++ // Potential matching items found ++ ElementVector::iterator iterator; ++ bool matchFound = false; ++ for(iterator = dataElems->begin(); iterator != dataElems->end() && !matchFound; iterator++) { ++ DOMElement *systemDataObject = (*iterator); ++ DOMElement *testObject = XmlCommon::FindElement(DocumentManager::GetDefinitionDocument(), componentName + "_object", "id", this->GetObjectId()); ++ ++ DOMNodeList *testObjectChildren = testObject->getChildNodes(); ++ DOMNodeList *systemDataObjectChildren = systemDataObject->getChildNodes(); ++ bool sameChildren = true; ++ unsigned int testObjectChildIndex = 0; ++ while(testObjectChildIndex < testObjectChildren->getLength()) { ++ bool childFound = false; ++ DOMNode *tmpNode = testObjectChildren->item(testObjectChildIndex); ++ ++ if (tmpNode->getNodeType() == DOMNode::ELEMENT_NODE) { ++ DOMElement *testObjectChild = (DOMElement*)tmpNode; ++ ++ for(unsigned int systemDataObjectChildIndex = 0; ++ systemDataObjectChildIndex < systemDataObjectChildren->getLength() && !childFound; ++ systemDataObjectChildIndex++) { ++ DOMNode *tmpNode2 = systemDataObjectChildren->item(systemDataObjectChildIndex); ++ ++ if (tmpNode2->getNodeType() == DOMNode::ELEMENT_NODE && !childFound) { ++ DOMElement *systemDataObjectChild = (DOMElement*)tmpNode2; ++ ++ if(XmlCommon::GetElementName(testObjectChild).compare(XmlCommon::GetElementName(systemDataObjectChild)) == 0 && ++ XmlCommon::GetDataNodeValue(testObjectChild).compare(XmlCommon::GetDataNodeValue(systemDataObjectChild)) == 0) { ++ childFound = true; ++ } ++ } ++ } ++ if(!childFound) ++ sameChildren = false; ++ } ++ testObjectChildIndex++; ++ } ++ ++ if(sameChildren) { ++ TestedItem* testedItem = new TestedItem(); ++ Item* item = NULL; ++ item = new Item(); ++ item->Parse(systemDataObject); ++ // Item::Cache(item); ++ testedItem->SetItem(item); ++ this->AppendTestedItem(testedItem); ++ collectedObjFlag = OvalEnum::FLAG_COMPLETE; ++ matchFound = true; ++ } else { ++ collectedObjFlag = OvalEnum::FLAG_NOT_COLLECTED; ++ this->SetResult(OvalEnum::RESULT_UNKNOWN); ++ } ++ } ++ ++ } + } else { + + // Copy all variables in the collected object into VariableValues for the results file +@@ -356,143 +455,134 @@ + + // check the flag on the collected object + string flagStr = XmlCommon::GetAttributeByName(collectedObjElm, "flag"); +- OvalEnum::Flag collectedObjFlag = OvalEnum::ToFlag(flagStr); ++ collectedObjFlag = OvalEnum::ToFlag(flagStr); ++ } + +- // determine how to proceed based on flag value +- if(collectedObjFlag == OvalEnum::FLAG_ERROR) { +- this->SetResult(OvalEnum::RESULT_ERROR); ++ // determine how to proceed based on flag value ++ if(collectedObjFlag == OvalEnum::FLAG_ERROR) { ++ this->SetResult(OvalEnum::RESULT_ERROR); + +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } +- } else if(collectedObjFlag == OvalEnum::FLAG_NOT_APPLICABLE) { +- this->SetResult(OvalEnum::RESULT_NOT_APPLICABLE); +- +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } +- } else if(collectedObjFlag == OvalEnum::FLAG_NOT_COLLECTED) { +- this->SetResult(OvalEnum::RESULT_UNKNOWN); +- +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } +- } else if(collectedObjFlag == OvalEnum::FLAG_INCOMPLETE) { ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); ++ } ++ } else if(collectedObjFlag == OvalEnum::FLAG_NOT_APPLICABLE) { ++ this->SetResult(OvalEnum::RESULT_NOT_APPLICABLE); ++ ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); ++ } ++ } else if(collectedObjFlag == OvalEnum::FLAG_NOT_COLLECTED) { ++ this->SetResult(OvalEnum::RESULT_UNKNOWN); ++ ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); ++ } ++ } else if(collectedObjFlag == OvalEnum::FLAG_INCOMPLETE) { + +- OvalEnum::ResultEnumeration overallResult = OvalEnum::RESULT_UNKNOWN; ++ OvalEnum::ResultEnumeration overallResult = OvalEnum::RESULT_UNKNOWN; + +- // get the count of items with a status of exists +- int existsCount = 0; +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- OvalEnum::SCStatus itemStatus = (*iterator)->GetItem()->GetStatus(); +- if(itemStatus == OvalEnum::STATUS_EXISTS) { +- existsCount++; +- } +- } ++ // get the count of items with a status of exists ++ int existsCount = 0; ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ OvalEnum::SCStatus itemStatus = (*iterator)->GetItem()->GetStatus(); ++ if(itemStatus == OvalEnum::STATUS_EXISTS) { ++ existsCount++; ++ } ++ } + +- OvalEnum::ResultEnumeration existenceResult = OvalEnum::RESULT_UNKNOWN; ++ OvalEnum::ResultEnumeration existenceResult = OvalEnum::RESULT_UNKNOWN; + +- if(this->GetCheckExistence() == OvalEnum::EXISTENCE_NONE_EXIST && existsCount > 0) { ++ if(this->GetCheckExistence() == OvalEnum::EXISTENCE_NONE_EXIST && existsCount > 0) { + +- // if more than 0 then false +- existenceResult = OvalEnum::RESULT_FALSE; ++ // if more than 0 then false ++ existenceResult = OvalEnum::RESULT_FALSE; + +- } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ONLY_ONE_EXISTS && existsCount > 1) { +- +- // if more than 1 then false +- existenceResult = OvalEnum::RESULT_FALSE; ++ } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ONLY_ONE_EXISTS && existsCount > 1) { ++ ++ // if more than 1 then false ++ existenceResult = OvalEnum::RESULT_FALSE; + +- } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_AT_LEAST_ONE_EXISTS && existsCount > 0) { ++ } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_AT_LEAST_ONE_EXISTS && existsCount > 0) { + +- // if more than 1 then false +- existenceResult = OvalEnum::RESULT_TRUE; ++ // if more than 1 then false ++ existenceResult = OvalEnum::RESULT_TRUE; + +- } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ANY_EXIST) { ++ } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ANY_EXIST) { + +- // always true +- existenceResult = OvalEnum::RESULT_TRUE; ++ // always true ++ existenceResult = OvalEnum::RESULT_TRUE; + +- } ++ } + +- if(existenceResult == OvalEnum::RESULT_TRUE) { ++ if(existenceResult == OvalEnum::RESULT_TRUE) { + +- // consider the check_state if true so far... +- OvalEnum::ResultEnumeration stateResult = this->EvaluateCheckState(); ++ // consider the check_state if true so far... ++ OvalEnum::ResultEnumeration stateResult = this->EvaluateCheckState(); + +- if(stateResult == OvalEnum::RESULT_FALSE) { +- overallResult = OvalEnum::RESULT_FALSE; +- } if(stateResult == OvalEnum::RESULT_TRUE && this->GetCheck() == OvalEnum::CHECK_AT_LEAST_ONE) { ++ if(stateResult == OvalEnum::RESULT_FALSE) { ++ overallResult = OvalEnum::RESULT_FALSE; ++ } if(stateResult == OvalEnum::RESULT_TRUE && this->GetCheck() == OvalEnum::CHECK_AT_LEAST_ONE) { + +- overallResult = OvalEnum::RESULT_TRUE; +- } ++ overallResult = OvalEnum::RESULT_TRUE; ++ } + +- } else { +- overallResult = existenceResult; ++ } else { ++ overallResult = existenceResult; + +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); + } ++ } + +- this->SetResult(overallResult); ++ this->SetResult(overallResult); + +- } else if(collectedObjFlag == OvalEnum::FLAG_DOES_NOT_EXIST) { ++ } else if(collectedObjFlag == OvalEnum::FLAG_DOES_NOT_EXIST) { + +- // if the check_existence is set to none_exist or +- // any_exist the result is true +- // otherwise the result is false +- if(this->GetCheckExistence() == OvalEnum::EXISTENCE_NONE_EXIST) { +- this->SetResult(OvalEnum::RESULT_TRUE); +- // no need to look at state when check_existence is set to none_exist ++ // if the check_existence is set to none_exist or ++ // any_exist the result is true ++ // otherwise the result is false ++ if(this->GetCheckExistence() == OvalEnum::EXISTENCE_NONE_EXIST) { ++ this->SetResult(OvalEnum::RESULT_TRUE); ++ // no need to look at state when check_existence is set to none_exist + +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); ++ } + +- } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ANY_EXIST) { +- // need to look at state result if there is a state +- if(this->GetStateId().compare("") != 0) { +- OvalEnum::ResultEnumeration stateResult = this->EvaluateCheckState(); +- this->SetResult(stateResult); +- } else { +- this->SetResult(OvalEnum::RESULT_TRUE); +- } ++ } else if(this->GetCheckExistence() == OvalEnum::EXISTENCE_ANY_EXIST) { ++ // need to look at state result if there is a state ++ if(this->GetStateId().compare("") != 0) { ++ OvalEnum::ResultEnumeration stateResult = this->EvaluateCheckState(); ++ this->SetResult(stateResult); + } else { +- this->SetResult(OvalEnum::RESULT_FALSE); ++ this->SetResult(OvalEnum::RESULT_TRUE); + } ++ } else { ++ this->SetResult(OvalEnum::RESULT_FALSE); ++ } + +- } else if(collectedObjFlag == OvalEnum::FLAG_COMPLETE) { +- +- OvalEnum::ResultEnumeration overallResult = OvalEnum::RESULT_ERROR; ++ } else if(collectedObjFlag == OvalEnum::FLAG_COMPLETE) { ++ ++ OvalEnum::ResultEnumeration overallResult = OvalEnum::RESULT_ERROR; + +- // Evaluate the check existence attribute. +- OvalEnum::ResultEnumeration existenceResult = this->EvaluateCheckExistence(); ++ // Evaluate the check existence attribute. ++ OvalEnum::ResultEnumeration existenceResult = this->EvaluateCheckExistence(); + +- // if the existence result is true evaluate the check_state attribute if there is a state +- if(existenceResult == OvalEnum::RESULT_TRUE) { +- if(this->GetStateId().compare("") != 0) { +- overallResult = this->EvaluateCheckState(); +- } else { +- overallResult = existenceResult; +- +- // since we did no look at the state set the tested item result to not evaluated +- TestedItemVector::iterator iterator; +- for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { +- (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); +- } +- } +- ++ // if the existence result is true evaluate the check_state attribute if there is a state ++ if(existenceResult == OvalEnum::RESULT_TRUE) { ++ if(this->GetStateId().compare("") != 0) { ++ overallResult = this->EvaluateCheckState(); + } else { + overallResult = existenceResult; + +@@ -503,13 +593,21 @@ + } + } + +- this->SetResult(overallResult); ++ } else { ++ overallResult = existenceResult; ++ ++ // since we did no look at the state set the tested item result to not evaluated ++ TestedItemVector::iterator iterator; ++ for(iterator = this->GetTestedItems()->begin(); iterator != this->GetTestedItems()->end(); iterator++) { ++ (*iterator)->SetResult(OvalEnum::RESULT_NOT_EVALUATED); ++ } + } ++ this->SetResult(overallResult); + } ++ + } + this->SetAnalyzed(true); + } +- + return this->GetResult(); + } + +@@ -655,7 +753,7 @@ + OvalEnum::ResultEnumeration Test::EvaluateCheckState() { + + OvalEnum::ResultEnumeration stateResult = OvalEnum::RESULT_ERROR; +- ++ + // is there a state associated with this test? + if(this->GetStateId().compare("") == 0) { + // no state specified +@@ -686,7 +784,6 @@ + Log::Fatal("Unable to evaluate test " + this->GetId() + ". An error occured while processing the associated state " + this->GetStateId() + ". " + ex.GetErrorMessage()); + } + } +- + return stateResult; + } + _______________________________________________ Openvas-commits mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
