feat(cbl-mariner) support CBL Mariner Vulnerability Data (#133)
This commit is contained in:
parent
e57b35fc33
commit
23a9b285d9
4
.github/workflows/update.yml
vendored
4
.github/workflows/update.yml
vendored
@ -95,6 +95,10 @@ jobs:
|
|||||||
name: Rocky Linux Security Advisory
|
name: Rocky Linux Security Advisory
|
||||||
run: ./vuln-list-update -target rocky
|
run: ./vuln-list-update -target rocky
|
||||||
|
|
||||||
|
- if: always()
|
||||||
|
name: CBL-Mariner Vulnerability Data
|
||||||
|
run: ./vuln-list-update -target mariner
|
||||||
|
|
||||||
- if: always()
|
- if: always()
|
||||||
name: OSV Database
|
name: OSV Database
|
||||||
run: ./vuln-list-update -target osv
|
run: ./vuln-list-update -target osv
|
||||||
|
@ -20,7 +20,7 @@ https://github.com/aquasecurity/vuln-list/
|
|||||||
$ vuln-list-update -h
|
$ vuln-list-update -h
|
||||||
Usage of vuln-list-update:
|
Usage of vuln-list-update:
|
||||||
-target string
|
-target string
|
||||||
update target (nvd, alpine, redhat, debian, ubuntu)
|
update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, go-vulndb, mariner)
|
||||||
-years string
|
-years string
|
||||||
update years (only redhat)
|
update years (only redhat)
|
||||||
```
|
```
|
||||||
|
9
main.go
9
main.go
@ -25,6 +25,7 @@ import (
|
|||||||
"github.com/aquasecurity/vuln-list-update/git"
|
"github.com/aquasecurity/vuln-list-update/git"
|
||||||
"github.com/aquasecurity/vuln-list-update/glad"
|
"github.com/aquasecurity/vuln-list-update/glad"
|
||||||
govulndb "github.com/aquasecurity/vuln-list-update/go-vulndb"
|
govulndb "github.com/aquasecurity/vuln-list-update/go-vulndb"
|
||||||
|
"github.com/aquasecurity/vuln-list-update/mariner"
|
||||||
"github.com/aquasecurity/vuln-list-update/nvd"
|
"github.com/aquasecurity/vuln-list-update/nvd"
|
||||||
oracleoval "github.com/aquasecurity/vuln-list-update/oracle/oval"
|
oracleoval "github.com/aquasecurity/vuln-list-update/oracle/oval"
|
||||||
"github.com/aquasecurity/vuln-list-update/osv"
|
"github.com/aquasecurity/vuln-list-update/osv"
|
||||||
@ -45,7 +46,7 @@ const (
|
|||||||
|
|
||||||
var (
|
var (
|
||||||
target = flag.String("target", "", "update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, "+
|
target = flag.String("target", "", "update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, "+
|
||||||
"debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, go-vulndb)")
|
"debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, go-vulndb, mariner)")
|
||||||
years = flag.String("years", "", "update years (only redhat)")
|
years = flag.String("years", "", "update years (only redhat)")
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -214,6 +215,12 @@ func run() error {
|
|||||||
return xerrors.Errorf("Go Vulnerability Database update error: %w", err)
|
return xerrors.Errorf("Go Vulnerability Database update error: %w", err)
|
||||||
}
|
}
|
||||||
commitMsg = "Go Vulnerability Database"
|
commitMsg = "Go Vulnerability Database"
|
||||||
|
case "mariner":
|
||||||
|
src := mariner.NewConfig()
|
||||||
|
if err := src.Update(); err != nil {
|
||||||
|
return xerrors.Errorf("CBL-Mariner Vulnerability Data update error: %w", err)
|
||||||
|
}
|
||||||
|
commitMsg = "CBL-Mariner Vulnerability Data"
|
||||||
default:
|
default:
|
||||||
return xerrors.New("unknown target")
|
return xerrors.New("unknown target")
|
||||||
}
|
}
|
||||||
|
175
mariner/mariner.go
Normal file
175
mariner/mariner.go
Normal file
@ -0,0 +1,175 @@
|
|||||||
|
package mariner
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"encoding/xml"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/cheggaaa/pb"
|
||||||
|
"golang.org/x/xerrors"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/vuln-list-update/utils"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
repoURL = "https://github.com/microsoft/CBL-MarinerVulnerabilityData/archive/refs/heads/main.tar.gz//CBL-MarinerVulnerabilityData-main"
|
||||||
|
cblDir = "mariner" // CBL-Mariner Vulnerability Data
|
||||||
|
retry = 3
|
||||||
|
|
||||||
|
testsDir = "tests"
|
||||||
|
objectsDir = "objects"
|
||||||
|
statesDir = "states"
|
||||||
|
definitionsDir = "definitions"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
ErrInvalidCVEFormat = errors.New("invalid CVE-ID format")
|
||||||
|
ErrNonCVEID = errors.New("discovered non-CVE-ID")
|
||||||
|
)
|
||||||
|
|
||||||
|
type Config struct {
|
||||||
|
*options
|
||||||
|
}
|
||||||
|
|
||||||
|
type option func(*options)
|
||||||
|
|
||||||
|
type options struct {
|
||||||
|
url string
|
||||||
|
dir string
|
||||||
|
retry int
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithURL(url string) option {
|
||||||
|
return func(opts *options) { opts.url = url }
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithDir(dir string) option {
|
||||||
|
return func(opts *options) { opts.dir = dir }
|
||||||
|
}
|
||||||
|
|
||||||
|
func WithRetry(retry int) option {
|
||||||
|
return func(opts *options) { opts.retry = retry }
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewConfig(opts ...option) Config {
|
||||||
|
o := &options{
|
||||||
|
url: repoURL,
|
||||||
|
dir: filepath.Join(utils.VulnListDir(), cblDir),
|
||||||
|
retry: retry,
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, opt := range opts {
|
||||||
|
opt(o)
|
||||||
|
}
|
||||||
|
|
||||||
|
return Config{
|
||||||
|
options: o,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Config) Update() error {
|
||||||
|
ctx := context.Background()
|
||||||
|
|
||||||
|
log.Printf("Remove CBL-Mariner Vulnerability Data directory %sn", c.dir)
|
||||||
|
if err := os.RemoveAll(c.dir); err != nil {
|
||||||
|
return xerrors.Errorf("failed to remove CBL-Mariner Vulnerability Data directory: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Print("Fetching CBL-Mariner Vulnerability Data")
|
||||||
|
tmpDir, err := utils.DownloadToTempDir(ctx, c.url)
|
||||||
|
if err != nil {
|
||||||
|
return xerrors.Errorf("failed to retrieve CBL-Mariner Vulnerability Data: %w", err)
|
||||||
|
}
|
||||||
|
defer os.RemoveAll(tmpDir)
|
||||||
|
|
||||||
|
entries, err := os.ReadDir(tmpDir)
|
||||||
|
if err != nil {
|
||||||
|
return xerrors.Errorf("failed to read directory: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, entry := range entries {
|
||||||
|
if entry.IsDir() {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.HasPrefix(entry.Name(), "cbl-mariner-") {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if filepath.Ext(entry.Name()) != ".xml" {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
osVersoin := strings.TrimSuffix(strings.TrimSuffix(strings.TrimPrefix(entry.Name(), "cbl-mariner-"), "-oval.xml"), "-preview")
|
||||||
|
if err := c.update(osVersoin, filepath.Join(tmpDir, entry.Name())); err != nil {
|
||||||
|
return xerrors.Errorf("failed to update oval data: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Config) update(version, path string) error {
|
||||||
|
f, err := os.Open(path)
|
||||||
|
if err != nil {
|
||||||
|
return xerrors.Errorf("failed to open file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var oval OvalDefinitions
|
||||||
|
if err := xml.NewDecoder(f).Decode(&oval); err != nil {
|
||||||
|
return xerrors.Errorf("failed to decode xml: %w", err)
|
||||||
|
}
|
||||||
|
dirPath := filepath.Join(c.dir, version)
|
||||||
|
|
||||||
|
// write tests/tests.json file
|
||||||
|
if err := utils.Write(filepath.Join(dirPath, testsDir, "tests.json"), oval.Tests); err != nil {
|
||||||
|
return xerrors.Errorf("failed to write tests: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// write objects/objects.json file
|
||||||
|
if err := utils.Write(filepath.Join(dirPath, objectsDir, "objects.json"), oval.Objects); err != nil {
|
||||||
|
return xerrors.Errorf("failed to write objects: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// write states/states.json file
|
||||||
|
if err := utils.Write(filepath.Join(dirPath, statesDir, "states.json"), oval.States); err != nil {
|
||||||
|
return xerrors.Errorf("failed to write states: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// write definitions
|
||||||
|
bar := pb.StartNew(len(oval.Definitions.Definition))
|
||||||
|
for _, def := range oval.Definitions.Definition {
|
||||||
|
vulnID := def.Metadata.Reference.RefID
|
||||||
|
|
||||||
|
if err := c.saveAdvisoryPerYear(filepath.Join(dirPath, definitionsDir), vulnID, def); err != nil {
|
||||||
|
return xerrors.Errorf("failed to save advisory per year: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
bar.Increment()
|
||||||
|
}
|
||||||
|
bar.Finish()
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c Config) saveAdvisoryPerYear(dirName string, vulnID string, def Definition) error {
|
||||||
|
if !strings.HasPrefix(vulnID, "CVE") {
|
||||||
|
log.Printf("discovered non-CVE-ID: %s", vulnID)
|
||||||
|
return ErrNonCVEID
|
||||||
|
}
|
||||||
|
|
||||||
|
s := strings.Split(vulnID, "-")
|
||||||
|
if len(s) != 3 {
|
||||||
|
log.Printf("invalid CVE-ID format: %s", vulnID)
|
||||||
|
return ErrInvalidCVEFormat
|
||||||
|
}
|
||||||
|
|
||||||
|
yearDir := filepath.Join(dirName, s[1])
|
||||||
|
if err := utils.Write(filepath.Join(yearDir, fmt.Sprintf("%s.json", vulnID)), def); err != nil {
|
||||||
|
return xerrors.Errorf("unable to write a JSON file: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
68
mariner/mariner_test.go
Normal file
68
mariner/mariner_test.go
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
package mariner_test
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io/fs"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
"github.com/aquasecurity/vuln-list-update/mariner"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestUpdate(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
inputFile string
|
||||||
|
wantErr string
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
name: "happy path",
|
||||||
|
inputFile: "file::testdata/happy",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "sad path, invalid xml",
|
||||||
|
inputFile: "file::testdata/sad",
|
||||||
|
wantErr: "failed to decode xml",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
tmpDir := t.TempDir()
|
||||||
|
cc := mariner.NewConfig(mariner.WithURL(tt.inputFile), mariner.WithDir(tmpDir), mariner.WithRetry(0))
|
||||||
|
|
||||||
|
err := cc.Update()
|
||||||
|
if tt.wantErr != "" {
|
||||||
|
require.Error(t, err)
|
||||||
|
assert.Contains(t, err.Error(), tt.wantErr)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
err = filepath.WalkDir(tmpDir, func(path string, d fs.DirEntry, err error) error {
|
||||||
|
require.NoError(t, err, tt.name)
|
||||||
|
if !d.Type().IsRegular() {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
got, err := os.ReadFile(path)
|
||||||
|
require.NoError(t, err, path)
|
||||||
|
|
||||||
|
rel, err := filepath.Rel(tmpDir, path)
|
||||||
|
require.NoError(t, err, path)
|
||||||
|
|
||||||
|
goldenPath := filepath.Join("testdata", "golden", "mariner", rel)
|
||||||
|
want, err := os.ReadFile(goldenPath)
|
||||||
|
require.NoError(t, err, goldenPath)
|
||||||
|
|
||||||
|
assert.JSONEq(t, string(want), string(got), path)
|
||||||
|
|
||||||
|
return nil
|
||||||
|
})
|
||||||
|
require.NoError(t, err, tt.name)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
29
mariner/testdata/golden/mariner/1.0/definitions/2008/CVE-2008-3914.json
vendored
Normal file
29
mariner/testdata/golden/mariner/1.0/definitions/2008/CVE-2008-3914.json
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:3173",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2008-3914 affecting package clamav 0.101.2",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2008-3914",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2008-3914",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "true",
|
||||||
|
"AdvisoryDate": "2021-05-06T23:56:51Z",
|
||||||
|
"AdvisoryID": "3173",
|
||||||
|
"Severity": "Critical",
|
||||||
|
"Description": "CVE-2008-3914 affecting package clamav 0.101.2. An upgraded version of the package is available that resolves this issue."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package clamav is earlier than 0.103.2-1, affected by CVE-2008-3914",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374849000003"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
29
mariner/testdata/golden/mariner/1.0/definitions/2018/CVE-2018-25012.json
vendored
Normal file
29
mariner/testdata/golden/mariner/1.0/definitions/2018/CVE-2018-25012.json
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:4209",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2018-25012 affecting package libwebp 1.0.0",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2018-25012",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-25012",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "true",
|
||||||
|
"AdvisoryDate": "2021-06-09T03:50:29Z",
|
||||||
|
"AdvisoryID": "4209",
|
||||||
|
"Severity": "Critical",
|
||||||
|
"Description": "CVE-2018-25012 affecting package libwebp 1.0.0. An upgraded version of the package is available that resolves this issue."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package libwebp is earlier than 1.0.3-1, affected by CVE-2018-25012",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374849000151"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
29
mariner/testdata/golden/mariner/1.0/definitions/2021/CVE-2021-35942.json
vendored
Normal file
29
mariner/testdata/golden/mariner/1.0/definitions/2021/CVE-2021-35942.json
vendored
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:4820",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2021-35942 affecting package glibc 2.28",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2021-35942",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-35942",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "true",
|
||||||
|
"AdvisoryDate": "2021-08-11T06:39:32Z",
|
||||||
|
"AdvisoryID": "4820",
|
||||||
|
"Severity": "Critical",
|
||||||
|
"Description": "CVE-2021-35942 affecting package glibc 2.28. A patched version of the package is available."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package glibc is earlier than 2.28-19, affected by CVE-2021-35942",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374849000145"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
19
mariner/testdata/golden/mariner/1.0/objects/objects.json
vendored
Normal file
19
mariner/testdata/golden/mariner/1.0/objects/objects.json
vendored
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"RpminfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374849000004",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Name": "clamav"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374849000051",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Name": "glibc"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374849000067",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Name": "libwebp"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
31
mariner/testdata/golden/mariner/1.0/states/states.json
vendored
Normal file
31
mariner/testdata/golden/mariner/1.0/states/states.json
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"RpminfoState": [
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374849000005",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:0.103.2-1.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374849000068",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:1.0.3-1.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374849000146",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:2.28-19.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
40
mariner/testdata/golden/mariner/1.0/tests/tests.json
vendored
Normal file
40
mariner/testdata/golden/mariner/1.0/tests/tests.json
vendored
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{
|
||||||
|
"RpminfoTests": [
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package clamav is earlier than 0.103.2-1, affected by CVE-2008-3914",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374849000003",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374849000004"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374849000005"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package glibc is earlier than 2.28-19, affected by CVE-2021-35942",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374849000145",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374849000051"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374849000146"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package libwebp is earlier than 1.0.3-1, affected by CVE-2018-25012",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374849000151",
|
||||||
|
"Version": "1643374849",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374849000067"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374849000068"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
28
mariner/testdata/golden/mariner/2.0/definitions/2014/CVE-2014-8139.json
vendored
Normal file
28
mariner/testdata/golden/mariner/2.0/definitions/2014/CVE-2014-8139.json
vendored
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:6933",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2014-8139 affecting package unzip 6.0",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2014-8139",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-8139",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "false",
|
||||||
|
"AdvisoryID": "6933",
|
||||||
|
"Severity": "High",
|
||||||
|
"Description": "CVE-2014-8139 affecting package unzip 6.0. No patch is available currently."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package unzip is installed with version 6.0 or earlier",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374850000269"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
28
mariner/testdata/golden/mariner/2.0/definitions/2021/CVE-2021-39924.json
vendored
Normal file
28
mariner/testdata/golden/mariner/2.0/definitions/2021/CVE-2021-39924.json
vendored
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:7412",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2021-39924 affecting package wireshark 3.4.4",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2021-39924",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-39924",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "false",
|
||||||
|
"AdvisoryID": "7412",
|
||||||
|
"Severity": "High",
|
||||||
|
"Description": "CVE-2021-39924 affecting package wireshark 3.4.4. No patch is available currently."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package wireshark is installed with version 3.4.4 or earlier",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374850000435"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
28
mariner/testdata/golden/mariner/2.0/definitions/2022/CVE-2022-21309.json
vendored
Normal file
28
mariner/testdata/golden/mariner/2.0/definitions/2022/CVE-2022-21309.json
vendored
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{
|
||||||
|
"Class": "vulnerability",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:def:7700",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Metadata": {
|
||||||
|
"Title": "CVE-2022-21309 affecting package mysql 8.0.24",
|
||||||
|
"Affected": {
|
||||||
|
"Family": "unix",
|
||||||
|
"Platform": "CBL-Mariner"
|
||||||
|
},
|
||||||
|
"Reference": {
|
||||||
|
"RefID": "CVE-2022-21309",
|
||||||
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-21309",
|
||||||
|
"Source": "CVE"
|
||||||
|
},
|
||||||
|
"Patchable": "false",
|
||||||
|
"AdvisoryID": "7700",
|
||||||
|
"Severity": "Medium",
|
||||||
|
"Description": "CVE-2022-21309 affecting package mysql 8.0.24. No patch is available currently."
|
||||||
|
},
|
||||||
|
"Criteria": {
|
||||||
|
"Operator": "AND",
|
||||||
|
"Criterion": {
|
||||||
|
"Comment": "Package mysql is installed with version 8.0.24 or earlier",
|
||||||
|
"TestRef": "oval:com.microsoft.cbl-mariner:tst:1643374850000854"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
19
mariner/testdata/golden/mariner/2.0/objects/objects.json
vendored
Normal file
19
mariner/testdata/golden/mariner/2.0/objects/objects.json
vendored
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
{
|
||||||
|
"RpminfoObjects": [
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374850000123",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Name": "unzip"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374850000429",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Name": "wireshark"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:obj:1643374850000669",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Name": "mysql"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
31
mariner/testdata/golden/mariner/2.0/states/states.json
vendored
Normal file
31
mariner/testdata/golden/mariner/2.0/states/states.json
vendored
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
{
|
||||||
|
"RpminfoState": [
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374850000031",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:3.4.4-2.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than or equal"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374850000124",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:6.0-19.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than or equal"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:ste:1643374850000670",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Evr": {
|
||||||
|
"Text": "0:8.0.24-1.cm1",
|
||||||
|
"Datatype": "evr_string",
|
||||||
|
"Operation": "less than or equal"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
40
mariner/testdata/golden/mariner/2.0/tests/tests.json
vendored
Normal file
40
mariner/testdata/golden/mariner/2.0/tests/tests.json
vendored
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{
|
||||||
|
"RpminfoTests": [
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package unzip is installed with version 6.0 or earlier",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374850000269",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374850000123"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374850000124"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package wireshark is installed with version 3.4.4 or earlier",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374850000435",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374850000429"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374850000031"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Check": "at least one",
|
||||||
|
"Comment": "Package mysql is installed with version 8.0.24 or earlier",
|
||||||
|
"ID": "oval:com.microsoft.cbl-mariner:tst:1643374850000854",
|
||||||
|
"Version": "1643374850",
|
||||||
|
"Object": {
|
||||||
|
"ObjectRef": "oval:com.microsoft.cbl-mariner:obj:1643374850000669"
|
||||||
|
},
|
||||||
|
"State": {
|
||||||
|
"StateRef": "oval:com.microsoft.cbl-mariner:ste:1643374850000670"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
0
mariner/testdata/happy/README.md
vendored
Normal file
0
mariner/testdata/happy/README.md
vendored
Normal file
0
mariner/testdata/happy/SECURITY.md
vendored
Normal file
0
mariner/testdata/happy/SECURITY.md
vendored
Normal file
98
mariner/testdata/happy/cbl-mariner-1.0-oval.xml
vendored
Normal file
98
mariner/testdata/happy/cbl-mariner-1.0-oval.xml
vendored
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 https://oval.mitre.org/language/version5.11/ovaldefinition/complete/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 https://oval.mitre.org/language/version5.11/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux https://oval.mitre.org/language/version5.11/ovaldefinition/complete/linux-definitions-schema.xsd ">
|
||||||
|
<generator>
|
||||||
|
<oval:product_name>CBL-Mariner OVAL Definition Generator</oval:product_name>
|
||||||
|
<oval:product_version>8</oval:product_version>
|
||||||
|
<oval:schema_version>5.11</oval:schema_version>
|
||||||
|
<oval:timestamp>2022-01-28T13:00:49.330011518Z</oval:timestamp>
|
||||||
|
<oval:content_version>1643374849</oval:content_version>
|
||||||
|
</generator>
|
||||||
|
<definitions>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:3173" version="1643374849">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2008-3914 affecting package clamav 0.101.2</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2008-3914" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2008-3914" source="CVE"/>
|
||||||
|
<patchable>true</patchable>
|
||||||
|
<advisory_date>2021-05-06T23:56:51Z</advisory_date>
|
||||||
|
<advisory_id>3173</advisory_id>
|
||||||
|
<severity>Critical</severity>
|
||||||
|
<description>CVE-2008-3914 affecting package clamav 0.101.2. An upgraded version of the package is available that resolves this issue.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package clamav is earlier than 0.103.2-1, affected by CVE-2008-3914" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374849000003"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:4820" version="1643374849">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2021-35942 affecting package glibc 2.28</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2021-35942" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2021-35942" source="CVE"/>
|
||||||
|
<patchable>true</patchable>
|
||||||
|
<advisory_date>2021-08-11T06:39:32Z</advisory_date>
|
||||||
|
<advisory_id>4820</advisory_id>
|
||||||
|
<severity>Critical</severity>
|
||||||
|
<description>CVE-2021-35942 affecting package glibc 2.28. A patched version of the package is available.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package glibc is earlier than 2.28-19, affected by CVE-2021-35942" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374849000145"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:4209" version="1643374849">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2018-25012 affecting package libwebp 1.0.0</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2018-25012" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2018-25012" source="CVE"/>
|
||||||
|
<patchable>true</patchable>
|
||||||
|
<advisory_date>2021-06-09T03:50:29Z</advisory_date>
|
||||||
|
<advisory_id>4209</advisory_id>
|
||||||
|
<severity>Critical</severity>
|
||||||
|
<description>CVE-2018-25012 affecting package libwebp 1.0.0. An upgraded version of the package is available that resolves this issue.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package libwebp is earlier than 1.0.3-1, affected by CVE-2018-25012" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374849000151"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
</definitions>
|
||||||
|
<tests>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package clamav is earlier than 0.103.2-1, affected by CVE-2008-3914" id="oval:com.microsoft.cbl-mariner:tst:1643374849000003" version="1643374849">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374849000004"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374849000005"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package glibc is earlier than 2.28-19, affected by CVE-2021-35942" id="oval:com.microsoft.cbl-mariner:tst:1643374849000145" version="1643374849">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374849000051"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374849000146"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package libwebp is earlier than 1.0.3-1, affected by CVE-2018-25012" id="oval:com.microsoft.cbl-mariner:tst:1643374849000151" version="1643374849">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374849000067"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374849000068"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
</tests>
|
||||||
|
<objects>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374849000004" version="1643374849">
|
||||||
|
<linux-def:name>clamav</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374849000051" version="1643374849">
|
||||||
|
<linux-def:name>glibc</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374849000067" version="1643374849">
|
||||||
|
<linux-def:name>libwebp</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
</objects>
|
||||||
|
<states>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374849000005" version="1643374849">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than">0:0.103.2-1.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374849000068" version="1643374849">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than">0:1.0.3-1.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374849000146" version="1643374849">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than">0:2.28-19.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
</states>
|
||||||
|
</oval_definitions>
|
95
mariner/testdata/happy/cbl-mariner-2.0-preview-oval.xml
vendored
Normal file
95
mariner/testdata/happy/cbl-mariner-2.0-preview-oval.xml
vendored
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 https://oval.mitre.org/language/version5.11/ovaldefinition/complete/oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 https://oval.mitre.org/language/version5.11/ovaldefinition/complete/oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux https://oval.mitre.org/language/version5.11/ovaldefinition/complete/linux-definitions-schema.xsd ">
|
||||||
|
<generator>
|
||||||
|
<oval:product_name>CBL-Mariner OVAL Definition Generator</oval:product_name>
|
||||||
|
<oval:product_version>8</oval:product_version>
|
||||||
|
<oval:schema_version>5.11</oval:schema_version>
|
||||||
|
<oval:timestamp>2022-01-28T13:00:50.306260678Z</oval:timestamp>
|
||||||
|
<oval:content_version>1643374850</oval:content_version>
|
||||||
|
</generator>
|
||||||
|
<definitions>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:6933" version="1643374850">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2014-8139 affecting package unzip 6.0</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2014-8139" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2014-8139" source="CVE"/>
|
||||||
|
<patchable>false</patchable>
|
||||||
|
<advisory_id>6933</advisory_id>
|
||||||
|
<severity>High</severity>
|
||||||
|
<description>CVE-2014-8139 affecting package unzip 6.0. No patch is available currently.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package unzip is installed with version 6.0 or earlier" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374850000269"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:7412" version="1643374850">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2021-39924 affecting package wireshark 3.4.4</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2021-39924" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2021-39924" source="CVE"/>
|
||||||
|
<patchable>false</patchable>
|
||||||
|
<advisory_id>7412</advisory_id>
|
||||||
|
<severity>High</severity>
|
||||||
|
<description>CVE-2021-39924 affecting package wireshark 3.4.4. No patch is available currently.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package wireshark is installed with version 3.4.4 or earlier" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374850000435"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
<definition class="vulnerability" id="oval:com.microsoft.cbl-mariner:def:7700" version="1643374850">
|
||||||
|
<metadata>
|
||||||
|
<title>CVE-2022-21309 affecting package mysql 8.0.24</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>CBL-Mariner</platform>
|
||||||
|
</affected>
|
||||||
|
<reference ref_id="CVE-2022-21309" ref_url="https://nvd.nist.gov/vuln/detail/CVE-2022-21309" source="CVE"/>
|
||||||
|
<patchable>false</patchable>
|
||||||
|
<advisory_id>7700</advisory_id>
|
||||||
|
<severity>Medium</severity>
|
||||||
|
<description>CVE-2022-21309 affecting package mysql 8.0.24. No patch is available currently.</description>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion comment="Package mysql is installed with version 8.0.24 or earlier" test_ref="oval:com.microsoft.cbl-mariner:tst:1643374850000854"/>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
</definitions>
|
||||||
|
<tests>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package unzip is installed with version 6.0 or earlier" id="oval:com.microsoft.cbl-mariner:tst:1643374850000269" version="1643374850">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374850000123"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374850000124"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package wireshark is installed with version 3.4.4 or earlier" id="oval:com.microsoft.cbl-mariner:tst:1643374850000435" version="1643374850">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374850000429"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374850000031"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
<linux-def:rpminfo_test check="at least one" comment="Package mysql is installed with version 8.0.24 or earlier" id="oval:com.microsoft.cbl-mariner:tst:1643374850000854" version="1643374850">
|
||||||
|
<linux-def:object object_ref="oval:com.microsoft.cbl-mariner:obj:1643374850000669"/>
|
||||||
|
<linux-def:state state_ref="oval:com.microsoft.cbl-mariner:ste:1643374850000670"/>
|
||||||
|
</linux-def:rpminfo_test>
|
||||||
|
</tests>
|
||||||
|
<objects>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374850000123" version="1643374850">
|
||||||
|
<linux-def:name>unzip</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374850000429" version="1643374850">
|
||||||
|
<linux-def:name>wireshark</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
<linux-def:rpminfo_object id="oval:com.microsoft.cbl-mariner:obj:1643374850000669" version="1643374850">
|
||||||
|
<linux-def:name>mysql</linux-def:name>
|
||||||
|
</linux-def:rpminfo_object>
|
||||||
|
</objects>
|
||||||
|
<states>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374850000031" version="1643374850">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than or equal">0:3.4.4-2.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374850000124" version="1643374850">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than or equal">0:6.0-19.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
<linux-def:rpminfo_state id="oval:com.microsoft.cbl-mariner:ste:1643374850000670" version="1643374850">
|
||||||
|
<linux-def:evr datatype="evr_string" operation="less than or equal">0:8.0.24-1.cm1</linux-def:evr>
|
||||||
|
</linux-def:rpminfo_state>
|
||||||
|
</states>
|
||||||
|
</oval_definitions>
|
1
mariner/testdata/sad/cbl-mariner-1.0-oval.xml
vendored
Normal file
1
mariner/testdata/sad/cbl-mariner-1.0-oval.xml
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
<oval_definitions xmlns
|
114
mariner/types.go
Normal file
114
mariner/types.go
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
package mariner
|
||||||
|
|
||||||
|
import "encoding/xml"
|
||||||
|
|
||||||
|
type OvalDefinitions struct {
|
||||||
|
XMLName xml.Name `xml:"oval_definitions" json:",omitempty"`
|
||||||
|
Xmlns string `xml:"xmlns,attr" json:",omitempty"`
|
||||||
|
Oval string `xml:"oval,attr" json:",omitempty"`
|
||||||
|
LinuxDef string `xml:"linux-def,attr" json:",omitempty"`
|
||||||
|
Xsi string `xml:"xsi,attr" json:",omitempty"`
|
||||||
|
SchemaLocation string `xml:"schemaLocation,attr" json:",omitempty"`
|
||||||
|
Generator Generator `xml:"generator" json:",omitempty"`
|
||||||
|
Definitions Definitions `xml:"definitions" json:",omitempty"`
|
||||||
|
Tests Tests `xml:"tests" json:",omitempty"`
|
||||||
|
Objects Objects `xml:"objects" json:",omitempty"`
|
||||||
|
States States `xml:"states" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Generator struct {
|
||||||
|
ProductName string `xml:"product_name" json:",omitempty"`
|
||||||
|
ProductVersion string `xml:"product_version" json:",omitempty"`
|
||||||
|
SchemaVersion string `xml:"schema_version" json:",omitempty"`
|
||||||
|
Timestamp string `xml:"timestamp" json:",omitempty"`
|
||||||
|
ContentVersion string `xml:"content_version" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Metadata struct {
|
||||||
|
Title string `xml:"title" json:",omitempty"`
|
||||||
|
Affected Affected `xml:"affected" json:",omitempty"`
|
||||||
|
Reference Reference `xml:"reference" json:",omitempty"`
|
||||||
|
Patchable string `xml:"patchable" json:",omitempty"`
|
||||||
|
AdvisoryDate string `xml:"advisory_date" json:",omitempty"`
|
||||||
|
AdvisoryID string `xml:"advisory_id" json:",omitempty"`
|
||||||
|
Severity string `xml:"severity" json:",omitempty"`
|
||||||
|
Description string `xml:"description" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Reference struct {
|
||||||
|
RefID string `xml:"ref_id,attr" json:",omitempty"`
|
||||||
|
RefURL string `xml:"ref_url,attr" json:",omitempty"`
|
||||||
|
Source string `xml:"source,attr" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Affected struct {
|
||||||
|
Family string `xml:"family,attr" json:",omitempty"`
|
||||||
|
Platform string `xml:"platform" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Definition struct {
|
||||||
|
Class string `xml:"class,attr" json:",omitempty"`
|
||||||
|
ID string `xml:"id,attr" json:",omitempty"`
|
||||||
|
Version string `xml:"version,attr" json:",omitempty"`
|
||||||
|
Metadata Metadata `xml:"metadata" json:",omitempty"`
|
||||||
|
Criteria Criteria `xml:"criteria" json:",omitempty"`
|
||||||
|
}
|
||||||
|
type Criteria struct {
|
||||||
|
Operator string `xml:"operator,attr" json:",omitempty"`
|
||||||
|
Criterion Criterion `xml:"criterion" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Criterion struct {
|
||||||
|
Comment string `xml:"comment,attr" json:",omitempty"`
|
||||||
|
TestRef string `xml:"test_ref,attr" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Definitions struct {
|
||||||
|
Definition []Definition `xml:"definition" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Tests struct {
|
||||||
|
RpminfoTests []RpminfoTest `xml:"rpminfo_test" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type RpminfoTest struct {
|
||||||
|
Check string `xml:"check,attr" json:",omitempty"`
|
||||||
|
Comment string `xml:"comment,attr" json:",omitempty"`
|
||||||
|
ID string `xml:"id,attr" json:",omitempty"`
|
||||||
|
Version string `xml:"version,attr" json:",omitempty"`
|
||||||
|
Object Object `xml:"object" json:",omitempty"`
|
||||||
|
State State `xml:"state" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type State struct {
|
||||||
|
StateRef string `xml:"state_ref,attr" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Object struct {
|
||||||
|
ObjectRef string `xml:"object_ref,attr" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Objects struct {
|
||||||
|
RpminfoObjects []RpminfoObject `xml:"rpminfo_object" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type RpminfoObject struct {
|
||||||
|
ID string `xml:"id,attr" json:",omitempty"`
|
||||||
|
Version string `xml:"version,attr" json:",omitempty"`
|
||||||
|
Name string `xml:"name" json:",omitempty"`
|
||||||
|
}
|
||||||
|
type States struct {
|
||||||
|
RpminfoState []RpminfoState `xml:"rpminfo_state" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type RpminfoState struct {
|
||||||
|
ID string `xml:"id,attr" json:",omitempty"`
|
||||||
|
Version string `xml:"version,attr" json:",omitempty"`
|
||||||
|
Evr Evr `xml:"evr" json:",omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type Evr struct {
|
||||||
|
Text string `xml:",chardata" json:",omitempty"`
|
||||||
|
Datatype string `xml:"datatype,attr" json:",omitempty"`
|
||||||
|
Operation string `xml:"operation,attr" json:",omitempty"`
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user