pepelyaevip/vuln-list-update
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

Support Red Hat OVAL v2 (#65)

Browse Source 
* [WIP] ovalv2

* Add redhat ovalv2

* delete debug struct

* referctoring json file

* refactor error message

* refactor test comment

* change command target

* update workflows

* fix xml

* add omitempty

* update test data

* add remove dicectory option

* fix error message

* change redhat2 oval workflow

* delete  -remove-redhat-ovalv2 flag

* update test code

* feat(main): add VULN_LIST_ENV for debugging

* feat(oval/redhat2): add RHEL5 from OVALv1

* test(redhat2): add RHEL5

* update bagzilla

* update test

* Revert "test(redhat2): add RHEL5"

This reverts commit 226645438212fcaf0b5ed3428c40aa3b06e37e22.

* Revert "feat(oval/redhat2): add RHEL5 from OVALv1"

This reverts commit c8bad1c051020eb0fa67f6e355208f549a136106.

* fix(main): early return

* refactor(main): fix log messages

* refactor(redhat2)

* fix(redhat2): use ID

* refactor

* refactor(redhat): replace redhat with redhat2

Co-authored-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Masahiro331 2020-12-31 22:38:53 +09:00 committed by GitHub
parent 38a3516f0a
commit 9cdf1c8d60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
45 changed files with 4571 additions and 3508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/update.yml vendored
View File

@ -51,7 +51,7 @@ jobs:
- name: Oracle Linux OVAL
run: ./vuln-list-update -target oracle-oval
- name: Red Hat OVA
- name: Red Hat OVALv2
run: ./vuln-list-update -target redhat-oval
- name: Photon CVE Advisory

16
main.go
View File

@ -39,7 +39,7 @@ const (
)
var (
target = flag.String("target", "", "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, ghsa)")
target = flag.String("target", "", "update target (nvd, alpine, redhat, redhat-oval, debian, debian-oval, ubuntu, amazon, oracle-oval, suse-cvrf, photon, ghsa, cwe)")
years = flag.String("years", "", "update years (only redhat)")
)
@ -94,9 +94,9 @@ func run() error {
case "redhat-oval":
rc := redhatoval.NewConfig()
if err := rc.Update(); err != nil {
return xerrors.Errorf("error in Red Hat OVAL update: %w", err)
return xerrors.Errorf("error in Red Hat OVAL v2 update: %w", err)
}
commitMsg = "Red Hat OVAL"
commitMsg = "Red Hat OVAL v2"
case "debian":
dc := debian.NewClient()
if err := dc.Update(); err != nil {
@ -171,6 +171,10 @@ func run() error {
return xerrors.New("unknown target")
}
if os.Getenv("VULN_LIST_DEBUG") != "" {
return nil
}
if err := utils.SetLastUpdatedDate(*target, now); err != nil {
return err
}
@ -178,7 +182,7 @@ func run() error {
log.Println("git status")
files, err := gc.Status(utils.VulnListDir())
if err != nil {
return xerrors.Errorf("failed to git status: %w", err)
return xerrors.Errorf("git status error: %w", err)
}
// only last_updated.json
@ -189,12 +193,12 @@ func run() error {
log.Println("git commit")
if err = gc.Commit(utils.VulnListDir(), "./", commitMsg); err != nil {
return xerrors.Errorf("failed to git commit: %w", err)
return xerrors.Errorf("git commit error: %w", err)
}
log.Println("git push")
if err = gc.Push(utils.VulnListDir(), "main"); err != nil {
return xerrors.Errorf("failed to git push: %w", err)
return xerrors.Errorf("git push error: %w", err)
}
return nil

188
oval/redhat/redhat.go
View File

@ -1,6 +1,7 @@
package redhat
import (
"bufio"
"bytes"
"compress/bzip2"
"encoding/xml"
@ -8,29 +9,33 @@ import (
"fmt"
"log"
"os"
"path"
"path/filepath"
"strings"
"github.com/cheggaaa/pb"
"github.com/spf13/afero"
"golang.org/x/xerrors"
"gopkg.in/cheggaaa/pb.v1"
"github.com/aquasecurity/vuln-list-update/utils"
)
const (
ovalDir = "oval"
redhatDir = "redhat"
urlFormat = "https://www.redhat.com/security/data/oval/v2/RHEL%s/rhel-%s.oval.xml.bz2"
retry = 5
)
ovalDir = "oval"
redhatDir = "redhat"
urlFormat = "https://www.redhat.com/security/data/oval/v2/%s"
retry = 5
pulpManifest = "PULP_MANIFEST"
var (
releases = []string{"6", "7", "8"}
testsDir = "tests"
objectsDir = "objects"
statesDir = "states"
definitionsDir = "definitions"
)
var (
ErrInvalidRHSAFormat = errors.New("invalid RHSA-ID format")
ErrInvalidCVEFormat = errors.New("invalid CVE-ID format")
)
type Config struct {
@ -50,69 +55,162 @@ func NewConfig() Config {
}
func (c Config) Update() error {
log.Println("Fetching Red Hat OVAL data...")
for _, release := range releases {
if err := c.update(release); err != nil {
return err
dirPath := filepath.Join(c.VulnListDir, ovalDir, redhatDir)
log.Printf("Remove Red Hat OVAL v2 directory %s", dirPath)
if err := os.RemoveAll(dirPath); err != nil {
return xerrors.Errorf("failed to remove Red Hat OVAL v2 directory: %w", err)
}
log.Println("Fetching Red Hat OVAL v2 data...")
filePaths, err := c.fetchOvalFilePaths()
if err != nil {
return xerrors.Errorf("failed to get oval file paths: %w", err)
}
for _, ovalFilePath := range filePaths {
log.Printf("Fetching %s", ovalFilePath)
if err := c.update(ovalFilePath); err != nil {
return xerrors.Errorf("failed to update Red Hat OVAL v2 json: %w", err)
}
}
return nil
}
func (c Config) update(release string) error {
url := fmt.Sprintf(c.URLFormat, release, release)
func (c Config) update(ovalFile string) error {
// e.g. RHEL8/storage-gluster-3-including-unpatched.oval.xml.bz2
if !strings.HasPrefix(ovalFile, "RHEL") {
log.Printf("Skip %s", ovalFile)
return nil
}
// e.g. RHEL8/storage-gluster-3-including-unpatched.oval.xml.bz2
// => RHEL8/, storage-gluster-3-including-unpatched.oval.xml.bz2
dir, file := path.Split(ovalFile)
release := strings.TrimPrefix(path.Clean(dir), "RHEL")
url := fmt.Sprintf(c.URLFormat, ovalFile)
res, err := utils.FetchURL(url, "", c.Retry)
if err != nil {
return xerrors.Errorf("failed to fetch Red Hat OVAL: %w", err)
return xerrors.Errorf("failed to fetch Red Hat OVAL v2: %w", err)
}
bzr := bzip2.NewReader(bytes.NewBuffer(res))
log.Printf("Updating Red Hat %s OVAL data...\n", release)
ovalroot := Root{}
if err = xml.NewDecoder(bzr).Decode(&ovalroot); err != nil {
return xerrors.Errorf("failed to unmarshal Red Hat OVAL XML: %w", err)
var ovalroot OvalDefinitions
if err := xml.NewDecoder(bzr).Decode(&ovalroot); err != nil {
return xerrors.Errorf("failed to unmarshal Red Hat OVAL v2 XML: %w", err)
}
dir := filepath.Join(ovalDir, redhatDir, release)
bar := pb.StartNew(len(ovalroot.Definitions.Definitions))
for _, def := range ovalroot.Definitions.Definitions {
titles := strings.Fields(def.Title)
title := strings.Trim(titles[0], ":")
if err = c.saveRHSAPerYear(dir, title, def); err != nil {
switch err {
case ErrInvalidRHSAFormat:
continue
default:
return xerrors.Errorf("unable to save RHEL advisory: %w", err)
// e.g. storage-gluster-3-including-unpatched
platform := strings.TrimSuffix(file, ".oval.xml.bz2")
dirPath := filepath.Join(c.VulnListDir, ovalDir, redhatDir, release, platform)
// write tests/tests.json file
if err := c.writeJSON(filepath.Join(dirPath, testsDir), "tests.json", ovalroot.Tests); err != nil {
return xerrors.Errorf("failed to write tests: %w", err)
}
// write objects/objects.json file
if err := c.writeJSON(filepath.Join(dirPath, objectsDir), "objects.json", ovalroot.Objects); err != nil {
return xerrors.Errorf("failed to write objects: %w", err)
}
// write states/states.json file
if err := c.writeJSON(filepath.Join(dirPath, statesDir), "states.json", ovalroot.States); err != nil {
return xerrors.Errorf("failed to write states: %w", err)
}
// write definitions
bar := pb.StartNew(len(ovalroot.Definitions.Definition))
for _, def := range ovalroot.Definitions.Definition {
if len(def.Metadata.References) == 0 {
continue
}
// RHSA-ID or CVE-ID
vulnID := def.Metadata.References[0].RefID
for _, ref := range def.Metadata.References {
if strings.HasPrefix(ref.RefID, "RHSA-") {
vulnID = ref.RefID
}
}
if err := c.saveAdvisoryPerYear(filepath.Join(dirPath, definitionsDir), vulnID, def); err != nil {
return xerrors.Errorf("failed to save advisory per year: %w", err)
}
bar.Increment()
}
bar.Finish()
return nil
}
func (c Config) saveRHSAPerYear(dirName string, rhsaID string, data interface{}) error {
// e.g. RHSA-2018:0094
s := strings.Split(rhsaID, ":")
if len(s) != 2 {
log.Printf("invalid RHSA-ID format: %s\n", rhsaID)
return ErrInvalidRHSAFormat
}
s = strings.Split(s[0], "-")
if len(s) != 2 {
log.Printf("invalid RHSA-ID format: %s\n", rhsaID)
return ErrInvalidRHSAFormat
func (c Config) fetchOvalFilePaths() ([]string, error) {
res, err := utils.FetchURL(fmt.Sprintf(c.URLFormat, pulpManifest), "", c.Retry)
if err != nil {
return nil, xerrors.Errorf("failed to fetch PULP_MANIFEST: %w", err)
}
yearDir := filepath.Join(c.VulnListDir, dirName, s[1])
if err := c.AppFs.MkdirAll(yearDir, os.ModePerm); err != nil {
var ovalFilePaths []string
scanner := bufio.NewScanner(bytes.NewReader(res))
for scanner.Scan() {
ss := strings.Split(scanner.Text(), ",")
if len(ss) < 3 {
return nil, xerrors.Errorf("failed to parse PULP_MANIFEST: %w", err)
}
if !strings.Contains(ss[0], "including-unpatched") {
continue
}
ovalFilePaths = append(ovalFilePaths, ss[0])
}
return ovalFilePaths, nil
}
func (c Config) saveAdvisoryPerYear(dirName string, id string, def Definition) error {
var year string
if strings.HasPrefix(id, "CVE") {
s := strings.Split(id, "-")
if len(s) != 3 {
log.Printf("invalid CVE-ID format: %s\n", id)
return ErrInvalidCVEFormat
}
year = s[1]
} else {
// e.g. RHSA-2018:0094
s := strings.Split(id, ":")
if len(s) != 2 {
log.Printf("invalid RHSA-ID format: %s\n", id)
return ErrInvalidRHSAFormat
}
s = strings.Split(s[0], "-")
if len(s) != 2 {
log.Printf("invalid RHSA-ID format: %s\n", id)
return ErrInvalidRHSAFormat
}
year = s[1]
}
fileFmt := "%s.json"
if strings.HasPrefix(def.ID, "oval:com.redhat.unaffected:def") {
fileFmt = "%s.unaffected.json"
}
yearDir := filepath.Join(dirName, year)
if err := c.writeJSON(yearDir, fmt.Sprintf(fileFmt, id), def); err != nil {
return xerrors.Errorf("unable to write a JSON file: %w", err)
}
return nil
}
func (c Config) writeJSON(dirName, fileName string, data interface{}) error {
if err := c.AppFs.MkdirAll(dirName, os.ModePerm); err != nil {
return xerrors.Errorf("failed to create a year dir: %w", err)
}
filePath := filepath.Join(yearDir, fmt.Sprintf("%s.json", rhsaID))
fs := utils.NewFs(c.AppFs)
filePath := filepath.Join(dirName, fileName)
if err := fs.WriteJSON(filePath, data); err != nil {
return xerrors.Errorf("failed to write file: %w", err)
}

103
oval/redhat/redhat_test.go
View File

@ -3,7 +3,8 @@ package redhat
import (
"errors"
"flag"
"fmt"
"strings"
"io/ioutil"
"net/http"
"net/http/httptest"
@ -11,6 +12,7 @@ import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/spf13/afero"
)
@ -25,83 +27,92 @@ func TestConfig_Update(t *testing.T) {
expectedErrorMsg string
}{
{
name: "happy path",
name: "happy path ",
bzip2FileNames: map[string]string{
"/RHEL6/rhel-6.oval.xml.bz2": "testdata/rhel-6.oval.xml.bz2",
"/RHEL7/rhel-7.oval.xml.bz2": "testdata/rhel-7.oval.xml.bz2",
"/RHEL8/rhel-8.oval.xml.bz2": "testdata/rhel-8.oval.xml.bz2",
"/PULP_MANIFEST": "testdata/PULP_MANIFEST",
"/RHEL6/rhel-6-extras-including-unpatched.oval.xml.bz2": "testdata/rhel-6-extras-including-unpatched.oval.xml.bz2",
"/RHEL7/dotnet-3.1-including-unpatched.oval.xml.bz2": "testdata/dotnet-3.1-including-unpatched.oval.xml.bz2",
"/RHEL8/ansible-2-including-unpatched.oval.xml.bz2": "testdata/ansible-2-including-unpatched.oval.xml.bz2",
},
goldenFiles: map[string]string{
"/tmp/oval/redhat/6/2011/RHBA-2011:1656.json": "testdata/golden/RHBA-2011:1656.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2014/CVE-2014-3209.json": "testdata/golden/rhel-6-extras-including-unpatched/CVE-2014-3209.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2016/CVE-2016-5361.json": "testdata/golden/rhel-6-extras-including-unpatched/CVE-2016-5361.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2018/CVE-2018-5389.json": "testdata/golden/rhel-6-extras-including-unpatched/CVE-2018-5389.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2020/CVE-2020-28935.json": "testdata/golden/rhel-6-extras-including-unpatched/CVE-2020-28935.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2014/RHBA-2014:1396.json": "testdata/golden/rhel-6-extras-including-unpatched/RHBA-2014-1396.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/definitions/2016/CVE-2016-5391.unaffected.json": "testdata/golden/rhel-6-extras-including-unpatched/CVE-2016-5391.unaffected.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/objects/objects.json": "testdata/golden/rhel-6-extras-including-unpatched/objects.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/states/states.json": "testdata/golden/rhel-6-extras-including-unpatched/states.json",
"/tmp/oval/redhat/6/rhel-6-extras-including-unpatched/tests/tests.json": "testdata/golden/rhel-6-extras-including-unpatched/tests.json",
"/tmp/oval/redhat/7/2015/RHBA-2015:0364.json": "testdata/golden/RHBA-2015:0364.json",
"/tmp/oval/redhat/7/2015/RHBA-2015:0386.json": "testdata/golden/RHBA-2015:0386.json",
"/tmp/oval/redhat/7/2015/RHBA-2015:0441.json": "testdata/golden/RHBA-2015:0441.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/definitions/2020/RHSA-2020:0134.json": "testdata/golden/dotnet-3.1-including-unpatched/RHSA-2020-0134.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/definitions/2020/RHSA-2020:2249.json": "testdata/golden/dotnet-3.1-including-unpatched/RHSA-2020-2249.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/definitions/2020/CVE-2020-0605.unaffected.json": "testdata/golden/dotnet-3.1-including-unpatched/CVE-2020-0605.unaffected.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/definitions/2020/CVE-2020-0606.unaffected.json": "testdata/golden/dotnet-3.1-including-unpatched/CVE-2020-0606.unaffected.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/objects/objects.json": "testdata/golden/dotnet-3.1-including-unpatched/objects.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/states/states.json": "testdata/golden/dotnet-3.1-including-unpatched/states.json",
"/tmp/oval/redhat/7/dotnet-3.1-including-unpatched/tests/tests.json": "testdata/golden/dotnet-3.1-including-unpatched/tests.json",
"/tmp/oval/redhat/8/2019/RHSA-2019:0966.json": "testdata/golden/RHSA-2019:0966.json",
"/tmp/oval/redhat/8/2019/RHSA-2019:0968.json": "testdata/golden/RHSA-2019:0968.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/definitions/2020/CVE-2020-10744.json": "testdata/golden/ansible-2-including-unpatched/CVE-2020-10744.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/definitions/2020/CVE-2020-1734.json": "testdata/golden/ansible-2-including-unpatched/CVE-2020-1734.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/definitions/2020/CVE-2020-1738.json": "testdata/golden/ansible-2-including-unpatched/CVE-2020-1738.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/definitions/2019/RHSA-2019:3927.json": "testdata/golden/ansible-2-including-unpatched/RHSA-2019-3927.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/definitions/2020/RHSA-2020:0215.json": "testdata/golden/ansible-2-including-unpatched/RHSA-2020-0215.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/objects/objects.json": "testdata/golden/ansible-2-including-unpatched/objects.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/states/states.json": "testdata/golden/ansible-2-including-unpatched/states.json",
"/tmp/oval/redhat/8/ansible-2-including-unpatched/tests/tests.json": "testdata/golden/ansible-2-including-unpatched/tests.json",
},
},
{
name: "404",
bzip2FileNames: map[string]string{},
name: "404",
bzip2FileNames: map[string]string{
"/PULP_MANIFEST": "testdata/PULP_MANIFEST",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to fetch Red Hat OVAL: failed to fetch URL: HTTP error. status code: 404, url:",
expectedErrorMsg: "failed to fetch Red Hat OVAL v2: failed to fetch URL: HTTP error. status code: 404, url:",
},
{
name: "invalid file format",
bzip2FileNames: map[string]string{
"/RHEL6/rhel-6.oval.xml.bz2": "testdata/test.txt",
"/PULP_MANIFEST": "testdata/PULP_MANIFEST",
"/RHEL6/rhel-6-extras-including-unpatched.oval.xml.bz2": "testdata/test.txt",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to unmarshal Red Hat OVAL XML: bzip2 data invalid: bad magic value",
expectedErrorMsg: "failed to unmarshal Red Hat OVAL v2 XML: bzip2 data invalid: bad magic value",
},
{
name: "broken XML",
bzip2FileNames: map[string]string{
"/RHEL6/rhel-6.oval.xml.bz2": "testdata/rhel-6-broken.oval.xml.bz2",
"/PULP_MANIFEST": "testdata/PULP_MANIFEST",
"/RHEL6/rhel-6-extras-including-unpatched.oval.xml.bz2": "testdata/rhel-6-extras-including-unpatched-broken-XML.oval.xml.bz2",
},
goldenFiles: map[string]string{},
expectedErrorMsg: "failed to unmarshal Red Hat OVAL XML: XML syntax error on line 42: unexpected EOF",
},
{
name: "invalid RHSA-ID is ignored",
bzip2FileNames: map[string]string{
"/RHEL6/rhel-6.oval.xml.bz2": "testdata/rhel-6-invalid-id.oval.xml.bz2",
"/RHEL7/rhel-7.oval.xml.bz2": "testdata/rhel-7.oval.xml.bz2",
"/RHEL8/rhel-8.oval.xml.bz2": "testdata/rhel-8.oval.xml.bz2",
},
goldenFiles: map[string]string{
"/tmp/oval/redhat/7/2015/RHBA-2015:0364.json": "testdata/golden/RHBA-2015:0364.json",
"/tmp/oval/redhat/7/2015/RHBA-2015:0386.json": "testdata/golden/RHBA-2015:0386.json",
"/tmp/oval/redhat/7/2015/RHBA-2015:0441.json": "testdata/golden/RHBA-2015:0441.json",
"/tmp/oval/redhat/8/2019/RHSA-2019:0966.json": "testdata/golden/RHSA-2019:0966.json",
"/tmp/oval/redhat/8/2019/RHSA-2019:0968.json": "testdata/golden/RHSA-2019:0968.json",
},
expectedErrorMsg: "failed to unmarshal Red Hat OVAL v2 XML: XML syntax error on line 411: element",
},
}
for _, tc := range testCases {
dataPath := "/security/data/oval/v2"
t.Run(tc.name, func(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
filePath, ok := tc.bzip2FileNames[r.URL.Path]
p := strings.TrimPrefix(r.URL.Path, dataPath)
filePath, ok := tc.bzip2FileNames[p]
if !ok {
http.NotFound(w, r)
return
}
b, err := ioutil.ReadFile(filePath)
assert.NoError(t, err, tc.name)
require.NoError(t, err, tc.name)
_, err = w.Write(b)
assert.NoError(t, err, tc.name)
}))
defer ts.Close()
u := ts.URL + "/RHEL%s/rhel-%s.oval.xml.bz2"
fmt.Println(u)
appFs := afero.NewMemMapFs()
c := Config{
VulnListDir: "/tmp",
URLFormat: u,
URLFormat: ts.URL + dataPath + "/%s",
AppFs: appFs,
Retry: 0,
}
@ -121,7 +132,7 @@ func TestConfig_Update(t *testing.T) {
if info.IsDir() {
return nil
}
fileCount += 1
fileCount++
actual, err := afero.ReadFile(appFs, path)
assert.NoError(t, err, tc.name)
@ -130,12 +141,12 @@ func TestConfig_Update(t *testing.T) {
assert.True(t, ok, tc.name)
if *update {
err = ioutil.WriteFile(goldenPath, actual, 0666)
assert.NoError(t, err, tc.name)
require.NoError(t, err, tc.name)
}
expected, err := ioutil.ReadFile(goldenPath)
assert.NoError(t, err, tc.name)
assert.Equal(t, expected, actual, tc.name)
assert.Equal(t, string(expected), string(actual), path)
return nil
})
@ -149,18 +160,18 @@ func TestConfig_saveRHSAPerYear(t *testing.T) {
testCases := []struct {
name string
rhsaID string
inputData string
inputData Definition
expectedError error
}{
{
name: "happy path",
rhsaID: "RHSA-2018:0094",
inputData: `{}`,
inputData: Definition{},
},
{
name: "sad path: invalid RHSA-ID format",
rhsaID: "foobarbaz",
inputData: `{}`,
inputData: Definition{},
expectedError: errors.New("invalid RHSA-ID format"),
},
}
@ -175,7 +186,7 @@ func TestConfig_saveRHSAPerYear(t *testing.T) {
_ = os.RemoveAll(d)
}()
err := c.saveRHSAPerYear(d, tc.rhsaID, tc.inputData)
err := c.saveAdvisoryPerYear(d, tc.rhsaID, tc.inputData)
switch {
case tc.expectedError != nil:
assert.Equal(t, tc.expectedError.Error(), err.Error(), tc.name)

3
oval/redhat/testdata/PULP_MANIFEST vendored Normal file
View File

@ -0,0 +1,3 @@
RHEL6/rhel-6-extras-including-unpatched.oval.xml.bz2,6a4e05e6c5ef90d23c4e1752ac5bf247e075d17b76c0f60f6aa02e68daa5a6a4,6347
RHEL7/dotnet-3.1-including-unpatched.oval.xml.bz2,3afa7c45c0ccd21444a61f236c40a417386e09ce278cf85b049bc79d02d3c493,5817
RHEL8/ansible-2-including-unpatched.oval.xml.bz2,d695814ee6ac7de65106ae26d7da85e6efe68ea5e951fefef5f2327393e3041c,5501

BIN
oval/redhat/testdata/ansible-2-including-unpatched.oval.xml.bz2 vendored Normal file
View File

Binary file not shown.

BIN
oval/redhat/testdata/dotnet-3.1-including-unpatched.oval.xml.bz2 vendored Normal file
View File

Binary file not shown.

168
oval/redhat/testdata/golden/RHBA-2011:1656.json vendored
View File

@ -1,168 +0,0 @@
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "definition"
},
"ID": "oval:com.redhat.rhba:def:20111656",
"Class": "patch",
"Title": "RHBA-2011:1656: mod_nss bug fix update (None)",
"Affecteds": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "affected"
},
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 6"
]
}
],
"References": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "RHBA",
"RefID": "RHBA-2011:1656",
"RefURL": "https://access.redhat.com/errata/RHBA-2011:1656"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2011-4973",
"RefURL": "https://access.redhat.com/security/cve/CVE-2011-4973"
}
],
"Description": "The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.\n\nThis update fixes the following bugs: \n\n* When the NSS library was not initialized and mod_nss tried to clear its SSL cache on start-up, mod_nss terminated unexpectedly when the NSS library was built with debugging enabled. With this update, mod_nss does not try to clear the SSL cache in the described scenario, thus preventing this bug. (BZ#691502)\n\n* Previously, a static array containing the arguments for launching the nss_pcache command was overflowing the size by one. This could lead to a variety of issues including unexpected termination. This bug has been fixed, and mod_nss now uses properly sized static array when launching nss_pcache. (BZ#714154)\n\n* Prior to this update, client certificates were only retrieved during the initial SSL handshake if the NSSVerifyClient option was set to \"require\" or \"optional\". Also, the FakeBasicAuth option only retrieved Common Name rather than the entire certificate subject. Consequently, it was possible to spoof an identity using that option. This bug has been fixed, the FakeBasicAuth option is now prefixed with \"/\" and is thus compatible with OpenSSL, and certificates are now retrieved on all subsequent requests beyond the first one. (BZ#702437)\n\nUsers of mod_nss are advised to upgrade to this updated package, which fixes these bugs.",
"Advisory": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "advisory"
},
"Severity": "None",
"Cves": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2011-4973",
"Cvss2": "4.0/AV:N/AC:H/Au:N/C:P/I:P/A:N",
"Cvss3": "",
"Cwe": "",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2011-4973",
"Public": "20110504"
}
],
"Bugzillas": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "702437",
"URL": "https://bugzilla.redhat.com/702437",
"Title": "may be possible to spoof mod_nss FakeBasicAuth"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "714154",
"URL": "https://bugzilla.redhat.com/714154",
"Title": "overrunning array when executing nss_pcache"
}
],
"AffectedCPEList": [
"cpe:/o:redhat:enterprise_linux:6"
],
"Issued": {
"Date": "2011-12-05"
},
"Updated": {
"Date": "2011-12-06"
}
},
"Criteria": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656003",
"Comment": "Red Hat Enterprise Linux 6 Client is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656004",
"Comment": "Red Hat Enterprise Linux 6 Server is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656005",
"Comment": "Red Hat Enterprise Linux 6 Workstation is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656006",
"Comment": "Red Hat Enterprise Linux 6 ComputeNode is installed"
}
]
}
],
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656001",
"Comment": "mod_nss is earlier than 0:1.0.8-13.el6"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20111656002",
"Comment": "mod_nss is signed with Red Hat redhatrelease2 key"
}
]
}
}

676
oval/redhat/testdata/golden/RHBA-2015:0364.json vendored
View File

@ -1,676 +0,0 @@
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "definition"
},
"ID": "oval:com.redhat.rhba:def:20150364",
"Class": "patch",
"Title": "RHBA-2015:0364: nss, nss-softokn, nss-util, and nspr bug fix and enhancement update (None)",
"Affecteds": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "affected"
},
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 7 (please do not use for \u003e= RHEL-7.5)"
]
}
],
"References": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "RHBA",
"RefID": "RHBA-2015:0364",
"RefURL": "https://access.redhat.com/errata/RHBA-2015:0364"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-1545",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-1545"
}
],
"Description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.\n\nThe nss, nss-softokn, and nss-util packages have been upgraded to upstream versions 3.16.2.3, and the nspr packages have been upgraded to upstream version 4.10.6. The upgraded versions provide a number of bug fixes and enhancements over the previous versions, including:\n\n* Updating to Firefox 31.3 is possible.\n* The softokn database code now checks the \"NSS_SDB_USE_CACHE\" environment variable. As a result, using libcurl and curl for HTTPS requests no longer results in unnecessary access system calls to non-existent paths, directories, and files.\n(BZ#1103250, BZ#1103251, BZ#1103252, BZ#1103925, BZ#1158161, BZ#1117959)\n\nThis update also fixes the following bugs:\n\n* NSS changed the permissions of the /etc/pki/nssdb/pkcs11.txt file to the strict default value of 0600, even if the file had other permissions prior to this change. Consequently, users could not add security modules to their configuration under certain circumstances. NSS now only applies the strict default to new files and preserves existing permissions when replacing an existing pkcs11.txt. Users can make the necessary modifications to the NSS security module database. (BZ#1087926)\n\n* The internal NSS stan_GetCERTCertificate() call did not properly ensure that objects were not removed until the operation was finished. Consequently, stan_GetCERTCertificate() could terminate unexpectedly in the 389 Directory Server (DS) under the replication replay failure condition. The source code has been modified to properly manage object references, and the crashes reported by 389 DS no longer occur. (BZ#1094468)\n\n* The PKCS#12 decoder did not properly check the destination buffer length when decoding. Running the pk12util tool with the \"-l\" option to list the contents of certain PKCS#12-encoded files resulted in a segmentation fault. The decoder has been updated to perform the check, and pk12util now lists the encoded files as expected. (BZ#1174527)\n\n* A build-time check for platforms without NSS initialization support was missing. The NSS security tools terminated unexpectedly with a core dump when running on the 64-bit PowerPC architecture. The build files now check for the \"NSS_NO_INIT_SUPPORT\" build-time environment variable, and if it is set, the platforms continue to function as expected. (BZ#1154232)\n\n* The Softoken module did not correctly check the mechanism for user tokens. When both the client and the server worked in FIPS mode, the yum utility could not connect to OpenSSL-based servers, and the server returned the \"decryption failed or bad record mac\" error message. Softoken has been updated to allow user slots to have the full list of mechanisms just like the main slot, and yum is now able to connect to OpenSSL-based servers. (BZ#1131079)\n\n* Certain changes to the nss-softokn.spec file were implemented using the dracut utility configuration syntax for Red Hat Enterprise Linux 6 instead of the Red Hat Enterprise Linux 7 syntax. Consequently, the user could not use the curl utility to download an HTTPS URL in the dracut environment. The spec file has been modified to use the correct syntax, and dracut users can now use curl in this situation as expected. (BZ#1169957)\n\nIn addition, this update adds the following enhancements:\n\n* With this update, the nss-softokn module conforms to the FIPS-140 standard. (BZ#1004102, BZ#1004107)\n\n* This update adds a mechanism that allows to derive a new symmetric key based on the encryption of some data with the original symmetric key. (BZ#1155340)\n\nUsers of nss, nss-softokn, nss-util, and nspr are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.",
"Advisory": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "advisory"
},
"Severity": "None",
"Cves": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-1545",
"Cvss2": "5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P",
"Cvss3": "",
"Cwe": "CWE-787",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-1545",
"Public": "20140610"
}
],
"Bugzillas": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1004102",
"URL": "https://bugzilla.redhat.com/1004102",
"Title": "NSS needs to conform to new FIPS standard. [rhel-7.0.0]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1004107",
"URL": "https://bugzilla.redhat.com/1004107",
"Title": "softoken needs to address FIPS review comments."
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1087507",
"URL": "https://bugzilla.redhat.com/1087507",
"Title": "Suboptimal shell code in nss.spec [rhel-7]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1087926",
"URL": "https://bugzilla.redhat.com/1087926",
"Title": "file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1094468",
"URL": "https://bugzilla.redhat.com/1094468",
"Title": "389-ds-base server reported crash in stan_GetCERTCertificate (pki3hack.c) under the replication replay failure condition"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1103250",
"URL": "https://bugzilla.redhat.com/1103250",
"Title": "Rebase RHEL 7.1 to NSPR 4.10.6 (for FF 31)"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1103251",
"URL": "https://bugzilla.redhat.com/1103251",
"Title": "Rebase RHEL 7.1 to at least NSS-UTIL 3.16.1 (for FF 31)"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1103252",
"URL": "https://bugzilla.redhat.com/1103252",
"Title": "Rebase RHEL 7.1 to at least NSS 3.16.1 (FF 31)"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1103925",
"URL": "https://bugzilla.redhat.com/1103925",
"Title": "Rebase RHEL 7.1 to at least NSS-SOFTOKN 3.16.1 (FF 31)"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1109793",
"URL": "https://bugzilla.redhat.com/1109793",
"Title": "Can't initialize a null password database if persistently in FIPS mode."
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1117959",
"URL": "https://bugzilla.redhat.com/1117959",
"Title": "Can curl HTTPS requests make fewer access system calls? [rhel-7]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1131079",
"URL": "https://bugzilla.redhat.com/1131079",
"Title": "TLS client gets SSL_ERROR_BAD_MAC_ALERT in FIPS mode if NSS is initialized twice (without/with certdir)"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1150645",
"URL": "https://bugzilla.redhat.com/1150645",
"Title": "Importing an RSA private key fails if p \u003c q [rhel-7]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1154232",
"URL": "https://bugzilla.redhat.com/1154232",
"Title": "nss tools core dump on ppc64 due to recent changes in softoken and freebl"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1155340",
"URL": "https://bugzilla.redhat.com/1155340",
"Title": "Provide sym key derive mechansm as result of encryption of message"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1156406",
"URL": "https://bugzilla.redhat.com/1156406",
"Title": "NSS fails to access sql:/etc/pki/nssdb in system FIPS mode"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1158161",
"URL": "https://bugzilla.redhat.com/1158161",
"Title": "Upgrade to NSS 3.16.2.3 for Firefox 31.3 [rhel-7.1.0]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1169957",
"URL": "https://bugzilla.redhat.com/1169957",
"Title": "curl unable to download url when url is https and environment is dracut"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1174527",
"URL": "https://bugzilla.redhat.com/1174527",
"Title": "Segfault in pk12util when using -l option with certain .p12 files"
}
],
"AffectedCPEList": [
"cpe:/o:redhat:enterprise_linux:7"
],
"Issued": {
"Date": "2015-03-05"
},
"Updated": {
"Date": "2015-03-05"
}
},
"Criteria": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364027",
"Comment": "Red Hat Enterprise Linux 7 Client is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364028",
"Comment": "Red Hat Enterprise Linux 7 Server is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364029",
"Comment": "Red Hat Enterprise Linux 7 Workstation is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364030",
"Comment": "Red Hat Enterprise Linux 7 ComputeNode is installed"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364001",
"Comment": "nspr is earlier than 0:4.10.6-3.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364002",
"Comment": "nspr is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364003",
"Comment": "nspr-devel is earlier than 0:4.10.6-3.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364004",
"Comment": "nspr-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364005",
"Comment": "nss-pkcs11-devel is earlier than 0:3.16.2.3-5.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364006",
"Comment": "nss-pkcs11-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364007",
"Comment": "nss-sysinit is earlier than 0:3.16.2.3-5.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364008",
"Comment": "nss-sysinit is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364009",
"Comment": "nss is earlier than 0:3.16.2.3-5.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364010",
"Comment": "nss is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364011",
"Comment": "nss-tools is earlier than 0:3.16.2.3-5.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364012",
"Comment": "nss-tools is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364013",
"Comment": "nss-devel is earlier than 0:3.16.2.3-5.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364014",
"Comment": "nss-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364015",
"Comment": "nss-util-devel is earlier than 0:3.16.2.3-2.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364016",
"Comment": "nss-util-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364017",
"Comment": "nss-util is earlier than 0:3.16.2.3-2.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364018",
"Comment": "nss-util is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364019",
"Comment": "nss-softokn-freebl is earlier than 0:3.16.2.3-9.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364020",
"Comment": "nss-softokn-freebl is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364021",
"Comment": "nss-softokn is earlier than 0:3.16.2.3-9.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364022",
"Comment": "nss-softokn is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364023",
"Comment": "nss-softokn-freebl-devel is earlier than 0:3.16.2.3-9.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364024",
"Comment": "nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364025",
"Comment": "nss-softokn-devel is earlier than 0:3.16.2.3-9.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364026",
"Comment": "nss-softokn-devel is signed with Red Hat redhatrelease2 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": null
}
}

470
oval/redhat/testdata/golden/RHBA-2015:0386.json vendored
View File

@ -1,470 +0,0 @@
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "definition"
},
"ID": "oval:com.redhat.rhba:def:20150386",
"Class": "patch",
"Title": "RHBA-2015:0386: cups bug fix and enhancement update (None)",
"Affecteds": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "affected"
},
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 7 (please do not use for \u003e= RHEL-7.5)"
]
}
],
"References": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "RHBA",
"RefID": "RHBA-2015:0386",
"RefURL": "https://access.redhat.com/errata/RHBA-2015:0386"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-2856",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-2856"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-3537",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-3537"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-5029",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-5029"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-5030",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-5030"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2014-5031",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-5031"
}
],
"Description": "CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. \n\nThis update fixes the following bugs:\n\n* When using the cupsEnumDests() API call, the libcups utility failed to take note of the client callback function. As a consequence, applications using this API could terminate unexpectedly. The cupsEnumDests() implementation has been fixed and callbacks now function as expected. (BZ#1072954) \n\n* Previously, the CUPS scheduler used an incorrect D-Bus interface when trying to add a colord profile, which led to colord profiles not working correctly. With this update, the correct D-Bus interface is used, and colord profiles now function as expected. (BZ#1087323)\n\n* When handling an incoming Internet Printing Protocol (IPP) request with an associated document to follow, the CUPS scheduler did not check whether the client connection had data available to read before starting to handle the document data. Consequently, in some instances, a 10-second timeout could occur. The scheduler now checks for data availability before reading the document data, thus fixing this bug. (BZ#1110259) \n\n* When the CUPS scheduler read data from a client, it did not check for data availability in between reading the HTTP headers and the Internet Printing Protocol (IPP) request. This led to a race condition causing client requests to fail depending on the timing of the data packets. With this update, the scheduler checks for data availability, preventing the race condition from occurring. (BZ#1113045) \n\n* Previously, the manual page for the cupsd.conf(5) configuration file did not mention the ErrorPolicy directive. Text describing this directive has now been added to the manual page. (BZ#1120591) \n\n* Prior to this update, the cups utility was started before networking, and therefore it was not available in some configurations. A patch has been applied to fix this bug, and CUPS is now available throughout the network. (BZ#1144780) \n\n* A prior security update changed the /etc/cups/ppd/ directory not to be world-readable. However, the cupsGetPPD() function still assumed the files in the directory were world-readable. As a consequence, cupsGetPPD() returned a symbolic link to a file in /etc/cups/ppd/ to the caller even though the caller was not able to read it, which caused a variety of failures when printing. This update fixes cupsGetPPD3() to check for readability, and these failures thus no longer occur. (BZ#1153708)\n\n* A prior fix for setting the value of the FINAL_CONTENT_TYPE variable caused unintended problems: the back end could not reliably determine the format of the input data and forced FINAL_CONTENT_TYPE to always be \"printer/[queue name]\". The incorrect fix has been reverted. Nevertheless, users who have files configured on both the local and remote ends of their queues will still encounter this problem, and thus need to make the local ends of their queues \"raw\". (BZ#1149245)\n\nIn addition, this update adds the following enhancement:\n\n* Prior to this update, the commands required by the redhat-lsb-core package were provided by the cups packages, which itself has other requirements on other packages. To prevent redhat-lsb-core causing a larger dependency chain than needed, the CUPS client commands required by redhat-lsb-core have been moved into a new sub-package, cups-clients. (BZ#1115057) \n\nUsers of cups are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing this update, the cupsd daemon will be restarted automatically.",
"Advisory": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "advisory"
},
"Severity": "None",
"Cves": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-2856",
"Cvss2": "4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N",
"Cvss3": "",
"Cwe": "CWE-79",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-2856",
"Public": "20140130"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-3537",
"Cvss2": "5.0/AV:L/AC:M/Au:S/C:C/I:P/A:N",
"Cvss3": "",
"Cwe": "CWE-59",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-3537",
"Public": "20140714"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-5029",
"Cvss2": "5.0/AV:L/AC:M/Au:S/C:C/I:P/A:N",
"Cvss3": "",
"Cwe": "CWE-59",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-5029",
"Public": "20140722"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-5030",
"Cvss2": "5.0/AV:L/AC:M/Au:S/C:C/I:P/A:N",
"Cvss3": "",
"Cwe": "CWE-59",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-5030",
"Public": "20140722"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2014-5031",
"Cvss2": "5.0/AV:L/AC:M/Au:S/C:C/I:P/A:N",
"Cvss3": "",
"Cwe": "CWE-59",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2014-5031",
"Public": "20140722"
}
],
"Bugzillas": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1087323",
"URL": "https://bugzilla.redhat.com/1087323",
"Title": "AddProfile failed: org.freedesktop.DBus.Error.UnknownMethod:No such interface `org.freedesktop.ColorManager' on object at path /org/freedesktop/ColorManager/devices/cups_HP_Officejet_Pro_8500_A909a"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1113045",
"URL": "https://bugzilla.redhat.com/1113045",
"Title": "Race condition in cupsdReadClient()"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1144780",
"URL": "https://bugzilla.redhat.com/1144780",
"Title": "cups starts before networking, therefore is not available"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1149245",
"URL": "https://bugzilla.redhat.com/1149245",
"Title": "FINAL_CONTENT_TYPE incorrect for all backends"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1153708",
"URL": "https://bugzilla.redhat.com/1153708",
"Title": "cupsGetPPD() failure caused by STR #4461 fix"
}
],
"AffectedCPEList": [
"cpe:/o:redhat:enterprise_linux:7"
],
"Issued": {
"Date": "2015-03-05"
},
"Updated": {
"Date": "2015-03-05"
}
},
"Criteria": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364027",
"Comment": "Red Hat Enterprise Linux 7 Client is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364028",
"Comment": "Red Hat Enterprise Linux 7 Server is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364029",
"Comment": "Red Hat Enterprise Linux 7 Workstation is installed"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150364030",
"Comment": "Red Hat Enterprise Linux 7 ComputeNode is installed"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386001",
"Comment": "cups-filesystem is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386002",
"Comment": "cups-filesystem is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386003",
"Comment": "cups is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386004",
"Comment": "cups is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386005",
"Comment": "cups-libs is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386006",
"Comment": "cups-libs is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386007",
"Comment": "cups-lpd is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386008",
"Comment": "cups-lpd is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386009",
"Comment": "cups-client is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386010",
"Comment": "cups-client is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386011",
"Comment": "cups-devel is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386012",
"Comment": "cups-devel is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386013",
"Comment": "cups-ipptool is earlier than 1:1.6.3-17.el7"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhba:tst:20150386014",
"Comment": "cups-ipptool is signed with Red Hat redhatrelease2 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": null
}
}

1390
oval/redhat/testdata/golden/RHBA-2015:0441.json vendored
View File

File diff suppressed because it is too large Load Diff

458
oval/redhat/testdata/golden/RHSA-2019:0966.json vendored
View File

@ -1,458 +0,0 @@
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "definition"
},
"ID": "oval:com.redhat.rhsa:def:20190966",
"Class": "patch",
"Title": "RHSA-2019:0966: firefox security update (Critical)",
"Affecteds": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "affected"
},
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 8"
]
}
],
"References": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "RHSA",
"RefID": "RHSA-2019:0966",
"RefURL": "https://access.redhat.com/errata/RHSA-2019:0966"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2018-18506",
"RefURL": "https://access.redhat.com/security/cve/CVE-2018-18506"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9788",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9788"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9790",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9790"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9791",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9791"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9792",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9792"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9793",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9793"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9795",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9795"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9796",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9796"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9810",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9810"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2019-9813",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-9813"
}
],
"Description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 60.6.1 ESR. (BZ#1690308)\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788)\n\n* Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790)\n\n* Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791)\n\n* Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792)\n\n* Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810)\n\n* Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813)\n\n* Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793)\n\n* Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795)\n\n* Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796)\n\n* Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"Advisory": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "advisory"
},
"Severity": "Critical",
"Cves": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2018-18506",
"Cvss2": "",
"Cvss3": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-200",
"Impact": "moderate",
"Href": "https://access.redhat.com/security/cve/CVE-2018-18506",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9788",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-120",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9788",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9790",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9790",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9791",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-843",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9791",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9792",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-203 CWE-787",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9792",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9793",
"Cvss2": "",
"Cvss3": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-119",
"Impact": "important",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9793",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9795",
"Cvss2": "",
"Cvss3": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-843 CWE-787",
"Impact": "important",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9795",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9796",
"Cvss2": "",
"Cvss3": "7.5/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Impact": "important",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9796",
"Public": "20190320"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9810",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-119",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9810",
"Public": "20190322"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2019-9813",
"Cvss2": "",
"Cvss3": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-843",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2019-9813",
"Public": "20190322"
}
],
"Bugzillas": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690308",
"URL": "https://bugzilla.redhat.com/1690308",
"Title": "update ff to ESR 60.6[ZStream Clone]"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690673",
"URL": "https://bugzilla.redhat.com/1690673",
"Title": "CVE-2018-18506 Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690674",
"URL": "https://bugzilla.redhat.com/1690674",
"Title": "CVE-2019-9788 Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690675",
"URL": "https://bugzilla.redhat.com/1690675",
"Title": "CVE-2019-9790 Mozilla: Use-after-free when removing in-use DOM elements"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690676",
"URL": "https://bugzilla.redhat.com/1690676",
"Title": "CVE-2019-9791 Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690677",
"URL": "https://bugzilla.redhat.com/1690677",
"Title": "CVE-2019-9792 Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690678",
"URL": "https://bugzilla.redhat.com/1690678",
"Title": "CVE-2019-9793 Mozilla: Improper bounds checks when Spectre mitigations are disabled"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690680",
"URL": "https://bugzilla.redhat.com/1690680",
"Title": "CVE-2019-9795 Mozilla: Type-confusion in IonMonkey JIT compiler"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1690681",
"URL": "https://bugzilla.redhat.com/1690681",
"Title": "CVE-2019-9796 Mozilla: Use-after-free with SMIL animation controller"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1692181",
"URL": "https://bugzilla.redhat.com/1692181",
"Title": "CVE-2019-9810 Mozilla: IonMonkey MArraySlice has incorrect alias information"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1692182",
"URL": "https://bugzilla.redhat.com/1692182",
"Title": "CVE-2019-9813 Mozilla: Ionmonkey type confusion with __proto__ mutations"
}
],
"AffectedCPEList": [
"cpe:/a:redhat:enterprise_linux:8"
],
"Issued": {
"Date": "2019-05-07"
},
"Updated": {
"Date": "2019-05-07"
}
},
"Criteria": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966001",
"Comment": "firefox-debugsource is earlier than 0:60.6.1-1.el8"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966002",
"Comment": "firefox-debugsource is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966003",
"Comment": "firefox is earlier than 0:60.6.1-1.el8"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966004",
"Comment": "firefox is signed with Red Hat redhatrelease2 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966005",
"Comment": "Red Hat Enterprise Linux 8 is installed"
}
]
}
}

170
oval/redhat/testdata/golden/RHSA-2019:0968.json vendored
View File

@ -1,170 +0,0 @@
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "definition"
},
"ID": "oval:com.redhat.rhsa:def:20190968",
"Class": "patch",
"Title": "RHSA-2019:0968: edk2 security update (Important)",
"Affecteds": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "affected"
},
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 8"
]
}
],
"References": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "RHSA",
"RefID": "RHSA-2019:0968",
"RefURL": "https://access.redhat.com/errata/RHSA-2019:0968"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "reference"
},
"Source": "CVE",
"RefID": "CVE-2018-12180",
"RefURL": "https://access.redhat.com/security/cve/CVE-2018-12180"
}
],
"Description": "EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.\n\nSecurity Fix(es):\n\n* edk2: Buffer Overflow in BlockIo service for RAM disk (CVE-2018-12180)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"Advisory": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "advisory"
},
"Severity": "Important",
"Cves": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "cve"
},
"CveID": "CVE-2018-12180",
"Cvss2": "",
"Cvss3": "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"Cwe": "CWE-125 CWE-787",
"Impact": "",
"Href": "https://access.redhat.com/security/cve/CVE-2018-12180",
"Public": "20190226"
}
],
"Bugzillas": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "bugzilla"
},
"ID": "1683372",
"URL": "https://bugzilla.redhat.com/1683372",
"Title": "CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk"
}
],
"AffectedCPEList": [
"cpe:/a:redhat:enterprise_linux:8"
],
"Issued": {
"Date": "2019-05-07"
},
"Updated": {
"Date": "2019-05-07"
}
},
"Criteria": {
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "OR",
"Criterias": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190968001",
"Comment": "edk2-ovmf is earlier than 0:20180508gitee3198e672e2-9.el8_0.1"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190968002",
"Comment": "edk2-ovmf is signed with Red Hat redhatrelease2 key"
}
]
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criteria"
},
"Operator": "AND",
"Criterias": null,
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190968003",
"Comment": "edk2-aarch64 is earlier than 0:20180508gitee3198e672e2-9.el8_0.1"
},
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190968004",
"Comment": "edk2-aarch64 is signed with Red Hat redhatrelease2 key"
}
]
}
],
"Criterions": null
}
],
"Criterions": [
{
"XMLName": {
"Space": "http://oval.mitre.org/XMLSchema/oval-definitions-5",
"Local": "criterion"
},
"Negate": false,
"TestRef": "oval:com.redhat.rhsa:tst:20190966005",
"Comment": "Red Hat Enterprise Linux 8 is installed"
}
]
}
}

75
oval/redhat/testdata/golden/ansible-2-including-unpatched/CVE-2020-10744.json vendored Normal file
View File

@ -0,0 +1,75 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:202010744",
"Version": "631",
"Metadata": {
"Title": "CVE-2020-10744 ansible: incomplete fix for CVE-2020-1733 (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-10744",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-10744"
}
],
"Description": "DOCUMENTATION: An incomplete fix was found for the fix of the flaw CVE-2020-1733, Ansible: insecure temporary directory when running become_user from the become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems.\n STATEMENT: Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected.\n\nRed Hat Gluster Storage 3 and Red Hat Ceph Storage 3 no longer maintain their own versions of Ansible. The fix will be provided from core Ansible. However, we still ship Ansible separately for Ceph Ubuntu.\n MITIGATION: Currently, there is no mitigation for this issue.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:202010744006"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 8 is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744005"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744001"
},
{
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible-test is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744003"
},
{
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744004"
}
]
}
]
}
]
}
]
}
}

75
oval/redhat/testdata/golden/ansible-2-including-unpatched/CVE-2020-1734.json vendored Normal file
View File

@ -0,0 +1,75 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:20201734",
"Version": "631",
"Metadata": {
"Title": "CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-1734",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-1734"
}
],
"Description": "DOCUMENTATION: A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.\n STATEMENT: Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n MITIGATION: This issue can be avoided by escaping variables which are used in the lookup.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:202010744006"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 8 is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744005"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744001"
},
{
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible-test is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744003"
},
{
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744004"
}
]
}
]
}
]
}
]
}
}

75
oval/redhat/testdata/golden/ansible-2-including-unpatched/CVE-2020-1738.json vendored Normal file
View File

@ -0,0 +1,75 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:20201738",
"Version": "631",
"Metadata": {
"Title": "CVE-2020-1738 ansible: module package can be selected by the ansible facts (low)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-1738",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-1738"
}
],
"Description": "DOCUMENTATION: A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file.\n STATEMENT: Ansible Engine 2.7.16, 2.8.10, and 2.9.6 as well as previous versions are affected.\n\nAnsible Tower 3.4.5, 3.5.5 and 3.6.3 as well as previous versions are affected.\n MITIGATION: Specify the parameter 'use' when possible on the package and service modules. Avoid using Ansible Collections on Ansible 2.8.9 or 2.7.16 (and any of the previous versions) as they are not rejecting python with no path (already fixed in 2.9.x).",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Low",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:202010744006"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 8 is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744005"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744001"
},
{
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible-test is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744003"
},
{
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744004"
}
]
}
]
}
]
}
]
}
}

112
oval/redhat/testdata/golden/ansible-2-including-unpatched/RHSA-2019-3927.json vendored Normal file
View File

@ -0,0 +1,112 @@
{
"Class": "patch",
"ID": "oval:com.redhat.rhsa:def:20193927",
"Version": "634",
"Metadata": {
"Title": "RHSA-2019:3927: ansible security and bug fix update (Moderate)",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"Red Hat Ansible Engine 2.9 for RHEL 8"
]
}
],
"References": [
{
"Source": "RHSA",
"RefID": "RHSA-2019:3927",
"RefURL": "https://access.redhat.com/errata/RHSA-2019:3927"
},
{
"Source": "CVE",
"RefID": "CVE-2019-14864",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-14864"
}
],
"Description": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nSecurity Fix(es):\n\nAnsible: Splunk and Sumologic callback plugins leak sensitive data in logs\n(CVE-2019-14864)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.1)\n\nBug Fix(es):\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.1/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Rights": "Copyright 2019 Red Hat, Inc.",
"Issued": {
"Date": "2019-11-20"
},
"Updated": {
"Date": "2019-11-20"
},
"Cves": [
{
"CveID": "CVE-2019-14864",
"Cvss3": "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"Cwe": "CWE-117 CWE-532",
"Href": "https://access.redhat.com/security/cve/CVE-2019-14864",
"Public": "20191022"
}
],
"Bugzilla": [
{
"Href": "https://bugzilla.redhat.com/1764148",
"ID": "1764148"
}
],
"AffectedCpeList": [
"cpe:/a:redhat:ansible_engine:2.9",
"cpe:/a:redhat:ansible_engine:2.9::el8"
]
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:202010744006"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 8 is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744005"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible is earlier than 0:2.9.1-1.el8",
"TestRef": "oval:com.redhat.rhsa:tst:20193927001"
},
{
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible-test is earlier than 0:2.9.1-1.el8",
"TestRef": "oval:com.redhat.rhsa:tst:20193927003"
},
{
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744004"
}
]
}
]
}
]
}
]
}
}

128
oval/redhat/testdata/golden/ansible-2-including-unpatched/RHSA-2020-0215.json vendored Normal file
View File

@ -0,0 +1,128 @@
{
"Class": "patch",
"ID": "oval:com.redhat.rhsa:def:20200215",
"Version": "632",
"Metadata": {
"Title": "RHSA-2020:0215: Ansible security and bug fix update (2.9.4) (Moderate)",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"Red Hat Ansible Engine 2.9 for RHEL 8"
]
}
],
"References": [
{
"Source": "RHSA",
"RefID": "RHSA-2020:0215",
"RefURL": "https://access.redhat.com/errata/RHSA-2020:0215"
},
{
"Source": "CVE",
"RefID": "CVE-2019-14904",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-14904"
},
{
"Source": "CVE",
"RefID": "CVE-2019-14905",
"RefURL": "https://access.redhat.com/security/cve/CVE-2019-14905"
}
],
"Description": "Ansible is a simple model-driven configuration management, multi-node\ndeployment, and remote-task execution system. Ansible works over SSH and\ndoes not require any software or daemons to be installed on remote nodes.\nExtension modules can be written in any language and are transferred to\nmanaged machines automatically.\n\nThe following packages have been upgraded to a newer upstream version:\nansible (2.9.4)\n\nBug Fix(es):\n* CVE-2019-14904 Ansible: vulnerability in solaris_zone module via crafted\nsolaris zone\n* CVE-2019-14905 Ansible: malicious code could craft filename in\nnxos_file_copy module\n\nSee:\nhttps://github.com/ansible/ansible/blob/v2.9.4/changelogs/CHANGELOG-v2.9.rst\nfor details on bug fixes in this release.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Rights": "Copyright 2020 Red Hat, Inc.",
"Issued": {
"Date": "2020-01-23"
},
"Updated": {
"Date": "2020-01-23"
},
"Cves": [
{
"CveID": "CVE-2019-14904",
"Cvss3": "7.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L",
"Cwe": "CWE-20 CWE-78",
"Href": "https://access.redhat.com/security/cve/CVE-2019-14904",
"Public": "20191127"
},
{
"CveID": "CVE-2019-14905",
"Cvss3": "5.6/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"Cwe": "CWE-20 CWE-73",
"Href": "https://access.redhat.com/security/cve/CVE-2019-14905",
"Public": "20191127"
}
],
"Bugzilla": [
{
"Href": "https://bugzilla.redhat.com/1776943",
"ID": "1776943"
},
{
"Href": "https://bugzilla.redhat.com/1776944",
"ID": "1776944"
}
],
"AffectedCpeList": [
"cpe:/a:redhat:ansible_engine:2.9",
"cpe:/a:redhat:ansible_engine:2.9::el8"
]
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:202010744006"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 8 is installed",
"TestRef": "oval:com.redhat.cve:tst:202010744005"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible is earlier than 0:2.9.4-1.el8ae",
"TestRef": "oval:com.redhat.rhsa:tst:20200215001"
},
{
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ansible-test is earlier than 0:2.9.4-1.el8ae",
"TestRef": "oval:com.redhat.rhsa:tst:20200215003"
},
{
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202010744004"
}
]
}
]
}
]
}
]
}
}

50
oval/redhat/testdata/golden/ansible-2-including-unpatched/objects.json vendored Normal file
View File

@ -0,0 +1,50 @@
{
"RpminfoObjects": [
{
"ID": "oval:com.redhat.cve:obj:202010744001",
"Version": "631",
"Name": "ansible"
},
{
"ID": "oval:com.redhat.cve:obj:202010744002",
"Version": "631",
"Name": "ansible-test"
}
],
"RpmverifyfileObjects": [
{
"ID": "oval:com.redhat.cve:obj:202010744003",
"AttrVersion": "631",
"Behaviors": {
"Noconfigfiles": "true",
"Noghostfiles": "true",
"Nogroup": "true",
"Nolinkto": "true",
"Nomd5": "true",
"Nomode": "true",
"Nomtime": "true",
"Nordev": "true",
"Nosize": "true",
"Nouser": "true"
},
"Filepath": {
"Text": "/etc/redhat-release"
},
"Name": {
"Operation": "pattern match"
},
"Version": {
"Operation": "pattern match"
},
"Epoch": {
"Operation": "pattern match"
},
"Arch": {
"Operation": "pattern match"
},
"Release": {
"Operation": "pattern match"
}
}
]
}

92
oval/redhat/testdata/golden/ansible-2-including-unpatched/states.json vendored Normal file
View File

@ -0,0 +1,92 @@
{
"RpminfoState": [
{
"ID": "oval:com.redhat.cve:ste:202010744001",
"Version": "631",
"Arch": {},
"Evr": {},
"SignatureKeyID": {
"Text": "199e2f91fd431d51",
"Operation": "equals"
}
},
{
"ID": "oval:com.redhat.rhba:ste:20200784001",
"Version": "632",
"Arch": {},
"Evr": {
"Text": "0:2.9.6-1.el8ae",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20193927001",
"Version": "634",
"Arch": {},
"Evr": {
"Text": "0:2.9.1-1.el8",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20200215001",
"Version": "632",
"Arch": {},
"Evr": {
"Text": "0:2.9.4-1.el8ae",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20201541001",
"Version": "632",
"Arch": {},
"Evr": {
"Text": "0:2.9.7-1.el8ae",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20203601001",
"Version": "632",
"Arch": {},
"Evr": {
"Text": "0:2.9.13-1.el8ae",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
}
],
"RpmverifyfileStates": [
{
"ID": "oval:com.redhat.cve:ste:202010744002",
"AttrVersion": "631",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {
"Text": "^8[^\\d]",
"Operation": "pattern match"
}
},
{
"ID": "oval:com.redhat.cve:ste:202010744003",
"AttrVersion": "631",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {}
}
]
}

216
oval/redhat/testdata/golden/ansible-2-including-unpatched/tests.json vendored Normal file
View File

@ -0,0 +1,216 @@
{
"RpminfoTests": [
{
"Check": "at least one",
"Comment": "ansible is installed",
"ID": "oval:com.redhat.cve:tst:202010744001",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ansible is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202010744002",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:202010744001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is installed",
"ID": "oval:com.redhat.cve:tst:202010744003",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ansible-test is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202010744004",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:202010744001"
}
},
{
"Check": "at least one",
"Comment": "ansible is earlier than 0:2.9.6-1.el8ae",
"ID": "oval:com.redhat.rhba:tst:20200784001",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.rhba:ste:20200784001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is earlier than 0:2.9.6-1.el8ae",
"ID": "oval:com.redhat.rhba:tst:20200784003",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.rhba:ste:20200784001"
}
},
{
"Check": "at least one",
"Comment": "ansible is earlier than 0:2.9.1-1.el8",
"ID": "oval:com.redhat.rhsa:tst:20193927001",
"Version": "634",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20193927001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is earlier than 0:2.9.1-1.el8",
"ID": "oval:com.redhat.rhsa:tst:20193927003",
"Version": "634",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20193927001"
}
},
{
"Check": "at least one",
"Comment": "ansible is earlier than 0:2.9.4-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20200215001",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20200215001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is earlier than 0:2.9.4-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20200215003",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20200215001"
}
},
{
"Check": "at least one",
"Comment": "ansible is earlier than 0:2.9.7-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20201541001",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20201541001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is earlier than 0:2.9.7-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20201541003",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20201541001"
}
},
{
"Check": "at least one",
"Comment": "ansible is earlier than 0:2.9.13-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20203601001",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20203601001"
}
},
{
"Check": "at least one",
"Comment": "ansible-test is earlier than 0:2.9.13-1.el8ae",
"ID": "oval:com.redhat.rhsa:tst:20203601003",
"Version": "632",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {
"StateRef": "oval:com.redhat.rhsa:ste:20203601001"
}
},
{
"Check": "at least one",
"Comment": "ansible is not installed",
"ID": "oval:com.redhat.unaffected:tst:20144657002",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ansible-test is not installed",
"ID": "oval:com.redhat.unaffected:tst:20144657004",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744002"
},
"State": {}
}
],
"RpmverifyfileTests": [
{
"Check": "at least one",
"Comment": "Red Hat Enterprise Linux 8 is installed",
"ID": "oval:com.redhat.cve:tst:202010744005",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744003"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:202010744002"
}
},
{
"Check": "none satisfy",
"Comment": "Red Hat Enterprise Linux must be installed",
"ID": "oval:com.redhat.cve:tst:202010744006",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202010744003"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:202010744003"
}
}
]
}

75
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/CVE-2020-0605.unaffected.json vendored Normal file
View File

@ -0,0 +1,75 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.unaffected:def:20200605",
"Version": "631",
"Metadata": {
"Title": "Unaffected components for: CVE-2020-0605 dotnet: Bypass of WPF XAML payload prevention (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-0605",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-0605"
}
],
"Description": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2020-0605.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134024"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 7 is installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134023"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31 is installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605001"
},
{
"Comment": "rh-dotnet31 is not installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-runtime is installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605003"
},
{
"Comment": "rh-dotnet31-runtime is not installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605004"
}
]
}
]
}
]
}
]
}
}

75
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/CVE-2020-0606.unaffected.json vendored Normal file
View File

@ -0,0 +1,75 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.unaffected:def:20200606",
"Version": "631",
"Metadata": {
"Title": "Unaffected components for: CVE-2020-0606 dotnet: Malfunctioning StickyNotes annotation XML files malicious execution prevetion (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-0606",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-0606"
}
],
"Description": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2020-0606.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134024"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 7 is installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134023"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31 is installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605001"
},
{
"Comment": "rh-dotnet31 is not installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-runtime is installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605003"
},
{
"Comment": "rh-dotnet31-runtime is not installed",
"TestRef": "oval:com.redhat.unaffected:tst:20200605004"
}
]
}
]
}
]
}
]
}
}

254
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/RHSA-2020-0134.json vendored Normal file
View File

@ -0,0 +1,254 @@
{
"Class": "patch",
"ID": "oval:com.redhat.rhsa:def:20200134",
"Version": "637",
"Metadata": {
"Title": "RHSA-2020:0134: .NET Core on Red Hat Enterprise Linux security and bug fix update (Critical)",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
".NET Core on Red Hat Enterprise Linux"
]
}
],
"References": [
{
"Source": "RHSA",
"RefID": "RHSA-2020:0134",
"RefURL": "https://access.redhat.com/errata/RHSA-2020:0134"
},
{
"Source": "CVE",
"RefID": "CVE-2020-0602",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-0602"
},
{
"Source": "CVE",
"RefID": "CVE-2020-0603",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-0603"
}
],
"Description": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.\n\nSecurity Fixes:\n\n* dotnet: Memory Corruption in SignalR (CVE-2020-0603)\n\n* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)\n\nUsers must rebuild their applications to pick up the fixes.\n\nDefault inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.\n\nFor more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Critical",
"Rights": "Copyright 2020 Red Hat, Inc.",
"Issued": {
"Date": "2020-01-16"
},
"Updated": {
"Date": "2020-01-16"
},
"Cves": [
{
"CveID": "CVE-2020-0602",
"Cvss3": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Impact": "important",
"Href": "https://access.redhat.com/security/cve/CVE-2020-0602",
"Public": "20200114"
},
{
"CveID": "CVE-2020-0603",
"Cvss3": "8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"Cwe": "CWE-119",
"Href": "https://access.redhat.com/security/cve/CVE-2020-0603",
"Public": "20200114"
}
],
"Bugzilla": [
{
"Href": "https://bugzilla.redhat.com/1787151",
"ID": "1787151"
},
{
"Href": "https://bugzilla.redhat.com/1787174",
"ID": "1787174"
},
{
"Href": "https://bugzilla.redhat.com/1789623",
"ID": "1789623"
},
{
"Href": "https://bugzilla.redhat.com/1789624",
"ID": "1789624"
}
],
"AffectedCpeList": [
"cpe:/a:redhat:rhel_dotnet:3.1",
"cpe:/a:redhat:rhel_dotnet:3.1::el7"
]
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134024"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 7 is installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134023"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-aspnetcore-runtime-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134001"
},
{
"Comment": "rh-dotnet31-aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134003"
},
{
"Comment": "rh-dotnet31-aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134004"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet is earlier than 0:3.1.101-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134005"
},
{
"Comment": "rh-dotnet31-dotnet is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134006"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-apphost-pack-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134007"
},
{
"Comment": "rh-dotnet31-dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134008"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-host is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134009"
},
{
"Comment": "rh-dotnet31-dotnet-host is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134010"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-hostfxr-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134011"
},
{
"Comment": "rh-dotnet31-dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134012"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-runtime-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134013"
},
{
"Comment": "rh-dotnet31-dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134014"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-sdk-3.1 is earlier than 0:3.1.101-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134015"
},
{
"Comment": "rh-dotnet31-dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134016"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-targeting-pack-3.1 is earlier than 0:3.1.1-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134017"
},
{
"Comment": "rh-dotnet31-dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134018"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-templates-3.1 is earlier than 0:3.1.101-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134019"
},
{
"Comment": "rh-dotnet31-dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134020"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-netstandard-targeting-pack-2.1 is earlier than 0:3.1.101-4.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20200134021"
},
{
"Comment": "rh-dotnet31-netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134022"
}
]
}
]
}
]
}
]
}
}

245
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/RHSA-2020-2249.json vendored Normal file
View File

@ -0,0 +1,245 @@
{
"Class": "patch",
"ID": "oval:com.redhat.rhsa:def:20202249",
"Version": "633",
"Metadata": {
"Title": "RHSA-2020:2249: .NET Core on Red Hat Enterprise Linux security and bug fix update (Important)",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
".NET Core on Red Hat Enterprise Linux"
]
}
],
"References": [
{
"Source": "RHSA",
"RefID": "RHSA-2020:2249",
"RefURL": "https://access.redhat.com/errata/RHSA-2020:2249"
},
{
"Source": "CVE",
"RefID": "CVE-2020-1108",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-1108"
},
{
"Source": "CVE",
"RefID": "CVE-2020-1161",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-1161"
}
],
"Description": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4.\n\nSecurity Fix(es):\n\n* dotnet: Denial of service via untrusted input (CVE-2020-1108)\n* dotnet: Denial of service due to infinite loop (CVE-2020-1161)\n\nDefault inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Important",
"Rights": "Copyright 2020 Red Hat, Inc.",
"Issued": {
"Date": "2020-05-21"
},
"Updated": {
"Date": "2020-05-21"
},
"Cves": [
{
"CveID": "CVE-2020-1108",
"Cvss3": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-20 CWE-190",
"Href": "https://access.redhat.com/security/cve/CVE-2020-1108",
"Public": "20200512"
},
{
"CveID": "CVE-2020-1161",
"Cvss3": "7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-400",
"Href": "https://access.redhat.com/security/cve/CVE-2020-1161",
"Public": "20200512"
}
],
"Bugzilla": [
{
"Href": "https://bugzilla.redhat.com/1827643",
"ID": "1827643"
},
{
"Href": "https://bugzilla.redhat.com/1827645",
"ID": "1827645"
}
],
"AffectedCpeList": [
"cpe:/a:redhat:rhel_dotnet:3.1",
"cpe:/a:redhat:rhel_dotnet:3.1::el7"
]
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134024"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 7 is installed",
"TestRef": "oval:com.redhat.rhsa:tst:20200134023"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-aspnetcore-runtime-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249001"
},
{
"Comment": "rh-dotnet31-aspnetcore-runtime-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-aspnetcore-targeting-pack-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249003"
},
{
"Comment": "rh-dotnet31-aspnetcore-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134004"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet is earlier than 0:3.1.104-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249005"
},
{
"Comment": "rh-dotnet31-dotnet is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134006"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-apphost-pack-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249007"
},
{
"Comment": "rh-dotnet31-dotnet-apphost-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134008"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-host is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249009"
},
{
"Comment": "rh-dotnet31-dotnet-host is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134010"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-hostfxr-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249011"
},
{
"Comment": "rh-dotnet31-dotnet-hostfxr-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134012"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-runtime-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249013"
},
{
"Comment": "rh-dotnet31-dotnet-runtime-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134014"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-sdk-3.1 is earlier than 0:3.1.104-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249015"
},
{
"Comment": "rh-dotnet31-dotnet-sdk-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134016"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-targeting-pack-3.1 is earlier than 0:3.1.4-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249017"
},
{
"Comment": "rh-dotnet31-dotnet-targeting-pack-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134018"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-dotnet-templates-3.1 is earlier than 0:3.1.104-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249019"
},
{
"Comment": "rh-dotnet31-dotnet-templates-3.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134020"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "rh-dotnet31-netstandard-targeting-pack-2.1 is earlier than 0:3.1.104-2.el7",
"TestRef": "oval:com.redhat.rhsa:tst:20202249021"
},
{
"Comment": "rh-dotnet31-netstandard-targeting-pack-2.1 is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhsa:tst:20200134022"
}
]
}
]
}
]
}
]
}
}

125
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/objects.json vendored Normal file
View File

@ -0,0 +1,125 @@
{
"RpminfoObjects": [
{
"ID": "oval:com.redhat.rhsa:obj:20200134001",
"Version": "637",
"Name": "rh-dotnet31-aspnetcore-runtime-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134002",
"Version": "637",
"Name": "rh-dotnet31-aspnetcore-targeting-pack-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134003",
"Version": "637",
"Name": "rh-dotnet31-dotnet"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134004",
"Version": "637",
"Name": "rh-dotnet31-dotnet-apphost-pack-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134005",
"Version": "637",
"Name": "rh-dotnet31-dotnet-host"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134006",
"Version": "637",
"Name": "rh-dotnet31-dotnet-hostfxr-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134007",
"Version": "637",
"Name": "rh-dotnet31-dotnet-runtime-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134008",
"Version": "637",
"Name": "rh-dotnet31-dotnet-sdk-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134009",
"Version": "637",
"Name": "rh-dotnet31-dotnet-targeting-pack-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134010",
"Version": "637",
"Name": "rh-dotnet31-dotnet-templates-3.1"
},
{
"ID": "oval:com.redhat.rhsa:obj:20200134011",
"Version": "637",
"Name": "rh-dotnet31-netstandard-targeting-pack-2.1"
},
{
"ID": "oval:com.redhat.unaffected:obj:20200605001",
"Version": "631",
"Name": "rh-dotnet31"
},
{
"ID": "oval:com.redhat.unaffected:obj:20200605002",
"Version": "631",
"Name": "rh-dotnet31-runtime"
},
{
"ID": "oval:com.redhat.unaffected:obj:20201066012",
"Version": "631",
"Name": "rh-dotnet31-dotnet-debuginfo"
},
{
"ID": "oval:com.redhat.unaffected:obj:20208169001",
"Version": "631",
"Name": "rh-dotnet31-curl"
},
{
"ID": "oval:com.redhat.unaffected:obj:20208169002",
"Version": "631",
"Name": "rh-dotnet31-libcurl"
},
{
"ID": "oval:com.redhat.unaffected:obj:20208169003",
"Version": "631",
"Name": "rh-dotnet31-libcurl-devel"
}
],
"RpmverifyfileObjects": [
{
"ID": "oval:com.redhat.rhsa:obj:20200134012",
"AttrVersion": "637",
"Behaviors": {
"Noconfigfiles": "true",
"Noghostfiles": "true",
"Nogroup": "true",
"Nolinkto": "true",
"Nomd5": "true",
"Nomode": "true",
"Nomtime": "true",
"Nordev": "true",
"Nosize": "true",
"Nouser": "true"
},
"Filepath": {
"Text": "/etc/redhat-release"
},
"Name": {
"Operation": "pattern match"
},
"Version": {
"Operation": "pattern match"
},
"Epoch": {
"Operation": "pattern match"
},
"Arch": {
"Operation": "pattern match"
},
"Release": {
"Operation": "pattern match"
}
}
]
}

217
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/states.json vendored Normal file
View File

@ -0,0 +1,217 @@
{
"RpminfoState": [
{
"ID": "oval:com.redhat.rhsa:ste:20200134001",
"Version": "637",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.1-4.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20200134002",
"Version": "637",
"Arch": {},
"Evr": {},
"SignatureKeyID": {
"Text": "199e2f91fd431d51",
"Operation": "equals"
}
},
{
"ID": "oval:com.redhat.rhsa:ste:20200134003",
"Version": "637",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.101-4.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202249001",
"Version": "633",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.4-2.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202249003",
"Version": "633",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.104-2.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202475001",
"Version": "635",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.5-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202475003",
"Version": "635",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.105-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202939001",
"Version": "636",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.6-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20202939003",
"Version": "636",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.106-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20203421001",
"Version": "634",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.7-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20203421003",
"Version": "634",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.107-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20203697001",
"Version": "634",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.8-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
},
{
"ID": "oval:com.redhat.rhsa:ste:20203697003",
"Version": "634",
"Arch": {
"Text": "x86_64",
"Datatype": "string",
"Operation": "equals"
},
"Evr": {
"Text": "0:3.1.108-1.el7",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
}
],
"RpmverifyfileStates": [
{
"ID": "oval:com.redhat.rhsa:ste:20200134004",
"AttrVersion": "637",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {
"Text": "^7[^\\d]",
"Operation": "pattern match"
}
},
{
"ID": "oval:com.redhat.rhsa:ste:20200134005",
"AttrVersion": "637",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {}
}
]
}

1311
oval/redhat/testdata/golden/dotnet-3.1-including-unpatched/tests.json vendored Normal file
View File

File diff suppressed because it is too large Load Diff

101
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/CVE-2014-3209.json vendored Normal file
View File

@ -0,0 +1,101 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:20143209",
"Version": "631",
"Metadata": {
"Title": "CVE-2014-3209 ldns: ldns-keygen generates keys with world readable permissions (low)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2014-3209",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-3209"
}
],
"Description": "STATEMENT: This issue affects the versions of ldns as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Low",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ldns-devel is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209001"
},
{
"Comment": "ldns-devel is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20143209002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ldns-doc is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209003"
},
{
"Comment": "ldns-doc is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20143209004"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ldns is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209005"
},
{
"Comment": "ldns is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20143209006"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "ldns-python is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209007"
},
{
"Comment": "ldns-python is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20143209008"
}
]
}
]
}
]
}
]
}
}

50
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/CVE-2016-5361.json vendored Normal file
View File

@ -0,0 +1,50 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:20165361",
"Version": "631",
"Metadata": {
"Title": "CVE-2016-5361 IKEv1 protocol is vulnerable to DoS amplification attack (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2016-5361",
"RefURL": "https://access.redhat.com/security/cve/CVE-2016-5361"
}
],
"Description": "DOCUMENTATION: A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server.\n STATEMENT: This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Red Hat Product Security team, does not consider IKEv2 to be affected. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
},
{
"Comment": "libreswan is installed",
"TestRef": "oval:com.redhat.cve:tst:20165361001"
},
{
"Comment": "libreswan is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20165361002"
}
]
}
]
}
}

50
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/CVE-2016-5391.unaffected.json vendored Normal file
View File

@ -0,0 +1,50 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.unaffected:def:20165391",
"Version": "631",
"Metadata": {
"Title": "Unaffected components for: CVE-2016-5391 libreswan: IKEv2 bogus proposal lacking DH transform causes pluto daemon restart (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2016-5391",
"RefURL": "https://access.redhat.com/security/cve/CVE-2016-5391"
}
],
"Description": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2016-5391.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
},
{
"Comment": "libreswan is installed",
"TestRef": "oval:com.redhat.cve:tst:20165361001"
},
{
"Comment": "libreswan is not installed",
"TestRef": "oval:com.redhat.unaffected:tst:20165391002"
}
]
}
]
}
}

50
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/CVE-2018-5389.json vendored Normal file
View File

@ -0,0 +1,50 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:20185389",
"Version": "631",
"Metadata": {
"Title": "CVE-2018-5389 IKEv1: IKEv1 protocol vulnerability in the authentication mode with pre-shared keys in the main mode of operation (moderate)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2018-5389",
"RefURL": "https://access.redhat.com/security/cve/CVE-2018-5389"
}
],
"Description": "DOCUMENTATION: It was found that IKEv1 (and potentially IKEv2) authentication when using a pre-shared key (PSK) is vulnerable to offline dictionary attacks in Main Mode as well as in Aggressive Mode. A man-in-the-middle attacker who intercepted the handshake of two peers authenticating with a PSK, could apply a brute-force attack to recover the shared secret.\n STATEMENT: PSK based authentication should only be used when the randomness and confidentially of the shared secret can be guaranteed. PSKs should also not be used as Group Secrets, where the security of the PSK is only as strong as the weakest participant in the group. Public Key or EAP authentication methods should be used whenever possible. If PSK must be used, it is essential to ensure the shared secret has a high degree of randomness and is not derived from a password with low entropy, as specified clearly in the IKEv2 specification in RFC 7296.\n\nTo use passwords for authentication of IKE/IPsec peers, the IKEv2 protocol supports various methods that are not based on (inherently weak) PSKs and which are not vulnerable to offline dictionary attacks:\n\nRFC 5998: EAP-Only Authentication in IKEv2\nRFC 6617: Secure Pre-Shared Key (PSK) Authentication for IKE\nRFC 6631: Password Authenticated Connection Establishment with IKEv2\nRFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2\n\nAs implementations supporting IKE assume the security of provided PSKs, and no mechanism within the protocol allows for password-stretching, we do not anticipate any software fixes becoming available.\n\nThe research paper that describes the problems of using weak PSKs also listed another security issue with respect to RSA keys that has different CVE numbers. Libreswan is not vulnerable to those attacks as it requires IKEv1 using either (\"Encryption with RSA\" (value 5) or \"Revised encryption with RSA\" (value 6). Both of these modes are not implemented by libreswan.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Moderate",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
},
{
"Comment": "libreswan is installed",
"TestRef": "oval:com.redhat.cve:tst:20165361001"
},
{
"Comment": "libreswan is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:20165361002"
}
]
}
]
}
}

101
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/CVE-2020-28935.json vendored Normal file
View File

@ -0,0 +1,101 @@
{
"Class": "vulnerability",
"ID": "oval:com.redhat.cve:def:202028935",
"Version": "631",
"Metadata": {
"Title": "CVE-2020-28935 unbound: symbolic link traversal when writing PID file (low)",
"References": [
{
"Source": "CVE",
"RefID": "CVE-2020-28935",
"RefURL": "https://access.redhat.com/security/cve/CVE-2020-28935"
}
],
"Description": "DOCUMENTATION: A symbolic link traversal vulnerability was found in the way unbound writes its PID file while starting up. A local attacker with access to the unbound user could set up a link to another file, owned by root, and make unbound overwrite it during its next restart, destroying the original content.\n\n MITIGATION: If SELinux is enabled in Enforcing mode (the default value in Red Hat Enterprise Linux 8), this kind of attack is prevented as unbound would be blocked from accessing the symbolic link file.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Low",
"Issued": {},
"Updated": {}
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "unbound-libs is installed",
"TestRef": "oval:com.redhat.cve:tst:202028935001"
},
{
"Comment": "unbound-libs is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202028935002"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "unbound-devel is installed",
"TestRef": "oval:com.redhat.cve:tst:202028935003"
},
{
"Comment": "unbound-devel is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202028935004"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "unbound-python is installed",
"TestRef": "oval:com.redhat.cve:tst:202028935005"
},
{
"Comment": "unbound-python is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202028935006"
}
]
},
{
"Operator": "AND",
"Criterions": [
{
"Comment": "unbound is installed",
"TestRef": "oval:com.redhat.cve:tst:202028935007"
},
{
"Comment": "unbound is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.cve:tst:202028935008"
}
]
}
]
}
]
}
]
}
}

95
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/RHBA-2014-1396.json vendored Normal file
View File

@ -0,0 +1,95 @@
{
"Class": "patch",
"ID": "oval:com.redhat.rhba:def:20141396",
"Version": "641",
"Metadata": {
"Title": "RHBA-2014:1396: redhat-upgrade-tool bug fix update (Important)",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"Red Hat Enterprise Linux 6 Extras"
]
}
],
"References": [
{
"Source": "RHSA",
"RefID": "RHBA-2014:1396",
"RefURL": "https://access.redhat.com/errata/RHBA-2014:1396"
},
{
"Source": "CVE",
"RefID": "CVE-2014-3585",
"RefURL": "https://access.redhat.com/security/cve/CVE-2014-3585"
}
],
"Description": "The Red Hat Upgrade Tool is used for performing an in-place upgrade of your\ncurrent system to the next major version of Red Hat Enterprise Linux. It\ndetermines what packages are needed for the upgrade and gathers them from the\nsource or sources given. It also fetches and sets up the boot images needed to\nrun the upgrade and sets up the system to perform the upgrade on the next system\nboot. Running the Red Hat Upgrade Tool requires running the Preupgrade Assistant\nas a prerequisite.\n\nThis update fixes the following bugs:\n\n* Previously, the Red Hat Subscription Management (RHSM) repository setup did\nnot correctly specify the appropriate URLs. As a consequence,\npreupgrade-assistant postupgrade scripts could not use the Yum utility, and an\nerror message was displayed. With this update, the \"skip_if_unavailable\" option\nhas been set to \"True\" for all generated repository files, and the errors no\nlonger occur. (BZ#1106401)\n\n* Previously, using the \"--addrepo\" option with an incorrect argument returned a\nconfusing error message that no upgrade was available from the repository. As a\nconsequence, it was not clear whether the specified URL was incorrect or there\nwas no upgrade available from the repository. This update improves the error\nmessage which now suggests checking if the specified URL is correct.\n(BZ#1084985)\n\n* After an upgrade, when one of the postupgrade scripts attempted to downgrade\nseveral packages, downgrade failed because of errors downloading the GPG keys.\nThis bug has been fixed by specifying that the postupgrade scripts use the same\nGPG keys as the Red Hat Upgrade Tool. As a result, postupgrade scripts downgrade\nthe selected packages successfully. (BZ#1115532)\n\n* Previously, the Red Hat Upgrade Tool did not perform a check whether the\nrepositories the system is being upgraded to are signed by Red Hat. This update\nadds a check to the Red Hat Upgrade Tool which checks the repository signatures\nand fails the upgrade if the packages are not signed by Red Hat. (BZ#1123915)\n\n* Previously, running the redhat-upgrade-tool command with the \"--clean\" option\ncould fail because the Red Hat Upgrade Tool did not check for the existence of\nthe /var/lib/systemd file. This bug has been fixed and the \"redhat-upgrade-tool\n--clean\" command now executes successfully. (BZ#1128162)\n\n* Previously, after an upgrade, the Red Hat Upgrade Tool did not disable the Yum\nrepositories for the old system. This bug has been fixed and now Red Hat Upgrade\nTool correctly disables all old repositories excluding the\n/etc/yum.repos.d/redhat-upgrade-* repositories. (BZ#1130686)\n\n* Previously, certain packages handled by the Preupgrade Assistant utility and\nconsequently by the Red Hat Upgrade Tool had broken upgrade paths. As a\nconsequence, these packages were not upgraded during system assessment. This\nupdate fixes the upgrade paths and the correct files are now downloaded and\ninstalled by both tools. (BZ#1138615)\n\n* Previously, when performing an upgrade over the network, if there was a\nnetwork timeout error when downloading the .treeinfo file, the Red Hat Upgrade\nTool exited with a traceback error. After this update, if there is a network\ntimeout, the Red Hat Upgrade Tool returns a \"Downloading failed\" error and does\nnot produce a traceback error. (BZ#1076120)\n\nUsers of redhat-upgrade-tool are advised to upgrade to this updated package,\nwhich fixes these bugs.",
"Advisory": {
"From": "secalert@redhat.com",
"Severity": "Important",
"Rights": "Copyright 2014 Red Hat, Inc.",
"Issued": {
"Date": "2014-10-14"
},
"Updated": {
"Date": "2014-10-14"
},
"Cves": [
{
"CveID": "CVE-2014-3585",
"Cvss2": "7.6/AV:N/AC:H/Au:N/C:C/I:C/A:C",
"Cwe": "CWE-347",
"Href": "https://access.redhat.com/security/cve/CVE-2014-3585",
"Public": "20141014"
}
],
"Bugzilla": [
{
"Href": "https://bugzilla.redhat.com/1084985",
"ID": "1084985"
},
{
"Href": "https://bugzilla.redhat.com/1115532",
"ID": "1115532"
},
{
"Href": "https://bugzilla.redhat.com/1128162",
"ID": "1128162"
}
],
"AffectedCpeList": [
"cpe:/a:redhat:rhel_extras_other:6",
"cpe:/a:redhat:rhel_extras_other:6"
]
}
},
"Criteria": {
"Operator": "OR",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux must be installed",
"TestRef": "oval:com.redhat.cve:tst:20143209010"
}
],
"Criterias": [
{
"Operator": "AND",
"Criterions": [
{
"Comment": "Red Hat Enterprise Linux 6 is installed",
"TestRef": "oval:com.redhat.cve:tst:20143209009"
},
{
"Comment": "redhat-upgrade-tool is earlier than 1:0.7.32-1.el6",
"TestRef": "oval:com.redhat.rhba:tst:20141396001"
},
{
"Comment": "redhat-upgrade-tool is signed with Red Hat redhatrelease2 key",
"TestRef": "oval:com.redhat.rhba:tst:20141396002"
}
]
}
]
}
}

95
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/objects.json vendored Normal file
View File

@ -0,0 +1,95 @@
{
"RpminfoObjects": [
{
"ID": "oval:com.redhat.cve:obj:20143209001",
"Version": "631",
"Name": "ldns-devel"
},
{
"ID": "oval:com.redhat.cve:obj:20143209002",
"Version": "631",
"Name": "ldns-doc"
},
{
"ID": "oval:com.redhat.cve:obj:20143209003",
"Version": "631",
"Name": "ldns"
},
{
"ID": "oval:com.redhat.cve:obj:20143209004",
"Version": "631",
"Name": "ldns-python"
},
{
"ID": "oval:com.redhat.cve:obj:20165361001",
"Version": "631",
"Name": "libreswan"
},
{
"ID": "oval:com.redhat.cve:obj:202028935001",
"Version": "631",
"Name": "unbound-libs"
},
{
"ID": "oval:com.redhat.cve:obj:202028935002",
"Version": "631",
"Name": "unbound-devel"
},
{
"ID": "oval:com.redhat.cve:obj:202028935003",
"Version": "631",
"Name": "unbound-python"
},
{
"ID": "oval:com.redhat.cve:obj:202028935004",
"Version": "631",
"Name": "unbound"
},
{
"ID": "oval:com.redhat.rhba:obj:20141396001",
"Version": "641",
"Name": "redhat-upgrade-tool"
},
{
"ID": "oval:com.redhat.unaffected:obj:20190804001",
"Version": "631",
"Name": "WALinuxAgent"
}
],
"RpmverifyfileObjects": [
{
"ID": "oval:com.redhat.cve:obj:20143209005",
"AttrVersion": "631",
"Behaviors": {
"Noconfigfiles": "true",
"Noghostfiles": "true",
"Nogroup": "true",
"Nolinkto": "true",
"Nomd5": "true",
"Nomode": "true",
"Nomtime": "true",
"Nordev": "true",
"Nosize": "true",
"Nouser": "true"
},
"Filepath": {
"Text": "/etc/redhat-release"
},
"Name": {
"Operation": "pattern match"
},
"Version": {
"Operation": "pattern match"
},
"Epoch": {
"Operation": "pattern match"
},
"Arch": {
"Operation": "pattern match"
},
"Release": {
"Operation": "pattern match"
}
}
]
}

48
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/states.json vendored Normal file
View File

@ -0,0 +1,48 @@
{
"RpminfoState": [
{
"ID": "oval:com.redhat.cve:ste:20143209001",
"Version": "631",
"Arch": {},
"Evr": {},
"SignatureKeyID": {
"Text": "199e2f91fd431d51",
"Operation": "equals"
}
},
{
"ID": "oval:com.redhat.rhba:ste:20141396001",
"Version": "641",
"Arch": {},
"Evr": {
"Text": "1:0.7.32-1.el6",
"Datatype": "evr_string",
"Operation": "less than"
},
"SignatureKeyID": {}
}
],
"RpmverifyfileStates": [
{
"ID": "oval:com.redhat.cve:ste:20143209002",
"AttrVersion": "631",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {
"Text": "^6[^\\d]",
"Operation": "pattern match"
}
},
{
"ID": "oval:com.redhat.cve:ste:20143209003",
"AttrVersion": "631",
"Name": {
"Text": "^redhat-release",
"Operation": "pattern match"
},
"Version": {}
}
]
}

372
oval/redhat/testdata/golden/rhel-6-extras-including-unpatched/tests.json vendored Normal file
View File

@ -0,0 +1,372 @@
{
"RpminfoTests": [
{
"Check": "at least one",
"Comment": "ldns-devel is installed",
"ID": "oval:com.redhat.cve:tst:20143209001",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-devel is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:20143209002",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209001"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "ldns-doc is installed",
"ID": "oval:com.redhat.cve:tst:20143209003",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209002"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-doc is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:20143209004",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209002"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "ldns is installed",
"ID": "oval:com.redhat.cve:tst:20143209005",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209003"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:20143209006",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209003"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "ldns-python is installed",
"ID": "oval:com.redhat.cve:tst:20143209007",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209004"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-python is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:20143209008",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209004"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "libreswan is installed",
"ID": "oval:com.redhat.cve:tst:20165361001",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20165361001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "libreswan is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:20165361002",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20165361001"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "unbound-libs is installed",
"ID": "oval:com.redhat.cve:tst:202028935001",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-libs is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202028935002",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935001"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "unbound-devel is installed",
"ID": "oval:com.redhat.cve:tst:202028935003",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935002"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-devel is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202028935004",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935002"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "unbound-python is installed",
"ID": "oval:com.redhat.cve:tst:202028935005",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935003"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-python is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202028935006",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935003"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "unbound is installed",
"ID": "oval:com.redhat.cve:tst:202028935007",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935004"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.cve:tst:202028935008",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935004"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "redhat-upgrade-tool is earlier than 1:0.7.32-1.el6",
"ID": "oval:com.redhat.rhba:tst:20141396001",
"Version": "641",
"Object": {
"ObjectRef": "oval:com.redhat.rhba:obj:20141396001"
},
"State": {
"StateRef": "oval:com.redhat.rhba:ste:20141396001"
}
},
{
"Check": "at least one",
"Comment": "redhat-upgrade-tool is signed with Red Hat redhatrelease2 key",
"ID": "oval:com.redhat.rhba:tst:20141396002",
"Version": "641",
"Object": {
"ObjectRef": "oval:com.redhat.rhba:obj:20141396001"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209001"
}
},
{
"Check": "at least one",
"Comment": "libreswan is not installed",
"ID": "oval:com.redhat.unaffected:tst:20165391002",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20165361001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-python is not installed",
"ID": "oval:com.redhat.unaffected:tst:20171000232002",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209004"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-devel is not installed",
"ID": "oval:com.redhat.unaffected:tst:20171000232004",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns is not installed",
"ID": "oval:com.redhat.unaffected:tst:20171000232006",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209003"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "ldns-doc is not installed",
"ID": "oval:com.redhat.unaffected:tst:20171000232008",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209002"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-libs is not installed",
"ID": "oval:com.redhat.unaffected:tst:201715105002",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound is not installed",
"ID": "oval:com.redhat.unaffected:tst:201715105004",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935004"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-python is not installed",
"ID": "oval:com.redhat.unaffected:tst:201715105006",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935003"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "unbound-devel is not installed",
"ID": "oval:com.redhat.unaffected:tst:201715105008",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:202028935002"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "WALinuxAgent is installed",
"ID": "oval:com.redhat.unaffected:tst:20190804001",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.unaffected:obj:20190804001"
},
"State": {}
},
{
"Check": "at least one",
"Comment": "WALinuxAgent is not installed",
"ID": "oval:com.redhat.unaffected:tst:20190804002",
"Version": "631",
"CheckExistence": "none_exist",
"Object": {
"ObjectRef": "oval:com.redhat.unaffected:obj:20190804001"
},
"State": {}
}
],
"RpmverifyfileTests": [
{
"Check": "at least one",
"Comment": "Red Hat Enterprise Linux 6 is installed",
"ID": "oval:com.redhat.cve:tst:20143209009",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209005"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209002"
}
},
{
"Check": "none satisfy",
"Comment": "Red Hat Enterprise Linux must be installed",
"ID": "oval:com.redhat.cve:tst:20143209010",
"Version": "631",
"Object": {
"ObjectRef": "oval:com.redhat.cve:obj:20143209005"
},
"State": {
"StateRef": "oval:com.redhat.cve:ste:20143209003"
}
}
]
}

BIN
oval/redhat/testdata/rhel-6-broken.oval.xml.bz2 vendored
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-6-extras-including-unpatched-broken-XML.oval.xml.bz2 vendored Normal file
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-6-extras-including-unpatched.oval.xml.bz2 vendored Normal file
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-6-invalid-id.oval.xml.bz2 vendored
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-6.oval.xml.bz2 vendored
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-7.oval.xml.bz2 vendored
View File

Binary file not shown.

BIN
oval/redhat/testdata/rhel-8.oval.xml.bz2 vendored
View File

Binary file not shown.

348
oval/redhat/types.go
View File

@ -4,105 +4,297 @@ import (
"encoding/xml"
)
// Root : root object
type Root struct {
type OvalDefinitions struct {
XMLName xml.Name `xml:"oval_definitions"`
Generator Generator `xml:"generator"`
Definitions Definitions `xml:"definitions"`
Tests Tests `xml:"tests" json:",omitempty"`
Objects Objects `xml:"objects" json:",omitempty"`
States States `xml:"states" json:",omitempty"`
}
// Generator : >generator
type Generator struct {
XMLName xml.Name `xml:"generator"`
ProductName string `xml:"product_name"`
ProductVersion string `xml:"product_version"`
SchemaVersion string `xml:"schema_version"`
Timestamp string `xml:"timestamp"`
ProductName string `xml:"product_name"`
ProductVersion string `xml:"product_version"`
SchemaVersion string `xml:"schema_version"`
ContentVersion string `xml:"content_version"`
Timestamp string `xml:"timestamp"`
}
// Definitions : >definitions
type Definitions struct {
XMLName xml.Name `xml:"definitions"`
Definitions []Definition `xml:"definition"`
Definition []Definition `xml:"definition" json:",omitempty"`
}
// Definition : >definitions>definition
type Definition struct {
XMLName xml.Name `xml:"definition"`
ID string `xml:"id,attr"`
Class string `xml:"class,attr"`
Title string `xml:"metadata>title"`
Affecteds []Affected `xml:"metadata>affected"`
References []Reference `xml:"metadata>reference"`
Description string `xml:"metadata>description"`
Advisory Advisory `xml:"metadata>advisory"` // RedHat, Oracle, Ubuntu
Criteria Criteria `xml:"criteria"`
Class string `xml:"class,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Metadata Metadata `xml:"metadata" json:",omitempty"`
Criteria Criteria `xml:"criteria" json:",omitempty"`
}
// Criteria : >definitions>definition>criteria
type Criteria struct {
XMLName xml.Name `xml:"criteria"`
Operator string `xml:"operator,attr"`
Criterias []Criteria `xml:"criteria"`
Criterions []Criterion `xml:"criterion"`
type Metadata struct {
Title string `xml:"title" json:",omitempty"`
AffectedList []Affected `xml:"affected" json:",omitempty"`
References []Reference `xml:"reference" json:",omitempty"`
Description string `xml:"description" json:",omitempty"`
Advisory Advisory `xml:"advisory" json:",omitempty"`
}
// Criterion : >definitions>definition>criteria>*>criterion
type Criterion struct {
XMLName xml.Name `xml:"criterion"`
Negate bool `xml:"negate,attr"`
TestRef string `xml:"test_ref,attr"`
Comment string `xml:"comment,attr"`
}
// Affected : >definitions>definition>metadata>affected
type Affected struct {
XMLName xml.Name `xml:"affected"`
Family string `xml:"family,attr"`
Platforms []string `xml:"platform"`
}
// Reference : >definitions>definition>metadata>reference
type Reference struct {
XMLName xml.Name `xml:"reference"`
Source string `xml:"source,attr"`
RefID string `xml:"ref_id,attr"`
RefURL string `xml:"ref_url,attr"`
}
// Advisory : >definitions>definition>metadata>advisory
type Advisory struct {
XMLName xml.Name `xml:"advisory"`
Severity string `xml:"severity"`
Cves []Cve `xml:"cve"`
Bugzillas []Bugzilla `xml:"bugzilla"`
AffectedCPEList []string `xml:"affected_cpe_list>cpe"`
Issued struct {
Date string `xml:"date,attr"`
} `xml:"issued"`
Updated struct {
Date string `xml:"date,attr"`
} `xml:"updated"`
From string `xml:"from,attr" json:",omitempty"`
Severity string `xml:"severity" json:",omitempty"`
Rights string `xml:"rights" json:",omitempty"`
Issued Issued `xml:"issued" json:",omitempty"`
Updated Updated `xml:"updated" json:",omitempty"`
Cves []Cve `xml:"cve" json:",omitempty"`
Bugzilla []Bugzilla `xml:"bugzilla" json:",omitempty"`
AffectedCpeList []string `xml:"affected_cpe_list>cpe" json:",omitempty"`
}
type Criteria struct {
Operator string `xml:"operator,attr" json:",omitempty"`
Criterions []Criterion `xml:"criterion" json:",omitempty"`
Criterias []Criteria `xml:"criteria" json:",omitempty"`
}
type Criterion struct {
Comment string `xml:"comment,attr"`
TestRef string `xml:"test_ref,attr"`
}
type Affected struct {
Family string `xml:"family,attr" json:",omitempty"`
Platforms []string `xml:"platform" json:",omitempty"`
}
type Reference struct {
Source string `xml:"source,attr" json:",omitempty"`
RefID string `xml:"ref_id,attr" json:",omitempty"`
RefURL string `xml:"ref_url,attr" json:",omitempty"`
}
type Issued struct {
Date string `xml:"date,attr" json:",omitempty"`
}
type Updated struct {
Date string `xml:"date,attr" json:",omitempty"`
}
// Cve : >definitions>definition>metadata>advisory>cve
// RedHat OVAL
type Cve struct {
XMLName xml.Name `xml:"cve"`
CveID string `xml:",chardata"`
Cvss2 string `xml:"cvss2,attr"`
Cvss3 string `xml:"cvss3,attr"`
Cwe string `xml:"cwe,attr"`
Impact string `xml:"impact,attr"`
Href string `xml:"href,attr"`
Public string `xml:"public,attr"`
CveID string `xml:",chardata" json:",omitempty"`
Cvss2 string `xml:"cvss2,attr" json:",omitempty"`
Cvss3 string `xml:"cvss3,attr" json:",omitempty"`
Cwe string `xml:"cwe,attr" json:",omitempty"`
Impact string `xml:"impact,attr" json:",omitempty"`
Href string `xml:"href,attr" json:",omitempty"`
Public string `xml:"public,attr" json:",omitempty"`
}
// Bugzilla : >definitions>definition>metadata>advisory>bugzilla
// RedHat OVAL
type Bugzilla struct {
XMLName xml.Name `xml:"bugzilla"`
ID string `xml:"id,attr"`
URL string `xml:"href,attr"`
Title string `xml:",chardata"`
Href string `xml:"href,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
}
type State struct {
Text string `xml:",chardata" json:",omitempty"`
StateRef string `xml:"state_ref,attr" json:",omitempty"`
}
type Object struct {
Text string `xml:",chardata" json:",omitempty"`
ObjectRef string `xml:"object_ref,attr" json:",omitempty"`
}
type RpminfoTest struct {
Check string `xml:"check,attr" json:",omitempty"`
Comment string `xml:"comment,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
CheckExistence string `xml:"check_existence,attr" json:",omitempty"`
Object Object `xml:"object" json:",omitempty"`
State State `xml:"state" json:",omitempty"`
}
type RpminfoObject struct {
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Name string `xml:"name" json:",omitempty"`
}
type RpminfoState struct {
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Arch Arch `xml:"arch" json:",omitempty"`
Evr Evr `xml:"evr" json:",omitempty"`
SignatureKeyID SignatureKeyID `xml:"signature_keyid" json:",omitempty"`
}
type SignatureKeyID struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Arch struct {
Text string `xml:",chardata" json:",omitempty"`
Datatype string `xml:"datatype,attr" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Evr struct {
Text string `xml:",chardata" json:",omitempty"`
Datatype string `xml:"datatype,attr" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Tests struct {
RpminfoTests []RpminfoTest `xml:"rpminfo_test" json:",omitempty"`
RpmverifyfileTests []RpmverifyfileTest `xml:"rpmverifyfile_test" json:",omitempty"`
Textfilecontent54Tests []Textfilecontent54Test `xml:"textfilecontent54_test" json:",omitempty"`
UnameTests []UnameTest `xml:"uname_test" json:",omitempty"`
}
type Textfilecontent54Test struct {
Check string `xml:"check,attr" json:",omitempty"`
Comment string `xml:"comment,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Object Object `xml:"object" json:",omitempty"`
State State `xml:"state" json:",omitempty"`
}
type RpmverifyfileTest struct {
Check string `xml:"check,attr" json:",omitempty"`
Comment string `xml:"comment,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Object Object `xml:"object" json:",omitempty"`
State State `xml:"state" json:",omitempty"`
}
type UnameTest struct {
Check string `xml:"check,attr" json:",omitempty"`
Comment string `xml:"comment,attr" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Object Object `xml:"object" json:",omitempty"`
State State `xml:"state" json:",omitempty"`
}
type Objects struct {
RpminfoObjects []RpminfoObject `xml:"rpminfo_object" json:",omitempty"`
RpmverifyfileObjects []RpmverifyfileObject `xml:"rpmverifyfile_object" json:",omitempty"`
Textfilecontent54Objects []Textfilecontent54Object `xml:"textfilecontent54_object" json:",omitempty"`
UnameObjects []UnameObject `xml:"uname_object" json:",omitempty"`
}
type UnameObject struct {
Text string `xml:",chardata" json:",omitempty"`
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
}
type Filepath struct {
Text string `xml:",chardata" json:",omitempty"`
Datatype string `xml:"datatype,attr" json:",omitempty"`
}
type Pattern struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Instance struct {
Text string `xml:",chardata" json:",omitempty"`
Datatype string `xml:"datatype,attr" json:",omitempty"`
VarRef string `xml:"var_ref,attr" json:",omitempty"`
}
type Textfilecontent54Object struct {
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Filepath Filepath `xml:"filepath" json:",omitempty"`
Pattern Pattern `xml:"pattern" json:",omitempty"`
Instance Instance `xml:"instance" json:",omitempty"`
}
type Behaviors struct {
Text string `xml:",chardata" json:",omitempty"`
Noconfigfiles string `xml:"noconfigfiles,attr" json:",omitempty"`
Noghostfiles string `xml:"noghostfiles,attr" json:",omitempty"`
Nogroup string `xml:"nogroup,attr" json:",omitempty"`
Nolinkto string `xml:"nolinkto,attr" json:",omitempty"`
Nomd5 string `xml:"nomd5,attr" json:",omitempty"`
Nomode string `xml:"nomode,attr" json:",omitempty"`
Nomtime string `xml:"nomtime,attr" json:",omitempty"`
Nordev string `xml:"nordev,attr" json:",omitempty"`
Nosize string `xml:"nosize,attr" json:",omitempty"`
Nouser string `xml:"nouser,attr" json:",omitempty"`
}
type RpmverifyfileObject struct {
ID string `xml:"id,attr" json:",omitempty"`
AttrVersion string `xml:"version,attr" json:",omitempty"`
Behaviors Behaviors `xml:"behaviors" json:",omitempty"`
Filepath Filepath `xml:"filepath" json:",omitempty"`
Name Name `xml:"name" json:",omitempty"`
Version Version `xml:"version" json:",omitempty"`
Epoch Epoch `xml:"epoch" json:",omitempty"`
Arch Arch `xml:"arch" json:",omitempty"`
Release Release `xml:"release" json:",omitempty"`
}
type Epoch struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Release struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type Name struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type States struct {
RpminfoState []RpminfoState `xml:"rpminfo_state" json:",omitempty"`
RpmverifyfileStates []RpmverifyfileState `xml:"rpmverifyfile_state" json:",omitempty"`
Textfilecontent54State []Textfilecontent54State `xml:"textfilecontent54_state" json:",omitempty"`
UnameState []UnameState `xml:"uname_state" json:",omitempty"`
}
type Version struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type RpmverifyfileState struct {
ID string `xml:"id,attr" json:",omitempty"`
AttrVersion string `xml:"version,attr" json:",omitempty"`
Name Name `xml:"name" json:",omitempty"`
Version Version `xml:"version" json:",omitempty"`
}
type Textfilecontent54State struct {
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
Text Text `xml:"text" json:",omitempty"`
}
type Text struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type OsRelease struct {
Text string `xml:",chardata" json:",omitempty"`
Operation string `xml:"operation,attr" json:",omitempty"`
}
type UnameState struct {
ID string `xml:"id,attr" json:",omitempty"`
Version string `xml:"version,attr" json:",omitempty"`
OsRelease OsRelease `xml:"os_release" json:",omitempty"`
}