File tree 2 files changed +70
-0
lines changed
2 files changed +70
-0
lines changed Original file line number Diff line number Diff line change @@ -9,3 +9,7 @@ An incomplete index:
99- ` bin/check-rhcc `
1010
1111 Checks ID existence in the Red Hat ` cvemap.xml ` file.
12+
13+ - ` bin/check-oval `
14+
15+ Checks ID existence in an OVAL XML file.
Original file line number Diff line number Diff line change 1+ #! /bin/sh
2+ # Takes a list of identifiers as arguments and prints OVAL definitions from the specified OVAL XML.
3+ # The "p" flag allows for specifying a substring of a package name to return objects naming it from the Vulnerability.
4+ set -e
5+
6+ needcmd () {
7+ for cmd in " $@ " ; do
8+ if ! command -v " $cmd " 1> /dev/null 2>&1 ; then
9+ printf ' need command: %s\n' " $cmd " >&2
10+ exit 99
11+ fi
12+ done
13+ }
14+ needcmd wget xmllint zstd
15+
16+ pkgname=' '
17+ dofetch=0
18+ url=' '
19+ while getopts fp:u: flag; do
20+ case $flag in
21+ f) dofetch=1;;
22+ p) pkgname=" $OPTARG "
23+ u) url=" $OPTARG "
24+ ? )
25+ printf " Usage: %s: [-f] [-p package_name] -u URL ID...\n" " $0 " >&2
26+ exit 2;;
27+ esac
28+ done
29+ shift $(( OPTIND - 1 ))
30+ if [ " $# " -eq 0 ] || [ -z " $url " ; then
31+ printf " Usage: %s: [-f] [-p package_name] -u URL ID...\n" " $0 " >&2
32+ exit 2
33+ fi
34+ : " $url "
35+ : " $@ "
36+
37+ workdir=/tmp/OVAL
38+ test -d " $workdir " || mkdir -p " $workdir "
39+ infile=" ${workdir} /$( basename " $url " ) "
40+
41+ if test " $dofetch " || ! test -f " $infile " ; then
42+ echo \# fetching " $( basename " $url " ) " >&2
43+ wget -q -O - " $url " |
44+ xmllint --format - |
45+ zstd > " $infile "
46+ echo \# OK >&2
47+ fi
48+
49+ # OVAL documents use namespaces, which xmllint has poor support for from the command line.
50+ # The query needs to end up looking something like:
51+ #
52+ # xmllint --xpath '//*[local-name()="definition"][.//*[local-name()="criterion" and contains(@comment, "pkg")]]/
53+
54+ q=' '
55+ for id in " $@ " ; do
56+ q=" ${q}${q: + or } (local-name()='reference' and @ref_id='${id} ')"
57+ done
58+ q=" //*[local-name()='definition'][.//*[(${q} )"
59+ if test -n " $pkgname " ; then
60+ q=" ${q} or (local-name()='criterion' and contains(@name, '${pkgname} '))"
61+ fi
62+ q=" ${q} ]]"
63+ : " $q "
64+
65+ zstdcat " $infile " |
66+ xmllint --xpath " $q "
You can’t perform that action at this time.
0 commit comments