Merge pull request #290 from Djelibeybi/oraclelinux-support
Oracle Linux support
This commit is contained in:
commit
7d3d1861d0
@ -161,12 +161,14 @@ By indexing the features of an image into the database, images only need to be r
|
|||||||
| [Debian Security Bug Tracker] | Debian 6, 7, 8, unstable namespaces | [dpkg] | [Debian] |
|
| [Debian Security Bug Tracker] | Debian 6, 7, 8, unstable namespaces | [dpkg] | [Debian] |
|
||||||
| [Ubuntu CVE Tracker] | Ubuntu 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10, 16.04 namespaces | [dpkg] | [GPLv2] |
|
| [Ubuntu CVE Tracker] | Ubuntu 12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10, 16.04 namespaces | [dpkg] | [GPLv2] |
|
||||||
| [Red Hat Security Data] | CentOS 5, 6, 7 namespaces | [rpm] | [CVRF] |
|
| [Red Hat Security Data] | CentOS 5, 6, 7 namespaces | [rpm] | [CVRF] |
|
||||||
|
| [Oracle Linux Security Data] | Oracle Linux 5, 6, 7 namespaces | [rpm] | [CVRF] |
|
||||||
| [Alpine SecDB] | Alpine 3.3, Alpine 3.4 namespaces | [apk] | [MIT] |
|
| [Alpine SecDB] | Alpine 3.3, Alpine 3.4 namespaces | [apk] | [MIT] |
|
||||||
| [NVD] | Generic Vulnerability Metadata | N/A | [Public Domain] |
|
| [NVD] | Generic Vulnerability Metadata | N/A | [Public Domain] |
|
||||||
|
|
||||||
[Debian Security Bug Tracker]: https://security-tracker.debian.org/tracker
|
[Debian Security Bug Tracker]: https://security-tracker.debian.org/tracker
|
||||||
[Ubuntu CVE Tracker]: https://launchpad.net/ubuntu-cve-tracker
|
[Ubuntu CVE Tracker]: https://launchpad.net/ubuntu-cve-tracker
|
||||||
[Red Hat Security Data]: https://www.redhat.com/security/data/metrics
|
[Red Hat Security Data]: https://www.redhat.com/security/data/metrics
|
||||||
|
[Oracle Linux Security Data]: https://linux.oracle.com/security/
|
||||||
[NVD]: https://nvd.nist.gov
|
[NVD]: https://nvd.nist.gov
|
||||||
[dpkg]: https://en.wikipedia.org/wiki/dpkg
|
[dpkg]: https://en.wikipedia.org/wiki/dpkg
|
||||||
[rpm]: http://www.rpm.org
|
[rpm]: http://www.rpm.org
|
||||||
|
@ -30,6 +30,7 @@ import (
|
|||||||
|
|
||||||
_ "github.com/coreos/clair/updater/fetchers/alpine"
|
_ "github.com/coreos/clair/updater/fetchers/alpine"
|
||||||
_ "github.com/coreos/clair/updater/fetchers/debian"
|
_ "github.com/coreos/clair/updater/fetchers/debian"
|
||||||
|
_ "github.com/coreos/clair/updater/fetchers/oracle"
|
||||||
_ "github.com/coreos/clair/updater/fetchers/rhel"
|
_ "github.com/coreos/clair/updater/fetchers/rhel"
|
||||||
_ "github.com/coreos/clair/updater/fetchers/ubuntu"
|
_ "github.com/coreos/clair/updater/fetchers/ubuntu"
|
||||||
_ "github.com/coreos/clair/updater/metadata_fetchers/nvd"
|
_ "github.com/coreos/clair/updater/metadata_fetchers/nvd"
|
||||||
|
356
updater/fetchers/oracle/oracle.go
Normal file
356
updater/fetchers/oracle/oracle.go
Normal file
@ -0,0 +1,356 @@
|
|||||||
|
// Copyright 2015 clair authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package oracle
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bufio"
|
||||||
|
"encoding/xml"
|
||||||
|
"io"
|
||||||
|
"net/http"
|
||||||
|
"regexp"
|
||||||
|
"strconv"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/coreos/clair/database"
|
||||||
|
"github.com/coreos/clair/updater"
|
||||||
|
cerrors "github.com/coreos/clair/utils/errors"
|
||||||
|
"github.com/coreos/clair/utils/types"
|
||||||
|
"github.com/coreos/pkg/capnslog"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
firstOracle5ELSA = 20070057
|
||||||
|
ovalURI = "https://linux.oracle.com/oval/"
|
||||||
|
elsaFilePrefix = "com.oracle.elsa-"
|
||||||
|
updaterFlag = "oracleUpdater"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
ignoredCriterions = []string{
|
||||||
|
" is signed with the Oracle Linux",
|
||||||
|
".ksplice1.",
|
||||||
|
}
|
||||||
|
|
||||||
|
elsaRegexp = regexp.MustCompile(`com.oracle.elsa-(\d+).xml`)
|
||||||
|
|
||||||
|
log = capnslog.NewPackageLogger("github.com/coreos/clair", "updater/fetchers/oracle")
|
||||||
|
)
|
||||||
|
|
||||||
|
type oval struct {
|
||||||
|
Definitions []definition `xml:"definitions>definition"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type definition struct {
|
||||||
|
Title string `xml:"metadata>title"`
|
||||||
|
Description string `xml:"metadata>description"`
|
||||||
|
References []reference `xml:"metadata>reference"`
|
||||||
|
Criteria criteria `xml:"criteria"`
|
||||||
|
Severity string `xml:"metadata>advisory>severity"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type reference struct {
|
||||||
|
Source string `xml:"source,attr"`
|
||||||
|
URI string `xml:"ref_url,attr"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type criteria struct {
|
||||||
|
Operator string `xml:"operator,attr"`
|
||||||
|
Criterias []*criteria `xml:"criteria"`
|
||||||
|
Criterions []criterion `xml:"criterion"`
|
||||||
|
}
|
||||||
|
|
||||||
|
type criterion struct {
|
||||||
|
Comment string `xml:"comment,attr"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// OracleFetcher implements updater.Fetcher and gets vulnerability updates from
|
||||||
|
// the Oracle Linux OVAL definitions.
|
||||||
|
type OracleFetcher struct{}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
updater.RegisterFetcher("Oracle", &OracleFetcher{})
|
||||||
|
}
|
||||||
|
|
||||||
|
// FetchUpdate gets vulnerability updates from the Oracle Linux OVAL definitions.
|
||||||
|
func (f *OracleFetcher) FetchUpdate(datastore database.Datastore) (resp updater.FetcherResponse, err error) {
|
||||||
|
log.Info("fetching Oracle Linux vulnerabilities")
|
||||||
|
|
||||||
|
// Get the first ELSA we have to manage.
|
||||||
|
flagValue, err := datastore.GetKeyValue(updaterFlag)
|
||||||
|
if err != nil {
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
|
||||||
|
firstELSA, err := strconv.Atoi(flagValue)
|
||||||
|
if firstELSA == 0 || err != nil {
|
||||||
|
firstELSA = firstOracle5ELSA
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Fetch the update list.
|
||||||
|
r, err := http.Get(ovalURI)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not download Oracle's update list: %s", err)
|
||||||
|
return resp, cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
defer r.Body.Close()
|
||||||
|
|
||||||
|
// Get the list of ELSAs that we have to process.
|
||||||
|
var elsaList []int
|
||||||
|
scanner := bufio.NewScanner(r.Body)
|
||||||
|
for scanner.Scan() {
|
||||||
|
line := scanner.Text()
|
||||||
|
r := elsaRegexp.FindStringSubmatch(line)
|
||||||
|
if len(r) == 2 {
|
||||||
|
elsaNo, _ := strconv.Atoi(r[1])
|
||||||
|
if elsaNo > firstELSA {
|
||||||
|
elsaList = append(elsaList, elsaNo)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, elsa := range elsaList {
|
||||||
|
// Download the ELSA's XML file.
|
||||||
|
r, err := http.Get(ovalURI + elsaFilePrefix + strconv.Itoa(elsa) + ".xml")
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not download Oracle's update file: %s", err)
|
||||||
|
return resp, cerrors.ErrCouldNotDownload
|
||||||
|
}
|
||||||
|
|
||||||
|
// Parse the XML.
|
||||||
|
vs, err := parseELSA(r.Body)
|
||||||
|
if err != nil {
|
||||||
|
return resp, err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Collect vulnerabilities.
|
||||||
|
for _, v := range vs {
|
||||||
|
resp.Vulnerabilities = append(resp.Vulnerabilities, v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set the flag if we found anything.
|
||||||
|
if len(elsaList) > 0 {
|
||||||
|
resp.FlagName = updaterFlag
|
||||||
|
resp.FlagValue = strconv.Itoa(elsaList[len(elsaList)-1])
|
||||||
|
} else {
|
||||||
|
log.Debug("no Oracle Linux update.")
|
||||||
|
}
|
||||||
|
|
||||||
|
return resp, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func parseELSA(ovalReader io.Reader) (vulnerabilities []database.Vulnerability, err error) {
|
||||||
|
// Decode the XML.
|
||||||
|
var ov oval
|
||||||
|
err = xml.NewDecoder(ovalReader).Decode(&ov)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("could not decode Oracle's XML: %s", err)
|
||||||
|
err = cerrors.ErrCouldNotParse
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Iterate over the definitions and collect any vulnerabilities that affect
|
||||||
|
// at least one package.
|
||||||
|
for _, definition := range ov.Definitions {
|
||||||
|
pkgs := toFeatureVersions(definition.Criteria)
|
||||||
|
if len(pkgs) > 0 {
|
||||||
|
vulnerability := database.Vulnerability{
|
||||||
|
Name: name(definition),
|
||||||
|
Link: link(definition),
|
||||||
|
Severity: priority(definition),
|
||||||
|
Description: description(definition),
|
||||||
|
}
|
||||||
|
for _, p := range pkgs {
|
||||||
|
vulnerability.FixedIn = append(vulnerability.FixedIn, p)
|
||||||
|
}
|
||||||
|
vulnerabilities = append(vulnerabilities, vulnerability)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func getCriterions(node criteria) [][]criterion {
|
||||||
|
// Filter useless criterions.
|
||||||
|
var criterions []criterion
|
||||||
|
for _, c := range node.Criterions {
|
||||||
|
ignored := false
|
||||||
|
|
||||||
|
for _, ignoredItem := range ignoredCriterions {
|
||||||
|
if strings.Contains(c.Comment, ignoredItem) {
|
||||||
|
ignored = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !ignored {
|
||||||
|
criterions = append(criterions, c)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if node.Operator == "AND" {
|
||||||
|
return [][]criterion{criterions}
|
||||||
|
} else if node.Operator == "OR" {
|
||||||
|
var possibilities [][]criterion
|
||||||
|
for _, c := range criterions {
|
||||||
|
possibilities = append(possibilities, []criterion{c})
|
||||||
|
}
|
||||||
|
return possibilities
|
||||||
|
}
|
||||||
|
|
||||||
|
return [][]criterion{}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getPossibilities(node criteria) [][]criterion {
|
||||||
|
if len(node.Criterias) == 0 {
|
||||||
|
return getCriterions(node)
|
||||||
|
}
|
||||||
|
|
||||||
|
var possibilitiesToCompose [][][]criterion
|
||||||
|
for _, criteria := range node.Criterias {
|
||||||
|
possibilitiesToCompose = append(possibilitiesToCompose, getPossibilities(*criteria))
|
||||||
|
}
|
||||||
|
if len(node.Criterions) > 0 {
|
||||||
|
possibilitiesToCompose = append(possibilitiesToCompose, getCriterions(node))
|
||||||
|
}
|
||||||
|
|
||||||
|
var possibilities [][]criterion
|
||||||
|
if node.Operator == "AND" {
|
||||||
|
for _, possibility := range possibilitiesToCompose[0] {
|
||||||
|
possibilities = append(possibilities, possibility)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, possibilityGroup := range possibilitiesToCompose[1:] {
|
||||||
|
var newPossibilities [][]criterion
|
||||||
|
|
||||||
|
for _, possibility := range possibilities {
|
||||||
|
for _, possibilityInGroup := range possibilityGroup {
|
||||||
|
var p []criterion
|
||||||
|
p = append(p, possibility...)
|
||||||
|
p = append(p, possibilityInGroup...)
|
||||||
|
newPossibilities = append(newPossibilities, p)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
possibilities = newPossibilities
|
||||||
|
}
|
||||||
|
} else if node.Operator == "OR" {
|
||||||
|
for _, possibilityGroup := range possibilitiesToCompose {
|
||||||
|
for _, possibility := range possibilityGroup {
|
||||||
|
possibilities = append(possibilities, possibility)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return possibilities
|
||||||
|
}
|
||||||
|
|
||||||
|
func toFeatureVersions(criteria criteria) []database.FeatureVersion {
|
||||||
|
// There are duplicates in Oracle .xml files.
|
||||||
|
// This map is for deduplication.
|
||||||
|
featureVersionParameters := make(map[string]database.FeatureVersion)
|
||||||
|
|
||||||
|
possibilities := getPossibilities(criteria)
|
||||||
|
for _, criterions := range possibilities {
|
||||||
|
var (
|
||||||
|
featureVersion database.FeatureVersion
|
||||||
|
osVersion int
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
|
||||||
|
// Attempt to parse package data from trees of criterions.
|
||||||
|
for _, c := range criterions {
|
||||||
|
if strings.Contains(c.Comment, " is installed") {
|
||||||
|
const prefixLen = len("Oracle Linux ")
|
||||||
|
osVersion, err = strconv.Atoi(strings.TrimSpace(c.Comment[prefixLen : prefixLen+strings.Index(c.Comment[prefixLen:], " ")]))
|
||||||
|
if err != nil {
|
||||||
|
log.Warningf("could not parse Oracle Linux release version from: '%s'.", c.Comment)
|
||||||
|
}
|
||||||
|
} else if strings.Contains(c.Comment, " is earlier than ") {
|
||||||
|
const prefixLen = len(" is earlier than ")
|
||||||
|
featureVersion.Feature.Name = strings.TrimSpace(c.Comment[:strings.Index(c.Comment, " is earlier than ")])
|
||||||
|
featureVersion.Version, err = types.NewVersion(c.Comment[strings.Index(c.Comment, " is earlier than ")+prefixLen:])
|
||||||
|
if err != nil {
|
||||||
|
log.Warningf("could not parse package version '%s': %s. skipping", c.Comment[strings.Index(c.Comment, " is earlier than ")+prefixLen:], err.Error())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
featureVersion.Feature.Namespace.Name = "oracle" + ":" + strconv.Itoa(osVersion)
|
||||||
|
|
||||||
|
if featureVersion.Feature.Namespace.Name != "" && featureVersion.Feature.Name != "" && featureVersion.Version.String() != "" {
|
||||||
|
featureVersionParameters[featureVersion.Feature.Namespace.Name+":"+featureVersion.Feature.Name] = featureVersion
|
||||||
|
} else {
|
||||||
|
log.Warningf("could not determine a valid package from criterions: %v", criterions)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Convert the map to slice.
|
||||||
|
var featureVersionParametersArray []database.FeatureVersion
|
||||||
|
for _, fv := range featureVersionParameters {
|
||||||
|
featureVersionParametersArray = append(featureVersionParametersArray, fv)
|
||||||
|
}
|
||||||
|
|
||||||
|
return featureVersionParametersArray
|
||||||
|
}
|
||||||
|
|
||||||
|
func description(def definition) (desc string) {
|
||||||
|
// It is much more faster to proceed like this than using a Replacer.
|
||||||
|
desc = strings.Replace(def.Description, "\n\n\n", " ", -1)
|
||||||
|
desc = strings.Replace(desc, "\n\n", " ", -1)
|
||||||
|
desc = strings.Replace(desc, "\n", " ", -1)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func name(def definition) string {
|
||||||
|
return strings.TrimSpace(def.Title[:strings.Index(def.Title, ": ")])
|
||||||
|
}
|
||||||
|
|
||||||
|
func link(def definition) (link string) {
|
||||||
|
for _, reference := range def.References {
|
||||||
|
if reference.Source == "elsa" {
|
||||||
|
link = reference.URI
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func priority(def definition) types.Priority {
|
||||||
|
// Parse the priority.
|
||||||
|
priority := strings.ToLower(def.Severity)
|
||||||
|
|
||||||
|
// Normalize the priority.
|
||||||
|
switch priority {
|
||||||
|
case "n/a":
|
||||||
|
return types.Negligible
|
||||||
|
case "low":
|
||||||
|
return types.Low
|
||||||
|
case "moderate":
|
||||||
|
return types.Medium
|
||||||
|
case "important":
|
||||||
|
return types.High
|
||||||
|
case "critical":
|
||||||
|
return types.Critical
|
||||||
|
default:
|
||||||
|
log.Warningf("could not determine vulnerability priority from: %s.", priority)
|
||||||
|
return types.Unknown
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Clean deletes any allocated resources.
|
||||||
|
func (f *OracleFetcher) Clean() {}
|
102
updater/fetchers/oracle/oracle_test.go
Normal file
102
updater/fetchers/oracle/oracle_test.go
Normal file
@ -0,0 +1,102 @@
|
|||||||
|
// Copyright 2015 clair authors
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package oracle
|
||||||
|
|
||||||
|
import (
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"runtime"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/coreos/clair/database"
|
||||||
|
"github.com/coreos/clair/utils/types"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestOracleParser(t *testing.T) {
|
||||||
|
_, filename, _, _ := runtime.Caller(0)
|
||||||
|
path := filepath.Join(filepath.Dir(filename))
|
||||||
|
|
||||||
|
// Test parsing testdata/fetcher_oracle_test.1.xml
|
||||||
|
testFile, _ := os.Open(path + "/testdata/fetcher_oracle_test.1.xml")
|
||||||
|
defer testFile.Close()
|
||||||
|
|
||||||
|
vulnerabilities, err := parseELSA(testFile)
|
||||||
|
if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
|
||||||
|
assert.Equal(t, "ELSA-2015-1193", vulnerabilities[0].Name)
|
||||||
|
assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1193.html", vulnerabilities[0].Link)
|
||||||
|
assert.Equal(t, types.Medium, vulnerabilities[0].Severity)
|
||||||
|
assert.Equal(t, ` [3.1.1-7] Resolves: rhbz#1217104 CVE-2015-0252 `, vulnerabilities[0].Description)
|
||||||
|
|
||||||
|
expectedFeatureVersions := []database.FeatureVersion{
|
||||||
|
{
|
||||||
|
Feature: database.Feature{
|
||||||
|
Namespace: database.Namespace{Name: "oracle:7"},
|
||||||
|
Name: "xerces-c",
|
||||||
|
},
|
||||||
|
Version: types.NewVersionUnsafe("3.1.1-7.el7_1"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Feature: database.Feature{
|
||||||
|
Namespace: database.Namespace{Name: "oracle:7"},
|
||||||
|
Name: "xerces-c-devel",
|
||||||
|
},
|
||||||
|
Version: types.NewVersionUnsafe("3.1.1-7.el7_1"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Feature: database.Feature{
|
||||||
|
Namespace: database.Namespace{Name: "oracle:7"},
|
||||||
|
Name: "xerces-c-doc",
|
||||||
|
},
|
||||||
|
Version: types.NewVersionUnsafe("3.1.1-7.el7_1"),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, expectedFeatureVersion := range expectedFeatureVersions {
|
||||||
|
assert.Contains(t, vulnerabilities[0].FixedIn, expectedFeatureVersion)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
testFile2, _ := os.Open(path + "/testdata/fetcher_oracle_test.2.xml")
|
||||||
|
defer testFile2.Close()
|
||||||
|
|
||||||
|
vulnerabilities, err = parseELSA(testFile2)
|
||||||
|
if assert.Nil(t, err) && assert.Len(t, vulnerabilities, 1) {
|
||||||
|
assert.Equal(t, "ELSA-2015-1207", vulnerabilities[0].Name)
|
||||||
|
assert.Equal(t, "http://linux.oracle.com/errata/ELSA-2015-1207.html", vulnerabilities[0].Link)
|
||||||
|
assert.Equal(t, types.Critical, vulnerabilities[0].Severity)
|
||||||
|
assert.Equal(t, ` [38.1.0-1.0.1.el7_1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section `, vulnerabilities[0].Description)
|
||||||
|
expectedFeatureVersions := []database.FeatureVersion{
|
||||||
|
{
|
||||||
|
Feature: database.Feature{
|
||||||
|
Namespace: database.Namespace{Name: "oracle:6"},
|
||||||
|
Name: "firefox",
|
||||||
|
},
|
||||||
|
Version: types.NewVersionUnsafe("38.1.0-1.0.1.el6_6"),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Feature: database.Feature{
|
||||||
|
Namespace: database.Namespace{Name: "oracle:7"},
|
||||||
|
Name: "firefox",
|
||||||
|
},
|
||||||
|
Version: types.NewVersionUnsafe("38.1.0-1.0.1.el7_1"),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, expectedFeatureVersion := range expectedFeatureVersions {
|
||||||
|
assert.Contains(t, vulnerabilities[0].FixedIn, expectedFeatureVersion)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
120
updater/fetchers/oracle/testdata/fetcher_oracle_test.1.xml
vendored
Normal file
120
updater/fetchers/oracle/testdata/fetcher_oracle_test.1.xml
vendored
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
|
||||||
|
<generator>
|
||||||
|
<oval:product_name>Oracle Errata System</oval:product_name>
|
||||||
|
<oval:product_version>Oracle Linux</oval:product_version>
|
||||||
|
<oval:schema_version>5.3</oval:schema_version>
|
||||||
|
<oval:timestamp>2015-06-29T00:00:00</oval:timestamp>
|
||||||
|
</generator>
|
||||||
|
<definitions>
|
||||||
|
<definition id="oval:com.oracle.elsa:def:20151193" version="501" class="patch">
|
||||||
|
<metadata>
|
||||||
|
<title>
|
||||||
|
ELSA-2015-1193: xerces-c security update (MODERATE)
|
||||||
|
</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>Oracle Linux 7</platform>
|
||||||
|
|
||||||
|
</affected>
|
||||||
|
<reference source="elsa" ref_id="ELSA-2015-1193" ref_url="http://linux.oracle.com/errata/ELSA-2015-1193.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-0252" ref_url="http://linux.oracle.com/cve/CVE-2015-0252.html"/>
|
||||||
|
|
||||||
|
<description>
|
||||||
|
[3.1.1-7]
|
||||||
|
Resolves: rhbz#1217104 CVE-2015-0252
|
||||||
|
</description>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ advisory details ~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<advisory>
|
||||||
|
<severity>MODERATE</severity>
|
||||||
|
<rights>Copyright 2015 Oracle, Inc.</rights>
|
||||||
|
<issued date="2015-06-29"/>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-0252.html">CVE-2015-0252</cve>
|
||||||
|
|
||||||
|
</advisory>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193001" comment="Oracle Linux 7 is installed"/>
|
||||||
|
<criteria operator="OR">
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193002" comment="xerces-c is earlier than 0:3.1.1-7.el7_1"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193003" comment="xerces-c is signed with the Oracle Linux 7 key"/>
|
||||||
|
</criteria>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193004" comment="xerces-c-doc is earlier than 0:3.1.1-7.el7_1"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193005" comment="xerces-c-doc is signed with the Oracle Linux 7 key"/>
|
||||||
|
</criteria>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193006" comment="xerces-c-devel is earlier than 0:3.1.1-7.el7_1"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151193007" comment="xerces-c-devel is signed with the Oracle Linux 7 key"/>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
|
||||||
|
</definition>
|
||||||
|
</definitions>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~ rpminfo tests ~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<tests>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193001" version="501" comment="Oracle Linux 7 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193001" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193002" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193002" version="501" comment="xerces-c is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193003" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193003" version="501" comment="xerces-c is signed with the Oracle Linux 7 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193001" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193004" version="501" comment="xerces-c-doc is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193003" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193003" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193005" version="501" comment="xerces-c-doc is signed with the Oracle Linux 7 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193003" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193001" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193006" version="501" comment="xerces-c-devel is earlier than 0:3.1.1-7.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193004" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193003" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151193007" version="501" comment="xerces-c-devel is signed with the Oracle Linux 7 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151193004" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151193001" />
|
||||||
|
</rpminfo_test>
|
||||||
|
|
||||||
|
</tests>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ rpminfo objects ~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<objects>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151193003" version="501">
|
||||||
|
<name>xerces-c-doc</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151193004" version="501">
|
||||||
|
<name>xerces-c-devel</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151193002" version="501">
|
||||||
|
<name>xerces-c</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151193001" version="501">
|
||||||
|
<name>oraclelinux-release</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
|
||||||
|
</objects>
|
||||||
|
<states>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ rpminfo states ~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151193001" version="501"><signature_keyid operation="equals">72f97b74ec551f03</signature_keyid>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151193002" version="501"><version operation="pattern match">^7</version>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151193003" version="501"><evr datatype="evr_string" operation="less than">0:3.1.1-7.el7_1</evr>
|
||||||
|
</rpminfo_state>
|
||||||
|
|
||||||
|
</states>
|
||||||
|
</oval_definitions>
|
177
updater/fetchers/oracle/testdata/fetcher_oracle_test.2.xml
vendored
Normal file
177
updater/fetchers/oracle/testdata/fetcher_oracle_test.2.xml
vendored
Normal file
@ -0,0 +1,177 @@
|
|||||||
|
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:red-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd">
|
||||||
|
<generator>
|
||||||
|
<oval:product_name>Oracle Errata System</oval:product_name>
|
||||||
|
<oval:product_version>Oracle Linux</oval:product_version>
|
||||||
|
<oval:schema_version>5.3</oval:schema_version>
|
||||||
|
<oval:timestamp>2015-07-03T00:00:00</oval:timestamp>
|
||||||
|
</generator>
|
||||||
|
<definitions>
|
||||||
|
<definition id="oval:com.oracle.elsa:def:20151207" version="501" class="patch">
|
||||||
|
<metadata>
|
||||||
|
<title>
|
||||||
|
ELSA-2015-1207: firefox security update (CRITICAL)
|
||||||
|
</title>
|
||||||
|
<affected family="unix">
|
||||||
|
<platform>Oracle Linux 5</platform>
|
||||||
|
<platform>Oracle Linux 6</platform>
|
||||||
|
<platform>Oracle Linux 7</platform>
|
||||||
|
|
||||||
|
</affected>
|
||||||
|
<reference source="elsa" ref_id="ELSA-2015-1207" ref_url="http://linux.oracle.com/errata/ELSA-2015-1207.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2722" ref_url="http://linux.oracle.com/cve/CVE-2015-2722.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2724" ref_url="http://linux.oracle.com/cve/CVE-2015-2724.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2725" ref_url="http://linux.oracle.com/cve/CVE-2015-2725.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2727" ref_url="http://linux.oracle.com/cve/CVE-2015-2727.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2728" ref_url="http://linux.oracle.com/cve/CVE-2015-2728.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2729" ref_url="http://linux.oracle.com/cve/CVE-2015-2729.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2731" ref_url="http://linux.oracle.com/cve/CVE-2015-2731.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2733" ref_url="http://linux.oracle.com/cve/CVE-2015-2733.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2734" ref_url="http://linux.oracle.com/cve/CVE-2015-2734.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2735" ref_url="http://linux.oracle.com/cve/CVE-2015-2735.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2736" ref_url="http://linux.oracle.com/cve/CVE-2015-2736.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2737" ref_url="http://linux.oracle.com/cve/CVE-2015-2737.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2738" ref_url="http://linux.oracle.com/cve/CVE-2015-2738.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2739" ref_url="http://linux.oracle.com/cve/CVE-2015-2739.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2740" ref_url="http://linux.oracle.com/cve/CVE-2015-2740.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2741" ref_url="http://linux.oracle.com/cve/CVE-2015-2741.html"/>
|
||||||
|
<reference source="CVE" ref_id="CVE-2015-2743" ref_url="http://linux.oracle.com/cve/CVE-2015-2743.html"/>
|
||||||
|
|
||||||
|
<description>
|
||||||
|
[38.1.0-1.0.1.el7_1]
|
||||||
|
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
|
||||||
|
|
||||||
|
[38.1.0-1]
|
||||||
|
- Update to 38.1.0 ESR
|
||||||
|
|
||||||
|
[38.0.1-2]
|
||||||
|
- Fixed rhbz#1222807 by removing preun section
|
||||||
|
</description>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ advisory details ~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<advisory>
|
||||||
|
<severity>CRITICAL</severity>
|
||||||
|
<rights>Copyright 2015 Oracle, Inc.</rights>
|
||||||
|
<issued date="2015-07-03"/>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2722.html">CVE-2015-2722</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2724.html">CVE-2015-2724</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2725.html">CVE-2015-2725</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2727.html">CVE-2015-2727</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2728.html">CVE-2015-2728</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2729.html">CVE-2015-2729</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2731.html">CVE-2015-2731</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2733.html">CVE-2015-2733</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2734.html">CVE-2015-2734</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2735.html">CVE-2015-2735</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2736.html">CVE-2015-2736</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2737.html">CVE-2015-2737</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2738.html">CVE-2015-2738</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2739.html">CVE-2015-2739</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2740.html">CVE-2015-2740</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2741.html">CVE-2015-2741</cve>
|
||||||
|
<cve href="http://linux.oracle.com/cve/CVE-2015-2743.html">CVE-2015-2743</cve>
|
||||||
|
|
||||||
|
</advisory>
|
||||||
|
</metadata>
|
||||||
|
<criteria operator="OR">
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207001" comment="Oracle Linux 5 is installed"/>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207002" comment="firefox is earlier than 0:38.1.0-1.0.1.el5_11"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207003" comment="firefox is signed with the Oracle Linux 5 key"/>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207004" comment="Oracle Linux 6 is installed"/>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207005" comment="firefox is earlier than 0:38.1.0-1.0.1.el6_6"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207006" comment="firefox is signed with the Oracle Linux 6 key"/>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207007" comment="Oracle Linux 7 is installed"/>
|
||||||
|
<criteria operator="AND">
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207008" comment="firefox is earlier than 0:38.1.0-1.0.1.el7_1"/>
|
||||||
|
<criterion test_ref="oval:com.oracle.elsa:tst:20151207009" comment="firefox is signed with the Oracle Linux 7 key"/>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
</criteria>
|
||||||
|
</definition>
|
||||||
|
</definitions>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~ rpminfo tests ~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<tests>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207001" version="501" comment="Oracle Linux 5 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207001" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207003" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207002" version="501" comment="firefox is earlier than 0:38.1.0-1.0.1.el5_11" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207004" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207003" version="501" comment="firefox is signed with the Oracle Linux 5 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207001" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207004" version="501" comment="Oracle Linux 6 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207001" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207005" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207005" version="501" comment="firefox is earlier than 0:38.1.0-1.0.1.el6_6" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207006" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207006" version="501" comment="firefox is signed with the Oracle Linux 6 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207002" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207007" version="501" comment="Oracle Linux 7 is installed" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207001" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207007" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207008" version="501" comment="firefox is earlier than 0:38.1.0-1.0.1.el7_1" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207008" />
|
||||||
|
</rpminfo_test>
|
||||||
|
<rpminfo_test id="oval:com.oracle.elsa:tst:20151207009" version="501" comment="firefox is signed with the Oracle Linux 7 key" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
|
||||||
|
<object object_ref="oval:com.oracle.elsa:obj:20151207002" />
|
||||||
|
<state state_ref="oval:com.oracle.elsa:ste:20151207002" />
|
||||||
|
</rpminfo_test>
|
||||||
|
|
||||||
|
</tests>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ rpminfo objects ~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<objects>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151207002" version="501">
|
||||||
|
<name>firefox</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
<rpminfo_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:obj:20151207001" version="501">
|
||||||
|
<name>oraclelinux-release</name>
|
||||||
|
</rpminfo_object>
|
||||||
|
|
||||||
|
</objects>
|
||||||
|
<states>
|
||||||
|
<!--
|
||||||
|
~~~~~~~~~~~~~~~~~~~~ rpminfo states ~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
-->
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207001" version="501"><signature_keyid operation="equals">66ced3de1e5e0159</signature_keyid>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207002" version="501"><signature_keyid operation="equals">72f97b74ec551f03</signature_keyid>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207003" version="501"><version operation="pattern match">^5</version>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207004" version="501"><evr datatype="evr_string" operation="less than">0:38.1.0-1.0.1.el5_11</evr>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207005" version="501"><version operation="pattern match">^6</version>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207006" version="501"><evr datatype="evr_string" operation="less than">0:38.1.0-1.0.1.el6_6</evr>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207007" version="501"><version operation="pattern match">^7</version>
|
||||||
|
</rpminfo_state>
|
||||||
|
<rpminfo_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" id="oval:com.oracle.elsa:ste:20151207008" version="501"><evr datatype="evr_string" operation="less than">0:38.1.0-1.0.1.el7_1</evr>
|
||||||
|
</rpminfo_state>
|
||||||
|
|
||||||
|
</states>
|
||||||
|
</oval_definitions>
|
@ -85,5 +85,5 @@ func (detector *OsReleaseNamespaceDetector) GetRequiredFiles() []string {
|
|||||||
|
|
||||||
// getExcludeFiles returns the list of files that are ought to exclude this detector from Detect()
|
// getExcludeFiles returns the list of files that are ought to exclude this detector from Detect()
|
||||||
func (detector *OsReleaseNamespaceDetector) getExcludeFiles() []string {
|
func (detector *OsReleaseNamespaceDetector) getExcludeFiles() []string {
|
||||||
return []string{"etc/redhat-release", "usr/lib/centos-release"}
|
return []string{"etc/oracle-release", "etc/redhat-release", "usr/lib/centos-release"}
|
||||||
}
|
}
|
||||||
|
@ -26,17 +26,19 @@ import (
|
|||||||
var (
|
var (
|
||||||
log = capnslog.NewPackageLogger("github.com/coreos/clair", "worker/detectors/namespace/redhatrelease")
|
log = capnslog.NewPackageLogger("github.com/coreos/clair", "worker/detectors/namespace/redhatrelease")
|
||||||
|
|
||||||
|
oracleReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux Server release) (?P<version>[\d]+)`)
|
||||||
centosReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux release|release) (?P<version>[\d]+)`)
|
centosReleaseRegexp = regexp.MustCompile(`(?P<os>[^\s]*) (Linux release|release) (?P<version>[\d]+)`)
|
||||||
redhatReleaseRegexp = regexp.MustCompile(`(?P<os>Red Hat Enterprise Linux) (Client release|Server release|Workstation release) (?P<version>[\d]+)`)
|
redhatReleaseRegexp = regexp.MustCompile(`(?P<os>Red Hat Enterprise Linux) (Client release|Server release|Workstation release) (?P<version>[\d]+)`)
|
||||||
)
|
)
|
||||||
|
|
||||||
// RedhatReleaseNamespaceDetector implements NamespaceDetector and detects the OS from the
|
// RedhatReleaseNamespaceDetector implements NamespaceDetector and detects the OS from the
|
||||||
// /etc/centos-release, /etc/redhat-release and /etc/system-release files.
|
// /etc/oracle-release, /etc/centos-release, /etc/redhat-release and /etc/system-release files.
|
||||||
//
|
//
|
||||||
// Typically for CentOS and Red-Hat like systems
|
// Typically for CentOS and Red-Hat like systems
|
||||||
// eg. CentOS release 5.11 (Final)
|
// eg. CentOS release 5.11 (Final)
|
||||||
// eg. CentOS release 6.6 (Final)
|
// eg. CentOS release 6.6 (Final)
|
||||||
// eg. CentOS Linux release 7.1.1503 (Core)
|
// eg. CentOS Linux release 7.1.1503 (Core)
|
||||||
|
// eg. Oracle Linux Server release 7.3
|
||||||
// eg. Red Hat Enterprise Linux Server release 7.2 (Maipo)
|
// eg. Red Hat Enterprise Linux Server release 7.2 (Maipo)
|
||||||
type RedhatReleaseNamespaceDetector struct{}
|
type RedhatReleaseNamespaceDetector struct{}
|
||||||
|
|
||||||
@ -53,6 +55,12 @@ func (detector *RedhatReleaseNamespaceDetector) Detect(data map[string][]byte) *
|
|||||||
|
|
||||||
var r []string
|
var r []string
|
||||||
|
|
||||||
|
// try for Oracle Linux
|
||||||
|
r = oracleReleaseRegexp.FindStringSubmatch(string(f))
|
||||||
|
if len(r) == 4 {
|
||||||
|
return &database.Namespace{Name: strings.ToLower(r[1]) + ":" + r[3]}
|
||||||
|
}
|
||||||
|
|
||||||
// try for RHEL
|
// try for RHEL
|
||||||
r = redhatReleaseRegexp.FindStringSubmatch(string(f))
|
r = redhatReleaseRegexp.FindStringSubmatch(string(f))
|
||||||
if len(r) == 4 {
|
if len(r) == 4 {
|
||||||
@ -73,5 +81,5 @@ func (detector *RedhatReleaseNamespaceDetector) Detect(data map[string][]byte) *
|
|||||||
|
|
||||||
// GetRequiredFiles returns the list of files that are required for Detect()
|
// GetRequiredFiles returns the list of files that are required for Detect()
|
||||||
func (detector *RedhatReleaseNamespaceDetector) GetRequiredFiles() []string {
|
func (detector *RedhatReleaseNamespaceDetector) GetRequiredFiles() []string {
|
||||||
return []string{"etc/centos-release", "etc/redhat-release", "etc/system-release"}
|
return []string{"etc/oracle-release", "etc/centos-release", "etc/redhat-release", "etc/system-release"}
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,18 @@ import (
|
|||||||
|
|
||||||
func TestRedhatReleaseNamespaceDetector(t *testing.T) {
|
func TestRedhatReleaseNamespaceDetector(t *testing.T) {
|
||||||
testData := []namespace.TestData{
|
testData := []namespace.TestData{
|
||||||
|
{
|
||||||
|
ExpectedNamespace: &database.Namespace{Name: "oracle:6"},
|
||||||
|
Data: map[string][]byte{
|
||||||
|
"etc/oracle-release": []byte(`Oracle Linux Server release 6.8`),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ExpectedNamespace: &database.Namespace{Name: "oracle:7"},
|
||||||
|
Data: map[string][]byte{
|
||||||
|
"etc/oracle-release": []byte(`Oracle Linux Server release 7.2`),
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
ExpectedNamespace: &database.Namespace{Name: "centos:6"},
|
ExpectedNamespace: &database.Namespace{Name: "centos:6"},
|
||||||
Data: map[string][]byte{
|
Data: map[string][]byte{
|
||||||
|
Loading…
Reference in New Issue
Block a user