data_importer/lib/oval_parser.rb

require 'nokogiri'

class OvalParser
  attr_accessor :data, :doc, :root
  def initialize(data)
    @data = data
    @doc = Nokogiri::XML(data)
    @root = doc.root
  end

  def get_definitions
    root.xpath("//xmlns:definition")
  end

  def get_def_ids
    definitions = get_definitions
    definitions.map { |d| d.xpath(".//@id").text }
  end

  def oval_defs_for_id(id)
    definitions = get_definitions
    definitions.select do |definition|
      definition if definition.attributes.dig('id').value == id
    end
  end

  def get_cve_def_info
    # largerly used this code here as a guide:
    # https://github.com/OpenSCAP/openscap-daemon/blob/1b9e9d4849573e1ce09728cc61c4564e5d605a8e/openscap_daemon/cve_scanner/generate_summary.py#L83-L104
    def_ids = get_def_ids
    def_ids.map do |id|
      oval_defs = oval_defs_for_id(id)
      oval_defs.map do |oval_def|
        title = oval_def.xpath(".//xmlns:title").text
        cve_meta = oval_def.xpath(".//xmlns:reference").select { |n| n.attributes.dig('source').value == 'CVE' }
        cve_ids = cve_meta.map { |cve_m| cve_m.attributes.dig('ref_id').value || 'None' }
        cve_urls = cve_meta.map { |cve_m| cve_m.attributes.dig('ref_url').value || 'None' }
        description = oval_def.xpath(".//xmlns:description").text
        severity = oval_def.xpath(".//xmlns:severity").text
        my_sample_data_hash = {
          :title => title,
          :cve_ids => cve_ids,
          :cve_urls => cve_urls,
          :description => description,
          :severity => severity
        }
        binding.pry
        my_sample_data_hash
        {}
      end

    end
  end
end
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00			`require 'nokogiri'`

			`class OvalParser`
got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`attr_accessor :data, :doc, :root`
			`def initialize(data)`
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00			`@data = data`
			`@doc = Nokogiri::XML(data)`
got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`@root = doc.root`
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00			`end`

got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`def get_definitions`
			`root.xpath("//xmlns:definition")`
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00			`end`

got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`def get_def_ids`
			`definitions = get_definitions`
			`definitions.map { \|d\| d.xpath(".//@id").text }`
			`end`
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00
got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`def oval_defs_for_id(id)`
			`definitions = get_definitions`
			`definitions.select do \|definition\|`
			`definition if definition.attributes.dig('id').value == id`
			`end`
			`end`
begin setting up experimenting with oval parser 2022-05-30 12:18:40 -05:00
got working poc code for oval parsing oracle linux advisories. keep it up 2022-05-30 21:38:20 -05:00			`def get_cve_def_info`
			`# largerly used this code here as a guide:`
			`# https://github.com/OpenSCAP/openscap-daemon/blob/1b9e9d4849573e1ce09728cc61c4564e5d605a8e/openscap_daemon/cve_scanner/generate_summary.py#L83-L104`
			`def_ids = get_def_ids`
			`def_ids.map do \|id\|`
			`oval_defs = oval_defs_for_id(id)`
			`oval_defs.map do \|oval_def\|`
			`title = oval_def.xpath(".//xmlns:title").text`
			`cve_meta = oval_def.xpath(".//xmlns:reference").select { \|n\| n.attributes.dig('source').value == 'CVE' }`
			`cve_ids = cve_meta.map { \|cve_m\| cve_m.attributes.dig('ref_id').value \|\| 'None' }`
			`cve_urls = cve_meta.map { \|cve_m\| cve_m.attributes.dig('ref_url').value \|\| 'None' }`
			`description = oval_def.xpath(".//xmlns:description").text`
			`severity = oval_def.xpath(".//xmlns:severity").text`
			`my_sample_data_hash = {`
			`:title => title,`
			`:cve_ids => cve_ids,`
			`:cve_urls => cve_urls,`
			`:description => description,`
			`:severity => severity`
			`}`
			`binding.pry`
			`my_sample_data_hash`
			`{}`
			`end`

			`end`
			`end`
			`end`