bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

got working poc code for oval parsing oracle linux advisories. keep it up

Browse source
This commit is contained in:
Brendan McDevitt 2022-05-30 21:38:20 -05:00
parent 4868ef67d9
commit e3931d3bb1
4 changed files with 74 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Gemfile
View file

@ -6,6 +6,7 @@ ruby ENV['RUBY_VERSION']
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'actionpack' gem 'actionpack'
gem 'bzip2-ffi'
gem 'faktory_worker_ruby' gem 'faktory_worker_ruby'
gem 'graphql' gem 'graphql'
gem 'graphql-client' gem 'graphql-client'

3
Gemfile.lock
View file

@ -89,6 +89,8 @@ GEM
bulk_insert (1.9.0) bulk_insert (1.9.0)
activerecord (>= 3.2.0) activerecord (>= 3.2.0)
byebug (11.1.3) byebug (11.1.3)
bzip2-ffi (1.1.0)
ffi (~> 1.0)
capybara (3.36.0) capybara (3.36.0)
addressable addressable
matrix matrix
@ -379,6 +381,7 @@ DEPENDENCIES
bootsnap (>= 1.1.0) bootsnap (>= 1.1.0)
bulk_insert bulk_insert
byebug byebug
bzip2-ffi
capybara (>= 2.15) capybara (>= 2.15)
chromedriver-helper chromedriver-helper
coffee-rails (~> 4.2) coffee-rails (~> 4.2)

28
lib/importers/oracle_linux_oval_importer.rb Normal file
View file

@ -0,0 +1,28 @@
require '/data_importer/lib/oval_parser.rb'
class OracleLinuxOvalImporter
attr_accessor :url, :filepath
def initialize
@url = 'https://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2'
@filepath = '/data_importer/data/oracle_oval.xml.bz2'
end
def get_file
if File.exist? filepath
puts "#{filepath} exists"
else
`wget -O #{filepath} #{url}`
end
end
def decompress_bz2
Bzip2::FFI::Reader.read(filepath)
end
def xml_doc
get_file
xml = decompress_bz2
OvalParser.new(xml).doc
end
end

109
lib/oval_parser.rb
View file

@ -1,79 +1,54 @@
require 'nokogiri' require 'nokogiri'
class OvalParser class OvalParser
attr_accessor :data attr_accessor :data, :doc, :root
def initialize def initialize(data)
@data = data @data = data
@doc = Nokogiri::XML(data) @doc = Nokogiri::XML(data)
@root = doc.root
end end
def cve_hash def get_definitions
oval_defs = doc.xpath() root.xpath("//xmlns:definition")
title =
end end
end
=begin def get_def_ids
definitions = get_definitions
definitions.map { |d| d.xpath(".//@id").text }
end
THIS CODE GETS THE DEF ID LIST def oval_defs_for_id(id)
definitions = get_definitions
definitions.select do |definition|
definition if definition.attributes.dig('id').value == id
end
end
def _get_list_cve_def_ids(self, _root): def get_cve_def_info
'''Returns a list of cve definition ids in the result file''' # largerly used this code here as a guide:
_def_id_list = [] # https://github.com/OpenSCAP/openscap-daemon/blob/1b9e9d4849573e1ce09728cc61c4564e5d605a8e/openscap_daemon/cve_scanner/generate_summary.py#L83-L104
definitions = _root.findall("{http://oval.mitre.org/XMLSchema/" def_ids = get_def_ids
"oval-results-5}results/{http://oval.mitre" def_ids.map do |id|
".org/XMLSchema/oval-results-5}system/{" oval_defs = oval_defs_for_id(id)
"http://oval.mitre.org/XMLSchema/oval-" oval_defs.map do |oval_def|
"results-5}definitions/*[@result='true']") title = oval_def.xpath(".//xmlns:title").text
for def_id in definitions: cve_meta = oval_def.xpath(".//xmlns:reference").select { |n| n.attributes.dig('source').value == 'CVE' }
_def_id_list.append(def_id.attrib['definition_id']) cve_ids = cve_meta.map { |cve_m| cve_m.attributes.dig('ref_id').value || 'None' }
cve_urls = cve_meta.map { |cve_m| cve_m.attributes.dig('ref_url').value || 'None' }
description = oval_def.xpath(".//xmlns:description").text
severity = oval_def.xpath(".//xmlns:severity").text
my_sample_data_hash = {
:title => title,
:cve_ids => cve_ids,
:cve_urls => cve_urls,
:description => description,
:severity => severity
}
binding.pry
my_sample_data_hash
{}
end
return _def_id_list end
end
THIS CODE LOOPS THROUGH THE DEF ID LIS end
def _get_cve_def_info(self, _def_id_list, _root):
'''
Returns a list of tuples that contain information about the
cve themselves. Currently return are: title, severity, ref_id
and ref_url for the cve and rhsa, the cve id, and description
'''
cve_info_list = []
for def_id in _def_id_list:
oval_defs = _root.find("{http://oval.mitre.org/XMLSchema/oval-"
"definitions-5}oval_definitions/{http://"
"oval.mitre.org/XMLSchema/oval-definitions-"
"5}definitions/*[@id='%s']/{http://oval."
"mitre.org/XMLSchema/oval-definitions-5}"
"metadata" % def_id)
# title
title = oval_defs.find("{http://oval.mitre.org/XMLSchema/oval-"
"definitions-5}title").text
rhsa_meta = oval_defs.find("{http://oval.mitre.org/XMLSchema/oval"
"-definitions-5}reference[@source="
"'RHSA']")
cve_meta = oval_defs.find("{http://oval.mitre.org/XMLSchema/oval-"
"definitions-5}reference[@source='CVE']")
# description
description = oval_defs.find("{http://oval.mitre.org/XMLSchema/"
"oval-definitions-5}description").text
# severity
severity = oval_defs.find("{http://oval.mitre.org/XMLSchema/oval-"
"definitions-5}advisory/{http://oval."
"mitre.org/XMLSchema/oval-definitions"
"-5}severity").text
cve_info_list.append(
self._cve_tuple(title=title, severity=severity,
cve_ref_id=None if cve_meta is None
else cve_meta.attrib['ref_id'],
cve_ref_url=None if cve_meta is None
else cve_meta.attrib['ref_url'],
rhsa_ref_id=rhsa_meta.attrib['ref_id'],
rhsa_ref_url=rhsa_meta.attrib['ref_url'],
cve=def_id.replace(
"oval:com.redhat.rhsa:def:", ""),
description=description))
return cve_info_list
=end