From cad89d9d240348aed944910d24de5e9e614e8983 Mon Sep 17 00:00:00 2001 From: Sebastien Delafond Date: Tue, 19 Jul 2016 09:53:20 +0000 Subject: Enforce unique OVAL IDs CVS version numbers english/security/oval/parseJSON2Oval.py: 1.3 -> 1.4 english/security/oval/oval/definition/generator.py: 1.8 -> 1.9 english/security/oval/oval/parser/dsa.py: 1.2 -> 1.3 english/security/oval/oval/parser/wml.py: 1.2 -> 1.3 --- english/security/oval/oval/definition/generator.py | 12 ++++-------- english/security/oval/oval/parser/dsa.py | 7 +++++++ english/security/oval/oval/parser/wml.py | 2 +- english/security/oval/parseJSON2Oval.py | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/english/security/oval/oval/definition/generator.py b/english/security/oval/oval/definition/generator.py index 0133c1d9614..4fcba433352 100644 --- a/english/security/oval/oval/definition/generator.py +++ b/english/security/oval/oval/definition/generator.py @@ -72,11 +72,8 @@ testsHash = {"arch" : {}, "release": {}, "obj": {}, "fileSte": {}, "unameSte" : #We need more info about alpha, arm, hppa, bmips, lmips unameArchTable = {'i386' : 'i686', 'amd64' : 'x86-64', 'ia64' : 'ia64', 'powerpc' : 'ppc', 's390' : 's390x', 'm86k' : 'm86k'} -def __trimzero (val): - value = val[:] - while value[0] == "0": - value = value[1:] - return value +def getOvalId(cve): + return cve[3:].replace('-', '') def __getNewId (type): """Generate new unique id for tests, objects or states @@ -433,12 +430,11 @@ def createDefinition (dsa, dsaref): doc = xml.dom.minidom.Document () ### Definition block: Metadata, Notes, Criteria - ### TODO: Replace DSA id with unique id - definition = __createXMLElement ("definition", attrs = {"id" : "oval:org.debian:def:%s" % __trimzero(dsa), "version" : "1", "class" : "vulnerability"}) + definition = __createXMLElement ("definition", attrs = {"id" : "oval:org.debian:def:%s" % getOvalId(dsaref["description"]), "version" : "1", "class" : "vulnerability"}) ### Definition : Metadata : title, affected, reference, description ### metadata = __createXMLElement ("metadata") - metadata.appendChild (__createXMLElement ("title", dsaref["description"])) + metadata.appendChild (__createXMLElement ("title", dsaref["title"])) ### Definition : Metadata : Affected : platform, product ### affected = __createXMLElement ("affected", attrs = {"family" : "unix"}) diff --git a/english/security/oval/oval/parser/dsa.py b/english/security/oval/oval/parser/dsa.py index a15f7d8d935..1ec9fb3b6d5 100644 --- a/english/security/oval/oval/parser/dsa.py +++ b/english/security/oval/oval/parser/dsa.py @@ -60,6 +60,13 @@ def parseFile (path): normDate = lambda (date): "-".join([(len(p) > 1 and p or "0"+p) for p in date.split("-")]) data["date"] = normDate(date) + descrpatern = re.compile (r'(CVE-\d+-\d+)') + result = descrpatern.search (line) + if result: + data["description"] = result.groups()[0] + logging.log(logging.DEBUG, "Extracted CVE ID: " + data["description"]) + continue + refspatern = re.compile (r'secrefs>(.*?)') result = refspatern.search (line) if result: diff --git a/english/security/oval/oval/parser/wml.py b/english/security/oval/oval/parser/wml.py index 7dd010fdc81..a3686bf514e 100644 --- a/english/security/oval/oval/parser/wml.py +++ b/english/security/oval/oval/parser/wml.py @@ -50,7 +50,7 @@ def parseFile (path): descrpatern = re.compile (r'description>(.*?)') result = descrpatern.search (line) if result: - data["description"] = result.groups()[0] + data["actualDescription"] = result.groups()[0] continue sinfopatern = re.compile (r'(.*?)') diff --git a/english/security/oval/parseJSON2Oval.py b/english/security/oval/parseJSON2Oval.py index 44b5d1f5f08..c44d09012bf 100644 --- a/english/security/oval/parseJSON2Oval.py +++ b/english/security/oval/parseJSON2Oval.py @@ -66,7 +66,7 @@ def parseJSON(json_data, year): # print json.dumps(json_data[package][CVE]) # sys.exit(1) - ovalId = CVE[3:].replace('-', '') + ovalId = oval.definition.generator.getOvalId(CVE) dsaref.update({ovalId: {"packages": package, 'description': CVE, # "title" element in XML 'vulnerable': "yes", -- cgit v1.2.3