lWc@sdZdZdZddlZejdZddlmZeddd fkrjd ZeZ [n ddl Z [ddl Z d e fd YZ d efdYZdefdYZdefdYZdefdYZdefdYZdefdYZdefdYZdefdYZdefdYZdefd YZeZeZeZeZeZeZeZeZ ed!Z!dS("s5Python module for openscap implementing openscap API s Maros Barabass1.0iNtopenscap(t version_infoiiicCsddlm}ddl}d}y(|jd|tg\}}}Wntk rjddl}|SX|dk rz|jd|||}Wd|j X|SdS(Ni(tdirnamet _openscap_py( tos.pathRtimptNonet find_modulet__file__t ImportErrorRt load_moduletclose(RRtfptpathnamet descriptiontOSCAPt_mod((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt_import_helper"s (    t OSCAP_ListcBseeZdZdZdZdZddZddZddZddZ dd Z RS( s!OSCAP List class is designed to store lists generated from openscap iterators. All functions that return iterators are preprocessed by creation of OSCAP List instance and move all objects given by oscap list iteration loop to list. OSCAP List class implement standard Python list.cCsy|jjx|jjr|jj}t|tkrat|tkra||ksd|jkr|j|jkr|jjt j||qqWWn:t k rt d|jj |jj j d fnXdS(sFunction to remove item from list. This removed item should be also removed from parent oscap list. This function is supported only if there exists reset function on iterators. Exception is throwed otherwise.tinstancesVRemoving %s items throught oscap list is not allowed. Please use appropriate function.t _iteratorN(titeratortresetthas_moretnextttypetstrt__dict__Rtremovetlistt NameErrort Exceptiontobjecttfind(tselftitemtlitem((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR@s Q  cCs|jjdS(sFree the list structureN(Rtfree(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__del__OscCs6||_x&|jr1tj||jq WdS(sGenerate all object from oscap list throught iterators and store them in list object. Do not call this function on your own !N(RRRtappendR(R"R((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytgenerateTs icCs-td|jj|jjjd fdS(sKThis function is not allowed. Please use appropriate function from library.sSAppend %s item throught oscap list is not allowed. Please use appropriate function.RN(RRR R!(R"R#tn((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR'\scCs-td|jj|jjjd fdS(sKThis function is not allowed. Please use appropriate function from library.sWExtending %s items throught oscap list is not allowed. Please use appropriate function.RN(RRR R!(R"R#R)((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytextendascCs-td|jj|jjjd fdS(sKThis function is not allowed. Please use appropriate function from library.sQInserting %s items to oscap list is not allowed. Please use appropriate function.RN(RRR R!(R"R#R)((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytinsertfscCs-td|jj|jjjd fdS(sKThis function is not allowed. Please use appropriate function from library.s.Sorting %s items in oscap list is not allowed.RN(RRR R!(R"R#R)((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytsortkscCs-td|jj|jjjd fdS(sKThis function is not allowed. Please use appropriate function from library.s0Reversing %s items in oscap list is not allowed.RN(RRR R!(R"R#R)((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytreverseps( t__name__t __module__t__doc__RR&R(R'R*R+R,R-(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR:s       t OSCAP_ObjectcBs^eZdZd!dZedZdZdZd!dZ dZ dZ dZ d Z d Zd Zd Zd ZdZdZdZdZdZdZdZdZdZd!dZdZdZdZd!d!d!dZdZ dZ!idZ"d!d!d!d!d!d!e#dZ$d Z%RS("s Abstract class that represents all structures, functions and averything from openscap library. Each structure from library is mapped inside OSCAP Object with "object" and "instance" parameters. "object" is variable of this class that keeps string representation of type of the structure "instance" is a variable of this class that keeps the pointer to the real C structure. cCs*tj|d|tj|d|dS(s% Called when the instance is created R RN(tdictt __setattr__(R"R R((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__init__scCsMt|jdkrE|j|jjdd}t||S|SdS(Nt SwigPyObjectt PySwigObjectt_p_i(R5R6(RR.t__str__R!R1(tretobjt structure((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytnews# cCstj|j|jS(sq Two OSCAP Objects are compared by their string representations which reflect type and instance. (Rt__eq__t__repr__(R"tother((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR<scCsd|j|jfS(Ns.(R R(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=scsfd}|S(sm This is only a wrapper for getter_wrapper - another wrapper for openscap library functions. csd}x=|D]5}t|tr5||jf7}q ||f7}q Wy }Wntk r}y|}Wqtk r}jryj}Wqtk r}yj|}Wqtk r}tdjfqXqXqtdjqXnX|dkr)dS|jjddkrst}|j tj |j |_ |Stj |S(s This function is a wrapper for function objects of openscap library. Each function is called with variable number of parameters cause we don't know how many parameters each function takes. This is based on try-except methot that we try to call the function and if it fell down we try another number of parameters. This is based on knowledge that C language will always cause error when the function is called with wrong number of parameters. s(Wrong number of arguments in function %ss-%s: No instance or wrong number of parametersRi(N( t isinstanceR1Rt TypeErrorR.RR8R!RR(R;R (targstkwargstnewargstargR9terrR(tfuncR"(s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__getter_wrappers8    !   ((R"RFtvaluet_OSCAP_Object__getter_wrapper((RFR"s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__func_wrappers%cCs|dkr"|jdkr"|jS|jj|r?|j|Stjj|}|dkra|Stjj|jd|}|dkrt|r|j|Sntjj|jd|}|dkry|j|SWq|j|SXnt |jd|S(s Called when an attribute lookup has not found the attribute in the usual places (i.e. it is not an instance attribute nor is it found in the class tree for self). name is the attribute name.texportt xccdf_policyt_t_get_N( R t policy_exportRthas_keyRtgetRtcallablet_OSCAP_Object__func_wrapperR1(R"tnameRFtobj((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt __getattr__s$     cCst}|jtt||jt|jxdtjjD]S}|j|jdrHt tj|r|j |t |jdqqHqHWt |S(sLists all attributes inside this object. This is mainly used by auto-completion and for dir(obj) in interactive prompt. (only available in Python 2.6 and newer but doesn't hurt anything in older Pythons) RMi( RR*tdirRRRtiterkeyst startswithR RRR'tlentsorted(R"trettkey((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__dir__s (cOsd}x=|D]5}t|tr5||jf7}q ||f7}q Wtjj|jd}|dkr~tj||St d|jddS(Nt_newsname 's' is not defined(( R?R1RRRRQR RR;R(R"RARBRCRDRU((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__call__s  cCs|jj|r|j|Stjj|jd|}|dkrftjj|jd|}n|dkrvdSt|tr|j}n||j|S(Nt_set_t_add_( RRPRRQR RR?R1R(R"RTRHRU((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR3 s     cCs|jdkrtj|jS|jjdr|jddkrtjj|jd}|dkrt|r||jdt j |ddqqt d|jfndS(Ntoval_agent_sessionRt_frees Can't free %s( R Rtoval_agent_destroy_sessionRRRPRRQRRR2R3R(R"RU((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR%"s%  cCs|dtd||dS(Nit xccdf_rulei(R1(R"truleRU((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__start_callback/scCs|dtd||dS(Nitxccdf_rule_resulti(R1(R"t rule_resultRU((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt__output_callback2scCsG|jdkr(td|jfntj|j|j||fS(Ntxccdf_policy_models4Wrong call of register_start_callback function on %s(R R@Rt-xccdf_policy_model_register_start_callback_pyRt_OSCAP_Object__start_callback(R"tcbtusr((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytregister_start_callback5scCsG|jdkr(td|jfntj|j|j||fS(NRls5Wrong call of register_output_callback function on %s(R R@Rt.xccdf_policy_model_register_output_callback_pyRt_OSCAP_Object__output_callback(R"RoRp((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytregister_output_callback9scCs>|jdkr(td|jfntj|j|jS(NRls1Wrong call of register_engine_oval function on %s(R R@Rt'xccdf_policy_model_register_engine_ovalR(R"tsess((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytregister_engine_oval=scCs>|jdkr(td|jfntj|j|jS(NRls0Wrong call of register_engine_sce function on %s(R R@Rt&xccdf_policy_model_register_engine_sceR(R"t parameters((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytregister_engine_sceAscCsG|jdkr(td|jfntj|j|j||fS(Ntovals3Wrong call of oval_agent_eval_system function on %s(R R@Rtoval_agent_eval_system_pyRRs(R"RvRoRp((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytagent_eval_systemEscCs8|jdkr(td|jfntj|jS(Ntoval_probe_session_ts=Wrong call of oval_probe_session_query_sysinfo function on %s(R R@Rt oval_probe_session_query_sysinfoR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt query_sysinfoIscCs8|jdkr(td|jfntj|jS(NR~s=Wrong call of oval_probe_session_query_objects function on %s(R R@Rt oval_probe_session_query_objectsR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt query_objectsMscCsJ|jdkr(td|jfntj||||j||fS(Ntoscaps.Wrong call of validate_document function on %s(R R@Rtoscap_validate_document_pyRs(R"tfiletdoctypetversionRoRp((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytvalidate_documentQscCs;|jdkr(td|jfntj|||S(NRs2Wrong call of text_xccdf_substitute function on %s(R R@Rtoscap_text_xccdf_substitute_py(R"ttextRoRp((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyttext_xccdf_substituteUscCs|jdkr.|j}|dkr4dSn|}g}|jtjkre|j|jjn/|jtj kr|j|j jngSx$|j D]}|j|j qW|S(Nt xccdf_item( R tto_itemRRRtXCCDF_BENCHMARKR*t to_benchmarktvaluest XCCDF_GROUPtto_grouptcontenttget_all_values(R"R#RR((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR[s  c Cs|jdkr(td|jfng}g}|dkr|jr|xT|jD]"}|j|j|d|qSWn$x!|jD]}|j|j qW|S|j j j |}|j tjkrtd||j fn|j}xq|jD]f}|jr?xT|jD]"}|j|j|d|qWqx!|jD]}|j|j qIWqWxB|j j jD].} | j|krz|j|j| qzqzW|S(sget_values_by_rule_id -- Get all Value elements that are referenced by rule with specified ID If check is not None, then it is (very ugly) recursive call RLsPWrong call of "get_values_by_rule_id" function. Should be xccdf_policy (have %s)tchecks:Wrong type of item with id "%s". Expected XCCDF_RULE, got N(R R@RtcomplextchildrenR*tget_values_by_rule_idtexportsR'RHtmodelt benchmarktget_itemRRt XCCDF_RULEtto_ruletchecksRtidt_OSCAP_Object__parse_value( R"RRtitemsRtchildRKR#RgRH((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRos2  #  #c Csi}|j|d<|jjj|ddSx|D]}d}|jjj|dj}x0|jD]%}|d|j krz|j }qzqzWd}}}xP|j j D]A} | j|dkr| j }| j}|j j j| qqWxG|j jD]8} | j|dkr| j }|j jj| qqW|dkr|dkrtj} |d| _|| _ |dkr|| _ n|dkrx|D]} | j| qWn|j j| qE|dkrEtj} |d| _|d| _ |j j| qEqEWdS(sxccdf_policy.set_tailor_items(items) -- Set tailored items to selected XCCDF Profile Function will set all refine-values, setvalues to the selected XCCDF Policy's profile. All refines should be specified in 'items' list. All existing refine elements that are not included in 'items' list will be let unchanched. Example: value = { "id": value_id "value": default_value } items = [value] xccdf_policy.set_tailor_items(items)RLsKWrong call of "set_tailor_items" function. Should be xccdf_policy (have %s)iNRRHR(R R@RZRRRR#tto_valueRRHRRRtopertremarksRRtxccdft refine_valuet add_remarktadd_refine_valuetsetvaluet add_setvalue( R"RR#RRHRRRRRRtremark((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytset_tailor_itemssF               cCsk|jdkr(td|jfn|dkrCtdn|jjj|j}|dkrtd|fn| r| r| rdSt j }||_x^|j j D]O}|j|kr|j |_ |j|_|j|_|j j j|qqW|dkr'||_ n|dkr?||_n|dkrW||_n|j j|dS(s,xccdf_policy.set_refine_rules(refines) -- Set weight, severity and role of the rule in selected Profile. Function will set all refine-rules to the selected XCCDF Policy's profile. Example: xccdf_policy.set_refine_rule("rul-2.1", severity=oscap.XCCDF_SEVERITY_HIGH) RLsJWrong call of "set_refine_rule" function. Should be xccdf_policy (have %s)s;Missing ID of rule in xccdf_policy.set_refine_rule functions Rule "%s" not found in benchmarkN(R R@RtAttributeErrorRRR#RRRt refine_ruleRt refine_rulestweighttseveritytroleRtadd_refine_rule(R"RRRRRgtrefinetr_rule((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytset_refine_rules0             cCs,|jdkr(td|jfndS(sZxccdf_policy.get_all_rules() -- Get all rules/selectors and titles from benchmark RLsHWrong call of "get_all_rules" function. Should be xccdf_policy (have %s)N(R R@(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt get_all_rulesCscCs|jdkr(td|jfnxE|jD]:}|j|krSt|_q2|j|jt|_q2Wx9|D]1}tj }t|_||_|j |qwWdS(sxccdf_policy.set_rules(rules) -- Set which rules are selected by given XCCDF Profile Function set selectors for given XCCDF Policy's profile. Selectors are represented by ID strings in 'rules' list. All existing selectors that are not included in 'rules' list will be deleted. Example: # We want to have selected only first rule and second group xccdf_policy.set_rules(["id-rule-1", "id-group-2"])RLsDWrong call of "set_rules" function. Should be xccdf_policy (have %s)N( R R@tselectsR#tFalseRRtTrueRtselectt add_select(R"trulesRR((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyt set_rulesKs       cCs>|d krd Stjtjj|}|}|j|}|jd krtjrktj }nd}t d||fn|j |}|j }g} i} i} xS|j D]H} | |kr|| } ntjj|| } tjj| rtj| }|jd kr_tjr@tj }nd}t d| |fn| j|tj|| }|d ks|jd krtjrtj }nd}t d| |fn|| | <||g| | <|j|qd| fGHqW|ji| d6| d6|d6|d 6| d 6S( sDxccdf.init(path) -- Initialize openscap library Provides standard initialization of OPENScap library. Parameter 'path' is the path to XCCDF File. Parameter 'paths' is dictionary where key is file identificator and value path to the file. Initialization has next steps: - Parse oscap configuration file with path to XML files - Import default XCCDF document as specified in configuration file - Import all definitions files that are required for XCCDF evaluation Function returns dictionary with keys: "policy_model" - XCCDF Policy Model loaded from XCCDF file "def_models" - list of OVAL Definitions models from OVAL files "sessions" - dictionary of OVAL Agent sessions provided by OVAL Definitions models All returned objects have to be freed by user. Use functions: retval["policy_model"].free() for model in retval["def_models"]: model.free() for sess in retval["sessions"]: sess.free() sCUnknown error, please report this bug (http://bugzilla.redhat.com/)s!Benchmark "%s" loading failed: %ss+Cannot import definition model for "%s": %ss(Cannot create agent session for "%s": %ss@WARNING: Skipping %s file which is referenced from XCCDF contentt def_modelstsessionst policy_modelt xccdf_pathtnamesN(RRt oscap_inittostpathRtbenchmark_importRt oscap_errtoscap_err_descR Rt get_fileststringsRtexistsR{tdefinition_model_importR'tagent_new_sessionRwR%(R"RtpathsRtf_XCCDFRRRtfilesRRRRtf_OVALt def_modelRv((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytinitdsP           cCs|jdkr(td|jfn|j}|p=d|_tj} || _| |_|j|g} |jj j} x)| j D]} |j || j |_ qW| j || j|tjj|} x|jD]}||}tj|}|d}tj|jdtjj| || j||r|j}xYt|jD]E\}}d||f}|jtjj| || j|qeWqqW| S(s+Export all files for given policy. RLsAWrong call of "export" function. Should be xccdf_policy (have %s)s benchmark.xmls .result.xmls%s.variables-%d.xmlN(R R@tclonet benchmark_uritcommonRRt fill_sysinfoRRtmodelstscoretsystemt add_resultRKRRRtkeysR{tagent_get_results_modelRtoval_results_model_exportRRRR'tdefinition_modelt enumeratetvariable_models(R"tresultRtfilenametprefixRRt variablest result_cloneto_titleRtbenchmark_cloneRRRvtrmodeltpfiletdmodelRtvmodeltvfile((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyROs8          %  cCsFtjx5|d|dj|dgD]}|jq.WdS(NRRR(Rt oscap_cleanupRR%(R"tsdirR((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytdestroys *N(&R.R/R0RR4t staticmethodR;R<R=RSRVR^R`R3R%RnRsRqRtRwRzR}RRRRRRRRRRRRRRROR (((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR1vsB     ,                ' ?  0(   @/tDS_ClasscBseZdZdZRS(cCstj|dddS(NR tds(R2R3(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4scCsdtt|fS(Ns'(thexR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=s(R.R/R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR s t_XCCDF_Benchmark_ClasscBseZdZdZRS(cCs3tj|ddtj|dtj|dS(NR txccdf_benchmarkR(R2R3Rtxccdf_benchmark_import(R"R((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4scCsdtt|fS(Ns.(RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=s(R.R/R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRs t XCCDF_ClasscBs#eZdZdZdZRS(cCs0tj|ddtj|dtjdS(NR RR(R2R3Rtxccdf_benchmark_supported(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4scCsdtt|fS(Ns*(RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=scCs t|S(N(R(R"R((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRs(R.R/R4R=R(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRs  t OVAL_ClasscBseZdZdZRS(cCs0tj|ddtj|dtjdS(NR R{R(R2R3Rtoval_definition_model_supported(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4 scCsdtt|fS(Ns)(RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=s(R.R/R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRs t CVE_ClasscBs eZdZdZdZRS(s CVE Class cCstj|dddS(NR tcve(R2R3(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4scCsdtt|fS(Ns((RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=s(R.R/R0R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyRs t CPE_ClasscBs eZdZdZdZRS(s CPE Class cCsItj|ddtj|ddtjtjtjfdS(NR tcpeRs(CPE Lang: %s; CPE Dict: %s; CPE Name: %s(R2R3Rtcpe_lang_model_supportedtcpe_dict_model_supportedtcpe_name_supported(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4*s   cCsdtt|fS(Ns((RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=2s(R.R/R0R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR%s t CVSS_ClasscBs eZdZdZdZRS(s CVSS Class cCs0tj|ddtj|dtjdS(NR tcvssR(R2R3Rtcvss_model_supported(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4=scCsdtt|fS(Ns)(RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=Bs(R.R/R0R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR8s t CCE_ClasscBs eZdZdZdZRS(s CCE Class cCstj|dddS(NR tcce(R2R3(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4MscCsdtt|fS(Ns((RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=Rs(R.R/R0R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR Hs t SCE_ClasscBs eZdZdZdZRS(s SCE Class cCstj|dddS(NR tsce(R2R3(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR4]scCsdtt|fS(Ns((RR(R"((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR=bs(R.R/R0R4R=(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pyR"Xs R("R0t __author__t __version__tloggingt getLoggertloggertsysRRRRRRRR R1R RRRRRRR R"R RR{RR!RRR#R(((s2/usr/lib/python2.7/vendor-packages/openscap_api.pytsD     <i