1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
package models
import (
"strings"
"time"
"github.com/ymomoi/goval-parser/oval"
)
type distroPackage struct {
osVer string
pack Package
}
// ConvertDebianToModel Convert OVAL to models
func ConvertDebianToModel(root *oval.Root) (defs []Definition) {
for _, ovaldef := range root.Definitions.Definitions {
rs := []Reference{}
for _, r := range ovaldef.References {
rs = append(rs, Reference{
Source: r.Source,
RefID: r.RefID,
RefURL: r.RefURL,
})
}
for _, distPack := range collectDebianPacks(ovaldef.Criteria) {
const timeformat = "2006-01-02"
t, _ := time.Parse(timeformat, ovaldef.Debian.Date)
def := Definition{
DefinitionID: ovaldef.ID,
Title: ovaldef.Title,
Description: ovaldef.Description,
Debian: Debian{
CveID: ovaldef.Title,
MoreInfo: ovaldef.Debian.MoreInfo,
Date: t,
},
AffectedPacks: []Package{distPack.pack},
References: rs,
}
defs = append(defs, def)
}
}
return
}
func collectDebianPacks(cri oval.Criteria) []distroPackage {
return walkDebian(cri, "", []distroPackage{})
}
func walkDebian(cri oval.Criteria, osVer string, acc []distroPackage) []distroPackage {
for _, c := range cri.Criterions {
if strings.HasPrefix(c.Comment, "Debian ") &&
strings.HasSuffix(c.Comment, " is installed") {
osVer = strings.TrimSuffix(strings.TrimPrefix(c.Comment, "Debian "), " is installed")
}
ss := strings.Split(c.Comment, " DPKG is earlier than ")
if len(ss) != 2 {
continue
}
// "0" means notyetfixed or erroneous information.
// Not available because "0" includes erroneous info...
if ss[1] == "0" {
continue
}
acc = append(acc, distroPackage{
osVer: osVer,
pack: Package{
Name: ss[0],
Version: strings.Split(ss[1], " ")[0],
},
})
}
if len(cri.Criterias) == 0 {
return acc
}
for _, c := range cri.Criterias {
acc = walkDebian(c, osVer, acc)
}
return acc
}
|
