These patches allow for generation of cpe-dictionary and cpe-oval files. The
cpe-oval file is extracted from whatever definitions are of the "inventory"
class in the main body of OVAL content. The cpe-dictionary file is generated
from a template which lives in input/checks/platform, whose fields are then
adjusted to properly reference the OVAL filename and definitions. I am not
terribly happy with this, but it is the most elegant thing I could come up with
in the short term.
Before long, we may also re-arrange the content filenames to be like
organization-product-scapacronym.xml, which is apparently considered "best
practice". It will, however, still be easy for any consumer of the content to
change the identifier when building the content by changing $(ID) in the
Makefile.
This is not terribly elegant, but again it is designed to ease creation
of the CPE files that some scanning tools apparently require.
Jeffrey Blank (4):
updated OVAL inventory check with reasonable IDs * will need to
be expanded later, or possibly joined later by inventory
checks for other versions of RHEL 6 to which the content applies
added lines to "content" Makerule to also generate CPE-related files,
made ID variable for filename instances in case we decide to
change/shorten to "scapguide"
added new CPE dictionary file (with fields that are adjusted by
cpe_generate.py script during the ID/filename "linking" phase)
new script to create CPE files * the script creates a cpe-oval
file from inventory definitions, links it to cpe-dictionary file
RHEL6/Makefile | 26 +++--
RHEL6/input/checks/installed_OS_is_rhel6.xml | 36 +++---
.../input/checks/platform/rhel6-cpe-dictionary.xml | 10 ++
RHEL6/transforms/cpe_generate.py | 109 ++++++++++++++++++++
4 files changed, 153 insertions(+), 28 deletions(-)
create mode 100644 RHEL6/input/checks/platform/rhel6-cpe-dictionary.xml
create mode 100755 RHEL6/transforms/cpe_generate.py