openscap-1.3/cvrf__priv_8h_source.html

/*

 * Copyright 2017 Red Hat Inc., Durham, North Carolina.

 * All Rights Reserved.

 *

 * This library is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public

 * License as published by the Free Software Foundation; either

 * version 2.1 of the License, or (at your option) any later version.

 *

 * This library is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public

 * License along with this library; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

 *

 * Authors:

 *              Katarina Jankov <kj226@cornell.edu>

 *

 */

#ifndef CVRF_PRIV_H_

#define CVRF_PRIV_H_


#include <libxml/xmlreader.h>

#include <libxml/tree.h>

#include <libxml/xpath.h>

#include <libxml/parser.h>

#include <libxml/xpathInternals.h>


#include "../common/list.h"

#include "../common/elements.h"

#include "cvrf.h"


// namespaces

#define CVRF_NS BAD_CAST "http://www.icasi.org/CVRF/schema/cvrf/1.1"

#define PROD_NS BAD_CAST "http://www.icasi.org/CVRF/schema/prod/1.1"

#define VULN_NS BAD_CAST "http://www.icasi.org/CVRF/schema/vuln/1.1"


/*-----------------------------------------------------------------------------------------*\

|                                                                       CVRF Enum Definitions                                                                   |

\*-----------------------------------------------------------------------------------------*/


/************************************************************************************************

 * Type attribute of a DocumentPublisher element and Party attribute of an Involvement element

 * (these must match in the same document)

 */

typedef enum {

        CVRF_DOC_PUBLISHER_UNKNOWN = 0,

        CVRF_DOC_PUBLISHER_VENDOR,

        CVRF_DOC_PUBLISHER_DISCOVERER,

        CVRF_DOC_PUBLISHER_COORDINATOR,

        CVRF_DOC_PUBLISHER_USER,

        CVRF_DOC_PUBLISHER_OTHER,

} cvrf_doc_publisher_type_t;


cvrf_doc_publisher_type_t cvrf_doc_publisher_get_type(struct cvrf_doc_publisher *publisher);


cvrf_doc_publisher_type_t cvrf_involvement_get_party(struct cvrf_involvement *involve);


cvrf_doc_publisher_type_t cvrf_doc_publisher_type_parse(xmlTextReaderPtr reader);


cvrf_doc_publisher_type_t cvrf_involvement_party_parse(xmlTextReaderPtr reader);


const char *cvrf_doc_publisher_type_get_text(cvrf_doc_publisher_type_t type);


/************************************************************************************************

 * Type represented as a child node of the DocumentTracking element

 * Refers to stage of completeness of the document and likelihood of it changing

 */

typedef enum {

        CVRF_DOC_STATUS_UNKNOWN = 0,

        CVRF_DOC_STATUS_DRAFT,

        CVRF_DOC_STATUS_INTERIM,

        CVRF_DOC_STATUS_FINAL,

} cvrf_doc_status_type_t;


cvrf_doc_status_type_t cvrf_doc_tracking_get_status(struct cvrf_doc_tracking *tracking);


cvrf_doc_status_type_t cvrf_doc_status_type_parse(xmlTextReaderPtr reader);


const char *cvrf_doc_status_type_get_text(cvrf_doc_status_type_t type);


/************************************************************************************************

 * Type attribute of the Note element

 * Category of information provided by a Note element

 */

typedef enum {

        CVRF_NOTE_UNKNOWN = 0,

        CVRF_NOTE_GENERAL,

        CVRF_NOTE_DETAILS,

        CVRF_NOTE_DESCRIPTION,

        CVRF_NOTE_SUMMARY,

        CVRF_NOTE_FAQ,

        CVRF_NOTE_LEGAL_DISCLAIMER,

        CVRF_NOTE_OTHER,

} cvrf_note_type_t;


cvrf_note_type_t cvrf_note_get_note_type(const struct cvrf_note *note);


cvrf_note_type_t cvrf_note_type_parse(xmlTextReaderPtr reader);


const char *cvrf_note_type_get_text(cvrf_note_type_t type);


/************************************************************************************************

 * Type attribute of the Reference element

 * Indicates whether the reference refers to a document or to an external source

 */

typedef enum {

        CVRF_REFERENCE_UNKNOWN = 0,

        CVRF_REFERENCE_EXTERNAL,

        CVRF_REFERENCE_SELF,

} cvrf_reference_type_t;


cvrf_reference_type_t cvrf_reference_get_reference_type(struct cvrf_reference *reference);


cvrf_reference_type_t cvrf_reference_type_parse(xmlTextReaderPtr reader);


const char *cvrf_reference_type_get_text(cvrf_reference_type_t type);


/************************************************************************************************

 * Type attribute of the Branch element

 * Category and context for the information provided in the Name attribute

 */

typedef enum {

        CVRF_BRANCH_UNKNOWN = 0,

        CVRF_BRANCH_VENDOR,

        CVRF_BRANCH_PRODUCT_FAMILY,

        CVRF_BRANCH_PRODUCT_NAME,

        CVRF_BRANCH_PRODUCT_VERSION,

        CVRF_BRANCH_PATCH_LEVEL,

        CVRF_BRANCH_SERVICE_PACK,

        CVRF_BRANCH_ARCHITECTURE,

        CVRF_BRANCH_LANGUAGE,

        CVRF_BRANCH_LEGACY,

        CVRF_BRANCH_SPECIFICATION,

} cvrf_branch_type_t;


cvrf_branch_type_t cvrf_branch_get_branch_type(struct cvrf_branch *branch);


cvrf_branch_type_t cvrf_branch_type_parse(xmlTextReaderPtr reader);


const char *cvrf_branch_type_get_text(cvrf_branch_type_t type);


/************************************************************************************************

 * RelationType attribute of the Relationship element

 * Defines how the products named in the ProductReference and RelatesToProductReference attributes

 * are related

 * EX:

 * <Relationship ProductReference="A" RelationType="?" RelatesToProductReference="B">

 */

typedef enum {

        CVRF_RELATIONSHIP_UNKNOWN = 0,

        CVRF_RELATIONSHIP_DEFAULT_COMPONENT,

        CVRF_RELATIONSHIP_OPTIONAL_COMPONENT,

        CVRF_RELATIONSHIP_EXTERNAL_COMPONENT,

        CVRF_RELATIONSHIP_INSTALLED_ON,

        CVRF_RELATIONSHIP_INSTALLED_WITH,

} cvrf_relationship_type_t;


cvrf_relationship_type_t cvrf_relationship_get_relation_type(struct cvrf_relationship *relation);


cvrf_relationship_type_t cvrf_relationship_type_parse(xmlTextReaderPtr reader);


const char *cvrf_relationship_type_get_text(cvrf_relationship_type_t type);


/************************************************************************************************

 * Status attribute of the Involvement element

 * Indicates level of involvement of the Party referenced in the Involvement's Party attribute

 */

typedef enum {

        CVRF_INVOLVEMENT_UNKNOWN = 0,

        CVRF_INVOLVEMENT_OPEN,

        CVRF_INVOLVEMENT_DISPUTED,

        CVRF_INVOLVEMENT_IN_PROGRESS,

        CVRF_INVOLVEMENT_COMPLETED,

        CVRF_INVOLVEMENT_CONTACT_ATTEMPTED,

        CVRF_INVOLVEMENT_NOT_CONTACTED,

} cvrf_involvement_status_type_t;


cvrf_involvement_status_type_t cvrf_involvement_get_status_type(struct cvrf_involvement *involve);


cvrf_involvement_status_type_t cvrf_involvement_status_type_parse(xmlTextReaderPtr reader);


const char *cvrf_involvement_status_type_get_text(cvrf_involvement_status_type_t type);


/************************************************************************************************

 * Type attribute of the Status element

 * Indicates the status of products with regards to a Vulnerability: whether this Vulnerability

 * is known to affect the product, whether a fix exists for the version in the release, etc.

 */

typedef enum {

        CVRF_PRODUCT_STATUS_UNKNOWN = 0,

        CVRF_PRODUCT_STATUS_FIRST_AFFECTED,

        CVRF_PRODUCT_STATUS_KNOWN_AFFECTED,

        CVRF_PRODUCT_STATUS_KNOWN_NOT_AFFECTED,

        CVRF_PRODUCT_STATUS_FIRST_FIXED,

        CVRF_PRODUCT_STATUS_FIXED,

        CVRF_PRODUCT_STATUS_RECOMMENDED,

        CVRF_PRODUCT_STATUS_LAST_AFFECTED,

} cvrf_product_status_type_t;


cvrf_product_status_type_t cvrf_product_status_get_type(struct cvrf_product_status *stat);


cvrf_product_status_type_t cvrf_product_status_type_parse(xmlTextReaderPtr reader);


const char *cvrf_product_status_type_get_text(cvrf_product_status_type_t product_status_type);


/************************************************************************************************

 * Type attribute of the Threat element

 * Category of information the Threat provides about the Vulnerability; gives context about

 * impact and damage done by the Vulnerability

 */

typedef enum {

        CVRF_THREAT_UNKNOWN = 0,

        CVRF_THREAT_IMPACT,

        CVRF_THREAT_EXPLOIT_STATUS,

        CVRF_THREAT_TARGET_SET,

} cvrf_threat_type_t;


cvrf_threat_type_t cvrf_threat_get_threat_type(struct cvrf_threat *threat);


cvrf_threat_type_t cvrf_threat_type_parse(xmlTextReaderPtr reader);


const char *cvrf_threat_type_get_text(cvrf_threat_type_t threat_type);


/************************************************************************************************

 * Type attribute of the Remediation element

 * Category of and status about ways to avoid, mitigate, or resolve a Vulnerability

 */

typedef enum {

        CVRF_REMEDIATION_UNKNOWN = 0,

        CVRF_REMEDIATION_WORKAROUND,

        CVRF_REMEDIATION_MITIGATION,

        CVRF_REMEDIATION_VENDOR_FIX,

        CVRF_REMEDIATION_NONE_AVAILABLE,

        CVRF_REMEDIATION_WILL_NOT_FIX,

} cvrf_remediation_type_t;


cvrf_remediation_type_t cvrf_remediation_get_type(struct cvrf_remediation *remed);


cvrf_remediation_type_t cvrf_remediation_type_parse(xmlTextReaderPtr reader);


const char *cvrf_remediation_type_get_text(cvrf_remediation_type_t remediation_type);


/************************************************************************************************

 * @struct cvrf_item_spec

 * Maps a cvrf_item_type_t enum to its text representation within a CVRF XML file,

 * as well as the parent container (if one exists)

 */

struct cvrf_item_spec;


typedef enum {

        CVRF_ITEM_UNKNOWN = 0,

        CVRF_DOCUMENT_PUBLISHER,

        CVRF_DOCUMENT_TRACKING,

        CVRF_REVISION,

        CVRF_DOCUMENT_NOTE,

        CVRF_DOCUMENT_REFERENCE,

        CVRF_ACKNOWLEDGMENT,

        CVRF_PRODUCT_TREE,

        CVRF_BRANCH,

        CVRF_GROUP,

        CVRF_RELATIONSHIP,

        CVRF_PRODUCT_NAME,

        CVRF_VULNERABILITY,

        CVRF_VULNERABILITY_CWE,

        CVRF_NOTE,

        CVRF_INVOLVEMENT,

        CVRF_SCORE_SET,

        CVRF_PRODUCT_STATUS,

        CVRF_THREAT,

        CVRF_REMEDIATION,

        CVRF_REFERENCE,

} cvrf_item_type_t;


const char *cvrf_item_type_get_text(cvrf_item_type_t type);


cvrf_item_type_t cvrf_item_type_from_text(const char *item);


bool cvrf_is_valid_item_type(const char *item);


const char *cvrf_item_type_get_container(cvrf_item_type_t type);


bool cvrf_item_type_has_container(cvrf_item_type_t type);


/*-----------------------------------------------------------------------------------------*\

|                                                       CVRF Parsing & Serialization Functions                                                  |

\*-----------------------------------------------------------------------------------------*/


struct cvrf_remediation *cvrf_remediation_parse(xmlTextReaderPtr reader);


struct cvrf_score_set *cvrf_score_set_parse(xmlTextReaderPtr reader);


struct cvrf_threat *cvrf_threat_parse(xmlTextReaderPtr reader);


struct cvrf_product_status *cvrf_product_status_parse(xmlTextReaderPtr reader);


struct cvrf_involvement *cvrf_involvement_parse(xmlTextReaderPtr reader);


struct cvrf_vulnerability_cwe *cvrf_vulnerability_cwe_parse(xmlTextReaderPtr reader);


struct cvrf_vulnerability *cvrf_vulnerability_parse(xmlTextReaderPtr reader);


struct cvrf_product_name *cvrf_product_name_parse(xmlTextReaderPtr reader);


struct cvrf_group *cvrf_group_parse(xmlTextReaderPtr reader);


struct cvrf_relationship *cvrf_relationship_parse(xmlTextReaderPtr reader);


struct cvrf_branch *cvrf_branch_parse(xmlTextReaderPtr reader);


struct cvrf_product_tree *cvrf_product_tree_parse(xmlTextReaderPtr reader);


struct cvrf_acknowledgment *cvrf_acknowledgment_parse(xmlTextReaderPtr reader);


struct cvrf_reference *cvrf_reference_parse(xmlTextReaderPtr reader);


struct cvrf_note *cvrf_note_parse(xmlTextReaderPtr reader);


struct cvrf_revision *cvrf_revision_parse(xmlTextReaderPtr reader);


struct cvrf_doc_tracking *cvrf_doc_tracking_parse(xmlTextReaderPtr reader);


struct cvrf_doc_publisher *cvrf_doc_publisher_parse(xmlTextReaderPtr reader);


struct cvrf_document *cvrf_document_parse(xmlTextReaderPtr reader);


struct cvrf_model *cvrf_model_parse(xmlTextReaderPtr reader);


struct cvrf_index *cvrf_index_parse_xml(struct oscap_source *index_source);


void cvrf_element_add_container(struct oscap_list *list, cvrf_item_type_t cvrf_type, xmlNode *parent);


void cvrf_element_add_stringlist(struct oscap_stringlist *list, const char *tag_name, xmlNode *parent);


void cvrf_element_add_attribute(const char *attr_name, const char *attr_value, xmlNode *element);


void cvrf_element_add_child(const char *elm_name, const char *elm_value, xmlNode *parent);


xmlNode *cvrf_element_to_dom(const char *elm_name, const char *elm_value);


xmlNode *cvrf_remediation_to_dom(const struct cvrf_remediation *remed);


xmlNode *cvrf_threat_to_dom(const struct cvrf_threat *threat);


xmlNode *cvrf_score_set_to_dom(const struct cvrf_score_set *score_set);


xmlNode *cvrf_product_status_to_dom(const struct cvrf_product_status *stat);


xmlNode *cvrf_involvement_to_dom(const struct cvrf_involvement *involve);


xmlNode *cvrf_vulnerability_cwe_to_dom(const struct cvrf_vulnerability_cwe *vuln_cwe);


xmlNode *cvrf_vulnerability_to_dom(const struct cvrf_vulnerability *vuln);


xmlNode *cvrf_product_name_to_dom(struct cvrf_product_name *full_name);


xmlNode *cvrf_group_to_dom(const struct cvrf_group *group);


xmlNode *cvrf_relationship_to_dom(const struct cvrf_relationship *relation);


xmlNode *cvrf_branch_to_dom(struct cvrf_branch *branch);


xmlNode *cvrf_product_tree_to_dom(struct cvrf_product_tree *tree);


xmlNode *cvrf_acknowledgment_to_dom(struct cvrf_acknowledgment *ack);


xmlNode *cvrf_reference_to_dom(struct cvrf_reference *ref);


xmlNode *cvrf_note_to_dom(struct cvrf_note *note);


xmlNode *cvrf_revision_to_dom(struct cvrf_revision *revision);


xmlNode *cvrf_doc_tracking_to_dom(struct cvrf_doc_tracking *tracking);


xmlNode *cvrf_doc_publisher_to_dom(struct cvrf_doc_publisher *publisher);


xmlNode *cvrf_document_to_dom(struct cvrf_document *document);


xmlNode *cvrf_model_to_dom(struct cvrf_model *model, xmlDocPtr doc, xmlNode *parent, void *user_args);


xmlNode *cvrf_index_to_dom(struct cvrf_index *index, xmlDocPtr doc, xmlNode *parent, void *user_args);


bool cvrf_product_vulnerability_fixed(struct cvrf_vulnerability *vuln, const char *product);


#endif                          /* _CVRF_PRIV_H_ */

cvrf.h
Interface to Common Vulnerability Reporting Framework.

cvrf_acknowledgment
Definition: cvrf_priv.c:841

cvrf_branch
Definition: cvrf_priv.c:685

cvrf_doc_publisher
Definition: cvrf_priv.c:1068

cvrf_doc_tracking
Definition: cvrf_priv.c:990

cvrf_document
Definition: cvrf_priv.c:1162

cvrf_group
Definition: cvrf_priv.c:592

cvrf_index
Definition: cvrf_priv.c:1312

cvrf_involvement
Definition: cvrf_priv.c:316

cvrf_item_spec
Definition: cvrf_enumeration.c:241

cvrf_model
Definition: cvrf_priv.c:1238

cvrf_note
Definition: cvrf_priv.c:896

cvrf_product_name
Definition: cvrf_priv.c:556

cvrf_product_status
Definition: cvrf_priv.c:275

cvrf_product_tree
Definition: cvrf_priv.c:753

cvrf_reference
Definition: cvrf_priv.c:1118

cvrf_relationship
Definition: cvrf_priv.c:636

cvrf_remediation
Definition: cvrf_priv.c:64

cvrf_revision
Definition: cvrf_priv.c:949

cvrf_score_set
Definition: cvrf_priv.c:133

cvrf_threat
Definition: cvrf_priv.c:216

cvrf_vulnerability_cwe
Definition: cvrf_priv.c:362

cvrf_vulnerability
Definition: cvrf_priv.c:399

oscap_list
Definition: list.h:53

oscap_source
Definition: oscap_source.c:66

oscap_stringlist
A collection of strings.