You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2007/04/25 00:26:38 UTC
svn commit: r532111 - in /httpd/site/trunk:
docs/security/vulnerabilities-oval.xml xdocs/stylesheets/httpd-oval.xsl
Author: nd
Date: Tue Apr 24 15:26:37 2007
New Revision: 532111
URL: http://svn.apache.org/viewvc?view=rev&rev=532111
Log:
newlines
Modified:
httpd/site/trunk/docs/security/vulnerabilities-oval.xml (props changed)
httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl (contents, props changed)
Propchange: httpd/site/trunk/docs/security/vulnerabilities-oval.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl?view=diff&rev=532111&r1=532110&r2=532111
==============================================================================
--- httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl (original)
+++ httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl Tue Apr 24 15:26:37 2007
@@ -1,372 +1,372 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Transform vulnerabilities-httpd.xml into OVAL -->
-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" version="2.0">
- <xsl:output method="text"/>
- <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" name="xml"/>
- <!--
- The following keys are used when generating a unique list of values to loop over.
- -->
- <xsl:key name="cveids" match="/security/issue/cve" use="@name"/>
- <xsl:key name="httpd_versions" match="/security/issue/affects[@prod = 'httpd'] | /security/issue/maybeaffects[@prod = 'httpd']" use="@version"/>
- <!--
- The directory where the output files should be written. Make sure a trailing
- slash is present.
- -->
- <xsl:variable name="output_directory">./oval/</xsl:variable>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template match="/">
- <xsl:call-template name="print_combined_file"/>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="print_combined_file">
- <!--
- TEMPLATE - print_combined_file
-
- This template is used to create a combined xml file that has all the OVAL
- definitions in a single document. Tests, objects, and states are reused
- whenever possible.
- -->
- <xsl:variable name="filename" select="'httpd-oval-combined.xml'"/>
- <!-- <xsl:result-document href="{$output_directory}{$filename}" format="xml">-->
- <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:apache-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#apache apache-definitions-schema.xsd">
- <generator>
- <oval:schema_version>5.1</oval:schema_version>
- <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
- </generator>
- <definitions>
- <!--
- For each unique CVE id, create a new OVAL definition. This
- definition might span a couple of different issues, and this
- will be reflected in the criteria.
- -->
- <xsl:for-each select="//cve[generate-id() = generate-id(key('cveids',@name)[1])]">
- <xsl:call-template name="httpd_definition">
- <xsl:with-param name="cveid" select="@name"/>
- </xsl:call-template>
- </xsl:for-each>
- </definitions>
- <tests>
- <!--
- For each <affects> or <maybeaffects> element found across every
- <issue> in the source document, generate an OVAL test to represent
- it. These tests are used by the definitions created above.
- -->
- <xsl:for-each select="//affects[generate-id() = generate-id(key('httpd_versions',@version)[1])] | //maybeaffects[generate-id() = generate-id(key('httpd_versions',@version)[1])] ">
- <xsl:call-template name="httpd_test"/>
- </xsl:for-each>
- </tests>
- <objects>
- <!--
- The httpd test in OVAL always references the same object that
- represents the collection of all httpd binaries on the system.
- This object is used by each of the tests created above.
- -->
- <xsl:call-template name="httpd_object"/>
- </objects>
- <states>
- <!--
- For each <affects> or <maybeaffects> element found across every
- <issue> in the source document, generate an OVAL state to
- represent the version comparision. These states are used by the
- tests created above.
- -->
- <xsl:for-each select="//affects[generate-id() = generate-id(key('httpd_versions',@version)[1])] | //maybeaffects[generate-id() = generate-id(key('httpd_versions',@version)[1])] ">
- <xsl:call-template name="httpd_state"/>
- </xsl:for-each>
- </states>
- </oval_definitions>
- <!-- </xsl:result-document>-->
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="print_individual_files">
- <!--
- TEMPLATE - print_individual_files
-
- This template is used to create an individual xml file for each OVAL
- definitions. A separate definition is created for each unique instance of
- a CVE id. The opening <for-each> loop is used to cycle over all the unique
- CVE ids found in the sorce document.
- -->
- <xsl:for-each select="//cve[generate-id() = generate-id(key('cveids',@name)[1])]">
- <xsl:variable name="cveid" select="@name"/>
- <!--
- For each CVE id, create a new OVAL Definition file. The filename in this
- case is generated from numbers of the CVE id. Since there is only one
- definition per CVE, we can be confident that this is unique.
- -->
- <xsl:variable name="filename" select="concat(substring($cveid,5,4),substring($cveid,10),'.xml')"/>
- <xsl:result-document href="{$output_directory}{$filename}" format="xml">
- <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:apache-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#apache apache-definitions-schema.xsd">
- <generator>
- <oval:schema_version>5.1</oval:schema_version>
- <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
- </generator>
- <definitions>
- <!--
- Call the definition template for the current CVE id.
- -->
- <xsl:call-template name="httpd_definition">
- <xsl:with-param name="cveid" select="$cveid"/>
- </xsl:call-template>
- </definitions>
- <tests>
- <!--
- A test needs to be produced for each unique <affects> and
- <maybeaffects> element found in the issues related to this
- specific CVE id.
- -->
- <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
- <xsl:for-each select="./affects | ./maybeaffects">
- <!--
- TODO: If there is an <affects> or <maybeaffects> with
- an OS attribute, then we need to print the test for that
- OS. We will also have to print the associated object
- and state.
- -->
- <xsl:call-template name="httpd_test"/>
- </xsl:for-each>
- </xsl:for-each>
- </tests>
- <objects>
- <!--
- The httpd test in OVAL always references the same object that
- represents the collection of all httpd binaries on the system.
- This object is used by each of the tests created above.
- -->
- <xsl:call-template name="httpd_object"/>
- </objects>
- <states>
- <!--
- For each <affects> or <maybeaffects> element found across every
- <issue> related to the specified CVE, generate an OVAL state to
- represent the version comparision. These states are used by the
- tests created above.
- -->
- <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
- <xsl:for-each select="./affects | ./maybeaffects">
- <xsl:call-template name="httpd_state"/>
- </xsl:for-each>
- </xsl:for-each>
- </states>
- </oval_definitions>
- </xsl:result-document>
- </xsl:for-each>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="httpd_definition">
- <xsl:param name="cveid"/>
- <!--
- TEMPLATE - httpd_definition
-
- This template is used to create an actual OVAL Definition. The id for this
- definition is built from the numbers found in the cve name. Since we are
- creating a single OVAL Definition per CVE, we can be confident that this
- value is unique. It is also repeatable since the CVE id won't change.
- -->
- <xsl:variable name="definition_id">oval:org.apache.httpd:def:<xsl:value-of select="substring($cveid,5,4)"/><xsl:value-of select="substring($cveid,10)"/></xsl:variable>
- <!--
- Print out the actual definition element.
- -->
- <xsl:element name="definition" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5">
- <xsl:attribute name="id"><xsl:value-of select="$definition_id"/></xsl:attribute>
- <xsl:attribute name="version">1</xsl:attribute>
- <xsl:attribute name="class">vulnerability</xsl:attribute>
- <!--
- Add the required metadata to the OVAL Definition. This information is
- required by the OVAL XML schema.
- -->
- <metadata>
- <title><xsl:value-of select="../title"/></title>
- <xsl:element name="reference">
- <xsl:attribute name="source">CVE</xsl:attribute>
- <xsl:attribute name="ref_id"><xsl:value-of select="$cveid"/></xsl:attribute>
- <xsl:attribute name="ref_url">http://cve.mitre.org/cgi-bin/cvename.cgi?name=<xsl:value-of select="$cveid"/></xsl:attribute>
- </xsl:element>
- <description><xsl:value-of select="../description/p"/></description>
- <!--
- The <apache_httpd_repository> piece of metadata is not required by
- the OVAL schema but is valid due the <xsd:any> tag found in the
- schema. This section is a place to put information specifice to
- apache httpd vulnerability report.
- -->
- <apache_httpd_repository>
- <public><xsl:value-of select="../@public"/></public>
- <reported><xsl:value-of select="../@reported"/></reported>
- <released><xsl:value-of select="../@released"/></released>
- <!--
- If a <severity> element exists for this issue in the source XML
- document, then create a similar <severity> element in the
- definition metadata.
- -->
- <xsl:if test="../severity">
- <xsl:element name="severity">
- <xsl:attribute name="level"><xsl:value-of select="../severity/@level"/></xsl:attribute>
- <xsl:value-of select="../severity"/>
- </xsl:element>
- </xsl:if>
- <!--
- If a <flaw> element exists for this issue in the source XML
- document, then create a similar <flaw> element in the
- definition metadata.
- -->
- <xsl:if test="../flaw">
- <xsl:element name="flaw">
- <xsl:attribute name="type"><xsl:value-of select="../flaw/@type"/></xsl:attribute>
- </xsl:element>
- </xsl:if>
- </apache_httpd_repository>
- </metadata>
- <!--
- Add the criteria to the OVAL Definition. This consists of all the
- individual tests required by the different <issue> elements found in
- the source xml document related to the specified CVE. The first step
- is to loop over each <issue> and print out a child <criteria> element
- that will group together the tests related to the <issue>. The second
- step is to loop over each <affects> or <maybeaffects> element and print
- out a corresponding <criterion> by calling the httpd_criteriontemplate.
- -->
- <criteria operator="OR">
- <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
- <criteria operator="OR">
- <xsl:for-each select="./affects | ./maybeaffects">
- <!--
- TODO: If there are <affects> or <maybeaffects> with an OS
- attribute, then we need to add a <criteria> element that
- ANDs an OS test with the ORd list of affected versions.
- -->
- <xsl:call-template name="httpd_criterion"/>
- </xsl:for-each>
- </criteria>
- </xsl:for-each>
- </criteria>
- </xsl:element>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="httpd_criterion">
- <!--
- TEMPLATE - httpd_criterion
-
- This template is used to create an individual <criterion> element. This
- element provides the link between a definition and a test. Each <criterion>
- references a test via the test id, which is determined by using the version
- (without the periods) of httpd being tested. This will work as long as we
- only have version tests.
- -->
- <xsl:variable name="test_id">oval:org.apache.httpd:tst:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
- <!--
- Create a comment for the test.
- -->
- <xsl:variable name="test_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
- <!--
- Create the actual criterion element
- -->
- <xsl:element name="criterion" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5">
- <xsl:attribute name="test_ref"><xsl:value-of select="$test_id"/></xsl:attribute>
- <xsl:attribute name="comment"><xsl:value-of select="$test_comment"/></xsl:attribute>
- </xsl:element>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="httpd_test">
- <!--
- TEMPLATE - httpd_test
-
- This template is used to create an individual <httpd_test>. This element
- binds an OVAL Object and an OVAL State with a check attribute. The test id
- is determined by using the version (without the periods) of httpd being
- tested for. This will work as long as we only have version tests.
- -->
- <xsl:variable name="test_id">oval:org.apache.httpd:tst:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
- <!--
- Create a comment for the test.
- -->
- <xsl:variable name="test_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
- <!--
- Create a unique state id. Attempting to use the version (without the periods)
- of httpd being tested for. This will work as long as we only have version
- tests. Note that we don't need to create an object id since every test
- references the same object, meaning the object and its id can be hard coded
- into this script.
- -->
- <xsl:variable name="state_id">oval:org.apache.httpd:ste:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
- <!--
- Print out the actual test element.
- -->
- <xsl:element name="httpd_test" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
- <xsl:attribute name="id"><xsl:value-of select="$test_id"/></xsl:attribute>
- <xsl:attribute name="version">1</xsl:attribute>
- <xsl:attribute name="comment"><xsl:value-of select="$test_comment"/></xsl:attribute>
- <xsl:attribute name="check">at least one</xsl:attribute>
- <!--
- Add the <object> and <state> elements to this test.
- -->
- <object object_ref="oval:org.apache.httpd:obj:1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache"/>
- <xsl:element name="state" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
- <xsl:attribute name="state_ref"><xsl:value-of select="$state_id"/></xsl:attribute>
- </xsl:element>
- </xsl:element>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="httpd_object">
- <!--
- TEMPLATE - httpd_object
-
- This template is used to create an <httpd_object>. Note that every
- <httpd_test> uses the same <httpd_object> so this template simply prints out
- that object and does not have to loop over any elements of the source xml
- file.
- -->
- <httpd_object id="oval:org.apache.httpd:obj:1" version="1" comment="the collection apache httpd binaries" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
- <notes xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
- <note>This is the single httpd object required by an apache httpd test and represents the collection of all httpd binaries on the system.</note>
- </notes>
- </httpd_object>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <xsl:template name="httpd_state">
- <!--
- TEMPLATE - httpd_state
-
- This template is used to create an individual <httpd_state> element. This
- element outlines a specific piece of information to evaluate an object
- against. For our use here, we will be evaulating the version of HTTPD.
- The id associated with the state is determined by using the version (without
- the periods) of httpd being tested for. This will work as long as we only
- have version tests.
- -->
- <xsl:variable name="state_id">oval:org.apache.httpd:ste:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
- <!--
- Create a comment for the state.
- -->
- <xsl:variable name="state_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
- <!--
- Print out the actual state element.
- -->
- <xsl:element name="httpd_state" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
- <xsl:attribute name="id"><xsl:value-of select="$state_id"/></xsl:attribute>
- <xsl:attribute name="version">1</xsl:attribute>
- <xsl:attribute name="comment"><xsl:value-of select="$state_comment"/></xsl:attribute>
- <version datatype="version" operation="equals" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
- <xsl:value-of select="@version"/>
- </version>
- </xsl:element>
- </xsl:template>
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
- <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
-</xsl:stylesheet>
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Transform vulnerabilities-httpd.xml into OVAL -->
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" version="2.0">
+ <xsl:output method="text"/>
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" name="xml"/>
+ <!--
+ The following keys are used when generating a unique list of values to loop over.
+ -->
+ <xsl:key name="cveids" match="/security/issue/cve" use="@name"/>
+ <xsl:key name="httpd_versions" match="/security/issue/affects[@prod = 'httpd'] | /security/issue/maybeaffects[@prod = 'httpd']" use="@version"/>
+ <!--
+ The directory where the output files should be written. Make sure a trailing
+ slash is present.
+ -->
+ <xsl:variable name="output_directory">./oval/</xsl:variable>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template match="/">
+ <xsl:call-template name="print_combined_file"/>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="print_combined_file">
+ <!--
+ TEMPLATE - print_combined_file
+
+ This template is used to create a combined xml file that has all the OVAL
+ definitions in a single document. Tests, objects, and states are reused
+ whenever possible.
+ -->
+ <xsl:variable name="filename" select="'httpd-oval-combined.xml'"/>
+ <!-- <xsl:result-document href="{$output_directory}{$filename}" format="xml">-->
+ <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:apache-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#apache apache-definitions-schema.xsd">
+ <generator>
+ <oval:schema_version>5.1</oval:schema_version>
+ <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
+ </generator>
+ <definitions>
+ <!--
+ For each unique CVE id, create a new OVAL definition. This
+ definition might span a couple of different issues, and this
+ will be reflected in the criteria.
+ -->
+ <xsl:for-each select="//cve[generate-id() = generate-id(key('cveids',@name)[1])]">
+ <xsl:call-template name="httpd_definition">
+ <xsl:with-param name="cveid" select="@name"/>
+ </xsl:call-template>
+ </xsl:for-each>
+ </definitions>
+ <tests>
+ <!--
+ For each <affects> or <maybeaffects> element found across every
+ <issue> in the source document, generate an OVAL test to represent
+ it. These tests are used by the definitions created above.
+ -->
+ <xsl:for-each select="//affects[generate-id() = generate-id(key('httpd_versions',@version)[1])] | //maybeaffects[generate-id() = generate-id(key('httpd_versions',@version)[1])] ">
+ <xsl:call-template name="httpd_test"/>
+ </xsl:for-each>
+ </tests>
+ <objects>
+ <!--
+ The httpd test in OVAL always references the same object that
+ represents the collection of all httpd binaries on the system.
+ This object is used by each of the tests created above.
+ -->
+ <xsl:call-template name="httpd_object"/>
+ </objects>
+ <states>
+ <!--
+ For each <affects> or <maybeaffects> element found across every
+ <issue> in the source document, generate an OVAL state to
+ represent the version comparision. These states are used by the
+ tests created above.
+ -->
+ <xsl:for-each select="//affects[generate-id() = generate-id(key('httpd_versions',@version)[1])] | //maybeaffects[generate-id() = generate-id(key('httpd_versions',@version)[1])] ">
+ <xsl:call-template name="httpd_state"/>
+ </xsl:for-each>
+ </states>
+ </oval_definitions>
+ <!-- </xsl:result-document>-->
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="print_individual_files">
+ <!--
+ TEMPLATE - print_individual_files
+
+ This template is used to create an individual xml file for each OVAL
+ definitions. A separate definition is created for each unique instance of
+ a CVE id. The opening <for-each> loop is used to cycle over all the unique
+ CVE ids found in the sorce document.
+ -->
+ <xsl:for-each select="//cve[generate-id() = generate-id(key('cveids',@name)[1])]">
+ <xsl:variable name="cveid" select="@name"/>
+ <!--
+ For each CVE id, create a new OVAL Definition file. The filename in this
+ case is generated from numbers of the CVE id. Since there is only one
+ definition per CVE, we can be confident that this is unique.
+ -->
+ <xsl:variable name="filename" select="concat(substring($cveid,5,4),substring($cveid,10),'.xml')"/>
+ <xsl:result-document href="{$output_directory}{$filename}" format="xml">
+ <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:apache-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#apache apache-definitions-schema.xsd">
+ <generator>
+ <oval:schema_version>5.1</oval:schema_version>
+ <oval:timestamp>2005-10-12T18:13:45</oval:timestamp>
+ </generator>
+ <definitions>
+ <!--
+ Call the definition template for the current CVE id.
+ -->
+ <xsl:call-template name="httpd_definition">
+ <xsl:with-param name="cveid" select="$cveid"/>
+ </xsl:call-template>
+ </definitions>
+ <tests>
+ <!--
+ A test needs to be produced for each unique <affects> and
+ <maybeaffects> element found in the issues related to this
+ specific CVE id.
+ -->
+ <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
+ <xsl:for-each select="./affects | ./maybeaffects">
+ <!--
+ TODO: If there is an <affects> or <maybeaffects> with
+ an OS attribute, then we need to print the test for that
+ OS. We will also have to print the associated object
+ and state.
+ -->
+ <xsl:call-template name="httpd_test"/>
+ </xsl:for-each>
+ </xsl:for-each>
+ </tests>
+ <objects>
+ <!--
+ The httpd test in OVAL always references the same object that
+ represents the collection of all httpd binaries on the system.
+ This object is used by each of the tests created above.
+ -->
+ <xsl:call-template name="httpd_object"/>
+ </objects>
+ <states>
+ <!--
+ For each <affects> or <maybeaffects> element found across every
+ <issue> related to the specified CVE, generate an OVAL state to
+ represent the version comparision. These states are used by the
+ tests created above.
+ -->
+ <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
+ <xsl:for-each select="./affects | ./maybeaffects">
+ <xsl:call-template name="httpd_state"/>
+ </xsl:for-each>
+ </xsl:for-each>
+ </states>
+ </oval_definitions>
+ </xsl:result-document>
+ </xsl:for-each>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="httpd_definition">
+ <xsl:param name="cveid"/>
+ <!--
+ TEMPLATE - httpd_definition
+
+ This template is used to create an actual OVAL Definition. The id for this
+ definition is built from the numbers found in the cve name. Since we are
+ creating a single OVAL Definition per CVE, we can be confident that this
+ value is unique. It is also repeatable since the CVE id won't change.
+ -->
+ <xsl:variable name="definition_id">oval:org.apache.httpd:def:<xsl:value-of select="substring($cveid,5,4)"/><xsl:value-of select="substring($cveid,10)"/></xsl:variable>
+ <!--
+ Print out the actual definition element.
+ -->
+ <xsl:element name="definition" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+ <xsl:attribute name="id"><xsl:value-of select="$definition_id"/></xsl:attribute>
+ <xsl:attribute name="version">1</xsl:attribute>
+ <xsl:attribute name="class">vulnerability</xsl:attribute>
+ <!--
+ Add the required metadata to the OVAL Definition. This information is
+ required by the OVAL XML schema.
+ -->
+ <metadata>
+ <title><xsl:value-of select="../title"/></title>
+ <xsl:element name="reference">
+ <xsl:attribute name="source">CVE</xsl:attribute>
+ <xsl:attribute name="ref_id"><xsl:value-of select="$cveid"/></xsl:attribute>
+ <xsl:attribute name="ref_url">http://cve.mitre.org/cgi-bin/cvename.cgi?name=<xsl:value-of select="$cveid"/></xsl:attribute>
+ </xsl:element>
+ <description><xsl:value-of select="../description/p"/></description>
+ <!--
+ The <apache_httpd_repository> piece of metadata is not required by
+ the OVAL schema but is valid due the <xsd:any> tag found in the
+ schema. This section is a place to put information specifice to
+ apache httpd vulnerability report.
+ -->
+ <apache_httpd_repository>
+ <public><xsl:value-of select="../@public"/></public>
+ <reported><xsl:value-of select="../@reported"/></reported>
+ <released><xsl:value-of select="../@released"/></released>
+ <!--
+ If a <severity> element exists for this issue in the source XML
+ document, then create a similar <severity> element in the
+ definition metadata.
+ -->
+ <xsl:if test="../severity">
+ <xsl:element name="severity">
+ <xsl:attribute name="level"><xsl:value-of select="../severity/@level"/></xsl:attribute>
+ <xsl:value-of select="../severity"/>
+ </xsl:element>
+ </xsl:if>
+ <!--
+ If a <flaw> element exists for this issue in the source XML
+ document, then create a similar <flaw> element in the
+ definition metadata.
+ -->
+ <xsl:if test="../flaw">
+ <xsl:element name="flaw">
+ <xsl:attribute name="type"><xsl:value-of select="../flaw/@type"/></xsl:attribute>
+ </xsl:element>
+ </xsl:if>
+ </apache_httpd_repository>
+ </metadata>
+ <!--
+ Add the criteria to the OVAL Definition. This consists of all the
+ individual tests required by the different <issue> elements found in
+ the source xml document related to the specified CVE. The first step
+ is to loop over each <issue> and print out a child <criteria> element
+ that will group together the tests related to the <issue>. The second
+ step is to loop over each <affects> or <maybeaffects> element and print
+ out a corresponding <criterion> by calling the httpd_criteriontemplate.
+ -->
+ <criteria operator="OR">
+ <xsl:for-each select="/security/issue[./cve/@name = $cveid]">
+ <criteria operator="OR">
+ <xsl:for-each select="./affects | ./maybeaffects">
+ <!--
+ TODO: If there are <affects> or <maybeaffects> with an OS
+ attribute, then we need to add a <criteria> element that
+ ANDs an OS test with the ORd list of affected versions.
+ -->
+ <xsl:call-template name="httpd_criterion"/>
+ </xsl:for-each>
+ </criteria>
+ </xsl:for-each>
+ </criteria>
+ </xsl:element>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="httpd_criterion">
+ <!--
+ TEMPLATE - httpd_criterion
+
+ This template is used to create an individual <criterion> element. This
+ element provides the link between a definition and a test. Each <criterion>
+ references a test via the test id, which is determined by using the version
+ (without the periods) of httpd being tested. This will work as long as we
+ only have version tests.
+ -->
+ <xsl:variable name="test_id">oval:org.apache.httpd:tst:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
+ <!--
+ Create a comment for the test.
+ -->
+ <xsl:variable name="test_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
+ <!--
+ Create the actual criterion element
+ -->
+ <xsl:element name="criterion" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+ <xsl:attribute name="test_ref"><xsl:value-of select="$test_id"/></xsl:attribute>
+ <xsl:attribute name="comment"><xsl:value-of select="$test_comment"/></xsl:attribute>
+ </xsl:element>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="httpd_test">
+ <!--
+ TEMPLATE - httpd_test
+
+ This template is used to create an individual <httpd_test>. This element
+ binds an OVAL Object and an OVAL State with a check attribute. The test id
+ is determined by using the version (without the periods) of httpd being
+ tested for. This will work as long as we only have version tests.
+ -->
+ <xsl:variable name="test_id">oval:org.apache.httpd:tst:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
+ <!--
+ Create a comment for the test.
+ -->
+ <xsl:variable name="test_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
+ <!--
+ Create a unique state id. Attempting to use the version (without the periods)
+ of httpd being tested for. This will work as long as we only have version
+ tests. Note that we don't need to create an object id since every test
+ references the same object, meaning the object and its id can be hard coded
+ into this script.
+ -->
+ <xsl:variable name="state_id">oval:org.apache.httpd:ste:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
+ <!--
+ Print out the actual test element.
+ -->
+ <xsl:element name="httpd_test" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
+ <xsl:attribute name="id"><xsl:value-of select="$test_id"/></xsl:attribute>
+ <xsl:attribute name="version">1</xsl:attribute>
+ <xsl:attribute name="comment"><xsl:value-of select="$test_comment"/></xsl:attribute>
+ <xsl:attribute name="check">at least one</xsl:attribute>
+ <!--
+ Add the <object> and <state> elements to this test.
+ -->
+ <object object_ref="oval:org.apache.httpd:obj:1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache"/>
+ <xsl:element name="state" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
+ <xsl:attribute name="state_ref"><xsl:value-of select="$state_id"/></xsl:attribute>
+ </xsl:element>
+ </xsl:element>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="httpd_object">
+ <!--
+ TEMPLATE - httpd_object
+
+ This template is used to create an <httpd_object>. Note that every
+ <httpd_test> uses the same <httpd_object> so this template simply prints out
+ that object and does not have to loop over any elements of the source xml
+ file.
+ -->
+ <httpd_object id="oval:org.apache.httpd:obj:1" version="1" comment="the collection apache httpd binaries" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
+ <notes xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+ <note>This is the single httpd object required by an apache httpd test and represents the collection of all httpd binaries on the system.</note>
+ </notes>
+ </httpd_object>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <xsl:template name="httpd_state">
+ <!--
+ TEMPLATE - httpd_state
+
+ This template is used to create an individual <httpd_state> element. This
+ element outlines a specific piece of information to evaluate an object
+ against. For our use here, we will be evaulating the version of HTTPD.
+ The id associated with the state is determined by using the version (without
+ the periods) of httpd being tested for. This will work as long as we only
+ have version tests.
+ -->
+ <xsl:variable name="state_id">oval:org.apache.httpd:ste:<xsl:value-of select="substring-before(@version,'.')"/><xsl:value-of select="substring-before(substring-after(@version,'.'),'.')"/><xsl:value-of select="substring-after(substring-after(@version,'.'),'.')"/></xsl:variable>
+ <!--
+ Create a comment for the state.
+ -->
+ <xsl:variable name="state_comment">the version of <xsl:value-of select="@prod"/> is <xsl:value-of select="@version"/></xsl:variable>
+ <!--
+ Print out the actual state element.
+ -->
+ <xsl:element name="httpd_state" namespace="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
+ <xsl:attribute name="id"><xsl:value-of select="$state_id"/></xsl:attribute>
+ <xsl:attribute name="version">1</xsl:attribute>
+ <xsl:attribute name="comment"><xsl:value-of select="$state_comment"/></xsl:attribute>
+ <version datatype="version" operation="equals" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#apache">
+ <xsl:value-of select="@version"/>
+ </version>
+ </xsl:element>
+ </xsl:template>
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+ <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -->
+</xsl:stylesheet>
Propchange: httpd/site/trunk/xdocs/stylesheets/httpd-oval.xsl
------------------------------------------------------------------------------
svn:eol-style = native