Hello folks, The command oscap cve find <CVE-id> <NVD-XML-file>, fails to get CVE details from NVD XML (schema version 2.0) files for CVEs that have assessment_check and scanner details.
Examples: #oscap cve find CVE-2011-0013 nvdcve-2.0-2011.xml OpenSCAP Error: Unknown XML element in CVE entry: assessment_check [cve_priv.c:569] #oscap cve find CVE-2002-0012 nvdcve-2.0-2002.xml OpenSCAP Error: Unknown XML element in CVE entry: scanner [cve_priv.c:569] The assessment_check and scanner details for CVEs are provided in NVD XML files 2002-2013, these are not present in the NVD XML files for the year 2014 onwards. Note: The NVD XML file for the year 2002 contains details of CVEs from 1999 to 2002. So CVE lookup of all CVEs from 1999-2013 is affected by this issue. The NVD XML (schema 2.0) files are from the following location:https://nvd.nist.gov/download.cfm#CVE_FEED The assessment_check and scanner sections for a CVE entry contain the OVAL definition id and link to the id in mitre.org, sample XML content from a CVE entry is provided below that illustrates the usage of these elements. <vuln:assessment_check system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12878"; name="oval:org.mitre.oval:def:12878"/> <vuln:scanner> <vuln:definition system="http://oval.mitre.org/XMLSchema/oval-definitions-5"; href="http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12878"; name="oval:org.mitre.oval:def:12878"/> </vuln:scanner> This issue was found after building from the source (oscap version 1.2.11). I've filed a new issue for this in github: https://github.com/OpenSCAP/openscap/issues/550, and I would like to provide the fix for this issue. One of the alternatives to fix this issue is to read these XML tags (assessment_check and scanner) in cve_entry_parse() (cve_priv.c), and skip the rest of the attributes of the section, till the next XML tag is reached. Alternately, we can read and save the attributes like name and href in a new structure, and a list of such structures would be linked in the cve_entry struct. This would require a new struct that saves the name and href, and a new field (list) to be introduced in cve_entry. But since the recent NVD XML files from year 2014 onwards, do not have assessment_check and scanner details in the CVE entry, adding a new field may not be useful. Please send your comments on this issue, and regarding the fix - whether saving the attributes of the assessment_check and scanner sections would be useful or it can be skipped. Regards, Vinay
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
