# ct-oval **Repository Path**: openeuler/ct-oval ## Basic Information - **Project Name**: ct-oval - **Description**: 本项目已经迁移至 AtomGit || This project has been migrated to AtomGit || Linked: https://atomgit.com/openeuler/ct-oval - **Primary Language**: Unknown - **License**: MulanPSL-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 79 - **Forks**: 8 - **Created**: 2024-09-24 - **Last Updated**: 2025-12-25 ## Categories & Tags **Categories**: Uncategorized **Tags**: sig-security-facility ## README # Notice: This project has been migrated to [AtomGit](https://atomgit.com/openeuler/ct-oval) # 通知: 本项目已经正式迁移至 [AtomGit](https://atomgit.com/openeuler/ct-oval) 平台 # Summary This tool is used to parse data from json file/restful api/socket, and save into DB (sqlite/postgres/mysql).
Then generate xml file according to DB, with filter options.
The output xml file can be used as openscap source file. Check systems whether have vulnerabilities.
# Contributors Leon Wang
bai-muqing61
Yong Qin
Copyright 2024 Chinatelecom CTyun Ltd.
# Base commands & Global flags Usage:
ct-oval [flags]
ct-oval [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
genxml generate xml file with given options
help Help about any command
parsedir parse security notice from dirs
parsejson parse security notice from json files
parseurl parse security notice from Restful URL API
version print the version number
Global Flags:
-d, --debug Enable debug messages
--from string include elements revised on or after this day (format: YYYY-MM-DD, for openeuler default is 2023)
-h, --help help for ct_oval
--product string generate oval for a single product (eg: ctyunos-2.0.1 ctyunos-23.01 all. default is "", means no filter for product)
--to string include elements revised on or before this day (format: YYYY-MM-DD, for openeuler default is 2025)
# ct-oval parse parse security notice from json files
Usage:
ct-oval parse ... [flags]
# ct-oval parsedir parse security notice from dirs
Usage:
ct-oval parsedir ... [flags]
# ct-oval parseurl parse security notice from pre-configured ct-admin restful url API
Usage:
ct-oval parseurl [--from|--to|--product|--type|--keyword] [flags]
subcommand options description:
--keyword string only match CVEs contains this keyword (eg: openssl)
--type int only match CVEs of this type (1-low 2-meduim 3-high 4-critical)
# ct-oval genxml generate xml file with given options
Usage:
ct-oval genxml [--from|--to|--product|--output] [flags]
subcommand options description:
--output string the name of output xml file (default "oval_ouput.xml")
# ct-oval completion Generate the autocompletion script for ct-oval for the specified shell.
Usage:
ct-oval completion [command]
Available Commands: bash Generate the autocompletion script for bash
fish Generate the autocompletion script for fish
powershell Generate the autocompletion script for powershell
zsh Generate the autocompletion script for zsh
# Different new OS adapt ``` clone and change config_.yaml, copy it to config.yaml change pkg/securitynotice/JsonData.go, add ParseUrl function and update ParseRestfulUrl function add additonal 'transform' in pkg/securitynotice/AdvisoryParser.go when has different advisory format ``` # Unit tests To make sure tests passed, you need to delete sqlite.db before running unit tests in source directory $ go test ./...
? ct-oval_tool [no test files]
? ct-oval_tool/cmd/flag [no test files]
? ct-oval_tool/pkg/ent [no test files]
? ct-oval_tool/pkg/ent/cveref [no test files]
? ct-oval_tool/pkg/ent/enttest [no test files]
? ct-oval_tool/pkg/ent/hook [no test files]
? ct-oval_tool/pkg/ent/state [no test files]
? ct-oval_tool/pkg/ent/test [no test files]
? ct-oval_tool/pkg/ent/oval [no test files]
? ct-oval_tool/pkg/ent/predicate [no test files]
? ct-oval_tool/pkg/ent/runtime [no test files]
? ct-oval_tool/pkg/ent/schema [no test files]
? ct-oval_tool/pkg/ent/migrate [no test files]
? ct-oval_tool/pkg/ent/object [no test files]
ok ct-oval_tool/cmd 0.780s
ok ct-oval_tool/pkg/logger (cached)
? ct-oval_tool/pkg/ovalxml/ovaldefinitions [no test files]
ok ct-oval_tool/pkg/ovalxml 0.143s
ok ct-oval_tool/pkg/ovalxml/common (cached)
ok ct-oval_tool/pkg/ovalxml/defintions (cached)
ok ct-oval_tool/pkg/ovalxml/generator (cached)
ok ct-oval_tool/pkg/ovalxml/objects (cached)
ok ct-oval_tool/pkg/ovalxml/states (cached)
ok ct-oval_tool/pkg/ovalxml/tests (cached)
ok ct-oval_tool/pkg/securitynotice 0.958s
PS. Some dirs don't have functions, so they don't have test. It is not a problem. # Test example $ go run main.go genxml --from 2024-01-23
INFO[2024-04-17T20:53:29+08:00] OVAL oval_ouput.xml generated successfully.
go run main.go parseurl --from 2024-01-23 --type 2
INFO[2024-04-17T20:55:06+08:00] 4 CVEs are prceeded successfully.
$ go run main.go parseurl --from 2023-01-23 --to 2024-01-23 --type 2 --keyword=mysql
INFO[2024-04-17T20:55:35+08:00] 2 CVEs are prceeded successfully.
$ go run main.go parsedir example INFO[2024-04-17T20:56:33+08:00] oval:cn.ctyun.ctyunos:def:20210207 file is prceeded
INFO[2024-04-17T20:56:33+08:00] oval:cn.ctyun.ctyunos:def:20210208 file is prceeded
$ go run main.go parsejson example/security_notice1.json
INFO[2024-04-17T20:57:10+08:00] oval:cn.ctyun.ctyunos:def:20210207 file is prceeded
## New tests for openeuler csaf advisory $ ./ct_oval_tool parseurl --from 2025 --to 2025
$ ./ct_oval_tool genxml # Integration tests - Test with openscap (check xml format, check if any package not updated) `oscap oval eval --report vulnerability.html oval_ouput.xml` Passed # Future plan Integration with ct-admin: parse from grpc API, use postgres DB, publish xml files into web