implement change request + RHEL8 support

Author: DominiqueDevinci

utils/oscap-docker.in

@@ -1,7 +1,7 @@
 #!@OSCAP_DOCKER_PYTHON@
 
 # Copyright (C) 2015 Brent Baude <[email protected]>
-# Copyright (C) 2019 Dominique Blaze <[email protected]>
+# Copyright (C) 2019 Dominique Blaze <[email protected]>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -108,7 +108,6 @@ if __name__ == '__main__':
             if args.action == "scan":
                 rc = OscapDockerScan.scan(ODS, leftover_args)
             elif args.action == "scan_cve":
-                print("Scan cve !")
                 rc = OscapDockerScan.scan_cve(ODS, leftover_args)
             else:
                 parser.print_help()
@@ -122,7 +121,7 @@ if __name__ == '__main__':
         sys.exit(255)
     except Exception as exc:
         traceback.print_exc(file=sys.stdout)
-        sys.stderr.write("!!! WARNING !!! This software have crash, so you should "
+        sys.stderr.write("!!! WARNING !!! This software have crashed, so you should "
         "check that no temporary container is still running\n")
         sys.exit(255)
 

utils/oscap_docker_python/oscap_docker_util.py

@@ -81,14 +81,6 @@ def __init__(self, message):
 except AtomicError as err:
     sys.stderr.write(err.message)
 
-''' print state of atomic import '''
-if atomic_loaded:
-    print("Atomic seems well installed and ready for use")
-else:
-    print("Cannot load Atomic, native docker api will be used instead"
-          " (requires root privileges)")
-
-
 def isAtomicLoaded():
     return atomic_loaded
 
@@ -104,7 +96,7 @@ class OscapError(Exception):
 class OscapHelpers(object):
     ''' oscap class full of helpers for scanning '''
     CPE = 'oval:org.open-scap.cpe.rhel:def:'
-    DISTS = ["7", "6", "5"]
+    DISTS = ["8", "7", "6", "5"]
 
     def __init__(self, cve_input_dir, oscap_binary):
         self.cve_input_dir = cve_input_dir
@@ -134,7 +126,10 @@ def _get_dist(self, chroot, target):
         '''
         cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml'
         if not os.path.exists(cpe_dict):
-            raise OscapError()
+            cpe_dict = '/usr/local/share/openscap/cpe/openscap-cpe-oval.xml'
+            if not os.path.exists(cpe_dict):
+                raise OscapError()
+                
         for dist in self.DISTS:
             result = self.oscap_chroot(chroot, target, 'oval', 'eval',
                                        '--id', self.CPE + dist, cpe_dict,

utils/oscap_docker_python/oscap_docker_util_noatomic.py

@@ -40,7 +40,7 @@ class OscapError(Exception):
 
 class OscapDockerScan(object):
     CPE_RHEL = 'oval:org.open-scap.cpe.rhel:def:'
-    DISTS = ["7", "6", "5"]
+    DISTS = ["8", "7", "6", "5"]
 
     def __init__(self, target, is_image=False, oscap_binary='oscap'):
 
@@ -174,7 +174,10 @@ def _get_dist(self):
         '''
         cpe_dict = '/usr/share/openscap/cpe/openscap-cpe-oval.xml'
         if not os.path.exists(cpe_dict):
-            raise OscapError()
+            cpe_dict = '/usr/local/share/openscap/cpe/openscap-cpe-oval.xml'
+            if not os.path.exists(cpe_dict):
+                raise OscapError()
+                
         for dist in self.DISTS:
             result = self.oscap_chroot(
                 self.mountpoint, self.oscap_binary,