From 3454e1223b9f86a1299082a1b95e35cec1011426 Mon Sep 17 00:00:00 2001
From: David du Colombier <djc@datadoghq.com>
Date: Fri, 19 Apr 2019 07:55:52 +0200
Subject: [PATCH] Add cpe definitions and oval checks for AMZN2

This changes applies 0001-Add-cpe-definitions-and-oval-checks-for-AMZN2.patch.

This patch was extracted from the following package,
distributed as part of Amazon Linux 2:

scap-security-guide-0.1.40-12.amzn2.0.1.1.src.rpm
---
 shared/applicability/amzn2.yml                |  3 ++
 shared/checks/oval/installed_OS_is_amzn2.xml  | 33 +++++++++++++++++++
 .../applicability/derivatives.yml             |  4 +++
 3 files changed, 40 insertions(+)
 create mode 100644 shared/applicability/amzn2.yml
 create mode 100644 shared/checks/oval/installed_OS_is_amzn2.xml

diff --git a/shared/applicability/amzn2.yml b/shared/applicability/amzn2.yml
new file mode 100644
index 00000000000..22fef22e1f2
--- /dev/null
+++ b/shared/applicability/amzn2.yml
@@ -0,0 +1,3 @@
+name: cpe:/o:amazon:amazon_linux:2
+title: Amazon Linux 2
+check_id: installed_OS_is_amzn2
diff --git a/shared/checks/oval/installed_OS_is_amzn2.xml b/shared/checks/oval/installed_OS_is_amzn2.xml
new file mode 100644
index 00000000000..11984ce7b1c
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_amzn2.xml
@@ -0,0 +1,33 @@
+<def-group>
+  <definition class="inventory"
+  id="installed_OS_is_amzn2" version="2">
+    <metadata>
+      <title>Amazon Linux 2</title>
+      <affected family="unix">
+        <platform>multi_platform_all</platform>
+      </affected>
+      <reference ref_id="cpe:/o:amazon:amazon_linux:2"
+      source="CPE" />
+      <description>The operating system installed on the system is
+      Amazon Linux 2</description>
+    </metadata>
+    <criteria operator="AND">
+      <extend_definition comment="Installed OS is part of the Unix family"
+      definition_ref="installed_OS_is_part_of_Unix_family" />
+      <criterion comment="Amazon Linux 2 is installed"
+      test_ref="test_amzn2" />
+    </criteria>
+  </definition>
+
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="system-release is version 2" id="test_amzn2" version="1">
+    <linux:object object_ref="obj_amzn2" />
+    <linux:state state_ref="state_amzn2" />
+  </linux:rpminfo_test>
+  <linux:rpminfo_state id="state_amzn2" version="1">
+    <linux:version operation="pattern match">^2</linux:version>
+  </linux:rpminfo_state>
+  <linux:rpminfo_object id="obj_amzn2" version="1">
+    <linux:name>system-release</linux:name>
+  </linux:rpminfo_object>
+
+</def-group>
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml b/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml
index e980f9c1c5c..88686fdbeb1 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/applicability/derivatives.yml
@@ -15,3 +15,7 @@ cpes:
       title: "Scientific Linux 7"
       check_id: installed_OS_is_sl7
 
+  - amzn2:
+      name: "cpe:/o:amazon:amazon_linux:2"
+      title: "Amazon Linux 2"
+      check_id: installed_OS_is_amzn2