A few adjustments to the new Vulnerability findings class

[floydtree]

Related Issue: #684

Description of changes:

1. Adding fixed_in_version, kb_articles (attribute only) and standards to dictionary
2. Replacing kb_articles with references in remediation object
3. Adding kb_articles and remediation in vulnerability object
4. Adding fixed_in_version, path, remediation in affected_package object
5. Removing remediation from the base vulnerability finding class, (each vulnerability has it's own contextual remediation)

[awhite456]

lgtm

[jasonbreimer]

It looks like this change leaves the new kb_article object orphaned? I see the attribute kb_articles used in the remediation object. But I don't see the kb_article object is related to the vulnerability/cve?

[floydtree]

It looks like this change leaves the new kb_article object orphaned? I see the attribute kb_articles used in the remediation object. But I don't see the kb_article object is related to the vulnerability/cve?

@jasonbreimer The original kb_articles field was a simple string array, it was replaced with references in the remediation object.

The new kb_articles object is now used in the vulnerability object. Each vulnerability object in the vulnerabilities array, will have kb_articles(an array of the new kb_article object).

Hopefully this clarifies, but let me know if you have any questions

[jcburgo]

I wonder about the standards object. It is meant for a compliance finding, which probably should be a separate class (not part of the vulnerability finding class).

[floydtree]

I wonder about the standards object. It is meant for a compliance finding, which probably should be a separate class (not part of the vulnerability finding class).

Yep that's correct, it's not a part of this class. Just added it to the dictionary to be used in the upcoming compliance findings class