-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Red Hat Oval v2 vulnerability plugin #1024
Merged
Merged
Commits on Aug 3, 2020
-
Vulnsrc: return flag map instead of single value
Updates can return only one value using FlagKey and FlagValue. This is limited in some cases when updaters want to store more than one value. This commit enables to return map with more than one key + value. Signed-off-by: Ales Raszka <araszka@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for f6a76ed - Browse repository at this point
Copy the full SHA f6a76edView commit details -
Clair use public oval v2 data (quay#21)
* CLAIR-262: add oval v2 class for parsing oval manifest, tests * removed unused import * CLAIR-263: updated oval v2 class to check oval manifest for only new advisories, added tests * CLAIR-263: updated struct names, cleanup in oval v2 class for checking oval manifest for new advisories, added comments, additional tests * CLAIR-264: added parse utilities for cpe names and rpm names, tests * CLAIR-264: added module namespace parsing, tests, cleanup * CLAIR-269: added package filtering by arch, tests * WIP: refactored oval2 plugin and tests, based on changes required for rpm parsing and efficient ordering of assessments for whether a given advisory is already processed * WIP: additional refactor for oval2 plugin and tests, fix nvra parsing and db lookups for already-processed, refactored manifest entry processing to iterate processing by document instead of all at once * fix refactor issue: restore rewire for vuln namespace * fix refactor issue: add check for empty lookup date, update test to cover that case * WIP: refactor, cleanup, and fixes related to most recent PR review notes * WIP: additional refactor/cleanup from PR review * ensure redhat package is enabled by default for make deploy-local * updated logging for redhat package * cleanup comments, clarify logging in redhat package * updated logging in redhat package, cleanup, moved db key/val date write to post-gather loop, fixed struct xml attribute ref * added check to prevent advisories with severity "none" from being stored to database, updated tests * cleanup: removed trailing whitespace * use all cpe entries from affected_cpe_list (previously was intentionally excluding the first entry) * updated supported arch check to support pattern-based arch lists * removed no longer used function (ParseCpeStructFromAffectedCpeList) * removed no longer used function (ParseCpeName) * cleanup - removed redundant variable usage in GatherUnprocessedAdvisories * cleanup - removed redundant second parse for already-parsed package list * updated feature creation for module namespaces, to create a feature for each namespace * removed no longer used function (ConstructVulnerabilityNames) * removed no longer used function (IsRmpArchSupported) * updated supported arch check to use regexp matcher * refactored updater to use map of flags instead of just one flag (FlagName+FlagValue) - redhat package uses ovalv2, needs multiple flags to update multiple key/value processing status markers - updated existing vulnsrc impls to use the flag map * cleanup - removed no longer used functions, related tests * updated dependencies in go.sum to point to public repo * add separate flag for last advisory date * added support for checking definition class, test; only process patch definitions * removed redundant entries from supported definition types * cleanup, add check for non-empty parsed nvra data * cleanup, lint-related formatting/comments * fixed errors in go.mod, go.sum from rebase conflicts Signed-off-by: Ales Raszka <araszka@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for d284fd4 - Browse repository at this point
Copy the full SHA d284fd4View commit details -
CWF-129 (fixed rebase quay#2) related to changes for updating integra…
…tion tests (quay#23) * CLOUDWF-160: externalize base url for oval v2 data, to support fake api provider in integration tests * cwf129: add check to skip duplicate packages, corresponding test, additional logging * cwf129: additional checks to skip duplicate vulnerability data (filter out duplicate vuln data which appears across multiple oval docs), updated logging levels * cwf129: additional checks to skip duplicate vulnerability data (filter out duplicate vuln data which appears across multiple oval docs), organized logging into logical groups, added tests * cwf129: cleanup (formatting) * cwf129: updated check for relevant criteria to include module criteria, removed unnecessary len() check from cpe name parsing * cwf129: updated cpe parse to exclude empty names, added test, test data * cwf129: cleanup (formatting) * cwf129: cleanup - removed plugin-local log level assignment * cwf129: updated dup vulnerability identification strategy to ensure any non-duplicate features of same-named vulnerabilities are merged rather than skipped, added tests * CWF-129: fixed scoping for vulnerabilities accumulator so that vulns and packages are properly assessed across advisories, added test case and test data * CWF-129: refactored vulnerabilities accumulator and features merge strategy to avoid using global variables, updated tests Signed-off-by: Ales Raszka <araszka@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for dad9dbc - Browse repository at this point
Copy the full SHA dad9dbcView commit details -
Remove old rhel oval v1 scanner
Rhel vulnerability scanner was replaced by Red Hat's oval v2 scanner. Oval 2 covers Red Hat's portfolio including RHEL. The commit also fixes bugs in ubuntu scanner. Signed-off-by: Ales Raszka <araszka@redhat.com>
Configuration menu - View commit details
-
Copy full SHA for 5b4b38e - Browse repository at this point
Copy the full SHA 5b4b38eView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.