wm_vuln_detector.c

/*
 * Wazuh Module to analyze system vulnerabilities
 * Copyright (C) 2015, Wazuh Inc.
 * January 4, 2018.
 *
 * This program is free software; you can redistribute it
 * and/or modify it under the terms of the GNU General Public
 * License (version 2) as published by the FSF - Free Software
 * Foundation.
 */

#include "cJSON.h"
#include "defs.h"
#include "os_err.h"
#include "wazuhdb_op.h"

#ifndef WIN32

#include "../wmodules.h"
#include "wm_vuln_detector_db.h"
#include "wm_vuln_detector_evr.h"
#include "addagent/manage_agents.h"
#include "wazuh_db/helpers/wdb_global_helpers.h"
#include "wazuh_db/helpers/wdb_agents_helpers.h"
#include <netinet/tcp.h>
#include <openssl/ssl.h>
#include <os_net/os_net.h>

#ifdef WAZUH_UNIT_TESTING
// Remove STATIC qualifier from tests
#define STATIC
#else
#define STATIC static
#endif

#if defined(__MACH__) || defined(__FreeBSD__) || defined(__OpenBSD__)
#define SOL_TCP     6
#endif

STATIC void *wm_vuldet_main(wm_vuldet_t * vuldet);
STATIC void wm_vuldet_destroy(wm_vuldet_t * vuldet);
STATIC int wm_vuldet_run_update(update_node **updates);
STATIC char *wm_vuldet_oval_xml_preparser(char *path, vu_feed dist);
STATIC int wm_vuldet_index_feed(update_node *update);
STATIC int wm_vuldet_fetch_feed(update_node *update, int8_t *need_update);

/**
 * @brief Traverse the list of CVEs within the RHSA, and insert
 * each one of them into the global linked list of vulnerabilities.
 * @param vul_it Vulnerability to analise.
 *
 */
STATIC void wm_vuldet_oval_traverse_rhsa(vulnerability *vul_it);

/**
 * @brief Append a new CVE to the RHSA list of a given vulnerability.
 * @param vul_it Vulnerability to analise.
 * @param cve New CVE.
 *
 */
STATIC void wm_vuldet_oval_append_rhsa(vulnerability *vul_it, char *cve);

/**
 * @brief Copy all the items within the RHSA into a new vulnerability's RHSA list.
 * @param old Old Vulnerability being analised.
 * @param new New Vulnerability being analised.
 *
 */
STATIC void wm_vuldet_oval_copy_rhsa(vulnerability *old, vulnerability *new);

STATIC int wm_vuldet_oval_xml_parser(OS_XML *xml, XML_NODE node, wm_vuldet_db *parsed_oval, update_node *update, vu_logic condition);
STATIC int wm_vuldet_json_parser(char *json_path, wm_vuldet_db *uparsed_vulnerabilities, update_node *update);

/**
 * @brief Add a new vulnerability to the linked list.
 * @param ctrl_block Parsed oval data strucure.
 *
 */
STATIC void wm_vuldet_add_oval_vulnerability(wm_vuldet_db *ctrl_block);
STATIC void wm_vuldet_add_vulnerability_info(wm_vuldet_db *ctrl_block);

/**
 * @brief Clean the CVEs linked list data structure.
 * @param ctrl_block Parsed oval data strucure.
 *
 */
STATIC void wm_vuldet_clean_vulnerability_info(wm_vuldet_db *ctrl_block);

STATIC references *wm_vuldet_extract_advisories(cJSON *advisories);
STATIC int wm_vuldet_check_db();

/**
 * @brief Insert the CVEs information, fetched from the feeds, into VULNERABILITIES_INFO table.
 * @param parsed_oval The feed's information.
 * @param db SQLite3 Database pointer.
 * @param stmt SQL query statement pointer.
 * @return 0 if success.
 */
STATIC int wm_vuldet_insert_cve_info(wm_vuldet_db *parsed_oval, sqlite3 *db, sqlite3_stmt *stmt);

STATIC int wm_vuldet_insert(wm_vuldet_db *parsed_oval, update_node *update);
STATIC int wm_vuldet_remove_target_table(sqlite3 *db, char *TABLE, const char *target);

/**
 * @brief Set and validate the required URL for the feed.
 * Currently Debian, Ubuntu and RedHat are supported.
 * @param update Update structure of the feed being analyzed.
 * @return False if an unexpected feed is analyzed; True othewise.
 */
STATIC bool wm_vuldet_set_feed_update_url(update_node *update);

/**
 * @brief Get the Debian status feed to check the status of the vulnerabilities.
 * @param update Update structure of the feed being analyzed.
 * @return Parsed JSON on success, NULL otherwise.
 */
STATIC cJSON *wm_vuldet_get_debian_status_feed(update_node *update);

/**
 * @brief Insert the Debian vulnerable packages into the DB.
 * @param db Pointer to the CVE DB.
 * @param target Debian OS target.
 * @param update Update structure of the feed being analyzed.
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_index_debian(sqlite3 *db, const char *target, update_node *update);

/**
 * @brief For an specific agent, copy all installed packages' information from SYS_PROGRAM to the AGENTS table.
 * @param agent Pointer to an agent node.
 * @param db The agent sqlite Data Base.
 * @param scan_ctx Context of the scan in progress
 * @param request The request type that was used. Full or partial.
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_collect_agent_software(scan_agent *agent, sqlite3 *db, scan_ctx_t* scan_ctx);

/**
 * @brief Search for known vulnerabilities (NVD and OVAL feeds), and report all found CVEs.
 * @param agent Pointer to an agent node.
 * @param flags Flag list for Windows agents
 * @param scan_ctx Context of the scan in progress
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_find_agent_vulnerabilities(sqlite3 *db, scan_agent *agent, wm_vuldet_flags *flags, scan_ctx_t* scan_ctx);

/**
 * @brief Eliminate and report every obsolete vulnerability.
 * @param scan_ctx Context of the scan in progress
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_find_obsolete_vulnerabilities(scan_ctx_t* scan_ctx);

/**
 * @brief Traverse the agents linked list, gather the installed packages and search
 * for known vulnerabilities.
 * @param vuldet The vulnerability detector main data structure.
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_check_agent_vulnerabilities(wm_vuldet_t *vuldet);

/**
 * @brief Discard any installed Linux kernel package which is not running.
 * @param agent Agent being analyzed.
 * @param name Name of the package.
 * @param version Version of the package.
 * @param arch Architecture of the package.
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_discard_kernel_package(scan_agent *agent, const char *name, const char *version, const char *arch);

/**
 * @brief Discard false positives in CVEs with multiple entries when they differ in their vulnerability diagnosis.
 * @param db The agent's sqlite database.
 * @param agents_it The software struct from the agent being analyzed.
 * @param cve_id The CVE being analyzed.
 * @param pkg_version The version from the package being analyzed.
 * @param pkg_name The name from the package being analyzed.
 * @param vertype The version comparisor type.
 * @return The return code from the version comparisor (VU_NOT_VULNERABLE, VU_NOT_FIXED, VU_ERROR_CMP, ...).
 */
STATIC int wm_vuldet_oval_discard_mismatching_cve_entries(sqlite3 *db, scan_agent *agents_it, char *cve_id, char *pkg_version, char *pkg_name, version_type vertype);

STATIC int wm_vuldet_create_file(const char *path, const char *source);
STATIC int wm_vuldet_check_update_period(update_node *upd);
STATIC int wm_vuldet_update_feed(update_node *upd, int8_t *updated);
STATIC int wm_vuldet_sync_feed(update_node *upd, int8_t *need_update);
STATIC int wm_vuldet_check_feed(update_node *upd, int8_t *updated);
STATIC vu_feed wm_vuldet_set_allowed_feed(const char *os_name, const char *os_version, update_node **updates, vu_feed *agent_dist);

/**
 * @brief Gets the last update time of a specific feed from the metadata database.
 *
 * @param feed The feed from which to obtain the information.
 * @return -1 on error, a valid time otherwise.
 */
time_t wm_vuldet_get_last_feed_update(vu_feed feed);

/**
 * @brief Initialize the main structure(linked list) of all Syscollector agents
 * for later analysis.
 *
 * @param vuldet The vulnearibility detector main data structure.
 * @return 0 on success, -1 otherwise.
 */
STATIC int wm_vuldet_collect_agents_to_scan(wm_vuldet_t *vuldet);

/**
 * @brief Compare two packages structures (src_name, bin_name, version and arch).
 *
 * @return 0 if equal, -1 otherwise.
 */
STATIC int wm_vuldet_compare_pkg(cve_vuln_pkg *Pkg1, cve_vuln_pkg *Pkg2);

STATIC cJSON *wm_vuldet_dump(const wm_vuldet_t *vuldet);
STATIC char *wm_vuldet_build_url(char *pattern, char *value);
STATIC void wm_vuldet_adapt_title(char *title, char *cve);
STATIC int wm_vuldet_fetch_oval(update_node *update, char *repo);
STATIC int wm_vuldet_oval_process(update_node *update, char *path, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_json_rh_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_json_arch_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_db_empty(sqlite3 *db, vu_feed version);
STATIC int wm_vuldet_nvd_empty();
STATIC int wm_vuldet_generate_os_cpe(sqlite3 *db, scan_agent *agent, int *min_cpe_index, cpe_list **node_list);
STATIC int wm_vuldet_generate_os_and_kernel_package(sqlite3 *db, scan_agent *agent);
STATIC int wm_vuldet_generate_win_cpe(scan_agent *agent);
STATIC vu_feed wm_vuldet_decode_win_os(char *os_raw);
STATIC void wm_vuldet_free_scan_agent(scan_agent *agent);
STATIC int wm_vuldet_insert_agent_data(sqlite3 *db,
                                       scan_agent *agent,
                                       int *cpe_index,
                                       const char *vendor,
                                       const char *product,
                                       const char *source,
                                       const char *version,
                                       const char *src_version,
                                       const char *arch,
                                       const char *reference,
                                       const char *type,
                                       cpe *ag_cpe,
                                       cpe_list **node_list);

/**
 * @brief Checks whether the MSU table is populated or not.
 * @param db CVE Database with MSU information.
 * @return true on success, false otherwise.
 */
STATIC bool wm_vuldet_check_enabled_msu(sqlite3 *db);

/**
 * @brief Downloads a feed (either MSU or ALAS) from Wazuh's own repository.
 * @param update Update structure of the feed being analyzed.
 * @param repo For MSU feeds, it's by default set to NULL; however, if the user specifies another
 * URL (tag <url>), this one will be used.
 * For ALAS, it contains the already fixed URL to the feed's repository.
 * @return 0 if it was successfully downloaded, VU_INV_FEED if it failed,
 *  and VU_NOT_NEED_UPDATE if it's not required.
 */
STATIC int wm_vuldet_fetch_wazuh_repo(update_node *update, char *repo);

/**
 * @brief Checks whether a feed from Wazuh's repository (either ALAS or MSU) must be updated or not.
 * This is done by checking the metadata.
 * @param update Update structure of the feed being analyzed.
 * @return True if it must be updated, false otherwise.
 */
STATIC bool wm_vuldet_check_feed_metadata(update_node *update);

/**
 * @brief Downloads the correspondent .meta file for ALAS and MSU feeds.
 * @param update Update structure of the feed being analyzed.
 * @return Structure that holds all the feed's metadata. NULL otherwise.
 */
STATIC feed_metadata *wm_vuldet_fetch_feed_metadata(update_node *update);

/**
 * @brief Parse the .meta file and get the feed's metadata.
 * @param path Path of the .meta file.
 * @return Structure that holds all the feed's metadata. NULL otherwise.
 */
STATIC feed_metadata *wm_vuldet_parse_feed_metadata(char *path);

/**
 * @brief Insert or update the feed's entry in the METADATA table.
 * @param msu Structure that holds all the feed's metadata.
 * @param update Update structure of the feed being analyzed.
 * @return 0 if success, -1 otherwise.
 */
STATIC int wm_insert_feed_metadata(feed_metadata *metadata_feed, update_node *update);

STATIC int wm_vuldet_fetch_redhat(update_node *update);
STATIC int wm_vuldet_fetch_arch(update_node *update, char * repo);
STATIC int wm_vuldet_fetch_wazuh_cpe(update_node *update);
STATIC int wm_vuldet_json_wcpe_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_json_dic_parser(cJSON *json_feed, vu_cpe_dic *wcpes);
STATIC int wm_vuldet_fill_dic_section(cJSON *json_feed, vu_cpe_dic_section **wcpes);
STATIC unsigned int wm_vuldet_fill_action_mask(cJSON *json_feed);
STATIC int wm_vuldet_json_msu_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_insert_cpe_dic(sqlite3 *db, vu_cpe_dic *w_cpes);
STATIC int wm_vuldet_insert_cpe_dic_array(sqlite3 *db, vu_query query, int id, vu_cpe_dic_section *section);
STATIC vu_cpe_dic_node *wm_vuldet_free_dic_node(vu_cpe_dic_node *dic_node);
STATIC int wm_vuldet_insert_MSU(sqlite3 *db, vu_msu_entries *msu);
STATIC vu_msu_vul_entry *wm_vuldet_free_msu_vul_node(vu_msu_vul_entry *node);
STATIC vu_msu_dep_entry *wm_vuldet_free_msu_dep_node(vu_msu_dep_entry *node);
STATIC int wm_vuldet_build_unix_os_release(scan_agent *agent,
                                           const char* os_major,
                                           const char* os_minor,
                                           const char* os_patch);

/**
 * @brief Gets the hotfixes from the agent database in wazuh-db and
 *        inserts this data in the cve.db database.
 *
 * @param db Pointer to the cve.db database.
 * @param agent_id Id of the agent to request the hotfixes.
 * @return OS_SUCCESS if success, OS_INVALID otherwise.
 */
STATIC int wm_vuldet_request_hotfixes(sqlite3 *db, const char *agent_id);
STATIC void wm_vuldet_reset_tables(sqlite3 *db);
STATIC int wm_vuldet_index_json(wm_vuldet_db *parsed_vulnerabilities, update_node *update, char *path, char multi_path);
STATIC int wm_vuldet_index_nvd(sqlite3 *db, update_node *upd, nvd_vulnerability *nvd_it);
STATIC int wm_vuldet_clean_rh(sqlite3 *db);
STATIC int wm_vuldet_clean_wcpe(sqlite3 *db);
STATIC void wm_vuldet_get_package_os(const char *version, const char **os_major, char **os_minor);
STATIC void wm_vuldet_set_subversion(char *version, char **os_minor);
STATIC cJSON *wm_vuldet_json_fread(char *json_file);
STATIC cJSON *wm_vuldet_get_cvss(const char *scoring_vector);
STATIC int wm_vuldet_get_term_condition(char *i_term, char **term, char **comp_field, char **condition);
STATIC void wm_vuldet_run_scan(wm_vuldet_t *vuldet);
STATIC void wm_vuldet_run_sleep(wm_vuldet_t *vuldet);
STATIC void wm_vuldet_init(wm_vuldet_t *vuldet);
STATIC void wm_vuldet_update_last_scan(scan_ctx_t* scan_ctx);
STATIC char *wm_vuldet_normalize_date(char **date);
STATIC int wm_vulndet_insert_msu_vul_entry(sqlite3 *db, vu_msu_vul_entry *vul);
STATIC void wm_vuldet_json_msu_parser_deps(cJSON *json_feed, vu_msu_dep_entry **msu);
STATIC void wm_vuldet_json_msu_parser_vuln(cJSON *json_feed, vu_msu_vul_entry **msu);
STATIC int wm_vulndet_insert_msu_dep_entry(sqlite3 *db, vu_msu_dep_entry *dep);
STATIC void wm_vuln_check_msu_type(vu_msu_vul_entry *msu, cJSON *patchs);
STATIC int wm_vuldet_json_alas_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities);
STATIC int wm_vuldet_insert_ALAS(sqlite3 *db, vu_alas_vuln *alas, const char *target);
STATIC vu_alas_pkg *wm_vuldet_packages_parser(char *pkg);
STATIC int wm_vuldet_get_arch_id(sqlite3 * db, const char *cveid, const char *target, const char *pkg_name, const char *pkg_version, int *id);
STATIC void wm_vuldet_free_alas_pkg(vu_alas_pkg **alas_pkg);
STATIC void wm_vuldet_free_alas_node(vu_alas_vuln *node);
STATIC void wm_vuldet_free_alas(vu_alas_vuln *alas_it);

/**
 * @brief Updates LAST_FULL_SCAN or LAST_PARTIAL_SCAN from VULN_METADATA with the current time.
 *          The item to be updated depends on the scan type of scan_ctx.
 *
 * @param scan_ctx Context of the scan in progress.
 */
void wm_vuldet_update_last_scan(scan_ctx_t* scan_ctx);

/**
 * @brief Gets LAST_FULL_SCAN and LAST_PARTIAL_SCAN from VULN_METADATA.
 *        It returns the value of the specified item.
 *
 * @param scan_ctx Context of the scan in progress.
 * @param item JSON item name to be returned.
 * @return A positive value if item exists.
 *         Zero (0) if item doesn't exists.
 *         A negative value (-1) if error.
 */
time_t wm_vuldet_get_last_scan(scan_ctx_t* scan_ctx, const char* item);

/**
 * @brief Gets LAST_FULL_SCAN from VULN_METADATA.
 *
* @param scan_ctx Context of the scan in progress.
 * @return A positive value if LAST_FULL_SCAN exists.
 *         Zero (0) if LAST_FULL_SCAN doesn't exists.
 *         A negative value (-1) if error.
 */
time_t wm_vuldet_get_last_full_scan(scan_ctx_t* scan_ctx);

/**
 * @brief Gets LAST_PARTIAL_SCAN from VULN_METADATA.
 *
* @param scan_ctx Context of the scan in progress.
 * @return A positive value if LAST_PARTIAL_SCAN exists.
 *         Zero (0) if LAST_PARTIAL_SCAN doesn't exists.
 *         A negative value (-1) if error.
 */
time_t wm_vuldet_get_last_partial_scan(scan_ctx_t* scan_ctx);

/**
 * @brief Checks if the feed(s) for an agent changed since last scan.
 *
 * @param agent The scaned agent data structure.
 * @param last_scan The time of the last scan.
 *
 * @return TRUE if any of the feeds of the agent has been modified after the last scan.
 *         FALSE if all the feeds of the agent hasn't been modified since the last scan.
 */
STATIC bool wm_vuldet_feed_changed(update_node** feeds, scan_agent* agent, time_t last_scan);

/**
 * @brief Compares the package's vendor with the official vendors.
 *
 * @param vendor the package's vendor
 * @return 0 if the vendor matches with an official vendor or 1 if it is a external vendor.
 */
STATIC int wm_vuldet_compare_vendors(char * vendor);

/**
 * @brief Truncate the minor target for CentOS packages.
 *
 * @param revision a pointer to the package revision
 */
STATIC void wm_vuldel_truncate_revision(char * revision);

time_t curr_time;
int wdb_vuldet_sock = -1;
int *vu_queue;
// Define time to sleep between messages sent
int usec;

const wm_context WM_VULNDETECTOR_CONTEXT = {
    "vulnerability-detector",
    (wm_routine)wm_vuldet_main,
    (wm_routine)(void *)wm_vuldet_destroy,
    (cJSON * (*)(const void *))wm_vuldet_dump,
    NULL,
    NULL
};

const char *version_null = "0:0";

const char *vu_os_platform_rolling_distros[] = {
    "arch"
};

const char *vu_vendor_list[] = {
    "canonical",
    "debian",
    "redhat",
    "archlinux",
    "linux",
    "amazon"
};

const char *vu_os_product_name_list[] = {
    "ubuntu_linux",
    "debian_linux",
    "enterprise_linux",
    "arch_linux",
    "linux_kernel",
    "linux",
    "linux_1",
    "linux_2"
};

const char *vu_vendor_list_ubuntu_debian[] = {
    "canonical",
    "ubuntu",
    "debian"
};

const char *vu_vendor_list_redhat[] = {
    "Red Hat, Inc.",
    "CentOS"
};

const char *vu_vendor_list_amazon[] = {
    "Amazon Linux",
    "Amazon.com",
    "Amazon AWS"
};

const char *vu_vendor_list_arch[] = {
    "Arch Linux"
};

const char *vu_package_dist[] = {
    ".el8",
    ".el7",
    ".el6",
    ".el5"
};

const char *vu_feed_tag[] = {
    "UBUNTU",
    "CANONICAL",
    "DEBIAN",
    "REDHAT",
    "JREDHAT",
    "CENTOS",
    "ALAS",
    "ARCH",
    "WIN",
    // Ubuntu versions
    "TRUSTY",
    "XENIAL",
    "BIONIC",
    "FOCAL",
    "JAMMY",
    // Debian versions
    "STRETCH",
    "BUSTER",
    "BULLSEYE",
    // RedHat versions
    "RHEL5",
    "RHEL6",
    "RHEL7",
    "RHEL8",
    // NVD
    "NVD",
    "CPED",
    // Amazon versions
    "Amazon-Linux",
    "Amazon-Linux-2",
    // WINDOWS
    "WS2003",
    "WS2003R2",
    "WXP",
    "WVISTA",
    "W7",
    "W8",
    "W81",
    "W10",
    "W11",
    "WS2008",
    "WS2008R2",
    "WS2012",
    "WS2012R2",
    "WS2016",
    "WS2019",
    "WS2022",
    // OTHER
    "CPEW",
    "MSU",
    "MAC",
    "UNKNOWN"
};

const char *vu_feed_ext[] = {
    "Ubuntu",
    "Canonical",
    "Debian",
    "Red Hat Enterprise Linux",
    "JSON Red Hat Enterprise Linux",
    "CentOS",
    "Amazon Linux",
    "Arch Linux",
    "Microsoft Windows",
    // Ubuntu versions
    "Ubuntu Trusty",
    "Ubuntu Xenial",
    "Ubuntu Bionic",
    "Ubuntu Focal",
    "Ubuntu Jammy",
    // Debian versions
    "Debian Stretch",
    "Debian Buster",
    "Debian Bullseye",
    // RedHat versions
    "Red Hat Enterprise Linux 5",
    "Red Hat Enterprise Linux 6",
    "Red Hat Enterprise Linux 7",
    "Red Hat Enterprise Linux 8",
    // NVD
    "National Vulnerability Database",
    "Common Platform Enumeration Dictionary",
    // Amazon versions
    "Amazon Linux 1",
    "Amazon Linux 2",
    // WINDOWS
    "Windows Server 2003",
    "Windows Server 2003 R2",
    "Windows XP",
    "Windows Vista",
    "Windows 7",
    "Windows 8",
    "Windows 8.1",
    "Windows 10",
    "Windows 11",
    "Windows Server 2008",
    "Windows Server 2008 R2",
    "Windows Server 2012",
    "Windows Server 2012 R2",
    "Windows Server 2016",
    "Windows Server 2019",
    "Windows Server 2022",
    // OTHER
    "Wazuh CPE dictionary",
    "Microsoft Security Update",
    "darwin",
    "Unknown OS"
};

const char *vu_package_comp[] = {
    "less than",
    "less than or equal",
    "greater than",
    "greater than or equal",
    "equals",
    "not equal",
    "exists"
};

const char *vu_severities[] = {
    "Low",
    "Medium",
    "Moderate",
    "Unknown",
    "High",
    "Important",
    "Critical",
    "None",
    "Negligible",
    "Untriaged"
};

const char *vu_cpe_dic_option[] = {
    "replace_vendor",
    "replace_product",
    "replace_vendor_if_matches",
    "replace_product_if_matches",
    "set_version_if_matches",
    "replace_sw_edition_if_product_matches",
    "replace_msu_name_if_version_matches",
    "ignore",
    "check_hotfix",
    "replace_msu_name",
    "set_version_if_product_matches",
    "set_targethw_if_product_matches",
    "set_version_only_if_product_matches",
    "set_targethw_only_if_product_matches"
};

vu_feed wm_vuldet_set_allowed_feed(const char *os_name, const char *os_version, update_node **updates, vu_feed *agent_dist) {
    vu_feed retval = FEED_UNKNOWN;
    int i;

    for (i = 0; i < OS_SUPP_SIZE; i++) {
        if (updates[i]) {
            if (wm_vuldet_is_single_provider(updates[i]->dist_ref)) {
                if (updates[i]->allowed_os_name) {
                    int j;
                    char *allowed_os;
                    char *allowed_ver;
                    for (allowed_os = *updates[i]->allowed_os_name, allowed_ver = *updates[i]->allowed_os_ver, j = 0; allowed_os; ++j) {
                        if (strcasestr(os_name, allowed_os) && strcasestr(os_version, allowed_ver)) {
                            retval = updates[i]->dist_tag_ref;
                            *agent_dist = updates[i]->dist_ref;
                            i = OS_SUPP_SIZE;
                            break;
                        }
                        allowed_os = updates[i]->allowed_os_name[j];
                        allowed_ver = updates[i]->allowed_os_ver[j];
                    }
                }
            }
        }
    }

    return retval;
}

int wm_vuldet_check_update_period(update_node *upd) {
    return upd && (!upd->last_sync || (upd->interval != WM_VULNDETECTOR_ONLY_ONE_UPD && (upd->last_sync + (time_t) upd->interval) < time(NULL)));
}
int wm_vuldet_sync_feed(update_node *upd, int8_t *need_update) {
    return wm_vuldet_fetch_feed(upd, need_update) == OS_INVALID || (*need_update && wm_vuldet_index_feed(upd));
}

int wm_vuldet_create_file(const char *path, const char *source) {
    const char *ROOT = "root";
    const char *sql;
    const char *tail;
    sqlite3 *db;
    sqlite3_stmt *stmt = NULL;
    int result;
    uid_t uid;
    gid_t gid;

    // Open the database file, or create it
    if (sqlite3_open_v2(path, &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, NULL)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_CREATE_DB_ERROR);
        return wm_vuldet_sql_error(db, stmt);
    }

    // Load the tables schema
    for (sql = source; sql && *sql; sql = tail) {
        if (wm_vuldet_prepare(db, sql, -1, &stmt, &tail) != SQLITE_OK) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_CREATE_DB_ERROR);
            return wm_vuldet_sql_error(db, stmt);
        }

        result = wm_vuldet_step(stmt);

        switch (result) {
        case SQLITE_MISUSE:
        case SQLITE_ROW:
        case SQLITE_DONE:
            break;
        default:
            return wm_vuldet_sql_error(db, stmt);
        }

        wdb_finalize(stmt);
    }

    sqlite3_close_v2(db);

    uid = Privsep_GetUser(ROOT);
    gid = Privsep_GetGroup(GROUPGLOBAL);

    if (uid == (uid_t) - 1 || gid == (gid_t) - 1) {
        mterror(WM_VULNDETECTOR_LOGTAG, USER_ERROR, ROOT, GROUPGLOBAL, strerror(errno), errno);
        return OS_INVALID;
    }

    if (chown(path, uid, gid) < 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, CHOWN_ERROR, path, errno, strerror(errno));
        return OS_INVALID;
    }

    if (chmod(path, 0660) < 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, CHMOD_ERROR, path, errno, strerror(errno));
        return OS_INVALID;
    }

    return 0;
}

int wm_vuldet_prepare(sqlite3 *db, const char *zSql, int nByte, sqlite3_stmt **stmt, const char **pzTail) {
    int attempts;
    int result;
    for (attempts = 0; (result = sqlite3_prepare_v2(db, zSql, nByte, stmt, pzTail)) == SQLITE_BUSY; attempts++) {
        if (attempts == MAX_SQL_ATTEMPTS) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MAX_ACC_EXC);
            return OS_INVALID;
        }
    }
    return result;
}

int wm_vuldet_step(sqlite3_stmt *stmt) {
    int attempts;
    int result;
    for (attempts = 0; (result = sqlite3_step(stmt)) == SQLITE_BUSY; attempts++) {
        if (attempts == MAX_SQL_ATTEMPTS) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MAX_ACC_EXC);
            return OS_INVALID;
        }
    }
    return result;
}

/*
* This function should be taken as the version comparison entry point
*/
int wm_checks_package_vulnerability(char *version_a, const char *operation, const char *version_b, version_type vertype) {
    int size;
    int epoch, c_epoch;
    char version_cl[KEY_SIZE];
    char cversion_cl[KEY_SIZE];
    char *version_it, *release_it;
    char *cversion_it, *crelease_it;
    struct pkg_version *package_version;
    struct pkg_version *package_feed_version;
    enum pkg_relation feed_condition;
    int8_t ret = 0;

    if (version_b && strcmp(version_b, version_null)) {
        // Copy the original values
        if (size = snprintf(version_cl, KEY_SIZE, "%s", version_a), size >= KEY_SIZE) {
            return OS_INVALID;
        }
        if (size = snprintf(cversion_cl, KEY_SIZE, "%s", version_b), size >= KEY_SIZE) {
            return OS_INVALID;
        }

        /*
        * Check EPOCH:
        * If the epoch is not present in the version and we are comparing NVD versions
        * we assign -1 to indicate that it shouldn't be compared.
        * For Amazon Linux packages we ignore the epoch since the ALAS feed doesn't
        * provide it.
        */
        if (version_it = strchr(version_cl, ':'), version_it) {
            *(version_it++) = '\0';
            epoch = (VER_TYPE_RPM_ALAS != vertype) ? strtol(version_cl, NULL, 10) : -1;
        } else {
            version_it = version_cl;
            epoch = (VER_TYPE_NVD != vertype) ? 0 : -1;
        }
        if (cversion_it = strchr(cversion_cl, ':'), cversion_it) {
            *(cversion_it++) = '\0';
            c_epoch = strtol(cversion_cl, NULL, 10);
        } else {
            cversion_it = cversion_cl;
            c_epoch = (VER_TYPE_NVD != vertype) ? 0 : -1;
        }

        // Separate the version from the revision
        if (release_it = strchr(version_it, '-'), release_it) {
            if (*(release_it++) = '\0', *release_it == '\0') {
                release_it = NULL;
            }
        }

        if (crelease_it = strchr(cversion_it, '-'), crelease_it) {
            if (*(crelease_it++) = '\0', *crelease_it == '\0') {
                crelease_it = NULL;
            }
        }

        // When evaluating CentOS package, the minor target part cannot be compared so it is truncated
        if (vertype == VER_TYPE_RPM_CENTOS) {
            wm_vuldel_truncate_revision(release_it);
            wm_vuldel_truncate_revision(crelease_it);
        }

        if (vertype == VER_TYPE_DEB) {
            // This exception is caused by https://github.com/wazuh/wazuh/issues/11363
            if (strstr(cversion_it, " only") != NULL) {
                return VU_ERROR_CMP;
            }
        }

        os_calloc(1, sizeof(struct pkg_version), package_version);
        os_calloc(1, sizeof(struct pkg_version), package_feed_version);
        package_version->epoch = epoch;
        package_version->version = version_it;
        package_version->revision = release_it ? release_it : "0";
        package_feed_version->epoch = c_epoch;
        package_feed_version->version = cversion_it;
        package_feed_version->revision = crelease_it ? crelease_it : "0";

        if (!strcmp(operation, vu_package_comp[VU_COMP_L])) {
            feed_condition = PKG_RELATION_LT;
        } else if (!strcmp(operation, vu_package_comp[VU_COMP_LE])) {
            feed_condition = PKG_RELATION_LE;
        } else if (!strcmp(operation, vu_package_comp[VU_COMP_G])) {
            feed_condition = PKG_RELATION_GT;
        } else if (!strcmp(operation, vu_package_comp[VU_COMP_GE])) {
            feed_condition = PKG_RELATION_GE;
        } else if (!strcmp(operation, vu_package_comp[VU_COMP_EQ])) {
            feed_condition = PKG_RELATION_EQ;
        } else {
            ret = VU_ERROR_CMP;
            goto clean;
        }

        // This sanity is included since you cannot always expect a revision to come,
        // since it is a data provided by the agent.
        if ((vertype == VER_TYPE_RPM_CENTOS || vertype == VER_TYPE_RPM_ALAS || vertype == VER_TYPE_RPM) && (NULL == package_version->version)) {
            ret = VU_ERROR_CMP;
            goto clean;
        }

        if(pkg_version_relate(package_version, feed_condition, package_feed_version, vertype)) {
            ret = VU_VULNERABLE;
        } else {
            ret = VU_NOT_VULNERABLE;
        }

    clean:
        os_free(package_version);
        os_free(package_feed_version);
        return ret;
    }

    return VU_NOT_FIXED;
}

char *wm_vuldet_build_url(char *pattern, char *value) {
    size_t size;
    char *retval;

    os_calloc(VUL_BUILD_REF_MAX + 1, sizeof(char), retval);
    size = snprintf(retval, VUL_BUILD_REF_MAX, pattern, value);
    os_realloc(retval, size + 1, retval);

    return retval;
}

int wm_vuldet_compare_pkg(cve_vuln_pkg *Pkg1, cve_vuln_pkg *Pkg2) {

    if (!(!Pkg1->vendor && !Pkg2->vendor) &&
        !(Pkg1->vendor && Pkg2->vendor &&
        !strcmp(Pkg1->vendor, Pkg2->vendor))) { // Vendor
        return -1;
    }

    if (!(!Pkg1->src_name && !Pkg2->src_name) &&
        !(Pkg1->src_name && Pkg2->src_name &&
        !strcmp(Pkg1->src_name, Pkg2->src_name))) { // Source name
        return -1;
    }

    if (!(!Pkg1->bin_name && !Pkg2->bin_name) &&
        !(Pkg1->bin_name && Pkg2->bin_name &&
        !strcmp(Pkg1->bin_name, Pkg2->bin_name))) { // Binary name
        return -1;
    }

    if (!(!Pkg1->version && !Pkg2->version) &&
        !(Pkg1->version && Pkg2->version &&
        !strcmp(Pkg1->version, Pkg2->version))) { // Version
        return -1;
    }

    /* If only the architecture differs and one of them is 'noarch',
    *  label them as equals too.  */
    if (!(!Pkg1->arch && !Pkg2->arch) && // Architecture
        (Pkg1->arch && Pkg2->arch && strcmp("noarch", Pkg1->arch) &&
        strcmp("noarch", Pkg2->arch) && strcmp(Pkg1->arch, Pkg2->arch))) {
        return -1;
    }

    if (Pkg1->nvd_cond && Pkg2->nvd_cond &&
        Pkg1->nvd_cond->id != Pkg2->nvd_cond->id) { // ID from table NVD_CVE_MATCH
        return -1;
    }

    return 0;
}

int wm_vuldet_add_cve_node(cve_vuln_pkg *newPkg, const char *cve, OSHash *cve_table) {
    int status = 0;
    int found = 0;
    cve_vuln_pkg *lastPkg = NULL;
    cve_vuln_pkg *tmpPkg  = NULL;

    if (status = OSHash_Add(cve_table, cve, (void *)newPkg), !status) {
        return -1;
    }

    // If the cve node already exists, add the pkg to the end of the linked list.
    if (status == 1) {
        if (tmpPkg = (cve_vuln_pkg *)OSHash_Get(cve_table, cve), !tmpPkg) {
            return -1;
        }

        do {
            if (!wm_vuldet_compare_pkg(tmpPkg, newPkg)) { // Same package?
                if (!tmpPkg->nvd_cond && newPkg->nvd_cond) {
                    os_calloc(1, sizeof(cve_vuln_cond_NVD), tmpPkg->nvd_cond);
                    memcpy(tmpPkg->nvd_cond, newPkg->nvd_cond, sizeof(cve_vuln_cond_NVD));

                    if (newPkg->nvd_cond->start_version) {
                        os_strdup(newPkg->nvd_cond->start_version, tmpPkg->nvd_cond->start_version);
                    }
                    if (newPkg->nvd_cond->end_version) {
                        os_strdup(newPkg->nvd_cond->end_version, tmpPkg->nvd_cond->end_version);
                    }
                    if (newPkg->nvd_cond->operator) {
                        os_strdup(newPkg->nvd_cond->operator, tmpPkg->nvd_cond->operator);
                    }
                }

                if (!tmpPkg->vuln_cond && newPkg->vuln_cond) {
                    os_calloc(1, sizeof(cve_vuln_cond), tmpPkg->vuln_cond);
                    memcpy(tmpPkg->vuln_cond, newPkg->vuln_cond, sizeof(cve_vuln_cond));

                    if (newPkg->vuln_cond->state) {
                        os_strdup(newPkg->vuln_cond->state, tmpPkg->vuln_cond->state);
                    }
                    if (newPkg->vuln_cond->operation) {
                        os_strdup(newPkg->vuln_cond->operation, tmpPkg->vuln_cond->operation);
                    }
                    if (newPkg->vuln_cond->operation_value) {
                        os_strdup(newPkg->vuln_cond->operation_value, tmpPkg->vuln_cond->operation_value);
                    }
                    if (newPkg->vuln_cond->condition) {
                        os_strdup(newPkg->vuln_cond->condition, tmpPkg->vuln_cond->condition);
                    }
                }

                tmpPkg->feed |= newPkg->feed; // Update the feed field with the new source.

                found = 1; // Package duplicated
            }
            lastPkg = tmpPkg; // Save last known entry within the linked list.
            tmpPkg = tmpPkg->next;
        } while (tmpPkg);

        if (!found) {
            lastPkg->next = newPkg;
        }
    }

    return found;
}

void wm_vuldet_free_cve_node(void *data){
    if (data) {
        cve_vuln_pkg *pkg  = (cve_vuln_pkg *) data;
        cve_vuln_pkg *next = NULL;
        do { // Free each package in the linked list.
            next = pkg->next;
            os_free(pkg->vendor);
            os_free(pkg->bin_name);
            os_free(pkg->src_name);
            os_free(pkg->arch);
            os_free(pkg->version);
            os_free(pkg->type);
            os_free(pkg->reference);

            if (pkg->nvd_cond) {
                os_free(pkg->nvd_cond->operator);
                os_free(pkg->nvd_cond->end_version);
                os_free(pkg->nvd_cond->start_version);
                os_free(pkg->nvd_cond);
            }

            if (pkg->vuln_cond) {
                os_free(pkg->vuln_cond->state);
                os_free(pkg->vuln_cond->operation);
                os_free(pkg->vuln_cond->operation_value);
                os_free(pkg->vuln_cond->condition);
                os_free(pkg->vuln_cond);
            }
            os_free(pkg);

            pkg = next;
        } while (pkg);
    }
}

void wm_vuldet_free_report(vu_report *report) {
    if (report == NULL) {
        return;
    }

    os_free(report->cve);
    os_free(report->reference);
    os_free(report->type);
    os_free(report->status);
    os_free(report->title);
    os_free(report->rationale);
    os_free(report->published);
    os_free(report->updated);
    os_free(report->assigner);
    os_free(report->cve_version);
    // Impact
    os_free(report->severity);
    wm_vuldet_free_cv_scoring_system(report->cvss2);
    wm_vuldet_free_cv_scoring_system(report->cvss3);
    os_free(report->cwe);
    // References
    free_strarray(report->advisories);
    free_strarray(report->bugzilla_references);
    free_strarray(report->references);
    free_strarray(report->ref_sources);
    // Reported software
    os_free(report->software);
    os_free(report->source);
    os_free(report->version);
    os_free(report->operation);
    os_free(report->operation_value);
    os_free(report->condition);
    os_free(report->arch);
    // Agent data
    os_free(report->agent_id);
    os_free(report->agent_name);
    os_free(report->agent_ip);
    // Metadata
    os_free(report);
}

void wm_vuldet_build_nvd_report_condition(cve_vuln_cond_NVD *nvd_cond, vu_report *report) {

    report->pending = nvd_cond->end_version ? 0 : 1;
    // building condition
    if (nvd_cond->start_version && nvd_cond->end_version) {
        const char* start = "Package";
        const char* condition1 = (nvd_cond->start_operation == START_INCLUDED) ? "greater or equal than" : "greater than";
        const char* middle = "and";
        const char* condition2 = (nvd_cond->end_operation == END_INCLUDED) ? "less or equal than" : "less than";
        size_t size = strlen(start) + 1 + strlen(condition1) + 1 + strlen(nvd_cond->start_version) + 1 +
                        strlen(middle) + 1 + strlen(condition2) + 1 + strlen(nvd_cond->end_version);
        os_calloc(size + 1, sizeof(char), report->condition);
        sprintf(report->condition, "%s %s %s %s %s %s",
        start, condition1, nvd_cond->start_version,
        middle, condition2, nvd_cond->end_version);
    }
    else if (nvd_cond->start_version) {
        const char* start = "Package";
        const char* condition = (nvd_cond->start_operation == START_INCLUDED) ? "greater or equal than" : "greater than";
        size_t size = strlen(start) + 1 + strlen(condition) + 1 + strlen(nvd_cond->start_version);
        os_calloc(size + 1, sizeof(char), report->condition);
        sprintf(report->condition, "%s %s %s",
        start, condition, nvd_cond->start_version);
    }
    else if (nvd_cond->end_version) {
        const char* start = "Package";
        const char* condition = (nvd_cond->end_operation == END_INCLUDED) ? "less or equal than" : "less than";
        size_t size = strlen(start) + 1 + strlen(condition) + 1 + strlen(nvd_cond->end_version);
        os_calloc(size + 1, sizeof(char), report->condition);
        sprintf(report->condition, "%s %s %s",
        start, condition, nvd_cond->end_version);
    }
    else {
        const char* text = "Package matches a vulnerable version";
        os_calloc(strlen(text) + 1, sizeof(char), report->condition);
        sprintf(report->condition, "%s", text);
    }

    return;
}

int wm_vuldet_fill_report_nvd_cve_info(sqlite3 *db, sqlite3_stmt *stmt, vu_report *report, int *cve_table_id) {
    // CVE info query
    if (wm_vuldet_prepare(db, vu_queries[VU_GET_CVE_INFO_FILTER_CVE], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }
    sqlite3_bind_text(stmt, 1, report->cve, -1, NULL);

    int step_result = wm_vuldet_step(stmt);
    if (SQLITE_ROW == step_result) {
        *cve_table_id = atoi((char *)sqlite3_column_text(stmt, 0));
        char *cwe = (char *)sqlite3_column_text(stmt, 1);
        char *assigner = (char *)sqlite3_column_text(stmt, 2);
        char *rationale = (char *)sqlite3_column_text(stmt, 3);
        char *cve_version = (char *)sqlite3_column_text(stmt, 4);
        char *published = (char *)sqlite3_column_text(stmt, 5);
        char *updated = (char *)sqlite3_column_text(stmt, 6);

        w_strdup(cwe, report->cwe);
        w_strdup(assigner, report->assigner);
        w_strdup(rationale, report->rationale);
        w_strdup(cve_version, report->cve_version);
        w_strdup(published, report->published);
        w_strdup(updated, report->updated);
    } else if (SQLITE_DONE != step_result){
        return SQLITE_ERROR;
    }

    wdb_finalize(stmt);

    return SQLITE_OK;
}

int wm_vuldet_fill_report_nvd_references(sqlite3 *db, sqlite3_stmt *stmt, int cve_table_id, vu_report *report) {
    //Query for references
    if (wm_vuldet_prepare(db, vu_queries[VU_GET_REFERENCE], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }
    sqlite3_bind_int(stmt, 1, cve_table_id);

    int ref_count = 0;
    int step_result = 0;
    while (step_result = wm_vuldet_step(stmt), (SQLITE_ROW == step_result)) {
        char *url = (char *)sqlite3_column_text(stmt, 0);
        char *ref_source = (char *)sqlite3_column_text(stmt, 1);

        os_realloc(report->ref_sources, (ref_count + 2) * sizeof(char *), report->ref_sources);
        os_strdup(ref_source, report->ref_sources[ref_count]);
        os_realloc(report->references, (ref_count + 2) * sizeof(char *), report->references);
        os_strdup(url, report->references[ref_count]);
        ++ref_count;
        report->ref_sources[ref_count] = report->references[ref_count] = NULL;
    }

    wdb_finalize(stmt);

    if (SQLITE_ERROR == step_result)
        return SQLITE_ERROR;

    return SQLITE_OK;
}

int wm_vuldet_fill_report_nvd_scoring(sqlite3 *db, sqlite3_stmt *stmt, int cve_table_id, vu_report *report) {
    //Query for scoring
    if (wm_vuldet_prepare(db, vu_queries[VU_GET_SCORING], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }
    sqlite3_bind_int(stmt, 1, cve_table_id);

    int step_result = 0;
    while (step_result = wm_vuldet_step(stmt), (SQLITE_ROW == step_result)) {
        cv_scoring_system **cvss;
        char *vector_string = (char *)sqlite3_column_text(stmt, 0);
        double base_score = sqlite3_column_double(stmt, 1);
        double exploitability_score = sqlite3_column_double(stmt, 2);
        double impact_score = sqlite3_column_double(stmt, 3);
        char *cvss_ver = (char *)sqlite3_column_text(stmt, 4);

        if (!cvss_ver) {
            continue;
        }

        if (strstr(cvss_ver, "2.") && !report->cvss2) {
            cvss = &report->cvss2;
        } else if (strstr(cvss_ver, "3.") && !report->cvss3) {
            cvss = &report->cvss3;
        } else {
            continue;
        }

        os_calloc(1, sizeof(cv_scoring_system), *cvss);
        w_strdup(vector_string, (*cvss)->vector_string);
        (*cvss)->base_score = base_score;
        (*cvss)->exploitability_score = exploitability_score;
        (*cvss)->impact_score = impact_score;
    }

    wdb_finalize(stmt);

    if (SQLITE_ERROR == step_result)
        return SQLITE_ERROR;

    if (report->cvss3) {
        if (report->cvss3->base_score >= 9) {
            os_strdup(vu_severities[VU_CRITICAL], report->severity);
        } else if (report->cvss3->base_score >= 7) {
            os_strdup(vu_severities[VU_HIGH], report->severity);
        } else if (report->cvss3->base_score >= 4) {
            os_strdup(vu_severities[VU_MEDIUM], report->severity);
        } else if (report->cvss3->base_score >= 0.1) {
            os_strdup(vu_severities[VU_LOW], report->severity);
        } else {
            os_strdup(vu_severities[VU_NONE], report->severity);
        }
    } else if (report->cvss2) {
        if (report->cvss2->base_score >= 7) {
            os_strdup(vu_severities[VU_HIGH], report->severity);
        } else if (report->cvss2->base_score >= 4) {
            os_strdup(vu_severities[VU_MEDIUM], report->severity);
        } else {
            os_strdup(vu_severities[VU_LOW], report->severity);
        }
    }

    return SQLITE_OK;
}

int wm_vuldet_fill_report_oval_data(sqlite3 *db, sqlite3_stmt *stmt, scan_agent *agents_it, cve_vuln_pkg *pkg, vu_report *report) {
    // As we consider the NVD as our source of trust, within this statement we will
    // add information only if that information was not already added by the NVD
    // report, or if the information is not repeated.
    const char *target;
    char *severity;
    char *rationale;
    char *published;
    char *updated;
    char *cvss;
    char *cvss3;
    char *cvss_vector;
    char *cvss3_vector;
    char *cwe;
    char *reference;
    char *bugzilla_reference;
    char* advisory;
    int adv_count = 0;
    int ref_count = 0;
    int bugref_count = 0;

    if (agents_it->dist == FEED_REDHAT) {
        target = "JREDHAT";
    } else {
        target = vu_feed_tag[agents_it->dist_ver];
    }

    if (pkg->vuln_cond) {
        if (!report->operation) w_strdup(pkg->vuln_cond->operation, report->operation);
        if (!report->operation_value) w_strdup(pkg->vuln_cond->operation_value, report->operation_value);
        if (!report->condition) w_strdup(pkg->vuln_cond->condition, report->condition);
    }

    // Adding data from VULNERABILITIES_INFO
    if (wm_vuldet_prepare(db, vu_queries[VU_GET_VULN_INFO], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }

    sqlite3_bind_text(stmt, 1, report->cve, -1, NULL);
    sqlite3_bind_text(stmt, 2, target, -1, NULL);

    if (SQLITE_ROW == wm_vuldet_step(stmt)) {
        severity = (char *)sqlite3_column_text(stmt, 0);
        published = (char *)sqlite3_column_text(stmt, 1);
        updated = (char *)sqlite3_column_text(stmt, 2);
        rationale = (char *)sqlite3_column_text(stmt, 3);
        cvss = (char *)sqlite3_column_text(stmt, 4);
        cvss3 = (char *)sqlite3_column_text(stmt, 5);
        cvss_vector = (char *)sqlite3_column_text(stmt, 6);
        cvss3_vector = (char *)sqlite3_column_text(stmt, 7);
        cwe = (char *)sqlite3_column_text(stmt, 8);

        if (!report->rationale) w_strdup(rationale, report->rationale);

        if (severity) {
            if (agents_it->dist == FEED_REDHAT) {
                /* For RHEL/CentOS agents we trust in the severity
                from the vendor feed instead of the NVD.
                It avoids NULL severity for some vulnerabilities */
                os_free(report->severity);
                w_strdup(severity, report->severity);
            } else if (!report->severity) {
                w_strdup(severity, report->severity);
            }
        } else if (!report->severity) {
            os_strdup(vu_severities[VU_UNKNOWN], report->severity);
        }

        if (!report->published) w_strdup(published, report->published);
        if (!report->updated && updated) w_strdup(updated, report->updated);
        if (!report->cvss2 && cvss) {
            os_calloc(1, sizeof(cv_scoring_system), report->cvss2);
            w_strdup(cvss_vector, report->cvss2->vector_string);
            report->cvss2->base_score = strtod(cvss, NULL);
        }
        if (!report->cvss3 && cvss3) {
            os_calloc(1, sizeof(cv_scoring_system), report->cvss3);
            w_strdup(cvss3_vector, report->cvss3->vector_string);
            report->cvss3->base_score = strtod(cvss3, NULL);
        }
        if (!report->cwe) w_strdup(cwe, report->cwe);
    }

    wdb_finalize(stmt);

    // Adding references URLs (REFERENCES_INFO table)
    if (wm_vuldet_prepare(db, vu_queries[VU_REFS_QUERY], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }

    sqlite3_bind_text(stmt, 1, report->cve, -1, NULL);
    sqlite3_bind_text(stmt, 2, target, -1, NULL);

    for (ref_count = 0; report->references && report->references[ref_count]; ++ref_count) {
        // Do nothing. Just counting the number of references just
        // in case the NVD could have add some references URLs.
    }

    while (SQLITE_ROW == wm_vuldet_step(stmt)) {
        reference = (char *)sqlite3_column_text(stmt, 0);

        // Checking if the reference is already in the list
        int skip = 0;
        for (int i = 0; report->references && report->references[i]; ++i) {
            if (!strcmp(reference, report->references[i])) {
                skip = 1;
                break;
            }
        }

        if (skip) continue;

        // The reference is not in the list... adding it.
        os_realloc(report->references, (ref_count + 2) * sizeof(char *), report->references);
        os_strdup(reference, report->references[ref_count]);
        report->references[++ref_count] = NULL;
    }

    wdb_finalize(stmt);

    // Adding bugzilla references URLs (BUGZILLA_REFERENCES_INFO table)
    if (wm_vuldet_prepare(db, vu_queries[VU_BUG_REFS_QUERY], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }

    sqlite3_bind_text(stmt, 1, report->cve, -1, NULL);
    sqlite3_bind_text(stmt, 2, target, -1, NULL);

    for (bugref_count = 0; report->bugzilla_references && report->bugzilla_references[bugref_count]; ++bugref_count) {
        // Do nothing. Just counting the number of references just
        // in case the NVD could have add some bugzilla URLs.
    }

    while (SQLITE_ROW == wm_vuldet_step(stmt)) {
        bugzilla_reference = (char *)sqlite3_column_text(stmt, 0);
        os_realloc(report->bugzilla_references, (bugref_count + 2) * sizeof(char *), report->bugzilla_references);
        os_strdup(bugzilla_reference, report->bugzilla_references[bugref_count]);
        report->bugzilla_references[++bugref_count] = NULL;
    }

    wdb_finalize(stmt);

    // Adding advisories from ADVISORIES_INFO
    if (wm_vuldet_prepare(db, vu_queries[VU_ADVISORY_QUERY], -1, &stmt, NULL) != SQLITE_OK) {
        return SQLITE_ERROR;
    }

    sqlite3_bind_text(stmt, 1, report->cve, -1, NULL);
    sqlite3_bind_text(stmt, 2, target, -1, NULL);

    for (adv_count = 0; report->advisories && report->advisories[adv_count]; ++adv_count) {
        // Do nothing. Just counting the number of references just
        // in case the NVD could have add some advisories.
    }

    while (SQLITE_ROW == wm_vuldet_step(stmt)) {
        advisory = (char *)sqlite3_column_text(stmt, 0);
        os_realloc(report->advisories, (adv_count + 2) * sizeof(char *), report->advisories);
        os_strdup(advisory, report->advisories[adv_count]);
        report->advisories[++adv_count] = NULL;
    }

    wdb_finalize(stmt);

    return SQLITE_OK;
}

int wm_vuldet_process_agent_vulnerabilities(sqlite3 *db, OSHash *cve_table, scan_agent *agents_it, scan_ctx_t *scan_ctx) {
    OSHashNode *hash_node;
    unsigned int inode_it = 0;
    sqlite3_stmt *stmt = NULL;
    vu_report *report = NULL;
    time_t start_time;
    int vuln_reported = 0;
    int vuln_reported_nvd = 0;
    int vuln_reported_vendor = 0;

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_START_VUL_AG_SEND, scan_ctx->agent_id);

    start_time = time(NULL);

    int sock = wm_vuldet_get_wdb_socket();
    hash_node = OSHash_Begin(cve_table, &inode_it);

    while(hash_node) {
        char *cve;
        cve_vuln_pkg *pkg  = NULL;
        cve_vuln_pkg *next = NULL;

        cve = hash_node->key;
        pkg = hash_node->data;

        do {
            next = pkg->next;

            if (pkg->discard) {
                pkg = next;
                continue;
            }

            os_calloc(1, sizeof(vu_report), report);

            // Adding agent information
            w_strdup(agents_it->agent_id, report->agent_id);
            w_strdup(agents_it->agent_name, report->agent_name);
            w_strdup(agents_it->agent_ip, report->agent_ip);

            // Adding package information
            w_strdup(cve, report->cve);
            w_strdup(pkg->bin_name, report->software);
            w_strdup(pkg->src_name, report->source);
            if (!strncmp("-1:", pkg->version, 3)) {
                w_strdup((pkg->version + 3), report->version);
            } else {
                w_strdup(pkg->version, report->version);
            }
            w_strdup(pkg->arch, report->arch);
            w_strdup(pkg->type, report->type);

            // Adding data from NVD
            if ((pkg->feed == VU_SRC_NVD) && pkg->nvd_cond) {
                wm_vuldet_build_nvd_report_condition(pkg->nvd_cond, report);
            }

            int cve_table_id = 0;

            if (wm_vuldet_fill_report_nvd_cve_info(db, stmt, report, &cve_table_id) != SQLITE_OK) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_REPORT_NVD_INFO_ERROR, scan_ctx->agent_id);
                goto error;
            }

            if (wm_vuldet_fill_report_nvd_references(db, stmt, cve_table_id, report) != SQLITE_OK) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_REPORT_NVD_REF_ERROR, scan_ctx->agent_id);
                goto error;
            }

            if (wm_vuldet_fill_report_nvd_scoring(db, stmt, cve_table_id, report) != SQLITE_OK) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_REPORT_NVD_SCORE_ERROR, scan_ctx->agent_id);
                goto error;
            }

            if (agents_it->dist != FEED_MAC && agents_it->dist != FEED_WIN) {
                // Adding data from OVAL
                if (wm_vuldet_fill_report_oval_data(db, stmt, agents_it, pkg, report) != SQLITE_OK) {
                    mterror(WM_VULNDETECTOR_LOGTAG, VU_REPORT_OVAL_ERROR, scan_ctx->agent_id);
                    goto error;
                }
            }

            // Adjusting some fields before inserting and sending
            wm_vuldet_give_report_format(report);

            //Save the vulnerability in the agent database
            bool check_pkg_existence = pkg->type && !strcmp(pkg->type, VULN_CVES_TYPE_PACKAGE);
            cJSON* j_result = wdb_insert_vuln_cves(scan_ctx->agent_id, report->software, report->version, report->arch, report->cve,
                                                   report->severity, report->cvss2 ? report->cvss2->base_score : 0,
                                                   report->cvss3 ? report->cvss3->base_score : 0, pkg->reference, pkg->type, VULN_CVES_STATUS_VALID,
                                                   report->references, report->condition, report->title, report->published,
                                                   report->updated, check_pkg_existence, &sock);

            bool success = FALSE;
            bool update = FALSE;

            if (j_result) {
                cJSON* j_status = cJSON_GetObjectItem(j_result, "status");
                success = (cJSON_IsString(j_status) && 0 == strcmp(j_status->valuestring, "SUCCESS"));
                cJSON* j_action = cJSON_GetObjectItem(j_result, "action");
                update = (cJSON_IsString(j_action) && 0 == strcmp(j_action->valuestring, "UPDATE"));
                cJSON_Delete(j_result);
            }
            if (!success) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, "Failed to insert %s for package %s in the agent %.3d database",
                        cve ? cve : "null",
                        pkg->reference ? pkg->reference : "null",
                        scan_ctx->agent_id);
            }

            if (report->is_hotfix) {
                mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_HOTFIX_VUL,
                    atoi(report->agent_id),
                    report->cve,
                    report->condition ? report->condition : "Hotfix is not installed.");
            }
            else if (report->software && report->version && report->agent_id && report->cve) {
                mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACK_VER_VULN, report->software,
                    report->version, atoi(report->agent_id), report->cve,
                    report->condition && *report->condition != '\0' ? report->condition :
                    "exists");
            }

            if (!update) {
                // Sending CVE report
                if (wm_vuldet_send_cve_report(report)) {
                    mterror(WM_VULNDETECTOR_LOGTAG, VU_SEND_AGENT_REPORT_ERROR, report->cve ? report->cve : "", report->software ? report->software : "" , scan_ctx->agent_id);
                } else {
                    if (pkg->feed & VU_SRC_NVD) {
                        vuln_reported_nvd++;
                    }
                    if (pkg->feed & VU_SRC_OVAL) {
                        vuln_reported_vendor++;
                    }
                    vuln_reported++;
                }
            }
            wm_vuldet_free_report(report);

            pkg = next;
        } while (pkg);

        hash_node = OSHash_Next(cve_table, &inode_it, hash_node);
    }

    wdb_finalize(stmt);

    if (agents_it->dist != FEED_MAC) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_VULN_SEND_AG_FEED, vuln_reported_nvd, scan_ctx->agent_id, "NVD");
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_VULN_SEND_AG_FEED, vuln_reported_vendor, scan_ctx->agent_id, "vendor");
    }
    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_VULN_SEND_AG, vuln_reported, scan_ctx->agent_id);
    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FUNCTION_TIME, time(NULL) - start_time, "report", scan_ctx->agent_id);

    return 0;

error:

    wm_vuldet_free_report(report);
    return wm_vuldet_sql_error(db, stmt);
}

int wm_vuldet_send_cve_report(vu_report *report) {
    cJSON *alert = NULL;
    cJSON *alert_cve = NULL;
    int retval = OS_INVALID;
    int send_queue;
    char *str_json = NULL;
    char header[OS_SIZE_256 + 1];
    char alert_msg[OS_MAXSTR + 1];
    // Define time to sleep between messages sent
    int usec = 1000000 / wm_max_eps;

    if (alert = cJSON_CreateObject(), !alert) {
        return retval;
    }

    if (alert_cve = cJSON_CreateObject(), alert_cve) {
        cJSON *j_package = NULL;
        cJSON *j_cvss = NULL;

        cJSON_AddItemToObject(alert, "vulnerability", alert_cve);

        if (j_package = cJSON_CreateObject(), !j_package) {
            goto end;
        }
        cJSON_AddItemToObject(alert_cve, "package", j_package);

        cJSON_AddStringToObject(j_package, "name", report->software);
        if (report->source) cJSON_AddStringToObject(j_package, "source", report->source);
        if (report->version && *report->version) cJSON_AddStringToObject(j_package, "version", report->version);
        if (report->arch && *report->arch) cJSON_AddStringToObject(j_package, "architecture", report->arch);
        if (report->condition) cJSON_AddStringToObject(j_package, "condition", report->condition);

        if (report->cvss2 || report->cvss3) {
            cJSON *j_cvss_node;
            int i;

            if (j_cvss = cJSON_CreateObject(), !j_cvss) {
                goto end;
            }
            cJSON_AddItemToObject(alert_cve, "cvss", j_cvss);

            for (i = 0; i < 2; i++) {
                cv_scoring_system *cvss = !i ? report->cvss2 : report->cvss3;
                if (cvss) {
                    if (j_cvss_node = cJSON_CreateObject(), !j_cvss_node) {
                        goto end;
                    }
                    cJSON_AddItemToObject(j_cvss, !i ? "cvss2" : "cvss3", j_cvss_node);
                    // Although the function wm_vuldet_get_cvss could return NULL, we are not going to end in that case
                    // because some feeds, like Ubuntu or Debian, do not provide this information.
                    if (cvss->vector_string) cJSON_AddItemToObject(j_cvss_node, "vector", wm_vuldet_get_cvss(cvss->vector_string));
                    if (cvss->base_score) cJSON_AddItemToObject(j_cvss_node, "base_score", cJSON_CreateNumber(cvss->base_score));
                    if (cvss->exploitability_score) cJSON_AddItemToObject(j_cvss_node, "exploitability_score", cJSON_CreateNumber(cvss->exploitability_score));
                    if (cvss->impact_score) cJSON_AddItemToObject(j_cvss_node, "impact_score", cJSON_CreateNumber(cvss->impact_score));
                }
            }
        }

        // Set the alert body
        cJSON_AddStringToObject(alert_cve, "cve", report->cve);
        if (report->title) {
            cJSON_AddStringToObject(alert_cve, "title", report->title);
        }
        if (report->rationale) {
            cJSON_AddStringToObject(alert_cve, "rationale", report->rationale);
        }
        cJSON_AddStringToObject(alert_cve, "severity", report->severity);
        if (report->published) {
            cJSON_AddStringToObject(alert_cve, "published", report->published);
        }
        if (report->updated) {
            cJSON_AddStringToObject(alert_cve, "updated", report->updated);
        }
        if (report->cwe) cJSON_AddStringToObject(alert_cve, "cwe_reference", report->cwe);
        cJSON_AddStringToObject(alert_cve, "status", VULN_CVES_STATUS_ACTIVE_LOWERCASE);
        cJSON_AddStringToObject(alert_cve, "type", report->type);

        if (report->advisories) {
            cJSON *j_advisories = NULL;
            if (j_advisories = cJSON_CreateArray(), !j_advisories) {
                goto end;
            }
            int advcount;
            for (advcount = 0; report->advisories[advcount]; ++advcount)
            {
                cJSON *j_adv_item = cJSON_CreateString(report->advisories[advcount]);
                cJSON_AddItemToArray(j_advisories, j_adv_item);
            }
            cJSON_AddItemToObject(alert_cve, "advisories_ids", j_advisories);
        }
        if (report->bugzilla_references) {
            cJSON *j_bug_references = NULL;
            if (j_bug_references = cJSON_CreateArray(), !j_bug_references) {
                goto end;
            }
            int refcount;
            for (refcount = 0; report->bugzilla_references[refcount]; ++refcount)
            {
                cJSON *j_bug_item = cJSON_CreateString(report->bugzilla_references[refcount]);
                cJSON_AddItemToArray(j_bug_references, j_bug_item);
            }
            cJSON_AddItemToObject(alert_cve, "bugzilla_references", j_bug_references);
        }
        if (report->references) {
            cJSON *j_cvs_references = NULL;
            if (j_cvs_references = cJSON_CreateArray(), !j_cvs_references) {
                goto end;
            }
            int refcount;
            for (refcount = 0; report->references[refcount]; ++refcount)
            {
                cJSON *j_ref_item = cJSON_CreateString(report->references[refcount]);
                cJSON_AddItemToArray(j_cvs_references, j_ref_item);
            }
            cJSON_AddItemToObject(alert_cve, "references", j_cvs_references);
        }
        if (report->assigner) cJSON_AddStringToObject(alert_cve, "assigner", report->assigner);
        if (report->cve_version) cJSON_AddStringToObject(alert_cve, "cve_version", report->cve_version);
    } else {
        goto end;
    }

    str_json = cJSON_PrintUnformatted(alert);

    // Send an alert as a manager if there is no IP assigned
    if (report->agent_ip) {
        snprintf(header, OS_SIZE_256, VU_ALERT_HEADER, atoi(report->agent_id), report->agent_name, report->agent_ip);
        snprintf(alert_msg, OS_MAXSTR, VU_ALERT_JSON, str_json);
        send_queue = SECURE_MQ;
    } else {
        snprintf(header, OS_SIZE_256, "%s", VU_WM_NAME);
        snprintf(alert_msg, OS_MAXSTR, "%s", str_json);
        send_queue = LOCALFILE_MQ;
    }

    if (wm_sendmsg(usec, *vu_queue, alert_msg, header, send_queue) < 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno));
        if ((*vu_queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) {
            mterror_exit(WM_VULNDETECTOR_LOGTAG, QUEUE_FATAL, DEFAULTQUEUE);
        }
    }

    retval = 0;
end:
    os_free(str_json);
    cJSON_Delete(alert);
    return retval;
}

int wm_vuldet_send_removed_cve_report (cJSON* j_vuln, scan_ctx_t* scan_ctx) {
    int retval = OS_INVALID;
    char header[OS_SIZE_256 + 1];
    char alert_msg[OS_MAXSTR + 1];
    int send_queue;
    char* alert_title = NULL;
    char* alert = NULL;
    char* package_name = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "name"));
    char* package_version = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "version"));
    char* package_architecture = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "architecture"));
    char* cve_id = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "cve"));
    char* cve_type = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "type"));
    char* severity = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "severity"));
    char* published = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "published"));
    char* updated = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "updated"));
    char* external_references = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "external_references"));
    cJSON* j_cvss2_score = cJSON_GetObjectItem(j_vuln, "cvss2_score");
    cJSON* j_cvss3_score = cJSON_GetObjectItem(j_vuln, "cvss3_score");

    // Define time to sleep between messages sent
    int usec = 1000000 / wm_max_eps;

    os_calloc(OS_SIZE_512, sizeof(char), alert_title);
    snprintf(alert_title, OS_SIZE_512, "%s affecting %s was solved", cve_id, package_name);

    cJSON* j_alert = cJSON_CreateObject();
    cJSON* j_alert_cve = cJSON_CreateObject();
    cJSON* j_package = cJSON_CreateObject();
    cJSON_AddItemToObject(j_alert, "vulnerability", j_alert_cve);
    cJSON_AddItemToObject(j_alert_cve, "package", j_package);

    if (j_alert && j_alert_cve && j_package) {
        cJSON_AddStringToObject(j_package, "name", package_name);
        cJSON_AddStringToObject(j_package, "version", package_version);
        cJSON_AddStringToObject(j_package, "architecture", package_architecture);
        cJSON_AddStringToObject(j_alert_cve, "cve", cve_id);
        // To trigger the alert, the status is defined here
        cJSON_AddStringToObject(j_alert_cve, "status", VULN_CVES_STATUS_SOLVED_LOWERCASE);
        cJSON_AddStringToObject(j_alert_cve, "type", cve_type);
        cJSON_AddStringToObject(j_alert_cve, "title", alert_title);
        cJSON_AddStringToObject(j_alert_cve, "severity", severity);
        cJSON_AddStringToObject(j_alert_cve, "published", published);
        cJSON_AddStringToObject(j_alert_cve, "updated", updated);

        // Add CVSS base score
        if ((j_cvss2_score && j_cvss2_score->valuedouble >= 0.1)
             || (j_cvss3_score && j_cvss3_score->valuedouble >= 0.1)) {
            cJSON* j_cvss = cJSON_CreateObject();
            cJSON_AddItemToObject(j_alert_cve, "cvss", j_cvss);

            // 0.0 score means the CVSS is untriaged, so it isn't include in alerts
            if (j_cvss2_score && j_cvss2_score->valuedouble >= 0.1) {
                cJSON* j_cvss2 = cJSON_CreateObject();
                cJSON_AddItemToObject(j_cvss, "cvss2", j_cvss2);
                cJSON_AddNumberToObject(j_cvss2, "base_score", j_cvss2_score->valuedouble);
            }

            if (j_cvss3_score && j_cvss3_score->valuedouble >= 0.1) {
                cJSON* j_cvss3 = cJSON_CreateObject();
                cJSON_AddItemToObject(j_cvss, "cvss3", j_cvss3);
                cJSON_AddNumberToObject(j_cvss3, "base_score", j_cvss3_score->valuedouble);
            }
        }

        // Add external references
        if (external_references) {
            cJSON *j_references = cJSON_Parse(external_references);
            cJSON_AddItemToObject(j_alert_cve, "references", j_references);
        }

        alert = cJSON_PrintUnformatted(j_alert);

        // Send an alert as a manager if there is no IP assigned
        if (scan_ctx->agent_ip) {
            snprintf(header, OS_SIZE_256, VU_ALERT_HEADER, scan_ctx->agent_id, scan_ctx->agent_name, scan_ctx->agent_ip);
            snprintf(alert_msg, OS_MAXSTR, VU_ALERT_JSON, alert);
            send_queue = SECURE_MQ;
        } else {
            snprintf(header, OS_SIZE_256, "%s", VU_WM_NAME);
            snprintf(alert_msg, OS_MAXSTR, "%s", alert);
            send_queue = LOCALFILE_MQ;
        }

        if (wm_sendmsg(usec, *vu_queue, alert_msg, header, send_queue) < 0) {
            mterror(WM_VULNDETECTOR_LOGTAG, QUEUE_ERROR, DEFAULTQUEUE, strerror(errno));
            if ((*vu_queue = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS)) < 0) {
                mterror_exit(WM_VULNDETECTOR_LOGTAG, QUEUE_FATAL, DEFAULTQUEUE);
            }
        }

        retval = OS_SUCCESS;
    }

    os_free(alert_title);
    os_free(alert);
    cJSON_Delete(j_alert);

    return retval;
}

int wm_vuldet_linux_rm_nvd_not_affected_packages(sqlite3 *db, scan_agent *agent, const char *cve, cve_vuln_pkg *first, int *vuln_discarded) {
    sqlite3_stmt *stmt = NULL;
    cve_vuln_pkg *pkg = first;
    cve_vuln_pkg *next = NULL;
    int vendor_it;
    int vendor_len;

    do {
        next = pkg->next;

        if ((pkg->feed == VU_SRC_NVD) && !pkg->discard && (wm_vuldet_is_product_name(pkg->bin_name) == PR_NOSYSTEM)) {

            // If it is possible to identify that the package belongs to the lineage
            // of any vendor, it means that it is not affected and we can discard it
            if (pkg->vendor) {
                if (agent->dist == FEED_ARCH) {
                    vendor_len = array_size(vu_vendor_list_arch);
                    for(vendor_it = 0; vendor_it < vendor_len; ++vendor_it) {
                        if(!strcmp(pkg->vendor, vu_vendor_list_arch[vendor_it])) {
                            // This is an Arch package, so the OVAL said that it is not affected
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "OVAL");
                            pkg->discard = 1;
                            (*vuln_discarded)++;
                            break;
                        }
                    }
                } else if (agent->dist == FEED_REDHAT) {
                    vendor_len = array_size(vu_vendor_list_redhat);
                    for(vendor_it = 0; vendor_it < vendor_len; ++vendor_it) {
                        if(!strcmp(pkg->vendor, vu_vendor_list_redhat[vendor_it])) {
                            // This is a RedHat package, so the OVAL said that it is not affected
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "OVAL");
                            pkg->discard = 1;
                            (*vuln_discarded)++;
                            break;
                        }
                    }
                } else if (agent->dist == FEED_ALAS) {
                    vendor_len = array_size(vu_vendor_list_amazon);
                    for(vendor_it = 0; vendor_it < vendor_len; ++vendor_it) {
                        if(!strcmp(pkg->vendor, vu_vendor_list_amazon[vendor_it])) {
                            // This is an Amazon package, so the OVAL said that it is not affected
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "OVAL");
                            pkg->discard = 1;
                            (*vuln_discarded)++;
                            break;
                        }
                    }
                } else {
                    vendor_len = array_size(vu_vendor_list_ubuntu_debian);
                    for(vendor_it = 0; vendor_it < vendor_len; ++vendor_it) {
                        if(strcasestr(pkg->vendor, vu_vendor_list_ubuntu_debian[vendor_it])) {
                            // This is an Ubuntu/Debian package, so the OVAL said that it is not affected
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "OVAL");
                            pkg->discard = 1;
                            (*vuln_discarded)++;
                            break;
                        }
                    }
                }
            }

            // If the package couldn't be identified by vendor, we check the OVAL
            // information to see if it is not affected and we can discard it
            if (!pkg->discard) {
                if (wm_vuldet_prepare(db, vu_queries[VU_GET_VULN_COUNT], -1, &stmt, NULL) != SQLITE_OK) {
                    mterror(WM_VULNDETECTOR_LOGTAG, VU_FILTER_VULN_ERROR, cve, pkg->bin_name);
                    return wm_vuldet_sql_error(db, stmt);
                }

                sqlite3_bind_text(stmt, 1, cve, -1, NULL);
                sqlite3_bind_text(stmt, 2, vu_feed_tag[agent->dist_ver], -1, NULL);

                if ((SQLITE_ROW == wm_vuldet_step(stmt)) && sqlite3_column_int(stmt, 0)) {
                    // We can discard NVD vulnerabilities in two cases:
                    // - The OVAL said that this package is patched or unaffected.
                    // - The OVAL said that this binary is not affected.
                    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "OVAL");
                    pkg->discard = 1;
                    (*vuln_discarded)++;
                }

                wdb_finalize(stmt);
            }
        }

        pkg = next;
    } while (pkg);

    wdb_finalize(stmt);

    return 0;
}

void wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(const char *cve, cve_vuln_pkg *first, int *vuln_discarded) {
    cve_vuln_pkg *pkg = first;
    cve_vuln_pkg *next = NULL;

    do {
        next = pkg->next;

        if ((pkg->feed & VU_SRC_NVD) && !pkg->discard && pkg->nvd_cond) {

            if (pkg->nvd_cond->parent == 0 && !strcmp(pkg->nvd_cond->operator, "AND")) { // Analyze children
                int child = 0;

                for (child = 0; child < MAX_RELATED_PKGS && pkg->nvd_cond->children[child]; child++) {
                    int found = 0;
                    cve_vuln_pkg *tmp = first;

                    while (tmp) {
                        if ((tmp->feed & VU_SRC_NVD) && !tmp->discard && tmp->nvd_cond && (pkg->nvd_cond->children[child] == tmp->nvd_cond->id)) {
                            found = 1;
                            break;
                        }
                        tmp = tmp->next;
                    }

                    if (!found) {
                        // If any dependency isn't installed then the package is not vulnerable
                        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NO_DEP, pkg->bin_name, cve, "children", pkg->nvd_cond->children[child]);
                        pkg->discard = 1;
                        (*vuln_discarded)++;
                        break;
                    }
                }
            }

            else if (pkg->nvd_cond->parent != 0 && !strcmp(pkg->nvd_cond->operator, "OR")) { // Analyze siblings
                int sibling = 0;

                for (sibling = 0; sibling < MAX_RELATED_PKGS && pkg->nvd_cond->siblings[sibling]; sibling++) {
                    int found = 0;
                    cve_vuln_pkg *tmp = first;

                    while (tmp) {
                        if ((tmp->feed & VU_SRC_NVD) && !tmp->discard && tmp->nvd_cond && (pkg->nvd_cond->siblings[sibling] == tmp->nvd_cond->conf_id)) {
                            found = 1;
                            break;
                        }
                        tmp = tmp->next;
                    }

                    if (!found) {
                        // If any dependency isn't installed then the package is not vulnerable
                        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NO_DEP, pkg->bin_name, cve, "sibling", pkg->nvd_cond->siblings[sibling]);
                        pkg->discard = 1;
                        (*vuln_discarded)++;
                        break;
                    }
                }
            }
        }

        pkg = next;
    } while (pkg);

    return;
}

void wm_vuldet_linux_rm_nvd_not_vulnerable_packages(const char *cve, cve_vuln_pkg *first, int *vuln_discarded) {
    cve_vuln_pkg *pkg = first;
    cve_vuln_pkg *next = NULL;

    do {
        next = pkg->next;

        if ((pkg->feed & VU_SRC_NVD) && !pkg->discard && pkg->nvd_cond && !pkg->nvd_cond->vulnerable) {
            // Some packages are dependencies of others but aren't vulnerable, so we won't alert those packages
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_DEP_NOT_VU, pkg->bin_name, cve);
            pkg->discard = 1;
            (*vuln_discarded)++;
        }

        pkg = next;
    } while (pkg);

    return;
}

int wm_vuldet_linux_rm_oval_not_affected_packages(sqlite3 *db, const char *cve, cve_vuln_pkg *first, int *vuln_discarded) {
    sqlite3_stmt *stmt = NULL;
    cve_vuln_pkg *pkg = first;
    cve_vuln_pkg *next = NULL;

    do {
        next = pkg->next;

        if ((pkg->feed == VU_SRC_OVAL) && !pkg->discard && pkg->vuln_cond && !strcmp(pkg->vuln_cond->state, "Unfixed")) {

            if (wm_vuldet_prepare(db, vu_queries[VU_GET_NVD_CVE_COUNT], -1, &stmt, NULL) != SQLITE_OK) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_FILTER_VULN_NVD_ERROR, cve);
                return wm_vuldet_sql_error(db, stmt);
            }

            sqlite3_bind_text(stmt, 1, cve, -1, NULL);

            // If this row returns non-zero, it means that this CVE has entries in
            // the NVD, so we need to evaluate if we have to discard it or not
            if ((SQLITE_ROW == wm_vuldet_step(stmt)) && sqlite3_column_int(stmt, 0)) {

                wdb_finalize(stmt);

                if (wm_vuldet_prepare(db, vu_queries[VU_GET_NVD_MATCHES_COUNT], -1, &stmt, NULL) != SQLITE_OK) {
                    mterror(WM_VULNDETECTOR_LOGTAG, VU_FILTER_VULN_ERROR, cve, pkg->bin_name);
                    return wm_vuldet_sql_error(db, stmt);
                }

                sqlite3_bind_text(stmt, 1, cve, -1, NULL);
                sqlite3_bind_text(stmt, 2, pkg->bin_name, -1, NULL);

                if (pkg->src_name) {
                    sqlite3_bind_text(stmt, 3, pkg->src_name, -1, NULL);
                } else {
                    sqlite3_bind_text(stmt, 3, pkg->bin_name, -1, NULL);
                }

                if ((SQLITE_ROW == wm_vuldet_step(stmt)) && !sqlite3_column_int(stmt, 0)) {
                    // We can discard this vulnerability if the NVD said that this version is not affected
                    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, pkg->bin_name, cve, "NVD");
                    pkg->discard = 1;
                    (*vuln_discarded)++;
                }

                if (pkg->discard) {
                    cve_vuln_pkg *tmp = first;
                    bool discard = false;

                    while (tmp) {
                        if ((tmp->feed == VU_SRC_OVAL) && !tmp->discard) {

                            if (pkg->src_name && tmp->src_name && !strcmp(pkg->src_name, tmp->src_name)) {
                                discard = true;
                            } else if (pkg->src_name && !strcmp(pkg->src_name, tmp->bin_name)) {
                                discard = true;
                            } else if (tmp->src_name && !strcmp(pkg->bin_name, tmp->src_name)) {
                                discard = true;
                            }

                            if (discard) {
                                // We will discard all the packages with the same source
                                mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_AFF, tmp->bin_name, cve, "NVD");
                                tmp->discard = 1;
                                (*vuln_discarded)++;
                                discard = false;
                            }
                        }
                        tmp = tmp->next;
                    }
                }
            }

            wdb_finalize(stmt);
        }

        pkg = next;
    } while (pkg);

    wdb_finalize(stmt);

    return 0;
}

int wm_vuldet_linux_rm_false_positives(sqlite3 *db, scan_agent *agent, OSHash *cve_table) {
    OSHashNode *hash_node;
    unsigned int inode_it = 0;
    time_t start_time;
    int vuln_discarded = 0;

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_START_VUL_AG_FIL, atoi(agent->agent_id));

    start_time = time(NULL);

    hash_node = OSHash_Begin(cve_table, &inode_it);

    while(hash_node) {
        char *cve;
        cve_vuln_pkg *first = NULL;

        cve = hash_node->key;
        first = hash_node->data;

        if (agent->dist != FEED_MAC) {
            // We will discard the packages unaffected or already fixed by the vendor (Ubuntu/Debian/RedHat)
            if (wm_vuldet_linux_rm_nvd_not_affected_packages(db, agent, cve, first, &vuln_discarded)) {
                return OS_INVALID;
            }
        }

        // We will discard the packages that depend on packages not installed
        wm_vuldet_linux_rm_nvd_not_dependencies_met_packages(cve, first, &vuln_discarded);

        // We will discard the packages that have vulnerable field set to 0
        wm_vuldet_linux_rm_nvd_not_vulnerable_packages(cve, first, &vuln_discarded);

        if (agent->dist != FEED_MAC) {
            // We will discard the packages not fixed by the OVAL that the NVD said they are not affected
            if (wm_vuldet_linux_rm_oval_not_affected_packages(db, cve, first, &vuln_discarded)) {
                return OS_INVALID;
            }
        }

        hash_node = OSHash_Next(cve_table, &inode_it, hash_node);
    }

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_VULN_FILTER_AG, vuln_discarded, atoi(agent->agent_id));
    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FUNCTION_TIME, time(NULL) - start_time, "filter", atoi(agent->agent_id));

    return 0;
}

int wm_vuldet_get_cve_year(const char *cve) {
    char *str_cve_year = NULL;
    int year = 0;

    // The CVEs follow the syntax: CVE-YEAR-XXXX
    // so we need just four characters, starting from the fourth position.
    os_calloc(5, sizeof(char), str_cve_year);
    memcpy(str_cve_year, cve+4, 4);

    year = atoi(str_cve_year);
    os_free(str_cve_year);

    return year;
}

int wm_vuldet_oval_discard_mismatching_cve_entries(sqlite3 *db, scan_agent *agents_it, char *cve_id, char *pkg_version, char *pkg_name, version_type vertype) {
    sqlite3_stmt    *stmt = NULL;
    char            *operation;
    char            *operation_value;
    const char      *query;
    int             result;
    int             ret = 0;

    if (agents_it->dist == FEED_UBUNTU) {
        query = vu_queries[VU_GET_MULTIPLE_CVE_ENTRIES_UBUNTU];
    } else {
        query = vu_queries[VU_GET_MULTIPLE_CVE_ENTRIES];
    }

    if (wm_vuldet_prepare(db, query, -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, vu_feed_tag[agents_it->dist_ver], -1, NULL);
    sqlite3_bind_text(stmt, 2, cve_id, -1, NULL);
    sqlite3_bind_text(stmt, 3, pkg_name, -1, NULL);
    sqlite3_bind_text(stmt, 4, pkg_version, -1, NULL);

    while (result = wm_vuldet_step(stmt), result == SQLITE_ROW) {
        operation = (char *)sqlite3_column_text(stmt, 0);
        operation_value = (char *)sqlite3_column_text(stmt, 1);
        if (ret = wm_checks_package_vulnerability(pkg_version, operation, operation_value, vertype), ret == VU_NOT_VULNERABLE) {
            break;
        }
    }

    if (result != SQLITE_DONE && result != SQLITE_ROW) {
        return wm_vuldet_sql_error(db, stmt);
    }

    wdb_finalize(stmt);
    return ret;
}

int wm_vuldet_linux_oval_vulnerabilities(sqlite3 *db, scan_agent *agents_it, OSHash *cve_table, scan_ctx_t* scan_ctx) {
    sqlite3_stmt *stmt = NULL;
    const char *query;
    version_type vertype = VER_TYPE_NONE;
    cve_vuln_pkg *vuln_pkg = NULL;
    time_t start_time;
    int vuln_count = 0;
    int nvd_year = 0;
    char * nvd_year_str = NULL;

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_START_OVAL_AG_AN, scan_ctx->agent_id);

    start_time = time(NULL);

    // Getting the configured NVD year
    if (wm_vuldet_prepare(db, vu_queries[VU_GET_NVD_CONFIGURED_YEAR], -1, &stmt, NULL) != SQLITE_OK) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_GET_NVD_YEAR_ERROR);
        return wm_vuldet_sql_error(db, stmt);
    }

    if (SQLITE_ROW != wm_vuldet_step(stmt)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_GET_NVD_YEAR_ERROR);
        wdb_finalize(stmt);
        return OS_INVALID;
    }

    nvd_year_str = (char *)sqlite3_column_text(stmt, 0);
    if (nvd_year_str) {
        nvd_year = atoi(nvd_year_str);
    }

    wdb_finalize(stmt);

    // Getting CVEs from database
    if (agents_it->dist == FEED_REDHAT) {
        query = vu_queries[VU_JOIN_RH_QUERY];
        if (agents_it->flags.centos) {
            vertype = VER_TYPE_RPM_CENTOS;
        } else {
            vertype = VER_TYPE_RPM;
        }
    } else if (agents_it->dist == FEED_DEBIAN) {
        query = vu_queries[VU_JOIN_DEBIAN_QUERY];
        vertype = VER_TYPE_DEB;
    } else if (agents_it->dist == FEED_ALAS) {
        query = vu_queries[VU_JOIN_RH_QUERY];
        vertype = VER_TYPE_RPM_ALAS;
    } else if (agents_it->dist == FEED_ARCH) {
        query = vu_queries[VU_JOIN_ARCH_QUERY];
        vertype = VER_TYPE_DEB; // Arch version format is compatible with the Deb comparator
    } else {
        query = vu_queries[VU_JOIN_QUERY];
        vertype = VER_TYPE_DEB;
    }

    if (wm_vuldet_prepare(db, query, -1, &stmt, NULL) != SQLITE_OK) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_GET_PACKAGES_ERROR, scan_ctx->agent_id);
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, vu_feed_tag[agents_it->dist_ver], -1, NULL);
    sqlite3_bind_int(stmt, 2, strtol(agents_it->agent_id, NULL, 10));

    int result = wm_vuldet_step(stmt);
    switch (result) {
    case SQLITE_ROW:
        break;
    case SQLITE_DONE:
        // No vulnerabilities could be found after scanning the OVAL for this agent
        // Leave the function since the query returned no results
        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_OVAL_VULN_NOT_FOUND, scan_ctx->agent_id);
        wdb_finalize(stmt);
        return 0;
    default:
        return wm_vuldet_sql_error(db, stmt);
    }

    do {
        char condition[OS_SIZE_1024 + 1];
        char state[50];
        char *cve;
        char *package;
        char *source;
        char *version;
        char *src_version;
        char *arch;
        char *vendor;
        char *reference;
        char *type;
        char *operation;
        char *operation_value;
        int v_type;

        cve = (char *)sqlite3_column_text(stmt, 0);
        package = (char *)sqlite3_column_text(stmt, 1);
        source = (char *)sqlite3_column_text(stmt, 2);
        version = (char *)sqlite3_column_text(stmt, 3);
        arch = (char *)sqlite3_column_text(stmt, 4);
        operation = (char *)sqlite3_column_text(stmt, 5);
        operation_value = (char *)sqlite3_column_text(stmt, 6);
        src_version = (char *)sqlite3_column_text(stmt, 7);
        vendor = (char *)sqlite3_column_text(stmt, 8);
        reference = (char *)sqlite3_column_text(stmt, 9);
        type = (char *)sqlite3_column_text(stmt, 10);

        if (!cve || !package || !version || !arch) {
            continue;
        }

        // Considering that we correlate the vendor CVEs with the NVD CVEs,
        // we will take as a reference the configured year for the NVD.
        if (nvd_year > wm_vuldet_get_cve_year(cve)) continue;

        // If we have a source version, use it to find vulnerabilities.
        if (source && src_version) {
            version = src_version;
        }

        // We discard the package if its vendor is a external vendor.
        if (agents_it->dist == FEED_REDHAT && vendor && wm_vuldet_compare_vendors(vendor)) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_TP_SOURCE, package, vendor, scan_ctx->agent_id);
            continue;
        }

        *condition = '\0';
        *state = '\0';
        if (v_type = wm_checks_package_vulnerability(version, operation, operation_value, vertype), v_type == OS_INVALID) {
            wdb_finalize(stmt);
            return OS_INVALID;
        }
        if (v_type == VU_NOT_FIXED) {
            snprintf(state, 15, "Unfixed");
            snprintf(condition, OS_SIZE_32, "Package unfixed");
            operation = "Unfixed";
            operation_value = "";
        } else if (v_type == VU_NOT_VULNERABLE) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_NOT_VULN, package, cve, version, operation, operation_value, "OVAL");
            continue;
        } else if (v_type == VU_ERROR_CMP) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_ERROR_CMP_VER, operation, version, operation_value, package);
            continue;
        } else {
            // Discard false positives when the vulnerability information differs in CVEs with several entries
            int discard_return = wm_vuldet_oval_discard_mismatching_cve_entries(db, agents_it, cve, version, package, vertype);
            if (discard_return == VU_NOT_VULNERABLE) {
                mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DISCARD_CVE_ENTRY, package, cve, operation, operation_value);
                continue;
            } else if (discard_return == OS_INVALID) {
                wdb_finalize(stmt);
                return OS_INVALID;
            }
            snprintf(state, 15, "Fixed");
        }

        /* Add vulnerable package to CVE hash table */

        os_calloc(1, sizeof(cve_vuln_pkg), vuln_pkg);

        w_strdup(package, vuln_pkg->bin_name);
        w_strdup(source, vuln_pkg->src_name);
        w_strdup(version, vuln_pkg->version);
        w_strdup(arch, vuln_pkg->arch);
        w_strdup(vendor, vuln_pkg->vendor);
        w_strdup(reference, vuln_pkg->reference);
        w_strdup(type, vuln_pkg->type);

        os_calloc(1, sizeof(cve_vuln_cond), vuln_pkg->vuln_cond);

        os_strdup(state, vuln_pkg->vuln_cond->state);
        w_strdup(operation, vuln_pkg->vuln_cond->operation);
        w_strdup(operation_value, vuln_pkg->vuln_cond->operation_value);
        if (*condition) {
            os_strdup(condition, vuln_pkg->vuln_cond->condition);
        }

        vuln_pkg->feed |= VU_SRC_OVAL;
        vuln_pkg->discard = 0;
        vuln_pkg->next = NULL;

        int result = wm_vuldet_add_cve_node(vuln_pkg, cve, cve_table);

        switch (result) {
        case -1:
            mterror(WM_VULNDETECTOR_LOGTAG, VU_INSERT_PACKAGE_ERROR, package, cve, version, operation, operation_value, "OVAL");
            wm_vuldet_free_cve_node(vuln_pkg);
            break;
        case 1:
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DUPLICATED_PACKAGE, package, cve, version, operation, operation_value, "OVAL");
            vuln_count++;
            wm_vuldet_free_cve_node(vuln_pkg);
            break;
        case 0:
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_PACKAGE_INSERT, package, cve, version, operation, operation_value, "OVAL");
            vuln_count++;
            break;
        }

    } while (SQLITE_ROW == wm_vuldet_step(stmt));

    wdb_finalize(stmt);

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_VULN_OVAL_AG_COUNT, vuln_count, scan_ctx->agent_id);
    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FUNCTION_TIME, time(NULL) - start_time, "find OVAL", scan_ctx->agent_id);

    return 0;
}

int wm_vuldet_find_agent_vulnerabilities(sqlite3 *db, scan_agent *agent, wm_vuldet_flags *flags, scan_ctx_t* scan_ctx) {

    int retval = OS_INVALID;
    OSHash *cve_table = NULL;
    int sock = wm_vuldet_get_wdb_socket();

    if (!scan_ctx->os_scan && !scan_ctx->package_scan) {
        retval = 0;   // Scan next agent
        goto end;
    }

    //Set the pending status previous to the scan
    if (scan_ctx->scan_type == VU_FULL_SCAN) {
        wdb_update_vuln_cves_status(scan_ctx->agent_id, "*", VULN_CVES_STATUS_PENDING, &sock);
    }
    else if(scan_ctx->scan_type == VU_PARTIAL_SCAN && scan_ctx->os_scan) {
        wdb_update_vuln_cves_status_by_type(scan_ctx->agent_id, VULN_CVES_TYPE_OS, VULN_CVES_STATUS_PENDING, &sock);
    }

    // Windows vulnerabilities
    if (agent->dist == FEED_WIN) {
        if (wm_vuldet_win_nvd_vulnerabilities(db, agent, flags)) {
            goto end;
        }
        retval = 0;
    }
    // Unix vulnerabilities
    else {
        // To add a new node, call wm_vuldet_add_cve_node().
        // @cve_table stores cve_vuln_pkg type nodes.
        cve_table = OSHash_Create();
        if (!cve_table) {
            merror(LIST_ERROR);
            goto end;
        }
        if (!OSHash_setSize(cve_table, VU_CVE_TABLE_SIZE)) {
            merror(LIST_ERROR);
            goto end;
        }
        if (agent->dist != FEED_MAC) {
            if (wm_vuldet_linux_oval_vulnerabilities(db, agent, cve_table, scan_ctx)) {
                goto end;
            }
        }
        if (wm_vuldet_linux_nvd_vulnerabilities(db, agent, cve_table)) {
            goto end;
        }
        if (wm_vuldet_linux_rm_false_positives(db, agent, cve_table)) {
            goto end;
        }
        if (wm_vuldet_process_agent_vulnerabilities(db, cve_table, agent, scan_ctx)) {
            goto end;
        }
        retval = 0;
    }

end:
    if (cve_table) {
        OSHash_Clean(cve_table, wm_vuldet_free_cve_node); // Free the CVE table
    }

    return retval;
}

int wm_vuldet_find_obsolete_vulnerabilities(scan_ctx_t* scan_ctx) {
    int sock = wm_vuldet_get_wdb_socket();
    int retval = OS_SUCCESS;
    cJSON* j_obsolete_vulns = NULL;
    cJSON *j_vuln = NULL;

    if (scan_ctx->scan_type == VU_BASELINE_SCAN) {
        return OS_SUCCESS;
    }

    j_obsolete_vulns = wdb_remove_vuln_cves_by_status(scan_ctx->agent_id, VULN_CVES_STATUS_PENDING, &sock);
    if (!j_obsolete_vulns) {
        return OS_INVALID;
    }
    cJSON_ArrayForEach(j_vuln, j_obsolete_vulns) {
        char* package_name = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "name"));
        char* cve_id = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "cve"));
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_REMOVED_VULN, cve_id, package_name);
        if (wm_vuldet_send_removed_cve_report(j_vuln, scan_ctx) ) {
            mdebug1("Error trying to send removed CVEs report of agent: %d", scan_ctx->agent_id);
            retval = OS_INVALID;
        }
    }
    cJSON_Delete(j_obsolete_vulns);

    j_obsolete_vulns = wdb_remove_vuln_cves_by_status(scan_ctx->agent_id, VULN_CVES_STATUS_OBSOLETE, &sock);
    if (!j_obsolete_vulns) {
        return OS_INVALID;
    }
    cJSON_ArrayForEach(j_vuln, j_obsolete_vulns) {
        char* package_name = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "name"));
        char* cve_id = cJSON_GetStringValue(cJSON_GetObjectItem(j_vuln, "cve"));
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_REMOVED_VULN, cve_id, package_name);
        if (wm_vuldet_send_removed_cve_report(j_vuln, scan_ctx) ) {
            mdebug1("Error trying to send removed CVEs report of agent: %d", scan_ctx->agent_id);
            retval = OS_INVALID;
        }
    }
    cJSON_Delete(j_obsolete_vulns);

    return retval;
}

int wm_vuldet_check_agent_vulnerabilities(wm_vuldet_t *vuldet) {
    scan_agent *agents_it;
    sqlite3 *db;
    sqlite3_stmt *stmt = NULL;
    bool retry_agents = false;
    bool abort_scan = false;
    int result;

    if (!vuldet->scan_agents) {
        mtinfo(WM_VULNDETECTOR_LOGTAG, VU_AG_NO_TARGET);
        return 0;
    } else if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_CVEDB_ERROR);
        return wm_vuldet_sql_error(db, stmt);
    }

    // Iterate agents to look for vulnerabilities
    do {
        retry_agents = false;
        time_t first_fail_scan = 0;
        for (agents_it = vuldet->scan_agents; agents_it; agents_it = agents_it->next) {
            scan_ctx_t scan_ctx = {0};
            scan_ctx.agent_id = atoi(agents_it->agent_id);
            scan_ctx.agent_name = agents_it->agent_name;
            scan_ctx.agent_ip = agents_it->agent_ip;

            if (agents_it->pending_attempts == 0) continue;

            time_t start = time(NULL);

            // Check if there are available vulnerabilities for this agent
            if (agents_it->dist != FEED_WIN && agents_it->dist != FEED_MAC) {
                result = wm_vuldet_db_empty(db, agents_it->dist_ver);
                if (result == 0) {
                    // There is no data in the VULNERABILITIES table for this agent
                    // It has to be skipped instead of being scanned against the NVD to avoid false positives
                    mtwarn(WM_VULNDETECTOR_LOGTAG, VU_OVAL_UNAVAILABLE_DATA, scan_ctx.agent_id);
                    agents_it->pending_attempts = 0;
                    continue;
                } else if (result == OS_INVALID) {
                    // DB error
                    abort_scan = true;
                    break;
                }
            }

            //Check which type of scan is required
            time_t last_full_scan = wm_vuldet_get_last_full_scan(&scan_ctx);
            if (last_full_scan < 0) {
                // DB error
                abort_scan = true;
                break;
            }
            else if (last_full_scan == 0) {
                scan_ctx.scan_type = VU_BASELINE_SCAN;
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AG_BASELINE_SCAN, scan_ctx.agent_id);
            }
            else if (curr_time - last_full_scan >= vuldet->min_full_scan_interval &&
                    wm_vuldet_feed_changed (vuldet->updates, agents_it, last_full_scan)) {
                scan_ctx.scan_type = VU_FULL_SCAN;
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AG_FULL_SCAN, scan_ctx.agent_id);
            }
            else {
                scan_ctx.scan_type = VU_PARTIAL_SCAN;
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AG_PART_SCAN, scan_ctx.agent_id);
            }

            // Reset the tables before scanning each agent
            wm_vuldet_reset_tables(db);

            // Collect agent software
            if (OS_SUCCESS != wm_vuldet_collect_agent_software(agents_it, db, &scan_ctx)) {
                agents_it->pending_attempts--;
                if (agents_it->pending_attempts) {
                    retry_agents = true;
                    if (!first_fail_scan) first_fail_scan = time(NULL);
                }
                else {
                    mtinfo(WM_VULNDETECTOR_LOGTAG, VU_GET_SOFTWARE_ERROR, scan_ctx.agent_id, WM_VULNDETECTOR_MAX_AGENT_SCAN_ATTEMPS);
                }
                continue;
            }

            mtinfo(WM_VULNDETECTOR_LOGTAG, VU_START_AG_AN, scan_ctx.agent_id);

            // Find and report agent vulnerabilities
            if (OS_SUCCESS != wm_vuldet_find_agent_vulnerabilities(db, agents_it, &vuldet->flags, &scan_ctx)) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_REPORT_ERROR, scan_ctx.agent_id, sqlite3_errmsg(db));
                abort_scan = true;
                break;
            }

            // Find and report obsolete vulnerabilities
            if (OS_SUCCESS != wm_vuldet_find_obsolete_vulnerabilities(&scan_ctx) ) {
                mterror(WM_VULNDETECTOR_LOGTAG, "The agent '%.3d' obsolete vulnerability could not be processed", scan_ctx.agent_id);
                abort_scan = true;
                break;
            }

            // Update the time of the last scan
            wm_vuldet_update_last_scan(&scan_ctx);

            mtinfo(WM_VULNDETECTOR_LOGTAG, VU_AGENT_FINISH, scan_ctx.agent_id);
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FUNCTION_TIME, time(NULL) - start, "scan", scan_ctx.agent_id);
            agents_it->pending_attempts = 0;
        }

        if (retry_agents) {
            time_t sleep_time = first_fail_scan + vuldet->retry_interval - time(NULL);
            if (sleep_time <= 0) {
                sleep_time = 1;
            }
            mtdebug1(WM_VULNDETECTOR_LOGTAG, "Going to sleep %ld seconds before retrying pending agents", sleep_time);
            sleep (sleep_time);
        }

    } while (retry_agents && !abort_scan);

    // Reset the tables
    wm_vuldet_reset_tables(db);

    sqlite3_close_v2(db);
    return 0;
}

int wm_vuldet_sql_error(sqlite3 *db, sqlite3_stmt *stmt) {
    mterror(WM_VULNDETECTOR_LOGTAG, VU_SQL_ERROR, sqlite3_errmsg(db));
    wdb_finalize(stmt);
    sqlite3_close_v2(db);
    return OS_INVALID;
}

int wm_vuldet_remove_target_table(sqlite3 *db, char *TABLE, const char *target) {
    sqlite3_stmt *stmt = NULL;
    char sql[MAX_QUERY_SIZE];
    size_t size;

    if (size = snprintf(sql, MAX_QUERY_SIZE, vu_queries[VU_REMOVE_OS], TABLE), sql[size - 1] != ';') {
        sqlite3_close_v2(db);
        return OS_INVALID;
    }

    if (wm_vuldet_prepare(db, sql, -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, target, -1, NULL);

    if (wm_vuldet_step(stmt) != SQLITE_DONE) {
        return wm_vuldet_sql_error(db, stmt);
    }
    wdb_finalize(stmt);

    return 0;
}

int wm_vuldet_update_feed(update_node *upd, int8_t *updated) {
    int result;
    char feed_updated = 0;
    int pages_fail = 0;

    if (!upd->multi_path && (upd->dist_ref == FEED_NVD || upd->dist_ref == FEED_JREDHAT)) {
        int start;
        int end;

        if (!upd->multi_url) { // Online update for Redhat and NVD providers
            time_t n_date;
            struct tm *t_date;

            n_date = time(NULL);
            t_date = gmtime(&n_date);

            // Set the starting and ending point for each provider
            start = upd->dist_ref == FEED_NVD ? upd->update_from_year : 1;
            end = upd->dist_ref == FEED_NVD ? t_date->tm_year + 1900 : RED_HAT_REPO_MAX_REQ_ITS;
        } else { // Offline update from a custom repo for Redhat and NVD providers
            start = upd->multi_url_start;
            end = upd->multi_url_end;
        }

        // If it is a Red Hat update, we need to clean the database before we start
        if (upd->dist_ref == FEED_JREDHAT) {
            wm_vuldet_clean_rh(NULL);
        }

        for (upd->update_it = start; upd->update_it <= end; (upd->update_it)++) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, upd->dist_ref == FEED_NVD ? VU_UPDATING_NVD_YEAR : VU_UPDATING_RH_YEAR, upd->update_it);
            if (result = wm_vuldet_sync_feed(upd, updated), result) {
                // Feed synchronization failed
                if (upd->dist_ref == FEED_NVD) {
                    wm_vuldet_clean_nvd_year(NULL, upd->update_it);
                } else if (upd->dist_ref == FEED_JREDHAT) {
                    wm_vuldet_clean_rh(NULL);
                }
                return OS_INVALID;
            } else {
                if (upd->dist_ref == FEED_JREDHAT) {
                    switch (upd->update_state) {
                        case VU_FINISH_FETCH: // The last page has been reached
                            return 0;
                        case VU_TRY_NEXT_PAGE: // The maximum number of possible attempts for a page has been exhausted, the following page will be attempted
                            if (pages_fail == RED_HAT_REPO_MAX_FAIL_ITS) { // The allowed number of failed pages has been exhausted. The feed will not be updated.
                                mterror(WM_VULNDETECTOR_LOGTAG, VU_RH_REQ_FAIL_MAX, RED_HAT_REPO_MAX_FAIL_ITS);
                                wm_vuldet_clean_rh(NULL);
                                return OS_INVALID;
                            }
                            pages_fail++;
                        break;
                        case VU_INV_FEED:
                            wm_vuldet_clean_rh(NULL);
                            return OS_INVALID;
                        default:
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DOWNLOAD_PAGE_SUC, upd->update_it);
                            feed_updated = 1;
                    }
                }
            }
        }

        if (upd->dist_ref == FEED_JREDHAT && !feed_updated) {
            return OS_INVALID;
        }
    } else {
        // single-providers -> offline update (multi_path only)
        // multi-providers -> online and offline update
        return wm_vuldet_sync_feed(upd, updated);
    }
    return 0;
}

int wm_vuldet_index_debian(sqlite3 *db, const char *target, update_node *update) {
    sqlite3_stmt *stmt = NULL;
    cJSON *deb_json = NULL;
    cJSON *package_json = NULL;
    cJSON *cve_json = NULL;
    cJSON *releases_json = NULL;
    cJSON *target_json = NULL;
    cJSON *status_json = NULL;
    cJSON *version_json = NULL;
    cJSON *urgency_json = NULL;
    cJSON *reason_json = NULL;
    char *target_lower = NULL;
    char *package = NULL;
    char *cve = NULL;
    char *version = NULL;
    int ignore = 0;

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DEB_STATUS_FEED);

    if (deb_json = wm_vuldet_get_debian_status_feed(update), !deb_json) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_DEB_STATUS_FEED_ERROR, DEBIAN_REPO_STATUS);
        return 0;
    }

    target_lower = w_tolower_str(target);

    for (package_json = deb_json->child; json_tagged_obj(package_json); package_json = package_json->next) {

        package = package_json->string;

        for (cve_json = package_json->child; json_tagged_obj(cve_json); cve_json = cve_json->next) {

            if (strncmp("CVE-", cve_json->string, 4)) {
                continue;
            }

            cve = cve_json->string;
            version = NULL;
            ignore = 0;

            if (releases_json = cJSON_GetObjectItem(cve_json, "releases"), !releases_json) {
                continue;
            }
            if (target_json = cJSON_GetObjectItem(releases_json, target_lower), !target_json) {
                continue;
            }
            status_json = cJSON_GetObjectItem(target_json, "status");
            version_json = cJSON_GetObjectItem(target_json, "fixed_version");
            urgency_json = cJSON_GetObjectItem(target_json, "urgency");
            reason_json = cJSON_GetObjectItem(target_json, "nodsa_reason");

            if (version_json && version_json->valuestring) {
                if (!strcmp(version_json->valuestring, "0")) {
                    ignore = 1; // Not affected
                } else {
                    version = version_json->valuestring; // Fixed
                }
            } else if (status_json && status_json->valuestring && !strcmp(status_json->valuestring, "open")) {
                if (urgency_json && urgency_json->valuestring && !strcmp(urgency_json->valuestring, "end-of-life")) {
                    ignore = 1; // Out of support
                } else if (urgency_json && urgency_json->valuestring && !strcmp(urgency_json->valuestring, "unimportant")) {
                    ignore = 1; // Not affected || Will not fix
                } else if (reason_json && reason_json->valuestring && !strcmp(reason_json->valuestring, "ignored")) {
                    ignore = 1; // Will not fix
                }
            }

            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_CVE], -1, &stmt, NULL) != SQLITE_OK) {
                os_free(target_lower);
                cJSON_Delete(deb_json);
                return wm_vuldet_sql_error(db, stmt);
            }

            sqlite3_bind_text(stmt, 1, cve, -1, NULL);
            sqlite3_bind_text(stmt, 2, target, -1, NULL);
            sqlite3_bind_text(stmt, 3, NULL, -1, NULL);
            sqlite3_bind_text(stmt, 4, package, -1, NULL);
            sqlite3_bind_text(stmt, 5, "less than", -1, NULL);
            sqlite3_bind_text(stmt, 6, version ? version : version_null, -1, NULL);
            sqlite3_bind_int(stmt, 7, 0);
            sqlite3_bind_int(stmt, 8, ignore);

            if (wm_vuldet_step(stmt) != SQLITE_DONE) {
                os_free(target_lower);
                cJSON_Delete(deb_json);
                return wm_vuldet_sql_error(db, stmt);
            }

            wdb_finalize(stmt);
        }
    }

    wdb_finalize(stmt);
    os_free(target_lower);
    cJSON_Delete(deb_json);

    return 0;
}

int wm_vuldet_insert_cve_info(wm_vuldet_db *parsed_oval, sqlite3 *db, sqlite3_stmt *stmt) {
    info_cve *info_it = parsed_oval->info_cves;
    int result;

    while (info_it) {
        if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_CVE_INFO], -1, &stmt, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, stmt);
        }

        sqlite3_bind_text(stmt, 1, info_it->cveid, -1, NULL);
        sqlite3_bind_text(stmt, 2, info_it->title, -1, NULL);
        sqlite3_bind_text(stmt, 3, (info_it->severity) ? info_it->severity : vu_severities[VU_UNKNOWN], -1, NULL);
        sqlite3_bind_text(stmt, 4, info_it->published, -1, NULL);
        sqlite3_bind_text(stmt, 5, info_it->updated, -1, NULL);
        sqlite3_bind_text(stmt, 6, parsed_oval->OS, -1, NULL);
        sqlite3_bind_text(stmt, 7, info_it->description, -1, NULL);
        sqlite3_bind_text(stmt, 8, info_it->cvss, -1, NULL);
        sqlite3_bind_text(stmt, 9, info_it->cvss_vector, -1, NULL);
        sqlite3_bind_text(stmt, 10, info_it->cvss3, -1, NULL);
        sqlite3_bind_text(stmt, 11, info_it->cvss3_vector, -1, NULL);
        sqlite3_bind_text(stmt, 12, info_it->cwe, -1, NULL);

        if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
            return wm_vuldet_sql_error(db, stmt);
        }
        wdb_finalize(stmt);

        // Saving the references corresponding to the current CVE
        int j;
        for (j = 0; info_it->refs && (j < info_it->refs->elements) && info_it->refs->values[j]; j++) {
            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_REF_INFO], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }
            sqlite3_bind_text(stmt, 1, info_it->cveid, -1, NULL);
            sqlite3_bind_text(stmt, 2, parsed_oval->OS, -1, NULL);
            sqlite3_bind_text(stmt, 3, info_it->refs->values[j], -1, NULL);
            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);
        }

        // Saving the bugzilla references corresponding to the current CVE
        for (j = 0; info_it->bugzilla_references && (j < info_it->bugzilla_references->elements) && info_it->bugzilla_references->values[j]; j++) {
            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_BUG_REF_INFO], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }
            sqlite3_bind_text(stmt, 1, info_it->cveid, -1, NULL);
            sqlite3_bind_text(stmt, 2, parsed_oval->OS, -1, NULL);
            sqlite3_bind_text(stmt, 3, info_it->bugzilla_references->values[j], -1, NULL);
            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);
        }


        // Saving the advisories corresponding to the current CVE
        for (j = 0; info_it->advisories && (j < info_it->advisories->elements) && info_it->advisories->values[j]; j++) {
            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_ADVISORY_INFO], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }
            sqlite3_bind_text(stmt, 1, info_it->cveid, -1, NULL);
            sqlite3_bind_text(stmt, 2, parsed_oval->OS, -1, NULL);
            sqlite3_bind_text(stmt, 3, info_it->advisories->values[j], -1, NULL);
            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);
        }

        info_it = info_it->prev;
    }

    return 0;
}

int wm_vuldet_insert(wm_vuldet_db *parsed_oval, update_node *update) {
    sqlite3 *db;
    sqlite3_stmt *stmt = NULL;
    int result;
    const char *query;
    oval_metadata *met_it = &parsed_oval->metadata;
    vulnerability *vul_it = parsed_oval->vulnerabilities;
    info_state *state_it = parsed_oval->info_states;
    info_obj *obj_it = parsed_oval->info_objs;
    info_test *test_it = parsed_oval->info_tests;
    cpe_list *cpes_it = parsed_oval->nvd_cpes;
    nvd_vulnerability *nvd_it = parsed_oval->nvd_vulnerabilities;
    vu_cpe_dic *w_cpes_it = parsed_oval->w_cpes;
    vu_msu_entries *msu_it = &parsed_oval->msu;
    variables *vars_it = parsed_oval->vars;
    vu_alas_vuln *alas_it = parsed_oval->alas_vuln;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_exec(db, vu_queries[BEGIN_T], NULL, NULL, NULL);

    switch (update->dist_ref) {
        case FEED_REDHAT:
            if (wm_vuldet_remove_target_table(db, ARCHITECTURES_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, CVE_TABLE, parsed_oval->OS)) {
                return OS_INVALID;
            }
            break;
        case FEED_UBUNTU:
        case FEED_DEBIAN:
            if (wm_vuldet_remove_target_table(db, CVE_TABLE, parsed_oval->OS)      ||
                wm_vuldet_remove_target_table(db, METADATA_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, CVE_INFO_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, VARIABLES_TABLE, parsed_oval->OS)) {
                return OS_INVALID;
            }
        break;
        case FEED_CPEW:
            if (wm_vuldet_clean_wcpe(db)) {
                return OS_INVALID;
            }
        break;
        case FEED_ARCH:
            if (wm_vuldet_remove_target_table(db, CVE_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, CVE_INFO_TABLE, parsed_oval->OS)) {
                return OS_INVALID;
            }
            break;
        case FEED_ALAS:
            if (wm_vuldet_remove_target_table(db, CVE_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, ARCHITECTURES_TABLE, parsed_oval->OS) ||
                wm_vuldet_remove_target_table(db, CVE_REF_TABLE, parsed_oval->OS)) {
                return OS_INVALID;
            }
        break;
        case FEED_NVD: case FEED_MSU: case FEED_JREDHAT:
        break;
        default:
            sqlite3_close_v2(db);
            return OS_INVALID;
    }

    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_VU);

    if (cpes_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_CPES_SEC);

        if (wm_vuldet_insert_cpe_db(db, cpes_it, 1)){
            mterror(WM_VULNDETECTOR_LOGTAG, VU_CPES_INSERT_ERROR);
            wm_vuldet_free_cpe_list(cpes_it);
            free(cpes_it);
            sqlite3_close_v2(db);
            return OS_INVALID;
        }
        wm_vuldet_free_cpe_list(cpes_it);
        free(cpes_it);
    }

    if (w_cpes_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_CPES_DIC);

        if (wm_vuldet_insert_cpe_dic(db, w_cpes_it)){
            mterror(WM_VULNDETECTOR_LOGTAG, VU_CPES_INSERT_ERROR);
            return OS_INVALID;
        }
        free(w_cpes_it);
    }

    if (msu_it->vul) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_MSU);

        if (wm_vuldet_insert_MSU(db, msu_it)){
            return OS_INVALID;
        }
    }

    if (alas_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_VUL_SEC, "ALAS");

        if (wm_vuldet_insert_ALAS(db, alas_it, vu_feed_tag[update->dist_tag_ref])){
            return OS_INVALID;
        }
    }

    if (nvd_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_VUL_SEC, "NVD");
        if (wm_vuldet_index_nvd(db, update, nvd_it)) {
            wm_vuldet_sql_error(db, stmt);
            return OS_INVALID;
        }
        parsed_oval->nvd_vulnerabilities = NULL;
    }

    // Adds the vulnerabilities
    if (vul_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_VUL_SEC, update->dist_ext);
    }

    while (vul_it) {
        // If you do not have this field, it has been discarded by the preparser and the OS is not affected
        if (vul_it->state_id) {
            if (vul_it->rhsa_list) {
                wm_vuldet_oval_traverse_rhsa(vul_it);
            }

            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_CVE], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }

            sqlite3_bind_text(stmt, 1, vul_it->cve_id, -1, NULL);
            sqlite3_bind_text(stmt, 2, parsed_oval->OS, -1, NULL);
            sqlite3_bind_text(stmt, 3, NULL, -1, NULL);
            sqlite3_bind_text(stmt, 5, vul_it->state_id, -1, NULL);
            if (vul_it->package_name && vul_it->package_version) {
                    sqlite3_bind_text(stmt, 4, vul_it->package_name, -1, NULL);
                    sqlite3_bind_text(stmt, 6, vul_it->package_version, -1, NULL);
            } else {
                sqlite3_bind_text(stmt, 4, vul_it->package_name ? vul_it->package_name : vul_it->state_id, -1, NULL);
                sqlite3_bind_text(stmt, 6, NULL, -1, NULL);
            }
            sqlite3_bind_int(stmt, 7, 0);
            sqlite3_bind_int(stmt, 8, vul_it->ignore);
            sqlite3_bind_int(stmt, 9, 0);

            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }

            wdb_finalize(stmt);
        }

        vulnerability *vul_aux = vul_it;
        vul_it = vul_it->prev;
        os_free(vul_aux->cve_id);
        os_free(vul_aux->state_id);
        os_free(vul_aux->package_name);
        os_free(vul_aux->package_version);
        os_free(vul_aux);
    }

    // Adds Debian vulnerabilities
    if (update->dist_ref == FEED_DEBIAN) {
        if (wm_vuldet_index_debian(db, vu_feed_tag[update->dist_tag_ref], update) == OS_INVALID) {
            return wm_vuldet_sql_error(db, stmt);
        }
    }

    if (test_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_TEST_SEC, update->dist_ext);
    }

    // Links vulnerabilities to their conditions
    while (test_it) {
        if (wm_vuldet_prepare(db, vu_queries[VU_UPDATE_CVE], -1, &stmt, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, stmt);
        }

        sqlite3_bind_text(stmt, 1, test_it->obj, -1, NULL);
        sqlite3_bind_text(stmt, 2, test_it->state, -1, NULL);
        sqlite3_bind_text(stmt, 3, test_it->id, -1, NULL);
        result = wm_vuldet_step(stmt);

        switch (result) {
        case SQLITE_DONE:
            break;
        case SQLITE_CONSTRAINT:
            wdb_finalize(stmt);

            if (wm_vuldet_prepare(db, vu_queries[VU_UPDATE_CVE_NOT_FIXED], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }

            sqlite3_bind_text(stmt, 1, test_it->obj, -1, NULL);
            sqlite3_bind_text(stmt, 2, vu_package_comp[VU_COMP_L], -1, NULL);
            sqlite3_bind_text(stmt, 3, version_null, -1, NULL);
            sqlite3_bind_text(stmt, 4, test_it->id, -1, NULL);

            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            break;
        default:
            return wm_vuldet_sql_error(db, stmt);
        }

        wdb_finalize(stmt);

        info_test *test_aux = test_it;
        test_it = test_it->prev;
        free(test_aux->id);
        free(test_aux->state);
        free(test_aux->obj);
        free(test_aux);
    }

    if (state_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_VU_CO, update->dist_ext);

        sqlite3_exec(db, vu_queries[VU_REMOVE_UNUSED_VULS], NULL, NULL, NULL);
    }

    // Sets the OVAL operators and values
    int arch_id = 0;

    while (state_it) {
        if (state_it->operation_value != NULL) {

            // Get ID to insert architectures
            if (update->dist_ref == FEED_REDHAT) {
                arch_id++;
            }

            // Replace the state ID by the real values
            query = vu_queries[VU_UPDATE_CVE_VAL];
            if (wm_vuldet_prepare(db, query, -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }

            sqlite3_bind_text(stmt, 1, state_it->operation, -1, NULL);

            // If the epoch is 0, we don't save it because it is not necessary
            if (!strcmp(state_it->operation_value, version_null) || strncmp("0:", state_it->operation_value, 2)) {
                sqlite3_bind_text(stmt, 2, state_it->operation_value, -1, NULL);
            } else {
                sqlite3_bind_text(stmt, 2, (state_it->operation_value + 2), -1, NULL);
            }

            sqlite3_bind_int(stmt, 3, arch_id);
            sqlite3_bind_text(stmt, 4, state_it->id, -1, NULL);

            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);

            // Insert architecture values
            if (arch_id && state_it->arch) {
                for (int i = 0; state_it->arch[i]; i++) {
                    if (wm_vuldet_prepare(db, vu_queries[VU_UPDATE_ARCH], -1, &stmt, NULL) != SQLITE_OK) {
                        return wm_vuldet_sql_error(db, stmt);
                    }

                    sqlite3_bind_int(stmt, 1, arch_id);
                    sqlite3_bind_text(stmt, 2, parsed_oval->OS, -1, NULL);
                    sqlite3_bind_text(stmt, 3, state_it->arch[i], -1, NULL);

                    if (result = wm_vuldet_step(stmt), result != SQLITE_DONE) {
                        return wm_vuldet_sql_error(db, stmt);
                    }
                    wdb_finalize(stmt);
                }
            }
        }

        info_state *state_aux = state_it;
        state_it = state_it->prev;
        os_free(state_aux->id);
        os_free(state_aux->operation);
        os_free(state_aux->operation_value);
        w_FreeArray(state_aux->arch);
        os_free(state_aux->arch);
        os_free(state_aux);
    }

    if (obj_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_PACK_NAME, update->dist_ext);
    }

    // Sets the OVAL package name
    while (obj_it) {
        char *normalized_name = NULL;

        if (obj_it->obj) {
            if (result = wm_vuldet_prepare(db, vu_queries[VU_UPDATE_CVE_PACK], -1, &stmt, NULL), result != SQLITE_OK && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            normalized_name = w_tolower_str(obj_it->obj);
            sqlite3_bind_text(stmt, 1, normalized_name, -1, NULL);
            sqlite3_bind_int(stmt, 2, obj_it->need_vars);
            sqlite3_bind_text(stmt, 3, obj_it->id, -1, NULL);
        } else {
            if (result = wm_vuldet_prepare(db, vu_queries[VU_REMOVE_UNUSED_ID], -1, &stmt, NULL), result != SQLITE_OK && result != SQLITE_CONSTRAINT) {
                return wm_vuldet_sql_error(db, stmt);
            }
            sqlite3_bind_text(stmt, 1, obj_it->id, -1, NULL);
        }

        if (result = wm_vuldet_step(stmt), result != SQLITE_DONE) {
            os_free(normalized_name);
            return wm_vuldet_sql_error(db, stmt);
        }

        wdb_finalize(stmt);
        os_free(normalized_name);

        info_obj *obj_aux = obj_it;
        obj_it = obj_it->prev;
        free(obj_aux->id);
        free(obj_aux->obj);
        free(obj_aux);
    }

    if (vars_it) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INS_VARIABLES, update->dist_ext);
    }

    // Sets the OVAL variables
    while (vars_it) {
        char *normalized_id = NULL;
        query = vu_queries[VU_INSERT_VARIABLES];

        if (vars_it->id) {
            int j;
            normalized_id = w_tolower_str(vars_it->id);

            for (j = 0; vars_it->values[j]; j++) {
                char *normalized_name = NULL;
                if (wm_vuldet_prepare(db, query, -1, &stmt, NULL) != SQLITE_OK) {
                    os_free(normalized_id);
                    return wm_vuldet_sql_error(db, stmt);
                }
                sqlite3_bind_text(stmt, 1, normalized_id, -1, NULL);
                normalized_name = w_tolower_str(vars_it->values[j]);
                sqlite3_bind_text(stmt, 2, normalized_name, -1, NULL);
                sqlite3_bind_text(stmt, 3, parsed_oval->OS, -1, NULL);
                if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                    os_free(normalized_id);
                    os_free(normalized_name);
                    return wm_vuldet_sql_error(db, stmt);
                }
                wdb_finalize(stmt);
                os_free(normalized_name);
            }
        }
        os_free(normalized_id);

        variables *var_aux = vars_it;
        vars_it = vars_it->prev;
        free(var_aux->id);
        w_FreeArray(var_aux->values);
        free(var_aux->values);
        free(var_aux);
    }

    // Discard the CVE info from the RHEL OVALs
    if (parsed_oval->info_cves && (update->dist_ref != FEED_REDHAT)) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_VU_INFO, update->dist_ext);
        if (result = wm_vuldet_insert_cve_info(parsed_oval, db, stmt), result) {
            return result;
        }
    }

    // Clean the unresolved states for RHEL5 entries
    if (update->dist_tag_ref == FEED_RHEL5) {
        sqlite3_exec(db, vu_queries[VU_REMOVE_UNUSED_STATES], NULL, NULL, NULL);
    }

    wm_vuldet_clean_vulnerability_info(parsed_oval);

    if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_METADATA], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, parsed_oval->OS, -1, NULL);
    sqlite3_bind_text(stmt, 2, met_it->product_name, -1, NULL);
    sqlite3_bind_text(stmt, 3, met_it->product_version, -1, NULL);
    sqlite3_bind_text(stmt, 4, met_it->schema_version, -1, NULL);
    sqlite3_bind_text(stmt, 5, met_it->timestamp, -1, NULL);
    sqlite3_bind_text(stmt, 6, NULL, -1, NULL);
    sqlite3_bind_int(stmt, 7, 0);
    sqlite3_bind_int(stmt, 8, 0);

    if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
        return wm_vuldet_sql_error(db, stmt);
    }
    wdb_finalize(stmt);

    free(met_it->product_name);
    free(met_it->product_version);
    free(met_it->schema_version);
    free(met_it->timestamp);

    sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
    sqlite3_close_v2(db);
    return 0;
}

int wm_vuldet_check_db() {
    if (wm_vuldet_create_file(CVE_DB, schema_vuln_detector_sql)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_INVALID_DB_INT);
        pthread_exit(NULL);
    }
    return 0;
}

void wm_vuldet_add_vulnerability_info(wm_vuldet_db *ctrl_block) {
    info_cve *new;
    os_calloc(1, sizeof(info_cve), new);

    if (ctrl_block->info_cves) {
        new->prev = ctrl_block->info_cves;
    }
    ctrl_block->info_cves = new;
}

void wm_vuldet_clean_vulnerability_info(wm_vuldet_db *ctrl_block) {
    info_cve *info_aux = NULL;
    info_cve *info_it = ctrl_block->info_cves;

    while (info_it) {
        if (info_it->refs)
            free_strarray(info_it->refs->values);

        if (info_it->bugzilla_references)
            free_strarray(info_it->bugzilla_references->values);

        if (info_it->advisories)
            free_strarray(info_it->advisories->values);

        info_aux = info_it->prev;
        free(info_it->cveid);
        free(info_it->title);
        free(info_it->severity);
        free(info_it->published);
        free(info_it->updated);
        free(info_it->refs);
        free(info_it->description);
        free(info_it->cvss);
        free(info_it->cvss_vector);
        free(info_it->cvss3);
        free(info_it->cvss3_vector);
        free(info_it->bugzilla_references);
        free(info_it->advisories);
        free(info_it->cwe);
        free(info_it);
        info_it = info_aux;
    }
}

void wm_vuldet_add_oval_vulnerability(wm_vuldet_db *ctrl_block) {
    vulnerability *new;
    os_calloc(1, sizeof(vulnerability), new);

    if (ctrl_block->vulnerabilities) {
        new->prev = ctrl_block->vulnerabilities;
    }
    ctrl_block->vulnerabilities = new;
}

char *wm_vuldet_oval_xml_preparser(char *path, vu_feed dist) {
    FILE *input, *output = NULL;
    char buffer[OS_MAXSTR + 1];
    parser_state state = V_START;
    char *found;
    char *tmp_file;

    os_strdup(VU_FIT_TEMP_FILE, tmp_file);

    if (input = fopen(path, "r" ), !input) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_OPEN_FILE_ERROR, path);
        os_free(tmp_file);
        goto free_mem;
    } else if (output = fopen(tmp_file, "w" ), !output) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_OPEN_FILE_ERROR, tmp_file);
        os_free(tmp_file);
        goto free_mem;
    }

    while (fgets(buffer, OS_MAXSTR, input)) {
        if (dist == FEED_DEBIAN) {
            // For Debian, remove packages information since the JSON feed will be used to get that information.
            switch (state) {
                case V_OVALDEFINITIONS:
                    if (found = strstr(buffer, "<definitions"), found) {
                        state = V_DEFINITIONS;
                    } else if (found = strstr(buffer, "<generator"), found) {
                        state = V_GENERATOR;
                    } else if (found = strstr(buffer, "</oval_definitions>"), found) {
                        state = V_END;
                    } else {
                        continue;
                    }
                break;
                case V_DEFINITIONS:
                    if (found = strstr(buffer, "<definition"), found) {
                        state = V_DEFINITION;
                    } else if (found = strstr(buffer, "</definitions>"), found) {
                        state = V_OVALDEFINITIONS;
                    }
                break;
                case V_DEFINITION:
                    if (found = strstr(buffer, "<metadata"), found) {
                        state = V_METADATA;
                    } else if (found = strstr(buffer, "</definition>"), found) {
                        state = V_DEFINITIONS;
                    } else {
                        continue;
                    }
                break;
                case V_METADATA:
                    if (found = strstr(buffer, "</metadata>"), found) {
                        state = V_DEFINITION;
                    }
                break;
                case V_GENERATOR:
                    if (found = strstr(buffer, "</generator>"), found) {
                        state = V_OVALDEFINITIONS;
                    }
                break;
                default:
                    if (found = strstr(buffer, "<oval_definitions"), found) {
                        state = V_OVALDEFINITIONS;
                    } else {
                        continue;
                    }
            }

        } else if (dist == FEED_REDHAT) { // 5.10
            switch (state) {
            case V_START:
                // Discard the first line of the XML
                if (strstr(buffer, "?>")) {
                    state = V_STATES;
                }
                continue;
            case V_CRITERIA:
                /* Every package affected by a CVE has a duplicated entry
                * specifying it was signed with redhatrelease key. Since it's
                * not useful, we can remove it. */
                if (strstr(buffer, "is signed with Red Hat")) {
                    state = V_STATES;
                    continue;
                }
                if (strstr(buffer, "</criteria>")) {
                    state = V_STATES;
                }
            break;
            case V_DEFINITIONS:
                if (found = strstr(buffer, "</definition"), found) {
                    state = V_END;
                }
                continue;
            default:
                /* The XML parser fails to analyse correctly this section.
                * This is just a workaround, for more information -> Issues #5300 and #5299. */
                if (strstr(buffer, "<![CDATA") ||
                    strstr(buffer, "<ind-def:pattern operation=\"pattern match\">")) {
                    continue;

                } else if (strstr(buffer, "<criteria ")) {
                    state = V_CRITERIA;

                // Discard not-affected packages
                } else if (strstr(buffer, "<definition") &&
                    strstr(buffer, "unaffected")) {
                    state = V_DEFINITIONS;
                    continue;
                }
            }

        } else if (dist != FEED_UBUNTU) {
            os_free(tmp_file);
            goto free_mem;
        }

        fwrite(buffer, 1, strlen(buffer), output);
    }

free_mem:
    if (input) {
        fclose(input);
    }
    if (output) {
        fclose(output);
    }

    return tmp_file;
}

references *wm_vuldet_extract_advisories(cJSON *advisories) {
    references *advisories_data = NULL;

    if (advisories) {
        os_calloc(1, sizeof(references), advisories_data);

        for (; advisories && advisories->valuestring; advisories = advisories->next) {
            os_realloc(advisories_data->values, (advisories_data->elements + 2) * sizeof(char *), advisories_data->values);
            w_strdup(advisories->valuestring, advisories_data->values[advisories_data->elements]);
            advisories_data->values[++advisories_data->elements] = NULL;
        }
    }

    return advisories_data;
}

void wm_vuldet_adapt_title(char *title, char *cve) {
    // Remove unnecessary line jumps and spaces
    const size_t title_size = strlen(title);
    size_t size;
    int offset;
    char *title_ofs;

    for (size = strlen(title) - 1; size > 0 && title[size] == ' '; size -= 1) {
        title[size] = '\0';
    }

    if (title[size] == '\n') {
        title[size--] = '\0';
    }

    offset = title[0] == '\n' ? 1 : 0;
    if(size > 1 && !strncmp(title + offset, cve, strlen(cve))) {
        offset += strlen(cve) + 1;
    }
    os_strdup(title + offset, title_ofs);
    snprintf(title, title_size, "%s", title_ofs);
    free(title_ofs);
}

void wm_vuldet_oval_copy_rhsa(vulnerability *old, vulnerability *new) {
    if (!old->rhsa_list) {
        return;
    }

    for (int i = 0; old->rhsa_list[i]; i++) {
        wm_vuldet_oval_append_rhsa(new, old->rhsa_list[i]);
    }
}

void wm_vuldet_oval_traverse_rhsa(vulnerability *vul_it) {
   vulnerability *new = NULL;

    // They new vulnerabilities will hold the same information as the original one,
    // but pointing to a different CVE.
    for (int i = 0; vul_it->rhsa_list[i]; i++) {
        os_calloc(1, sizeof(vulnerability), new);
        os_strdup(vul_it->rhsa_list[i], new->cve_id);
        os_strdup(vul_it->state_id, new->state_id);
        new->prev = vul_it->prev;
        vul_it->prev = new;
        os_free(vul_it->rhsa_list[i]);
    }

    os_free(vul_it->rhsa_list);
}

void wm_vuldet_oval_append_rhsa(vulnerability *vul_it, char *cve) {
    static int index = 0;

    // Reset the index at the arrival of a new vulnerability.
    index = (!vul_it->rhsa_list)? 0 : index;

    // The list will increase dynamically by 5.
    if ((index % RHSA_DEFAULT_NUM) == 0) {
        os_realloc(vul_it->rhsa_list, (RHSA_DEFAULT_NUM + index + 1) * sizeof(char *), vul_it->rhsa_list);
        memset(&vul_it->rhsa_list[index + 1], 0, RHSA_DEFAULT_NUM * sizeof(char *));
    }

    os_strdup(cve, vul_it->rhsa_list[index]);
    index++;
}

int wm_vuldet_oval_xml_parser(OS_XML *xml, XML_NODE node, wm_vuldet_db *parsed_oval, update_node *update, vu_logic condition) {
    int i, j;
    int retval = 0;
    XML_NODE chld_node = NULL;
    vu_feed dist = update->dist_ref;
    vu_feed dist_ref = update->dist_tag_ref;

    static const char *XML_OVAL_DEFINITIONS = "oval_definitions";
    // Generator
    static const char *XML_GENERATOR = "generator";
    static const char *XML_OVAL_PRODUCT_NAME = "oval:product_name";
    static const char *XML_OVAL_PRODUCT_VERSION = "oval:product_version";
    static const char *XML_OVAL_SCHEMA_VERSION = "oval:schema_version";
    static const char *XML_OVAL_TIMESTAMP = "oval:timestamp";
    // Definitions
    static const char *XML_DEFINITIONS = "definitions";
    static const char *XML_DEFINITION = "definition";
    static const char *XML_CLASS = "class";
    static const char *XML_VULNERABILITY = "vulnerability";
    static const char *XML_PATCH = "patch"; // rhel
    static const char *XML_ID = "id";
    static const char *XML_METADATA = "metadata";
    static const char *XML_TITLE = "title";
    static const char *XML_DESCRIPTION = "description";
    static const char *XML_REFERENCE = "reference";
    static const char *XML_REF_ID = "ref_id";
    static const char *XML_REF_URL = "ref_url";
    static const char *XML_ADVISORY = "advisory";
    static const char *XML_SEVERITY = "severity";
    static const char *XML_PUBLIC_DATE = "public_date";
    static const char *XML_UPDATED = "updated";
    static const char *XML_BUG = "bug";
    static const char *XML_REF = "ref";
    static const char *XML_DEBIAN = "debian";
    static const char *XML_DATE = "date";
    static const char *XML_CRITERIA = "criteria";
    static const char *XML_OPERATOR = "operator";
    static const char *XML_OR = "OR";
    static const char *XML_AND = "AND";
    static const char *XML_CRITERION = "criterion";
    static const char *XML_TEST_REF = "test_ref";
    static const char *XML_COMMENT = "comment";
    // Tests
    static const char *XML_TESTS = "tests";
    static const char *XML_RPM_LINUX_INFO_TEST = "red-def:rpminfo_test";
    static const char *XML_RPM_LINUX_INFO_OBJ = "red-def:rpminfo_object";
    static const char *XML_DPKG_LINUX_INFO_TEST = "linux-def:dpkginfo_test";
    static const char *XML_LINUX_OBJ = "linux-def:object";
    static const char *XML_LINUX_RPM_OBJ = "red-def:object";
    static const char *XML_OBJECT_REF = "object_ref";
    static const char *XML_LINUX_STATE = "linux-def:state";
    static const char *XML_STATE_REF = "state_ref";
    // Objects
    static const char *XML_OBJECTS = "objects";
    static const char *XML_DPKG_LINUX_INFO_OBJ = "linux-def:dpkginfo_object";
    static const char *XML_LINUX_NAME = "linux-def:name";
    static const char *XML_LINUX_RPM_STATE = "red-def:state";
    static const char *XML_LINUX_RPM_NAME = "red-def:name";
    static const char *XML_VAR_REF = "var_ref";
    static const char *XML_VAR_CHECK = "var_check";
    static const char *XML_STATES = "states";
    static const char *XML_RPM_LINUX_INFO_STATE = "red-def:rpminfo_state";
    static const char *XML_DPKG_LINUX_INFO_STATE = "linux-def:dpkginfo_state";
    static const char *XML_LINUX_DEF_EVR = "linux-def:evr";
    static const char *XML_LINUX_RPM_DEF_EVR = "red-def:evr";
    static const char *XML_OPERATION = "operation";
    static const char *XML_DATATYPE = "datatype";
    static const char *XML_RPM_ARCHITECTURE = "red-def:arch";
    // Variables
    static const char *XML_VARIABLES = "variables";
    static const char *XML_CONST_VAR = "constant_variable";
    static const char *XML_VALUE = "value";

    for (i = 0; node[i]; i++) {
        chld_node = NULL;
        if (!node[i]->element) {
            mterror(WM_VULNDETECTOR_LOGTAG, XML_ELEMNULL);
            return OS_INVALID;
        }

        if ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_DPKG_LINUX_INFO_STATE)) ||
            (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_RPM_LINUX_INFO_STATE))) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            }
            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_ID)) {
                    info_state *infos;
                    os_calloc(1, sizeof(info_state), infos);
                    os_strdup(node[i]->values[j], infos->id);
                    infos->operation = infos->operation_value = NULL;
                    infos->prev = parsed_oval->info_states;
                    parsed_oval->info_states = infos;
                    if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, condition) == OS_INVALID) {
                        goto end;
                    }
                }
            }
        } else if ((dist == FEED_UBUNTU || dist == FEED_REDHAT) && !strcmp(node[i]->element, XML_CONST_VAR)) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            }
            if (node[i]->attributes && node[i]->values) {
                variables *vars = NULL;

                for (j = 0; node[i]->attributes[j] && node[i]->values[j]; j++) {
                    if (!strcmp(node[i]->attributes[j], XML_ID)) {
                        os_calloc(1, sizeof(variables), vars);
                        os_strdup(node[i]->values[j], vars->id);
                        vars->prev = parsed_oval->vars;
                        parsed_oval->vars =vars;

                        for (j = 0; chld_node[j] && chld_node[j]->element &&
                                    !strcmp(chld_node[j]->element, XML_VALUE) &&
                                    chld_node[j]->content; j++) {
                            os_realloc(vars->values, (j + 2) * sizeof(char *), vars->values);
                            os_strdup(chld_node[j]->content, vars->values[j]);
                            vars->values[j + 1] = NULL;
                        }

                        vars->elements = j;
                        break;
                    }
                }
            }
        }
        else if ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_DPKG_LINUX_INFO_TEST)) ||
                (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_RPM_LINUX_INFO_TEST))) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            }
            info_test *infot;
            os_calloc(1, sizeof(info_test), infot);
            infot->state = NULL;
            infot->prev = parsed_oval->info_tests;
            parsed_oval->info_tests = infot;

            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_ID)) {
                    os_strdup(node[i]->values[j], parsed_oval->info_tests->id);
                }
            }
            if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_PACKG) == OS_INVALID) {
                goto end;
            }
        }

        else if ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_DPKG_LINUX_INFO_OBJ)) ||
                 (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_RPM_LINUX_INFO_OBJ))) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            }

            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_ID)) {
                    info_obj *info_o;
                    os_calloc(1, sizeof(info_obj), info_o);
                    os_strdup(node[i]->values[j], info_o->id);
                    info_o->prev = parsed_oval->info_objs;
                    parsed_oval->info_objs = info_o;
                    if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_OBJ) == OS_INVALID) {
                        goto end;
                    }
                }
            }
            if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_PACKG) == OS_INVALID) {
                goto end;
            }
        } else if (condition == VU_OBJ && ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_LINUX_NAME)) ||
                    (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_LINUX_RPM_NAME)))) {
            if (node[i]->content && *node[i]->content) {
                w_strdup(node[i]->content, parsed_oval->info_objs->obj);
            } else {
                if (node[i]->attributes && node[i]->values) {
                    int j;
                    char *var_check = NULL;
                    char *var_ref = NULL;

                    for (j = 0; node[i]->attributes[j] && node[i]->values[j]; j++) {
                        if (!strcmp(node[i]->attributes[j], XML_VAR_REF)) {
                            if (!var_ref) {
                                os_strdup(node[i]->values[j], var_ref);
                            }
                        } else if (!strcmp(node[i]->attributes[j], XML_VAR_CHECK)) {
                            if (!var_check) {
                                os_strdup(node[i]->values[j], var_check);
                            }
                        }
                    }

                    if (!var_check || !var_ref) {
                        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_OVAL_OBJ_INV, "Parameters 'var_check' and 'var_ref' were expected");
                    } else {
                        if (!strcmp(var_check, "at least one")) {
                            parsed_oval->info_objs->need_vars = 1;
                            parsed_oval->info_objs->obj = var_ref;
                            var_ref = NULL;
                        } else {
                            char error_msg[OS_SIZE_128];
                            snprintf(error_msg, OS_SIZE_128, "Unexpected var_check: '%s'", var_check);
                            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_OVAL_OBJ_INV, error_msg);
                        }
                    }
                    free(var_ref);
                    free(var_check);
                } else {
                    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_OVAL_OBJ_INV, "Empty object");
                }
            }
        } else if ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_LINUX_DEF_EVR)) ||
                    (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_LINUX_RPM_DEF_EVR))) {
            if (node[i]->attributes && *node[i]->attributes && node[i]->content && *node[i]->content) {
                if (dist_ref == FEED_RHEL5) {
                    // The RHEL5 OVAL contains vulnerable packages of others platforms
                    // We are only interested on RHEL5 packages from this feed
                    if (!strstr(node[i]->content, vu_package_dist[VU_RH_EXT_5])) {
                        // A step backward in order to continue the parse process
                        info_state *state_prev_ptr;
                        state_prev_ptr = parsed_oval->info_states->prev;
                        w_FreeArray(parsed_oval->info_states->arch);
                        os_free(parsed_oval->info_states->arch);
                        os_free(parsed_oval->info_states->operation);
                        os_free(parsed_oval->info_states->operation_value);
                        os_free(parsed_oval->info_states->id);
                        os_free(parsed_oval->info_states);
                        parsed_oval->info_states= state_prev_ptr;

                        goto end;
                    }
                }
                for (j = 0; node[i]->attributes[j]; j++) {
                    if (!strcmp(node[i]->attributes[j], XML_OPERATION)) {
                        os_strdup(node[i]->values[j], parsed_oval->info_states->operation);
                        os_strdup(node[i]->content, parsed_oval->info_states->operation_value);
                    }
                }
                if (!parsed_oval->info_states->operation && !strcmp(*node[i]->attributes, XML_DATATYPE) && !strcmp(*node[i]->values, "version")) {
                    os_strdup(vu_package_comp[VU_COMP_EQ], parsed_oval->info_states->operation);
                    os_strdup(node[i]->content, parsed_oval->info_states->operation_value);
                }

            }
        } else if (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_RPM_ARCHITECTURE)) {
            if (node[i]->attributes && *node[i]->attributes && node[i]->content && *node[i]->content) {
                os_calloc(2, sizeof(char *), parsed_oval->info_states->arch);
                for (j = 0; node[i]->attributes[j]; j++) {
                    if (!strcmp(node[i]->attributes[j], XML_OPERATION)) {
                        if (node[i]->values[j] && !strcmp(node[i]->values[j], "equals")) {
                            os_strdup(node[i]->content, parsed_oval->info_states->arch[0]);
                        } else if (node[i]->values[j] && !strcmp(node[i]->values[j], "pattern match")) {
                            char * archs = NULL;
                            char * arch_item = NULL;
                            char * saveptr = NULL;
                            int k = 0;
                            os_strdup(node[i]->content, archs);
                            arch_item = strtok_r(archs, "|", &saveptr);
                            while (arch_item) {
                                k++;
                                os_realloc(parsed_oval->info_states->arch, (k + 1) * sizeof(char *), parsed_oval->info_states->arch);
                                os_strdup(arch_item, parsed_oval->info_states->arch[k - 1]);
                                parsed_oval->info_states->arch[k] = NULL;
                                arch_item = strtok_r(NULL, "|", &saveptr);
                            }
                            os_free(archs);
                        }
                    }
                }
                if (!parsed_oval->info_states->arch[0]) {
                    os_strdup("noarch", parsed_oval->info_states->arch[0]);
                }
            }
        } else if ((condition == VU_PACKG) &&
                   ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_LINUX_STATE)) ||
                   (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_LINUX_RPM_STATE)))) {
            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_STATE_REF)) {
                    if (!parsed_oval->info_tests->state) {
                        os_strdup(node[i]->values[j], parsed_oval->info_tests->state);
                    }
                }
            }
        } else if ((condition == VU_PACKG) &&
                   ((dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_LINUX_OBJ)) ||
                   (dist == FEED_REDHAT && !strcmp(node[i]->element, XML_LINUX_RPM_OBJ)))) {
            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_OBJECT_REF)) {
                    if (!parsed_oval->info_tests->obj) {
                        os_strdup(node[i]->values[j], parsed_oval->info_tests->obj);
                    }
                }
            }
        }
        else if (!strcmp(node[i]->element, XML_DEFINITION)) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            }
            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_CLASS) &&
                    (!strcmp(node[i]->values[j], XML_VULNERABILITY) ||
                    !strcmp(node[i]->values[j], XML_PATCH))) {
                    wm_vuldet_add_oval_vulnerability(parsed_oval);
                    wm_vuldet_add_vulnerability_info(parsed_oval);
                    if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, condition) == OS_INVALID) {
                        retval = OS_INVALID;
                        goto end;
                    }
                }
            }
        }
        else if (!strcmp(node[i]->element, XML_REFERENCE)) {
            for (j = 0; node[i]->attributes[j]; j++) {
                if (!strcmp(node[i]->attributes[j], XML_REF_ID) &&
                    strstr(node[i]->values[j], "CVE")) {
                    // Create new CVE structure when a new reference appears.
                    // Append the new CVE name to the already existing vulnerability.
                    if (parsed_oval->vulnerabilities->cve_id) {
                        info_cve *new;
                        os_calloc(1, sizeof(info_cve), new);
                        new->prev = parsed_oval->info_cves->prev;
                        parsed_oval->info_cves->prev = new;
                        os_strdup(node[i]->values[j], new->cveid);
                        if (dist == FEED_REDHAT) {
                            wm_vuldet_oval_append_rhsa(parsed_oval->vulnerabilities, node[i]->values[j]);
                        }
                    } else {
                        os_strdup(node[i]->values[j], parsed_oval->vulnerabilities->cve_id);
                        os_strdup(node[i]->values[j], parsed_oval->info_cves->cveid);
                    }

                } else if (!strcmp(node[i]->attributes[j], XML_REF_URL)) {
                    if (!parsed_oval->info_cves->refs)
                        os_calloc(1, sizeof(references), parsed_oval->info_cves->refs);

                    references *refs = parsed_oval->info_cves->refs;
                    os_realloc(refs->values, (refs->elements + 2) * sizeof(char *), refs->values);
                    os_strdup(node[i]->values[j], refs->values[refs->elements]);
                    refs->values[++refs->elements] = NULL;
                }
            }
        }
        else if (!strcmp(node[i]->element, XML_TITLE)) {
            os_strdup(node[i]->content, parsed_oval->info_cves->title);
        }
        else if ((dist == FEED_UBUNTU || dist == FEED_REDHAT) && !strcmp(node[i]->element, XML_CRITERIA)) {
            if (!node[i]->attributes) {
                if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                    goto invalid_elem;
                }
                if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, condition) == OS_INVALID) {
                    retval = OS_INVALID;
                    goto end;
                }
            } else {
                char operator_found = 0;
                for (j = 0; node[i]->attributes[j]; j++) {
                    if (!strcmp(node[i]->attributes[j], XML_OPERATOR)) {
                        int result = VU_TRUE;
                        operator_found = 1;
                        if (!strcmp(node[i]->values[j], XML_OR)) {
                            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                                continue;
                            } else if (result = wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_OR), result == OS_INVALID) {
                                retval = OS_INVALID;
                                goto end;
                            }

                        } else if (!strcmp(node[i]->values[j], XML_AND)) {
                            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                                continue;
                            } else if (result = wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_AND), result == OS_INVALID) {
                                retval = OS_INVALID;
                                goto end;
                            }

                        } else {
                            mterror(WM_VULNDETECTOR_LOGTAG, VU_INVALID_OPERATOR, node[i]->values[j]);
                            retval = OS_INVALID;
                            goto end;
                        }
                    }
                }
                // Checks for version comparasions without operators
                if (!operator_found && node[i]->attributes && node[i]->values &&
                    *node[i]->attributes && *node[i]->values &&
                    !strcmp(*node[i]->attributes, XML_COMMENT) &&
                    !strcmp(*node[i]->values, "file version")) {
                    if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                        continue;
                    } else if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, VU_AND) == OS_INVALID) {
                        retval = OS_INVALID;
                        goto end;
                    }
                }
            }
        }
        else if ((dist == FEED_UBUNTU || dist == FEED_REDHAT) && !strcmp(node[i]->element, XML_CRITERION)) {
            // To avoid a RHSA with no CVEs
            if (!parsed_oval->vulnerabilities->cve_id) {
                goto end;
            }
            for (j = 0; node[i]->attributes[j]; j++) {
                // Checks if the package isn't vulnerable
                if (!strcmp(node[i]->attributes[j], XML_COMMENT)) {
                    STATIC const char not_vulnerable[] = "while related to the CVE in some way, a decision has been made to ignore this issue";

                    if (parsed_oval->vulnerabilities->state_id && strstr(node[i]->values[j], not_vulnerable)) {
                        parsed_oval->vulnerabilities->ignore = 1; // Out of support || Will not fix
                    }
                }

                else if (!strcmp(node[i]->attributes[j], XML_TEST_REF)) {
                    if (parsed_oval->vulnerabilities->state_id &&
                        parsed_oval->vulnerabilities->cve_id) {
                        wm_vuldet_add_oval_vulnerability(parsed_oval);
                        if (dist == FEED_REDHAT) {
                            wm_vuldet_oval_copy_rhsa(parsed_oval->vulnerabilities->prev, parsed_oval->vulnerabilities);
                        }
                        os_strdup(parsed_oval->vulnerabilities->prev->cve_id, parsed_oval->vulnerabilities->cve_id);
                    }
                    os_strdup(node[i]->values[j], parsed_oval->vulnerabilities->state_id);
                }
            }
        }
        else if (!strcmp(node[i]->element, XML_DESCRIPTION)) {
            os_strdup(node[i]->content, parsed_oval->info_cves->description);
        }
        else if (!strcmp(node[i]->element, XML_OVAL_PRODUCT_VERSION)) {
            os_strdup(node[i]->content, parsed_oval->metadata.product_version);
        }
        else if (!strcmp(node[i]->element, XML_OVAL_PRODUCT_NAME)) {
            os_strdup(node[i]->content, parsed_oval->metadata.product_name);
        }
        else if (!strcmp(node[i]->element, XML_DATE)) {
            os_strdup(node[i]->content, parsed_oval->info_cves->published);
        }
        else if (!strcmp(node[i]->element, XML_OVAL_TIMESTAMP)) {
            os_strdup(node[i]->content, parsed_oval->metadata.timestamp);
        }
        else if (!strcmp(node[i]->element, XML_OVAL_SCHEMA_VERSION)) {
            os_strdup(node[i]->content, parsed_oval->metadata.schema_version);
        }
        else if (!strcmp(node[i]->element, XML_SEVERITY)) {
            if (*node[i]->content != '\0') {
                os_strdup(node[i]->content, parsed_oval->info_cves->severity);
            } else {
                parsed_oval->info_cves->severity = NULL;
            }
        }
        else if (!strcmp(node[i]->element, XML_UPDATED)) {
            if (node[i]->attributes) {
                for (j = 0; node[i]->attributes[j]; j++) {
                    if (!strcmp(node[i]->attributes[j], XML_DATE)) {
                        os_strdup(node[i]->values[j], parsed_oval->info_cves->updated);
                    }
                }
            }
        }
        else if (dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_PUBLIC_DATE)) {
            os_strdup(node[i]->content, parsed_oval->info_cves->published);
        }
        else if (dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_BUG)) {
            if (!parsed_oval->info_cves->bugzilla_references)
                os_calloc(1, sizeof(references), parsed_oval->info_cves->bugzilla_references);

            references *bugrefs = parsed_oval->info_cves->bugzilla_references;
            os_realloc(bugrefs->values, (bugrefs->elements + 2) * sizeof(char *), bugrefs->values);
            os_strdup(node[i]->content, bugrefs->values[bugrefs->elements]);
            bugrefs->values[++bugrefs->elements] = NULL;
        }
        else if (dist == FEED_UBUNTU && !strcmp(node[i]->element, XML_REF)) {
            if (!parsed_oval->info_cves->refs)
                os_calloc(1, sizeof(references), parsed_oval->info_cves->refs);

            references *refs = parsed_oval->info_cves->refs;
            os_realloc(refs->values, (refs->elements + 2) * sizeof(char *), refs->values);
            os_strdup(node[i]->content, refs->values[refs->elements]);
            refs->values[++refs->elements] = NULL;
        } else if (!strcmp(node[i]->element, XML_OVAL_DEFINITIONS)  ||
                   !strcmp(node[i]->element, XML_DEFINITIONS)       ||
                   !strcmp(node[i]->element, XML_OBJECTS)           ||
                   !strcmp(node[i]->element, XML_VARIABLES)         ||
                   !strcmp(node[i]->element, XML_METADATA)          ||
                   !strcmp(node[i]->element, XML_TESTS)             ||
                   !strcmp(node[i]->element, XML_STATES)            ||
                   !strcmp(node[i]->element, XML_ADVISORY)          ||
                   !strcmp(node[i]->element, XML_DEBIAN)            ||
                   !strcmp(node[i]->element, XML_GENERATOR)) {
            if (chld_node = OS_GetElementsbyNode(xml, node[i]), !chld_node) {
                goto invalid_elem;
            } else if (wm_vuldet_oval_xml_parser(xml, chld_node, parsed_oval, update, condition) == OS_INVALID) {
                retval = OS_INVALID;
                goto end;
            }
        }

        OS_ClearNode(chld_node);
        chld_node = NULL;
    }


end:
    OS_ClearNode(chld_node);
    return retval;

invalid_elem:
    mterror(WM_VULNDETECTOR_LOGTAG, XML_INVELEM, node[i]->element);
    return OS_INVALID;
}

int wm_vuldet_oval_process(update_node *update, char *path, wm_vuldet_db *parsed_vulnerabilities) {
    int success = 0;
    char *tmp_file;
    OS_XML xml;
    XML_NODE node = NULL;
    XML_NODE chld_node = NULL;

    memset(&xml, 0, sizeof(xml));

    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_PRE, vu_feed_tag[update->dist_tag_ref]);
    if (tmp_file = wm_vuldet_oval_xml_preparser(path, update->dist_ref), !tmp_file) {
        goto free_mem;
    }

    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_PAR, vu_feed_tag[update->dist_tag_ref]);
    if (OS_ReadXML(tmp_file, &xml) < 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_LOAD_CVE_ERROR, vu_feed_tag[update->dist_tag_ref], xml.err);
        goto free_mem;
    }

    if (node = OS_GetElementsbyNode(&xml, NULL), !node) {
        goto free_mem;
    };

    // Reduces a level of recurrence
    if (chld_node = OS_GetElementsbyNode(&xml, *node), !chld_node) {
        goto free_mem;
    }

    if (wm_vuldet_oval_xml_parser(&xml, chld_node, parsed_vulnerabilities, update, 0) == OS_INVALID) {
        goto free_mem;
    }

    success = 1;
free_mem:
    os_free(tmp_file);
    OS_ClearNode(node);
    OS_ClearNode(chld_node);
    OS_ClearXML(&xml);
    return !success;
}

int wm_vuldet_fetch_redhat(update_node *update) {
    int attempt = 1;
    int retval = VU_TRY_NEXT_PAGE;
    FILE *fp = NULL;
    char *repo = NULL;
    char buffer[OS_SIZE_128 + 1];
    int res_url_request;

    if (update->multi_url) {
        char tag[10 + 1];

        snprintf(tag, 10, "%d", update->update_it);
        repo = wstr_replace(update->multi_url, MULTI_URL_TAG, tag);
    } else {
        os_calloc(OS_SIZE_2048 + 1, sizeof(char), repo);
        snprintf(repo, OS_SIZE_2048, JSON_RED_HAT_REPO, update->update_from_year, RED_HAT_REPO_REQ_SIZE, update->update_it);
    }

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DOWNLOAD_START, repo);
    while (1) {
        res_url_request = wurl_request_uncompress_bz2_gz(repo, VU_FIT_TEMP_FILE, NULL, NULL, update->timeout, NULL);
        if (res_url_request) {
            if (attempt == RED_HAT_REPO_MAX_ATTEMPTS) {
                mtwarn(WM_VULNDETECTOR_LOGTAG, VU_API_REQ_INV_NEW, repo, RED_HAT_REPO_MAX_ATTEMPTS);
                update->update_state = VU_TRY_NEXT_PAGE;
                retval = 0;
                goto end;
            }

            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_API_REQ_INV, repo, attempt);
            attempt++;
            sleep(attempt * DOWNLOAD_SLEEP_FACTOR);
        } else {
            break;
        }
    }

    if (fp = fopen(VU_FIT_TEMP_FILE, "r"), !fp) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "fopen(%s): %s", VU_FIT_TEMP_FILE, strerror(errno));
        retval = OS_INVALID;
        update->update_state = VU_INV_FEED;
        goto end;
    }
    if (!fgets(buffer, OS_SIZE_128, fp) || !strncmp(buffer, "[]", 2)) {
        if (remove(VU_FIT_TEMP_FILE) < 0) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_FIT_TEMP_FILE, strerror(errno));
        }
        update->update_state = VU_FINISH_FETCH;
    } else {
        update->update_state = VU_SUCC_DOWN_PAGE;
    }

    retval = 0;
end:
    free(repo);
    if (fp) {
        fclose(fp);
    }
    return retval;
}

int wm_vuldet_index_feed(update_node *update) {
    wm_vuldet_db parsed_vulnerabilities;
    const char *OS_VERSION;
    char *path;
    char success = 0;
    int compress;

    memset(&parsed_vulnerabilities, 0, sizeof(wm_vuldet_db));
    OS_VERSION = vu_feed_tag[update->dist_tag_ref];
    parsed_vulnerabilities.OS = OS_VERSION;

    if (update->json_format) {
        int result;
        // It is a feed in JSON format
        if (result = wm_vuldet_index_json(&parsed_vulnerabilities, update,
                                update->multi_path ? update->multi_path :
                                (update->path && update->dist_ref == FEED_ALAS) ? update->path : VU_FIT_TEMP_FILE,
                                update->multi_path ? 1 : 0), result == OS_INVALID) {
            goto free_mem;
        } else if (result == VU_NOT_NEED_UPDATE) {
            success = 1;
            goto free_mem;
        }
    } else {
        path = update->path ? update->path : VU_TEMP_FILE;

        if (update->dist_ref == FEED_UBUNTU ||
            update->dist_ref == FEED_DEBIAN ||
            update->dist_ref == FEED_REDHAT) {

            switch (w_uncompress_bz2_gz_file(path, VU_TEMP_FILE)) {
            case -1:
                mterror(WM_VULNDETECTOR_LOGTAG, VU_CONTENT_FEED_ERROR, update->dist_ext, path);
                goto free_mem;
            case 0:
                compress = 1;
                break;
            default:
                compress = 0;
            }

            if (wm_vuldet_oval_process(update, compress ? VU_TEMP_FILE : path, &parsed_vulnerabilities)) {
                goto free_mem;
            }
        }
        else if (update->dist_ref == FEED_CPED) {
            if (wm_vuldet_nvd_cpe_parser(path, &parsed_vulnerabilities)) {
                goto free_mem;
            }
        }
    }

    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_START_REFRESH_DB, update->dist_ext);

    if (wm_vuldet_insert(&parsed_vulnerabilities, update)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_REFRESH_DB_ERROR, OS_VERSION);
        goto free_mem;
    }
    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_STOP_REFRESH_DB, update->dist_ext);

    success = 1;
free_mem:
    if (remove(VU_TEMP_FILE) < 0) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_TEMP_FILE, strerror(errno));
    }
    if (remove(VU_FIT_TEMP_FILE) < 0) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_FIT_TEMP_FILE, strerror(errno));
    }
    if (remove(VU_TEMP_FILE_BZ2) < 0) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_TEMP_FILE_BZ2, strerror(errno));
    }

    if (success) {
        return 0;
    }

    return OS_INVALID;
}

int wm_vuldet_fetch_oval(update_node *update, char *repo) {
    STATIC const char *timestamp_tag = "timestamp>";
    char timestamp[OS_SIZE_256 + 1] = {0};
    char buffer[OS_MAXSTR + 1] = {0};
    FILE *fp = NULL;
    char *found;
    int attempts;
    vu_logic retval = VU_INV_FEED;

    for (attempts = 0;; attempts++) {
        int res_url_request = wurl_request_uncompress_bz2_gz(repo, VU_TEMP_FILE, NULL, NULL, update->timeout, NULL);
        if (!res_url_request) {
            break;
        } else if (attempts == WM_VULNDETECTOR_DOWN_ATTEMPTS) {
            goto end;
        }
        mdebug1(VU_DOWNLOAD_FAIL, attempts);
        sleep(attempts);
    }

    if (fp = fopen(VU_TEMP_FILE, "r"), !fp) {
        goto end;
    }

    while (fgets(buffer, OS_MAXSTR, fp)) {
        if (found = strstr(buffer, timestamp_tag), found) {
            char *close_tag;
            found+=strlen(timestamp_tag);

            if (close_tag = strstr(found, "<"), !close_tag) {
                goto end;
            }
            *close_tag = '\0';

            switch (wm_vuldet_check_timestamp(vu_feed_tag[update->dist_tag_ref], found, timestamp)) {
                case VU_TIMESTAMP_FAIL:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED_ERROR, update->dist_ext);
                    goto end;
                break;
                case VU_TIMESTAMP_UPDATED:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_DATE, update->dist_ext);
                    retval = VU_NOT_NEED_UPDATE;
                    goto end;
                break;
                case VU_TIMESTAMP_OUTDATED:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED, update->dist_ext, "");
                break;
            }
            break;
        }
    }

    retval = VU_NEED_UPDATE;
end:
    if (fp) {
        w_fclose(fp);
    }

    return retval;
}

bool wm_vuldet_set_feed_update_url(update_node *update) {
    char *repo = NULL;
    char *low_repo = NULL;

    // Discard non-harcoded URLs and expected feeds
    if (update->url ||
        update->dist_ref == FEED_CPED    ||
        update->dist_ref == FEED_NVD     ||
        update->dist_ref == FEED_CPEW    ||
        update->dist_ref == FEED_JREDHAT ||
        update->dist_ref == FEED_ARCH    ||
        update->dist_ref == FEED_MSU) {
            return true;
    }

    os_calloc(1, OS_SIZE_2048 + 1, repo);

    // Ubuntu, debian and Amazon build their repos in a specific way
    if (update->dist_ref == FEED_UBUNTU) {
        os_strdup(update->version, low_repo);
        str_lowercase(low_repo);
        snprintf(repo, OS_SIZE_2048, CANONICAL_REPO, low_repo);
        free(low_repo);

    } else if (update->dist_ref == FEED_DEBIAN) {
        os_strdup(update->version, low_repo);
        str_lowercase(low_repo);
        snprintf(repo, OS_SIZE_2048, DEBIAN_REPO, low_repo);
        free(low_repo);

    } else if (update->dist_ref == FEED_ALAS) {
        snprintf(repo, OS_SIZE_2048, update->dist_tag_ref == FEED_ALAS1 ? ALAS_REPO : ALAS2_REPO);

    } else if (update->dist_ref == FEED_REDHAT) {
        if (update->dist_tag_ref == FEED_RHEL5)
            snprintf(repo, OS_SIZE_2048, "%s", RED_HAT5_REPO);
        else // RHEL6, RHEL7 and RHEL8
            snprintf(repo, OS_SIZE_2048, RED_HAT_REPO, update->version, update->version);

    } else {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_OS_VERSION_ERROR);
        os_free(repo);
        return false;
    }

    update->url = repo;

    return true;
}

int wm_vuldet_check_timestamp(const char *target, char *timst, char *ret_timst) {
    int retval = VU_TIMESTAMP_FAIL;
    const char *stored_timestamp;
    sqlite3_stmt *stmt = NULL;
    sqlite3 *db = NULL;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
        goto end;
    } else {
        if (wm_vuldet_prepare(db, vu_queries[TIMESTAMP_QUERY], -1, &stmt, NULL) != SQLITE_OK) {
            goto end;
        }
        sqlite3_bind_text(stmt, 1, target, -1, NULL);
        if (wm_vuldet_step(stmt) == SQLITE_ROW) {
            if (stored_timestamp = (const char *) sqlite3_column_text(stmt, 0), stored_timestamp) {
                if (!strcmp(stored_timestamp, timst)) {
                    retval = VU_TIMESTAMP_UPDATED;
                    if (ret_timst) {
                        snprintf(ret_timst, OS_SIZE_256, "%s", stored_timestamp);
                    }
                    goto end;
                }
            }
        }
        retval = VU_TIMESTAMP_OUTDATED;
    }
end:
    if (db) {
        sqlite3_close_v2(db);
    }
    wdb_finalize(stmt);
    return retval;
}

char * wm_vuldet_get_hash(const char *target) {
    sqlite3_stmt *stmt = NULL;
    sqlite3 *db = NULL;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
        wm_vuldet_sql_error(db, stmt);
        return NULL;
    }

    if (wm_vuldet_prepare(db, vu_queries[HASH_QUERY], -1, &stmt, NULL) != SQLITE_OK) {
        wm_vuldet_sql_error(db, stmt);
        return NULL;
    }

    char *hash = NULL;

    sqlite3_bind_text(stmt, 1, target, -1, NULL);
    if (wm_vuldet_step(stmt) == SQLITE_ROW) {
        char *val = (char*)sqlite3_column_text(stmt, 0);
        sqlite_strdup((const char *) val, hash);
    }

    sqlite3_close_v2(db);
    wdb_finalize(stmt);

    return hash;
}

int wm_vuldet_fetch_feed(update_node *update, int8_t *need_update) {
    char repo[OS_SIZE_2048 + 1] = {'\0'};
    unsigned char success = 0;
    int result;
    *need_update = 1;

    // Clean metadata when set a custom location
    if (update->custom_location) {

        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_METADATA_CLEAN, vu_feed_tag[update->dist_tag_ref]);

        sqlite3 *db;
        if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, NULL);
        }

        if (wm_vuldet_remove_target_table(db, METADATA_TABLE, vu_feed_tag[update->dist_tag_ref])) {
            return OS_INVALID;
        }

        sqlite3_close_v2(db);
    }

    if (!update->url && (update->path || (update->multi_path && update->dist_ref != FEED_DEBIAN))) {
        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_LOCAL_FETCH, update->path ? update->path : update->multi_path);
        return 0;
    }

    // Only for those O.S with more than one feed.
    if (wm_vuldet_set_feed_update_url(update) == false && !update->url) {
        return OS_INVALID;
    } else if (update->url != NULL) {
        // Online and offline update for O.S. with more than one feed (Ubuntu, Amazon, Red Hat, Debian...)
        // Offline update for tags <os url=''></os> and (msu)<url></url>
        snprintf(repo, OS_SIZE_2048, "%s", update->url);
    }

    // Call to the specific fetch function
    switch (update->dist_ref) {
        case FEED_JREDHAT:
            update->update_state = 0;
            if (result = wm_vuldet_fetch_redhat(update), result != OS_INVALID) {
                success = 1;
                if (update->update_state == VU_FINISH_FETCH || update->update_state == VU_TRY_NEXT_PAGE || update->update_state == VU_INV_FEED) {
                    *need_update = 0;
                }
            }
            goto end;

        case FEED_ARCH:
            if (result = wm_vuldet_fetch_arch(update, repo), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
        break;

        case FEED_CPED:
            if (wm_vuldet_fetch_nvd_cpe(update->timeout, repo)) {
                goto end;
            }
        break;

        case FEED_NVD:
            if (result = wm_vuldet_fetch_nvd_cve(update), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
        break;

        case FEED_CPEW:
            if (result = wm_vuldet_fetch_wazuh_cpe(update), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
        break;

        case FEED_ALAS:
            if (result = wm_vuldet_fetch_wazuh_repo(update, repo), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
        break;

        case FEED_MSU:
            if (result = wm_vuldet_fetch_wazuh_repo(update, repo), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
        break;

        default:
            if (result = wm_vuldet_fetch_oval(update, repo), result == VU_INV_FEED) {
                goto end;
            } else if (result == VU_NOT_NEED_UPDATE) {
                *need_update = 0;
            }
    }

    success = 1;
end:
    if (success) {
        return 0;
    } else {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_FETCH_ERROR, update->dist_ext);
        return OS_INVALID;
    }
}

int wm_vuldet_check_feed(update_node *upd, int8_t *updated) {
    if (wm_vuldet_check_update_period(upd)) {
        if (!wm_vuldet_silent_feed(upd->dist_tag_ref)) {
            mtinfo(WM_VULNDETECTOR_LOGTAG, VU_STARTING_UPDATE, vu_feed_ext[upd->dist_tag_ref]);
        } else {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_STARTING_UPDATE, vu_feed_ext[upd->dist_tag_ref]);
        }
        if (wm_vuldet_update_feed(upd, updated)) {
            if (!upd->attempted) {
                upd->last_sync = time(NULL) - upd->interval + WM_VULNDETECTOR_RETRY_UPDATE;
                upd->attempted = 1;
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_RETRY, upd->dist, upd->version ? upd->version : "provider", (long unsigned)WM_VULNDETECTOR_RETRY_UPDATE);
            } else {
                upd->last_sync = time(NULL);
                upd->attempted = 0;
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_RETRY, upd->dist, upd->version ? upd->version : "provider", upd->interval);
            }

            if (upd->dist_tag_ref == FEED_CPEW) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_NVD_UPD_CANCEL, "Wazuh CPE Helper");
                *updated = -1;
            }

            return OS_INVALID;
        } else {
            if (!wm_vuldet_silent_feed(upd->dist_tag_ref)) {
                mtinfo(WM_VULNDETECTOR_LOGTAG, VU_ENDING_UPDATE, upd->dist_ext);
            } else {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_STARTING_UPDATE, vu_feed_ext[upd->dist_tag_ref]);
            }
            upd->last_sync = time(NULL);
            time_t last_feed_upd = wm_vuldet_get_last_feed_update(upd->dist_tag_ref);
            if (last_feed_upd != -1) {
                upd->last_update = last_feed_upd;
            }
        }
    }
    return 0;
}

cJSON *wm_vuldet_get_debian_status_feed(update_node *update) {
    FILE *deb_file = NULL;
    int attempts;
    int res_url_request;
    char * path = NULL;
    char * url = DEBIAN_REPO_STATUS;
    cJSON * json_file = NULL;

    if (update->multi_path) {
        path = update->multi_path;
    }

    if (update->multi_url) {
        url = update->multi_url;
    }

    if (path) {
        // Fetch Debian Security Tracker feed locally
        if (w_is_file(path)) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DEB_STATUS_FETCH, path);
            json_file = wm_vuldet_json_fread(path);
            return json_file;
        } else {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, "Unable to read file '%s'", path);
        }
    }

    if (deb_file = fopen(VU_DEB_TEMP_FILE, "r"), !deb_file) {
        // Download Debian status feed
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DEB_STATUS_FETCH, url);
        for (attempts = 0;; attempts++) {
            res_url_request = wurl_request_uncompress_bz2_gz(url, VU_DEB_TEMP_FILE, NULL, NULL, update->timeout, NULL);
            if (!res_url_request) {
                break;
            } else if (attempts == WM_VULNDETECTOR_DOWN_ATTEMPTS) {
                return NULL;
            }
            mdebug1(VU_DOWNLOAD_FAIL, attempts);
            sleep(attempts);
        }
    } else {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DEB_STATUS_FETCH, VU_DEB_TEMP_FILE);
        fclose(deb_file);
    }

    // Parse Debian status feed
    return wm_vuldet_json_fread(VU_DEB_TEMP_FILE);
}

int wm_vuldet_run_update(update_node **updates) {
    int ret = 0;
    int8_t updated = 1;
    int up_status = 0;

    // Check updates for all the feeds
    for (int os = 0; os < OS_SUPP_SIZE; os++) {
        if (!updates[os])
            continue;

        // If none of RedHat's OVALs have been updated,
        // we can deduce that the JSON is already up to date.
        if (updates[os]->dist_ref == FEED_JREDHAT && up_status == 1) {
            updates[os]->last_sync = time(NULL);
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_DATE, vu_feed_ext[FEED_JREDHAT]);
            continue;
        }

        if (wm_vuldet_check_feed(updates[os], &updated)) {
            ret = OS_INVALID;
            if (updated == -1) {
                // The CPE helper update failed (updated is only set to -1 when evaluating the CPE helper)
                wm_vuldet_release_update_node(updates, CPE_WDIC);
                wm_vuldet_release_update_node(updates, CVE_NVD);
                continue;
            }
        }

        /** @updated -> If the RHEL feed was successfully updated(1).
        * +1 Represents the availability of the RHEL feeds. Otherwise we
        * won't be capable of distinguishing between non available RHEL feeds, and
        * available but up-to-date feeds. (In both cases @up_status would be 0).
        **/
        up_status |= (updates[os]->dist_ref == FEED_REDHAT)? updated + 1 : up_status;
    }

    // Remove Debian status feed
    if (remove(VU_DEB_TEMP_FILE) < 0 && errno != ENOENT) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_DEB_TEMP_FILE, strerror(errno));
    }

    return ret;
}

int wm_vuldet_json_rh_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities) {
    cJSON *json_it;
    cJSON *cve_content;
    time_t l_time;
    struct tm *tm_time;

    static char *JSON_CVE = "CVE";
    static char *JSON_SEVERITY = "severity";
    static char *JSON_PUBLIC_DATE = "public_date";
    static char *JSON_ADVISORIES = "advisories";
    static char *JSON_BUGZILLA = "bugzilla";
    static char *JSON_BUGZILLA_DESCRIPTION = "bugzilla_description";
    static char *JSON_CVSS_SCORE = "cvss_score";
    static char *JSON_CVSS_SCORING_VECTOR = "cvss_scoring_vector";
    static char *JSON_CWE = "CWE";
    static char *JSON_AFFECTED_PACKAGES = "affected_packages";
    static char *JSON_RESOURCE_URL = "resource_url";
    static char *JSON_CVSS3_SCORE = "cvss3_score";
    static char *JSON_CVSS3_SCORING_VECTOR = "cvss3_scoring_vector";

    // Metadata values
    STATIC char *rh_product_name = "Red Hat Security Data";
    STATIC char *rh_product_version = "1.0";
    char *m_product_name = NULL;
    char *m_product_version = NULL;
    char *m_schema_version = NULL;
    char m_timestamp[27] = { '\0' };

    for (json_it  = json_feed->child; json_it; json_it = json_it->next) {
        char *tmp_cve = NULL;
        char *tmp_severity = NULL;
        char *tmp_public_date = NULL;
        cJSON *tmp_advisories = NULL;
        char *tmp_bugzilla = NULL;
        char *tmp_bugzilla_description = NULL;
        double tmp_cvss_score = -1;
        char *tmp_cvss_scoring_vector = NULL;
        char *tmp_cwe = NULL;
        double tmp_cvss3_score = -1;
        char *tmp_cvss3_scoring_vector = NULL;

        time(&l_time);
        tm_time = localtime(&l_time);
        strftime(m_timestamp, 26, "%Y-%m-%d %H:%M:%S", tm_time);
        m_product_name = rh_product_name;
        m_product_version = rh_product_version;

        for (cve_content  = json_it->child; json_tagged_obj(cve_content); cve_content = cve_content->next) {
            if (!strcmp(cve_content->string, JSON_CVE)) {
                tmp_cve = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_SEVERITY)) {
                tmp_severity = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_PUBLIC_DATE)) {
                tmp_public_date = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_ADVISORIES)) {
                tmp_advisories = cve_content->child;
            } else if (!strcmp(cve_content->string, JSON_BUGZILLA)) {
                tmp_bugzilla = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_BUGZILLA_DESCRIPTION)) {
                tmp_bugzilla_description = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_CVSS_SCORE)) {
                if (cve_content->type == cJSON_String) {
                    tmp_cvss_score = atof(cve_content->valuestring);
                } else if (cve_content->type == cJSON_Number) {
                    tmp_cvss_score = cve_content->valuedouble;
                }
            } else if (!strcmp(cve_content->string, JSON_CVSS_SCORING_VECTOR)) {
                tmp_cvss_scoring_vector = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_CWE)) {
                tmp_cwe = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_RESOURCE_URL)) {
            } else if (!strcmp(cve_content->string, JSON_CVSS3_SCORE)) {
                if (cve_content->type == cJSON_String) {
                    tmp_cvss3_score = atof(cve_content->valuestring);
                } else if (cve_content->type == cJSON_Number) {
                    tmp_cvss3_score = cve_content->valuedouble;
                }
            } else if (!strcmp(cve_content->string, JSON_CVSS3_SCORING_VECTOR)) {
                tmp_cvss3_scoring_vector = cve_content->valuestring;
            } else if (strcmp(cve_content->string, JSON_AFFECTED_PACKAGES)) {
                // Discard all the "affected_packages" tags.
                mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_UNEXP_JSON_KEY, cve_content->string);
            }
        }

        if(!tmp_bugzilla_description || !tmp_cve) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FEED_NODE_NULL_ELM);
            return OS_INVALID;
        }

        wm_vuldet_adapt_title(tmp_bugzilla_description, tmp_cve);

        // Fill in vulnerability information
        wm_vuldet_add_vulnerability_info(parsed_vulnerabilities);
        w_strdup(tmp_cve, parsed_vulnerabilities->info_cves->cveid);
        w_strdup(tmp_severity, parsed_vulnerabilities->info_cves->severity);
        w_strdup(tmp_public_date, parsed_vulnerabilities->info_cves->published);

        // Setting the reference. In RH we only have one reference link to save in the array for each CVE
        if (!parsed_vulnerabilities->info_cves->refs)
            os_calloc(1, sizeof(references), parsed_vulnerabilities->info_cves->refs);

        references *refs = parsed_vulnerabilities->info_cves->refs;
        os_realloc(refs->values, (refs->elements + 2) * sizeof(char *), refs->values);
        refs->values[refs->elements] = wm_vuldet_build_url(VU_BUILD_REF_CVE_RH, tmp_cve);
        refs->values[++refs->elements] = NULL;

        w_strdup(tmp_bugzilla_description, parsed_vulnerabilities->info_cves->description);
        parsed_vulnerabilities->info_cves->cvss = (tmp_cvss_score != -1) ? w_double_str(tmp_cvss_score) : NULL;
        parsed_vulnerabilities->info_cves->cvss3 = (tmp_cvss3_score != -1) ? w_double_str(tmp_cvss3_score) : NULL;
        w_strdup(tmp_cvss_scoring_vector, parsed_vulnerabilities->info_cves->cvss_vector);
        w_strdup(tmp_cvss3_scoring_vector, parsed_vulnerabilities->info_cves->cvss3_vector);

        // Setting the bugzilla reference. In RH we only have one bugzilla reference link to save in the array for each CVE
        if (!parsed_vulnerabilities->info_cves->bugzilla_references)
            os_calloc(1, sizeof(references), parsed_vulnerabilities->info_cves->bugzilla_references);

        references *bugrefs = parsed_vulnerabilities->info_cves->bugzilla_references;
        os_realloc(bugrefs->values, (bugrefs->elements + 2) * sizeof(char *), bugrefs->values);
        bugrefs->values[bugrefs->elements] = wm_vuldet_build_url(VU_BUILD_REF_BUGZ, tmp_bugzilla);
        bugrefs->values[++bugrefs->elements] = NULL;

        parsed_vulnerabilities->info_cves->advisories = wm_vuldet_extract_advisories(tmp_advisories);
        w_strdup(tmp_cwe, parsed_vulnerabilities->info_cves->cwe);
    }

    // Insert metadata values
    os_free(parsed_vulnerabilities->metadata.product_name);
    w_strdup(m_product_name, parsed_vulnerabilities->metadata.product_name);
    os_free(parsed_vulnerabilities->metadata.product_version);
    w_strdup(m_product_version, parsed_vulnerabilities->metadata.product_version);
    os_free(parsed_vulnerabilities->metadata.schema_version);
    w_strdup(m_schema_version, parsed_vulnerabilities->metadata.schema_version);
    os_free(parsed_vulnerabilities->metadata.timestamp);
    os_strdup(m_timestamp, parsed_vulnerabilities->metadata.timestamp);

    return 0;
}

int wm_vuldet_json_arch_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities) {
    cJSON *json_it;
    cJSON *cve_content;
    cJSON *packages_content;
    time_t l_time;
    struct tm *tm_time;

    static char *JSON_NAME = "name";
    static char *JSON_PACKAGES = "packages";
    static char *JSON_STATUS = "status";
    static char *JSON_SEVERITY = "severity";
    static char *JSON_AFFECTED = "affected";
    static char *JSON_FIXED = "fixed";
    static char *JSON_ISSUES = "issues";
    static char *JSON_ADVISORIES = "advisories";

    // Metadata values
    STATIC char *arch_product_name = "Arch Linux Security Data";
    STATIC char *arch_product_version = "1.0";
    char *m_product_name = NULL;
    char *m_product_version = NULL;
    char *m_schema_version = NULL;
    char m_timestamp[27] = { '\0' };

    for (json_it  = json_feed->child; json_it; json_it = json_it->next) {
        char *tmp_name = NULL;
        cJSON *tmp_packages = NULL;
        char *tmp_status = NULL;
        char *tmp_severity = NULL;
        char *tmp_affected = NULL;
        char *tmp_fixed = NULL;
        cJSON *tmp_issues = NULL;
        cJSON *tmp_advisories = NULL;

        time(&l_time);
        tm_time = localtime(&l_time);
        strftime(m_timestamp, 26, "%Y-%m-%d %H:%M:%S", tm_time);
        m_product_name = arch_product_name;
        m_product_version = arch_product_version;

        for (cve_content = json_it->child; json_tagged_obj(cve_content); cve_content = cve_content->next) {
            if (!strcmp(cve_content->string, JSON_NAME)) {
                tmp_name = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_PACKAGES)) {
                tmp_packages = cve_content->child;
            } else if (!strcmp(cve_content->string, JSON_STATUS)) {
                tmp_status = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_SEVERITY)) {
                tmp_severity = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_AFFECTED)) {
                tmp_affected = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_FIXED)) {
                tmp_fixed = cve_content->valuestring;
            } else if (!strcmp(cve_content->string, JSON_ISSUES)) {
                tmp_issues = cve_content->child;
            } else if (!strcmp(cve_content->string, JSON_ADVISORIES)) {
                tmp_advisories = cve_content->child;
            }
        }

        if (!tmp_name || !tmp_severity || !tmp_packages || !tmp_affected || !tmp_status) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_FEED_NODE_NULL_ELM);
            return OS_INVALID;
        }

        char first_cve = 1;
        for (cve_content = tmp_issues; first_cve || cve_content; cve_content = cve_content ? cve_content->next : NULL) {
            first_cve = 0;

            for (packages_content = tmp_packages; packages_content; packages_content = packages_content->next) {
                wm_vuldet_add_vulnerability_info(parsed_vulnerabilities);
                wm_vuldet_add_oval_vulnerability(parsed_vulnerabilities);

                // Fill in vulnerability information
                if (cve_content) {
                    w_strdup(cve_content->valuestring, parsed_vulnerabilities->info_cves->cveid);
                    w_strdup(cve_content->valuestring, parsed_vulnerabilities->vulnerabilities->cve_id);
                } else {
                    w_strdup("Unspecified", parsed_vulnerabilities->info_cves->cveid);
                    w_strdup("Unspecified", parsed_vulnerabilities->vulnerabilities->cve_id);
                }

                w_strdup(tmp_severity, parsed_vulnerabilities->info_cves->severity);

                // Setting the reference. In Arch we only have one reference link to save in the array for each CVE
                if (!parsed_vulnerabilities->info_cves->refs)
                    os_calloc(1, sizeof(references), parsed_vulnerabilities->info_cves->refs);

                references *refs = parsed_vulnerabilities->info_cves->refs;
                os_realloc(refs->values, (refs->elements + 2) * sizeof(char *), refs->values);
                refs->values[refs->elements] = wm_vuldet_build_url(VU_BUILD_REF_CVE_ARCH, tmp_name);
                refs->values[++refs->elements] = NULL;

                if (!parsed_vulnerabilities->info_cves->bugzilla_references)
                    os_calloc(1, sizeof(references), parsed_vulnerabilities->info_cves->bugzilla_references);

                parsed_vulnerabilities->info_cves->advisories = wm_vuldet_extract_advisories(tmp_advisories);
                os_strdup(packages_content->valuestring, parsed_vulnerabilities->vulnerabilities->package_name);
                if (tmp_fixed && (!strcmp(tmp_status, "Fixed"))) {
                    os_strdup(tmp_fixed, parsed_vulnerabilities->vulnerabilities->package_version);
                    os_strdup("less than", parsed_vulnerabilities->vulnerabilities->state_id);
                } else if (!strcmp(tmp_status, "Vulnerable")) {
                    os_strdup(tmp_affected, parsed_vulnerabilities->vulnerabilities->package_version);
                    os_strdup("greater than or equal", parsed_vulnerabilities->vulnerabilities->state_id);
                }
            }
        }
    }

    // Insert metadata values
    os_free(parsed_vulnerabilities->metadata.product_name);
    w_strdup(m_product_name, parsed_vulnerabilities->metadata.product_name);
    os_free(parsed_vulnerabilities->metadata.product_version);
    w_strdup(m_product_version, parsed_vulnerabilities->metadata.product_version);
    os_free(parsed_vulnerabilities->metadata.schema_version);
    w_strdup(m_schema_version, parsed_vulnerabilities->metadata.schema_version);
    os_free(parsed_vulnerabilities->metadata.timestamp);
    os_strdup(m_timestamp, parsed_vulnerabilities->metadata.timestamp);

    return 0;
}

int wm_vuldet_json_parser(char *json_path, wm_vuldet_db *parsed_vulnerabilities, update_node *update) {
    int retval = OS_INVALID;
    int compress = 0;

    switch (w_uncompress_bz2_gz_file(json_path, VU_FIT_TEMP_FILE)) {
    case -1:
        mterror(WM_VULNDETECTOR_LOGTAG, VU_CONTENT_FEED_ERROR, update->dist_ext, json_path);
        return retval;
    case 0:
        compress = 1;
        break;
    default:
        compress = 0;
    }

    if (update->dist_ref == FEED_NVD) {
        char *json_feed;
        if (json_feed = w_get_file_content(compress ? VU_FIT_TEMP_FILE : json_path, JSON_MAX_FSIZE), !json_feed) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_CONTENT_FEED_ERROR, update->dist_ext, json_path);
            return retval;
        }

        if (retval = wm_vuldet_json_nvd_parser(json_feed, parsed_vulnerabilities), retval == OS_INVALID) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_PARSED_FEED_ERROR, update->dist_ext, json_path);
        }
        free(json_feed);
    }
    else {
        cJSON *json_feed;

        if (json_feed = wm_vuldet_json_fread(compress ? VU_FIT_TEMP_FILE : json_path), !json_feed) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_PARSED_FEED_ERROR, update->dist_ext, json_path);
            return retval;
        }

        switch ((int) update->dist_ref) {
            case FEED_JREDHAT:
                retval = wm_vuldet_json_rh_parser(json_feed, parsed_vulnerabilities);
                break;
            case FEED_ARCH:
                retval = wm_vuldet_json_arch_parser(json_feed, parsed_vulnerabilities);
                break;
            case FEED_CPEW:
                retval = wm_vuldet_json_wcpe_parser(json_feed, parsed_vulnerabilities);
                break;
            case FEED_MSU:
                retval = wm_vuldet_json_msu_parser(json_feed, parsed_vulnerabilities);
                break;
            case FEED_ALAS:
                retval = wm_vuldet_json_alas_parser(json_feed, parsed_vulnerabilities);
                break;
            default:
                break;
        }
        cJSON_Delete(json_feed);
    }

    return retval;
}

int wm_vuldet_collect_agent_software(scan_agent *agent, sqlite3 *db, scan_ctx_t* scan_ctx) {
    int retval = OS_INVALID;
    cJSON *package_list = NULL;
    int min_cpe_index;
    cpe_list *node_list = NULL;
    int sock = wm_vuldet_get_wdb_socket();

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AGENT_SOFTWARE_REQ, scan_ctx->agent_id);

    // CPE index
    if (wm_vuldet_get_min_cpe_index(db, &min_cpe_index)) {
        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_CPE_INDEX_GET_ERROR);
        goto end;
    }

    if (wm_vuldet_get_software(atoi(agent->agent_id), (scan_ctx->scan_type == VU_PARTIAL_SCAN) ? true : false, &package_list), !package_list) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_SOFTWARE_REQUEST_ERROR, atoi(agent->agent_id));
        goto end;
    }

    if (package_list->child) { //JSON array not empty
        sqlite3_exec(db, vu_queries[BEGIN_T], NULL, NULL, NULL);

        for (cJSON *package_it = package_list->child; package_it; package_it = package_it->next) {
            char *name = (char *) wm_vuldet_get_json_value(package_it, "name");
            char *version = (char *) wm_vuldet_get_json_value(package_it, "version");
            char *architecture = (char *) wm_vuldet_get_json_value(package_it, "architecture");
            char *cpe_str = (char *) wm_vuldet_get_json_value(package_it, "cpe");
            char *vendor = (char *) wm_vuldet_get_json_value(package_it, "vendor");
            char *msu_name = (char *) wm_vuldet_get_json_value(package_it, "msu_name");
            char *source = (char *) wm_vuldet_get_json_value(package_it, "source");
            char *item_id = (char *) wm_vuldet_get_json_value(package_it, "item_id");
            char *src_version = NULL;

            if (!architecture  && agent->dist == FEED_MAC) {
                architecture = agent->arch;
            }

            if (name && version && architecture) {
                struct cpe *s_cpe = NULL;
                char success = 1;

                if (cpe_str) {
                    s_cpe = wm_vuldet_decode_cpe(cpe_str);
                    if (s_cpe) {
                        w_strdup(msu_name, s_cpe->msu_name);
                    }
                }

                if (agent->dist != FEED_WIN && agent->dist != FEED_MAC) {
                    if (wm_vuldet_discard_kernel_package(agent, name, version, architecture)) {
                        if (s_cpe) {
                            wm_vuldet_free_cpe(&s_cpe);
                        }
                        continue;
                    }
                }

                if (source) {
                    if (agent->dist == FEED_REDHAT || agent->dist == FEED_MAC) {
                        source = NULL;
                    } else {
                        // Separate version from source
                        char *source_end = strstr(source, " ");
                        char *source_version_start;
                        char *source_version_end;
                        if (source_end) {
                            source_version_start = strstr(source_end, "(");
                            if (source_version_start) {
                                source_version_end = strstr(source_version_start, ")");
                                if (source_version_end) {
                                    src_version = source_version_start + 1;
                                    *source_version_end = '\0';
                                }
                            }
                            *source_end = '\0';
                        }
                    }
                }

                if (agent->dist == FEED_MAC) {
                    wchr_replace(name, ' ', '_');
                    if (vendor) wchr_replace(vendor, ' ', '_');
                }

                char* nvd_architecture = NULL;
                if (agent->dist == FEED_WIN) {
                    nvd_architecture = wm_vuldet_normalize_architecture_nvd(architecture);
                }

                // Generate the node_list structure with those packages
                // that have associated CPE
                if (wm_vuldet_insert_agent_data(db, agent, &min_cpe_index, vendor, name, source, version,
                                                src_version, nvd_architecture ? nvd_architecture : architecture, item_id, VULN_CVES_TYPE_PACKAGE, s_cpe, &node_list)) {
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_INSERT_DATA_ERR, cpe_str ? cpe_str : name);
                    success = 0;
                }

                if (s_cpe) {
                    wm_vuldet_free_cpe(&s_cpe);
                }

                os_free(nvd_architecture);

                if (!success) {
                    goto end;
                }
            }
        }
        sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
        scan_ctx->package_scan = TRUE;
    }

    // Operating System
    if (VU_PARTIAL_SCAN != scan_ctx->scan_type  || 0 == agent->os_triaged) {
        if (agent->dist == FEED_WIN) {
            // Request the agent hotfixes
            if (wm_vuldet_request_hotfixes(db, agent->agent_id) == OS_INVALID) {
                goto end;
            }

            if (wm_vuldet_check_enabled_msu(db) == false) {
                mtwarn(WM_VULNDETECTOR_LOGTAG, VU_NO_HOTFIX_DISABLED, scan_ctx->agent_id);
            } else {
                // Generate the OS CPE
                if (wm_vuldet_generate_os_cpe(db, agent, &min_cpe_index, &node_list)) {
                    goto end;
                }
                scan_ctx->os_scan = TRUE;
                // Avoid checking the Operating System again
                wdb_set_agent_sys_osinfo_triaged(scan_ctx->agent_id, &sock);
            }
        }
        else {
            // Generate the OS CPE
            if (wm_vuldet_generate_os_and_kernel_package(db, agent)) {
                goto end;
            }
            scan_ctx->os_scan = TRUE;
            // Avoid checking the Operating System again
            wdb_set_agent_sys_osinfo_triaged(scan_ctx->agent_id, &sock);
        }
    }

    // Generate the agent's CPEs
    // Only for Windows agents
    if (agent->dist == FEED_WIN) {
        sqlite3_exec(db, vu_queries[BEGIN_T], NULL, NULL, NULL);
        // Add the CPEs obtained from Wazuh-db
        if (node_list && wm_vuldet_insert_cpe_db(db, node_list, 0)) {
            sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
            mterror(WM_VULNDETECTOR_LOGTAG, VU_WAZUH_DB_CPE_IN_ERROR, scan_ctx->agent_id);
            goto end;
        }

        // Attempts to generate the remaining CPEs
        if (wm_vuldet_generate_agent_cpes(db, agent, 1)) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_AGENT_CPE_GEN_ERROR, scan_ctx->agent_id);
            sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
            goto end;
        }
        sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
    }

    retval = OS_SUCCESS;
end:
    wm_vuldet_free_cpe_list(node_list);
    os_free(node_list);
    cJSON_Delete(package_list);

    return retval;
}


void *wm_vuldet_main(wm_vuldet_t * vuldet) {
    wm_vuldet_init(vuldet);

    wm_vuldet_check_db();

    while (1) {
        curr_time = time(NULL);
        // Update CVE databases
        if (vuldet->flags.update && wm_vuldet_run_update(vuldet->updates)) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_OVAL_UPDATE_ERROR);
        }

        if ((curr_time - vuldet->last_scan >= vuldet->scan_interval)) {
            wm_vuldet_run_scan(vuldet);
        }

        wm_vuldet_run_sleep(vuldet);
    }

    return NULL;
}

int wm_vuldet_collect_agents_to_scan(wm_vuldet_t *vuldet) {
    scan_agent *agents = NULL;
    scan_agent *f_agent = NULL;
    int set_manager = 1;
    int i = 0;
    int *id_array = NULL;
    int sock = wm_vuldet_get_wdb_socket();

    if (sock < 0) {
        mdebug1("Failed getting Wazuh DB socket connection.");
        return OS_INVALID;
    }

    id_array = wdb_get_agents_by_connection_status(AGENT_CS_ACTIVE, &sock);

    while (set_manager || (id_array && id_array[i] != -1)) {
        cJSON *j_agent_info = NULL;
        cJSON *j_osinfo = NULL;
        cJSON *j_field = NULL;
        vu_feed agent_dist_ver = -1;
        vu_feed agent_dist = -1;
        bool is_centos = FALSE;
        int dist_error = -1;
        int id = 0;
        bool is_rolling = FALSE;

        if (set_manager) {
            id = --set_manager;
        }
        else {
            id = id_array[i++];
        }

        // Getting agent-info data from global.db
        j_agent_info = wdb_get_agent_info(id, &sock);
        if (!j_agent_info) {
            mdebug1("Failed to get agent '%d' information from Wazuh DB.", id);
            goto next;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "node_name");
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            if (0 != strcmp(j_field->valuestring, vuldet->node_name)) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, "Skipping agent '%.3d' because it reports to node '%s' and the current node is '%s'.", id, j_field->valuestring, vuldet->node_name);
                goto next;
            }
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "os_name");
        char *agti_os_name = NULL;
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            agti_os_name = j_field->valuestring;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "os_major");
        char *agti_os_major = NULL;
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            agti_os_major = j_field->valuestring;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "name");
        char *agti_name = NULL;
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            agti_name = j_field->valuestring;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "os_build");
        int agti_build = 0;
        if(cJSON_IsNumber(j_field)){
            agti_build = j_field->valueint;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "version");
        char *agti_version = NULL;
        if (cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            agti_version = j_field->valuestring;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "os_platform");
        char *agti_os_platform = NULL;
        if (cJSON_IsString(j_field) && j_field->valuestring != NULL) {
            agti_os_platform = j_field->valuestring;
        }

        if (!agti_os_name) {
            if (agti_name) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AG_NEVER_CON, agti_name);
            }
            goto next;
        } else if (!agti_os_platform) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, "Failed to read platform from agent '%.3d'", id);
            goto next;
        } else if (!agti_os_major) {
            int rolling_distros_len = array_size(vu_os_platform_rolling_distros);
            for (int distro_it = 0; distro_it < rolling_distros_len; ++distro_it) {
                if (!strcmp(agti_os_platform, vu_os_platform_rolling_distros[distro_it])) {
                    is_rolling = TRUE;
                }
            }
            if (!is_rolling) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UNS_OS_VERSION, id, agti_name?agti_name:"");
                goto next;
            } else {
                agti_os_major = "";
            }
        }

        if (strcasestr(agti_os_name, vu_feed_ext[FEED_UBUNTU])) {
            if (strstr(agti_os_major, "22")) {
                agent_dist_ver = FEED_JAMMY;
            } else if (strstr(agti_os_major, "20")) {
                agent_dist_ver = FEED_FOCAL;
            } else if (strstr(agti_os_major, "18")) {
                agent_dist_ver = FEED_BIONIC;
            } else if (strstr(agti_os_major, "16")) {
                agent_dist_ver = FEED_XENIAL;
            } else if (strstr(agti_os_major, "14")) {
                agent_dist_ver = FEED_TRUSTY;
            } else {
                dist_error = FEED_UBUNTU;
            }
            agent_dist = FEED_UBUNTU;
        } else if (strcasestr(agti_os_name, vu_feed_ext[FEED_DEBIAN])) {
            if (strstr(agti_os_major, "9")) {
                agent_dist_ver = FEED_STRETCH;
            } else if (strstr(agti_os_major, "10")) {
                agent_dist_ver = FEED_BUSTER;
            } else if (strstr(agti_os_major, "11")) {
                agent_dist_ver = FEED_BULLSEYE;
            } else {
                dist_error = FEED_DEBIAN;
            }
            agent_dist = FEED_DEBIAN;
        }  else if (strcasestr(agti_os_name, vu_feed_ext[FEED_REDHAT])) {
            if (strstr(agti_os_major, "8")) {
                agent_dist_ver = FEED_RHEL8;
            } else if (strstr(agti_os_major, "7")) {
                agent_dist_ver = FEED_RHEL7;
            } else if (strstr(agti_os_major, "6")) {
                agent_dist_ver = FEED_RHEL6;
            } else if (strstr(agti_os_major, "5")) {
                agent_dist_ver = FEED_RHEL5;
            } else {
                dist_error = FEED_REDHAT;
            }
            agent_dist = FEED_REDHAT;
        } else if (strcasestr(agti_os_name, vu_feed_ext[FEED_ALAS])) {
        /*
        * The versioning and naming standards differ in both Amazon Linux and Amazon Linux 2 systems. Currently, the
        * most reliable sources to determine the exact distribution of Amazon Linux are the @os_major field for
        * Amazon Linux 2 systems (always "2"), and the @os_name field for Amazon Linux 1 (always "Amazon Linux AMI").
        * This behavior should be reconsidered when new Amazon Linux distributions are released.
        */
            if (!strcmp(agti_os_major, "2")) {
                agent_dist_ver = FEED_ALAS2;
            } else if (strstr(agti_os_name, "AMI")) {
                agent_dist_ver = FEED_ALAS1;
            } else {
                dist_error = FEED_ALAS;
            }
            agent_dist = FEED_ALAS;
        } else if (strcasestr(agti_os_name, vu_feed_ext[FEED_CENTOS])) {
            if (strstr(agti_os_major, "8")) {
                agent_dist_ver = FEED_RHEL8;
            } else if (strstr(agti_os_major, "7")) {
                agent_dist_ver = FEED_RHEL7;
            } else if (strstr(agti_os_major, "6")) {
                agent_dist_ver = FEED_RHEL6;
            } else if (strstr(agti_os_major, "5")) {
                agent_dist_ver = FEED_RHEL5;
            } else {
                dist_error = FEED_CENTOS;
            }
            agent_dist = FEED_REDHAT;
            is_centos = TRUE;
        } else if (strcasestr(agti_os_name, vu_feed_ext[FEED_ARCH])) {
            agent_dist_ver = FEED_ARCH;
            agent_dist= FEED_ARCH;
        } else if (strcasestr(agti_os_name, vu_feed_ext[FEED_WIN])) {
            agent_dist_ver = wm_vuldet_decode_win_os(agti_os_name);
            agent_dist = FEED_WIN;
        } else if (strcasestr(agti_os_platform, vu_feed_ext[FEED_MAC])) {
            char *version = NULL;
            char *save_ptr = NULL;
            w_strdup(agti_version, version);

            if (agti_version) {
                strtok_r(agti_version, "v", &save_ptr);
                char *tmp_major = strtok_r(NULL, ".", &save_ptr);
                char *tmp_minor = strtok_r(NULL, ".", &save_ptr);
                if (!tmp_major || !tmp_minor) {
                    dist_error = -2;
                    mterror(WM_VULNDETECTOR_LOGTAG, VU_VER_INVALID_FORMAT, id);
                } else {
                    if (atoi(tmp_major) > 4 || (atoi(tmp_major) == 4 && atoi(tmp_minor) > 0)) {
                        agent_dist_ver = FEED_MAC;
                        agent_dist = FEED_MAC;
                    } else {
                        dist_error = -2;
                        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_AGENT_UNSOPPORTED, id, version);
                    }
                }
            } else {
                dist_error = -2;
                mterror(WM_VULNDETECTOR_LOGTAG, VU_VER_READING_ERROR, id);
            }

            os_free(version);
        } else {
            // Operating system not supported in any of its versions
            dist_error = -2;
        }

        if (dist_error != -1) {
            // Check if the agent OS can be matched with a OVAL
            if (agent_dist_ver = wm_vuldet_set_allowed_feed(agti_os_name, agti_os_major, vuldet->updates, &agent_dist), agent_dist_ver == FEED_UNKNOWN) {
                if (dist_error == -2) {
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UNS_OS, id, agti_os_name);
                } else {
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UNS_OS_VERSION, id, vu_feed_ext[dist_error]);
                }
                goto next;
            }
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "register_ip");
        char *agti_register_ip = NULL;
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL){
            agti_register_ip = j_field->valuestring;
        }

        if (!agti_register_ip) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_NULL_AGENT_IP, id);
            goto next;
        }

        j_field = cJSON_GetObjectItem(j_agent_info->child, "os_arch");
        char *agti_arch = NULL;
        if(cJSON_IsString(j_field) && j_field->valuestring != NULL){
            agti_arch = j_field->valuestring;
        }

        // Getting sys_osinfo data from agent database
        if (j_osinfo = wdb_get_agent_sys_osinfo(id, &sock), !j_osinfo) {
            goto next;
        }

        j_field = cJSON_GetObjectItem(j_osinfo->child, "triaged");
        int osinfo_triaged = 0;
        if (cJSON_IsNumber(j_field))
            osinfo_triaged = j_field->valueint;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "reference");
        char *osinfo_reference = NULL;
        if (cJSON_IsString(j_field))
            osinfo_reference = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_version");
        char *osinfo_version = NULL;
        if (cJSON_IsString(j_field))
            osinfo_version = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_major");
        char *osinfo_major = NULL;
        if (cJSON_IsString(j_field))
            osinfo_major = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_minor");
        char *osinfo_minor = NULL;
        if (cJSON_IsString(j_field))
            osinfo_minor = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_patch");
        char *osinfo_patch = NULL;
        if (cJSON_IsString(j_field))
            osinfo_patch = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_release");
        char *osinfo_os_release = NULL;
        if (cJSON_IsString(j_field))
            osinfo_os_release = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "os_display_version");
        char *osinfo_os_display_version = NULL;
        if (cJSON_IsString(j_field))
            osinfo_os_display_version = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "release");
        char *osinfo_release = NULL;
        if (cJSON_IsString(j_field))
            osinfo_release = j_field->valuestring;

        j_field = cJSON_GetObjectItem(j_osinfo->child, "architecture");
        char *osinfo_arch = NULL;
        if (cJSON_IsString(j_field))
            osinfo_arch = j_field->valuestring;

        // Writting results
        if (!agents) {
            os_calloc(1, sizeof(scan_agent), agents);
            f_agent = agents;
        } else {
            os_calloc(1, sizeof(scan_agent), agents->next);
            agents = agents->next;
        }

        agents->next = NULL;
        os_strdup(agti_register_ip, agents->agent_ip);

        agents->build = agti_build;

        char str_id[OS_SIZE_128] = "";
        snprintf(str_id, sizeof(str_id), "%d", id);
        os_strdup(str_id, agents->agent_id);

        if (agti_name) {
            os_strdup(agti_name, agents->agent_name);
        }

        if (osinfo_arch) {
            os_strdup(osinfo_arch, agents->arch);
        }
        else if (agti_arch) {
            os_strdup(agti_arch, agents->arch);
        }

        agents->dist = agent_dist;
        agents->dist_ver = agent_dist_ver;
        agents->flags.centos = is_centos;
        agents->os_triaged = osinfo_triaged;
        agents->pending_attempts = WM_VULNDETECTOR_MAX_AGENT_SCAN_ATTEMPS;
        w_strdup(osinfo_reference, agents->os_reference);
        w_strdup(osinfo_version, agents->os_version);
        w_strdup(agti_os_name, agents->os_name);
        if (agent_dist == FEED_WIN) {
            w_strdup(osinfo_os_release, agents->os_release);
            w_strdup(osinfo_os_display_version, agents->os_display_version);
            // The windows agent requires the architecture in the NVD format
            char* nvd_architecture = wm_vuldet_normalize_architecture_nvd(agents->arch);
            if (nvd_architecture) {
                os_free(agents->arch);
                agents->arch = nvd_architecture;
            }
        }
        else {
            w_strdup(osinfo_release, agents->kernel_release);
            if (!is_rolling) {
                wm_vuldet_build_unix_os_release(agents, osinfo_major, osinfo_minor, osinfo_patch);
            }
        }

next:
        if (j_agent_info) cJSON_Delete(j_agent_info);
        if (j_osinfo) cJSON_Delete(j_osinfo);
    }

    vuldet->scan_agents = f_agent;
    os_free(id_array);
    return OS_SUCCESS;
}

void wm_vuldet_destroy(wm_vuldet_t * vuldet) {
    scan_agent *agent;
    update_node **update;
    int i, j;

    for (i = 0, update = vuldet->updates; i < OS_SUPP_SIZE; i++) {
        if (update[i]) {
            os_free(update[i]->dist);
            os_free(update[i]->version);
            os_free(update[i]->url);
            os_free(update[i]->path);
            if (wm_vuldet_is_single_provider(update[i]->dist_ref)) {
                if (update[i]->allowed_os_name) {
                    for (j = 0; update[i]->allowed_os_name[j]; j++) {
                        free(update[i]->allowed_os_name[j]);
                        free(update[i]->allowed_os_ver[j]);
                    }
                    free(update[i]->allowed_os_name);
                    free(update[i]->allowed_os_ver);
                }
            }
            os_free(update[i]);
        }
    }

    for (agent = vuldet->scan_agents; agent;) {
        scan_agent *agent_aux = agent->next;
        wm_vuldet_free_scan_agent(agent);
        if (agent_aux) {
            agent = agent_aux;
        } else {
            break;
        }
    }
    free(vuldet);
}


cJSON *wm_vuldet_dump(const wm_vuldet_t * vuldet){
    cJSON *root = cJSON_CreateObject();
    cJSON *wm_vd = cJSON_CreateObject();
    unsigned int i;

    if (vuldet->flags.enabled) cJSON_AddStringToObject(wm_vd,"enabled","yes"); else cJSON_AddStringToObject(wm_vd,"enabled","no");
    if (vuldet->flags.run_on_start) cJSON_AddStringToObject(wm_vd,"run_on_start","yes"); else cJSON_AddStringToObject(wm_vd,"run_on_start","no");
    cJSON_AddNumberToObject(wm_vd,"interval",vuldet->scan_interval);
    cJSON_AddNumberToObject(wm_vd,"min_full_scan_interval",vuldet->min_full_scan_interval);
    cJSON_AddNumberToObject(wm_vd,"retry_interval",vuldet->retry_interval);
    cJSON *providers = cJSON_CreateArray();

    for (i = 0; i < OS_SUPP_SIZE; i++) {
        if (vuldet->updates[i] && i != CPE_WDIC) {
            cJSON *provider = cJSON_CreateObject();
            if (vuldet->updates[i]->dist) cJSON_AddStringToObject(provider,"name",vuldet->updates[i]->dist);
            if (vuldet->updates[i]->version) cJSON_AddStringToObject(provider,"version",vuldet->updates[i]->version);
            if (vuldet->updates[i]->dist && (!strcmp(vuldet->updates[i]->dist, "redhat") || !strcmp(vuldet->updates[i]->dist, "nvd"))) {
                if (vuldet->updates[i]->update_from_year) cJSON_AddNumberToObject(provider,"update_from_year",vuldet->updates[i]->update_from_year);
            }
            if (vuldet->updates[i]->url) {     // URL for Canonical and Debian providers
                cJSON_AddStringToObject(provider,"url",vuldet->updates[i]->url);
            } else if (vuldet->updates[i]->multi_url) {     // URL for RedHat and NVD providers
                cJSON_AddStringToObject(provider,"url",vuldet->updates[i]->multi_url);
                cJSON *url_attrs = cJSON_CreateObject();
                int add = 0;
                if (vuldet->updates[i]->multi_url_start > 0) {
                    cJSON_AddNumberToObject(url_attrs,"start",vuldet->updates[i]->multi_url_start);
                    add = 1;
                }
                if (vuldet->updates[i]->multi_url_end > 0) {
                    cJSON_AddNumberToObject(url_attrs,"end",vuldet->updates[i]->multi_url_end);
                    add = 1;
                }
                if (vuldet->updates[i]->port > 0) {
                    cJSON_AddNumberToObject(url_attrs,"port",vuldet->updates[i]->port);
                    add = 1;
                }
                if (add) {
                    cJSON_AddItemToObject(provider,"url_attrs",url_attrs);
                } else {
                    cJSON_Delete(url_attrs);
                }
            }
            if (vuldet->updates[i]->path) {
                cJSON_AddStringToObject(provider,"path",vuldet->updates[i]->path);
            } else if (vuldet->updates[i]->multi_path){
                cJSON_AddStringToObject(provider,"path",vuldet->updates[i]->multi_path);
            }

            cJSON_AddNumberToObject(provider,"update_interval",vuldet->updates[i]->interval);
            cJSON_AddNumberToObject(provider,"download_timeout",vuldet->updates[i]->timeout);

            // Allowed OS
            if (wm_vuldet_is_single_provider(vuldet->updates[i]->dist_ref)) {
                if (vuldet->updates[i]->allowed_os_name && vuldet->updates[i]->allowed_os_name[0]) {
                    int j = 0;
                    cJSON *allow = cJSON_CreateArray();
                    cJSON *allowed = cJSON_CreateObject();
                    cJSON *src = cJSON_CreateArray();
                    for (j = 0; vuldet->updates[i]->allowed_os_name[j]; j++) {
                        char * src_aux;
                        os_calloc(OS_SIZE_128, sizeof(char), src_aux);
                        // It is mandatory to have name + version, the only valid format is name-version
                        snprintf(src_aux, OS_SIZE_128 - 1, "%s-%s", vuldet->updates[i]->allowed_os_name[j], vuldet->updates[i]->allowed_os_ver[j]);
                        cJSON_AddItemToArray(src, cJSON_CreateString(src_aux));
                        os_free(src_aux);
                    }
                    cJSON_AddItemToObject(allowed, "src", src);
                    cJSON_AddItemToArray(allow, allowed);
                    cJSON_AddItemToObject(provider,"allow",allow);
                }
            }

            // Skip JSON Redhat if not fetched from a custom location (it is not possible to disable it)
            if (vuldet->updates[i]->dist_ref == FEED_JREDHAT && vuldet->updates[i]->custom_location == 0) {
                cJSON_Delete(provider);
                continue;
            }

            cJSON_AddItemToArray(providers, provider);
        }
    }

    if (cJSON_GetArraySize(providers) > 0) {
        cJSON_AddItemToObject(wm_vd,"providers",providers);
    } else {
        cJSON_free(providers);
    }

    cJSON_AddItemToObject(root,"vulnerability-detector",wm_vd);

    return root;

}

int wm_vuldet_db_empty(sqlite3 *db, vu_feed version) {

    sqlite3_stmt *stmt = NULL;
    int result = 0;

    if (wm_vuldet_prepare(db, vu_queries[VU_CHECK_DB_CONTENT], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, vu_feed_tag[version], -1, NULL);

    if (result = wm_vuldet_step(stmt), result == SQLITE_DONE ||
        (result == SQLITE_ROW && !sqlite3_column_int(stmt, 0))) {
        result = 0;
    } else {
        result = 1;
    }

    wdb_finalize(stmt);

    return result;
}

int wm_vuldet_nvd_empty() {
    sqlite3 *db;
    sqlite3_stmt *stmt = NULL;
    int result;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READONLY, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, NULL);
    }

    if (wm_vuldet_prepare(db, vu_queries[VU_GET_NVD_COUNT], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    if (result = wm_vuldet_step(stmt), result == SQLITE_DONE ||
        (result == SQLITE_ROW && !sqlite3_column_int(stmt, 0))) {
        // NVD DB empty
        result = 0;
    } else {
        result = 1;
    }

    wdb_finalize(stmt);
    sqlite3_close_v2(db);

    return result;
}

const char *wm_vuldet_get_unified_severity(char *severity) {

    if (!severity || strcasestr(severity, vu_severities[VU_UNKNOWN])) {
        return vu_severities[VU_UNTR];
    } else if (strcasestr(severity, vu_severities[VU_LOW]) || strcasestr(severity, vu_severities[VU_NEGL])) {
        return vu_severities[VU_LOW];
    } else if (strcasestr(severity, vu_severities[VU_MEDIUM]) || strcasestr(severity, vu_severities[VU_MODERATE])) {
        return vu_severities[VU_MEDIUM];
    } else if (strcasestr(severity, vu_severities[VU_HIGH]) || strcasestr(severity, vu_severities[VU_IMPORTANT])) {
        return vu_severities[VU_HIGH];
    } else if (strcasestr(severity, vu_severities[VU_CRITICAL])) {
        return vu_severities[VU_CRITICAL];
    } else if (strcasestr(severity, vu_severities[VU_NONE])) {
        return vu_severities[VU_NONE];
    }
    return vu_severities[VU_UNTR];
}

void wm_vuldet_get_package_os(const char *version, const char **os_major, char **os_minor) {
    char *v_it;

    if (v_it = strstr(version, vu_package_dist[VU_RH_EXT_8]), v_it) {
        *os_major = vu_feed_tag[FEED_RHEL8];
    } else if (v_it = strstr(version, vu_package_dist[VU_RH_EXT_7]), v_it) {
        *os_major = vu_feed_tag[FEED_RHEL7];
    } else if (v_it = strstr(version, vu_package_dist[VU_RH_EXT_6]), v_it) {
        *os_major = vu_feed_tag[FEED_RHEL6];
    } else if (v_it = strstr(version, vu_package_dist[VU_RH_EXT_5]), v_it) {
        *os_major = vu_feed_tag[FEED_RHEL5];
    }

    wm_vuldet_set_subversion(v_it, os_minor);
}

void wm_vuldet_set_subversion(char *version, char **os_minor) {
    if (version && (version = strchr(version, '_')) && *(++version) != '\0') {
        size_t minor_size = strlen(version) + 1;
        os_calloc(minor_size + 1, sizeof(char), *os_minor);
        snprintf(*os_minor, minor_size, "%ld", strtol(version, NULL, 10));
    }
}

int wm_vuldet_generate_os_cpe(sqlite3 *db, scan_agent *agent, int *min_cpe_index, cpe_list **node_list) {
    if (agent->dist_ver >= FEED_WS2003 && agent->dist_ver <= FEED_WS2022) {
        // It is a supported Windows agent
        if (!wm_vuldet_generate_win_cpe(agent)) {
            int i;
            for (i = 0; agent->agent_os_cpe[i]; i++) {
                if (wm_vuldet_insert_agent_data(db, agent, min_cpe_index, "", vu_feed_ext[agent->dist_ver], "", "", NULL, "",
                                                agent->os_reference, VULN_CVES_TYPE_OS, agent->agent_os_cpe[i], node_list)) {
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_INSERT_DATA_ERR, agent->agent_os_cpe[i]->raw);
                    return OS_INVALID;
                }
            }
        }
    }

    return 0;
}

int wm_vuldet_generate_win_cpe(scan_agent *agent) {
    STATIC const char *PR_WINXP = "windows_xp";
    STATIC const char *PR_WINVISTA = "windows_vista";
    STATIC const char *PR_WIN7 = "windows_7";
    STATIC const char *PR_WIN8 = "windows_8";
    STATIC const char *PR_WIN81 = "windows_8.1";
    STATIC const char *PR_WIN10 = "windows_10";
    STATIC const char *PR_WIN11 = "windows_11";
    STATIC const char *PR_WIN2003 = "windows_server_2003";
    STATIC const char *PR_WIN2008 = "windows_server_2008";
    STATIC const char *PR_WIN2012 = "windows_server_2012";
    STATIC const char *PR_WIN2016 = "windows_server_2016";
    STATIC const char *PR_WIN2019 = "windows_server_2019";
    STATIC const char *PR_WIN2022 = "windows_server_2022";
    STATIC const char *PR_WINSERVER = "windows_server";
    STATIC const char *VER_R2 = "r2";
    STATIC const char *VER_2022 = "2022";
    const char *win_pr = NULL;
    const char *win_ver = NULL;
    const char *win_upd = NULL;
    const char *ws_pr = NULL;
    const char *ws_ver = NULL;
    char *ver_aux = NULL;

    if (!agent->os_release && agent->dist_ver != FEED_WS2012 && agent->dist_ver != FEED_WS2012R2) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_OSINFO_DISABLED, atoi(agent->agent_id));
    }

    if (agent->os_display_version && *agent->os_display_version != ' ') {
        ver_aux = w_tolower_str(agent->os_display_version);
        os_free(agent->os_display_version);
        agent->os_display_version = ver_aux;
    } else {
        ver_aux = agent->os_release;
    }

    switch (agent->dist_ver) {
        case FEED_WS2003:
            win_pr = PR_WIN2003;
            win_upd = ver_aux;
        break;
        case FEED_WS2003R2:
            win_pr = PR_WIN2003;
            win_ver = VER_R2;
            win_upd = ver_aux;
        break;
        case FEED_WXP:
            win_pr = PR_WINXP;
            win_upd = ver_aux;
        break;
        case FEED_WVISTA:
            win_pr = PR_WINVISTA;
            win_upd = ver_aux;
        break;
        case FEED_W7:
            win_pr = PR_WIN7;
            win_upd = ver_aux;
        break;
        case FEED_W8:
            win_pr = PR_WIN8;
            win_upd = ver_aux;
        break;
        case FEED_W81:
            win_pr = PR_WIN81;
            win_upd = ver_aux;
        break;
        case FEED_W10:
            win_pr = PR_WIN10;
            win_ver = ver_aux;
        break;
        case FEED_W11:
            win_pr = PR_WIN11;
            win_ver = ver_aux;
        break;
        case FEED_WS2008:
            win_pr = PR_WIN2008;
            win_upd = ver_aux;
        break;
        case FEED_WS2008R2:
            win_pr = PR_WIN2008;
            win_ver = VER_R2;
            win_upd = ver_aux;
        break;
        case FEED_WS2012:
            win_pr = PR_WIN2012;
        break;
        case FEED_WS2012R2:
            win_pr = PR_WIN2012;
            win_ver = VER_R2;
        break;
        case FEED_WS2016:
            win_pr = PR_WIN2016;
            win_ver = ver_aux;
        break;
        case FEED_WS2019:
            win_pr = PR_WIN2019;
            win_ver = ver_aux;
        break;
        case FEED_WS2022:
            win_pr = PR_WIN2022;
            win_ver = ver_aux;
            // Insert new 'windows_server' CPE to avoid false negatives
            ws_pr = PR_WINSERVER;
            ws_ver = VER_2022;
        break;
        default:
            return 1;
    }

    // We will insert a double CPE for the following systems (WS_2022)
    int os_cpes = wm_vuldet_double_os_cpe(agent->dist_ver) ? 2 : 1;
    os_calloc(os_cpes + 1, sizeof(cpe *), agent->agent_os_cpe);

    int i;
    for (i = 0; i < os_cpes; i++) {
        agent->agent_os_cpe[i] = wm_vuldet_generate_cpe("o",
                                                        "microsoft",
                                                        i && ws_pr ? ws_pr : win_pr,
                                                        !i && win_ver ? win_ver : (ws_ver ? ws_ver : "-"),
                                                        !i ? win_upd : win_ver,
                                                        NULL,
                                                        NULL,
                                                        NULL,
                                                        NULL,
                                                        agent->arch,
                                                        NULL,
                                                        0,
                                                        vu_feed_ext[agent->dist_ver]);
    }
    return 0;
}

int wm_vuldet_discard_kernel_package(scan_agent *agent, const char *name,
                                    const char *version, const char *arch) {
    char *kernel_uname = NULL;

    if (!agent->kernel_release) {
        return 0;
    }

    if (agent->dist == FEED_REDHAT) {
        // Only kernel images have as package name "kernel".
        // "kernel-rt" is a realtime kernel only available for RedHat.
        if (strcmp(name, "kernel") && strcmp(name, "kernel-rt")) {
            return 0;
        }
        size_t len = snprintf(kernel_uname, 0, "%s.%s", version, arch);
        os_calloc(1, len + 1, kernel_uname);
        snprintf(kernel_uname, len + 1, "%s.%s", version, arch);

    } else if (agent->dist == FEED_ALAS) {
        // Kernel vulnerabilities in ALAS feeds often include other kernel-related
        // packages, as "kernel-devel" or "kernel-headers". However, these packages are not
        // affected by the vulnerability itself, so we discard them to avoid false positives.
        if (strstr(name, "kernel-")) {
            size_t len = snprintf(kernel_uname, 0, "%s-%s.%s", name, version, arch);
            os_calloc(1, len + 1, kernel_uname);
            snprintf(kernel_uname, len + 1, "%s-%s.%s", name, version, arch);
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DISCARD_KERNEL_PKG, kernel_uname, "non-exploitable", atoi(agent->agent_id));
            os_free(kernel_uname);
            return -1;
        // Kernel package
        } else if (!strcmp(name, "kernel")) {
            size_t len = snprintf(kernel_uname, 0, "%s.%s", version, arch);
            os_calloc(1, len + 1, kernel_uname);
            snprintf(kernel_uname, len + 1, "%s.%s", version, arch);
        } else {
            return 0;
        }

    } else { // For Debian family
        os_calloc(1, strlen(name) + 1, kernel_uname);
        if (!sscanf(name, "linux-image-%s", kernel_uname) || strstr(name, "linux-image-generic")) {
            os_free(kernel_uname);
            return 0;
        }
    }

    if (strcmp(kernel_uname, agent->kernel_release)) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_DISCARD_KERNEL_PKG, kernel_uname, "not running", atoi(agent->agent_id));
        os_free(kernel_uname);
        return -1;
    }

    os_free(kernel_uname);

    return 0;
}

int wm_vuldet_generate_os_and_kernel_package(sqlite3 *db, scan_agent *agent) {
    const char *product_name[MAX_PRODUCT_NAMES] = {0};
    const char *vendor = NULL;

    if (!db) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_DB_NOT_INITIALIZED);
        return OS_INVALID;
    }

    if (!agent || !agent->agent_id) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_AGENT_NOT_INITIALIZED);
        return OS_INVALID;
    }

    if (!agent->os_release && !agent->kernel_release) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_OSINFOLNX_DISABLED, atoi(agent->agent_id));
    }

    switch (agent->dist_ver) {
        case FEED_TRUSTY:
        case FEED_XENIAL:
        case FEED_BIONIC:
        case FEED_FOCAL:
        case FEED_JAMMY:
            product_name[0] = vu_os_product_name_list[PR_UBUNTU];
            vendor = vu_vendor_list[V_UBUNTU];
        break;
        case FEED_STRETCH:
        case FEED_BUSTER:
        case FEED_BULLSEYE:
            product_name[0] = vu_os_product_name_list[PR_DEBIAN];
            vendor = vu_vendor_list[V_DEBIAN];
        break;
        case FEED_RHEL5:
        case FEED_RHEL6:
        case FEED_RHEL7:
        case FEED_RHEL8:
            product_name[0] = vu_os_product_name_list[PR_REDHAT];
            vendor = vu_vendor_list[V_REDHAT];
        break;
        case FEED_ARCH:
            product_name[0] = vu_os_product_name_list[PR_ARCH];
            vendor = vu_vendor_list[V_ARCH];
        break;
        case FEED_MAC:
            vendor = "apple";
            if (!strcmp(agent->os_name, "Mac OS X Server")) {
                product_name[0] = "mac_os_x_server";
            } else {
                product_name[0] = "mac_os_x";
                product_name[1] = "mac_os";
                product_name[2] = "macos";
            }
        break;
        case FEED_ALAS1:
            product_name[0] = vu_os_product_name_list[PR_AMAZON1];
            product_name[1] = vu_os_product_name_list[PR_AMAZON];
            vendor = vu_vendor_list[V_AMAZON];
            os_free(agent->os_release);
            os_strdup("*", agent->os_release);
        break;
        case FEED_ALAS2:
            product_name[0] = vu_os_product_name_list[PR_AMAZON2];
            vendor = vu_vendor_list[V_AMAZON];
            os_free(agent->os_release);
            os_strdup("*", agent->os_release);
        break;
        default:
            return 1;
    }

    for (int i = 0; product_name[i] != NULL; i++) {
        // Generate os package
        if (agent->os_release) {
            if (wm_vuldet_insert_agent_data(db, agent, NULL, vendor, product_name[i], NULL, agent->os_release,
                                            NULL, agent->arch, agent->os_reference, VULN_CVES_TYPE_OS, NULL, NULL)) {
                mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_INSERT_DATA_ERR, product_name[i]);
                return OS_INVALID;
            }
        }
    }

    // Generate kernel package
    if (agent->dist != FEED_MAC && agent->kernel_release) {
        char *release, *release_end;
        os_strdup(agent->kernel_release, release);
        if (release_end = strstr(release, "-"), release_end) {
            *release_end = '\0';
        }

        if (wm_vuldet_insert_agent_data(db, agent, NULL, vu_vendor_list[V_KERNEL],
            vu_os_product_name_list[PR_KERNEL], NULL, release, NULL, agent->arch,
            agent->os_reference, VULN_CVES_TYPE_PACKAGE, NULL, NULL)) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_INSERT_DATA_ERR, vu_os_product_name_list[PR_KERNEL]);
            os_free(release);
            return OS_INVALID;
        }

        os_free(release);
    }

    return 0;
}

vu_feed wm_vuldet_decode_win_os(char *os_raw) {
    if (strcasestr(os_raw, vu_feed_ext[FEED_WS2003R2])) {
        return FEED_WS2003R2;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2003])) {
        return FEED_WS2003;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WXP])) {
        return FEED_WXP;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WVISTA])) {
        return FEED_WVISTA;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_W7])) {
        return FEED_W7;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_W81])) {
        return FEED_W81;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_W8])) {
        return FEED_W8;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_W10])) {
        return FEED_W10;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_W11])) {
        return FEED_W11;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2008R2])) {
        return FEED_WS2008R2;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2008])) {
        return FEED_WS2008;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2012R2])) {
        return FEED_WS2012R2;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2012])) {
        return FEED_WS2012;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2016])) {
        return FEED_WS2016;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2019])) {
        return FEED_WS2019;
    } else if (strcasestr(os_raw, vu_feed_ext[FEED_WS2022])) {
        return FEED_WS2022;
    } else {
        STATIC OSHash *unk_os = NULL;
        STATIC int os_count = 0;

        if (!os_count) {
            if (unk_os = OSHash_Create(), !unk_os) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_CREATE_HASH_ERRO, "unknown_systems");
                pthread_exit(NULL);
            }
        }

        if (os_count < 20 && OSHash_Add(unk_os, os_raw, NULL) == 2) {
            mtwarn(WM_VULNDETECTOR_LOGTAG, VU_UNC_SYSTEM, os_raw);
            os_count++;
        }
        return FEED_WIN;
    }
}

int wm_vuldet_insert_agent_data(sqlite3 *db,
                                scan_agent *agent,
                                int *cpe_index,
                                const char *vendor,
                                const char *product,
                                const char *source,
                                const char *version,
                                const char *src_version,
                                const char *arch,
                                const char *reference,
                                const char *type,
                                cpe *ag_cpe,
                                cpe_list **node_list) {
    sqlite3_stmt *stmt = NULL;
    int retval = OS_INVALID;
    int result;
    const char *os_major = NULL;
    char *os_minor = NULL;
    char *normalized_name = NULL;
    char *normalized_source = NULL;
    char *normalized_vendor = NULL;

    if (agent->dist == FEED_REDHAT) {
        wm_vuldet_get_package_os(version, &os_major, &os_minor);
    }

    if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_AGENTS], -1, &stmt, NULL) != SQLITE_OK) {
        wm_vuldet_sql_error(db, stmt);
        goto end;
    }

    sqlite3_bind_text(stmt, 1, agent->agent_id, -1, NULL);
    sqlite3_bind_text(stmt, 2, os_major, -1, NULL);
    sqlite3_bind_text(stmt, 3, os_minor, -1, NULL);
    sqlite3_bind_int(stmt, 4, ag_cpe ? *cpe_index : 0);

    if (agent->dist == FEED_MAC) {
        normalized_vendor = w_tolower_str(vendor);
        sqlite3_bind_text(stmt, 5, normalized_vendor, -1, NULL);
    } else {
        sqlite3_bind_text(stmt, 5, vendor, -1, NULL);
    }

    if (agent->dist != FEED_WIN) {
        /* In Windows the package name is
        normalized by the CPE helper */
        normalized_name = w_tolower_str(product);
        sqlite3_bind_text(stmt, 6, normalized_name, -1, NULL);
        normalized_source = w_tolower_str(source);
        sqlite3_bind_text(stmt, 7, normalized_source, -1, NULL);
    } else {
        sqlite3_bind_text(stmt, 6, product, -1, NULL);
        sqlite3_bind_text(stmt, 7, source, -1, NULL);
    }

    sqlite3_bind_text(stmt, 8, version, -1, NULL);
    sqlite3_bind_text(stmt, 9, src_version, -1, NULL);
    sqlite3_bind_text(stmt, 10, arch, -1, NULL);
    sqlite3_bind_text(stmt, 11, reference, -1, NULL);
    sqlite3_bind_text(stmt, 12, type, -1, NULL);

    if (ag_cpe) {
        if (!*node_list) {
            os_calloc(1, sizeof(cpe_list), *node_list);
        }

        if (wm_vuldet_add_cpe(ag_cpe, NULL, *node_list, *cpe_index)) {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_AGENT_CPE_PARSE_ERROR, ag_cpe->raw, atoi(agent->agent_id));
        } else {
            mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_AGENT_CPE_RECV, ag_cpe->raw, atoi(agent->agent_id));
            *cpe_index = *cpe_index - 1;
        }
    }

    if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
        wm_vuldet_sql_error(db, stmt);
        goto end;
    }

    retval = 0;

end:
    os_free(os_minor);
    os_free(normalized_name);
    os_free(normalized_vendor);
    os_free(normalized_source);
    wdb_finalize(stmt);
    return retval;
}

void wm_vuldet_free_scan_agent(scan_agent *agent) {
    if (agent) {
        free(agent->agent_id);
        free(agent->agent_name);
        free(agent->arch);
        free(agent->agent_ip);
        free(agent->os_reference);
        free(agent->os_release);
        os_free(agent->os_display_version);
        os_free(agent->os_version);
        free(agent->kernel_release);
        int i;
        for (i = 0; agent->agent_os_cpe && agent->agent_os_cpe[i]; i++) {
            wm_vuldet_free_cpe(&agent->agent_os_cpe[i]);
        }
        free(agent->agent_os_cpe);
        free(agent->os_name);
        free(agent);
    }
}

int wm_vuldet_fetch_arch(update_node *update, char * repo) {
    int res_url_request;

    if (*repo == '\0') {
        snprintf(repo, OS_SIZE_2048, "%s", JSON_ARCH_REPO);
    }

    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DOWNLOAD_START, repo);

    for (int8_t attempts = 0;; attempts++) {
        res_url_request = wurl_request_uncompress_bz2_gz(repo, VU_FIT_TEMP_FILE, NULL, NULL, update->timeout, NULL);

        if (!res_url_request) {
            break;
        } else if (attempts == ARCH_REPO_MAX_ATTEMPTS) {
            mtwarn(WM_VULNDETECTOR_LOGTAG, VU_API_REQ_INV, repo, attempts);
            return VU_INV_FEED;
        }

        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DOWNLOAD_FAIL, attempts * DOWNLOAD_SLEEP_FACTOR);
        sleep(attempts * DOWNLOAD_SLEEP_FACTOR);
    }

    return 0;
}

int wm_vuldet_fetch_wazuh_repo(update_node *update, char *repo) {
    int     res_url_request;
    int     update_flag = 0;
    char    *hash = NULL;

    // Both ALAS and MSU repositories are built differently
    switch (update->dist_ref) {
        case FEED_MSU:
            if (repo == NULL || *repo == '\0') {
                repo = MSU_REPO;
                update_flag = 1;
            }
            break;
        case FEED_ALAS:
            if (repo == NULL || *repo == '\0') {
                return VU_INV_FEED;
            }
            else if (!update->custom_location) {
                update_flag = 1;
            }
            break;
        default:
            merror("No feed available for (%s) in Wazuh's repository", vu_feed_ext[update->dist_ref]);
            return VU_INV_FEED;
    }

    // The update process is only checked when "repo" is not a custom path
    if (update_flag) {
        if (wm_vuldet_check_feed_metadata(update) == false) {
            return VU_NOT_NEED_UPDATE;
        }
        hash = wm_vuldet_get_hash(vu_feed_tag[update->dist_tag_ref]);
        if (hash == NULL) {
            merror("Failed to retrieve hash value. File integrity won't be checked.");
        }
    }

    // Fetching process
    for (int8_t attempts = 0;; attempts++) {
        res_url_request = wurl_request_uncompress_bz2_gz(repo, VU_FIT_TEMP_FILE, NULL, NULL, update->timeout, hash);

        if (!res_url_request) {
            break;
        } else if (attempts == WM_VULNDETECTOR_DOWN_ATTEMPTS) {
            os_free(hash);
            return VU_INV_FEED;
        }

        mdebug1(VU_DOWNLOAD_FAIL, attempts);
        sleep(attempts);
    }

    os_free(hash);
    return 0;
}

bool wm_vuldet_check_feed_metadata(update_node *update) {
    feed_metadata   *metadata_feed = NULL;
    bool            retval = true;

    if (metadata_feed = wm_vuldet_fetch_feed_metadata(update), metadata_feed == NULL){
        return retval;
    }

    if (!metadata_feed->sha256 || !metadata_feed->last_mod) {
        goto clean;
    }

    if (wm_vuldet_check_timestamp(vu_feed_tag[update->dist_tag_ref],
        metadata_feed->last_mod, NULL) == VU_TIMESTAMP_UPDATED) {
        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_DATE, update->dist_ext);
        retval = false;
    } else {
        wm_insert_feed_metadata(metadata_feed, update);
    }

clean:
    os_free(metadata_feed->version);
    os_free(metadata_feed->sha256);
    os_free(metadata_feed->last_mod);
    os_free(metadata_feed->size);
    os_free(metadata_feed->g_size);
    os_free(metadata_feed);

    return retval;
}

feed_metadata * wm_vuldet_fetch_feed_metadata(update_node *update) {
    int     res_url_request;
    char    *metadata_repo;

    // An additional metadata feed is provided for MSU and ALAS feeds
    switch (update->dist_ref) {
        case FEED_MSU:
            metadata_repo = MSU_REPO_META;
            break;
        case FEED_ALAS:
            metadata_repo = (update->dist_tag_ref == FEED_ALAS1 ? ALAS_REPO_META : ALAS2_REPO_META);
            break;
        default:
            merror("No metadata feed available for (%s)", vu_feed_ext[update->dist_ref]);
            return NULL;
    }

    for (int8_t attempts = 0;; attempts++) {
        res_url_request = wurl_request(metadata_repo, VU_TEMP_FILE, NULL, NULL, update->timeout);

        if (!res_url_request) {
            break;
        } else if (attempts == WM_VULNDETECTOR_DOWN_ATTEMPTS) {
            return NULL;
        }

        mdebug1(VU_DOWNLOAD_FAIL, attempts);
        sleep(attempts);
    }

    return wm_vuldet_parse_feed_metadata(VU_TEMP_FILE);
}

feed_metadata * wm_vuldet_parse_feed_metadata(char *path) {
    FILE            *fp = NULL;
    feed_metadata   *metadata_feed = NULL;

    if (fp = fopen(path, "r"), fp == NULL) {
        return metadata_feed;
    }

    char buffer[OS_MAXSTR + 1] = {0};

    os_calloc(1, sizeof(feed_metadata), metadata_feed);

    while (fgets(buffer, OS_MAXSTR, fp)) {
        // Remove new line character
        char *end;
        if ((end = strchr(buffer, '\n')) != NULL) {
            *end = '\0';
        }

        char *delim;
        if (delim = strchr(buffer, ':'), !delim) {
            continue;
        }
        if (!strncmp(buffer, "lastModifiedDate", 16)) {
            os_strdup(delim + 1, metadata_feed->last_mod);
        } else if (!strncmp(buffer, "sha256", 6)) {
            os_strdup(delim + 1, metadata_feed->sha256);
        } else if (!strncmp(buffer, "size", 4)) {
            os_strdup(delim + 1, metadata_feed->size);
        } else if (!strncmp(buffer, "gzSize", 6)) {
            os_strdup(delim + 1, metadata_feed->g_size);
        } else if (!strncmp(buffer, "version", 7)) {
            os_strdup(delim + 1, metadata_feed->version);
        }
    }

    fclose(fp);

    return metadata_feed;
}

int wm_insert_feed_metadata(feed_metadata *metadata_feed, update_node *update) {
    sqlite3_stmt    *stmt = NULL;
    sqlite3         *db = NULL;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_METADATA], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, vu_feed_tag[update->dist_tag_ref], -1, NULL);
    sqlite3_bind_text(stmt, 2, vu_feed_ext[update->dist_tag_ref], -1, NULL);
    sqlite3_bind_text(stmt, 3, (metadata_feed->version) ? metadata_feed->version : "1", -1, NULL);
    sqlite3_bind_text(stmt, 4, (metadata_feed->version) ? metadata_feed->version : "1", -1, NULL);
    sqlite3_bind_text(stmt, 5, metadata_feed->last_mod, -1, NULL);
    sqlite3_bind_text(stmt, 6, metadata_feed->sha256, -1, NULL);
    sqlite3_bind_int(stmt, 7, (metadata_feed->size) ? atoi(metadata_feed->size) : 0);
    sqlite3_bind_int(stmt, 8, (metadata_feed->g_size) ? atoi(metadata_feed->g_size) : 0);

    if (wm_vuldet_step(stmt) != SQLITE_DONE) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_close_v2(db);
    wdb_finalize(stmt);

    return 0;
}

int wm_vuldet_fetch_wazuh_cpe(update_node *update) {
    int retval = VU_INV_FEED;
    char buffer[OS_MAXSTR + 1];
    FILE *fp = NULL;
    FILE *fp_out;
    STATIC const char *UPDATE_DATE_TAG = "update_date";

    if (fp = fopen(VU_CPE_HELPER_FILE, "r"), !fp) {
        goto end;
    }
    if (fp_out = fopen(VU_FIT_TEMP_FILE, "w"), !fp_out) {
        goto end;
    }

    while (fgets(buffer, OS_MAXSTR, fp)) {
        if (*buffer == '=') {
            continue;
        }
        fwrite(buffer, 1, strlen(buffer), fp_out);
    }
    fclose(fp);
    fclose(fp_out);

    if (fp = fopen(VU_FIT_TEMP_FILE, "r"), !fp) {
        goto end;
    }

    // Check the timestamp
    while (fgets(buffer, OS_MAXSTR, fp)) {
        char *timestamp_base;
        char *timestamp_end;

        if ((timestamp_base = strstr(buffer, UPDATE_DATE_TAG)) &&
            (timestamp_base = strchr(timestamp_base, ':')) &&
            (timestamp_base = strchr(timestamp_base, '\"')) &&
            (timestamp_end = strchr(++timestamp_base, '\"'))) {
            char timestamp[OS_SIZE_256 + 1];

            *timestamp_end = '\0';
            switch (wm_vuldet_check_timestamp(vu_feed_tag[update->dist_tag_ref], timestamp_base, timestamp)) {
                case VU_TIMESTAMP_FAIL:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED_ERROR, update->dist_ext);
                    goto end;
                break;
                case VU_TIMESTAMP_UPDATED:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_DATE, update->dist_ext);
                    retval = VU_NOT_NEED_UPDATE;
                    goto end;
                break;
                case VU_TIMESTAMP_OUTDATED:
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED, update->dist_ext, "");
                break;
            }
            break;
        }
    }

    retval = 0;
end:
    if (fp) {
        fclose(fp);
    }

    return retval;
}

int wm_vuldet_json_wcpe_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities) {
    cJSON *json_it;
    vu_cpe_dic *wcpes_it = NULL;
    STATIC char *JSON_WCPE_FORMAT_VERSION = "format_version";
    STATIC char *JSON_WCPE_UPDATE_DATE = "update_date";
    STATIC char *JSON_WCPE_DICTIONARY = "dictionary";
    char *timestamp;
    char *format_version_major;
    int major_dec;

    // Check the timestamp
    if (json_it = cJSON_GetObjectItem(json_feed, JSON_WCPE_UPDATE_DATE), !json_it) {
        return OS_INVALID;
    }

    if (timestamp = json_it->valuestring, !timestamp) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_WCPE_GET_TIMEST_ERROR);
        return OS_INVALID;
    }

    switch (wm_vuldet_check_timestamp(vu_feed_tag[FEED_CPEW], timestamp, NULL)) {
        case VU_TIMESTAMP_FAIL:
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED_ERROR, vu_feed_ext[FEED_CPEW]);
            return OS_INVALID;
        break;
        case VU_TIMESTAMP_UPDATED:
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_DATE, vu_feed_ext[FEED_CPEW]);
            return VU_NOT_NEED_UPDATE;
        break;
        case VU_TIMESTAMP_OUTDATED:
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_DB_TIMESTAMP_FEED, vu_feed_ext[FEED_CPEW], "");
        break;
    }

    // Check the version format
    if (json_it = cJSON_GetObjectItem(json_feed, JSON_WCPE_FORMAT_VERSION), !json_it) {
        return OS_INVALID;
    }

    if (format_version_major = json_it->valuestring, !format_version_major) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_WCPE_GET_VERFORMAT_ERROR);
        return OS_INVALID;
    }

    if (major_dec = strtol(format_version_major, NULL, 10), major_dec < 1 || major_dec > VU_CPEHELPER_FORMAT_VERSION) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_WCPE_INV_VERFORMAT, format_version_major);
        return OS_INVALID;
    }

    for (json_it = json_feed->child; json_tagged_obj(json_it); json_it = json_it->next) {
        if (!wcpes_it) {
            os_calloc(1, sizeof(vu_cpe_dic), wcpes_it);
        }
        if (!strcmp(json_it->string, vu_cpe_tags[CPE_VERSION])) {
            if (w_strdup(json_it->valuestring, wcpes_it->version)) {
                goto error;
            }
        } else if (!strcmp(json_it->string, JSON_WCPE_FORMAT_VERSION)) {
            if (w_strdup(json_it->valuestring, wcpes_it->format_version)) {
                goto error;
            }
        } else if (!strcmp(json_it->string, JSON_WCPE_UPDATE_DATE)) {
            if (w_strdup(json_it->valuestring, wcpes_it->update_date)) {
                goto error;
            }
        } else if (!strcmp(json_it->string, JSON_WCPE_DICTIONARY)) {
            wm_vuldet_json_dic_parser(json_it->child, wcpes_it);
        }
    }
    parsed_vulnerabilities->w_cpes = wcpes_it;

    return VU_NEED_UPDATE;
error:
    os_free(wcpes_it->version);
    os_free(wcpes_it->format_version);
    os_free(wcpes_it->update_date);
    os_free(wcpes_it);

    return OS_INVALID;
}

int wm_vuldet_json_dic_parser(cJSON *json_feed, vu_cpe_dic *wcpes) {
    cJSON *dic_node;
    char need_check_hotfix = 0;
    int i;
    STATIC char *JSON_WCPE_ACTION = "action";
    STATIC char *JSON_WCPE_TARGET = "target";
    STATIC char *JSON_WCPE_SOURCE = "source";
    STATIC char *JSON_WCPE_TRANSLATION = "translation";

    for (; json_feed; json_feed = json_feed->next) {
        char assigned = 0;
        vu_cpe_dic_node *node;
        os_calloc(1, sizeof(vu_cpe_dic_node), node);
        for (dic_node = json_feed->child; json_tagged_obj(dic_node); dic_node = dic_node->next) {
            if (!strcmp(dic_node->string, JSON_WCPE_TARGET) && dic_node->valuestring) {
                vu_cpe_dic_node *node_ref = NULL;

                for (i = 0; wcpes->targets_name && wcpes->targets_name[i]; i++) {
                    if (!strcmp(wcpes->targets_name[i], dic_node->valuestring)) {
                        node_ref = wcpes->targets[i];
                        break;
                    }
                }

                if (!node_ref) {
                    os_realloc(wcpes->targets_name, (i + 2) * sizeof(char *), wcpes->targets_name);
                    os_realloc(wcpes->targets, (i + 2) * sizeof(vu_cpe_dic_node *), wcpes->targets);
                    os_strdup(dic_node->valuestring, wcpes->targets_name[i]);
                    wcpes->targets[i + 1] = NULL;
                    wcpes->targets_name[i + 1] = NULL;
                } else {
                    node->prev = wcpes->targets[i];
                    wcpes->targets[i]->next = node;
                }

                wcpes->targets[i] = node;
                assigned = 1;
            } else if (!strcmp(dic_node->string, JSON_WCPE_ACTION)) {
                int msu_mask = CPE_DIC_REP_MSUN_IF_VER_MATCHES | CPE_DIC_REP_MSUN;

                node->action = wm_vuldet_fill_action_mask(dic_node->child);
                if ((node->action & msu_mask && !(node->action & CPE_DIC_CHECK_HOTFIX)) ||
                    (node->action & CPE_DIC_CHECK_HOTFIX && !(node->action & msu_mask))) {
                    need_check_hotfix = 1;
                }
            } else if (!strcmp(dic_node->string, JSON_WCPE_SOURCE)) {
                wm_vuldet_fill_dic_section(dic_node->child, &node->source);
            } else if (!strcmp(dic_node->string, JSON_WCPE_TRANSLATION)) {
                wm_vuldet_fill_dic_section(dic_node->child, &node->translation);
            }
        }

        if (!assigned) {
            os_free(node);
        }
    }

    if (need_check_hotfix) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_CPEHELPER_INVALID_ACTION, vu_cpe_dic_option[VU_REP_MSUN_IF_VER_MATCHES], vu_cpe_dic_option[VU_CHECK_HOTFIX]);
    }

    return 0;
}

int wm_vuldet_fill_dic_section(cJSON *json_feed, vu_cpe_dic_section **wcpes) {
    cJSON *json_array;

    if (!*wcpes) {
        os_calloc(1, sizeof(vu_cpe_dic_section), *wcpes);
    }

    for (; json_tagged_obj(json_feed); json_feed = json_feed->next) {
        char ****array;
        int i;

        if (!strcmp(json_feed->string, vu_cpe_tags[CPE_VENDOR])) {
            array = &(*wcpes)->vendor;
            if (!json_feed->child) {
                os_realloc(*array, 2 * sizeof(char **), *array);
                (*array)[1] = NULL;
                os_calloc(2, sizeof(char *), (*array)[0]);
                os_strdup("", ***array);
            }
        } else if (!strcmp(json_feed->string, vu_cpe_tags[CPE_PRODUCT])) {
            array = &(*wcpes)->product;
        } else if (!strcmp(json_feed->string, vu_cpe_tags[CPE_VERSION])) {
            array = &(*wcpes)->version;
        } else if (!strcmp(json_feed->string, vu_cpe_tags[CPE_SW_EDITION])) {
            array = &(*wcpes)->sw_edition;
        } else if (!strcmp(json_feed->string, vu_cpe_tags[CPE_TARGET_HW])) {
            array = &(*wcpes)->target_hw;
        } else if (!strcmp(json_feed->string, vu_cpe_tags[CPE_MSU_NAME])) {
            array = &(*wcpes)->msu_name;
        } else {
            mtwarn(WM_VULNDETECTOR_LOGTAG, VU_INVALID_DIC_TAG, json_feed->string);
            continue;
        }

        for (i = 0, json_array = json_feed->child; json_array; json_array = json_array->next, i++) {
            os_realloc(*array, (i + 2) * sizeof(char **), *array);
            memset(&(*array)[i], 0, 2 * sizeof(char **));

            if (json_array->type == cJSON_String) {
                os_calloc(2, sizeof(char *), (*array)[i]);
                w_strdup(json_array->valuestring, (*array)[i][0]);
            } else if (json_array->type == cJSON_Array) {
                cJSON *json_sub_array = json_array->child;
                int j = 0;

                for (; json_sub_array; json_sub_array = json_sub_array->next, j++) {
                    if (json_sub_array->type != cJSON_String) {
                        mterror(WM_VULNDETECTOR_LOGTAG, VU_INV_ENTRY_TYPE, -1 * json_array->type);
                        j--;
                    } else {
                        os_realloc((*array)[i], (j + 2) * sizeof(char *), (*array)[i]);
                        w_strdup(json_sub_array->valuestring, (*array)[i][j]);
                        (*array)[i][j + 1] = NULL;
                    }
                }
            } else {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_INV_ENTRY_TYPE, json_array->type);
                i--;
            }
        }
    }

    return 0;
}

unsigned int wm_vuldet_fill_action_mask(cJSON *json_feed) {
    unsigned int mask = 0;

    for (; json_feed && json_feed->valuestring; json_feed = json_feed->next) {
        if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_VEN])) {
            mask |= CPE_DIC_REP_VEN;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_PROD])) {
            mask |= CPE_DIC_REP_PROD;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_VEN_IF_MATCH])) {
            mask |= CPE_DIC_REP_VEN_IF_MATCH;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_PROD_IF_MATCH])) {
            mask |= CPE_DIC_REP_PROD_IF_MATCH;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_SET_VER_IF_MATCHES])) {
            mask |= CPE_DIC_SET_VER_IF_MATCH;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_SWED_VER_IF_PR_MATCHES])) {
            mask |= CPE_DIC_REP_SWED_IF_PROD_MATCHES;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_MSUN_IF_VER_MATCHES])) {
            mask |= CPE_DIC_REP_MSUN_IF_VER_MATCHES;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_IGNORE])) {
            mask |= CPE_DIC_IGNORE;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_CHECK_HOTFIX])) {
            mask |= CPE_DIC_CHECK_HOTFIX;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_REP_MSUN])) {
            mask |= CPE_DIC_REP_MSUN;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_SET_VERSION_IF_PROD_MATCHES])) {
            mask |= CPE_DIC_SET_VER_IF_PROD_MATCHES;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_SET_TARGETHW_IF_PROD_MATCHES])) {
            mask |= CPE_DIC_SET_TARGETHW_IF_PRODUCT_MATCHES;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_SET_VER_ONLY_IF_PROD_MATCHES])) {
            mask |= CPE_DIC_SET_VER_ONLY_IF_PROD_MATCHES;
        } else if (!strcmp(json_feed->valuestring, vu_cpe_dic_option[VU_SET_TARGETHW_ONLY_IF_PROD_MATCHES])) {
            mask |= CPE_DIC_SET_TARGETHW_ONLY_IF_PRODUCT_MATCHES;
        } else {
            mtwarn(WM_VULNDETECTOR_LOGTAG, VU_INVALID_DIC_TAG, json_feed->valuestring);
        }
    }

    return mask;
}

void wm_vuldet_json_msu_parser_vuln(cJSON *json_feed, vu_msu_vul_entry **msu) {
    cJSON *vulnerability;
    cJSON *vuln_node;
    cJSON *json_it;
    STATIC char *JSON_MSU_PATCH = "patch";
    STATIC char *JSON_MSU_PRODUCT = "product";
    STATIC char *JSON_MSU_RESTART = "restart_required";
    STATIC char *JSON_MSU_SUBTYPE = "subtype";
    STATIC char *JSON_MSU_TITLE = "title";
    STATIC char *JSON_MSU_URL = "url";

    if (json_it = cJSON_GetObjectItem(json_feed, "vulnerabilities"), !json_it) {
        return;
    }

    for (json_it = json_it->child; json_tagged_obj(json_it); json_it = json_it->next) {
        for (vuln_node = json_it->child; vuln_node; vuln_node = vuln_node->next) {
            if (*msu) {
                os_calloc(1, sizeof(vu_msu_vul_entry), (*msu)->next);
                (*msu)->next->prev = *msu;
                *msu = (*msu)->next;
            } else {
                os_calloc(1, sizeof(vu_msu_vul_entry), *msu);
            }

            os_strdup(json_it->string, (*msu)->cveid);
            for (vulnerability = vuln_node->child; vulnerability; vulnerability = vulnerability->next) {
                if (!vulnerability->valuestring) {
                    continue;
                }

                if (!strcmp(vulnerability->string, JSON_MSU_PATCH)) {
                    os_strdup(vulnerability->valuestring, (*msu)->patch);
                } else if (!strcmp(vulnerability->string, JSON_MSU_RESTART)) {
                    os_strdup(vulnerability->valuestring, (*msu)->restart_required);
                } else if (!strcmp(vulnerability->string, JSON_MSU_PRODUCT)) {
                    os_strdup(vulnerability->valuestring, (*msu)->product);
                    wm_vuln_check_msu_type(*msu, json_it->child);
                } else if (!strcmp(vulnerability->string, JSON_MSU_SUBTYPE)) {
                    os_strdup(vulnerability->valuestring, (*msu)->subtype);
                } else if (!strcmp(vulnerability->string, JSON_MSU_TITLE)) {
                    os_strdup(vulnerability->valuestring, (*msu)->title);
                } else if (!strcmp(vulnerability->string, JSON_MSU_URL)) {
                    os_strdup(vulnerability->valuestring, (*msu)->url);
                }
            }
        }
    }
}

void wm_vuldet_json_msu_parser_deps(cJSON *json_feed, vu_msu_dep_entry **msu) {
    cJSON *json_it;

    if (json_it = cJSON_GetObjectItem(json_feed, "dependencies"), !json_it) {
        return;
    }

    for (json_it = json_it->child; json_tagged_obj(json_it); json_it = json_it->next) {
        if (*msu) {
            os_calloc(1, sizeof(vu_msu_dep_entry), (*msu)->next);
            (*msu)->next->prev = *msu;
            *msu = (*msu)->next;
        } else {
            os_calloc(1, sizeof(vu_msu_dep_entry), (*msu));
        }

        os_strdup(json_it->string, (*msu)->patch);
        os_calloc(2, sizeof(char *), (*msu)->supers);
        // Duplicate the node key to facilitate the patch correlation
        os_strdup(json_it->string, (*msu)->supers[0]);
        cJSON *sup_it;
        int i;
        for (i = 1, sup_it = json_it->child; sup_it && sup_it->valuestring; i++, sup_it = sup_it->next) {
            os_realloc((*msu)->supers, (i + 2) * sizeof(char *), (*msu)->supers);
            os_strdup(sup_it->valuestring, (*msu)->supers[i]);
            (*msu)->supers[i + 1] = NULL;
        }
    }
}

int wm_vuldet_json_msu_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities) {
    vu_msu_entries *msu = &parsed_vulnerabilities->msu;

    wm_vuldet_json_msu_parser_vuln(json_feed, &msu->vul);
    wm_vuldet_json_msu_parser_deps(json_feed, &msu->dep);

    return 0;
}

int wm_vuldet_insert_cpe_dic(sqlite3 *db, vu_cpe_dic *w_cpes) {
    int i;
    int entry_id;
    vu_cpe_dic_node *node_it;
    sqlite3_stmt *stmt;

    sqlite3_exec(db, vu_queries[VU_REMOVE_CPE_DIC], NULL, NULL, NULL);

    for (i = 0, entry_id = 0; w_cpes->targets_name[i]; i++) {
        for (node_it = w_cpes->targets[i]; node_it; node_it = wm_vuldet_free_dic_node(node_it), entry_id++) {

            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_CPE_HELPER], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }
            sqlite3_bind_int(stmt, 1, entry_id);
            sqlite3_bind_text(stmt, 2, w_cpes->targets_name[i], -1, NULL);
            sqlite3_bind_int(stmt, 3, node_it->action);
            if (wm_vuldet_step(stmt) != SQLITE_DONE) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);

            if (wm_vuldet_insert_cpe_dic_array(db, VU_INSERT_CPE_SOURCE, entry_id, node_it->source)) {
                return OS_INVALID;
            }
            if (wm_vuldet_insert_cpe_dic_array(db, VU_INSERT_CPE_TRANSLATION, entry_id, node_it->translation)) {
                return OS_INVALID;
            }
        }
        free(w_cpes->targets_name[i]);
    }
    os_free(w_cpes->targets_name);
    os_free(w_cpes->targets);

    if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_METADATA], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, vu_feed_tag[FEED_CPEW], -1, NULL);
    sqlite3_bind_text(stmt, 2, vu_feed_ext[FEED_CPEW], -1, NULL);
    sqlite3_bind_text(stmt, 3, w_cpes->version, -1, NULL);
    sqlite3_bind_text(stmt, 4, w_cpes->format_version, -1, NULL);
    sqlite3_bind_text(stmt, 5, w_cpes->update_date, -1, NULL);
    sqlite3_bind_text(stmt, 6, NULL, -1, NULL);
    sqlite3_bind_int(stmt, 7, 0);
    sqlite3_bind_int(stmt, 8, 0);

    if (wm_vuldet_step(stmt) != SQLITE_DONE) {
        return wm_vuldet_sql_error(db, stmt);
    }
    wdb_finalize(stmt);

    os_free(w_cpes->version);
    os_free(w_cpes->format_version);
    os_free(w_cpes->update_date);

    return 0;
}

int wm_vuldet_insert_cpe_dic_array(sqlite3 *db, vu_query query, int id, vu_cpe_dic_section *section) {
    sqlite3_stmt *stmt;
    int type_value;
    int pattern_it, subpattern_it;
    char ***section_it;
    const char *type;

    for (type_value = 0; type_value < 6; type_value++) {
        switch (type_value) {
            case 0:
                section_it = section->vendor;
                type = vu_cpe_tags[CPE_VENDOR];
            break;
            case 1:
                section_it = section->product;
                type = vu_cpe_tags[CPE_PRODUCT];
            break;
            case 2:
                section_it = section->version;
                type = vu_cpe_tags[CPE_VERSION];
            break;
            case 3:
                section_it = section->sw_edition;
                type = vu_cpe_tags[CPE_SW_EDITION];
            break;
            case 4:
                section_it = section->msu_name;
                type = vu_cpe_tags[CPE_MSU_NAME];
            break;
            case 5:
                section_it = section->target_hw;
                type = vu_cpe_tags[CPE_TARGET_HW];
            break;
        }

        for (pattern_it = 0; section_it && section_it[pattern_it]; pattern_it++) {
            for (subpattern_it = 0; section_it[pattern_it][subpattern_it]; subpattern_it++) {
                char *term = NULL;
                char *cterm;
                char *comp_field = NULL;
                char *condition = NULL;

                if (wm_vuldet_prepare(db, vu_queries[query], -1, &stmt, NULL) != SQLITE_OK) {
                    return wm_vuldet_sql_error(db, stmt);
                }

                cterm = !*section_it[pattern_it][subpattern_it] &&
                                            query == VU_INSERT_CPE_SOURCE &&
                                            !type_value ?
                                            NULL : section_it[pattern_it][subpattern_it];
                w_strdup(cterm, term);

                sqlite3_bind_int(stmt, 1, id);
                sqlite3_bind_int(stmt, 2, pattern_it);
                sqlite3_bind_text(stmt, 3, type, -1, NULL);

                if (query == VU_INSERT_CPE_TRANSLATION) {
                    char *exact_term;
                    if (!wm_vuldet_get_term_condition(term, &exact_term, &comp_field, &condition)) {
                        free(term);
                        term = exact_term;
                        sqlite3_bind_text(stmt, 5, comp_field, -1, NULL);
                        sqlite3_bind_text(stmt, 6, condition, -1, NULL);
                    } else {
                        sqlite3_bind_null(stmt, 5);
                        sqlite3_bind_null(stmt, 6);
                    }
                }

                sqlite3_bind_text(stmt, 4, term, -1, NULL);
                if (wm_vuldet_step(stmt) != SQLITE_DONE) {
                    free(term);
                    free(comp_field);
                    free(condition);
                    return wm_vuldet_sql_error(db, stmt);
                }

                wdb_finalize(stmt);
                free(term);
                free(comp_field);
                free(condition);
            }
        }
    }

    return 0;
}

vu_cpe_dic_node *wm_vuldet_free_dic_node(vu_cpe_dic_node *dic_node) {
    int i;
    vu_cpe_dic_node *prev = dic_node->prev;
    vu_cpe_dic_section *section;

    for (i = 0; i < 2; i++) {
        if (!i) {
            section = dic_node->source;
        } else if (i == 1) {
            section = dic_node->translation;
        }

        w_FreeDoubleArray(section->vendor);
        w_FreeDoubleArray(section->product);
        w_FreeDoubleArray(section->version);
        w_FreeDoubleArray(section->sw_edition);
        w_FreeDoubleArray(section->target_hw);
        w_FreeDoubleArray(section->msu_name);
        free(section->vendor);
        free(section->product);
        free(section->version);
        free(section->sw_edition);
        free(section->target_hw);
        free(section->msu_name);
        free(section);
    }

    free(dic_node);

    return prev;
}

vu_msu_vul_entry *wm_vuldet_free_msu_vul_node(vu_msu_vul_entry *node) {
    vu_msu_vul_entry *prev = node->prev;
    os_free(node->cveid);
    os_free(node->product);
    os_free(node->patch);
    os_free(node->title);
    os_free(node->url);
    os_free(node->subtype);
    os_free(node->restart_required);
    os_free(node->check_type);
    os_free(node);
    return prev;
}

vu_msu_dep_entry *wm_vuldet_free_msu_dep_node(vu_msu_dep_entry *node) {
    vu_msu_dep_entry *prev = node->prev;
    free(node->patch);
    w_FreeArray(node->supers);
    free(node->supers);
    free(node);
    return prev;
}

int wm_vuldet_insert_MSU(sqlite3 *db, vu_msu_entries *msu) {
    if (wm_vulndet_insert_msu_vul_entry(db, msu->vul)) {
        return OS_INVALID;
    }

    if (wm_vulndet_insert_msu_dep_entry(db, msu->dep)) {
        return OS_INVALID;
    }

    return 0;
}

int wm_vuldet_request_hotfixes(sqlite3 *db, const char *agent_id) {
    int retval = OS_INVALID;
    cJSON *hotfixes = NULL;
    sqlite3_stmt *stmt = NULL;
    int i_agent_id = atoi(agent_id);

    switch (wm_vuldet_get_hotfixes(i_agent_id, &hotfixes)) {
    case OS_SUCCESS:
        if (!hotfixes) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_HOTFIX_NOT_SYNCED, i_agent_id);
            goto end;
        }
        break;
    default: // OS_INVALID
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_HOTFIX_REQUEST_ERROR, i_agent_id);
        goto end;
    }

    if (hotfixes->child) { //JSON array not empty
        sqlite3_exec(db, vu_queries[BEGIN_T], NULL, NULL, NULL);

        for (cJSON *hotfixes_it = hotfixes->child; hotfixes_it; hotfixes_it = hotfixes_it->next) {
            if (!hotfixes_it->child || !hotfixes_it->child->valuestring) {
                retval = OS_INVALID;
                goto end;
            }

            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_AGENT_HOTFIXES], -1, &stmt, NULL) != SQLITE_OK) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_SQL_ERROR, sqlite3_errmsg(db));
                retval = OS_INVALID;
                goto end;
            }

            sqlite3_bind_text(stmt, 1, agent_id, -1, NULL);
            sqlite3_bind_text(stmt, 2, hotfixes_it->child->valuestring, -1, NULL);

            if (wm_vuldet_step(stmt) != SQLITE_DONE) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_SQL_ERROR, sqlite3_errmsg(db));
                retval = OS_INVALID;
                goto end;
            }
            wdb_finalize(stmt);
        }

        sqlite3_exec(db, vu_queries[END_T], NULL, NULL, NULL);
    }
    else {
        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_NO_HOTFIX_AVAIL, i_agent_id);
    }

    retval = OS_SUCCESS;

end:
    wdb_finalize(stmt);
    cJSON_Delete(hotfixes);
    return retval;
}

void wm_vuldet_reset_tables(sqlite3 *db) {
    sqlite3_exec(db, vu_queries[VU_REMOVE_AGENTS_TABLE], NULL, NULL, NULL);
    sqlite3_exec(db, vu_queries[VU_REMOVE_AGENT_CPE], NULL, NULL, NULL);
    sqlite3_exec(db, vu_queries[VU_REMOVE_HOTFIXES_TABLE], NULL, NULL, NULL);
}

int wm_vuldet_build_unix_os_release(scan_agent *agent,
                                    const char* os_major,
                                    const char* os_minor,
                                    const char* os_patch) {
    if (!agent) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_AGENT_NOT_INITIALIZED);
        return OS_INVALID;
    }
    if (!os_major) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_OSINFOLNX_ERROR, atoi(agent->agent_id));
        return OS_INVALID;
    }

    char *version = NULL;
    char *minor  = NULL;

    w_strdup(os_minor ? os_minor : "0", minor);

    // We need the OS version in the format 'x.y.z'
    // To match the NVD vulnerabilities
    if (agent->dist == FEED_MAC && os_patch) {
        size_t ver_length = strlen(os_major) + strlen(minor) + strlen(os_patch) + 2; // Two dots
        os_calloc(ver_length + 1, sizeof(char), version);
        snprintf(version, ver_length + 1, "%s.%s.%s", os_major, minor, os_patch);
    }
    else {
        size_t ver_length = strlen(os_major) + strlen(minor) + 1; // One dot
        os_calloc(ver_length + 1, sizeof(char), version);
        snprintf(version, ver_length + 1, "%s.%s", os_major, minor);
    }

    w_strdup(version, agent->os_release);

    os_free(version);
    os_free(minor);

    return OS_SUCCESS;
}

int wm_vuldet_index_json(wm_vuldet_db *parsed_vulnerabilities, update_node *update, char *path, char multi_path) {

    int retval = OS_INVALID;
    DIR *upd_dir = NULL;
    struct dirent *entry;
    char *path_cpy = NULL;

    if (multi_path) {
        char *directory = NULL;
        char generated_path[PATH_MAX + 1];
        char *pattern;
        regex_t path_pattern;
        regmatch_t match;
        update->update_it = 0;
        bool found_feed = false;
        os_strdup(path, path_cpy);

        if (*path_cpy != '/') {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MULTIPATH_ERROR, path_cpy, "relative path");
            goto end;
        }

        if (directory = strrchr(path_cpy, '/'), !directory) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MULTIPATH_ERROR, path_cpy, "corrupted");
            goto end;
        }

        *directory = '\0';
        pattern = directory + 1;

        if (upd_dir = opendir(path_cpy == directory ? "/" : path_cpy), !upd_dir) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MULTIPATH_ERROR, path_cpy == directory ? "/" : path_cpy, strerror(errno));
            goto end;
        }

        if (regcomp(&path_pattern, pattern, 0)) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_REGEX_COMPILE_ERROR, pattern);
            goto end;
        }

        while (entry = readdir(upd_dir), entry) {
            if ((strcmp(entry->d_name, ".") == 0) ||
                (strcmp(entry->d_name, "..") == 0)) {
                continue;
            }
            snprintf(generated_path, PATH_MAX, "%s/%s", path_cpy, entry->d_name);

            if (w_is_file(generated_path)) {
                if(!regexec(&path_pattern, entry->d_name, 1, &match, 0)) {
                    found_feed = true;
                    mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_JSON_FEED, generated_path);
                    if (wm_vuldet_json_parser(generated_path, parsed_vulnerabilities, update) == OS_INVALID) {
                        regfree(&path_pattern);
                        goto end;
                    }
                }
            }
        }

        regfree(&path_pattern);

        if (found_feed == false) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_MULTIPATH_ERROR, path_cpy, "feed not found");
            goto end;
        }

    } else {
        int result;

        mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_UPDATE_JSON_FEED, path);
        if (result = wm_vuldet_json_parser(path, parsed_vulnerabilities, update), result == OS_INVALID) {
            goto end;
        } else if (result == VU_NOT_NEED_UPDATE) {
            retval = VU_NOT_NEED_UPDATE;
            goto end;
        }
    }

    retval = 0;
end:
    free(path_cpy);

    if (upd_dir) {
        closedir(upd_dir);
    }

    return retval;
}

int wm_vuldet_remove_sequence(sqlite3 *db, char *table) {
    sqlite3_stmt *stmt = NULL;

    if (wm_vuldet_prepare(db, vu_queries[VU_REMOVE_SQUENCE], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, table, -1, NULL);

    if (wm_vuldet_step(stmt) != SQLITE_DONE) {
        return wm_vuldet_sql_error(db, stmt);
    }
    wdb_finalize(stmt);

    return 0;
}

int wm_vuldet_remove_table(sqlite3 *db, char *table) {
    sqlite3_stmt *stmt = NULL;
    char query[OS_SIZE_128 + 1];

    snprintf(query, OS_SIZE_128, vu_queries[DELETE_QUERY], table);
    if (wm_vuldet_prepare(db, query, -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, table, -1, NULL);

    if (wm_vuldet_step(stmt) != SQLITE_DONE) {
        return wm_vuldet_sql_error(db, stmt);
    }
    wdb_finalize(stmt);

    return wm_vuldet_remove_sequence(db, table);
}

int wm_vuldet_index_nvd(sqlite3 *db, update_node *upd, nvd_vulnerability *nvd_it) {
    time_t index_time = time(NULL);
    int result = 0;
    int cve_count = 0;

    // Clean everything only if there are still residues of an offline update
    // made by multi_path update. For the cases of multi_url or the online
    // update, we just need to clean the NVD for the year being indexed.
    if (result = wm_vuldet_has_offline_update(db), result == OS_INVALID) {
        goto error;
    } else if (result == 1 && upd->multi_path && wm_vuldet_clean_nvd(db)) {
        goto error;
    } else if (!upd->multi_path && wm_vuldet_clean_nvd_year(db, upd->update_it)) {
        goto error;
    }

    while (nvd_it) {
        nvd_vulnerability *r_node = nvd_it;

        if (wm_vuldet_insert_nvd_cve(db, nvd_it, upd->update_it)) {
            goto error;
        }
        nvd_it = nvd_it->next;
        wm_vuldet_free_nvd_node(r_node);
        cve_count++;
    }

    if (wm_vuldet_index_nvd_metadata(db, upd->update_it, cve_count, upd->multi_path || upd->multi_url)) {
        goto error;
    }

    mtdebug2(WM_VULNDETECTOR_LOGTAG, VU_INDEX_TIME, time(NULL) - index_time, "index the NVD");

    return OS_SUCCESS;
error:
    wm_vuldet_free_nvd_list(nvd_it);

    return OS_INVALID;
}

int wm_vuldet_clean_rh(sqlite3 *db) {
    char open_db = 0;

    if (!db) {
        if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, NULL);
        }

        open_db = 1;
    }

    if (wm_vuldet_remove_target_table(db, METADATA_TABLE, vu_feed_tag[FEED_REDHAT])  ||
        wm_vuldet_remove_target_table(db, CVE_INFO_TABLE, vu_feed_tag[FEED_REDHAT])) {
        return OS_INVALID;
    }
    if (open_db) {
        sqlite3_close_v2(db);
    }
    return 0;
}

int wm_vuldet_clean_wcpe(sqlite3 *db) {
    char open_db = 0;

    if (!db) {
        if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READWRITE, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, NULL);
        }

        open_db = 1;
    }

    if (wm_vuldet_remove_target_table(db, METADATA_TABLE, vu_feed_tag[FEED_CPEW])        ||
        wm_vuldet_remove_table(db, CPEH_SOURCE_TABLE) ||
        wm_vuldet_remove_table(db, CPET_TRANSL_TABLE) ||
        wm_vuldet_remove_table(db, CPE_HELPER_TABLE)) {
        return OS_INVALID;
    }
    if (open_db) {
        sqlite3_close_v2(db);
    }
    return 0;
}

char *wm_vuldet_cpe_str(cpe *cpe_s) {
    char *generated_cpe;

    os_calloc(OS_SIZE_256 + 1, sizeof(char), generated_cpe);

    snprintf(generated_cpe, OS_SIZE_256, "%c:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s",
        cpe_s->part ? *cpe_s->part : ' ',
        cpe_s->vendor,
        cpe_s->product,
        cpe_s->version ? cpe_s->version : "",
        cpe_s->update ? cpe_s->update : "",
        cpe_s->edition ? cpe_s->edition : "",
        cpe_s->language ? cpe_s->language : "",
        cpe_s->sw_edition ? cpe_s->sw_edition : "",
        cpe_s->target_sw ? cpe_s->target_sw : "",
        cpe_s->target_hw ? cpe_s->target_hw : "",
        cpe_s->other ? cpe_s->other : "");

    return generated_cpe;
}

cJSON *wm_vuldet_json_fread(char *json_file) {
    cJSON *feed;
    char compress;

    switch (w_uncompress_bz2_gz_file(json_file, VU_TEMP_FILE)) {
    case -1:
        return NULL;
    case 0:
        compress = 1;
        break;
    default:
        compress = 0;
    }

    feed = json_fread(compress ? VU_TEMP_FILE : json_file, 0);

    if (compress && remove(VU_TEMP_FILE) < 0) {
        mtdebug2(WM_VULNDETECTOR_LOGTAG, "remove(%s): %s", VU_TEMP_FILE, strerror(errno));
    }

    return feed;
}

cJSON *wm_vuldet_get_cvss(const char *scoring_vector) {
    cJSON *cvss_json = NULL;
    char impact;
    const char *vector_it;
    STATIC char *cvss_attack_vector = "AV:";
    STATIC char *cvss_access_complexity = "AC:";
    STATIC char *cvss_authentication = "Au:"; // CVSS2 only
    STATIC char *cvss_confidentiality_impact = "C:";
    STATIC char *cvss_integrity_impact = "I:";
    STATIC char *cvss_availability = "A:";
    STATIC char *cvss_privileges_required = "PR:"; // CVSS3 only
    STATIC char *cvss_user_interaction = "UI:"; // CVSS3 only
    STATIC char *cvss_scope = "S:"; // CVSS3 only

    if (NULL == scoring_vector)
        return NULL;

    // Making a copy to avoid modifying the original string
    char* vector = NULL;
    os_strdup(scoring_vector, vector);

    if (cvss_json = cJSON_CreateObject(), cvss_json) {
        char* token = NULL;

        for (token = strtok(vector, "/"); NULL != token; token = strtok(NULL, "/"))
        {
            // Attack vector
            if (vector_it = strstr(token, cvss_attack_vector), vector_it) {
                impact = *(vector_it + strlen(cvss_attack_vector));
                if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "attack_vector", "local");
                } else if (impact == 'A') {
                    cJSON_AddStringToObject(cvss_json, "attack_vector", "adjacent_network");
                } else if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "attack_vector", "network");
                } else if (impact == 'P') {
                    cJSON_AddStringToObject(cvss_json, "attack_vector", "physical");
                }
            }
            // Access complexity
            else if (vector_it = strstr(token, cvss_access_complexity), vector_it) {
                impact = *(vector_it + strlen(cvss_access_complexity));
                if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "access_complexity", "low");
                } else if (impact == 'M') {
                    cJSON_AddStringToObject(cvss_json, "access_complexity", "medium");
                } else if (impact == 'H') {
                    cJSON_AddStringToObject(cvss_json, "access_complexity", "high");
                }
            }
            // Authentication
            else if (vector_it = strstr(token, cvss_authentication), vector_it) {
                impact = *(vector_it + strlen(cvss_authentication));
                if (impact == 'M') {
                    cJSON_AddStringToObject(cvss_json, "authentication", "multiple");
                } else if (impact == 'S') {
                    cJSON_AddStringToObject(cvss_json, "authentication", "single");
                } else if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "authentication", "none");
                }
            }
            // Confidentiality impact
            else if (vector_it = strstr(token, cvss_confidentiality_impact), vector_it) {
                impact = *(vector_it + strlen(cvss_confidentiality_impact));
                if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "confidentiality_impact", "none");
                } else if (impact == 'P') {
                    cJSON_AddStringToObject(cvss_json, "confidentiality_impact", "partial");
                } else if (impact == 'C') {
                    cJSON_AddStringToObject(cvss_json, "confidentiality_impact", "complete");
                } else if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "confidentiality_impact", "low");
                } else if (impact == 'H') {
                    cJSON_AddStringToObject(cvss_json, "confidentiality_impact", "high");
                }
            }
            // User interaction
            else if (vector_it = strstr(token, cvss_user_interaction), vector_it) {
                impact = *(vector_it + strlen(cvss_user_interaction));
                if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "user_interaction", "none");
                } else if (impact == 'R') {
                    cJSON_AddStringToObject(cvss_json, "user_interaction", "required");
                }
            }
            // Integrity impact
            else if (vector_it = strstr(token, cvss_integrity_impact), vector_it) {
                impact = *(vector_it + strlen(cvss_integrity_impact));
                if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "integrity_impact", "none");
                } else if (impact == 'P') {
                    cJSON_AddStringToObject(cvss_json, "integrity_impact", "partial");
                } else if (impact == 'C') {
                    cJSON_AddStringToObject(cvss_json, "integrity_impact", "complete");
                } else if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "integrity_impact", "low");
                } else if (impact == 'H') {
                    cJSON_AddStringToObject(cvss_json, "integrity_impact", "high");
                }
            }
            // Availability
            else if (vector_it = strstr(token, cvss_availability), vector_it) {
                impact = *(vector_it + strlen(cvss_availability));
                if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "availability", "none");
                } else if (impact == 'P') {
                    cJSON_AddStringToObject(cvss_json, "availability", "partial");
                } else if (impact == 'C') {
                    cJSON_AddStringToObject(cvss_json, "availability", "complete");
                } else if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "availability", "low");
                } else if (impact == 'H') {
                    cJSON_AddStringToObject(cvss_json, "availability", "high");
                }
            }
            // Privileges required
            else if (vector_it = strstr(token, cvss_privileges_required), vector_it) {
                impact = *(vector_it + strlen(cvss_privileges_required));
                if (impact == 'N') {
                    cJSON_AddStringToObject(cvss_json, "privileges_required", "none");
                } else if (impact == 'P') {
                    cJSON_AddStringToObject(cvss_json, "privileges_required", "partial");
                } else if (impact == 'C') {
                    cJSON_AddStringToObject(cvss_json, "privileges_required", "complete");
                } else if (impact == 'L') {
                    cJSON_AddStringToObject(cvss_json, "privileges_required", "low");
                } else if (impact == 'H') {
                    cJSON_AddStringToObject(cvss_json, "privileges_required", "high");
                }
            }
            // Scope
            else if (vector_it = strstr(token, cvss_scope), vector_it) {
                impact = *(vector_it + strlen(cvss_scope));
                if (impact == 'U') {
                    cJSON_AddStringToObject(cvss_json, "scope", "unchanged");
                } else if (impact == 'C') {
                    cJSON_AddStringToObject(cvss_json, "scope", "changed");
                }
            }
        }
    }

    os_free(vector);

    return cvss_json;
}

int wm_vuldet_get_term_condition(char *i_term, char **term, char **comp_field, char **condition) {
    STATIC regex_t *regex = NULL;
    regmatch_t matches[5];

    if (!i_term) {
        return 1;
    }

    if (!regex) {
        const char *pattern = "^([^ ]+)[ ]+\\([ ]*([^ ]+)[ ]+([^ ]+)[ ]+([^ ]+)\\)";
        os_calloc(1, sizeof(regex_t), regex);

        if (regcomp(regex, pattern, REG_EXTENDED)) {
            mterror_exit(WM_VULNDETECTOR_LOGTAG, "Unexpected error when compiling '%s'.", pattern);
        }
    }

    int retval = 1;
    if (!regexec(regex, i_term, 5, matches, 0)) {
        int i;
        char **target;
        char *part = NULL;
        char *op = NULL;
        char *check = NULL;
        char *op_value = NULL;
        size_t size;

        for (i = 1; i < 5; i++) {
            int start = (&matches[i])->rm_so;
            int end = (&matches[i])->rm_eo;

            switch (i) {
                case 1:
                    target = &part;
                break;
                case 2:
                    target = &op;
                break;
                case 3:
                    target = &check;
                break;
                case 4:
                    target = &op_value;
                break;
                default:
                    goto free_mem;
            }

            if (!(start >= 0 && end >= 0 && end > start && (unsigned int) (end - start) <= strlen(i_term))) {
                goto free_mem;
            }

            os_strdup(i_term + start, *target);
            (*target)[end - start] = '\0';
        }

        // Unnecessary check to remove a false positive reported by Coverity
        if (!part || !op || !check || !op_value) {
            goto free_mem;
        }

        size = strlen(check) + strlen(op_value) + 3;
        os_calloc(size, sizeof(char), *condition);
        snprintf(*condition, size, "%s %s", check, op_value);
        os_strdup(part, *term);
        os_strdup(op, *comp_field);

        retval = 0;
free_mem:
        os_free(part);
        os_free(op);
        os_free(check);
        os_free(op_value);
    }

    if (regex) {
        regfree(regex);
        os_free(regex);
    }

    return retval;
}

cpe *wm_vuldet_generate_cpe(const char *part, const char *vendor, const char *product, const char *version, const char *update, const char *edition, const char *language, const char *sw_edition, const char *target_sw, const char *target_hw, const char *other, const int id, const char *msu_name) {
    cpe *new_cpe;
    os_calloc(1, sizeof(cpe), new_cpe);

    // CPE fields
    w_strdup(part, new_cpe->part);
    w_strdup(vendor, new_cpe->vendor);
    w_strdup(product, new_cpe->product);
    w_strdup(version, new_cpe->version);
    w_strdup(update, new_cpe->update);
    w_strdup(edition, new_cpe->edition);
    w_strdup(language, new_cpe->language);
    w_strdup(sw_edition, new_cpe->sw_edition);
    w_strdup(target_sw, new_cpe->target_sw);
    w_strdup(target_hw, new_cpe->target_hw);
    w_strdup(other, new_cpe->other);

    // Extra fields
    new_cpe->id = id;
    w_strdup(msu_name, new_cpe->msu_name);
    new_cpe->check_hotfix = new_cpe->msu_name ? 1 : 0;
    new_cpe->raw = wm_vuldet_cpe_str(new_cpe);

    return new_cpe;
}

void wm_vuldet_run_scan(wm_vuldet_t *vuldet) {

    mtinfo(WM_VULNDETECTOR_LOGTAG, VU_START_SCAN);

    if (wm_vuldet_nvd_empty() == 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_NVD_EMPTY);
        vuldet->last_scan = time(NULL);
        return;
    }

    if (wm_vuldet_collect_agents_to_scan(vuldet)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_NO_AGENT_ERROR);
    }
    else {
        if (wm_vuldet_check_agent_vulnerabilities(vuldet)) {
            mterror(WM_VULNDETECTOR_LOGTAG, VU_AG_CHECK_ERR);
        } else {
            mtinfo(WM_VULNDETECTOR_LOGTAG, VU_END_SCAN);
        }
    }

    scan_agent *agent;
    for (agent = vuldet->scan_agents; agent;) {
        scan_agent *agent_aux = agent->next;

        wm_vuldet_free_scan_agent(agent);
        if (agent_aux) {
            agent = agent_aux;
        } else {
            break;
        }
    }

    vuldet->scan_agents = NULL;
    vuldet->last_scan = time(NULL);

}

void wm_vuldet_run_sleep(wm_vuldet_t * vuldet) {
    time_t t_now = time(NULL);
    time_t time_sleep = (vuldet->last_scan + vuldet->scan_interval) - t_now;
    int i;

    if (time_sleep <= 0) {
        time_sleep = 1;
        i = OS_SUPP_SIZE;
    } else {
        i = 0;
    }

    // Check the remaining time for all updates and adjust the sleep time
    for (; i < OS_SUPP_SIZE; i++) {
        if (vuldet->updates[i]) {
            time_t t_diff = (vuldet->updates[i]->last_sync + vuldet->updates[i]->interval) - t_now;
            // Stop checking if we have any pending updates
            if (t_diff <= 0) {
                time_sleep = 1;
                break;
            } else if (t_diff < time_sleep) {
                time_sleep = t_diff;
            }
        }
    }

    mtdebug2(WM_VULNDETECTOR_LOGTAG, "Sleeping for %lu seconds...", time_sleep);
    sleep(time_sleep);
}

void wm_vuldet_init(wm_vuldet_t * vuldet) {
    wm_vuldet_flags *flags = &vuldet->flags;
    int i;

    if (!flags->enabled) {
        mtdebug1(WM_VULNDETECTOR_LOGTAG, "Module disabled. Exiting...");
        pthread_exit(NULL);
    }

    vuldet->queue_fd = StartMQ(DEFAULTQUEUE, WRITE, INFINITE_OPENQ_ATTEMPTS);

    if (vuldet->queue_fd < 0) {
        mterror(WM_VULNDETECTOR_LOGTAG, "Can't connect to queue.");
        pthread_exit(NULL);
    }

    vu_queue = &vuldet->queue_fd;

    SSL_library_init();
    SSL_load_error_strings();
    OpenSSL_add_all_algorithms();


    for (i = 0; SSL_library_init() < 0 && i < WM_MAX_ATTEMPTS; i++) {
        sleep(WM_MAX_WAIT);
    }

    if (i == WM_MAX_ATTEMPTS) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_SSL_LIBRARY_ERROR);
        pthread_exit(NULL);
    }

    if (!flags->run_on_start) {
        time_t time_sleep = vuldet->scan_interval;
        for (i = 0; i < OS_SUPP_SIZE; i++) {
            if (vuldet->updates[i] && (vuldet->updates[i]->interval < time_sleep)) {
                time_sleep = vuldet->updates[i]->interval;
            }
        }
        // Initial sleep
        sleep(time_sleep);
    }

    /* Get node name of this manager in cluster */
    vuldet->node_name = get_node_name();
}

void wm_vuldet_update_last_scan(scan_ctx_t* scan_ctx) {
    char query[OS_SIZE_256];
    const char* vu_query = scan_ctx->scan_type == VU_PARTIAL_SCAN ? vu_queries[VU_SET_LAST_PARTIAL_SCAN] : vu_queries[VU_SET_LAST_FULL_SCAN];

    snprintf(query, OS_SIZE_256, vu_query, scan_ctx->agent_id, time(NULL));
    if (wm_vuldet_wdb_request(query, OS_SIZE_256)) {
        mtwarn(WM_VULNDETECTOR_LOGTAG, VU_WDB_LASTSCAN_ERROR, scan_ctx->agent_id);
    }
}

time_t wm_vuldet_get_last_scan(scan_ctx_t* scan_ctx, const char* item) {
    time_t last_scan = -1;
    char request[OS_SIZE_6144];

    snprintf(request, OS_SIZE_128, vu_queries[VU_GET_LAST_SCAN], scan_ctx->agent_id);

    if (wm_vuldet_wdb_request(request, OS_SIZE_6144)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_INV_WAZUHDB_RES, request);
        return last_scan;
    }

    if (!wm_vuldet_wdb_valid_answ(request)) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_INV_WAZUHDB_RES, request);
        return last_scan;
    }

    last_scan = 0;

    cJSON* response = cJSON_Parse(request+3);
    cJSON* j_last_scan = NULL;
    if (response && response->child && (j_last_scan = cJSON_GetObjectItem(response->child, item))) {
        last_scan = j_last_scan->valueint;
    }
    cJSON_Delete(response);

    return last_scan;
}

time_t wm_vuldet_get_last_full_scan(scan_ctx_t* scan_ctx) {
    return wm_vuldet_get_last_scan(scan_ctx, "LAST_FULL_SCAN");
}

time_t wm_vuldet_get_last_partial_scan(scan_ctx_t* scan_ctx) {
    return wm_vuldet_get_last_scan(scan_ctx, "LAST_PARTIAL_SCAN");
}

bool wm_vuldet_feed_changed (update_node** feeds, scan_agent* agent, time_t last_scan) {
    update_node* target_feed = NULL;
    bool ret = FALSE;

    // Windows feed
    if (agent->dist == FEED_WIN) {
        target_feed = feeds[CVE_MSU];
    }
    // Unix feed
    else {
        for (int i=0; i<OS_SUPP_SIZE; i++) {
            if (feeds[i] && feeds[i]->dist_tag_ref == agent->dist_ver) {
                target_feed=feeds[i];
                break;
            }
        }
    }
    if (target_feed && target_feed->last_update > last_scan) {
        ret = TRUE;
    }

    // NVD feed
    if (feeds[CVE_NVD] && feeds[CVE_NVD]->last_update > last_scan) {
        ret = TRUE;
    }

    return ret;
}

time_t wm_vuldet_get_last_feed_update(vu_feed feed) {
    sqlite3 *db = NULL;
    sqlite3_stmt *stmt = NULL;
    time_t ret = -1;

    if (sqlite3_open_v2(CVE_DB, &db, SQLITE_OPEN_READONLY, NULL) != SQLITE_OK) {
        wm_vuldet_sql_error(db, stmt);
        return ret;
    }

    if (feed == FEED_NVD) {
        if (wm_vuldet_prepare(db, vu_queries[VU_GET_NVD_LAST_UPDATE], -1, &stmt, NULL) != SQLITE_OK) {
            wm_vuldet_sql_error(db, stmt);
            return ret;
        }
    }
    else {
        if (wm_vuldet_prepare(db, vu_queries[VU_GET_LAST_UPDATE], -1, &stmt, NULL) != SQLITE_OK) {
            wm_vuldet_sql_error(db, stmt);
            return ret;
        }
        sqlite3_bind_text(stmt, 1, vu_feed_tag[feed], -1, NULL);
    }

    if (wm_vuldet_step(stmt) == SQLITE_ROW) {
        ret = (time_t)sqlite3_column_int(stmt, 0);
    }

    wdb_finalize(stmt);
    sqlite3_close_v2(db);

    return ret;
}

int wm_vuldet_get_wdb_socket() {
    if (wdb_vuldet_sock < 0) {
        int i;
        for (i = 0; i < VU_MAX_WAZUH_DB_ATTEMPS && (wdb_vuldet_sock = OS_ConnectUnixDomain(WDB_LOCAL_SOCK, SOCK_STREAM, OS_SIZE_6144)) < 0; i++) {
            mtdebug1(WM_VULNDETECTOR_LOGTAG, VU_SOCKET_RETRY, WDB_LOCAL_SOCK, i);
            sleep(i * i);
            if (i == VU_MAX_WAZUH_DB_ATTEMPS) {
                mterror(WM_VULNDETECTOR_LOGTAG, VU_SOCKET_RETRY_ERROR, WDB_LOCAL_SOCK);
                i = -1;
            }
        }
    }

    return wdb_vuldet_sock;
}

int wm_vuldet_send_wdb(char *msg) {
    int res = OS_INVALID;
    int sock = wm_vuldet_get_wdb_socket();
    size_t size = strlen(msg) + 1;

    if (sock < 0 || (res = OS_SendSecureTCP(sock, size, msg))) {
        wm_vuldet_close_wdb();
    }
    return res;
}

int wm_vuldet_recv_wdb(char *msg, size_t size) {
    int res;
    int sock = wm_vuldet_get_wdb_socket();
    if (sock < 0 || (res = OS_RecvSecureTCP(sock, msg, size)) < 3) {
        wm_vuldet_close_wdb();
        return OS_INVALID;
    }
    msg[res] = '\0';
    return res;
}

void wm_vuldet_close_wdb() {
    if (wdb_vuldet_sock >= 0) {
        close(wdb_vuldet_sock);
        wdb_vuldet_sock = -1;
    }
}

char *wm_vuldet_normalize_date(char **date) {
    STATIC regex_t *r_timestap = NULL;
    STATIC regex_t *r_utc = NULL;
    STATIC regex_t *r_only_date = NULL;
    int success = 0;
    char matched_pattern = 0;

    if (!*date) {
        goto end;
    }

    if (!r_timestap) {
        const char *pattern = "([0-9]{4}[-/][0-9]{2}[-/][0-9]{2}[ T][0-9]{2}:[0-9]{2}:[0-9]{2}[A-Z])";
        os_calloc(1, sizeof(regex_t), r_timestap);
        if (regcomp(r_timestap, pattern, REG_EXTENDED)) {
            mterror_exit(WM_VULNDETECTOR_LOGTAG, "Unexpected error when compiling '%s'.", pattern);
        }
    }

    if (!r_utc) {
        const char *pattern = "([0-9]{4}[-/][0-9]{2}[-/][0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}) UTC";
        os_calloc(1, sizeof(regex_t), r_utc);
        if (regcomp(r_utc, pattern, REG_EXTENDED)) {
            mterror_exit(WM_VULNDETECTOR_LOGTAG, "Unexpected error when compiling '%s'.", pattern);
        }
    }

    if (!r_only_date) {
        const char *pattern = "([0-9]{4}[-/][0-9]{2}[-/][0-9]{2})";
        os_calloc(1, sizeof(regex_t), r_only_date);
        if (regcomp(r_only_date, pattern, REG_EXTENDED)) {
            mterror_exit(WM_VULNDETECTOR_LOGTAG, "Unexpected error when compiling '%s'.", pattern);
        }
    }

    regmatch_t matched_date;
    memset(&matched_date, 0, sizeof(regmatch_t));

    if (!regexec(r_timestap, *date, 1, &matched_date, 0)) {
        matched_pattern = 1;
    } else if (!regexec(r_utc, *date, 1, &matched_date, 0)) {
        matched_pattern = 2;
    } else if (!regexec(r_only_date, *date, 1, &matched_date, 0)) {
        matched_pattern = 3;
    }

    if (matched_pattern) {
            int start = matched_date.rm_so;
            int end = matched_date.rm_eo;
            size_t size = end - start;
            char *new_date = NULL;
            char *found;

            if (!(start >= 0 && end >= 0 && end > start && (unsigned int) (size) <= strlen(*date))) {
                goto end;
            }

            (*date)[start + end] = '\0';
            new_date = wstr_replace((char *) *date + start, "/", "-") ;
            os_free(*date);

            switch (matched_pattern) {
                case 1:
                    if (found = strchr(new_date, ' '), found) {
                        *found = 'T';
                    }
                break;
                case 2:
                    if (found = strchr(new_date, ' '), !found) {
                        free(new_date);
                        goto end;
                    }
                    *found = 'T';
                    if (found = strchr(new_date, ' '), !found) {
                        free(new_date);
                        goto end;
                    }
                    *(found++) = 'Z';
                    *found = '\0';
                break;
                case 3:
                    // The date is valid
                break;
                default:
                    free(new_date);
                    goto end;
            }

            *date = new_date;
            success = 1;
    }

end:
    if (!success) {
        // Check if it is a epoch format
        if (!*date || !w_str_is_number(*date)) {
           os_free(*date);
        }
    }

    if (r_timestap) {
        regfree(r_timestap);
        os_free(r_timestap);
    }
    if (r_utc) {
        regfree(r_utc);
        os_free(r_utc);
    }
    if (r_only_date) {
        regfree(r_only_date);
        os_free(r_only_date);
    }

    return *date;
}

int wm_vulndet_insert_msu_vul_entry(sqlite3 *db, vu_msu_vul_entry *vul) {
    sqlite3_stmt *stmt = NULL;
    int result;

    sqlite3_exec(db, vu_queries[VU_REMOVE_MSU], NULL, NULL, NULL);

    for (; vul; vul = wm_vuldet_free_msu_vul_node(vul)) {
        if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_MSU], -1, &stmt, NULL) != SQLITE_OK) {
            return wm_vuldet_sql_error(db, stmt);
        }

        sqlite3_bind_text(stmt, 1, vul->cveid, -1, NULL);
        sqlite3_bind_text(stmt, 2, vul->product, -1, NULL);
        if (vul->patch) {
            sqlite3_bind_text(stmt, 3, strncmp(vul->patch, "KB", 2) ? vul->patch : vul->patch + 2, -1, NULL);
        }
        sqlite3_bind_text(stmt, 4, vul->title, -1, NULL);
        sqlite3_bind_text(stmt, 5, vul->url, -1, NULL);
        sqlite3_bind_text(stmt, 6, vul->subtype, -1, NULL);
        sqlite3_bind_text(stmt, 7, vul->restart_required, -1, NULL);
        sqlite3_bind_text(stmt, 8, vul->check_type, -1, NULL);

        if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
            return wm_vuldet_sql_error(db, stmt);
        }
        wdb_finalize(stmt);
    }

    return 0;
}

int wm_vulndet_insert_msu_dep_entry(sqlite3 *db, vu_msu_dep_entry *dep) {
    sqlite3_stmt *stmt = NULL;
    int result;

    sqlite3_exec(db, vu_queries[VU_REMOVE_MSU_SUP], NULL, NULL, NULL);

    for (; dep; dep = wm_vuldet_free_msu_dep_node(dep)) {
        int i;
        for (i = 0; dep->supers[i]; i++) {
            if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_MSU_SUPER], -1, &stmt, NULL) != SQLITE_OK) {
                return wm_vuldet_sql_error(db, stmt);
            }
            if (dep->patch) {
                sqlite3_bind_text(stmt, 1, strncmp(dep->patch, "KB", 2) ? dep->patch : dep->patch + 2, -1, NULL);
            }
            if (dep->supers[i]) {
                sqlite3_bind_text(stmt, 2, strncmp(dep->supers[i], "KB", 2) ? dep->supers[i] : dep->supers[i] + 2, -1, NULL);

                // A super can be a patch too, so non-duplicated ones will be added as rows
                sqlite3_bind_text(stmt, 3, strncmp(dep->supers[i], "KB", 2) ? dep->supers[i] : dep->supers[i] + 2, -1, NULL);
                sqlite3_bind_text(stmt, 4, strncmp(dep->supers[i], "KB", 2) ? dep->supers[i] : dep->supers[i] + 2, -1, NULL);
            }

            if (result = wm_vuldet_step(stmt), result != SQLITE_DONE) {
                return wm_vuldet_sql_error(db, stmt);
            }
            wdb_finalize(stmt);
        }
    }

    return 0;
}

void wm_vuln_check_msu_type(vu_msu_vul_entry *msu, cJSON *patchs) {
    const char *win10_pattern = "Windows 10";
    const char *version_pattern = " Version ";

    if (strncmp(msu->product, win10_pattern, strlen(win10_pattern))) {
        w_strdup("1", msu->check_type);
        return;
    }

    if (!strncmp(msu->product + strlen(win10_pattern), version_pattern, strlen(version_pattern))) {
        msu->check_type = w_tolower_str(strtok(msu->product + strlen(win10_pattern) + strlen(version_pattern), " "));
        return;
    }

    for (; patchs; patchs = patchs->next) {
        cJSON *product_json = cJSON_GetObjectItem(patchs, "product");
        char *product_name;
        if (!product_json || !(product_name = product_json->valuestring)) {
            continue;
        }

        if (strncmp(product_name, win10_pattern, strlen(win10_pattern)) ||
            strncmp(product_name + strlen(win10_pattern), version_pattern, strlen(version_pattern))) {
            continue;
        }
        w_strdup("1", msu->check_type);
        break;
    }
}

bool wm_vuldet_check_enabled_msu(sqlite3 *db) {
    sqlite3_stmt *stmt = NULL;
    size_t count = 0;

    if (wm_vuldet_prepare(db, vu_queries[VU_SIZE_MSU], -1, &stmt, NULL) != SQLITE_OK) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_SQL_ERROR, sqlite3_errmsg(db));
        goto clean;
    }

    if (wm_vuldet_step(stmt) != SQLITE_ROW) {
        mterror(WM_VULNDETECTOR_LOGTAG, VU_SQL_ERROR, sqlite3_errmsg(db));
        goto clean;
    }

    count = sqlite3_column_int(stmt, 0);

clean:
    wdb_finalize(stmt);
    return (count)? true : false;
}

int wm_vuldet_compare_vendors(char * vendor) {
    int vendor_len = 0;
    int vendor_it = 0;
    int external_vendor = 1;

    vendor_len = array_size(vu_vendor_list_redhat);
    for (vendor_it = 0; vendor_it < vendor_len; ++vendor_it) {
        if (!strcmp(vendor, vu_vendor_list_redhat[vendor_it])) {
            external_vendor = 0;
            break;
        }
    }

    return external_vendor;
}

void wm_vuldel_truncate_revision(char * revision) {

    if (!revision)
        return;

    int target_len = 0;
    char * found;
    target_len = array_size(vu_package_dist);
    for (int i = 0; i < target_len; i++) {
        if ((found = strstr(revision, vu_package_dist[i])) != NULL) {
            size_t len = strlen(vu_package_dist[i]);
            char * end = found + len;
            if (*end) {
                *end = '\0';
            }
            break;
        }
    }
    return;
}

int wm_vuldet_json_alas_parser(cJSON *json_feed, wm_vuldet_db *parsed_vulnerabilities) {
    cJSON *advisories = NULL;
    cJSON *vulnerability = NULL;
    cJSON *vuln_node = NULL;
    vu_alas_vuln *alas_vuln = NULL;

    static char *JSON_ADVISORIES = "advisories";
    static char *JSON_SEVERITY = "severity";
    static char *JSON_PUBLISHED_DATE = "publishedDate";
    static char *JSON_LAST_MODIFIED_DATE = "lastModifiedDate";
    static char *JSON_REFERENCES = "references";
    static char *JSON_VULNERABILITIES = "vulnerabilities";
    static char *JSON_FIXED_PACKAGES = "fixed_packages";

    if (advisories = cJSON_GetObjectItem(json_feed, JSON_ADVISORIES), !advisories) {
        return OS_INVALID;
    }

    int i = 0;
    for (advisories = advisories->child; json_tagged_obj(advisories); advisories = advisories->next) {
        if (alas_vuln) {
            os_calloc(1, sizeof(vu_alas_vuln), alas_vuln->next);
            alas_vuln->next->prev = alas_vuln;
            alas_vuln = alas_vuln->next;
        } else {
            os_calloc(1, sizeof(vu_alas_vuln), alas_vuln);
            parsed_vulnerabilities->alas_vuln = alas_vuln;
        }
        w_strdup(advisories->string, alas_vuln->id);

        for (vuln_node = advisories->child; json_tagged_obj(vuln_node); vuln_node = vuln_node->next) {
            if (!strcmp(vuln_node->string, JSON_SEVERITY)) {
                w_strdup(vuln_node->valuestring, alas_vuln->severity);
            } else if (!strcmp(vuln_node->string, JSON_PUBLISHED_DATE)) {
                w_strdup(vuln_node->valuestring, alas_vuln->published_date);
            } else if (!strcmp(vuln_node->string, JSON_LAST_MODIFIED_DATE)) {
                w_strdup(vuln_node->valuestring, alas_vuln->last_modified_date);
            } else if (!strcmp(vuln_node->string, JSON_REFERENCES)) {
                os_calloc(1, sizeof(char*), alas_vuln->references);
                for (vulnerability = vuln_node->child, i=0; vulnerability; vulnerability = vulnerability->next) {
                    os_realloc(alas_vuln->references, (i + 2) * sizeof(char *), alas_vuln->references);
                    w_strdup(vulnerability->valuestring, alas_vuln->references[i]);
                    alas_vuln->references[++i] = NULL;
                }
            } else if (!strcmp(vuln_node->string, JSON_VULNERABILITIES)) {
                os_calloc(1, sizeof(char*), alas_vuln->vulnerabilities);
                for (vulnerability = vuln_node->child, i=0; vulnerability; vulnerability = vulnerability->next) {
                    os_realloc(alas_vuln->vulnerabilities, (i + 2) * sizeof(char *), alas_vuln->vulnerabilities);
                    w_strdup(vulnerability->valuestring, alas_vuln->vulnerabilities[i]);
                    alas_vuln->vulnerabilities[++i] = NULL;
                }
            } else if (!strcmp(vuln_node->string, JSON_FIXED_PACKAGES)) {
                os_calloc(1, sizeof(vu_alas_pkg *), alas_vuln->alas_pkg);
                for (vulnerability = vuln_node->child, i=0; vulnerability; vulnerability = vulnerability->next) {
                    vu_alas_pkg *aux_alas_pkg = wm_vuldet_packages_parser(vulnerability->valuestring);
                    if (aux_alas_pkg){
                        os_realloc(alas_vuln->alas_pkg, (i + 2) * sizeof(vu_alas_pkg *), alas_vuln->alas_pkg);
                        alas_vuln->alas_pkg[i] = aux_alas_pkg;
                        alas_vuln->alas_pkg[++i] = NULL;
                    }
                }
            }
        }
    }

    return 0;
}

vu_alas_pkg *wm_vuldet_packages_parser(char *pkg) {
    vu_alas_pkg *alas_pkg = NULL;
    char **split_pkg = NULL;
    int i = 0;
    char aux[OS_SIZE_1024];
    char *name = NULL;
    char *version = NULL;
    char *arch = NULL;

    if(!pkg) {
        return NULL;
    }

    /*
     * Valid pkg format is:
     *     name-version-release.arch
     * Otherwise it is discarded
    */
    if (split_pkg = w_string_split(pkg, "-", 0), split_pkg) {
        for (i = 0; split_pkg[i]; i++);
        if (i < 3) {
            // Invalid format
            w_FreeArray(split_pkg);
            os_free(split_pkg);
            return NULL;
        }

        for (i = 0; split_pkg[i + 2]; i++) {
            wm_strcat(&name, split_pkg[i], '-');
        }
        snprintf(aux, OS_SIZE_1024, "%s-%s", split_pkg[i], split_pkg[i + 1]);
        arch = strrchr(split_pkg[i + 1], '.');
        version = w_remove_substr(aux, arch);
    }

    if (!name || !version || !arch){
        w_FreeArray(split_pkg);
        os_free(split_pkg);
        os_free(name);
        return NULL;
    }

    os_calloc(1, sizeof(vu_alas_pkg), alas_pkg);

    w_strdup(name, alas_pkg->pkg_name);
    w_strdup(version, alas_pkg->pkg_version);
    w_strdup(arch + 1, alas_pkg->pkg_arch);

    w_FreeArray(split_pkg);
    os_free(split_pkg);
    os_free(name);

    return alas_pkg;
}

int wm_vuldet_insert_ALAS(sqlite3 *db, vu_alas_vuln *vul_it, const char *target) {
    sqlite3_stmt *stmt = NULL;
    int result;
    int retval = 0;
    int arch_id = 0;
    vu_alas_vuln * alas_list = vul_it;

    for (; vul_it; vul_it = vul_it->next) {

        if (!vul_it->id || !(vul_it->vulnerabilities && vul_it->vulnerabilities[0])) {
            continue;
        }

        for (int k = 0; vul_it->alas_pkg && vul_it->alas_pkg[k]; k++) {

            result = wm_vuldet_get_arch_id(db, vul_it->vulnerabilities[0], target, vul_it->alas_pkg[k]->pkg_name, vul_it->alas_pkg[k]->pkg_version, &arch_id);
            switch(result) {
            case SQLITE_DONE:
                arch_id++;

                for (int i = 0; vul_it->vulnerabilities && vul_it->vulnerabilities[i]; i++) {

                    if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_CVE], -1, &stmt, NULL) != SQLITE_OK) {
                        retval = wm_vuldet_sql_error(db, stmt);
                        goto end;
                    }

                    sqlite3_bind_text(stmt, 1, vul_it->vulnerabilities[i], -1, NULL);
                    sqlite3_bind_text(stmt, 2, target, -1, NULL);
                    sqlite3_bind_text(stmt, 3, NULL, -1, NULL);
                    sqlite3_bind_text(stmt, 4, vul_it->alas_pkg[k]->pkg_name, -1, NULL);
                    sqlite3_bind_text(stmt, 5, "less than", -1, NULL);
                    sqlite3_bind_text(stmt, 6, vul_it->alas_pkg[k]->pkg_version, -1, NULL);
                    sqlite3_bind_int(stmt, 7, 0);
                    sqlite3_bind_int(stmt, 8, 0);
                    sqlite3_bind_int(stmt, 9, arch_id);

                    if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                        retval = wm_vuldet_sql_error(db, stmt);
                        goto end;
                    }

                    wdb_finalize(stmt);
                }
                break;
            case SQLITE_ROW:
                break;
            default:    // Error
                retval = result;
                goto end;
            }

            // Insert architecture values
            if (arch_id && vul_it->alas_pkg[k]->pkg_arch) {
                if (wm_vuldet_prepare(db, vu_queries[VU_UPDATE_ARCH], -1, &stmt, NULL) != SQLITE_OK) {
                    retval = wm_vuldet_sql_error(db, stmt);
                    goto end;
                }

                sqlite3_bind_int(stmt, 1, arch_id);
                sqlite3_bind_text(stmt, 2, target, -1, NULL);
                sqlite3_bind_text(stmt, 3, vul_it->alas_pkg[k]->pkg_arch, -1, NULL);

                if (result = wm_vuldet_step(stmt), result != SQLITE_DONE) {
                    retval = wm_vuldet_sql_error(db, stmt);
                    goto end;
                }
                wdb_finalize(stmt);
            }

        }

        for (int i = 0; vul_it->vulnerabilities && vul_it->vulnerabilities[i]; i++) {
            for (int j = 0; vul_it->references && vul_it->references[j]; j++) {
                if (wm_vuldet_prepare(db, vu_queries[VU_INSERT_REF_INFO], -1, &stmt, NULL) != SQLITE_OK) {
                    retval = wm_vuldet_sql_error(db, stmt);
                    goto end;
                }
                sqlite3_bind_text(stmt, 1, vul_it->vulnerabilities[i], -1, NULL);
                sqlite3_bind_text(stmt, 2, target, -1, NULL);
                sqlite3_bind_text(stmt, 3, vul_it->references[j], -1, NULL);
                if (result = wm_vuldet_step(stmt), result != SQLITE_DONE && result != SQLITE_CONSTRAINT) {
                    retval = wm_vuldet_sql_error(db, stmt);
                    goto end;
                }
                wdb_finalize(stmt);
            }
        }
    }

end:
    wm_vuldet_free_alas(alas_list);
    return retval;
}

int wm_vuldet_get_arch_id(sqlite3 * db, const char *cveid, const char *target, const char *pkg_name, const char *pkg_version, int *id) {
    sqlite3_stmt *stmt = NULL;
    int result;

    if (wm_vuldet_prepare(db, vu_queries[VU_GET_ARCH_ID], -1, &stmt, NULL) != SQLITE_OK) {
        return wm_vuldet_sql_error(db, stmt);
    }

    sqlite3_bind_text(stmt, 1, cveid, -1, NULL);
    sqlite3_bind_text(stmt, 2, target, -1, NULL);
    sqlite3_bind_text(stmt, 3, pkg_name, -1, NULL);
    sqlite3_bind_text(stmt, 4, pkg_version, -1, NULL);

    if (result = wm_vuldet_step(stmt), result == SQLITE_ROW) {
        *id = sqlite3_column_int(stmt, 0);
    }

    wdb_finalize(stmt);

    return result;
}

void wm_vuldet_free_alas_pkg(vu_alas_pkg **alas_pkg) {
    if (alas_pkg) {
        for (int i = 0; alas_pkg[i]; i++) {
            os_free(alas_pkg[i]->pkg_name);
            os_free(alas_pkg[i]->pkg_version);
            os_free(alas_pkg[i]->pkg_arch);
            os_free(alas_pkg[i]);
        }

        os_free(alas_pkg);
    }
}

void wm_vuldet_free_alas_node(vu_alas_vuln *node) {
    os_free(node->id);
    os_free(node->severity);
    os_free(node->published_date);
    os_free(node->last_modified_date);
    w_FreeArray(node->references);
    os_free(node->references);
    w_FreeArray(node->vulnerabilities);
    os_free(node->vulnerabilities);
    wm_vuldet_free_alas_pkg(node->alas_pkg);
    os_free(node);
}

void wm_vuldet_free_alas(vu_alas_vuln *alas_it) {
    while (alas_it) {
        vu_alas_vuln *node = alas_it;
        alas_it = alas_it->next;
        wm_vuldet_free_alas_node(node);
    }
}

int wm_vuldet_recv_wdb_by_row(cJSON** j_array) {
    char* response = NULL;
    char* payload = NULL;
    const char* error = NULL;
    int size = 0;
    int parse_result = 0;
    int result = OS_INVALID;
    bool sync_status = FALSE;
    cJSON *j_object = NULL;
    cJSON* j_status = NULL;

    os_calloc(OS_MAXSTR, sizeof(char), response);
    *j_array = cJSON_CreateArray();

    do {
        size = wm_vuldet_recv_wdb(response, OS_MAXSTR);
        if (OS_INVALID == size) {
            mdebug1("Error receiveing requested data from Wazuh-DB");
            result = OS_INVALID;
            break;
        }
        parse_result = wdbc_parse_result(response, &payload);
        j_object = cJSON_ParseWithOpts(payload, &error, TRUE);
        if (!j_object) {
            mdebug1("Invalid JSON syntax in vulnerability detector database request.");
            mdebug2("JSON error near: %s", error);
            result = OS_INVALID;
            break;
        }

        switch (parse_result) {
            case WDBC_OK: // WDB_OK represents the end of the stream of items
                j_status = cJSON_GetObjectItem(j_object, "status");
                if (cJSON_IsString(j_status)) {
                    if (!strcmp(cJSON_GetStringValue(j_status),"SUCCESS")) {
                        sync_status = TRUE;
                        result = OS_SUCCESS;
                    } else if ( !strcmp(cJSON_GetStringValue(j_status),"NOT_SYNCED")) {
                        sync_status = FALSE;
                        result = OS_SUCCESS;
                    } else {
                        sync_status = FALSE;
                        result = OS_INVALID;
                    }
                } else {
                    sync_status = FALSE;
                    result = OS_INVALID;
                }
                break;
            case WDBC_DUE: // A new item was received and there are pending ones
                cJSON_AddItemToArray(*j_array, j_object);
                break;
            default:
                result = OS_INVALID;
        }
    } while (size != OS_INVALID && parse_result == WDBC_DUE);

    if (OS_INVALID == result || FALSE == sync_status) {
        cJSON_Delete(*j_array);
        *j_array = NULL;
    }
    os_free(response);
    cJSON_Delete(j_object);
    return result;
}

int wm_vuldet_get_hotfixes(int agent_id, cJSON** requested_items) {
    int result = OS_INVALID;
    char query[OS_SIZE_128];

    *requested_items = NULL;

    snprintf(query, OS_SIZE_128, vu_queries[VU_HOTFIXES_GET], agent_id);

    if (wm_vuldet_send_wdb(query) == OS_SUCCESS) {
        result = wm_vuldet_recv_wdb_by_row(requested_items);
    }

    return result;
}

int wm_vuldet_get_software(int agent_id, bool not_triaged, cJSON** requested_items) {
    int result = OS_INVALID;
    char query[OS_SIZE_128];

    *requested_items = NULL;

    snprintf(query, OS_SIZE_128, vu_queries[VU_PACKAGES_GET], agent_id, not_triaged ? "not_triaged" : "");

    if (wm_vuldet_send_wdb(query) == OS_SUCCESS) {
        result = wm_vuldet_recv_wdb_by_row(requested_items);
    }

    return result;
}

void wm_vuldet_give_report_format(vu_report *report) {
    // Build title
    os_calloc(OS_SIZE_512, sizeof(char), report->title);
    snprintf(report->title, OS_SIZE_512, "%s affects %s", report->cve, report->software);

    if (!(report->condition && *report->condition != '\0') && (report->operation && report->operation_value) ) {
        os_free(report->condition);
        os_calloc(OS_SIZE_1024 + 1, sizeof(char), report->condition);
        snprintf(report->condition, OS_SIZE_1024, "Package %s %s", report->operation, report->operation_value);
    }

    wm_vuldet_normalize_date(&report->published);
    wm_vuldet_normalize_date(&report->updated);

    const char* severity = wm_vuldet_get_unified_severity(report->severity);
    os_free(report->severity);
    w_strdup(severity, report->severity);
}

#endif