Skip to content

[Vuln-detector] Replace Debian feed#5304

Merged
chemamartinez merged 12 commits into4.0-vdt-tmpfrom
5271_new_debian_feed
Jul 8, 2020
Merged

[Vuln-detector] Replace Debian feed#5304
chemamartinez merged 12 commits into4.0-vdt-tmpfrom
5271_new_debian_feed

Conversation

@TomasTurina
Copy link
Member

@TomasTurina TomasTurina commented Jun 23, 2020

Related issue
#5271

Description

The purpose of this PR is to replace the Debian feed for vulnerability detector.

It is necessary to replace the OVAL feeds with the security tracker JSON feed for the following reasons:

  • The OVAL feeds have incomplete information. When a CVE affects multiple packages, they only report one of them.
  • The JSON feed contains all the information about the packages affected for each CVE.
  • After parsing the OVAL packages, it is necessary to check the status of each one of them in the JSON feed. This extra step won't be necessary anymore.
  • The JSON feed contains the information on all Debian supported versions (JESSIE, STRETCH, BUSTER) and it doesn't have any problem with packages names and versions as the OVAL does.

The OVAL feeds are still necesary to get the metadata of each CVE (description, references, etc.), but the infomation about affected packages was totally replaced by the JSON feed. Also, WHEEZY is deprecated since it is no longer supported by Debian.

Tests

  • Compilation without warnings in every supported platform
    • Linux
  • Source installation
  • Package installation
  • Source upgrade
  • Package upgrade
  • Review logs syntax and correct language
  • QA templates contemplate the added capabilities

@TomasTurina TomasTurina added this to the Sprint 113 - Core milestone Jun 23, 2020
@TomasTurina TomasTurina self-assigned this Jun 23, 2020
@chemamartinez chemamartinez removed this from the Sprint 113 - Core milestone Jul 1, 2020
@TomasTurina TomasTurina changed the base branch from 3.14 to 4.0 July 1, 2020 17:23
@chemamartinez chemamartinez changed the base branch from 4.0 to 4.0-vdt-tmp July 8, 2020 14:34
@chemamartinez chemamartinez merged commit 869b278 into 4.0-vdt-tmp Jul 8, 2020
@chemamartinez chemamartinez deleted the 5271_new_debian_feed branch July 8, 2020 14:36
@chemamartinez chemamartinez mentioned this pull request Jul 8, 2020
Merged
@chemamartinez chemamartinez restored the 5271_new_debian_feed branch July 14, 2020 08:31
@chemamartinez chemamartinez deleted the 5271_new_debian_feed branch July 14, 2020 09:05
@chemamartinez chemamartinez mentioned this pull request Aug 25, 2020
Closed
This was referenced Mar 22, 2023
Closed
Closed
This was referenced Apr 3, 2023
Closed
Closed
This was referenced Apr 4, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@jnasselle jnasselle mentioned this pull request Apr 11, 2023
Closed
This was referenced Apr 21, 2023
Closed
Closed
Closed
Closed
@DFolchA DFolchA mentioned this pull request May 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@chemamartinez chemamartinez chemamartinez approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@TomasTurina TomasTurina

Labels

module/vulnerability detector

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TomasTurina @chemamartinez