Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations #1899

Merged
merged 1 commit into from
Apr 23, 2024
Merged

fix(detector/suse): support when advisory.cves has both NVD and SUSE evaluations #1899

merged 1 commit into from
Apr 23, 2024

Conversation

MaineK00n
Copy link
Collaborator

If this Pull Request is work in progress, Add a prefix of “[WIP]” in the title.

What did you implement:

In the recent SUSE OVAL, it seems that advisory.cves now contains two CVSS evaluations: NVD and SUSE. Previously, it was only available from SUSE.
Therefore, in this PR, when converting from SUSE OVAL to Vuls model, only CVSS evaluation by SUSE will be adopted. (If SUSE OVAL only has NVD, CveContent will be created, but CVSS evaluation will not be adopted. Evaluation by NVD is imported by go-cve-dictionary in vuls.)

Fixes vulsio/goval-dictionary#384

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

add tests.

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Apr 21, 2024
@MaineK00n MaineK00n mentioned this pull request Apr 21, 2024
Closed
@MaineK00n MaineK00n requested a review from shino April 21, 2024 21:36
@MaineK00n MaineK00n force-pushed the MaineK00n/suse-cves branch 2 times, most recently from f80e7a5 to 6a67943 Compare April 23, 2024 05:59
shino
shino reviewed Apr 23, 2024
View reviewed changes
oval/suse_test.go Outdated Show resolved Hide resolved
@MaineK00n MaineK00n force-pushed the MaineK00n/suse-cves branch from 6a67943 to 2820142 Compare April 23, 2024 06:41
shino
shino approved these changes Apr 23, 2024
View reviewed changes
Copy link
Collaborator

@shino shino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great test examples! Thanks!!

@MaineK00n MaineK00n merged commit 73dc95f into master Apr 23, 2024
7 checks passed
@MaineK00n MaineK00n deleted the MaineK00n/suse-cves branch April 23, 2024 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shino shino shino approved these changes

Assignees

@MaineK00n MaineK00n

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SLES oval DB is broken
2 participants
@MaineK00n @shino