Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There should be an easier way to add test cases for providers #653

Open
willmurphyscode opened this issue Aug 5, 2024 · 2 comments
Open

Comments

@willmurphyscode
Copy link
Contributor

When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.

For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for CVE-2016-5440. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality as jq for doing stream transformations of the XML.

I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.

Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.

@willmurphyscode willmurphyscode self-assigned this Aug 5, 2024
@willmurphyscode willmurphyscode moved this to In Progress in OSS Aug 5, 2024
@willmurphyscode
Copy link
Contributor Author

@willmurphyscode
Copy link
Contributor Author

I'm putting this down right now. We need to move some of our providers from OVAL XML to CSAF JSON, and the tooling I started for this centers around OVAL XML. When the dust clears, if this is still necessary, someone can pick it up.

@willmurphyscode willmurphyscode moved this from In Progress to Backlog in OSS Oct 3, 2024
@willmurphyscode willmurphyscode removed their assignment Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Backlog
Development

No branches or pull requests

1 participant