You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.
For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for CVE-2016-5440. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality as jq for doing stream transformations of the XML.
I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.
Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.
The text was updated successfully, but these errors were encountered:
I'm putting this down right now. We need to move some of our providers from OVAL XML to CSAF JSON, and the tooling I started for this centers around OVAL XML. When the dust clears, if this is still necessary, someone can pick it up.
When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.
For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for
CVE-2016-5440
. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality asjq
for doing stream transformations of the XML.I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.
Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.
The text was updated successfully, but these errors were encountered: