- This is a temporary implementation based on JAXB API which consumes a lot of memory. I plan to rewrite it with StAX for better performance.

- A utility class to access OVAL resources (tests, objects and states) by id and quickly

- Used to parse CPEs found in OVAL files.

- Used to create CPE objects for testing and for when CPE is not available in OVAL, and we need to create or infer our own.

- OVAL files usually encode vulnerable operating systems information as a CPE (Common Platform Enumeration). Therefore, in order to accurately audit client systems we need to store their CPE.

- Kind of migration strategy for minions that are already registered. Instead of re-registering the minion, users could update their package list to get assigned a CPE.

- Added AFFECTED_PARTIAL_PATCH_APPLICABLE and AFFECTED_PARTIAL_PATCH_APPLICABLE
- Also renamed 'AFFECTED_PATCH_APPLICABLE' to 'AFFECTED_FULL_PATCH_APPLICABLE'

- This way when we can't audit a system with OVAL we can fall back to the old code.

- Because we don't need all the information contained in PackageListItem for CVE auditing.

- The idea here is decouple CVEAuditManager from the rest of the code by replacing all calls to CVEAuditManager to CVEAuditManagerOVAL, and make the CVEAuditManagerOVAL#doAuditSystem method fallback to CVEAuditManager#doAuditSystem when the system cannot be audited with OVAL (OVAL not synced or not supported by the system's OS). This way, in the future, when all distributions become supported for performing OVAL-based CVE auditing, we can just delete CVEAuditManager and its test class.

- CVEAuditManager contains also methods for managing CVE channels. For now, we can create the same methods in CVEAuditManagerOVAL and redirect them to their equivalent in CVEAuditManager. But in the future, when we don't need CVEAuditManager anymore, we can move them entirely to CVEAuditManagerOVAL or put them in their own class.

- The upside is that we can keep the tests for CVEAuditManager, which tests the channels-based algorithm, and we make the transition later when we don't need the channels algorithm anymore, easier. The downside is a lot of potential duplication in CVEAuditManagerOVAL tests given that need to maintain both channels and OVAL-based implementations.

- Now, CVEAuditManager is only used by CVEAuditManagerOVAL and CVEAuditManagerTest

- Also, updated the icons and colors of some patch statuses labels

…duct

- Because we can tell the OS of server from the CPE.

…out a patch in synced channels

…h is unavailable

…ific CVE for each system

- Created an RPC API endpoint to retrieve systems impacted by a CVE, including the corresponding affected packages.

- For each CVE, it returns the list of affected systems and their corresponding affected packages.