-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GSOC23] - D - Define RPC endpoints for listing the affected packages regarding a CVE #7570
base: master
Are you sure you want to change the base?
[GSOC23] - D - Define RPC endpoints for listing the affected packages regarding a CVE #7570
Commits on Sep 14, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 3706544 - Browse repository at this point
Copy the full SHA 3706544View commit details -
Configuration menu - View commit details
-
Copy full SHA for 10f1ff4 - Browse repository at this point
Copy the full SHA 10f1ff4View commit details -
Configuration menu - View commit details
-
Copy full SHA for f879c19 - Browse repository at this point
Copy the full SHA f879c19View commit details -
- This is a temporary implementation based on JAXB API which consumes a lot of memory. I plan to rewrite it with StAX for better performance.
Configuration menu - View commit details
-
Copy full SHA for fdc3fd3 - Browse repository at this point
Copy the full SHA fdc3fd3View commit details -
- A utility class to access OVAL resources (tests, objects and states) by id and quickly
Configuration menu - View commit details
-
Copy full SHA for 21143b6 - Browse repository at this point
Copy the full SHA 21143b6View commit details
Commits on Sep 15, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 3517c70 - Browse repository at this point
Copy the full SHA 3517c70View commit details -
Configuration menu - View commit details
-
Copy full SHA for e3f67fd - Browse repository at this point
Copy the full SHA e3f67fdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 23a0985 - Browse repository at this point
Copy the full SHA 23a0985View commit details -
- Used to parse CPEs found in OVAL files.
Configuration menu - View commit details
-
Copy full SHA for 2b1d0e5 - Browse repository at this point
Copy the full SHA 2b1d0e5View commit details -
- Used to create CPE objects for testing and for when CPE is not available in OVAL, and we need to create or infer our own.
Configuration menu - View commit details
-
Copy full SHA for ab5cec0 - Browse repository at this point
Copy the full SHA ab5cec0View commit details -
Configuration menu - View commit details
-
Copy full SHA for ca856f6 - Browse repository at this point
Copy the full SHA ca856f6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3460042 - Browse repository at this point
Copy the full SHA 3460042View commit details -
Configuration menu - View commit details
-
Copy full SHA for cec42da - Browse repository at this point
Copy the full SHA cec42daView commit details -
Configuration menu - View commit details
-
Copy full SHA for a773f4d - Browse repository at this point
Copy the full SHA a773f4dView commit details -
- OVAL files usually encode vulnerable operating systems information as a CPE (Common Platform Enumeration). Therefore, in order to accurately audit client systems we need to store their CPE.
Configuration menu - View commit details
-
Copy full SHA for 38b6ff5 - Browse repository at this point
Copy the full SHA 38b6ff5View commit details -
Configuration menu - View commit details
-
Copy full SHA for a74eb4f - Browse repository at this point
Copy the full SHA a74eb4fView commit details -
Configuration menu - View commit details
-
Copy full SHA for b564bba - Browse repository at this point
Copy the full SHA b564bbaView commit details -
Update minion's CPE upon package refresh
- Kind of migration strategy for minions that are already registered. Instead of re-registering the minion, users could update their package list to get assigned a CPE.
Configuration menu - View commit details
-
Copy full SHA for 8c2de76 - Browse repository at this point
Copy the full SHA 8c2de76View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1b9637d - Browse repository at this point
Copy the full SHA 1b9637dView commit details -
Configuration menu - View commit details
-
Copy full SHA for c61beaa - Browse repository at this point
Copy the full SHA c61beaaView commit details -
- Added AFFECTED_PARTIAL_PATCH_APPLICABLE and AFFECTED_PARTIAL_PATCH_APPLICABLE - Also renamed 'AFFECTED_PATCH_APPLICABLE' to 'AFFECTED_FULL_PATCH_APPLICABLE'
Configuration menu - View commit details
-
Copy full SHA for b4e9e34 - Browse repository at this point
Copy the full SHA b4e9e34View commit details -
Restructure CVEAuditManager to be able to audit one system at a time
- This way when we can't audit a system with OVAL we can fall back to the old code.
Configuration menu - View commit details
-
Copy full SHA for d661e52 - Browse repository at this point
Copy the full SHA d661e52View commit details -
Create a lighter version of PackageListItem called ShallowSystemPackage
- Because we don't need all the information contained in PackageListItem for CVE auditing.
Configuration menu - View commit details
-
Copy full SHA for 6a28268 - Browse repository at this point
Copy the full SHA 6a28268View commit details -
Implement OVAL-based CVE auditing in CVEAuditManagerOVAL
- The idea here is decouple CVEAuditManager from the rest of the code by replacing all calls to CVEAuditManager to CVEAuditManagerOVAL, and make the CVEAuditManagerOVAL#doAuditSystem method fallback to CVEAuditManager#doAuditSystem when the system cannot be audited with OVAL (OVAL not synced or not supported by the system's OS). This way, in the future, when all distributions become supported for performing OVAL-based CVE auditing, we can just delete CVEAuditManager and its test class. - CVEAuditManager contains also methods for managing CVE channels. For now, we can create the same methods in CVEAuditManagerOVAL and redirect them to their equivalent in CVEAuditManager. But in the future, when we don't need CVEAuditManager anymore, we can move them entirely to CVEAuditManagerOVAL or put them in their own class. - The upside is that we can keep the tests for CVEAuditManager, which tests the channels-based algorithm, and we make the transition later when we don't need the channels algorithm anymore, easier. The downside is a lot of potential duplication in CVEAuditManagerOVAL tests given that need to maintain both channels and OVAL-based implementations.
Configuration menu - View commit details
-
Copy full SHA for d4b508b - Browse repository at this point
Copy the full SHA d4b508bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 64d2af4 - Browse repository at this point
Copy the full SHA 64d2af4View commit details -
Configuration menu - View commit details
-
Copy full SHA for 011b7d6 - Browse repository at this point
Copy the full SHA 011b7d6View commit details -
Redirect calls from CVEAuditManager to CVEAuditManagerOVAL
- Now, CVEAuditManager is only used by CVEAuditManagerOVAL and CVEAuditManagerTest
Configuration menu - View commit details
-
Copy full SHA for 458c85d - Browse repository at this point
Copy the full SHA 458c85dView commit details -
Update patch statuses in the frontend to prevent mapping error
- Also, updated the icons and colors of some patch statuses labels
Configuration menu - View commit details
-
Copy full SHA for 9eceed5 - Browse repository at this point
Copy the full SHA 9eceed5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9a384da - Browse repository at this point
Copy the full SHA 9a384daView commit details -
Configuration menu - View commit details
-
Copy full SHA for f2ea10c - Browse repository at this point
Copy the full SHA f2ea10cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4673838 - Browse repository at this point
Copy the full SHA 4673838View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9bfcfee - Browse repository at this point
Copy the full SHA 9bfcfeeView commit details -
Configuration menu - View commit details
-
Copy full SHA for aca2884 - Browse repository at this point
Copy the full SHA aca2884View commit details -
Configuration menu - View commit details
-
Copy full SHA for c209eb8 - Browse repository at this point
Copy the full SHA c209eb8View commit details -
Configuration menu - View commit details
-
Copy full SHA for a3998d8 - Browse repository at this point
Copy the full SHA a3998d8View commit details -
Configuration menu - View commit details
-
Copy full SHA for dff12f5 - Browse repository at this point
Copy the full SHA dff12f5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5677c69 - Browse repository at this point
Copy the full SHA 5677c69View commit details -
Configuration menu - View commit details
-
Copy full SHA for b7d28bd - Browse repository at this point
Copy the full SHA b7d28bdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 26d0420 - Browse repository at this point
Copy the full SHA 26d0420View commit details -
Delete createLeap15_4_Package() in tests
- Because we can tell the OS of server from the CPE.
Configuration menu - View commit details
-
Copy full SHA for 6412461 - Browse repository at this point
Copy the full SHA 6412461View commit details -
Configuration menu - View commit details
-
Copy full SHA for 973a535 - Browse repository at this point
Copy the full SHA 973a535View commit details -
Configuration menu - View commit details
-
Copy full SHA for ff1f32d - Browse repository at this point
Copy the full SHA ff1f32dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4dd840e - Browse repository at this point
Copy the full SHA 4dd840eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 463466a - Browse repository at this point
Copy the full SHA 463466aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0bf1c1a - Browse repository at this point
Copy the full SHA 0bf1c1aView commit details
Commits on Sep 16, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 2a9b455 - Browse repository at this point
Copy the full SHA 2a9b455View commit details
Commits on Sep 17, 2023
-
Distinguish between zero-day vulnerabilities and vulnerabilities with…
…out a patch in synced channels
Configuration menu - View commit details
-
Copy full SHA for 3bc3e81 - Browse repository at this point
Copy the full SHA 3bc3e81View commit details -
Use a more detailed message instead of 'No action required' when patc…
…h is unavailable
Configuration menu - View commit details
-
Copy full SHA for 1e7b017 - Browse repository at this point
Copy the full SHA 1e7b017View commit details
Commits on Sep 18, 2023
-
Introduce a query to retrieve the list of packages affected by a spec…
…ific CVE for each system
Configuration menu - View commit details
-
Copy full SHA for 1e0d12c - Browse repository at this point
Copy the full SHA 1e0d12cView commit details -
Add CVEAuditHandler#listAffectedSystems
- Created an RPC API endpoint to retrieve systems impacted by a CVE, including the corresponding affected packages.
Configuration menu - View commit details
-
Copy full SHA for 5c9603a - Browse repository at this point
Copy the full SHA 5c9603aView commit details -
Implement listAffectedSystemsByCve
- For each CVE, it returns the list of affected systems and their corresponding affected packages.
Configuration menu - View commit details
-
Copy full SHA for 97abdbd - Browse repository at this point
Copy the full SHA 97abdbdView commit details -
Configuration menu - View commit details
-
Copy full SHA for 37ee1a6 - Browse repository at this point
Copy the full SHA 37ee1a6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 4f5a7f4 - Browse repository at this point
Copy the full SHA 4f5a7f4View commit details