[GSOC23] - C - Implement a StAX parser for OVAL files

[HoussemNasri]

What does this PR change?

Introduce a StAX parser (instead of the current JAXB parser) for OVAL files to increase memory efficiency when parsing large OVAL files.

Useful Links

• The RFC

GUI diff

No difference.

Before:

After:

• DONE

Documentation

• No documentation needed: add explanation. This can't be used if there is a GUI diff

• No documentation needed: only internal and user invisible changes

• Documentation issue was created: Link for SUSE Manager contributors, Link for community contributors.

• API documentation added: please review the Wiki page Writing Documentation for the API if you have any changes to API documentation.

• (OPTIONAL) Documentation PR

• DONE

Test coverage

• No tests: add explanation

• No tests: already covered

• Unit tests were added

• Cucumber tests were added

• DONE

Links

Fixes #
Tracks # add downstream PR, if any

• DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

• No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

• Re-run test "changelog_test"
• Re-run test "backend_unittests_pgsql"
• Re-run test "java_pgsql_tests"
• Re-run test "schema_migration_test_pgsql"
• Re-run test "susemanager_unittests"
• Re-run test "javascript_lint"
• Re-run test "spacecmd_unittests"

[github-actions]

Suggested tests to cover this Pull Request

• srv_docker_cve_audit
• min_cve_audit

[github-actions]

👋 Hello! Thanks for contributing to our project.
Acceptance tests will take some time (aprox. 1h), please be patient ☕
You can see the progress at the end of this page and at https://github.com/uyuni-project/uyuni/pull/7510/checks
Once tests finish, if they fail, you can check 👀 the cucumber report. See the link at the output of the action.
You can also check the artifacts section, which contains the logs at https://github.com/uyuni-project/uyuni/pull/7510/checks.

If you are unsure the failing tests are related to your code, you can check the "reference jobs". These are jobs that run on a scheduled time with code from master. If they fail for the same reason as your build, it means the tests or the infrastructure are broken. If they do not fail, but yours do, it means it is related to your code.

Reference tests:

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary_parallel.yml?query=event%3Aschedule

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary.yml?query=event%3Aschedule

KNOWN ISSUES

Sometimes the build can fail when pulling new jar files from download.opensuse.org . This is a known limitation. Given this happens rarely, when it does, all you need to do is rerun the test. Sorry for the inconvenience.

For more tips on troubleshooting, see the troubleshooting guide.

Happy hacking!
⚠️ You should not merge if acceptance tests fail to pass. ⚠️

[github-actions]

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 10 days.

[github-actions]

This PR was closed because it has been stalled for 10 days with no activity.

[mcalmer]

@HoussemNasri @parlt91 i think this is still needed, right?

[HoussemNasri]

@HoussemNasri @parlt91 i think this is still needed, right?

Yes, the A and B pull requests need to be reviewed first before we can move to this one in case there was some changes that would affect this one (all PRs are kind of stacked on each other). Right now, pr A is under review.

[mcalmer]

Than we better reopen this request

[Etheryte]

The issues that were pointed out regarding styles and how they're used in the previous pull request are still present in this one. The comments are marked as resolved, but the issues have not been addressed, see e.g. #7509 (comment) and #7509 (comment). Please do not mark issues as resolved if they have not been addressed.

[Etheryte]

No frontend changes in the latest summa summarum changeset.

[parlt91]

I also did some testing around the changes. There seems to be an issue with parsing. A lot of info seems to be overridden. If I had to guess I'd say it looks like each bulk overrides the last one instead of adding onto it. Could you have a look into it?
I'll do another review round once these issues are addressed.

[parlt91]

Could you go a bit into detail on your though process for adding the ovalOsProduct table? IIUC you use it to determine what data we need to delete from ovalPlatfromVulnerablePackage on resync of the oval data to avoid conflicting data.

[parlt91]

You need to use -- instead of * as comment here.

[parlt91]

I assume you used this for testing the sync multiple times, but we should enable it again before we merge.

[parlt91]

Instead of deleting the OvalPlatformVulnerablePackage entries manually, couldn't we just delete the associated OvalOsProduct entry and have a cascading delete? I'd guess this would also perform better then deleting using a sub query.

[parlt91]

If I see this correctly we miss a foreign key for product_os_id in the migration script.

alter table suseovalplatformvulnerablepackage add constraint suseovalplatformvulnerablepackage_os_product_id_fkey foreign key (product_os_id) references suseovalosproduct(id) on delete cascade;

We should also cascade on delete