Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GSOC23] - D - Add support for SLE & Leap Micro OVAL-based CVE auditing #7511

Closed
wants to merge 173 commits into from
Closed

[GSOC23] - D - Add support for SLE & Leap Micro OVAL-based CVE auditing #7511

wants to merge 173 commits into from

Conversation

HoussemNasri
Copy link
Collaborator

@HoussemNasri HoussemNasri commented Sep 7, 2023
edited
Loading

NOTE: Please start the review from commit e1ddb22, the other commits are reviewed in #7509.

What does this PR change?

Adds support for openSUSE Leap Micro and SLE Micro OVAL-based CVE auditing.

GUI diff

No difference.

Before:

After:

  • DONE

Documentation

Test coverage

  • No tests: add explanation

  • No tests: already covered

  • Unit tests were added

  • Cucumber tests were added

  • DONE

Links

Fixes #
Tracks # add downstream PR, if any

  • DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

  • No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

  • Re-run test "changelog_test"
  • Re-run test "backend_unittests_pgsql"
  • Re-run test "java_pgsql_tests"
  • Re-run test "schema_migration_test_pgsql"
  • Re-run test "susemanager_unittests"
  • Re-run test "javascript_lint"
  • Re-run test "spacecmd_unittests"

@HoussemNasri
Add basic oval types
f0224ab
@HoussemNasri
Create OVAL objects, states and tests managers
4239ce2 
- It's an optimization to enable faster lookups of OVAL resources
@HoussemNasri
Create a facade class that offers mock implementations for Uyuni APIs
e7a1741 
- This class is temporary and will be removed when the integration with Uyuni is complete.
@HoussemNasri
Add OVAL Criteria and Criterion types
b80cdcd 
- Also, implemented the composite design pattern to enable the evaluation of the criteria tree
@HoussemNasri
Create OVAL Linux extension types
dda677d
@HoussemNasri
Implement the OVAL parser
cf07f8f 
- This is a temporary implementation based on JAXB API which consumes a lot of memory. I plan to rewrite it with StAX for better performance.
@HoussemNasri
Refactor getDefinitions() method
e4f0659
@HoussemNasri
Define database entities
19ae361 
- Add OVALPackageTest entity
- Add OVALPackageState entity
- Add OVALPackageVersionStateEntity entity
- Add OVALPackageEvrStateEntity entity
- Add OVALPackageObject entity
- Add OVALDefinition entity
- Add OVALPlatform entity
- Add OVALReference entity
- Add OVALPackageArchStateEntity entity
- Add OVALVulnerablePackage entity
- Add OVALPlatformVulnerablePackage entity
@HoussemNasri
Define OVAL database access methods
82af083 
- Without implementation
@HoussemNasri
Implement getVulnerabilityDefinitionByCve
c90c1b2
@HoussemNasri
Implement the lookup of oval package object, state and test by id
849aed7
@HoussemNasri
Add queries to lookup affected platforms by oval definition and cve
eceb133
@HoussemNasri
Fix join table not filled with data
26aa8a1
@HoussemNasri
Reference one cve per OVAL definition
0cb224a 
- Right now we're only processing vulnerability definitions which reference one cve per definition, so it's redundant to have a list of cves when it's going to always have one element.
@HoussemNasri
Save cve along the OVAL definition
b80cdc1
@HoussemNasri
Implement equals and hashcode methods
26f85c1
@HoussemNasri
Refactor OVAL reference table creation query
558d87f
@HoussemNasri
Enable the assignment of a vulnerable package to a platform
8c148c5
@HoussemNasri
Save references along an OVAL definition
ceb21b5
@HoussemNasri
Lookup a reference by ref and definition id
52c8c4c
@HoussemNasri
Define query to lookup vulnerable packages
bd2eb8d
@HoussemNasri
Add source column to the oval definition table
d33c8e5 
- This column represents the source from which we fetched the definition
@HoussemNasri
Delete suseOVALDefinitionCve.sql
0b7874e
@HoussemNasri
Update tables.deps
2909795
@HoussemNasri
Modify TestEvaluator to use database entities
e3d2e1e
@HoussemNasri
Add criteria_tree column to OVAL definition table
b1b0a36
@HoussemNasri
Fetch list of entities lazily to improve performance
132a5ae
@HoussemNasri
Optimize the insertion of definitions by caching affected platform ob…
4e95e3f 
…jects
@HoussemNasri
Optimize the insertion of definitions further
bde825c
@HoussemNasri
Add the advisory OVAL type
c1c998a
@github-actions
Copy link
Contributor

github-actions bot commented Sep 7, 2023

Suggested tests to cover this Pull Request
  • srv_rename_hostname
  • allcli_sanity
  • srv_monitoring
  • proxy_branch_network
  • proxy_cobbler_pxeboot
  • minssh_salt_install_package
  • min_deblike_monitoring
  • srv_power_management
  • min_salt_mgrcompat_state
  • allcli_software_channels_dependencies
  • allcli_system_group
  • minkvm_guests
  • srv_docker_cve_audit
  • min_empty_system_profiles
  • srv_cobbler_profile
  • srv_restart
  • min_ansible_control_node
  • srv_reportdb
  • srv_power_management_redfish
  • min_retracted_patches
  • min_bootstrap_negative
  • srv_user_configuration_salt_states
  • min_activationkey
  • allcli_reboot
  • min_bootstrap_ssh_key
  • srv_manage_activationkey
  • min_rhlike_salt
  • min_salt_formulas_advanced
  • srv_manage_channels_page
  • min_deblike_salt_install_package
  • buildhost_docker_build_image
  • min_salt_migration
  • srv_custom_system_info
  • min_recurring_action
  • proxy_as_pod_basic_tests
  • minssh_bootstrap_api
  • srv_advanced_search
  • min_salt_minion_details
  • srv_cobbler_distro
  • min_salt_lock_packages
  • srv_scc_user_credentials
  • min_deblike_openscap_audit
  • min_rhlike_ssh
  • min_check_patches_install
  • min_virthost
  • srv_datepicker
  • srv_power_management_api
  • min_salt_openscap_audit
  • min_salt_install_with_staging
  • min_move_from_and_to_proxy
  • allcli_config_channel
  • min_project_lotus
  • min_salt_software_states
  • min_config_state_channel_subscriptions
  • min_timezone
  • min_bootstrap_api
  • min_bootstrap_reactivation
  • min_rhlike_monitoring
  • min_salt_user_states
  • srv_distro_cobbler
  • minssh_ansible_control_node
  • min_rhlike_salt_install_package_and_patch
  • min_config_state_channel_api
  • min_deblike_salt
  • buildhost_docker_auth_registry
  • buildhost_osimage_build_image
  • min_deblike_salt_install_with_staging
  • srv_group_union_intersection
  • min_cve_audit
  • min_rhlike_remote_command
  • allcli_action_chain
  • min_salt_pkgset_beacon
  • proxy_retail_pxeboot_and_mass_import
  • buildhost_bootstrap
  • min_rhlike_openscap_audit
  • min_bootstrap_script
  • srv_virtual_host_manager
  • proxy_register_as_minion_with_script
  • min_cve_id_new_syntax
  • min_deblike_ssh
  • min_salt_install_package
  • min_config_state_channel
  • min_salt_minions_page
  • srv_menu
  • min_monitoring
  • min_change_software_channel
  • min_action_chain
  • min_deblike_remote_command
  • minssh_action_chain
  • sle_ssh_minion
  • min_salt_formulas
  • allcli_overview_systems_details
  • min_custom_pkg_download_endpoint
  • allcli_software_channels
  • srv_maintenance_windows
  • sle_minion
  • min_ssh_tunnel
  • minssh_move_from_and_to_proxy
  • srv_first_settings
  • srv_push_package
  • srv_check_sync_source_packages
  • srv_create_repository
  • srv_delete_channel_from_ui
  • srv_clone_channel_npn
  • srv_handle_software_channels_with_ISS_v2
  • allcli_update_activationkeys
  • srv_check_channels_page

@HoussemNasri
Copy link
Collaborator Author

This pull request is so tiny, so to not have to maintain another pull request, I merged its changes into PR B

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
API data-model database java_lint_checkstyle java_pgsql_tests java javascript_lint needs-translation old-ui schema_migration_test_oracle schema_migration_test_pgsql ui xmlrpc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HoussemNasri