Skip to content

Commit

Permalink
Add an configuration option to enable/disable OVAL metadata usage in …
Browse files Browse the repository at this point in the history 
…CVE auditing
  • Loading branch information
@HoussemNasri
HoussemNasri committed Jun 6, 2024
1 parent d6204c3 commit a6b2409
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 1 deletion.
11 changes: 11 additions & 0 deletions java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,8 @@ public class ConfigDefaults {

public static final String MESSAGE_QUEUE_THREAD_POOL_SIZE = "java.message_queue_thread_pool_size";

public static final String CVE_AUDIT_ENABLE_OVAL_METADATA = "java.cve_audit.enable_oval_metadata";

/**
* Token lifetime in seconds
*/
Expand Down Expand Up @@ -1188,4 +1190,13 @@ public int getRebootDelay() {

return rebootDelay;
}

/**
* Check if the usage of OVAL metadata is permitted in scanning systems for CVE vulnerabilities.
*
* @return {@code true} if OVAL usage is permitted and {@code false} otherwise.
* */
public boolean isOvalEnabledForCveAudit() {
return Config.get().getBoolean(CVE_AUDIT_ENABLE_OVAL_METADATA, false);
}
}
3 changes: 2 additions & 1 deletion java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import static com.redhat.rhn.manager.audit.CVEAuditManager.SUCCESSOR_PRODUCT_RANK_BOUNDARY;

import com.redhat.rhn.common.conf.ConfigDefaults;
import com.redhat.rhn.domain.rhnpackage.PackageEvr;
import com.redhat.rhn.domain.server.Server;
import com.redhat.rhn.domain.server.ServerFactory;
Expand Down Expand Up @@ -96,7 +97,7 @@ public static List<CVEAuditServer> listSystemsByPatchStatus(User user, String cv
CVEAuditSystemBuilder auditWithChannelsResult = null;
CVEAuditSystemBuilder auditWithOVALResult = null;

if (checkOVALAvailability(clientServer)) {
if (ConfigDefaults.get().isOvalEnabledForCveAudit() && checkOVALAvailability(clientServer)) {
auditWithOVALResult =
doAuditSystem(cveIdentifier, resultsBySystem.get(clientServer.getId()), clientServer);
}
Expand Down
3 changes: 3 additions & 0 deletions java/conf/rhn_java.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,3 +267,6 @@ java.reboot_delay = 3

# Disable remote commands from UI
java.disable_remote_commands_from_ui = false

# Enable the usage of OVAL metadata in CVE auditing
java.cve_audit.enable_oval_metadata = true

0 comments on commit a6b2409

Please sign in to comment.