From a6b2409faa8c5eeeb0db0fe2992e6931baddcc34 Mon Sep 17 00:00:00 2001
From: HoussemNasri <houssemnasri2001@gmail.com>
Date: Thu, 6 Jun 2024 12:18:37 +0100
Subject: [PATCH] Add an configuration option to enable/disable OVAL metadata
 usage in CVE auditing

---
 .../com/redhat/rhn/common/conf/ConfigDefaults.java    | 11 +++++++++++
 .../redhat/rhn/manager/audit/CVEAuditManagerOVAL.java |  3 ++-
 java/conf/rhn_java.conf                               |  3 +++
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java
index f41794c02b59..1ed0442aa8e6 100644
--- a/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java
+++ b/java/code/src/com/redhat/rhn/common/conf/ConfigDefaults.java
@@ -235,6 +235,8 @@ public class ConfigDefaults {
 
     public static final String MESSAGE_QUEUE_THREAD_POOL_SIZE = "java.message_queue_thread_pool_size";
 
+    public static final String CVE_AUDIT_ENABLE_OVAL_METADATA = "java.cve_audit.enable_oval_metadata";
+
     /**
      * Token lifetime in seconds
      */
@@ -1188,4 +1190,13 @@ public int getRebootDelay() {
 
         return rebootDelay;
     }
+
+    /**
+     * Check if the usage of OVAL metadata is permitted in scanning systems for CVE vulnerabilities.
+     *
+     * @return {@code true} if OVAL usage is permitted and {@code false} otherwise.
+     * */
+    public boolean isOvalEnabledForCveAudit() {
+        return Config.get().getBoolean(CVE_AUDIT_ENABLE_OVAL_METADATA, false);
+    }
 }
diff --git a/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java b/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java
index 73485a3337c1..4103b7db65b2 100644
--- a/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java
+++ b/java/code/src/com/redhat/rhn/manager/audit/CVEAuditManagerOVAL.java
@@ -18,6 +18,7 @@
 
 import static com.redhat.rhn.manager.audit.CVEAuditManager.SUCCESSOR_PRODUCT_RANK_BOUNDARY;
 
+import com.redhat.rhn.common.conf.ConfigDefaults;
 import com.redhat.rhn.domain.rhnpackage.PackageEvr;
 import com.redhat.rhn.domain.server.Server;
 import com.redhat.rhn.domain.server.ServerFactory;
@@ -96,7 +97,7 @@ public static List<CVEAuditServer> listSystemsByPatchStatus(User user, String cv
             CVEAuditSystemBuilder auditWithChannelsResult = null;
             CVEAuditSystemBuilder auditWithOVALResult = null;
 
-            if (checkOVALAvailability(clientServer)) {
+            if (ConfigDefaults.get().isOvalEnabledForCveAudit() && checkOVALAvailability(clientServer)) {
                 auditWithOVALResult =
                         doAuditSystem(cveIdentifier, resultsBySystem.get(clientServer.getId()), clientServer);
             }
diff --git a/java/conf/rhn_java.conf b/java/conf/rhn_java.conf
index 5c99ea7afea2..a28e8f40c1af 100644
--- a/java/conf/rhn_java.conf
+++ b/java/conf/rhn_java.conf
@@ -267,3 +267,6 @@ java.reboot_delay = 3
 
 # Disable remote commands from UI
 java.disable_remote_commands_from_ui = false
+
+# Enable the usage of OVAL metadata in CVE auditing
+java.cve_audit.enable_oval_metadata = true
\ No newline at end of file