GSOC23 - A - Adapt the CVE auditing functionality to depend on OVAL data

[HoussemNasri]

What does this PR change?

This is the first pull request of my GSoC project. The primary goal of the PR is to implement and test the OVAL-based CVE auditing algorithm as described in the associated RFC. It also includes a partial (but sufficient given the OVAL files we aim to consume) implementation of the OVAL definition schema specification.

This implementation only addresses OVALs produced by SUSE. Small changes in the database schema and implementation details are required in order to support other distributions OVALs.

TODO

• Replace log.error() with log.debug()
• Fix checkstyle errors
• Add database migration code

What is missing

These are known limitations that will be addressed in subsequent pull requests.

• UI Integration (python and React)
• Debian, Red Hat, and Ubuntu support
• The downloading of OVAL files
• Testing of the vulnerable package extractors
• Optimizing the writing of OVAL definitions

Useful links

• The RFC

GUI diff

No difference.

• DONE

Documentation

• No documentation needed: only internal and user-invisible changes
• DONE

Test coverage

I added unit tests for the TestEvaluator and CVEAuditManagerOVAL classes which contain

• Unit tests were added

• DONE

Links

Fixes #
Tracks # add downstream PR, if any

• DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

• No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

• Re-run test "changelog_test"
• Re-run test "backend_unittests_pgsql"
• Re-run test "java_pgsql_tests"
• Re-run test "schema_migration_test_pgsql"
• Re-run test "susemanager_unittests"
• Re-run test "javascript_lint"
• Re-run test "spacecmd_unittests"

[github-actions]

Suggested tests to cover this Pull Request

• srv_monitoring
• proxy_cobbler_pxeboot
• srv_rename_hostname
• proxy_branch_network
• allcli_sanity
• min_salt_formulas
• min_deblike_ssh
• min_ssh_tunnel
• min_salt_migration
• srv_menu
• srv_power_management_redfish
• minssh_salt_install_package
• allcli_software_channels_dependencies
• min_change_software_channel
• min_monitoring
• min_action_chain
• srv_distro_cobbler
• srv_power_management_api
• allcli_reboot
• min_deblike_salt
• min_timezone
• minssh_action_chain
• min_rhlike_remote_command
• min_salt_minion_details
• min_bootstrap_script
• sle_ssh_minion
• sle_minion
• allcli_overview_systems_details
• min_cve_id_new_syntax
• min_rhlike_openscap_audit
• min_move_from_and_to_proxy
• min_rhlike_monitoring
• srv_group_union_intersection
• srv_scc_user_credentials
• allcli_action_chain
• min_bootstrap_reactivation
• srv_cobbler_profile
• min_salt_install_package
• min_check_patches_install
• min_deblike_salt_install_package
• min_rhlike_salt
• min_config_state_channel_api
• min_bootstrap_api
• srv_reportdb
• min_rhlike_ssh
• buildhost_docker_build_image
• min_config_state_channel_subscriptions
• min_salt_openscap_audit
• proxy_register_as_minion_with_script
• min_bootstrap_ssh_key
• srv_restart
• min_deblike_openscap_audit
• allcli_software_channels
• min_salt_minions_page
• min_recurring_action
• min_salt_mgrcompat_state
• srv_advanced_search
• min_deblike_salt_install_with_staging
• min_rhlike_salt_install_package_and_patch
• min_deblike_remote_command
• minssh_ansible_control_node
• min_project_lotus
• srv_manage_activationkey
• minkvm_guests
• proxy_retail_pxeboot_and_mass_import
• buildhost_docker_auth_registry
• min_activationkey
• proxy_as_pod_basic_tests
• srv_cobbler_distro
• srv_power_management
• srv_docker_cve_audit
• min_deblike_monitoring
• min_salt_user_states
• minssh_move_from_and_to_proxy
• buildhost_bootstrap
• srv_datepicker
• min_salt_formulas_advanced
• srv_user_configuration_salt_states
• allcli_config_channel
• min_salt_lock_packages
• min_salt_install_with_staging
• srv_custom_system_info
• min_virthost
• min_bootstrap_negative
• minssh_bootstrap_api
• min_ansible_control_node
• min_empty_system_profiles
• min_config_state_channel
• allcli_system_group
• min_retracted_patches
• min_salt_pkgset_beacon
• buildhost_osimage_build_image
• srv_maintenance_windows
• srv_manage_channels_page
• srv_virtual_host_manager
• min_custom_pkg_download_endpoint
• min_salt_software_states
• min_cve_audit
• srv_first_settings
• srv_handle_software_channels_with_ISS_v2
• srv_delete_channel_from_ui
• srv_check_sync_source_packages
• srv_check_channels_page
• srv_clone_channel_npn
• srv_create_repository
• srv_push_package
• allcli_update_activationkeys