Handling Oracle Enterprise Linux OVAL files

[lucasnetau]

Hi, we have a need to process the Oracle Enterprise Linux OVAL files as they use different versioning to the RHEL files especially relating to the kernel and additional packages.

So far I have adapted the OvalRedHat CveSubSource and created a OvalOracle sub source. The may be some package version overlap between RHEL and Oracle, however their rulesets are different in relation to the Release name.

Two questions 1) Can you see any issues with this approach? 2) For you to consider a PR, since the two classes share a lot of code (only a handful of lines are different) how would you prefer them to be constructed? I could sub-class the Oracle one off the RedHat one just like CentOS however there would still be a few methods with duplicate code between the classes.

[kouril]

Hi,

I don't see a problem with the approach and we certainly welcome your contribution. As for the code structure, anything that is easy to read and maintain will work :-). Please note the CentOS part is more-or-less a PoC so not necessarily something showing the right/preferred way. Handling these inputs will always be special, we wouldn't mind few duplicates here and there.