search

CESNET / pakiti-server

Pakiti provides a monitoring mechanism to check the patching status of Linux systems.
BSD 2-Clause "Simplified" License
49 stars 35 forks source link

Fixed parsing error on Ubuntu OVAL #175

Closed mgrosa closed 3 years ago

mgrosa commented 4 years ago

On new Ubuntu OVALs the "comment" field on the "criterion" changed in such a way that parsing was not being done correctly, resulting in an unpopulated database misleading us that no CVEs were found.

Example of new OVAL: criterion test_ref="oval:com.ubuntu.bionic:tst:2017131340000010" comment="imagemagick package in bionic was vulnerable but has been fixed (note: '8:6.9.7.4+dfsg-16ubuntu6.2')."

Parsing was expecting it to be: criterion test_ref="oval:com.ubuntu.bionic:tst:2017131340000010" comment="The ' imagemagick ' package in bionic was vulnerable but has been fixed (note: '8:6.9.7.4+dfsg-16ubuntu6.2')."

This pull request fixes CESNET/pakiti-server#170.

aleita commented 3 years ago

this patch works for me

tauceti2 commented 3 years ago

Thanks for the patch.