When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.
For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for CVE-2016-5440. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality as jq for doing stream transformations of the XML.
I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.
Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.
When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.
For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for
CVE-2016-5440. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality asjqfor doing stream transformations of the XML.I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.
Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.