Closed J08nY closed 1 year ago
DependencyFinder produces the following direct references for 10b17081dd7cad8f (ANSSI-CC-2018/41).
While the site produces this graph component (including indirect and both directions of references). Note no -M01
ids.
TBH I do not know why we even have the DependencyFinder class. What it does can be better done on demand by using the direct references directly to build a graph object in networkx
or wherever and then querying that object.
@adamjanovsky @GeorgeFI Can you elaborate on the uses of this class?
One more example: https://seccerts.org/cc/6ed3cd21c6a2c9d0/ Both the st_references and report_references are empty yet the certificate ID appears in "directly_referencing" entry of another three certificates (see the graph display).
Describe the bug The DependencyFinder class from
model
subpackage produces weird output. It includes ids with maintenance suffixes in the output and in general finds connections different to that which are found by independently expanding the direct references in the seccerts.org page.To Reproduce Compute the full CC dataset and look at the outputs of DependencyFinder in the
st_references
andreport_references
heuristics.