mirror of
https://github.com/fleetdm/fleet
synced 2026-05-06 06:48:54 +00:00
9ad1721efd
The OVAL analyzer falsely assumes that any vulnerabilities detected on a host only come from OVAL. However, it is possible that NVD detects vulnerabilities on these hosts even though it excludes software from deb_packages and rpm_packages. For example, a python package twisted v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL analyzer would delete this vulnerability, and it would be re-inserted by the NVD scanner on the next run. This creates a loop. The fix is to only delete vulnerabilities that are actually detected using OVAL. We already store this in the source column in the software_cve table. |
||
|---|---|---|
| .. | ||
| input | ||
| parsed | ||
| analyzer.go | ||
| analyzer_test.go | ||
| downloader.go | ||
| downloader_test.go | ||
| mappers.go | ||
| mappers_test.go | ||
| oval_platform.go | ||
| oval_platform_test.go | ||
| parser.go | ||
| parser_test.go | ||
| sync.go | ||
| sync_test.go | ||