feat: remove oval evaluation

.github/workflows/test.yml

@@ -27,7 +27,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-${{ matrix.go-version }}-
       # run tests
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ${{ matrix.go-version }}
       - uses: actions/checkout@v4

vmaas/cache.go

@@ -53,24 +53,9 @@ type Cache struct {
 	SrcPkgID2PkgID    map[PkgID][]PkgID
 	String            map[int]string
 
-	// OVAL
-	PackagenameID2definitionIDs map[NameID][]DefinitionID
-	RepoID2CpeIDs               map[RepoID][]CpeID
-	ContentSetID2CpeIDs         map[ContentSetID][]CpeID
-
-	OvaldefinitionDetail            map[DefinitionID]DefinitionDetail
-	OvaldefinitionID2Cves           map[DefinitionID][]string
-	CpeID2OvalDefinitionIDs         map[CpeID][]DefinitionID
-	OvalCriteriaID2DepModuleTestIDs map[CriteriaID][]ModuleTestID
-	OvalCriteriaID2DepTestIDs       map[CriteriaID][]TestID
-	OvalCriteriaID2DepCriteriaIDs   map[CriteriaID][]CriteriaID
-	OvalCriteriaID2Type             map[CriteriaID]int
-	OvalStateID2Arches              map[OvalStateID][]ArchID
-	OvalModuleTestDetail            map[ModuleTestID]OvalModuleTestDetail
-	OvalTestDetail                  map[TestID]OvalTestDetail
-	OvalTestID2States               map[TestID][]OvalState
-	OvalDefinitionID2ErrataIDs      map[DefinitionID][]ErratumID
-	CpeID2Label                     map[CpeID]CpeLabel
+	ContentSetID2CpeIDs map[ContentSetID][]CpeID
+	RepoID2CpeIDs       map[RepoID][]CpeID
+	CpeID2Label         map[CpeID]CpeLabel
 
 	// CSAF
 	CSAFProductStatus     map[int]string

vmaas/load.go

@@ -25,13 +25,8 @@ var loadFuncs = []func(c *Cache){
 	loadPkgNames, loadUpdates, loadUpdatesIndex, loadEvrMaps, loadArchs, loadArchCompat, loadPkgDetails,
 	loadRepoDetails, loadLabel2ContentSetID, loadPkgRepos, loadErrata, loadPkgErratum, loadErrataRepoIDs,
 	loadCves, loadPkgErratumModule, loadModule2IDs, loadModuleRequires, loadDBChanges, loadString,
-	// OVAL
-	loadOvalDefinitionDetail, loadOvalDefinitionCves, loadPackagenameID2DefinitionIDs, loadRepoCpes,
-	loadContentSet2Cpes, loadCpeID2DefinitionIDs, loadOvalCriteriaDependency, loadOvalCriteriaID2Type,
-	loadOvalStateID2Arches, loadOvalModuleTestDetail, loadOvalTestDetail, loadOvalTestID2States,
-	loadOvalDefinitionErrata, loadCpeID2Label,
 	// CSAF
-	loadCSAFCVE,
+	loadRepoCpes, loadContentSet2Cpes, loadCpeID2Label, loadCSAFCVE,
 }
 
 func openDB(path string) error {
@@ -760,67 +755,6 @@ func loadErrataModules() map[int][]Module {
 	return erID2modules
 }
 
-func loadOvalDefinitionDetail(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "oval_definition_detail")
-
-	row := DefinitionDetail{}
-	cnt := getCount("oval_definition_detail", "*")
-	defDetail := make(map[DefinitionID]DefinitionDetail, cnt)
-	rows := getAllRows("oval_definition_detail", "id,definition_type_id,criteria_id")
-
-	for rows.Next() {
-		if err := rows.Scan(&row.ID, &row.DefinitionTypeID, &row.CriteriaID); err != nil {
-			panic(err)
-		}
-		defDetail[row.ID] = row
-	}
-	c.OvaldefinitionDetail = defDetail
-}
-
-func loadOvalDefinitionCves(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "oval_definition_cve")
-
-	type OvalDefinitionCve struct {
-		DefinitionID DefinitionID
-		Cve          string
-	}
-	r := OvalDefinitionCve{}
-	cnt := getCount("oval_definition_cve", "distinct definition_id")
-	ret := make(map[DefinitionID][]string, cnt)
-	cols := "definition_id,cve"
-	rows := getAllRows("oval_definition_cve", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.DefinitionID, &r.Cve); err != nil {
-			panic(err)
-		}
-		ret[r.DefinitionID] = append(ret[r.DefinitionID], r.Cve)
-	}
-	c.OvaldefinitionID2Cves = ret
-}
-
-func loadPackagenameID2DefinitionIDs(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "PackagenameID2definitionIDs")
-
-	type NameDefinition struct {
-		NameID       NameID
-		DefinitionID DefinitionID
-	}
-	r := NameDefinition{}
-	cnt := getCount("packagename_oval_definition", "distinct name_id")
-	ret := make(map[NameID][]DefinitionID, cnt)
-	cols := "name_id,definition_id"
-	rows := getAllRowsWithOrder("packagename_oval_definition", cols, cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.NameID, &r.DefinitionID); err != nil {
-			panic(err)
-		}
-		ret[r.NameID] = append(ret[r.NameID], r.DefinitionID)
-	}
-	c.PackagenameID2definitionIDs = ret
-}
-
 func loadRepoCpes(c *Cache) {
 	defer utils.TimeTrack(time.Now(), "RepoID2CpeIDs")
 
@@ -865,222 +799,6 @@ func loadContentSet2Cpes(c *Cache) {
 	c.ContentSetID2CpeIDs = ret
 }
 
-func loadCpeID2DefinitionIDs(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "CpeID2OvalDefinitionIDs")
-
-	type DefinitionCpe struct {
-		CpeID        CpeID
-		DefinitionID DefinitionID
-	}
-	r := DefinitionCpe{}
-	cnt := getCount("oval_definition_cpe", "distinct cpe_id")
-	ret := make(map[CpeID][]DefinitionID, cnt)
-	cols := "cpe_id,definition_id"
-	rows := getAllRowsWithOrder("oval_definition_cpe", cols, cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.CpeID, &r.DefinitionID); err != nil {
-			panic(err)
-		}
-		ret[r.CpeID] = append(ret[r.CpeID], r.DefinitionID)
-	}
-	c.CpeID2OvalDefinitionIDs = ret
-}
-
-func loadOvalCriteriaDependency(c *Cache) {
-	defer utils.TimeTrack(
-		time.Now(),
-		"OvalCriteriaID2DepCriteriaIDs, OvalCriteriaID2DepTestIDs, OvalCriteriaID2DepModuleTestIDs",
-	)
-
-	type OvalCriteriaDep struct {
-		ParentCriteriaID CriteriaID
-		DepCriteriaID    CriteriaID
-		DepTestID        TestID
-		DepModuleTestID  ModuleTestID
-	}
-
-	r := OvalCriteriaDep{}
-
-	cnt := getCount("oval_criteria_dependency", "distinct parent_criteria_id")
-	criteriaID2DepCriteriaIDs := make(map[CriteriaID][]CriteriaID, cnt)
-	criteriaID2DepTestIDs := make(map[CriteriaID][]TestID, cnt)
-	criteriaID2DepModuleTestIDs := make(map[CriteriaID][]ModuleTestID, cnt)
-
-	cols := "parent_criteria_id,COALESCE(dep_criteria_id, 0),COALESCE(dep_test_id, 0),COALESCE(dep_module_test_id, 0)"
-	rows := getAllRows("oval_criteria_dependency", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.ParentCriteriaID, &r.DepCriteriaID, &r.DepTestID, &r.DepModuleTestID); err != nil {
-			panic(err)
-		}
-		if r.DepCriteriaID != 0 {
-			criteriaID2DepCriteriaIDs[r.ParentCriteriaID] = append(criteriaID2DepCriteriaIDs[r.ParentCriteriaID],
-				r.DepCriteriaID)
-		}
-		if r.DepTestID != 0 {
-			criteriaID2DepTestIDs[r.ParentCriteriaID] = append(criteriaID2DepTestIDs[r.ParentCriteriaID], r.DepTestID)
-		}
-		if r.DepModuleTestID != 0 {
-			criteriaID2DepModuleTestIDs[r.ParentCriteriaID] = append(criteriaID2DepModuleTestIDs[r.ParentCriteriaID],
-				r.DepModuleTestID)
-		}
-	}
-	c.OvalCriteriaID2DepCriteriaIDs = criteriaID2DepCriteriaIDs
-	c.OvalCriteriaID2DepTestIDs = criteriaID2DepTestIDs
-	c.OvalCriteriaID2DepModuleTestIDs = criteriaID2DepModuleTestIDs
-}
-
-func loadOvalCriteriaID2Type(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalCriteriaID2Type")
-
-	type OvalCriteriaType struct {
-		CriteriaID CriteriaID
-		TypeID     int
-	}
-
-	r := OvalCriteriaType{}
-	cnt := getCount("oval_criteria_type", "*")
-	criteriaID2Type := make(map[CriteriaID]int, cnt)
-	cols := "criteria_id,type_id"
-	rows := getAllRows("oval_criteria_type", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.CriteriaID, &r.TypeID); err != nil {
-			panic(err)
-		}
-		criteriaID2Type[r.CriteriaID] = r.TypeID
-	}
-	c.OvalCriteriaID2Type = criteriaID2Type
-}
-
-func loadOvalStateID2Arches(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalModuleTestDetail")
-
-	type StateArch struct {
-		StateID OvalStateID
-		ArchID  ArchID
-	}
-	r := StateArch{}
-	cnt := getCount("oval_state_arch", "distinct state_id")
-	ret := make(map[OvalStateID][]ArchID, cnt)
-	cols := "state_id,arch_id"
-	rows := getAllRows("oval_state_arch", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.StateID, &r.ArchID); err != nil {
-			panic(err)
-		}
-		ret[r.StateID] = append(ret[r.StateID], r.ArchID)
-	}
-	c.OvalStateID2Arches = ret
-}
-
-func loadOvalModuleTestDetail(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalModuleTestDetail")
-
-	type ModuleTestDetail struct {
-		ID           ModuleTestID
-		ModuleStream string
-	}
-
-	r := ModuleTestDetail{}
-	cnt := getCount("oval_module_test_detail", "*")
-	details := make(map[ModuleTestID]OvalModuleTestDetail, cnt)
-	cols := "id,module_stream"
-	rows := getAllRows("oval_module_test_detail", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.ID, &r.ModuleStream); err != nil {
-			panic(err)
-		}
-		splitted := strings.Split(r.ModuleStream, ":")
-		details[r.ID] = OvalModuleTestDetail{
-			ModuleStream: ModuleStream{Module: splitted[0], Stream: splitted[1]},
-		}
-	}
-	c.OvalModuleTestDetail = details
-}
-
-func loadOvalTestDetail(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalTestDetail")
-
-	type TestDetail struct {
-		ID               TestID
-		PackageNameID    NameID
-		CheckExistenceID int
-	}
-
-	r := TestDetail{}
-	cnt := getCount("oval_test_detail", "*")
-	testDetail := make(map[TestID]OvalTestDetail, cnt)
-	cols := "id,package_name_id,check_existence_id"
-	rows := getAllRows("oval_test_detail", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.ID, &r.PackageNameID, &r.CheckExistenceID); err != nil {
-			panic(err)
-		}
-		testDetail[r.ID] = OvalTestDetail{PkgNameID: r.PackageNameID, CheckExistence: r.CheckExistenceID}
-	}
-	c.OvalTestDetail = testDetail
-}
-
-func loadOvalTestID2States(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalTestID2States")
-
-	type TestState struct {
-		TestID         TestID
-		StateID        OvalStateID
-		EvrID          EvrID
-		EvrOperationID int
-	}
-
-	r := TestState{}
-	cnt := getCount("oval_test_state", "*")
-	test2State := make(map[TestID][]OvalState, cnt)
-	cols := "test_id,state_id,evr_id,evr_operation_id"
-	rows := getAllRows("oval_test_state", cols)
-
-	for rows.Next() {
-		if err := rows.Scan(&r.TestID, &r.StateID, &r.EvrID, &r.EvrOperationID); err != nil {
-			panic(err)
-		}
-		test2State[r.TestID] = append(test2State[r.TestID], OvalState{
-			ID:           r.StateID,
-			EvrID:        r.EvrID,
-			OperationEvr: r.EvrOperationID,
-		})
-	}
-	c.OvalTestID2States = test2State
-}
-
-func loadOvalDefinitionErrata(c *Cache) {
-	defer utils.TimeTrack(time.Now(), "OvalDefinitionID2ErrataIDs")
-
-	type OvalDefinitionErrataSelect struct {
-		DefinitionID DefinitionID
-		ErratumID    ErratumID
-	}
-
-	cols := "definition_id,errata_id"
-	rows := getAllRows("oval_definition_errata", cols)
-	cnt := getCount("oval_definition_errata", "distinct definition_id")
-	row := OvalDefinitionErrataSelect{}
-	// TODO: investigate - it looks like 1 definitionID is always mapped to 1 erratum
-	//       and 1 erratum can be associated with multiple definitions
-	//       we might not need `map[DefinitionID][]ErratumID` but `map[DefinitionID]ErratumID`
-	definitionErrata := make(map[DefinitionID][]ErratumID, cnt)
-
-	for rows.Next() {
-		if err := rows.Scan(&row.DefinitionID, &row.ErratumID); err != nil {
-			panic(err)
-		}
-		definitionErrata[row.DefinitionID] = append(definitionErrata[row.DefinitionID], row.ErratumID)
-	}
-	c.OvalDefinitionID2ErrataIDs = definitionErrata
-}
-
 func loadCpeID2Label(c *Cache) {
 	defer utils.TimeTrack(time.Now(), "CpeID2Label")
 

vmaas/options.go

@@ -29,7 +29,7 @@ func (u unfixedOption) apply(opts *options) {
 	opts.evalUnfixed = bool(u)
 }
 
-// Option to evaluate unfixed CVEs by OVAL
+// Option to evaluate unfixed CVEs by CSAF
 func WithUnfixed(u bool) Option {
 	return unfixedOption(u)
 }

vmaas/types.go

@@ -19,13 +19,8 @@ type (
 	ArchID        int
 	ErratumID     int
 	ContentSetID  int
-	DefinitionID  int
 	CpeID         int
 	CpeLabel      string
-	CriteriaID    int
-	TestID        int
-	ModuleTestID  int
-	OvalStateID   int
 	CSAFProductID int
 	CSAFCVEID     int
 	CVEID         int
@@ -245,27 +240,6 @@ type ErratumDetail struct {
 	RequiresReboot bool
 }
 
-type DefinitionDetail struct {
-	ID               DefinitionID
-	DefinitionTypeID int
-	CriteriaID       CriteriaID
-}
-
-type OvalTestDetail struct {
-	PkgNameID      NameID
-	CheckExistence int
-}
-
-type OvalModuleTestDetail struct {
-	ModuleStream ModuleStream
-}
-
-type OvalState struct {
-	ID           OvalStateID
-	EvrID        EvrID
-	OperationEvr int
-}
-
 type NameArch struct {
 	Name string
 	Arch string