From 74932130d13528e64d1465c2511b202dc3260602 Mon Sep 17 00:00:00 2001 From: ziad hany Date: Thu, 1 Jan 2026 19:23:32 +0200 Subject: [PATCH] Drop suse oval importer v1 Signed-off-by: ziad hany --- vulnerabilities/importers/suse_oval.py | 69 ------- .../suse_oval/mock-definitions-only.xml | 42 ---- ...ensuse.CVE-2008-5679-modified-versions.xml | 90 --------- .../suse_oval/org.opensuse.CVE-2008-5679.xml | 81 -------- .../suse-oval-CVE-2008-5679-expected.json | 33 ---- vulnerabilities/tests/test_data_source.py | 26 --- vulnerabilities/tests/test_suse.py | 180 ------------------ vulnerabilities/tests/test_suse_oval.py | 157 --------------- 8 files changed, 678 deletions(-) delete mode 100644 vulnerabilities/importers/suse_oval.py delete mode 100644 vulnerabilities/tests/test_data/suse_oval/mock-definitions-only.xml delete mode 100644 vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679-modified-versions.xml delete mode 100644 vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679.xml delete mode 100644 vulnerabilities/tests/test_data/suse_oval/suse-oval-CVE-2008-5679-expected.json delete mode 100644 vulnerabilities/tests/test_suse.py delete mode 100644 vulnerabilities/tests/test_suse_oval.py diff --git a/vulnerabilities/importers/suse_oval.py b/vulnerabilities/importers/suse_oval.py deleted file mode 100644 index 0722682f7..000000000 --- a/vulnerabilities/importers/suse_oval.py +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (c) nexB Inc. and others. All rights reserved. -# VulnerableCode is a trademark of nexB Inc. -# SPDX-License-Identifier: Apache-2.0 -# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. -# See https://github.com/aboutcode-org/vulnerablecode for support or download. -# See https://aboutcode.org for more information about nexB OSS projects. -# - - -import gzip -import xml.etree.ElementTree as ET - -import requests -from bs4 import BeautifulSoup - -from vulnerabilities.importer import OvalImporter - - -class SuseOvalImporter(OvalImporter): - spdx_license_expression = "CC-BY-4.0" - license_url = "https://ftp.suse.com/pub/projects/security/oval/LICENSE" - base_url = "https://ftp.suse.com/pub/projects/security/oval/" - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.translations = {"less than": "<", "equals": "=", "greater than or equal": ">="} - - def _fetch(self): - page = requests.get(self.base_url).text - soup = BeautifulSoup(page, "lxml") - - suse_oval_files = [ - self.base_url + node.get("href") - for node in soup.find_all("a") - if node.get("href").endswith(".gz") - ] - - for suse_file in filter(suse_oval_files): - response = requests.get(suse_file) - - extracted = gzip.decompress(response.content) - yield ( - {"type": "rpm", "namespace": "opensuse"}, - ET.ElementTree(ET.fromstring(extracted.decode("utf-8"))), - ) - - -def filter(suse_oval_files): - """ - Filter to exclude "name.xml" when we also have "name-affected.xml", e.g., - "opensuse.leap.15.3.xml.gz" vs. "opensuse.leap.15.3-affected.xml.gz". See - https://ftp.suse.com/pub/projects/security/oval/README: "name-affected.xml" includes - "fixed security issues and the analyzed issues both affecting and NOT affecting SUSE" and - "name.xml" includes "fixed security issues and the analyzed issues NOT affecting SUSE." - """ - affected_files = [ - affected_file for affected_file in suse_oval_files if "-affected" in affected_file - ] - - trimmed_affected_files = [ - affected_file.replace("-affected", "") for affected_file in affected_files - ] - - filtered_suse_oval_files = [ - gz_file for gz_file in suse_oval_files if gz_file not in trimmed_affected_files - ] - - return filtered_suse_oval_files diff --git a/vulnerabilities/tests/test_data/suse_oval/mock-definitions-only.xml b/vulnerabilities/tests/test_data/suse_oval/mock-definitions-only.xml deleted file mode 100644 index 8d7c7756e..000000000 --- a/vulnerabilities/tests/test_data/suse_oval/mock-definitions-only.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - CVE-2008-5679 - - - - - The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. - - - - - - foobar-CVE-1234-5678 - - - - - Blah blah blah. - - - - - - nonesuchCVE-1111-2222 - - - - - Blah blah blah. - - - - - diff --git a/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679-modified-versions.xml b/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679-modified-versions.xml deleted file mode 100644 index 9ad88ee30..000000000 --- a/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679-modified-versions.xml +++ /dev/null @@ -1,90 +0,0 @@ - - - - Marcus OVAL Generator - 5.5 - 2009-01-14T09:08:29.480-05:00 - - - - - - CVE-2008-5679 - - - - - The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - opera - - - openSUSE-release - - - - - 0:9.63-1.1 - - - ^10.3$ - - - ^11.0$ - - - ^11.1$ - - - diff --git a/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679.xml b/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679.xml deleted file mode 100644 index b7c4c5e73..000000000 --- a/vulnerabilities/tests/test_data/suse_oval/org.opensuse.CVE-2008-5679.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - Marcus OVAL Generator - 5.5 - 2009-01-14T09:08:29.480-05:00 - - - - - - CVE-2008-5679 - - - - - The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - opera - - - openSUSE-release - - - - - 0:9.63-1.1 - - - ^10.3$ - - - ^11.0$ - - - ^11.1$ - - - diff --git a/vulnerabilities/tests/test_data/suse_oval/suse-oval-CVE-2008-5679-expected.json b/vulnerabilities/tests/test_data/suse_oval/suse-oval-CVE-2008-5679-expected.json deleted file mode 100644 index 436be58fd..000000000 --- a/vulnerabilities/tests/test_data/suse_oval/suse-oval-CVE-2008-5679-expected.json +++ /dev/null @@ -1,33 +0,0 @@ -[ - { - "aliases": [ - "CVE-2008-5679" - ], - "summary": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "opensuse", - "name": "opera", - "version": "", - "qualifiers": "", - "subpath": "" - }, - "affected_version_range": "vers:rpm/<9.63-1.1", - "fixed_version": null - } - ], - "references": [ - { - "reference_id": "", - "reference_type": "", - "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679", - "severities": [] - } - ], - "date_published": "2009-01-14T09:08:29.480000-05:00", - "weaknesses": [], - "url": "" - } -] \ No newline at end of file diff --git a/vulnerabilities/tests/test_data_source.py b/vulnerabilities/tests/test_data_source.py index 40eeb6b3f..3a35d5741 100644 --- a/vulnerabilities/tests/test_data_source.py +++ b/vulnerabilities/tests/test_data_source.py @@ -30,7 +30,6 @@ BASE_DIR = os.path.dirname(os.path.abspath(__file__)) TEST_DATA = os.path.join(BASE_DIR, "test_data/") -TEST_DATA_01 = os.path.join(BASE_DIR, "test_data/suse_oval") def load_oval_data(): @@ -136,28 +135,3 @@ def test_git_importer_clone(git_importer): list(git_importer().advisory_data()) mock_fetch.assert_called_once() mock_delete.assert_called_once() - - -# Here we use a modified copy of org.opensuse.CVE-2008-5679.xml -- the test versions are modified to illustrate sort order. -def test_ovaltest_sorting(): - xml_doc = ET.parse( - os.path.join(TEST_DATA_01, "org.opensuse.CVE-2008-5679-modified-versions.xml") - ) - translations = {"less than": "<", "equals": "=", "greater than or equal": ">="} - parsed_oval = OvalParser(translations, xml_doc) - - # Get the list of all tests and check the total number of tests. - get_all_tests = parsed_oval.oval_document.getTests() - - # Check the order of the four tests in the sorted `get_all_tests` list. (Testing suggests that the - # original list of tests, `get_all_tests`, is unsorted and is ordered in the same order as the test - # elements appear in the .xml file.) - sorted_tests = sorted(get_all_tests) - test_results = [(test.getId(), test.getVersion()) for test in sorted_tests] - expected = [ - ("oval:org.opensuse.security:tst:2009030401", "1"), - ("oval:org.opensuse.security:tst:2009030403", "4"), - ("oval:org.opensuse.security:tst:2009030402", "9"), - ("oval:org.opensuse.security:tst:2009030400", "11"), - ] - assert test_results == expected diff --git a/vulnerabilities/tests/test_suse.py b/vulnerabilities/tests/test_suse.py deleted file mode 100644 index 78a59ecc8..000000000 --- a/vulnerabilities/tests/test_suse.py +++ /dev/null @@ -1,180 +0,0 @@ -# -# Copyright (c) nexB Inc. and others. All rights reserved. -# VulnerableCode is a trademark of nexB Inc. -# SPDX-License-Identifier: Apache-2.0 -# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. -# See https://github.com/aboutcode-org/vulnerablecode for support or download. -# See https://aboutcode.org for more information about nexB OSS projects. -# - -import os -import unittest -import xml.etree.ElementTree as ET - -from vulnerabilities.oval_parser import OvalParser - -BASE_DIR = os.path.dirname(os.path.abspath(__file__)) -TEST_DATA = os.path.join(BASE_DIR, "test_data/") - - -class TestSUSEOvalParser(unittest.TestCase): - @classmethod - def setUpClass(cls): - xml_doc = ET.parse(os.path.join(TEST_DATA, "suse_oval_data.xml")) - translator = {"less than": "<"} - # all the elements which require "equals" are ignored(because they are not useful) - cls.parsed_oval = OvalParser(translator, xml_doc) - - def setUp(self): - self.definition_1 = self.parsed_oval.all_definitions[0] - self.definition_2 = self.parsed_oval.all_definitions[1] - - def test_get_definitions(self): - - assert len(self.parsed_oval.all_definitions) == 2 - assert ( - self.parsed_oval.all_definitions[0].getId() == "oval:org.opensuse.security:def:20094112" - ) - assert ( - self.parsed_oval.all_definitions[1].getId() == "oval:org.opensuse.security:def:20112767" - ) - - def test_get_tests_of_definition(self): - - definition_1_test_ids = { - "oval:org.opensuse.security:tst:2009281999", - "oval:org.opensuse.security:tst:2009282000", - } - definition_2_test_ids = { - "oval:org.opensuse.security:tst:2009271113", - "oval:org.opensuse.security:tst:2009271114", - } - - assert definition_1_test_ids == { - i.getId() for i in self.parsed_oval.get_tests_of_definition(self.definition_1) - } - - assert definition_2_test_ids == { - i.getId() for i in self.parsed_oval.get_tests_of_definition(self.definition_2) - } - - def test_get_vuln_id_from_definition(self): - - vuln_id_1 = "CVE-2009-4112" - vuln_id_2 = "CVE-2011-2767" - - assert vuln_id_1 == self.parsed_oval.get_vuln_id_from_definition(self.definition_1) - assert vuln_id_2 == self.parsed_oval.get_vuln_id_from_definition(self.definition_2) - - def test_get_object_state_of_test(self): - - # This method is inherited as it is from UbuntuOvalParser - # this test ensures that the method works with suse OVAL documents - - assert len(self.parsed_oval.oval_document.getTests()) == 9 - - test_1 = self.parsed_oval.oval_document.getTests()[0] - test_2 = self.parsed_oval.oval_document.getTests()[1] - - obj_t1, state_t1 = self.parsed_oval.get_object_state_of_test(test_1) - obj_t2, state_t2 = self.parsed_oval.get_object_state_of_test(test_2) - - assert state_t1.getId() == "oval:org.opensuse.security:ste:2009068342" - assert state_t2.getId() == "oval:org.opensuse.security:ste:2009072069" - - assert obj_t2.getId() == "oval:org.opensuse.security:obj:2009031297" - assert obj_t1.getId() == "oval:org.opensuse.security:obj:2009031246" - - def test_get_pkgs_from_obj(self): - - assert len(self.parsed_oval.oval_document.getObjects()) == 5 - - obj_t1 = self.parsed_oval.oval_document.getObjects()[0] - obj_t2 = self.parsed_oval.oval_document.getObjects()[1] - - pkg_set1 = set(self.parsed_oval.get_pkgs_from_obj(obj_t1)) - pkg_set2 = set(self.parsed_oval.get_pkgs_from_obj(obj_t2)) - - assert pkg_set1 == {"openSUSE-release"} - # In a full run we wont get pkg_set1 because we won't obtain - # it's object due to filters to avoid such tests in the first place - assert pkg_set2 == {"cacti"} - - def test_get_version_range_from_state(self): - - assert len(self.parsed_oval.oval_document.getStates()) == 4 - - state_1 = self.parsed_oval.oval_document.getStates()[0] - state_2 = self.parsed_oval.oval_document.getStates()[1] - - exp_range_1 = None - exp_range_2 = "<1.2.11-lp151.3.6" - # In a full run we wont get exp_range1 because we won't obtain - # it's state due to filters to avoid such tests in the first place - assert self.parsed_oval.get_version_range_from_state(state_1) == exp_range_1 - assert self.parsed_oval.get_version_range_from_state(state_2) == exp_range_2 - - def test_get_urls_from_definition(self): - - def1_urls = { - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112", - "https://www.suse.com/security/cve/CVE-2009-4112.html", - "https://bugzilla.suse.com/1122535", - "https://bugzilla.suse.com/558664", - } - - assert def1_urls == self.parsed_oval.get_urls_from_definition(self.definition_1) - - def2_urls = { - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767", - "https://bugzilla.suse.com/1156944", - "https://www.suse.com/security/cve/CVE-2011-2767.html", - } - - assert def2_urls == self.parsed_oval.get_urls_from_definition(self.definition_2) - - def test_get_data(self): - - expected_data = [ - { - "test_data": [ - { - "package_list": ["cacti"], - "version_ranges": "<1.2.11-lp151.3.6", - }, - { - "package_list": ["cacti-spine"], - "version_ranges": "<1.2.11-lp151.3.6", - }, - ], - "description": '\n Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.\n ', - "vuln_id": "CVE-2009-4112", - "reference_urls": { - "https://bugzilla.suse.com/1122535", - "https://bugzilla.suse.com/558664", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112", - "https://www.suse.com/security/cve/CVE-2009-4112.html", - }, - }, - { - "test_data": [ - { - "package_list": ["apache2-mod_perl"], - "version_ranges": "<2.0.11-lp151.3.3", - }, - { - "package_list": ["apache2-mod_perl-devel"], - "version_ranges": "<2.0.11-lp151.3.3", - }, - ], - "description": "\n mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.\n ", - "vuln_id": "CVE-2011-2767", - "reference_urls": { - "https://bugzilla.suse.com/1156944", - "https://www.suse.com/security/cve/CVE-2011-2767.html", - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767", - }, - }, - ] - - assert expected_data == self.parsed_oval.get_data() diff --git a/vulnerabilities/tests/test_suse_oval.py b/vulnerabilities/tests/test_suse_oval.py deleted file mode 100644 index 436cfcf49..000000000 --- a/vulnerabilities/tests/test_suse_oval.py +++ /dev/null @@ -1,157 +0,0 @@ -# -# Copyright (c) nexB Inc. and others. All rights reserved. -# VulnerableCode is a trademark of nexB Inc. -# SPDX-License-Identifier: Apache-2.0 -# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. -# See https://github.com/aboutcode-org/vulnerablecode for support or download. -# See https://aboutcode.org for more information about nexB OSS projects. -# - - -import gzip -import io -import os -import xml.etree.ElementTree as ET - -from vulnerabilities.importers.suse_oval import SuseOvalImporter -from vulnerabilities.importers.suse_oval import filter -from vulnerabilities.oval_parser import OvalParser -from vulnerabilities.tests import util_tests - -BASE_DIR = os.path.dirname(os.path.abspath(__file__)) -TEST_DATA = os.path.join(BASE_DIR, "test_data/suse_oval") - - -def test_suse_oval_importer_CVE_2008_5679(): - importer = SuseOvalImporter() - advisories = importer.get_data_from_xml_doc( - ET.parse(os.path.join(TEST_DATA, "org.opensuse.CVE-2008-5679.xml")), - {"type": "rpm", "namespace": "opensuse"}, - ) - expected_file = os.path.join(TEST_DATA, f"suse-oval-CVE-2008-5679-expected.json") - util_tests.check_results_against_json( - [advisory.to_dict() for advisory in advisories], expected_file - ) - - -def test_suse_oval_parse_CVE_2008_5679(): - xml_doc = ET.parse(os.path.join(TEST_DATA, "org.opensuse.CVE-2008-5679.xml")) - translations = {"less than": "<", "equals": "=", "greater than or equal": ">="} - parsed_oval = OvalParser(translations, xml_doc) - - # Get total number of definitions - assert len(parsed_oval.all_definitions) == 1 - - # Get definition `id`: the `` element. - definition_1 = parsed_oval.all_definitions[0] - assert parsed_oval.all_definitions[0].getId() == "oval:org.opensuse.security:def:2009030400" - - # Get definition `test_ref`: the `` element. - definition_1_test_ids = { - "oval:org.opensuse.security:tst:2009030400", - } - assert definition_1_test_ids == { - i.getId() for i in parsed_oval.get_tests_of_definition(definition_1) - } - - # Get vuln_id from definition - vuln_id_1 = ["CVE-2008-5679"] - assert vuln_id_1 == parsed_oval.get_vuln_id_from_definition(definition_1) - - # Get total number of tests - assert len(parsed_oval.oval_document.getTests()) == 4 - - # Get test object and test state - test_1 = parsed_oval.oval_document.getTests()[0] - obj_t1, state_t1 = parsed_oval.get_object_state_of_test(test_1) - assert obj_t1.getId() == "oval:org.opensuse.security:obj:2009030400" - assert state_t1.getId() == "oval:org.opensuse.security:ste:2009030400" - - # Get total number of packages: `rpminfo_object` elements - assert len(parsed_oval.oval_document.getObjects()) == 2 - - # Get packages - obj_t1 = parsed_oval.oval_document.getObjects()[0] - obj_t2 = parsed_oval.oval_document.getObjects()[1] - - pkg_set1 = set(parsed_oval.get_pkgs_from_obj(obj_t1)) - pkg_set2 = set(parsed_oval.get_pkgs_from_obj(obj_t2)) - - assert pkg_set1 == {"opera"} - assert pkg_set2 == {"openSUSE-release"} - - # Get total number of versions: `rpminfo_state` elements - assert len(parsed_oval.oval_document.getStates()) == 4 - - # Get versions - state_1 = parsed_oval.oval_document.getStates()[0] - - exp_range_1 = "<9.63-1.1" - - assert parsed_oval.get_version_range_from_state(state_1) == exp_range_1 - - # Get reference URLs: `ref_url` attribute from `reference` elements - definition_0 = parsed_oval.all_definitions[0] - def0_urls = { - "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5679", - } - - assert def0_urls == parsed_oval.get_urls_from_definition(definition_0) - - -def test_filter_suse_gz_files(): - initial_suse_gz_files = [ - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.7-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.7-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.7.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.8-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.8-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.8.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.9-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.9-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.9.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.6-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.6-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.6.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.7-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.7-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.7.xml.gz", - ] - - filtered_initial_suse_gz_files = [ - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.7-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.7-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.8-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.8-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.9-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.openstack.cloud.9-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.6-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.6-patch.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.7-affected.xml.gz", - "https://ftp.suse.com/pub/projects/security/oval/suse.storage.7-patch.xml.gz", - ] - - assert filter(initial_suse_gz_files) == filtered_initial_suse_gz_files - - -def test_cve_prefix_filter(): - xml_doc = ET.parse(os.path.join(TEST_DATA, "mock-definitions-only.xml")) - translations = {"less than": "<", "equals": "=", "greater than or equal": ">="} - parsed_oval = OvalParser(translations, xml_doc) - - assert len(parsed_oval.all_definitions) == 3 - - definition_1 = parsed_oval.all_definitions[0] - - vuln_id_1 = ["CVE-2008-5679"] - assert vuln_id_1 == parsed_oval.get_vuln_id_from_definition(definition_1) - - definition_2 = parsed_oval.all_definitions[1] - - vuln_id_2 = ["CVE-1234-5678"] - assert vuln_id_2 == parsed_oval.get_vuln_id_from_definition(definition_2) - - definition_3 = parsed_oval.all_definitions[2] - - vuln_id_3 = ["CVE-1111-2222"] - assert vuln_id_3 == parsed_oval.get_vuln_id_from_definition(definition_3)