The application needs to be capable of collecting subscribed node data, and storing the details accordingly.

Currently there is only 1 'agent' where we pull our security information from; We should make the vulnerability data collection more abstract, so we can have multiple agents to compare to a system.

Bisu should be capable of looking up relevant issues on a per-node basis.

The platform_test.rb file contains a commented out test that I think should work/pass, but we're still getting nomethod errors on :stub. Not sure what's wrong...

EDIT: Changing this issue to be more generic about questions about debsecan's inner workings.

• Is binary_package being used?
• Should we check for vulnerabilities using the version only, or also check all of the versions in the other_versions array?

The original debsecan tool for debian CVE listing works with an attribute "binary_package", as well as an array of source_packages per binary_package.

However as far as I can tell this is not used in any way. There are no vulnerabilities where binary_package is true, so I removed the functionality before even committing it.

Here's my first attempt at the code:

# in the #parse_vulnerabilities method (Vulnerability.new)
truct.new({
          package: package,
          identifier: matching_cve.identifier,
          description: matching_cve.description,
          unstable_version: unstable_version,
          other_versions: other_versions.split(' '),
          binary_package: flags[0] == 'B',
          urgency: urgency_from_flag(flags[1]),
          remotely_exploitable: remotely_exploitable_from_flag(flags[2]),
          fix_available: flags[3] == 'F',
          binary_packages: binary_packages[package]
        })

# In the VulnerabilityParser class
    def binary_packages
      @packages ||= parse_binary_packages
    end

    def parse_binary_packages
      vulnerability_data.split(/\n\n/)[2].split(/\n/).each_with_object(Hash.new([])) do |package_string, packages|
        package_name, source_packages_string = package_string.split(',', 2)
        packages[package_name] = source_packages_string.split(' ')
      end
    end

Nokogiri is a pain to install. Having it as a requirement for a maintenance tool that you'll need to install on a wide variety of servers seems like a bad plan.

Let's replace it with Oga

The application needs to be able to correctly parse all data provided by the debian platform; This means the application should be able to assert between questionable and complete data as wel.