Vuln --init fails
yyosioka opened this issue · 2 comments
I ran the docker-compose.yml file and got this.
The execution result is as follows.
$docker exec -it dagda python3 dagda.py vuln --init
The execution result is as follows.
$ docker exec -it dagda python3 dagda.py vuln --init_status
the following information:
OS: [Ubuntu]
OS Version: [18.0.4]
Python version: [Python 3.6.9]
Docker version [Docker version 19.03.12]
This is because the code pulls the file https://www.redhat.com/security/data/oval/rhsa.tar.bz2
, which is now deprecated and empty. This causes the retrieved lists to be empty, and MongoDB fails to insert the empty list.
The short-term patch is to add a check condition in mongodb_driver.py
that does a simple "if" check to ensure the lists aren't empty on insert. One longer-term fix is to switch the URL to the now recommended OVAL single XML file bundle, as described at https://www.redhat.com/security/data/metrics/. This requires a bit more work.
I've just updated Dagda to work with Python 3.8.