Vuln --init fails

Question

Vuln --init fails

yyosioka opened this issue 4 years ago · 2 comments

yyosioka commented 4 years ago

I ran the docker-compose.yml file and got this.

The execution result is as follows.

$docker exec -it dagda python3 dagda.py vuln --init
The execution result is as follows.

$ docker exec -it dagda python3 dagda.py vuln --init_status

It will fail with an error.

the following information:

OS: [Ubuntu]
OS Version: [18.0.4]
Python version: [Python 3.6.9]
Docker version [Docker version 19.03.12]

Answer 1 · 2020-09-08T17:52:52.000Z

This is because the code pulls the file https://www.redhat.com/security/data/oval/rhsa.tar.bz2, which is now deprecated and empty. This causes the retrieved lists to be empty, and MongoDB fails to insert the empty list.

The short-term patch is to add a check condition in mongodb_driver.py that does a simple "if" check to ensure the lists aren't empty on insert. One longer-term fix is to switch the URL to the now recommended OVAL single XML file bundle, as described at https://www.redhat.com/security/data/metrics/. This requires a bit more work.

Answer 2 · 2021-07-25T11:35:51.000Z

I've just updated Dagda to work with Python 3.8.