add redis/postgres as db back end

[sadayuki-matsuno]

I added the dbtype of redis and postgres.

I tested this as follow(for redis).

1. run redis docker

docker run --name redis -p 6379:6379 -d redis

2. fetch ubuntu

$ goval-dictionary  fetch-ubuntu  -dbtype=redis -dbpath="redis://localhost/1" 12 14 16

3. fetch oracle

$ goval-dictionary  fetch-oracle  -dbtype=redis -dbpath="redis://localhost/1"

4. fetch debian

$ bash -c 'goval-dictionary fetch-debian -dbtype=redis -dbpath="redis://localhost/1" -years `seq 1999 2017`'

5. fetch redhat

$ goval-dictionary  fetch-redhat  -dbtype=redis -dbpath="redis://localhost/1"  5 6 7

6. fetch suse

$ goval-dictionary  fetch-suse  -dbtype=redis -dbpath="redis://localhost/1"  -opensuse 13.2

7. server

$ goval-dictionary  server  -dbtype=redis -dbpath="redis://localhost/1"

8. get definitions by package name

$ curl -s http://127.0.0.1:1324/packs/opensuse/13.2/iputils | jq "." | head -20

[
  {
    "ID": 0,
    "DefinitionID": "oval:org.opensuse.security:def:20102529",
    "Title": "CVE-2010-2529",
    "Description": "\n    Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.\n    ",
    "Advisory": {
      "ID": 0,
      "Severity": "",
      "Cves": null,
      "Bugzillas": null,
      "AffectedCPEList": null,
      "Issued": "0001-01-01T00:00:00Z",
      "Updated": "0001-01-01T00:00:00Z"
    },
    "Debian": {
      "ID": 0,
      "CveID": "",
      "MoreInfo": "",
      "Date": "0001-01-01T00:00:00Z"

9. get definitions by cveid

$ curl -s http://127.0.0.1:1324/cves/Ubuntu/14/CVE-2016-1964  | jq "." | head -20

[
  {
    "ID": 0,
    "DefinitionID": "oval:com.ubuntu.trusty:def:20161964000",
    "Title": "CVE-2016-1964 on Ubuntu 14.04 LTS (trusty) - medium.",
    "Description": "Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.",
    "Advisory": {
      "ID": 0,
      "Severity": "Medium",
      "Cves": null,
      "Bugzillas": null,
      "AffectedCPEList": null,
      "Issued": "0001-01-01T00:00:00Z",
      "Updated": "0001-01-01T00:00:00Z"
    },
    "Debian": {
      "ID": 0,
      "CveID": "CVE-2016-1964",
      "MoreInfo": "",
      "Date": "0001-01-01T00:00:00Z"

[sadayuki-matsuno]

Redis have 2 kinds of data.

- HASH
  ┌───┬────────────────┬─────────────┬────────────────┬──────────────────┐
  │NO │      HASH      │    FIELD    │     VALUE      │     PURPOSE      │
  └───┴────────────────┴─────────────┴────────────────┴──────────────────┘
  ┌───┬────────────────┬─────────────┬────────────────┬──────────────────┐
  │ 1 │OVAL#$OSFAMILY::│$DEFINITIONID│   $OVALJSON    │ TO GET OVALJSON  │
  │   │$VERSION::$CVEID│             │                │   BY CVEID&OS    │
  └───┴────────────────┴─────────────┴────────────────┴──────────────────┘

- ZINDEX
  ┌───┬────────────────┬─────────────┬────────────────┬──────────────────┐
  │NO │      KEY       │    SCORE    │     MEMBER     │     PURPOSE      │
  └───┴────────────────┴─────────────┴────────────────┴──────────────────┘
  ┌───┬────────────────┬─────────────┬────────────────┬──────────────────┐
  │ 2 │  $PACKAGENAME  │      0      │OVAL#$OSFAMILY::│TO GET []CVEID&OS │
  │   │                │             │$VERSION::$CVEID│  BY PACKAGENAME  │
  └───┴────────────────┴─────────────┴────────────────┴──────────────────┘

[kotakanbe]

Many Thanks!