From c0b267deaa93ab05b9c5ce7003428cc4d4de62c7 Mon Sep 17 00:00:00 2001
From: Wagde Zabit <74212046+wagde-orca@users.noreply.github.com>
Date: Sat, 9 Nov 2024 00:39:11 +0200
Subject: [PATCH] feat(oval/oracle): ignore fips patched version for non fips
 package versions (#2047)

* ignore fips patched version for non fips package versions

like the ksplice and TDC in SUSE, we need not to report fips patched versions for non fips packages

* add testcase

---------

Co-authored-by: MaineK00n <mainek00n.1229@gmail.com>
---
 oval/util.go      |  3 +++
 oval/util_test.go | 64 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/oval/util.go b/oval/util.go
index 93cf936c7c..2413384fd5 100644
--- a/oval/util.go
+++ b/oval/util.go
@@ -415,6 +415,9 @@ func isOvalDefAffected(def ovalmodels.Definition, req request, family, release s
 			if extractOracleKsplice(ovalPack.Version) != extractOracleKsplice(req.versionRelease) {
 				continue
 			}
+			if strings.HasSuffix(ovalPack.Version, "_fips") != strings.HasSuffix(req.versionRelease, "_fips") {
+				continue
+			}
 		case constant.SUSEEnterpriseServer:
 			if strings.Contains(ovalPack.Version, ".TDC.") != strings.Contains(req.versionRelease, ".TDC.") {
 				continue
diff --git a/oval/util_test.go b/oval/util_test.go
index c7c814fc3e..6cd95844c5 100644
--- a/oval/util_test.go
+++ b/oval/util_test.go
@@ -1929,6 +1929,70 @@ func TestIsOvalDefAffected(t *testing.T) {
 			},
 			affected: false,
 		},
+		// in: _fips , req: not fips
+		{
+			in: in{
+				family: constant.Oracle,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:    "gnutls",
+							Version: "10:3.6.16-4.0.1.el8_fips",
+							Arch:    "x86_64",
+						},
+					},
+				},
+				req: request{
+					packName:       "gnutls",
+					versionRelease: "3.6.16-4.el8",
+					arch:           "x86_64",
+				},
+			},
+			affected: false,
+		},
+		// in: _fips , req: _fips
+		{
+			in: in{
+				family: constant.Oracle,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:    "gnutls",
+							Version: "10:3.6.16-8.el8_9.3_fips",
+							Arch:    "x86_64",
+						},
+					},
+				},
+				req: request{
+					packName:       "gnutls",
+					versionRelease: "10:3.6.16-4.0.1.el8_fips",
+					arch:           "x86_64",
+				},
+			},
+			affected: true,
+			fixedIn:  "10:3.6.16-8.el8_9.3_fips",
+		},
+		// in: non fips (upstream?), req: _fips
+		{
+			in: in{
+				family: constant.Oracle,
+				def: ovalmodels.Definition{
+					AffectedPacks: []ovalmodels.Package{
+						{
+							Name:    "gnutls",
+							Version: "0:3.6.16-5.el8_6",
+							Arch:    "x86_64",
+						},
+					},
+				},
+				req: request{
+					packName:       "gnutls",
+					versionRelease: "10:3.6.16-4.0.1.el8_fips",
+					arch:           "x86_64",
+				},
+			},
+			affected: false,
+		},
 		// same arch
 		{
 			in: in{