There should be an easier way to add test cases for providers

[willmurphyscode]

When working on providers, it's common to add test cases that are made essentially by subsetting flat files that carry vulnerability data.

For example, trying to test #650, it would be nice to quickly change this file to also include the definition, rpminfo_tests, states, and objects for CVE-2016-5440. However, the file that contains this vulnerability definition is, as of this writing, 2681586 lines of XML. Many text editors I've tried have crashed when opening it, and there doesn't appear to be a tool as high quality as jq for doing stream transformations of the XML.

I think the right approach is probably to write a utility that accepts an OVAL XML file and a list of CVEs and returns the subset of the OVAL XML file that is relevant to those CVEs. It's possible such a tool exists.

Having such a script would make adding unit tests to PR that fix a class of incorrect parsing trivial, and therefore increase the rate at which we can improve Vunnel data.

[willmurphyscode]

There's a little prototype code for this up at https://github.com/quay/goval-parser/compare/master...willmurphyscode:goval-parser:prototype-oval-subset-cli?expand=1

[willmurphyscode]

I'm putting this down right now. We need to move some of our providers from OVAL XML to CSAF JSON, and the tooling I started for this centers around OVAL XML. When the dust clears, if this is still necessary, someone can pick it up.