CC: Limit serialized variables for Maintenance updates or analyze them fully

[adamjanovsky]

Maintenance updates now inherit from CommonCriteriaCert and are serialized using its methods. However, since they are not fully analyzed as of now, it makes no sense to serialize many empty variables. A decision should be made to choose one from:

1. Limit number of (de)serialized variables
2. Run full analysis on maintenance updates -- download and analyze pdfs, ...

Example of current serialization

{
    "_type": "CommonCriteriaMaintenanceUpdate",
    "dgst": "cert_822d871f3bbd06d7_update_b93e6033924ed6f3",
    "status": "",
    "category": "",
    "name": "SonicWall SonicOS Enhanced V6.5.4 with VPN and IPS on TZ and SOHO Appliances Security",
    "manufacturer": null,
    "scheme": "",
    "security_level": [
        ""
    ],
    "not_valid_before": null,
    "not_valid_after": null,
    "report_link": "https://www.commoncriteriaportal.org/files/epfiles/st_vid11028-add1.pdf",
    "st_link": "https://www.commoncriteriaportal.org/files/epfiles/st_vid11028-st-1.pdf",
    "cert_link": null,
    "manufacturer_web": null,
    "protection_profiles": [],
    "maintainance_updates": [],
    "state": {
        "_type": "InternalState",
        "st_download_ok": true,
        "report_download_ok": true,
        "st_convert_ok": true,
        "report_convert_ok": true,
        "st_extract_ok": true,
        "report_extract_ok": true,
        "errors": []
    },
    "pdf_data": {
        "_type": "PdfData",
        "report_metadata": null,
        "st_metadata": null,
        "report_frontpage": null,
        "st_frontpage": null,
        "report_keywords": null,
        "st_keywords": null
    },
    "heuristics": {
        "_type": "Heuristics",
        "extracted_versions": null,
        "cpe_matches": null,
        "labeled": false,
        "verified_cpe_matches": null,
        "related_cves": null,
        "cert_lab": null,
        "cert_id": null
    },
    "related_cert_digest": "822d871f3bbd06d7",
    "maintenance_date": "2020-08-17"
}

[J08nY]

AFAIK the old API fully analyzed the maintenance updates as if they were full certificates and attached this extracted data in a subdictionary of the parent cert. Paging @petrs to confirm this.

[adamjanovsky]

Yea. Technically it has some caveats (e.g. maintenance updates don't have maintenance updates, tracking CVEs, CPEs is very difficult to impossible), but the generic stuff can be realized if we ever need it -- which we don't at the moment. Currently, I limited the (de)serialization, leaving it open for further discussion.

[petrs]

@J08nY @adamjanovsky yes, correct - first analyzed separately, then paired with its parent certificate