Fix NVD version comparator to remove undesired suffixes

[chemamartinez]

Description

This PR modifies the way that the version part is compared between the installed packages and the NVD packages for Linux. Since the NVD contains a generic version in most of the cases, the version of the installed package should be truncated in the following cases:

• By finding a . followed by a non-numeric character

1:1.2.8.dfsg
1:9.10.3.dfsg.P4
2.4+20151223.gitfa8646d.1
2.10.2.is.2.10.1
1:9.9.5.dfsg

• By finding a + followed by a non-numeric character

3.113+nmu3
2.11+dfsg
4.6.0+git+20161106
1:8.11+urwcyr1.0.7~pre44

• By finding a ~ followed by a non-numeric character

0.60.7~20110707
0.7.6~bzr976
2.02~beta2
9.26a~dfsg

Finally, the following cases have been ignored for this change:

• When finding .0 at the end of the version: In this case, the comparator itself has to compare the versions properly.
• When finding alpha characters in the version (e.g. openssl 1.1.0h): In these cases, the version found in the NVD generally contains those characters.

Logs/Alerts example

Here an example of the comparison affected by this change:

2020/06/30 03:49:50 wazuh-modulesd:vulnerability-detector[95726] wm_vuln_detector_nvd.c:2418 at wm_vuldet_check_generic_package(): DEBUG: (5459): Trying to insert duplicated package 'openldap' into the vulnerability 'CVE-2017-14159'. Version (2.4.45+dfsg-1ubuntu1.5) 'less than or equal' '2.4.45' (feed 'NVD').

Tests

• Compilation without warnings in every supported platform
  • Linux
• Source installation
• Analyzed the added and removed alerts

• Memory tests for Linux
  • Scan-build report
  • Valgrind (memcheck and descriptor leaks check)
• Added unit tests (for new features)

[TomasTurina]

What if there is a number after a ~ or a +?

[chemamartinez]

Included that condition 0362989

[TomasTurina]

LGTM!