Feature #29355
closedImprovement for the data populated in "CVEs" field for "Applicable Errata" report template is required
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1804335
Description of problem:
The field "CVEs" in "Applicable Errata" report template gives the "id" of the CVE instead of actual "cve_id" and that information makes no sense to the customer.
Version-Release number of selected component (if applicable):
Satellite 6.7 [ Even if Satellite 6.5 and 6.6 as well ]
How reproducible:
Always
Steps to Reproduce:
1. Register a host and ensure that that host has some applicable erratas
2. Generate an "Applicable Errata" report for the host
Actual results:
client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs 1589 false
where "1589" is the "id" for cve_id "CVE-2018-10906" , and the id "1589" is not something that customer will be able to relate to.
Expected results:
client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs CVE-2018-10906 false
where "CVE-2018-10906" is related to "RHSA-2018:3324" and makes perfect sense for the customer.
Additional info:
I can understand that this is not a bug and acceptable behavior as "Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves" will give the ID but if we can pluck the cve_id from that it will give me the correct name of the cve.
[root@sat1 ~]# foreman-rake console
Loading production environment (Rails 5.2.1)
irb(main):001:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves
=> #<ActiveRecord::Associations::CollectionProxy [#<Katello::ErratumCve id: 1589, erratum_id: 507, cve_id: "CVE-2018-10906", href: "https://www.redhat.com/security/data/cve/CVE-2018-...">]>
irb(main):002:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves.pluck(:cve_id)
=> ["CVE-2018-10906"]
If I disable safemode rendering and
Replace ,
'CVEs': erratum.cves,
with,
'CVEs': erratum.cves.pluck(:cve_id),
I will get the "*Expected results:*" but what I would hope is that not to use any such tricks but instead there should be another way present inside safemode to fetch the cve_id.
Updated by The Foreman Bot almost 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello/pull/8610 added
Updated by Chris Roberts almost 5 years ago
- Subject changed from Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required to Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required
- Target version set to Katello 3.16.0
- Triaged changed from No to Yes
Updated by Marek Hulán over 4 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|6aca5045fb408e41d79b5e768ff1f0cda736d9cc.
Updated by Jonathon Turel about 4 years ago
- Pull request deleted (
https://github.com/Katello/katello/pull/8610) - Fixed in Releases Katello 3.17.0 added
- Fixed in Releases deleted (
)
Updated by Jeremy Lenz about 4 years ago
- Pull request https://github.com/Katello/katello/pull/8610 added