Project

General

Profile

Feature #29355

Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required

Added by Marek Hulán 7 months ago. Updated 13 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Errata Management
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1804335

Description of problem:

The field "CVEs" in "Applicable Errata" report template gives the "id" of the CVE instead of actual "cve_id" and that information makes no sense to the customer.

Version-Release number of selected component (if applicable):
Satellite 6.7 [ Even if Satellite 6.5 and 6.6 as well ]

How reproducible:
Always

Steps to Reproduce:

1. Register a host and ensure that that host has some applicable erratas
2. Generate an "Applicable Errata" report for the host

Actual results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs 1589 false

where "1589" is the "id" for cve_id "CVE-2018-10906" , and the id "1589" is not something that customer will be able to relate to.

Expected results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs CVE-2018-10906 false

where "CVE-2018-10906" is related to "RHSA-2018:3324" and makes perfect sense for the customer.

Additional info:

I can understand that this is not a bug and acceptable behavior as "Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves" will give the ID but if we can pluck the cve_id from that it will give me the correct name of the cve.

[root@sat1 ~]# foreman-rake console
Loading production environment (Rails 5.2.1)
irb(main):001:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves
=> #<ActiveRecord::Associations::CollectionProxy [#<Katello::ErratumCve id: 1589, erratum_id: 507, cve_id: "CVE-2018-10906", href: "https://www.redhat.com/security/data/cve/CVE-2018-...">]>

irb(main):002:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves.pluck(:cve_id)
=> ["CVE-2018-10906"]

If I disable safemode rendering and

Replace ,
'CVEs': erratum.cves,

with,
'CVEs': erratum.cves.pluck(:cve_id),

I will get the "*Expected results:*" but what I would hope is that not to use any such tricks but instead there should be another way present inside safemode to fetch the cve_id.

Associated revisions

Revision 6aca5045 (diff)
Added by Marek Hulán 6 months ago

Fixes #29355 - allow CVE id in safe mode

History

#1 Updated by The Foreman Bot 7 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/8610 added

#2 Updated by Chris Roberts 7 months ago

  • Triaged changed from No to Yes
  • Target version set to Katello 3.16.0
  • Subject changed from Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required to Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required

#3 Updated by The Foreman Bot 6 months ago

  • Fixed in Releases added

#4 Updated by Marek Hulán 6 months ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Ian Ballou 5 months ago

  • Category set to Errata Management

#6 Updated by Jonathon Turel 14 days ago

  • Fixed in Releases Katello 3.17.0 added
  • Fixed in Releases deleted ()
  • Pull request deleted (https://github.com/Katello/katello/pull/8610)

#7 Updated by Jeremy Lenz 13 days ago

  • Pull request https://github.com/Katello/katello/pull/8610 added

Also available in: Atom PDF