Project

General

Profile

Actions

Feature #29355

closed

Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required

Added by Marek Hulán about 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Errata Management
Target version:
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1804335

Description of problem:

The field "CVEs" in "Applicable Errata" report template gives the "id" of the CVE instead of actual "cve_id" and that information makes no sense to the customer.

Version-Release number of selected component (if applicable):
Satellite 6.7 [ Even if Satellite 6.5 and 6.6 as well ]

How reproducible:
Always

Steps to Reproduce:

1. Register a host and ensure that that host has some applicable erratas
2. Generate an "Applicable Errata" report for the host

Actual results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs 1589 false

where "1589" is the "id" for cve_id "CVE-2018-10906" , and the id "1589" is not something that customer will be able to relate to.

Expected results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs CVE-2018-10906 false

where "CVE-2018-10906" is related to "RHSA-2018:3324" and makes perfect sense for the customer.

Additional info:

I can understand that this is not a bug and acceptable behavior as "Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves" will give the ID but if we can pluck the cve_id from that it will give me the correct name of the cve.

[root@sat1 ~]# foreman-rake console
Loading production environment (Rails 5.2.1)
irb(main):001:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves
=> #<ActiveRecord::Associations::CollectionProxy [#<Katello::ErratumCve id: 1589, erratum_id: 507, cve_id: "CVE-2018-10906", href: "https://www.redhat.com/security/data/cve/CVE-2018-...&quot;&gt;]>

irb(main):002:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves.pluck(:cve_id)
=> ["CVE-2018-10906"]

If I disable safemode rendering and

Replace ,
'CVEs': erratum.cves,

with,
'CVEs': erratum.cves.pluck(:cve_id),

I will get the "*Expected results:*" but what I would hope is that not to use any such tricks but instead there should be another way present inside safemode to fetch the cve_id.

Actions #1

Updated by The Foreman Bot about 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/8610 added
Actions #2

Updated by Chris Roberts about 4 years ago

  • Subject changed from Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required to Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required
  • Target version set to Katello 3.16.0
  • Triaged changed from No to Yes
Actions #3

Updated by The Foreman Bot almost 4 years ago

  • Fixed in Releases added
Actions #4

Updated by Marek Hulán almost 4 years ago

  • Status changed from Ready For Testing to Closed
Actions #5

Updated by Ian Ballou almost 4 years ago

  • Category set to Errata Management
Actions #6

Updated by Jonathon Turel over 3 years ago

  • Pull request deleted (https://github.com/Katello/katello/pull/8610)
  • Fixed in Releases Katello 3.17.0 added
  • Fixed in Releases deleted ()
Actions #7

Updated by Jeremy Lenz over 3 years ago

  • Pull request https://github.com/Katello/katello/pull/8610 added
Actions

Also available in: Atom PDF