Project

General

Profile

Actions
Copy link

Feature #29355

closed

Improvement for the data populated in "CVEs" field for "Applicable Errata" report template is required

Added by Marek Hulán almost 5 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Marek Hulán
Category:
Errata Management
Target version:
Katello 3.16.0
Difficulty:
Triaged:
Yes
Bugzilla link:
1804335
Pull request:
https://github.com/Katello/katello/pull/8610
Fixed in Releases:
Katello 3.17.0
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1804335

Description of problem:

The field "CVEs" in "Applicable Errata" report template gives the "id" of the CVE instead of actual "cve_id" and that information makes no sense to the customer.

Version-Release number of selected component (if applicable):
Satellite 6.7 [ Even if Satellite 6.5 and 6.6 as well ]

How reproducible:
Always

Steps to Reproduce:

1. Register a host and ensure that that host has some applicable erratas
2. Generate an "Applicable Errata" report for the host

Actual results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs 1589 false

where "1589" is the "id" for cve_id "CVE-2018-10906" , and the id "1589" is not something that customer will be able to relate to.

Expected results:

client.example.com RedHat 7.5 Dev RHSA-2018:3324 security 2018-10-30 2019-11-25 16:37:00 +0530 Moderate fuse,fuse-devel,fuse-devel,fuse-libs,fuse-libs CVE-2018-10906 false

where "CVE-2018-10906" is related to "RHSA-2018:3324" and makes perfect sense for the customer.

Additional info:

I can understand that this is not a bug and acceptable behavior as "Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves" will give the ID but if we can pluck the cve_id from that it will give me the correct name of the cve.

[root@sat1 ~]# foreman-rake console
Loading production environment (Rails 5.2.1)
irb(main):001:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves
=> #<ActiveRecord::Associations::CollectionProxy [#<Katello::ErratumCve id: 1589, erratum_id: 507, cve_id: "CVE-2018-10906", href: "https://www.redhat.com/security/data/cve/CVE-2018-...&quot;&gt;]>

irb(main):002:0> Katello::Erratum.find_by(errata_id: "RHSA-2018:3324").cves.pluck(:cve_id)
=> ["CVE-2018-10906"]

If I disable safemode rendering and

Replace ,
'CVEs': erratum.cves,

with,
'CVEs': erratum.cves.pluck(:cve_id),

I will get the "*Expected results:*" but what I would hope is that not to use any such tricks but instead there should be another way present inside safemode to fetch the cve_id.

Actions
Copy link

Also available in: Atom PDF