Project

General

Profile

Actions
Copy link

Bug #25348

closed

Deleting CVE group is possible even if it is a system group

Added by Clark ANDRIANASOLO about 2 months ago. Updated 17 days ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
API
Target version:
8.1.7
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

Since the feature of making groups based on CVEs #25147, I can create a CVE group from a specific CVE, and there is a button to delete the group in the CVE details :

This successfully creates the properties to mark each node as impacted by the CVE ("CVE-XXXX-XXXX":"impacted"). The "Delete group" button is removing all these properties in impacted nodes.

But when going to the group page, I can delete the group from here, the property still remains in the group :

The CVE groups should not even be deletable, because they are system groups (in the API and in the UI).
And cloning should not also be allowed (or at least clone the group as a non-system one).
Also in the UI we would need to disable the button and show a tooltip to indicate that the group UI is not removable from there, but only from the CVE details page (and if possible add the url).

Files

Download all files
clipboard-202408231447-ttzcn.png (37.4 KB) clipboard-202408231447-ttzcn.png Clark ANDRIANASOLO, 2024-08-23 14:47
clipboard-202408231452-dgqgg.png (56.2 KB) clipboard-202408231452-dgqgg.png Clark ANDRIANASOLO, 2024-08-23 14:52
clipboard-202409121533-26olh.png (25.1 KB) clipboard-202409121533-26olh.png François ARMAND, 2024-09-12 15:33

Subtasks 1 (0 open1 closed)

Change validation - Bug #25397: Added test groups make change-validation tests failReleasedFrançois ARMANDActions
Actions
Copy link
 #1

Updated by Clark ANDRIANASOLO about 2 months ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Clark ANDRIANASOLO about 2 months ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from New to In progress
Actions
Copy link
 #5

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Clark ANDRIANASOLO to François ARMAND
  • Pull Request set to https://github.com/Normation/rudder/pull/5833
Actions
Copy link
 #6

Updated by Clark ANDRIANASOLO about 2 months ago

  • Pull Request changed from https://github.com/Normation/rudder/pull/5833 to https://github.com/Normation/rudder/pull/5834
Actions
Copy link
 #7

Updated by Clark ANDRIANASOLO about 2 months ago · Edited

In fact CVE groups are not system groups.

Only the "CVE Groups" category is a system category...

And the UI for each CVE group is weird since it show that the category is the "Root category", and not the "CVE Groups" one

Actions
Copy link
 #8

Updated by Clark ANDRIANASOLO about 2 months ago

  • Description updated (diff)
Actions
Copy link
 #9

Updated by Clark ANDRIANASOLO about 2 months ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #10

Updated by Clark ANDRIANASOLO about 2 months ago

This has been merged in 8.1, not 8.2

Actions
Copy link
 #11

Updated by Clark ANDRIANASOLO about 2 months ago

  • Target version changed from 8.2.0~beta1 to 8.1.7
Actions
Copy link
 #12

Updated by Clark ANDRIANASOLO about 2 months ago

  • Subtask #25397 added
Actions
Copy link
 #13

Updated by François ARMAND about 1 month ago

Button is not here anymore, and API reports an error

Actions
Copy link
 #14

Updated by Vincent MEMBRÉ 17 days ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 8.1.7 which was released today.

Actions
Copy link

Also available in: Atom PDF