Project

General

Profile

Actions
Copy link

Bug #25348

closed

Deleting CVE group is possible even if it is a system group

Added by Clark ANDRIANASOLO 3 months ago. Updated about 2 months ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
API
Target version:
8.1.7
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

Since the feature of making groups based on CVEs #25147, I can create a CVE group from a specific CVE, and there is a button to delete the group in the CVE details :

This successfully creates the properties to mark each node as impacted by the CVE ("CVE-XXXX-XXXX":"impacted"). The "Delete group" button is removing all these properties in impacted nodes.

But when going to the group page, I can delete the group from here, the property still remains in the group :

The CVE groups should not even be deletable, because they are system groups (in the API and in the UI).
And cloning should not also be allowed (or at least clone the group as a non-system one).
Also in the UI we would need to disable the button and show a tooltip to indicate that the group UI is not removable from there, but only from the CVE details page (and if possible add the url).

Files

Download all files
clipboard-202408231447-ttzcn.png (37.4 KB) clipboard-202408231447-ttzcn.png Clark ANDRIANASOLO, 2024-08-23 14:47
clipboard-202408231452-dgqgg.png (56.2 KB) clipboard-202408231452-dgqgg.png Clark ANDRIANASOLO, 2024-08-23 14:52
clipboard-202409121533-26olh.png (25.1 KB) clipboard-202409121533-26olh.png François ARMAND, 2024-09-12 15:33

Subtasks 1 (0 open1 closed)

Change validation - Bug #25397: Added test groups make change-validation tests failReleasedFrançois ARMANDActions
Actions
Copy link

Also available in: Atom PDF