Project

General

Profile

Actions

Bug #25348

closed

Deleting CVE group is possible even if it is a system group

Added by Clark ANDRIANASOLO 3 months ago. Updated about 2 months ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Small
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

Since the feature of making groups based on CVEs #25147, I can create a CVE group from a specific CVE, and there is a button to delete the group in the CVE details :

This successfully creates the properties to mark each node as impacted by the CVE ("CVE-XXXX-XXXX":"impacted"). The "Delete group" button is removing all these properties in impacted nodes.

But when going to the group page, I can delete the group from here, the property still remains in the group :

The CVE groups should not even be deletable, because they are system groups (in the API and in the UI).
And cloning should not also be allowed (or at least clone the group as a non-system one).
Also in the UI we would need to disable the button and show a tooltip to indicate that the group UI is not removable from there, but only from the CVE details page (and if possible add the url).


Files

clipboard-202408231447-ttzcn.png (37.4 KB) clipboard-202408231447-ttzcn.png Clark ANDRIANASOLO, 2024-08-23 14:47
clipboard-202408231452-dgqgg.png (56.2 KB) clipboard-202408231452-dgqgg.png Clark ANDRIANASOLO, 2024-08-23 14:52
clipboard-202409121533-26olh.png (25.1 KB) clipboard-202409121533-26olh.png François ARMAND, 2024-09-12 15:33

Subtasks 1 (0 open1 closed)

Change validation - Bug #25397: Added test groups make change-validation tests failReleasedFrançois ARMANDActions
Actions

Also available in: Atom PDF