Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: 6.16.1
Affects Version/s: 6.14.4.3, 6.15.4.2
Component/s: Reporting
Labels:

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
External issue URL:
https://projects.theforeman.org/issues/38058
Fixed in Build:
rubygem-katello-4.14.0.5-1
GitHub Issue:
https://github.com/Katello/katello/pull/11245
PM Score:
0
Satellite Team:

Endeavour, Phoenix - Subscriptions
BZ Keywords:
- Unset
Intelligence Requested:
Market:

Severity:
Important

Target Version:

6.16.1

Test Coverage:

To Do
Regression:
Yes

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Impact Score:
PX Review Complete:

Description of problem:

Failed to generate a Host applied errata report with the following error.

"Value of 'select' passed to load_resource must be Symbol or Array of Symbols"

This is the effect of the fix for "CVE-2024-8553"

It limits the value of "select" passes to "load_resource" method to either a Symbol or an Array of Symbols.

However, "load_errata_applications" method in Katello plugin is still passing the "select" value as string.

      def load_errata_applications(filter_errata_type: nil, include_last_reboot: 'yes', since: nil, up_to: nil, status: nil, host_filter: nil)
        result = []        filter_errata_type = filter_errata_type.presence || 'all'
        search_up_to = up_to.present? ? "ended_at < \"#{up_to}\"" : nil
        search_since = since.present? ? "ended_at > \"#{since}\"" : nil
        search_result = status.present? && status != 'all' ? "result = #{status}" : nil
        labels = 'label ^ (Actions::Katello::Host::Erratum::Install, Actions::Katello::Host::Erratum::ApplicableErrataInstall)'
        select = 'foreman_tasks_tasks.*'        if Katello.with_remote_execution?  <====================
          new_labels = 'label = Actions::RemoteExecution::RunHostJob AND remote_execution_feature.label ^ (katello_errata_install, katello_errata_install_by_search)'
          labels = [labels, new_labels].map { |label| "(#{label})" }.join(' OR ')
          select += ',template_invocations.id AS template_invocation_id' <============
        else
          select += ',NULL AS template_invocation_id' <===============
        end 

        search = [search_up_to, search_since, search_result, "state = stopped", labels].compact.join(' and ')
        tasks = load_resource(klass: ForemanTasks::Task,
                              permission: 'view_foreman_tasks',
                              select: select,  <===================
                              search: search)

How reproducible:

Always

Is this issue a regression from an earlier version:

Yes

Affected versions:

Satellite 6.14.4.3

Satellite 6.15.4.2

Actual behavior:
[Describe the issue in detail, including what is happening and where]

Expected behavior:
[Describe what should be happening instead]

Business Impact / Additional info:

clones

SAT-29596 Failed to generate report using "Host - Applied Errata" template.

Testing

links to

RHSA-2024:144053 Satellite 6.16.1 Async Update

Assignee:: Adam Ruzicka

Reporter:: Hao Chang Yu

QA Contact:: Cole Higgins

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/12/04 9:51 PM

Updated:: 2024/12/13 2:08 PM

Resolved:: 2024/12/11 8:10 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates