search

Cingulara / openrmf-docs

Documentation on the OpenRMF application, including scripts to run the whole stack as well as just infrastructure with documentation on using the tool.
https://www.openrmf.io/
GNU General Public License v3.0
125 stars 27 forks source link

[BUG] When uploading a SCAP XML file to update a checklist, it copies over all VULNs and all information, not just PASS/FAIL and Finding Details #262

Closed DaleBinghamSoteriaSoft closed 2 years ago

DaleBinghamSoteriaSoft commented 2 years ago

Describe the bug When you are uploading a SCAP XML file to update a checklist (not new), it copies over all VULNs and all information, not just PASS/FAIL and Finding Details.

To Reproduce Steps to reproduce the behavior:

  1. add a SCAP to create a new checklist entry
  2. update items that are Not Reviewed and not pass/fail that SCAP does not check
  3. add comments to those that the SCAP marked as Not a Finding or Open as well
  4. save that checklist
  5. update a newer SCAP for the same checklist type and hostname
  6. notice all VULN info is updated, including those not scanned as Not Reviewed, and any finding details, comments, etc. are lost!

Expected behavior It only updates PASS/FAIL information for Finding Details and Status. Comments, Severity Override info should be left as-is in the checklist.

Additional context Impacts all versions up to the latest 1.7 so has to be a patch.

Cingulara commented 2 years ago

Fixed in the latest version released today