Mitigation text for DNM controls is not copied over on a copy component workflow with new SRG

mitre / vulcan

A web application to streamline the development of STIGs from SRGs

https://mitre-vulcan-prod.herokuapp.com/

Other

65 stars 16 forks source link

Mitigation text for DNM controls is not copied over on a copy component workflow with new SRG #531

Closed rlakey closed 1 year ago

rlakey commented 1 year ago

The mitigation field is in the disa_rule_descriptions table so since we are duping this entire object from the new SRG it is overwriting any existing mitigations for DNM requirements.

rlakey commented 1 year ago

Technically this was wiping out mitigations available, poam available, and poam as well but those really shouldn't have been in this table and neither should have mitigations. The fields outside of vulnerability discussion in the xccdf "description" node are not used and mitigations there is not the same as the mitigation field for a DNM requirement.

rlakey commented 1 year ago

https://github.com/mitre/vulcan/blob/master/app/models/component.rb#L280