Closed carlosthe19916 closed 1 month ago
Both variants (redhat.com
as well as the full URL) work.
The error looks more like a general ingest error. Which is just the service used by the importer. So I would recommend testing this with a plain upload.
I have made a quick test and upload a CSAF file manually and it worked. So the issue might be the importer.
The title of this issue refers to the importer not working for CSAF files so the issue is still valid. And the steps to reproduce it are also valid
You can easily reproduce the issue like this:
➜ repro wget https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3666.json
rhsa-2024_3666.json 100% [====================================================================================================================================================================>] 4.50K --.-KB/s
[Files: 1 Bytes: 4.50K [21.26KB/s] Redirects: 0 Todo: 0 Errors: 0 ]
➜ repro cat rhsa-2024_3666.json | http POST localhost:8080/api/v1/advisory Authorization:$(oidc token trusty -b)
HTTP/1.1 400 Bad Request
access-control-allow-credentials: true
access-control-expose-headers: content-type
content-encoding: br
content-type: application/json
date: Thu, 06 Jun 2024 11:52:54 GMT
transfer-encoding: chunked
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
vary: accept-encoding
{
"error": "Ingestor error",
"message": "Query Error: error returned from database: insert or update on table \"cvss3\" violates foreign key constraint \"cvss3_vulnerability_id_fkey\""
}
It has nothing to do with the importer.
Confirmed the bug locally. Any advisory having more than one vulnerability seems to trigger it. Thanks for the test case!
Steps to reproduce:
Disable auth (just to allow our terminal to reach the endpoints easily)
Start the server (make sure you clean your
.trustify
directory to be sure you have a clean instance running)Create a CSAF importer:
Look at the server log and you will see something like:
Another thing
https://github.com/trustification/trustify/blob/bc9e6a5b226b8e11a4b44d1315ae003546454a0b/server/src/sample_data.rs#L97
One of them is not correct, either the README or the sample data. But in both cases the original error described in this issue applies to both