Closed carlosthe19916 closed 21 hours ago
I think it's a good idea to use the description as an alternative for a missing title. However, I think that's something the UI should do.
Taking the description and reporting it as title on an API alters data, compared to the original/source information. Also, descriptions can get rather verbose, so it would make sense to add some ability to truncate the text.
Ideally, the UI could let the user know (via a label or something) that this content comes from the description, instead of the title field.
As of today there is no description
exposed through the REST endpoints for the UI to use it. If you agree we can use this issue to track the work done for adding description
to the current REST endpoints.
Ideally, the UI could let the user know (via a label or something) that this content comes from the description, instead of the title field.
I personally don't think a user cares whether the text that describes the vulnerability was taken from FieldA, FieldB, or FieldN but this is a good topic to have input from UX and PM
I agreed to both! Makes sense!
Should be closed by https://github.com/trustification/trustify/pull/485
After running the importer for csaf and cve then I hardly see Advisories/Vulnerabilities with titles, the majority do not have any title. The endpoints I hit were
/api/v1/advisory
and/api/v1/vulnerability
Out of curiosity I downloaded an Advisory file whose title was empty in the response. This is the file CVE-1999-0001.json . Then I opened the file and I clearly see that there is a human readable text that describes the CVE
containers.cna.descriptions[0].value
=ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.
.The server should be clever enough to extract the title from different fields if the main one was not available in the file.
Having that many number of advisories and vulnerabilities without titles is not acceptable for the client side (the UI). It has a negative impact on
This is the full JSON response I got from
/api/v1/advisory
. You see thattitle=null
for each of the items I got: