[backend] Finding name is incomplete when location.path is missing
-
Vulnerability
column ofSecurity
tab shows incomplete information when the fieldlocation.path
is blank.
- The details in
Vulnerability
tab are filled as per the following precedence:
identifier = identifiers.find(&:cve?) || identifiers.find(&:cwe?) || identifiers.first
ref here
As a part of this issue, we can document the behaviour and discuss if fixing incomplete information on UI is required.
Details
Copied from a slack thread
Location field in schema is allowed blank so if it’s blank it shows the incomplete message like CWE in which we can change to make it more user readable. In our code we have this logic: (...) Meaning if Location.path is empty like this:
"location": { "hostname": "http://auth-auto:8090", "method": "", "param": "", "path": "" },
then it generates incomplete message like
CWE in
Edited by Thiago Figueiró