Red Hat Bugzilla – Bug 1249570
rhcert should check if the rhcert.xml.gz file created is valid or not before sending it to CWE
Last modified: 2018-03-22 16:36:37 EDT
Description of problem:
Currently, there are no checks in rhcert to see if the rhcert.xml.gz file is valid or not.
Results are forwarded to CWE
File if not valid should not be submitted to CWE
http://file.pnq.redhat.com/abehl/rhcert-results-rhel7-41-171.englab.brocade.com-20150727095809.xml.gz is an invalid file which was submitted and caused failures in CWE side.
What is invalid with the above file? What validity checks would you like rhcert to add?
This file does not have the attachment tag which contains the encoded base64 content which in turn can be decoded to create the original attachment itself.
I am not sure what resulted in the formation of such file, but we can make rules like if attachment tag is not present for a file it is invalid.
So the real problem is the attachments are missing, correct?
Yes, that is right and we can maybe catch the same thing on rhcert side or on CWE, partner should be informed saying that the file is not valid.