Description of problem: In case of update CVE location with wrong value on provider advance settings. Need to get error message "Unable to run OpenSCAP: Unable to retreive the CVE file: Could not download file ...." ,also for wrong URL that is reachable and returns some kind of 404-error-html-page . PR https://github.com/openshift/image-inspector/pull/78 created by Erez to fix that on the image-inspector side. Related to BZ 1459189 Version-Release number of selected component (if applicable): 5.9.0.8.20171109215303_ed87902 How reproducible: Always Steps to Reproduce: 1. see BZ 1459189 https://bugzilla.redhat.com/show_bug.cgi?id=1459189 2. 3. Actual results: Error of oscap trying to parse this html as the xccdf file. Expected results: "Unable to run OpenSCAP: Unable to retreive the CVE file: Could not download file ...." Additional info:
The fix for this in in image-inspector: https://github.com/openshift/image-inspector/pull/78 (and back port to 2.3 verison https://github.com/openshift/image-inspector/pull/79 ) We will have it fixed when a new version of image-inspector is released.
No way to verify, fix is on Image inspector new version that is not part of downstream CFME version.
Verified in 5.10.1.0.20190206171834_d399434 Set bad CVE location in advanced settings and started a SSA scan. Task finished with the following message: Unable to run OpenSCAP: Unable to retreive the CVE file: Could not download file https://www.redhat.com/security/data/metrics/com.redhat.rhsa-RHEL7.ds.xml.bz2: <nil>