Bug 406321 - 3.22: security-response-team@redhat.com Cc for new security bugs.
3.22: security-response-team@redhat.com Cc for new security bugs.
Status: CLOSED NEXTRELEASE
Product: Bugzilla
Classification: Community
Component: Bugzilla General (Show other bugs)
3.2
All Linux
high Severity medium (vote)
: ---
: ---
Assigned To: Noura El hawary
2 hours
:
Depends On:
Blocks: RHBZ30UpgradeTracker 427051
  Show dependency treegraph
 
Reported: 2007-11-30 11:58 EST by David Lawrence
Modified: 2013-06-24 00:17 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-11 23:16:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to Bugzilla/Bug.pm (1.90 KB, patch)
2008-02-10 23:54 EST, Noura El hawary
dkl: review+
Details | Diff
selenium test (4.41 KB, text/plain)
2008-02-10 23:58 EST, Noura El hawary
no flags Details
patch for bugs 406321 and 406141 (4.71 KB, patch)
2008-02-11 20:59 EST, Noura El hawary
no flags Details | Diff

  None (edit)
Description David Lawrence 2007-11-30 11:58:39 EST
Description:
Some code in post_bug.cgi was added to add security-response-team@redhat.com to Cc list of new bug if Security group is checked.

Function Requirements:
Currently hardcoded to check for the group id 71. post_bug.cgi
Comment 1 David Lawrence 2007-12-20 14:09:24 EST
LOC Estimation:

Adding 50% to compensate for porting to Bugzilla/Bug.pm in 3.0 that uses
create() instead of Add().

Bugzilla/Bug.pm: 20 + (20*.50) = 30
XMLRPC tests for Bug.create() to verify security added to cc list: 60
selenium tests to verify security add to cc list: 2 hours

LOC Total: 90
Comment 2 Noura El hawary 2008-02-07 10:24:52 EST
Hi Dave,

I think I can help you with this bug. Just letting you know so we don't work on
it both at the same time.

Thanks,
Noura
Comment 3 Noura El hawary 2008-02-10 23:54:26 EST
Created attachment 294536 [details]
patch to Bugzilla/Bug.pm

this is a patch to enable the following:

When group security is selected when a new bug is created then 3 things
should happen:

1- security-response-team@redhat.com is added to the cclist of the bug.
2- The cclist should only contain accounts that are members of the groups
   selected when the bug is created.
3- Keyword Security is added to the bug's Keywords

also attaching selenium test for it.

Please review and let me know what you think.

Thanks,
Noura
Comment 4 Noura El hawary 2008-02-10 23:58:36 EST
Created attachment 294537 [details]
selenium test 

This is a selenium test for the attached patch, fully documented . please note
that to run this test, you will need to run it on a freshly installed
rh_bugzilla_3 that has just had checksetup.pl run. also to run it you will need
to change line 366 in Bugzilla/Bug.pm after applying the previous patch to have
the groupid == 14 not 71 as 71 will be the group id for the security group
using our live bugzilla database.

I couldn't create any xmlrpc tests for this feature yet as the function
Bug.get() will not return any cclist or keywords information for the bug to
enable the testing of this feature for newly created bugs with the security
group assigned.
Comment 5 Noura El hawary 2008-02-10 23:59:40 EST
3 hours converting the rh_bugzilla_2_18 code to work with rh_bugzilla_3
2 hours testing
Comment 6 David Lawrence 2008-02-11 12:55:14 EST
Comment on attachment 294536 [details]
patch to Bugzilla/Bug.pm

Noura, patch looks nice and also installed on bugdev where it worked as
expected. If the Selenium case works then this is good to go.

Dave
Comment 7 Noura El hawary 2008-02-11 20:59:27 EST
Created attachment 294615 [details]
patch for bugs 406321 and 406141

cool , Thanks Dave. So what would be the next step shall we commit to cvs? also
I think this patch will conflict with your patch caze both of them update
Bugzilla/Bug.pm, so I am attaching a new patch that has both changes so we
apply it at once. 

Noura
Comment 8 David Lawrence 2008-02-11 22:49:39 EST
(In reply to comment #7)
> Created an attachment (id=294615) [edit]
> patch for bugs 406321 and 406141
> 
> cool , Thanks Dave. So what would be the next step shall we commit to cvs? also
> I think this patch will conflict with your patch caze both of them update
> Bugzilla/Bug.pm, so I am attaching a new patch that has both changes so we
> apply it at once. 

One way to make sure this is normally not a problem is to always make sure you
do a full cvs update before committing. So for example you would commit your
security-response patch first, and then before I commit the rhel changes patch,
I would cvs update and pull in your changes first, then commit mine. As long
as we do not both edit the same exact lines, it will normally work out. If not
then it will throw a conflict error and the last person will just work out the
conflict and commit.

Dave

Comment 9 David Lawrence 2008-02-11 22:50:10 EST
Oh, so anyway, go ahead and check this in ;)

Dave

Note You need to log in before you can comment on or make changes to this bug.