Update fix docs #2931
Merged
Update fix docs #2931
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The pro fix commands were updated recently. Due to that, we need to update the output examples in the docs.
renanrodrigo
approved these changes
Jan 30, 2024
| @@ -0,0 +1,56 @@ | |||
| # How better visualized result of fixing multiple CVEs | |||
There was a problem hiding this comment.
Suggested change
| # How better visualized result of fixing multiple CVEs | |
| # How to better visualize the result when fixing multiple CVEs |
| CVE-2017-9233 (Coin3D vulnerability) - fixed | ||
| ``` | ||
|
|
||
| Note that this output consists of three information details: |
There was a problem hiding this comment.
Suggested change
| Note that this output consists of three information details: | |
| Note that each entry in this output consists of three fields: |
lucasmoura
force-pushed
the
update-fix-docs
branch
from
afa684e
to
5e44d5a
Compare
|
@s-makin CI is failing here due to a spellcheck error. However, the error is on the word |
Yes, we are using British English so it should be "visualise". Global replace should get rid of the errors I think. |
lucasmoura
force-pushed
the
update-fix-docs
branch
from
5e44d5a
to
7209b17
Compare
|
@s-makin fixed |
s-makin
reviewed
Feb 15, 2024
docs/howtoguides.rst
Outdated
| @@ -92,3 +92,11 @@ Create a ``pro`` Golden Image | |||
| :maxdepth: 1 | |||
|
|
|||
| Create a customised Cloud Ubuntu Pro image <howtoguides/create_pro_golden_image.md> | |||
|
|
|||
| Better visualise result when fixing multiple CVEs | |||
There was a problem hiding this comment.
Suggested change
| Better visualise result when fixing multiple CVEs | |
| Fixing multiple CVEs |
docs/howtoguides.rst
Outdated
| .. toctree:: | ||
| :maxdepth: 1 | ||
|
|
||
| Better visualise result when fixing multiple CVEs <howtoguides/how_to_better_visualise_fixing_multiple_cves.rst> |
There was a problem hiding this comment.
Suggested change
| Better visualise result when fixing multiple CVEs <howtoguides/how_to_better_visualise_fixing_multiple_cves.rst> | |
| Better visualise results when fixing multiple CVEs <howtoguides/how_to_better_visualise_fixing_multiple_cves.rst> |
| ************************************************************* | ||
|
|
||
| To fix multiple CVEs, you need to use the `u.pro.security.fix.cve.execute.v1` endpoint, | ||
| as the CLI `pro fix` command doesn't support multiple CVEs. However, as can be seen :ref:`here <cve-execute-api-v1>` |
There was a problem hiding this comment.
Suggested change
| as the CLI `pro fix` command doesn't support multiple CVEs. However, as can be seen :ref:`here <cve-execute-api-v1>` | |
| as the CLI `pro fix` command doesn't support multiple CVEs. However, as can be seen :ref:`in the endpoint documentation <cve-execute-api-v1>` |
| as the CLI `pro fix` command doesn't support multiple CVEs. However, as can be seen :ref:`here <cve-execute-api-v1>` | ||
| this command will output a JSON blob containing the results of the fix operation for each CVE. | ||
|
|
||
| This doesn't allow for a quick visualization of the fix status of each requested CVE. |
There was a problem hiding this comment.
Suggested change
| This doesn't allow for a quick visualization of the fix status of each requested CVE. | |
| This doesn't allow for a quick visualisation of the fix status of each requested CVE. |
| this command will output a JSON blob containing the results of the fix operation for each CVE. | ||
|
|
||
| This doesn't allow for a quick visualization of the fix status of each requested CVE. | ||
| To address that, we can use a `jq` filter. The `jq` command is mainly used to parse JSON data directly on |
There was a problem hiding this comment.
Suggested change
| To address that, we can use a `jq` filter. The `jq` command is mainly used to parse JSON data directly on | |
| To address that, we can use a `jq` filter. The `jq` command is mainly used to parse JSON data directly in |
|
|
||
| This doesn't allow for a quick visualization of the fix status of each requested CVE. | ||
| To address that, we can use a `jq` filter. The `jq` command is mainly used to parse JSON data directly on | ||
| the terminal. To know more about it, please refer to this `page <https://manpages.ubuntu.com/manpages/xenial/man1/jq.1.html>`_ |
There was a problem hiding this comment.
Suggested change
| the terminal. To know more about it, please refer to this `page <https://manpages.ubuntu.com/manpages/xenial/man1/jq.1.html>`_ | |
| the terminal. To know more about it, please refer to `the jq manpage <https://manpages.ubuntu.com/manpages/xenial/man1/jq.1.html>`_ |
| $ apt update & apt install jq -y | ||
|
|
||
| Now that `jq` is installed, we can properly parse the JSON data delivered from the execute API. | ||
| As an example, let's assume we want to fix those three CVEs here: **CVE-2020-28196, CVE-2020-15180** |
There was a problem hiding this comment.
Suggested change
| As an example, let's assume we want to fix those three CVEs here: **CVE-2020-28196, CVE-2020-15180** | |
| As an example, let's assume we want to fix these three CVEs: **CVE-2020-28196, CVE-2020-15180** |
|
|
||
| jq -r '.data.attributes.cves_data.cves[] | "\(.title) - \(.status)"' | ||
|
|
||
| Finally, if you want to have the same visualization when fixing USNs, just change the `jq` filter |
There was a problem hiding this comment.
Suggested change
| Finally, if you want to have the same visualization when fixing USNs, just change the `jq` filter | |
| Finally, if you want to have the same visualisation when fixing USNs, just change the `jq` filter |
lucasmoura
force-pushed
the
update-fix-docs
branch
from
7209b17
to
cfb3f1d
Compare
|
@s-makin done |
s-makin
approved these changes
Feb 16, 2024
Not going to merge - the spellchecker is complaining about jq and manpage, if you wouldn't mind adding those to the wordlist so that the checks can pass, you can feel free to merge it after |
Add a how-to-guide to allow users to better visualize the status of each CVE they have try to fix when running the fix execute API endpoint
lucasmoura
force-pushed
the
update-fix-docs
branch
from
cfb3f1d
to
2700a7e
Compare
|
@s-makin done |
s-makin
approved these changes
Feb 22, 2024
orndorffgrant
pushed a commit
that referenced
this pull request
Mar 13, 2024
* docs: update pro fix examples The pro fix commands were updated recently. Due to that, we need to update the output examples in the docs. * docs: better visualize fixing multiple CVEs Add a how-to-guide to allow users to better visualize the status of each CVE they have try to fix when running the fix execute API endpoint
s-makin
added a commit
that referenced
this pull request
Mar 14, 2024
* Docs apparmor update (#2906) * doc: Add security features troubleshooting doc This adds a document explaining how to troubleshoot the Apparmor and systemd sandboxing features added to the apt-news service. * global replace of apparmor with AppArmor * Review from Sally: wording on the description of how applications can behave under confinement Co-authored-by: Sally <[email protected]> * Systemd capitalization * Turns out it should be systemd instead (lowercase) --------- Co-authored-by: Sally <[email protected]> * docs: add guide to setup windows machine for WSL Add guide to setup windows machine for running our integration tests on WSL instances * Update fix docs (#2931) * docs: update pro fix examples The pro fix commands were updated recently. Due to that, we need to update the output examples in the docs. * docs: better visualize fixing multiple CVEs Add a how-to-guide to allow users to better visualize the status of each CVE they have try to fix when running the fix execute API endpoint * remove unnecessary anchor that linkcheck doesn't like * Apply suggestions from code review Co-authored-by: Sally <[email protected]> * Update wordlist.txt There's a jq in a link as well, so spellcheck still fails. I've re-added jq to the wordlist. --------- Co-authored-by: Andreas Hasenack <[email protected]> Co-authored-by: Sally <[email protected]> Co-authored-by: Lucas Moura <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is aims at:
pro fixfor the latest improvement in the Pro client