From 1963faf9b86f9507a890fd3480e0e1f5b5cb14d2 Mon Sep 17 00:00:00 2001
From: jramos <jordan.ramos@charter.com>
Date: Thu, 9 Apr 2026 15:25:16 -0600
Subject: [PATCH] fix: queue now uses edited hostname override instead of
 original Ivanti value

---
 backend/routes/ivantiTodoQueue.js              | 15 +++++++++++----
 frontend/src/components/pages/ReportingPage.js |  4 ++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/backend/routes/ivantiTodoQueue.js b/backend/routes/ivantiTodoQueue.js
index cae581a..af2058f 100644
--- a/backend/routes/ivantiTodoQueue.js
+++ b/backend/routes/ivantiTodoQueue.js
@@ -27,20 +27,27 @@ function createIvantiTodoQueueRouter(db, requireAuth) {
      */
     router.get('/', requireAuth(db), (req, res) => {
         db.all(
-            `SELECT * FROM ivanti_todo_queue
-             WHERE user_id = ?
-             ORDER BY vendor ASC, created_at ASC`,
+            `SELECT q.*,
+                    o.value AS override_hostname
+             FROM ivanti_todo_queue q
+             LEFT JOIN ivanti_finding_overrides o
+                    ON o.finding_id = q.finding_id AND o.field = 'hostName'
+             WHERE q.user_id = ?
+             ORDER BY q.vendor ASC, q.created_at ASC`,
             [req.user.id],
             (err, rows) => {
                 if (err) {
                     console.error('Error fetching todo queue:', err);
                     return res.status(500).json({ error: 'Internal server error.' });
                 }
-                // Parse cves_json back to array for each row
+                // Parse cves_json back to array; prefer overridden hostname
                 const parsed = rows.map((r) => ({
                     ...r,
+                    hostname: r.override_hostname || r.hostname,
                     cves: r.cves_json ? JSON.parse(r.cves_json) : [],
                 }));
+                // Clean up the extra column from the response
+                parsed.forEach((r) => delete r.override_hostname);
                 res.json(parsed);
             }
         );
diff --git a/frontend/src/components/pages/ReportingPage.js b/frontend/src/components/pages/ReportingPage.js
index 3236a94..4219aa4 100644
--- a/frontend/src/components/pages/ReportingPage.js
+++ b/frontend/src/components/pages/ReportingPage.js
@@ -2549,7 +2549,7 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
                     finding_title: finding.title      || null,
                     cves:          finding.cves        || [],
                     ip_address:    finding.ipAddress   || null,
-                    hostname:      finding.hostName    || null,
+                    hostname:      finding.overrides?.hostName || finding.hostName || null,
                     vendor:        queueForm.vendor.trim(),
                     workflow_type: queueForm.workflowType,
                 }),
@@ -2602,7 +2602,7 @@ export default function VulnerabilityTriagePage({ filterDate, filterEXC }) {
                     finding_title: f.title      || null,
                     cves:          f.cves        || [],
                     ip_address:    f.ipAddress   || null,
-                    hostname:      f.hostName    || null,
+                    hostname:      f.overrides?.hostName || f.hostName || null,
                 } : { finding_id: id };
             });
             const res = await fetch(`${API_BASE}/ivanti/todo-queue/batch`, {