search

CiscoPSIRT / openVulnAPI

Documentation and Tools for Cisco's PSIRT openVuln API
https://developer.cisco.com/psirt/
MIT License
102 stars 51 forks source link

Product Search Returns 404 Not Found #61

Closed C0FFEEC0FFEE closed 6 years ago

C0FFEEC0FFEE commented 6 years ago

It seems like the product method is broken. I tried using it with curl as well as openVulnQuery. All the other API methods are working fine.

host.example.com:~# curl -v -X GET -s -k -H "Accept: application/json" -H "Authorization: Bearer changeme" https://api.cisco.com/security/advisories/product?product=Cisco
* Hostname was NOT found in DNS cache
*   Trying www.xxx.yyy.zzz...
* Connected to www.xxx.yyy.zzz (www.xxx.yyy.zzz) port 80 (#0)
* Establish HTTP proxy tunnel to api.cisco.com:443
> CONNECT api.cisco.com:443 HTTP/1.1
> Host: api.cisco.com:443
> User-Agent: curl/7.38.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES128-SHA256
* Server certificate:
*        subject: C=US; ST=CA; L=San Jose; O=Cisco Systems, Inc.; CN=api.cisco.com
*        start date: 2017-11-29 23:58:54 GMT
*        expire date: 2019-11-30 00:08:00 GMT
*        issuer: C=US; O=HydrantID (Avalanche Cloud Corporation); CN=HydrantID SSL ICA G2
*        SSL certificate verify ok.
> GET /security/advisories/product?product=Cisco HTTP/1.1
> User-Agent: curl/7.38.0
> Host: api.cisco.com
> Accept: application/json
> Authorization: Bearer 6WOZxR44qfwJe7oTcpCnLLjV9qNO
>
< HTTP/1.1 404 Not Found
< Date: Tue, 23 Oct 2018 07:35:13 GMT
* Server Mashery Proxy is not blacklisted
< Server: Mashery Proxy
< X-Mashery-Message-ID: 0cc7639e-c01b-4d82-95b6-09e4db406209
< Cache-Control: private
< Pragma: private
< Allow: GET,OPTIONS,HEAD
< Content-Length: 0
< LAEHOST: lae-alln-mi-103.cisco.com
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Access-Control-Allow-Headers: Content-type, fromPartyID, inputFormat, outputFormat, Authorization, Content-Length, Accept, Origin
< Content-Type: text/plain; charset=UTF-8
< X-RP-SSL-Name: lae-rcdn-rpi-04
< Connection: close
<
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
waukeerules commented 6 years ago

I am also having this issue. I am getting the following error in Python.

requests.exceptions.HTTPError: 404 Client Error: Not Found for url: https://api.cisco.com/security/advisories/product?product=Cisco+Identity+Services+Engine

santosomar commented 6 years ago

We are working on this issue and will update this thread with an ETA in a few days. However, you should be able to still use the older method/URI such as 

GET /security/advisories/cvrf/product/{product_keyword}

In other words:

https://api.cisco.com/security/advisories/cvrf/product?product=XXX
santosomar commented 6 years ago

The product search is now fixed and can be accessed via the following URI:

https://api.cisco.com/security/advisories/product

For example:

https://api.cisco.com/security/advisories/product?product=ios

or

https://api.cisco.com/security/advisories/product.json?product=ios