Open nscuro opened 1 day ago
Appears to be a leftover from the < 4.x days where global components where a thing.
Another shortcoming of the existing logic is that portfolio access control is not applied to those components, so the endpoint will show components the user shouldn't have access to.
Current Behavior
The
/api/v1/vulnerability/source/{source}/vuln/{vuln}
endpoint returns all components affected by the given vulnerability. This works fine for a small number of affected components, but really starts breaking down once hundreds or thousands of components are affected.Note that this endpoint is used by the frontend when viewing vulnerability details. The sheer volume of data being loaded can cause browser sluggishness, and pages take unreasonably long to load.
Since
components
is just a field of the vulnerability object, pagination can't be used to combat this issue.Steps to Reproduce
Expected Behavior
The endpoint should only return vulnerability information, not all affected components. There are separate endpoints to acquire this information, where pagination can be used.
Hyades Version
5.6.0-SNAPSHOT
Repository Type
Hyades apiserver
Browser
N/A
Checklist