Closed mtruj013 closed 2 months ago
The filters should work the same way on both API and ubuntu.com
You can if you do something like this: https://ubuntu.com/security/cves.json?version=eoan&status=
By adding also the status. status=
means you accept any statuses. I think ubuntu.com adds it automatically.
There is a check I do in the code at https://github.com/canonical-web-and-design/ubuntu-com-security-api/blob/main/webapp/views.py#L656-L657
The number of version
parameters needs to match the number of status
parameters. If they don't the filtering will ignore it without saying anything. They are coupled because the drop-down filters (for version and status) on /security/cve were added together.
Perhaps it would make sense to throw a 422 (validation error) rather than ignoring. Or default the missing status to "".
This functionality was refactored in https://github.com/canonical/ubuntu-com-security-api/pull/137, closing
Summary
API is not filtering CVEs based on version, nor does it display an error message
Process
Visit https://ubuntu.com/security/cves.json?version=eoan (also try with different versions) and see that
total_results
remains unchangedCurrent and expected result
Filtering should work like it does on the live site (which is currently not using the API)