Add validation error when status is not passed in version query

[mtruj013]

Summary

API is not filtering CVEs based on version, nor does it display an error message

Process

Visit https://ubuntu.com/security/cves.json?version=eoan (also try with different versions) and see that total_results remains unchanged

Current and expected result

Filtering should work like it does on the live site (which is currently not using the API)

[albertkol]

The filters should work the same way on both API and ubuntu.com

You can if you do something like this: https://ubuntu.com/security/cves.json?version=eoan&status=

By adding also the status. status= means you accept any statuses. I think ubuntu.com adds it automatically. There is a check I do in the code at https://github.com/canonical-web-and-design/ubuntu-com-security-api/blob/main/webapp/views.py#L656-L657

The number of version parameters needs to match the number of status parameters. If they don't the filtering will ignore it without saying anything. They are coupled because the drop-down filters (for version and status) on /security/cve were added together.

Perhaps it would make sense to throw a 422 (validation error) rather than ignoring. Or default the missing status to "".

[mtruj013]

This functionality was refactored in https://github.com/canonical/ubuntu-com-security-api/pull/137, closing