search

microsoft / azure-devops-node-api

Azure DevOps Client for Node.js
Other
462 stars 229 forks source link

Alerts API Search Criteria not being adhered to #598

Open arice2358 opened 3 months ago

arice2358 commented 3 months ago
  1. Please check our current Issues to see if someone already reported this https://github.com/Microsoft/vsts-node-api/issues
  2. Take a look at our Instructions for logging issues https://github.com/Microsoft/vsts-node-api/blob/master/CONTRIBUTING.md#instructions-for-logging-issues

Environment

Node version: v20.10.0 Npm version: 10.2.3 OS and version: Windows 11 azure-devops-node-api version: 13.0.0

Issue Description

When trying to provide search criteria to getAlerts() method to limit the alerts returned to Active alerts only the search criteria is ignored and alerts of all states are returned.

Expected behaviour

Only alerts that match the states specified in the search criteria should be returned.

Actual behaviour

Alerts of all state are returned.

Steps to reproduce

  const searchCriteria: SearchCriteria = {states: [State.Active]};
  let alertsPRSource = await alertsApi.getAlerts(
    project,
    repositoryId,
    500,
    "lastSeen",
    searchCriteria,
     undefined
  );

for(let alert of alertsPRSource) {
  console.log(`${alert.alertId}\t${alert.alertType}\t${alert.severity}\t${alert.state}\t${alert.title}`);
}

Logs

Column 4 of the output below is the alert state. Each value should be 1 (Active) if the search criteria was followed.

639     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
638     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
637     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
636     3       1       1       Prototype-polluting assignment (js/prototype-polluting-assignment)
635     3       1       1       Prototype-polluting assignment (js/prototype-polluting-assignment)
634     1       3       2       .NET Core Remote Code Execution Vulnerability (CVE-2021-24112)
632     1       2       1       NuGet Elevation of Privilege Vulnerability (CVE-2022-41032)
631     1       2       1       NuGet Client Remote Code Execution Vulnerability (CVE-2023-29337)
630     1       2       1       NuGet Client Remote Code Execution Vulnerability (CVE-2023-29337)
629     1       3       2       NuGet Client Security Feature Bypass Vulnerability  (CVE-2024-0057)
640     3       2       2       Weak encryption (cs/weak-encryption)
633     1       1       4       Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx)
627     2       3       1       Azure DevOps personal access token (PAT)
vmapetr commented 1 month ago

Hi @arice2358 thanks for reporting! We are working on more prioritized issues at the moment, but will get back to this one soon.