cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2366
Views
27
Helpful
13
Replies

PSIRT OpenVuln API Pagination Issue

OsamaAbbas
Level 1
Level 1

Hi,

I am using the PSIRT APIs for a web application and it works great. However, some endpoints that support pagination are not having the paging object in their response body.

For example, Query by Year supports pageIndex and pageSize and I get the paging object in the response body in Postman. (See Query-by-Year.jpg attached image). But for Query by Product which supports pageIndex and pageSize, I don't get the paging object in the response body, and I am only limited to the first 100 results (See Query-by-Product.jpg attached image). Also, pageIndex and pageSize don't work for any of the OSType/{OSType} endpoints.

TL;DR

Pagination works only with Query by Year

Is that a bug? Who should I report this issue to?

Thank you

Osama Abbas

Osama Abbas
1 Accepted Solution

Accepted Solutions

Hello Osama,

   A fix will be deployed this Friday.

Regards

View solution in original post

13 Replies 13

PR Oxman
Cisco Employee
Cisco Employee

Hello Osama,

   Looking at this.  Will post an update shortly.

Thanks.

PR Oxman
Cisco Employee
Cisco Employee

Hello Osama,

Pagination not implemented for all API. We have a dev engaged and we need to work and add pagination for the endpoints which its missing. Once identified all missing endpoints and a timeline to implement I will update the documentation for the OpenVuln API and update this thread.

For some of the endpoints whilst the pagination is working correctly we are not responding with the pagination Object.  We will look to address this as well.

Thanks for bringing this to our attention.

Hi Poxman,

Any updates?

Thank you

Osama Abbas

Hello Omar,

   Fix is scheduled to be deployed on 12th Feb 2023.

   A review was conducted and the following endpoints will be updated; with the fixes:

  • get /product​
  • get /latest/{number}​
  • get /OSType/{OSType}​

Only endpoints that return multiple pages support pagination.

Thanks.

Sorry to correct you, but It's Osama, not Omar :).

Have a great day!

Osama Abbas

Hi Oxman,

Since I noticed a change on the 12th of Feb on the following API endpoints:

  1. get /product
  2. get /latest/{number}
  3. get /OSType/{OSType}​

I think the fix still needs some work to be done.

I'll take (1) as a reference with Cisco Identity Services Engine Software as an example. Yes the paging object does exist in the response now , but it has two issues:

 

    "paging": {
        "next": "/product?product=Cisco Identity Services Engine Software?pageIndex=13&pageSize=10",
        "prev": "/product?product=Cisco Identity Services Engine Software?pageIndex=11&pageSize=10",
        "count": 126
    }

 

  • ?pageIndex should be changed to &pageIndex (Replace ? with an ampersand). [Because it results in 406 Not Acceptable]

 

{
    "errorCode": "INVALID_PRODUCT_NAME_FORMAT",
    "errorMessage": "Invalid product name format, Special characters are not allowed (&,!,$,',@,#,!,<,?). Valid example's e.g 'cisco' ,'cisco_xe' ,'cisco-xe*' etc"
}

 

A total of 126 advisories are found for Cisco Identity Services Engine Software. If paginated with pageSize equal to 10, you get a total of 13 pages with only 6 advisories on the last page (page 13). However, page 13 shows:

 

{
    "errorCode": "INVALID_PAGEINDEX",
    "errorMessage": "Incorrect page index value"
}

 

 Thank you,

Osama Abbas

@PR Oxman When an update is expected?

Osama Abbas

Hello Osama,

   Just back from leave; will take a look later today and respond this week.

Thanks.

PR Oxman
Cisco Employee
Cisco Employee

Hello Osama,

    Issue #1 has been fixed in prod:

"paging": {
"next": "/product?product=Cisco Identity Services Engine Software&pageIndex=3&pageSize=10",
"prev": "/product?product=Cisco Identity Services Engine Software&pageIndex=1&pageSize=10",
"count": 127
}

Issue #2 is currently being worked and will provide an update when the fix will be delivered to prod.

Thanks

Hi Oxman,

Any updates on issue #2?

Thank you,

Osama

Osama Abbas

Hello Osama,

   A fix will be deployed this Friday.

Regards

Hi Oxman,

I can confirm that now the API is working properly.

Thanks a lot for the efforts.

 

 

Osama Abbas

OsamaAbbas
Level 1
Level 1

For anyone intreseted in the Cisco PSIRT OpenVuln APIs using a web-based application, you check out my repository on GitHub or Cisco Code Exchange Tes3awy/PSIRT: A Cisco PSIRT (Support API) Web App Using Flask (github.com)

 

Osama Abbas