Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable filtering in GLVD API #94

Open
pnpavlov opened this issue Sep 10, 2024 · 3 comments
Open

Enable filtering in GLVD API #94

pnpavlov opened this issue Sep 10, 2024 · 3 comments
Assignees
@fwilhe
Milestone
2024-09

Comments

@pnpavlov
Copy link
Member

No description provided.

@pnpavlov pnpavlov added this to the 2024-09 milestone Sep 10, 2024
This was referenced Sep 11, 2024
Closed
Merged
fwilhe added a commit to gardenlinux/glvd-api that referenced this issue Sep 11, 2024
@fwilhe
Use views instead of native queries where possible (#33)
76c1264 
This PR changes a lot about how glvd-api works.

The biggest change is that we now rely on VIEWs in the db instead of having native queries in our repositories where possible. This simplifies the code a lot and should also make it easier to implement sorting gardenlinux/glvd#95 and filtering gardenlinux/glvd#94 in the api.
@fwilhe
Copy link
Member

fwilhe commented Sep 12, 2024

The filed where filtering would make most sense is vulnerable I believe.

Also, once we have the cvss score in the output (which is a todo), it would also be great to be able to filter for that.

something like

/v1/cves/1592.0?sortBy=cveId&sortOrder=DESC&isVulnerable=true&cvssScoreGreaterEquals=7.0

@fwilhe
Copy link
Member

fwilhe commented Sep 16, 2024

Depends on #100 for cvss score

@fwilhe
Copy link
Member

fwilhe commented Sep 16, 2024

I am not sure if there is an elegant way to do filtering the way I am imagining.

We need to refine the user story before we can continue here to avoid large implementation efforts for questionable benefit.

Questions:

  • It looks like we need to take care of each field we want to filter, so there is added cost for each field we want to filter on. For which fields does it really make sense?
  • Would we really want to show non-vulnerable CVEs anyway? Having the filter on 'is vulnerable == true' always would be easy, having the filter only optionally does seem way more complex to me.
  • For cvss filtering we need to resolve Include CVSS Score in api response #100 first

@pnpavlov pnpavlov mentioned this issue Sep 10, 2024
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fwilhe fwilhe

Labels
None yet
Projects
None yet
Milestone
2024-09
Development

No branches or pull requests
2 participants
@fwilhe @pnpavlov