Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

possibly confusing count_only behavior #802

Closed
ElectricNroff opened this issue Jul 28, 2022 · 1 comment · Fixed by #952
Closed

possibly confusing count_only behavior #802

ElectricNroff opened this issue Jul 28, 2022 · 1 comment · Fixed by #952
Assignees
@slubar

Comments

@ElectricNroff
Copy link
Contributor

https://cveawg-test.mitre.org/api-docs/ says

GET /cve
...
count_only  Get count of records that match query. Accepted values are 0 (False) and 1 (True)
boolean
(query)

The actual behavior seems to be that "true" and "false" are also accepted, but both "true" and "false" are equivalent to 0.

https://cveawg-test.mitre.org/api/cve?assigner_short_name=snyk&count_only=true

{"cveRecords":[{"containers":{"cna":{"affected":[{"product":"zt-zip","vendor":"zeroturnaround","versions":
...

https://cveawg-test.mitre.org/api/cve?assigner_short_name=snyk&count_only=false

{"cveRecords":[{"containers":{"cna":{"affected":[{"product":"zt-zip","vendor":"zeroturnaround","versions":
...

https://cveawg-test.mitre.org/api/cve?assigner_short_name=snyk&count_only=1

{"totalCount":543}

https://cveawg-test.mitre.org/api/cve?assigner_short_name=snyk&count_only=0

{"cveRecords":[{"containers":{"cna":{"affected":[{"product":"zt-zip","vendor":"zeroturnaround","versions":
...

This seems to be caused by the interaction among:

cve-services/src/controller/cve.controller/cve.controller.js

Line 98 in 3b7608f

if (req.ctx.query.count_only === '1') {

and

cve-services/src/controller/cve.controller/index.js

Line 148 in 3b7608f

query(['count_only']).optional().isBoolean(),

and the definition of isBoolean in
https://github.com/validatorjs/validator.js/blob/master/README.md

In other words, "true" is considered a valid syntax, but the === '1' test, in effect, interprets true as false. A possible solution is to modify index.js to use

isIn(['0','1'])

instead of

isBoolean()
@slubar
Copy link
Contributor

slubar commented Dec 12, 2022

Change the endpoint to allow both 0/1 and true/false. All other values should throw an error. Swagger docs will need to be updated to reflect the change

@slubar slubar self-assigned this Dec 13, 2022
slubar added a commit that referenced this issue Dec 14, 2022
@slubar
#802 Update boolean query parameters to accept 0,1,true,false,yes,no …
e5741c7 
…in any casing
slubar added a commit that referenced this issue Dec 14, 2022
@slubar
#802 fix http test
9ba1d1f
slubar added a commit that referenced this issue Dec 14, 2022
@slubar
#802 fix typo
572b6a0
@slubar slubar linked a pull request Dec 14, 2022 that will close this issue
#802 Update boolean query parameters to accept 0,1,true,false,yes,no … #952
Merged
slubar added a commit that referenced this issue Dec 14, 2022
@slubar
#802 improvement to booleanIsTrue
24a17ac
brettp added a commit that referenced this issue Dec 14, 2022
@brettp
Merge pull request #952 from CVEProject/srl-802
c9f6ce5 
#802 Update boolean query parameters to accept 0,1,true,false,yes,no …
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@slubar slubar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#802 Update boolean query parameters to accept 0,1,true,false,yes,no … CVEProject/cve-services
2 participants
@slubar @ElectricNroff