-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Query API for Ubuntu linux
packages
#2478
Comments
It seems that Other Ubuntu queries, like We're currently working on a new way to make our API queries better and will think about this case. Thanks for reporting this. |
Thanks Holly! I do have a question from your example. Passing the ecosystem as Also, what did you mean by non-enumerated ecosystem in #2401 ? Is it something that we could help with for Ubuntu? |
Hi @dodys
Passing
For some ecosystems like Debian, we maintain a custom The |
linux
packages
@another-rex is working on addressing the timeout issue this week. Thanks for reporting this @dodys ! |
Hey @dodys, while implementing a fix for these queries, I noticed that
will return an empty array rather than https://osv.dev/vulnerability/USN-6957-1 like you are expecting. This is because |
Oh, so the idea is to pass a "vulnerable" version then to the API call? |
Not necessarily. The idea is to pass to it what you want to know the vulnerability status of. Your current usage is perfectly valid. Linux kernel related packages are particularly pathologically expensive to evaluate due to the number of possible vulnerabilities to the filter out. What happens on the backend of the API is first the entire set of vulnerabilities are retrieved for the package/ecosystem combination, and then they're scanned for falling within the vulnerable version range. You can follow the code from Line 619 in f66ffcf
|
Describe the bug
Not sure if I'm actually missing something, but I'm getting a timeout when running:
And I get an empty answer when I run with a different
version
:What I would like to retrieve is some information like this:
https://osv.dev/vulnerability/USN-6957-1
Is this a problem with the data or the API?
To Reproduce
Steps to reproduce the behaviour:
Run the commands above and check the output.
Expected behaviour
The following data should be retrieved:
https://osv.dev/vulnerability/USN-6957-1
The text was updated successfully, but these errors were encountered: