Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alerts API Search Criteria not being adhered to #598

Open
arice2358 opened this issue Jun 10, 2024 · 1 comment
Open

Alerts API Search Criteria not being adhered to #598

arice2358 opened this issue Jun 10, 2024 · 1 comment
Labels
Area: NodeApi bug

Comments

@arice2358
Copy link

  1. Please check our current Issues to see if someone already reported this https://github.com/Microsoft/vsts-node-api/issues
  2. Take a look at our Instructions for logging issues https://github.com/Microsoft/vsts-node-api/blob/master/CONTRIBUTING.md#instructions-for-logging-issues

Environment

Node version: v20.10.0
Npm version: 10.2.3
OS and version: Windows 11
azure-devops-node-api version: 13.0.0

Issue Description

When trying to provide search criteria to getAlerts() method to limit the alerts returned to Active alerts only the search criteria is ignored and alerts of all states are returned.

Expected behaviour

Only alerts that match the states specified in the search criteria should be returned.

Actual behaviour

Alerts of all state are returned.

Steps to reproduce

  const searchCriteria: SearchCriteria = {states: [State.Active]};
  let alertsPRSource = await alertsApi.getAlerts(
    project,
    repositoryId,
    500,
    "lastSeen",
    searchCriteria,
     undefined
  );

for(let alert of alertsPRSource) {
  console.log(`${alert.alertId}\t${alert.alertType}\t${alert.severity}\t${alert.state}\t${alert.title}`);
}

Logs

Column 4 of the output below is the alert state. Each value should be 1 (Active) if the search criteria was followed.

639     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
638     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
637     3       1       1       DOM text reinterpreted as HTML (js/xss-through-dom)
636     3       1       1       Prototype-polluting assignment (js/prototype-polluting-assignment)
635     3       1       1       Prototype-polluting assignment (js/prototype-polluting-assignment)
634     1       3       2       .NET Core Remote Code Execution Vulnerability (CVE-2021-24112)
632     1       2       1       NuGet Elevation of Privilege Vulnerability (CVE-2022-41032)
631     1       2       1       NuGet Client Remote Code Execution Vulnerability (CVE-2023-29337)
630     1       2       1       NuGet Client Remote Code Execution Vulnerability (CVE-2023-29337)
629     1       3       2       NuGet Client Security Feature Bypass Vulnerability  (CVE-2024-0057)
640     3       2       2       Weak encryption (cs/weak-encryption)
633     1       1       4       Server side request forgery in SwaggerUI (GHSA-qrmm-w75w-3wpx)
627     2       3       1       Azure DevOps personal access token (PAT)
@max-zaytsev max-zaytsev added bug and removed triage labels Jun 14, 2024
@vmapetr
Copy link
Contributor

vmapetr commented Jul 26, 2024

Hi @arice2358 thanks for reporting!
We are working on more prioritized issues at the moment, but will get back to this one soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: NodeApi bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arice2358 @max-zaytsev @vmapetr