Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invoke-mggraphrequest Filter bug #2709

Closed
GraphiteCA opened this issue Apr 26, 2024 · 2 comments
Closed

invoke-mggraphrequest Filter bug #2709

GraphiteCA opened this issue Apr 26, 2024 · 2 comments
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience

Comments

@GraphiteCA
Copy link

Describe the bug

Hello!

I'm currently on 2.18.
Encountering an issue where:

invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?$filter=(severity eq 'medium' or severity eq 'high') and (status eq 'active')" -OutputType PSObject

Will include EVERY incident of medium or high, regardless of status being active or otherwise.

Graph Explorer will return the expected # of results, however invoke-mggraphrequest does not pay attention to the status filter.

In this picture, value count should be ~7. If we enumerate all & the nexts, I get ~180.
image

Expected behavior

invoke-mggraphrequest should closely follow the filter request & not disregard filtering on multiple properties.

How to reproduce

  1. Have multiple sentinel incidents. Some active with medium & high severity, some closed.
  2. Query the API directly - get expected results of only active incidents.
  3. Query via invoke-mggraphrequest and get EVERYTHING back, with status of active, resolved, otherwise.

SDK Version

2.18.0

Latest version known to work for scenario above?

N/A

Known Workarounds

None.

Debug output

Click to expand log ```

$incidents = invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?$filter=(severity eq 'medium' or severity eq 'high') and (status eq 'active')" -OutputType PSObject -debug
VERBOSE: GET https://graph.microsoft.com/v1.0/security/incidents?=(severity eq 'medium' or severity eq 'high') and
(status eq 'active') with 0-byte payload

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
DEBUG: GET
/v1.0/security/incidents?=(severity%20eq%20'medium'%20or%20severity%20eq%20'high')%20and%20(status%20eq%20'active')
HTTP/1.1
HTTP: graph.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.19045; en-US) PowerShell/5.1.19041.4170
Invoke-MgGraphRequest

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
VERBOSE: received 38538-byte response of content type application/json
DEBUG: GET
https://graph.microsoft.com/v1.0/security/incidents?=(severity%20eq%20'medium'%20or%20severity%20eq%20'high')%20and%20(
status%20eq%20'active')
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
request-id: 9faa1f0f-393d-4c17-a876-10f769525920
client-request-id: b0a732ef-65b3-4227-9703-d14e1ad4e571
x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"West US
2","Slice":"E","Ring":"4","ScaleUnit":"005","RoleInstance":"MWH0EPF000A801F"}}
OData-Version: 4.0
Date: Fri, 26 Apr 2024 17:55:56 GMT
Content-Encoding: gzip
Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
image

</details>


### Configuration

![image](https://github.com/microsoftgraph/msgraph-sdk-powershell/assets/46536194/89b59be4-d6c2-47cb-8bc0-25bf9530534f)
-X64
-W10 19045.4170

### Other information

_No response_
@GraphiteCA GraphiteCA added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Apr 26, 2024
@CloudVikingr
Copy link

I was able to replicate the issue using the provided command.

invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?$filter=(severity eq 'medium' or severity eq 'high') and (status eq 'active')" -OutputType PSObject 

PS C:\Users\user> (invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?$filter=status%20eq%20'active'" -OutputType PSObject).value | select status | ft

status
------
active
active
active
active
active
active
active
active
active
resolved

I can see a resolved item, so the filter is not applying.

image

PowerShell is using String Interpolation to try and substitute $filter with the value of $filter, which in my test was $null.

Using the backtick character you can escape the $

invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?`$filter=(severity eq 'medium' or severity eq 'high') and (status eq 'active')" -OutputType PSObject 

PS C:\Users\user> (invoke-mggraphrequest -method GET -URI "https://graph.microsoft.com/v1.0/security/incidents?`$filter=status%20eq%20'active'" -OutputType PSObject).value | select status | ft

status
------
active
active
active
active
active
active
active
active
active
active

Give that a try.

@GraphiteCA
Copy link
Author

That works quite well, thank you!

That exactly was the issue, backtick saves the day. :)
It makes total sense, I just wish it was a little more clear in the documentation....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GraphiteCA @CloudVikingr