-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create get vulnerability details API #2207
Create get vulnerability details API #2207
Conversation
@@ -237,102 +237,6 @@ def vulnerability_redirector(potential_vuln_id): | |||
return None | |||
|
|||
|
|||
def bug_to_response(bug, detailed=True): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moving these functions to utils.py
so they can be used by both of api_handlers
and frontend_handlers
.
gcp/appengine/api_handlers.py
Outdated
@@ -0,0 +1,47 @@ | |||
# Copyright 2021 Google LLC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Create a new app for API
985d7d8
to
4c2aee4
Compare
4c2aee4
to
3f12c8a
Compare
Unless I'm misunderstanding the goal, rather than putting API code in the frontend as well, I think we can just put a link to the GET API endpoint on the page, or add a new handler to redirect requests ending in .json to the API endpoint. |
That was my understanding of the easiest way forward based on #2152 (comment) |
3f12c8a
to
7a4ff83
Compare
That's cool, but doesn't address the UX intention behind #2152 (as I understand it). Today, there's a convenience redirect where: An additional convenience redirect would be for: Without having tried this, I think a variation on: osv.dev/gcp/appengine/frontend_handlers.py Lines 230 to 242 in 7428293
|
7a4ff83
to
1194af7
Compare
1194af7
to
4070c0c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM, have you been able to do any testing to confirm it works as intended?
FYI, I wasn't averse to highlighting the availability of the API from the individual vulnerability pages on the website in addition to this. Feel free to reinstate that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! One minor note would be this will always redirect to the production API, even when running on test.osv.dev. Not sure if there's an easy fix for that or not, if not I think that behaviour is fine.
abort(404) | ||
return None | ||
|
||
vuln = osv_get_by_id(potential_vuln_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor nit: can you change the if vuln:
to if not vuln:
to have the final return statement be the redirect, and the if branches be the aborts.
73cdeb0
to
06f20c3
Compare
Yes, I've tested http://127.0.0.1:8000/vulnerability/GHSA-vw63-824v-qf2j.json and http://127.0.0.1:8000/GHSA-vw63-824v-qf2j.json on local, and both redirects me to https://api.test.osv.dev/v1/vulns/GHSA-vw63-824v-qf2j |
Thanks, I've updated this and now it will redirect to |
Issue: #2152
This PR introduces a new GET vulnerability details API