Filter logic does not seem to be applied via PowerShell Module OR API Explorer

Question

Filter logic does not seem to be applied via PowerShell Module OR API Explorer

1RedOne opened this issue 4 years ago · 6 comments

Description

When making a request for a given CVE ID, or a year (or practically any filter) using the PowerShell cmdlet of Get-MsrcSecurityUpdate or via the API explorer found at https://portal.msrc.microsoft.com/en-us/developer, filters are discarded and a list of all known CVEs are returned every time.

Steps to Reproduce

Install the MsrcSecurityUpdates PowerShell module
Request an API key

Get-MsrcSecurityUpdate -Year 2016

OR

Use the API Explorer to make a request which would end up hitting this URL. https://api.msrc.microsoft.com/Updates('2016')?api-version=2020

Expected Behavior

The cmdlet should filter down to only Updates for the year 2016.


ID       DocumentTitle                  
--       -------------                  
2016-Apr April 2016 Security Updates    
2016-Aug August 2016 Security Updates   
2016-Dec December 2016 Security Updates 
2016-Jan January 2016 Security Updates  
2016-Jul July 2016 Security Updates     
2016-Jun June 2016 Security Updates     
2016-May May 2016 Security Updates      
2016-Nov November 2016 Security Updates 
2016-Oct October 2016 Security Updates  
2016-Sep September 2016 Security Updates

Actual Behavior

~52 updates, including those released this month are returned even though our filter should have restricted to year 2016. This seems to happen for all filters provided.

Tagging my friend who is also curious about this @waingrositBlog

Answer 1 · 2020-07-22T13:54:39.000Z

I'm also seeing that filters are not being applied, test both via the REST API endpoint and the Powershell client (used to verify whether I made the API calls correctly)

Answer 2 · 2020-09-17T08:28:15.000Z

Seeing the same behavior. any news on this?

Answer 3 · 2020-10-08T15:51:26.000Z

I'm seeing the same bahaviour. Is this going to be fixed eventually? Right now the API is essentially unusable for efficient research.

Answer 4 · 2020-10-08T16:04:24.000Z

Hello. Apologies for the inconvenience and thank you all for your patience. We are working on a major version update of this API which will provide proper OData filter support and more. We'll share more information soon. In the meantime, we will look into the described behavior in the current API. Thanks again.

Answer 5 · 2021-05-30T12:16:46.000Z

@mdressman any updates?

Answer 6 · 2022-02-17T18:49:12.000Z

The API has since been fixed, so this issue should go away as well. Please let me know if the behavior still persists.