Filter logic does not seem to be applied via PowerShell Module OR API Explorer
1RedOne opened this issue · 6 comments
Description
When making a request for a given CVE ID, or a year (or practically any filter) using the PowerShell cmdlet of Get-MsrcSecurityUpdate
or via the API explorer found at https://portal.msrc.microsoft.com/en-us/developer, filters are discarded and a list of all known CVEs are returned every time.
Steps to Reproduce
- Install the MsrcSecurityUpdates PowerShell module
- Request an API key
Get-MsrcSecurityUpdate -Year 2016
OR
Use the API Explorer to make a request which would end up hitting this URL. https://api.msrc.microsoft.com/Updates('2016')?api-version=2020
Expected Behavior
The cmdlet should filter down to only Updates for the year 2016.
ID DocumentTitle
-- -------------
2016-Apr April 2016 Security Updates
2016-Aug August 2016 Security Updates
2016-Dec December 2016 Security Updates
2016-Jan January 2016 Security Updates
2016-Jul July 2016 Security Updates
2016-Jun June 2016 Security Updates
2016-May May 2016 Security Updates
2016-Nov November 2016 Security Updates
2016-Oct October 2016 Security Updates
2016-Sep September 2016 Security Updates
Actual Behavior
~52 updates, including those released this month are returned even though our filter should have restricted to year 2016. This seems to happen for all filters provided.
Tagging my friend who is also curious about this @waingrositBlog
I'm also seeing that filters are not being applied, test both via the REST API endpoint and the Powershell client (used to verify whether I made the API calls correctly)
Seeing the same behavior. any news on this?
I'm seeing the same bahaviour. Is this going to be fixed eventually? Right now the API is essentially unusable for efficient research.
Hello. Apologies for the inconvenience and thank you all for your patience. We are working on a major version update of this API which will provide proper OData filter support and more. We'll share more information soon. In the meantime, we will look into the described behavior in the current API. Thanks again.
@mdressman any updates?
The API has since been fixed, so this issue should go away as well. Please let me know if the behavior still persists.