chg: [API] Added the possibility to filter bundles with a query on th…

…e meta JSONB field via the API.
cve-search · Aug 29, 2024 · b060379 · b060379
1 parent 6207505
commit b060379
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 62 deletions.
diff --git a/docs/_static/files/swagger.json b/docs/_static/files/swagger.json
@@ -113,6 +113,12 @@
                         "type": "string",
                         "description": "Id of a vulnerability referenced by the bundle."
                     },
+                    {
+                        "name": "meta",
+                        "in": "query",
+                        "type": "string",
+                        "description": "Query for the meta JSON field. Example: meta=[{'tags': ['tcp']}]"
+                    },
                     {
                         "name": "X-Fields",
                         "in": "header",
@@ -135,6 +141,25 @@
                     "type": "string"
                 }
             ],
+            "delete": {
+                "responses": {
+                    "204": {
+                        "description": "Success."
+                    },
+                    "403": {
+                        "description": "Administrator permission required or not the author of the bundle."
+                    },
+                    "404": {
+                        "description": "Bundle not found."
+                    }
+                },
+                "summary": "Endpoint for deleting a bundle",
+                "description": "Delete a bundle.\nOnly an admin can delete a bundle.",
+                "operationId": "delete_bundle_item",
+                "tags": [
+                    "bundle"
+                ]
+            },
             "get": {
                 "responses": {
                     "200": {
@@ -161,25 +186,6 @@
                 "tags": [
                     "bundle"
                 ]
-            },
-            "delete": {
-                "responses": {
-                    "204": {
-                        "description": "Success."
-                    },
-                    "403": {
-                        "description": "Administrator permission required or not the author of the bundle."
-                    },
-                    "404": {
-                        "description": "Bundle not found."
-                    }
-                },
-                "summary": "Endpoint for deleting a bundle",
-                "description": "Delete a bundle.\nOnly an admin can delete a bundle.",
-                "operationId": "delete_bundle_item",
-                "tags": [
-                    "bundle"
-                ]
             }
         },
         "/api/comment/": {
@@ -286,6 +292,25 @@
                     "type": "string"
                 }
             ],
+            "delete": {
+                "responses": {
+                    "204": {
+                        "description": "Success."
+                    },
+                    "403": {
+                        "description": "Commenter permission required or not the author of the comment."
+                    },
+                    "404": {
+                        "description": "Comment not found."
+                    }
+                },
+                "summary": "Endpoint for deleting a comment",
+                "description": "Delete a comment.",
+                "operationId": "delete_comment_item",
+                "tags": [
+                    "comment"
+                ]
+            },
             "get": {
                 "responses": {
                     "200": {
@@ -312,25 +337,6 @@
                 "tags": [
                     "comment"
                 ]
-            },
-            "delete": {
-                "responses": {
-                    "204": {
-                        "description": "Success."
-                    },
-                    "403": {
-                        "description": "Commenter permission required or not the author of the comment."
-                    },
-                    "404": {
-                        "description": "Comment not found."
-                    }
-                },
-                "summary": "Endpoint for deleting a comment",
-                "description": "Delete a comment.",
-                "operationId": "delete_comment_item",
-                "tags": [
-                    "comment"
-                ]
             }
         },
         "/api/configInfo": {
@@ -395,18 +401,6 @@
                     "type": "string"
                 }
             ],
-            "get": {
-                "responses": {
-                    "200": {
-                        "description": "Success"
-                    }
-                },
-                "description": "Get a vulnerability.",
-                "operationId": "get_vulnerability",
-                "tags": [
-                    "api"
-                ]
-            },
             "delete": {
                 "responses": {
                     "204": {
@@ -425,6 +419,18 @@
                 "tags": [
                     "api"
                 ]
+            },
+            "get": {
+                "responses": {
+                    "200": {
+                        "description": "Success"
+                    }
+                },
+                "description": "Get a vulnerability.",
+                "operationId": "get_vulnerability",
+                "tags": [
+                    "api"
+                ]
             }
         },
         "/api/dbInfo": {
@@ -842,18 +848,6 @@
                     "type": "string"
                 }
             ],
-            "get": {
-                "responses": {
-                    "200": {
-                        "description": "Success"
-                    }
-                },
-                "description": "Get a vulnerability.",
-                "operationId": "get_vulnerability",
-                "tags": [
-                    "default"
-                ]
-            },
             "delete": {
                 "responses": {
                     "204": {
@@ -872,6 +866,18 @@
                 "tags": [
                     "default"
                 ]
+            },
+            "get": {
+                "responses": {
+                    "200": {
+                        "description": "Success"
+                    }
+                },
+                "description": "Get a vulnerability.",
+                "operationId": "get_vulnerability",
+                "tags": [
+                    "default"
+                ]
             }
         }
     },

diff --git a/website/web/api/v1/bundle.py b/website/web/api/v1/bundle.py
@@ -42,6 +42,11 @@
     type=str,
     help="Id of a vulnerability referenced by the bundle.",
 )
+parser.add_argument(
+    "meta",
+    type=str,
+    help="Query for the meta JSON field. Example: meta=[{'tags': ['tcp']}]",
+)
 
 # Response marshalling
 bundle_params_model = {
@@ -134,6 +139,7 @@ def get(self) -> Tuple[ResultType, int]:
         uuid = args.pop("uuid", None)
         author = args.pop("author", None)
         vuln_id = args.pop("vuln_id", None)
+        meta_query = args.pop("meta", None)
 
         result: ResultType = {
             "data": [],
@@ -153,6 +159,8 @@ def get(self) -> Tuple[ResultType, int]:
             query = query.filter(Bundle.author.has(login=author))
         if vuln_id is not None:
             query = query.filter(Bundle.related_vulnerabilities.contains([vuln_id]))
+        if meta_query is not None:
+            query = query.filter(Bundle.meta.contains(meta_query))
 
         query = query.order_by(Bundle.timestamp.desc())
         total = query.count()