About hamish

hamish · ‎Oct 23, 2020

Does anyone know if it's possible to get a page larger than 20 entries at a time from the /api/advisories API call? There's nothing in the docs... I can cache the full entries... And when running a test, I get good speed for everything except the next page of the advisory list... If the pages were larger I'd have fewer turnaround waits. Obviously this is only really useful on the second and subsequent run through a particular advisory. But when testing new features, or fixing issues occasionally I have to run through a lot of advisories TIA H

hamish · ‎Oct 08, 2020

Hi Yes, and I use the API to gather the details. But I'm looking for an in-depth description of the attributes that come back in the response. I did find the SAID-Anatomy PDF, but that only includes a few of the elements (And doesn't match them to attribute names but fortunately they aren't very ambiguous). There is nothing about the references or product CPE's though. regards

hamish · ‎Oct 05, 2020

The link to SAID-Anatomy.pdf is broken...

hamish · ‎Oct 05, 2020

is there a document somewhere that provides a detailed description of the fields in the advisories obtained via the API? For example the products list... Or more precisely, the cpe's within the products list... TIA

hamish · ‎Jul 10, 2020

Ah! Perfect, thanks H

hamish · ‎Jul 10, 2020

We have regular meetings to discuss advisories. For make these easier and reduce the amount of manual typing people have to do, I'd like to generate URL's that would open directly onto the information for a particular advisory. Is there a URI that will do that? I tried https://app.secunia.com/#/vt/advisory-database/advisories/SA96261 (i.e. Add the advisory to the link for the advisory research) but I just get page not found and the normal list with a box to type in the advisory manually to search for it - Which is what I'm trying to get away from) perhaps an undocumented parameter to the link to perform the search automatically and show the information?

hamish · ‎May 27, 2020

Lately there have been a lot of advisories coming out that reference the same CVE's that were referenced months (Or even years) ago. Typically it's because things like Java fixes. i.e. You get separate advisories for Java 1.7, Java 1.8 and Java 11... Yet apart from the subject they're the same. We cant to relate these advisories to fixed (And Affected) packages from the vendor. e.g. RedHat. But RedHat release their errata referencing the CVE's only. So if we match the advisory to a package via the CVE we wind up with 3x advisories having the exact same package list. As an example SA94503 (Java 1.8 openjdk), SA94692 (Java 1.7 openjdk) and SA94526 (java-11-openjdk) Is there data available (Besides the free-form description) that we could use to filter the vendor packages? Or a flexera API call to get either the affected or fix package lists? H

hamish · ‎Mar 06, 2020

I'm pulling advisories via the APi for a near real-time feed of information. And had implemented the decision between cvss2 and cvss3 scores as documented in the API docs. i.e. If cvss2 is blank, use cvss3. However it would appear that there are multiple records in the feed where both the cvss2 and cvss3 scores are NOT blank. Case in point. SA76954 with a cvss3 score of 0 and a cvss2 score of 7.6, then we have some the other way around. cvss2 scores of 0 and cvss3 scores I'm really hoping that despite the documented behaviour saying otherwise, the API doesn't equate a blank with a numerical 0, because that appears to equate to a rejection.. Is there a more reliable way? e.g. empty cvss_vector?

hamish · ‎Nov 15, 2019

Ah! Stupid me... I didn't realise that the URI on the explorer could be used like that. I was trying to find a way to convince the interface to do it for me.

hamish · ‎Nov 15, 2019

For various reasons, I don't have end-2-end API access today. Is it possible to get the advisory details via the APiIexplorer? I can't seem to convince it to do anything except the advisory notification (i.e. I can't get it to access something like /api/advisory/SA12345/ Trying to enter in various fields on the filter popup just results in a URI like /api/advisoriy/?search=SA12345 The pop-up seems a bit weird too. Lots of fields called [invalid name]. is that bug? Can it be fixed?

hamish · ‎Nov 13, 2019

Some suggestions Consistent naming of products (The Solaris ones are a bit of a mess). Perhaps a short name in addition to the long-winded one. Like RHEL-8, RHEL-7, SLES-15SP1 etc. For example SOLARIS-5, SOLARIS-6 instead of some of them being Sun Microsystems, some Oracle and some Oracle formerly Sun Micro etc. A method to list all the product names available. Especially if it listed the long-winded name and the short unambiguous name proposed above The API should return an error if the parameters are incorrect. How many advisories could trace themselves back to functions ignoring the input, or the wrong input's causing unpredictable output? A proper changelog or journal capable of being returned in guaranteed sequential order. The current update listing by modified date is ambiguous for what has actually changed. Because the detail is in the advisory and you only get the LATEST info, not the info for a particular advisory change notification This would be useful for some historical what-if scenarios we're looking at presently Ability to run more than 1 session per login token. Otherwise I have to convince someone to create a new user every time I want to setup a new environment for my app Yes I could setup an internal server to provide the input to my environments but then it becomes chicken & egg when I need to enhance it for upcoming development that is not yet ready for PROD

hamish · ‎Nov 12, 2019

I see nowhere in the docs that it discusses multiple sessins at once. And you can't have more than 1 token per user either... regards

hamish · ‎Nov 12, 2019

Can a single user have multiple (Unconnected) API connections at once? Limited testing would indicate... not... It looks like having connections to the API from two unconnected environments (i.e. DEV and UAT, or even DEV and validating queries by hand) doesn't quite work. I get random 403's and occasionally I'd swear that the answer coming back wasn't what was asked... Is there session information persisted on the authentication token? And if so, is it as simple a fix as just generating a separate auth token per environment? TIA

hamish · ‎Nov 12, 2019

A journal or actual changelog access would be nice...

hamish · ‎Nov 11, 2019

Release date isn't appropriate as it doesn't change when an advisory is updated.

Online Status	Offline
Date Last Visited	‎Oct 27, 2020 09:16 AM

Larger pages from /api/advisories ?

Re: Attribute description for advisories

Re: The Anatomy of a Security Advisory

Attribute description for advisories

Re: Direct link to show an advisory?

Direct link to show an advisory?

Referencing vendor packages from advisories

cvss2 and cvss3 score are both non-blank

Re: Advisory Details via API Explorer

Advisory Details via API Explorer

Re: We Still Want Your Ideas about Software Vulner...

Re: Multiple API connections

Multiple API connections

Re: In Order feed from API