The web versions of advisories provide a label and calculated risk score, where the API only provides type and criticality.

E.g. for: https://www.drupal.org/sa-contrib-2018-002

In HTML:
"Security risk: Moderately critical 14∕25 AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default"

In API JSON:

"field_sa_criticality": "AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default",
⋮
"field_sa_type": "Access Bypass",

Suggested additions:

"field_sa_criticality": "AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Default",
⋮
"field_sa_risk_label": "Moderately critical",
"field_sa_risk_score": "14/25",
⋮
"field_sa_type": "Access Bypass",

(The field_sa_risk_label field is more of a "nice to have", to avoid needing a look-up table for risk score descriptions.)

Comments

DrCuriosity created an issue. See original summary.

DrCuriosity’s picture

DrCuriosity CreditAttribution: DrCuriosity at Catalyst IT commented

Actually, now that I think about it, maybe just risk_score and risk_label, since they would likely be derived attributes rather than explicit fields in the sa node type.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
CreditAttribution: jhodgdon commented
Project: API.Drupal.org customizations » Project
Version: 7.x-1.x-dev » 7.x-2.x-dev
Component: Code » Projects

Like the related issue, I'm not sure which project these come from, but it isn't this one. This project only contains a little code for customizations on the api.drupal.org web site. I think what you're posting about probably belongs in the Project project, so moving there. Good luck...

drumm’s picture

drumm
he/him
Location NY, US
CreditAttribution: drumm at Drupal Association commented
Project: Project » Drupal.org customizations
Version: 7.x-2.x-dev » 7.x-3.x-dev
Component: Projects » Code
Related issues: +#2461167: Create Security announcement content type

This would need to be altered into the RestWS API, or Entity API which RestWS uses heavily.

DrCuriosity’s picture

DrCuriosity CreditAttribution: DrCuriosity at Catalyst IT commented

If these things are available in the HTML view but not in the API, is there some other API-exposed entity/source that the information is coming from? If so, it might be a case of documenting how to get from one to the other.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • dhanya_girish_zyxware committed 8d74d94 on 2936090-risk-label-to-SA-api 
    Issue #2936090 - Adds security risk score and risk label to SA API.

  • drumm committed 3dd6503 on 7.x-3.x, dev 
    Issue #2936090: Simplify score & label
  • dhanya_girish_zyxware committed 8d74d94 on 7.x-3.x, dev
    Issue #2936090 - Adds security risk score and risk label to SA API.

drumm credited dhanya_girish_zyxware.

drumm’s picture

drumm
he/him
Location NY, US
CreditAttribution: drumm at Drupal Association commented
Status: Active » Fixed

This has been deployed to Drupal.org. I added a note about where to find the new property to https://www.drupal.org/drupalorg/docs/api

DrCuriosity’s picture

DrCuriosity CreditAttribution: DrCuriosity at Catalyst IT commented

Excellent, thank you kindly for the work.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.