AnsweredAssumed Answered

WAS api issues ....

Question asked by wkolatac on Aug 5, 2019
Latest reply on Aug 16, 2019 by Dave Ferguson

Hi -

I've been running the following process, via PHP code, for many months without issue.  The last day or so I've been having odd issues/behavior.  Hopefully someone can help....

 

I make a count/was/finding with the following XML:

<ServiceRequest>

<filters>

<Criteria field="severity" operator="GREATER">3</Criteria>

<Criteria field="type" operator="EQUALS">VULNERABILITY</Criteria>

<Criteria field="status" operator="NOT EQUALS">FIXED</Criteria>

<Criteria field="id" operator="GREATER">0</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">FALSE_POSITIVE</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">RISK_ACCEPTED</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">NOT_APPLICABLE</Criteria>

</filters>

</ServiceRequest>

 

This returns a count of 1211.

 

Then I make a search/was/finding call, to retrieve the first 1000 entries, with the following XML (same criteria as above)

<ServiceRequest>

<preferences>

<verbose>false</verbose>

<limitResults>1000</limitResults>

</preferences>

<filters>

<Criteria field="severity" operator="GREATER">3</Criteria>

<Criteria field="type" operator="EQUALS">VULNERABILITY</Criteria>

<Criteria field="status" operator="NOT EQUALS">FIXED</Criteria>

<Criteria field="id" operator="GREATER">value of lastId</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">FALSE_POSITIVE</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">RISK_ACCEPTED</Criteria>

<Criteria field="ignoredReason" operator="NOT EQUALS">NOT_APPLICABLE</Criteria>

</filters>

</ServiceRequest>

 

This works fine.  I use the lastId value from the call above to make another search/was/finding call using the same XML, except the zero in the Critera element for field=id is set to the value of the lastId.  This call is timing out: curlErrno=28 curlError=Operation timed out after 120000 milliseconds with 0 bytes received.

 

I tried changing the limitResults in the Preferences element to 700 and the odd thing is I got 700 entries on the first call but only 4 on the second call (this time it did not time out).  The hasMoreRecords=false and the lastId=blank.

 

So even though the second call didn't time out, it only thinks there are 704 vulnerability findings even though the count/was/finding reported a count of 1211.

 

I know there where some platform changes recently but thought I read there would be no impact to the API stuff...

 

Anyone have any insight as to what changed/when it will be remediated?  Any one else having this issue?

Outcomes