如何在Graphql中获取特定的安全咨询存储库

Question

I have Tried

我已经试过这个代码了

`# Type queries into this side of the screen, and you will 
# see intelligent typeaheads aware of the current GraphQL type schema, 
# live syntax, and validation errors highlighted within the text.

# We'll get you started with a simple query showing your username!


query {
  securityAdvisories(orderBy: {field: PUBLISHED_AT, direction: DESC}, first: 2) {
    nodes {
      description
      ghsaId
      summary
      publishedAt
    }
  }
}

并得到以下响应

{
  "data": {
    "securityAdvisories": {
      "nodes": [
        {
          "description": "In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.",
          "ghsaId": "GHSA-pgwj-prpq-jpc2",
          "summary": "Critical severity vulnerability that affects symfony/dependency-injection",
          "publishedAt": "2019-11-18T17:27:31Z"
        },
        {
          "description": "Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\\`, so attacker can perform a path traversal attack to read any files on Windows platform.",
          "ghsaId": "GHSA-89r3-rcpj-h7w6",
          "summary": "Moderate severity vulnerability that affects org.apache.tapestry:tapestry-core",
          "publishedAt": "2019-11-18T17:19:03Z"
        }
      ]
    }
  }
}

但是我想要得到特定安全咨询like this的响应

也就是说，我想获取特定id的graphql响应，例如url ID是GHSA-wmx6-vxcf-c3gr

谢谢!

Answer 1

最简单的方法是使用securityAdvisory()查询。

query {
securityAdvisory(ghsaId: "GHSA-wmx6-vxcf-c3gr") {
  ghsaId
  summary
    }
}

如果出于某种原因需要使用securityAdvisories()查询，则只需添加identifier:即可。下面的查询应该获得GHSA-wmx6-vxcf-c3gr的distinct条目。

query {
securityAdvisory(ghsaId: "GHSA-wmx6-vxcf-c3gr") {
  ghsaId
  summary
    }
}