I’m using the search endpoint of the V3 rest api (I know, it’s in beta.) I’m getting some unexpected results and am wondering if I’m doing something wrong.
Here’s the endpoint I’m hitting via cURL:
https://mysite.atlassian.net/rest/api/3/search?jql=issuetype=Vulnerability&resolution=Unresolved
When I use that same JQL in a filter, I get the expected results: 11 issues from a single project (only one project has a Vulnerability issue type.)
But when I use it via the rest api call, it’s returning results from another project, as well, which doesn’t have Vulnerability as an issue type.
$ch = curl_init();
$url = "https://mysite.atlassian.net/rest/api/3/search?jql=issuetype=Vulnerability&resolution=Unresolved";
$headers = array(
"Content-Type:application/json",
"Authorization: Basic my_key"
);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch,CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($ch);
$array = json_decode($result,TRUE);
$issues = $array['issues'];
curl_close($ch);
$existingVulns = array();
foreach($issues as $issue) {
error_log("+++looking at " . $issue['key'] . ": " . $issue['fields']['customfield_10104']);
if($issue['fields']['customfield_10104'] != "" ) {
$existingVulns[] = $issue['fields']['customfield_10104'];
}
}
error_log("+++existingVulns: " . print_r($existingVulns, 1));
In the loop above, I’m error-logging looping through all issues returned by the API call and printing out the issue key and a custom field value. I’m seeing results in the issues keys from a project that shouldn’t be there. This is what the error log looks like; WH issues are correct; WCC issues should not be returned by that jql.
Any ideas?