Deleting objects using the Arango TAXII Server

When I delete an object using Arango TAXII, e.g.

curl -X 'DELETE' \
  'http://127.0.0.1:8000/api/taxii2/my_root/collections/my_collection/objects/object-1234/' \
  -H 'accept: */*' \
  -H 'Authorization: Basic cmVhZF93cml0ZV91c2VyOnRlc3RpbmcxMjM=' \
  -H 'X-CSRFTOKEN: HIDDEN'

I get a 200.

But when the object from get objects, e.g.

curl -X 'GET' \
  'http://127.0.0.1:8000/api/taxii2/my_root/collections/my_collection/objects/object-1234/' \
  -H 'accept: application/taxii+json' \
  -H 'Authorization: Basic HIDDEN'

I still see the object printed.

I suspect this might be a bug.

:person_facepalming: it is a bug.

We missed the filtering parameters on the delete endpoint. I’ve raised a ticket for it here:

Currently the behaviour is that only the latest object is deleted, which is incorrect.

I’ve detailed the expected logic in the ticket. We’ll get this sorted ASAP.