Skip to content

Commit 04fc3e0

Browse files
TG1999TG1999
authored
Merge pull request #1655 from aboutcode-org/api-package-severity-score
Add reference score to package endpoint
2 parents ef1df71 + f1c7274 commit 04fc3e0

File tree

2 files changed

+59
-3
lines changed

2 files changed

+59
-3
lines changed

vulnerabilities/api.py

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,14 +155,26 @@ class VulnSerializerRefsAndSummary(BaseResourceSerializer):
155155
many=True, source="filtered_fixed_packages", read_only=True
156156
)
157157

158-
references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
158+
references = serializers.SerializerMethodField()
159159

160160
aliases = serializers.SerializerMethodField()
161161

162162
def get_aliases(self, obj):
163163
# Assuming `obj.aliases` is a queryset of `Alias` objects
164164
return [alias.alias for alias in obj.aliases.all()]
165165

166+
def get_references(self, vulnerability):
167+
references = vulnerability.vulnerabilityreference_set.all()
168+
severities = vulnerability.severities.all()
169+
170+
serialized_references = VulnerabilityReferenceSerializer(
171+
references,
172+
context={"severities": severities},
173+
many=True,
174+
).data
175+
176+
return serialized_references
177+
166178
class Meta:
167179
model = Vulnerability
168180
fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages", "aliases"]

vulnerabilities/tests/test_api.py

Lines changed: 46 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -556,6 +556,22 @@ def setUp(self):
556556
"pkg:maven/com.fasterxml.jackson.core/[email protected]"
557557
)
558558

559+
self.ref = VulnerabilityReference.objects.create(
560+
reference_type="advisory", reference_id="CVE-xxx-xxx", url="https://example.com"
561+
)
562+
563+
self.severity = VulnerabilitySeverity.objects.create(
564+
url="https://example.com",
565+
scoring_system=EPSS.identifier,
566+
scoring_elements=".0016",
567+
value="0.526",
568+
)
569+
self.vul1.references.add(self.ref)
570+
self.vul1.severities.add(self.severity)
571+
572+
self.vul3.references.add(self.ref)
573+
self.vul3.severities.add(self.severity)
574+
559575
set_as_fixing(package=self.pkg_2_12_6, vulnerability=self.vul3)
560576

561577
set_as_affected_by(package=self.pkg_2_12_6_1, vulnerability=self.vul2)
@@ -587,7 +603,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self):
587603
"url": "http://testserver/api/vulnerabilities/{0}".format(self.vul1.id),
588604
"vulnerability_id": "VCID-vul1-vul1-vul1",
589605
"summary": "This is VCID-vul1-vul1-vul1",
590-
"references": [],
606+
"references": [
607+
{
608+
"reference_url": "https://example.com",
609+
"reference_id": "CVE-xxx-xxx",
610+
"reference_type": "advisory",
611+
"scores": [
612+
{
613+
"value": "0.526",
614+
"scoring_system": "epss",
615+
"scoring_elements": ".0016",
616+
}
617+
],
618+
"url": "https://example.com",
619+
}
620+
],
591621
"fixed_packages": [
592622
{
593623
"url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id),
@@ -608,7 +638,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self):
608638
"url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id),
609639
"vulnerability_id": "VCID-vul3-vul3-vul3",
610640
"summary": "This is VCID-vul3-vul3-vul3",
611-
"references": [],
641+
"references": [
642+
{
643+
"reference_url": "https://example.com",
644+
"reference_id": "CVE-xxx-xxx",
645+
"reference_type": "advisory",
646+
"scores": [
647+
{
648+
"value": "0.526",
649+
"scoring_system": "epss",
650+
"scoring_elements": ".0016",
651+
}
652+
],
653+
"url": "https://example.com",
654+
}
655+
],
612656
"fixed_packages": [
613657
{
614658
"url": "http://testserver/api/packages/{0}".format(self.pkg_2_12_6.id),

0 commit comments

Comments
 (0)