Report Vulnerability severities correctly #904

* Add "severities" property to Vulnerability
  This is traversing severities through the references.
* Remove the "severities" property from a VulnerabilityReference.
* Also use "Fixed by packages" #903

Reference: #903
Reference: #904
Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

vulnerabilities/models.py

@@ -10,7 +10,6 @@
 import hashlib
 import json
 import logging
-import uuid
 
 from django.conf import settings
 from django.core.exceptions import ValidationError
@@ -59,6 +58,11 @@ class Vulnerability(models.Model):
         through="PackageRelatedVulnerability",
     )
 
+    @property
+    def severities(self):
+        for reference in self.references.all():
+            yield from VulnerabilitySeverity.objects.filter(reference=reference.id)
+
     def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
         if not self.vulnerability_id:
@@ -115,10 +119,6 @@ class VulnerabilityReference(models.Model):
         blank=True,
     )
 
-    @property
-    def severities(self):
-        return VulnerabilitySeverity.objects.filter(reference=self.id)
-
     class Meta:
         unique_together = (
             "url",

vulnerabilities/templates/vulnerability_details.html

@@ -56,7 +56,7 @@
                     <li data-tab="4">
                         <a>
                             <span>
-                                Fixed packages ({{ vulnerability.resolved_to|length }})
+                                Fixed by packages ({{ vulnerability.resolved_to|length }})
                             </span>
                         </a>
                     </li>
@@ -106,32 +106,30 @@
                         Severity ({{ severities|length }})
                     </div>
                     <div class="tab-nested-div">
-                        {% if vulnerability.references.all %}
+                        {% if severities %}
                             <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                                 <tr>
                                     <th> System </th>
                                     <th> Score </th>
                                     <th> Found at </th>
                                 </tr>
-                                {% for ref in vulnerability.references.all %}
-                                    {% for sever in ref.severities %}
-                                        <tr>
-                                            <td>{{ sever.scoring_system }}</td>
-                                            <td>{{ sever.value }}</td>
-                                            {% if ref.url %}
-                                                <td><a href="{{ ref.url }}" target="_blank">
-                                                {{ ref.url }}<i class="fa fa-external-link fa_link_custom"></i></a></td>
-                                            {% else %}
-                                                <td>{{ ref.reference_id }}</td>
-                                            {% endif %}
-                                        </tr>
-                                    {% endfor %}
-                                {% empty %}
-                                    <tr>
-                                        <td colspan="3">
-                                            There are no severity scores.
-                                        </td>
-                                    </tr>
+                                {% for severity in severities %}
+                                <tr>
+                                    <td>{{ severity.scoring_system }}</td>
+                                    <td>{{ severity.value }}</td>
+                                    {% if severity.reference.url %}
+                                        <td><a href="{{ severity.reference.url }}" target="_blank">
+                                        {{ severity.reference.url }}<i class="fa fa-external-link fa_link_custom"></i></a></td>
+                                    {% else %}
+                                        <td>{{ severity.reference.reference_id }}</td>
+                                    {% endif %}
+                                </tr>
+                               {% empty %}
+                                <tr>
+                                    <td colspan="3">
+                                        There are no severity scores.
+                                    </td>
+                                </tr>
                                 {% endfor %}
                             </table>
                         {% endif %}
@@ -147,9 +145,9 @@
                                     </span>
                                 </td>
                                 <td style="border: 0; padding: 8px 12px 3px 3px; vertical-align: bottom;" class="has-text-weight-bold">
-                                    Fixed packages
+                                    Fixed by packages
                                     <span style="font-weight: normal;">({{ vulnerability.resolved_to.all|length }})
-                                        (see <i>Fixed packages</i> tab)
+                                        (see <i>Fixed by packages</i> tab)
                                     </span>
                                 </td>
                             </tr>

vulnerabilities/tests/test_view.py

@@ -18,14 +18,11 @@ class PackageSearchTestCase(TestCase):
     def setUp(self):
         self.client = Client()
 
-    def test_paginator(self):
-        """
-        Test PackageSearch paginator
-        """
+    def test_packages_search_view_paginator(self):
         response = self.client.get("/packages/search?type=deb&name=&page=1")
         self.assertEqual(response.status_code, 200)
         response = self.client.get("/packages/search?type=deb&name=&page=*")
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 404)
         response = self.client.get("/packages/search?type=deb&name=&page=")
         self.assertEqual(response.status_code, 200)
         response = self.client.get("/packages/search?type=&name=&page=")
@@ -41,7 +38,7 @@ def setUp(self):
         self.id = vulnerability.id
         self.client = Client()
 
-    def test_vulnerabilties(self):
+    def test_vulnerabilties_search_view(self):
         """
         Test Vulnerability View
         """
@@ -55,9 +52,9 @@ def test_vulnerabilties_search(self):
         response = self.client.get(f"/vulnerabilities/search")
         self.assertEqual(response.status_code, 200)
 
-    def test_alias(self):
+    def test_vulnerabilities_alias(self):
         """
         Test Vulnerability Search View
         """
-        response = self.client.get(f"/vulnerabilities/search?vuln_id=TEST-2022")
+        response = self.client.get(f"/vulnerabilities/search?vulnerability_id=TEST-2022")
         self.assertEqual(response.status_code, 200)

vulnerabilities/views.py

@@ -7,7 +7,6 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
-
 from django.db.models import Count
 from django.db.models import Q
 from django.http.response import HttpResponseNotAllowed
@@ -172,6 +171,7 @@ def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context["vulnerability"] = self.object
         context["vulnerability_form"] = VulnerabilityForm(self.request.GET)
+        context["severities"] = list(self.object.severities)
         return context