Remove weaknesses from view which are not in DB

TG1999 · TG1999 · commit 2df98f5b6b48 · 2023-08-03T00:29:43.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -275,17 +275,27 @@ class Weakness(models.Model):
     vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
     db = Database()
 
+    @property
+    def weakness(self):
+        """
+        Return a queryset of Weakness for this vulnerability.
+        """
+        try:
+            weakness = self.db.get(self.cwe_id)
+            return weakness
+        except Exception as e:
+            logger.warning(f"Could not find CWE {self.cwe_id}: {e}")
+            return None
+
     @property
     def name(self):
         """Return the weakness's name."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.name
+        return self.weakness.name if self.weakness else ""
 
     @property
     def description(self):
         """Return the weakness's description."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.description
+        return self.weakness.description if self.weakness else ""
 
 
 class VulnerabilityReferenceQuerySet(BaseQuerySet):
diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py
@@ -88,3 +88,9 @@ def test_vulnerability_package(self):
 
         assert v1.vulnerable_packages.all()[0] == p1
         assert v1.patched_packages.all()[0] == p2
+
+    def test_cwe_not_present_in_weaknesses_db(self):
+        w1 = models.Weakness.objects.create(name="189")
+        assert w1.weakness is None
+        assert w1.name is ""
+        assert w1.description is ""
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
@@ -116,6 +116,8 @@ def get_queryset(self):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        weaknesses = self.object.weaknesses.all()
+        weaknesses_present_in_db = [weakness for weakness in weaknesses if weakness.weakness]
         context.update(
             {
                 "vulnerability": self.object,
@@ -125,7 +127,7 @@ def get_context_data(self, **kwargs):
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),
                 "fixed_by_packages": self.object.fixed_by_packages.all(),
-                "weaknesses": self.object.weaknesses.all(),
+                "weaknesses": weaknesses_present_in_db,
             }
         )
         return context

Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,8 @@ def get_queryset(self):`
`116`	`116`
`117`	`117`	`def get_context_data(self, **kwargs):`
`118`	`118`	`context = super().get_context_data(**kwargs)`
	`119`	`+ weaknesses = self.object.weaknesses.all()`
	`120`	`+ weaknesses_present_in_db = [weakness for weakness in weaknesses if weakness.weakness]`
`119`	`121`	`context.update(`
`120`	`122`	`{`
`121`	`123`	`"vulnerability": self.object,`
`@@ -125,7 +127,7 @@ def get_context_data(self, **kwargs):`
`125`	`127`	`"aliases": self.object.aliases.all(),`
`126`	`128`	`"affected_packages": self.object.affected_packages.all(),`
`127`	`129`	`"fixed_by_packages": self.object.fixed_by_packages.all(),`
`128`		`- "weaknesses": self.object.weaknesses.all(),`
	`130`	`+ "weaknesses": weaknesses_present_in_db,`
`129`	`131`	`}`
`130`	`132`	`)`
`131`	`133`	`return context`