Avoid triggering fresh db query on prefetched data

- The Package.vulnerabilities property triggers
 fresh db query even on prefetched data.

Signed-off-by: Keshav Priyadarshi <[email protected]>

Author: keshav-space

vulnerabilities/management/commands/export.py

@@ -6,6 +6,7 @@
 # See https://github.com/aboutcode-org/vulnerablecode for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
+import itertools
 import logging
 from itertools import groupby
 from pathlib import Path
@@ -126,7 +127,11 @@ def export_data(self, base_path: Path):
                     }
                     package_vulnerabilities.append(package_data)
 
-                    for vuln in pkg_version.vulnerabilities:
+                    vulnerabilities = itertools.chain(
+                        pkg_version.affected_by_vulnerabilities.all(),
+                        pkg_version.fixing_vulnerabilities.all(),
+                    )
+                    for vuln in vulnerabilities:
                         vcid = vuln.vulnerability_id
                         # do not write twice the same file
                         if vcid in seen_vcid:

vulnerabilities/models.py

@@ -994,10 +994,6 @@ def next_non_vulnerable_version(self):
         next_non_vulnerable, _ = self.get_non_vulnerable_versions()
         return next_non_vulnerable.version if next_non_vulnerable else None
 
-    @property
-    def vulnerabilities(self):
-        return self.affected_by_vulnerabilities.all() | self.fixing_vulnerabilities.all()
-
     @property
     def latest_non_vulnerable_version(self):
         """

vulnerabilities/tests/test_data/export_command/aboutcode-vulnerabilities/ps/VCID-pst6-b358-aaap.yml

@@ -6,7 +6,7 @@ severities:
   - score: '7.0'
     scoring_system: cvssv3_vector
     scoring_elements: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-    published_at:
+    published_at: None
     url: https://..
 weaknesses:
   - CWE-15

vulnerabilities/tests/test_models.py

@@ -428,9 +428,7 @@ def test_affecting_vulnerabilities_vulnerabilityqueryset_method(self):
         searched_for_package = self.package_pypi_redis_4_1_1
 
         # Return a queryset of Vulnerabilities that affect this Package.
-        this_package_vulnerabilities = (
-            searched_for_package.vulnerabilities.affecting_vulnerabilities()
-        )
+        this_package_vulnerabilities = searched_for_package.affected_by
 
         assert this_package_vulnerabilities[0] == self.vuln_VCID_g2fu_45jw_aaan
         assert this_package_vulnerabilities[1] == self.vuln_VCID_rqe1_dkmg_aaad