Merge pull request #1104 from TG1999/add_alias_to_package_endpoint

Add vulnerability aliases at package level in API

Author: pombredanne

vulnerabilities/api.py

@@ -53,22 +53,6 @@ class Meta:
         fields = ["url", "purl", "is_vulnerable"]
 
 
-class VulnSerializerRefsAndSummary(serializers.HyperlinkedModelSerializer):
-    """
-    Lookup vulnerabilities references by aliases (such as a CVE).
-    """
-
-    fixed_packages = MinimalPackageSerializer(
-        many=True, source="filtered_fixed_packages", read_only=True
-    )
-
-    references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
-
-    class Meta:
-        model = Vulnerability
-        fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages"]
-
-
 class MinimalVulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
     """
     Lookup vulnerabilities by aliases (such as a CVE).
@@ -89,6 +73,29 @@ class Meta:
         fields = ["alias"]
 
 
+class VulnSerializerRefsAndSummary(serializers.HyperlinkedModelSerializer):
+    """
+    Lookup vulnerabilities references by aliases (such as a CVE).
+    """
+
+    def to_representation(self, instance):
+        data = super().to_representation(instance)
+        aliases = [alias["alias"] for alias in data["aliases"]]
+        data["aliases"] = aliases
+        return data
+
+    fixed_packages = MinimalPackageSerializer(
+        many=True, source="filtered_fixed_packages", read_only=True
+    )
+
+    references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
+    aliases = AliasSerializer(many=True, source="alias")
+
+    class Meta:
+        model = Vulnerability
+        fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages", "aliases"]
+
+
 class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
 
     fixed_packages = MinimalPackageSerializer(

vulnerabilities/tests/test_api.py

@@ -296,6 +296,9 @@ def setUp(self):
         vuln1 = Vulnerability.objects.create(
             summary="test-vuln1",
         )
+        Alias.objects.create(alias="CVE-2019-1234", vulnerability=vuln1)
+        Alias.objects.create(alias="GMS-1234-4321", vulnerability=vuln1)
+        Alias.objects.create(alias="CVE-2029-1234", vulnerability=vuln)
         self.vuln1 = vuln1
         PackageRelatedVulnerability.objects.create(
             package=self.package,
@@ -340,6 +343,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
                     "summary": "test-vuln1",
                     "references": [],
                     "fixed_packages": [],
+                    "aliases": ["CVE-2019-1234", "GMS-1234-4321"],
                 }
             ],
             "fixing_vulnerabilities": [
@@ -355,6 +359,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
                             "is_vulnerable": True,
                         }
                     ],
+                    "aliases": ["CVE-2029-1234"],
                 },
             ],
             "unresolved_vulnerabilities": [
@@ -364,6 +369,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
                     "summary": "test-vuln1",
                     "references": [],
                     "fixed_packages": [],
+                    "aliases": ["CVE-2019-1234", "GMS-1234-4321"],
                 }
             ],
         }
@@ -392,6 +398,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
                             "is_vulnerable": True,
                         }
                     ],
+                    "aliases": ["CVE-2029-1234"],
                 }
             ],
             "fixing_vulnerabilities": [],
@@ -408,6 +415,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
                             "is_vulnerable": True,
                         }
                     ],
+                    "aliases": ["CVE-2029-1234"],
                 }
             ],
         }