Do not report ghost packages as fix for vulnerabilities in APIv1

keshav-space · keshav-space · commit 7fe3a7e0c199 · 2024-12-03T19:20:48.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -22,9 +22,7 @@
 from rest_framework import viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
-from rest_framework.reverse import reverse
 from rest_framework.throttling import AnonRateThrottle
-from rest_framework.throttling import UserRateThrottle
 
 from vulnerabilities.models import Alias
 from vulnerabilities.models import Exploit
@@ -369,6 +367,10 @@ def get_fixing_vulnerabilities(self, package) -> dict:
         """
         Return a mapping of vulnerabilities fixed in the given `package`.
         """
+        # Ghost package should not fix any vulnerability.
+        if package.is_ghost:
+            return
+
         return self.get_vulnerabilities_for_a_package(package=package, fix=True)
 
     def get_affected_vulnerabilities(self, package) -> dict:
@@ -643,7 +645,10 @@ def get_fixed_packages_qs(self):
         """
         return (
             self.get_packages_qs()
-            .filter(fixingpackagerelatedvulnerability__isnull=False)
+            .filter(
+                fixingpackagerelatedvulnerability__isnull=False,
+                is_ghost=False,
+            )
             .with_is_vulnerable()
         )
 
