Get rid of unncessary queries

TG1999 · TG1999 · commit 9702c60bb4ba · 2024-08-20T13:59:40.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -82,27 +82,23 @@ def get_resource_url(self, instance):
         return resource_url
 
 
-class MinimalPackageSerializer(BaseResourceSerializer):
+class VulnVulnIDSerializer(serializers.Serializer):
     """
-    Used for nesting inside vulnerability focused APIs.
+    Serializer for the series of vulnerability IDs.
     """
 
-    def get_affected_vulnerabilities(self, package):
-        affected_vulnerabilities = [
-            self.get_vulnerability(vuln) for vuln in package.get_affecting_vulnerabilities()
-        ]
+    vulnerability = serializers.CharField(source="vulnerability_id")
 
-        return affected_vulnerabilities
+    class Meta:
+        fields = ["vulnerability"]
 
-    def get_vulnerability(self, vuln):
-        affected_vulnerability = {}
 
-        vulnerability = vuln.get("vulnerability")
-        if vulnerability:
-            affected_vulnerability["vulnerability"] = vulnerability.vulnerability_id
-            return affected_vulnerability
+class MinimalPackageSerializer(BaseResourceSerializer):
+    """
+    Used for nesting inside vulnerability focused APIs.
+    """
 
-    affected_by_vulnerabilities = serializers.SerializerMethodField("get_affected_vulnerabilities")
+    affected_by_vulnerabilities = VulnVulnIDSerializer(source="affecting_vulns", many=True)
 
     purl = serializers.CharField(source="package_url")
 
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -868,6 +868,20 @@ def affecting_vulnerabilities(self):
         """
         return self.vulnerabilities.filter(packagerelatedvulnerability__fix=False)
 
+    @property
+    def affecting_vulns(self):
+        """
+        Return a queryset of Vulnerabilities that affect this `package`.
+        """
+        fixed_by_packages = Package.objects.get_fixed_by_package_versions(self, fix=True)
+        return self.vulnerabilities.affecting_vulnerabilities().prefetch_related(
+            Prefetch(
+                "packages",
+                queryset=fixed_by_packages,
+                to_attr="fixed_packages",
+            )
+        )
+
 
 class PackageRelatedVulnerability(models.Model):
     """
diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py
@@ -462,14 +462,14 @@ def test_api_packages_single_with_purl_in_query_num_queries(self):
             self.csrf_client.get(f"/api/packages/?purl={self.pkg_2_14_0_rc1.purl}", format="json")
 
     def test_api_packages_single_with_purl_no_version_in_query_num_queries(self):
-        with self.assertNumQueries(68):
+        with self.assertNumQueries(64):
             self.csrf_client.get(
                 f"/api/packages/?purl=pkg:maven/com.fasterxml.jackson.core/jackson-databind",
                 format="json",
             )
 
     def test_api_packages_bulk_search(self):
-        with self.assertNumQueries(49):
+        with self.assertNumQueries(45):
             packages = [self.pkg_2_12_6, self.pkg_2_12_6_1, self.pkg_2_13_1]
             purls = [p.purl for p in packages]
 
@@ -482,7 +482,7 @@ def test_api_packages_bulk_search(self):
             ).json()
 
     def test_api_packages_with_lookup(self):
-        with self.assertNumQueries(16):
+        with self.assertNumQueries(14):
             data = {"purl": self.pkg_2_12_6.purl}
 
             resp = self.csrf_client.post(
@@ -492,7 +492,7 @@ def test_api_packages_with_lookup(self):
             ).json()
 
     def test_api_packages_bulk_lookup(self):
-        with self.assertNumQueries(49):
+        with self.assertNumQueries(45):
             packages = [self.pkg_2_12_6, self.pkg_2_12_6_1, self.pkg_2_13_1]
             purls = [p.purl for p in packages]
 
@@ -556,19 +556,6 @@ def setUp(self):
         set_as_affected_by(package=self.pkg_2_13_2, vulnerability=self.vul2)
         set_as_fixing(package=self.pkg_2_13_2, vulnerability=self.vul1)
 
-    def test_api_with_package_with_no_vulnerabilities(self):
-        affected_vulnerabilities = []
-        vuln = {
-            "foo": "bar",
-        }
-
-        package_with_no_vulnerabilities = MinimalPackageSerializer.get_vulnerability(
-            self,
-            vuln,
-        )
-
-        assert package_with_no_vulnerabilities is None
-
     def test_api_with_lesser_and_greater_fixed_by_packages(self):
         response = self.csrf_client.get(f"/api/packages/{self.pkg_2_13_1.id}", format="json").data
 
