Enable purl slug for package views #904

* Use purl slug and URL route for packages
* Use in forms, urls and templates, including a get_absolute_url()
  method.

* Rename VulnerabiltyForm forms to VulnerabiltySearchForm

* Rename PackageForm forms to PackageSearchForm

* Use new pagination template includes in search results templates. The
  pagination is the same repeated at the top and botton of the search
  results

* Display on 20 search results per page.

Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

CHANGELOG.rst

@@ -11,14 +11,17 @@ Version v30.0.0
   are available.
   Because of these extensive changes, it is not possible to migrate existing imported
   data to the new schema. You will need instead to restart imports from an empty database
-  or request access to the new vulnerablecode.io live instance.
-  You can track the progress in this issue: https://github.com/nexB/vulnerablecode/issues/597 
+  or access the new public.vulnerablecode.io live instance. We also provide a database dump.
+
+- You can track the progress of this refactoring in this issue:
+  https://github.com/nexB/vulnerablecode/issues/597 
 
 - We added new data sources including PYSEC, GitHub and GitLab.
 
 - We improved the documentation including adding development examples for importers and improvers.
 
 - We removed the ability to edit relationships from the UI. The UI is now read-only.
+
 - We replace the web UI with a brand new UI based on the same overall look and feel as ScanCode.io.
 
 - We added support for NixOS as a Linux deployment target.
@@ -42,15 +45,17 @@ Version v30.0.0
     - Add new attribute `is_resolved`
     - Add namespace filter
 
-- We have provided backward compatibility for `url` and `unresolved_vulnerabilities` for now
+- We have provided backward compatibility for `url` and `unresolved_vulnerabilities` for now.
+  These will be removed in the next major version and should be considered as deprecated.
 
-- There is a new experimental cpe/ API endpoint to lookup for vulnerabilities by CPE and 
+- There is a new experimental `cpe/` API endpoint to lookup for vulnerabilities by CPE and 
   another aliases/ endpoint to lookup for vulnerabilities by aliases. These two endpoints will be
   replaced by query parameters on the main vulnerabilities/ endpoint when stabilized.
 
-- Added filters for vulnerabilities endpoint to get fixed packages in accordance to the details given in filters:
-  For example, when you call the endpoint this way ``/api/vulnerabilities?type=pypi&namespace=foo&name=bar``,
-  you will receive only fixed versioned purls of the type ``pypi``, namespace ``foo`` and name ``bar``.
+- Added filters for vulnerabilities endpoint to get fixed packages in accordance
+  to the details given in filters: For example, when you call the endpoint this way
+  ``/api/vulnerabilities?type=pypi&namespace=foo&name=bar``, you will receive only
+  fixed versioned purls of the type ``pypi``, namespace ``foo`` and name ``bar``.
 
 - Package endpoint will give fixed packages of only those that
   matches type, name, namespace, subpath and qualifiers of the package queried.
@@ -71,8 +76,8 @@ Version v30.0.0
 
 Other:
 
-- we dropped calver to use a plain semver.
-- we adopted vers and the new univers library to handle version ranges.
+- We dropped calver to use a plain semver.
+- We adopted vers and the new univers library to handle version ranges.
 
 
 Version v20.10

vulnerabilities/forms.py

@@ -9,19 +9,8 @@
 
 from django import forms
 
-from vulnerabilities.models import Package
 
-
-def get_known_package_types():
-    """
-    Return a list of known package types.
-    """
-    pkg_types = [(i.type, i.type) for i in Package.objects.distinct("type").all()]
-    pkg_types.append((None, "Any type"))
-    return pkg_types
-
-
-class PackageForm(forms.Form):
+class PackageSearchForm(forms.Form):
 
     search = forms.CharField(
         required=True,
@@ -31,7 +20,7 @@ class PackageForm(forms.Form):
     )
 
 
-class VulnerabilityForm(forms.Form):
+class VulnerabilitySearchForm(forms.Form):
 
     search = forms.CharField(
         required=True,

vulnerabilities/models.py

@@ -12,13 +12,11 @@
 import logging
 
 from django.conf import settings
-from django.core.exceptions import ValidationError
 from django.core.validators import MaxValueValidator
 from django.core.validators import MinValueValidator
 from django.db import models
 from django.dispatch import receiver
 from django.urls import reverse
-from packageurl import PackageURL
 from packageurl.contrib.django.models import PackageURLMixin
 from rest_framework.authtoken.models import Token
 
@@ -98,7 +96,7 @@ def get_absolute_url(self):
         """
         Return this Vulnerability details URL.
         """
-        return reverse("vulnerability_view", args=[self.vulnerability_id])
+        return reverse("vulnerability_details", args=[self.vulnerability_id])
 
 
 class VulnerabilityReference(models.Model):
@@ -155,10 +153,6 @@ class Package(PackageURLMixin):
     A software package with related vulnerabilities.
     """
 
-    vulnerabilities = models.ManyToManyField(
-        to="Vulnerability", through="PackageRelatedVulnerability"
-    )
-
     # Remove the `qualifers` and `set_package_url` overrides after
     # https://github.com/package-url/packageurl-python/pull/35
     # https://github.com/package-url/packageurl-python/pull/67
@@ -171,6 +165,14 @@ class Package(PackageURLMixin):
         null=False,
     )
 
+    vulnerabilities = models.ManyToManyField(
+        to="Vulnerability", through="PackageRelatedVulnerability"
+    )
+
+    @property
+    def purl(self):
+        return self.package_url
+
     class Meta:
         unique_together = (
             "type",
@@ -221,28 +223,11 @@ def is_vulnerable(self):
         """
         return self.vulnerable_to.exists()
 
-    def set_package_url(self, package_url):
-        """
-        Set each field values to the values of the provided `package_url` string
-        or PackageURL object. Existing values are overwritten including setting
-        values to None for provided empty values.
-        """
-        if not isinstance(package_url, PackageURL):
-            package_url = PackageURL.from_string(package_url)
-
-        for field_name, value in package_url.to_dict().items():
-            model_field = self._meta.get_field(field_name)
-
-            if value and len(value) > model_field.max_length:
-                raise ValidationError(f'Value too long for field "{field_name}".')
-
-            setattr(self, field_name, value or None)
-
     def get_absolute_url(self):
         """
         Return this Package details URL.
         """
-        return reverse("package_view", args=[self.package_url])
+        return reverse("package_details", args=[self.purl])
 
 
 class PackageRelatedVulnerability(models.Model):

vulnerabilities/templates/includes/pagination.html

@@ -0,0 +1,39 @@
+<nav class="pagination is-centered is-small" aria-label="pagination">
+  {% if page_obj.has_previous %}
+    <a href="?page={{ page_obj.previous_page_number }}&search={{ search }}" class="pagination-previous">Previous</a>
+  {% else %}
+    <a class="pagination-previous" disabled>Previous</a>
+  {% endif %}
+
+  {% if page_obj.has_next %}
+    <a href="?page={{ page_obj.next_page_number }}&search={{ search }}" class="pagination-next">Next</a>
+  {% else %}
+    <a class="pagination-next" disabled>Next</a>
+  {% endif %}
+
+  <ul class="pagination-list">
+    {% if page_obj.number != 1%}
+      <li>
+        <a href="?page=1&search={{ search }}" class="pagination-link" aria-label="Goto page 1">1</a>
+      </li>
+      {% if page_obj.number > 2 %}
+        <li>
+          <span class="pagination-ellipsis">&hellip;</span>
+        </li>
+      {% endif %}
+    {% endif %}
+    <li>
+      <a class="pagination-link is-current" aria-label="Page {{ page_obj.number }}" aria-current="page">{{ page_obj.number }}</a>
+    </li>
+    {% if page_obj.number != page_obj.paginator.num_pages %}
+      {% if page_obj.next_page_number != page_obj.paginator.num_pages %}
+        <li>
+          <span class="pagination-ellipsis">&hellip;</span>
+        </li>
+      {% endif %}
+      <li>
+        <a href="?page={{ page_obj.paginator.num_pages }}&search={{ search }}" class="pagination-link" aria-label="Goto page {{ page_obj.paginator.num_pages }}">{{ page_obj.paginator.num_pages }}</a>
+      </li>
+    {% endif %}
+  </ul>
+</nav>