Merge pull request #869 from TG1999/is_vulnerable_package

TG1999 · web-flow · commit d72c3b9e390f · 2022-08-25T22:59:43.000+05:30
Add is_vulnerable property in fixed and affected_packages
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -66,6 +66,8 @@ Version v30.0.0
   their API Key in the REST API.
   Users can be created using the Django "createsuperuser" management command.
 
+- Add is_vulnerable property in fixed and affected_packages.
+
 Other:
 
 - we dropped calver to use a plain semver.
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -48,7 +48,7 @@ class MinimalPackageSerializer(serializers.HyperlinkedModelSerializer):
 
     class Meta:
         model = Package
-        fields = ["url", "purl"]
+        fields = ["url", "purl", "is_vulnerable"]
 
 
 class VulnSerializerRefsAndSummary(serializers.HyperlinkedModelSerializer):
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -210,6 +210,13 @@ def fixed_packages(self):
             packagerelatedvulnerability__fix=True,
         ).distinct()
 
+    @property
+    def is_vulnerable(self):
+        """
+        Returns True if this package is vulnerable to any vulnerability.
+        """
+        return self.vulnerable_to.exists()
+
     def set_package_url(self, package_url):
         """
         Set each field values to the values of the provided `package_url` string
diff --git a/vulnerabilities/tests/test_fix_api.py b/vulnerabilities/tests/test_fix_api.py
@@ -66,10 +66,12 @@ def test_api_with_single_vulnerability(self):
                 {
                     "url": f"http://testserver/api/packages/{self.pkg1.id}",
                     "purl": "pkg:pypi/flask@0.1.2",
+                    "is_vulnerable": False,
                 },
                 {
                     "url": f"http://testserver/api/packages/{self.pkg2.id}",
                     "purl": "pkg:debian/flask@0.1.2",
+                    "is_vulnerable": False,
                 },
             ],
             "affected_packages": [],
@@ -89,6 +91,7 @@ def test_api_with_single_vulnerability_with_filters(self):
                 {
                     "url": f"http://testserver/api/packages/{self.pkg1.id}",
                     "purl": "pkg:pypi/flask@0.1.2",
+                    "is_vulnerable": False,
                 },
             ],
             "affected_packages": [],
@@ -136,6 +139,18 @@ def setUp(self):
             vulnerability=vuln,
             fix=True,
         )
+        vuln1 = Vulnerability.objects.create(
+            summary="test-vuln1",
+        )
+        self.vuln1 = vuln1
+        PackageRelatedVulnerability.objects.create(
+            package=self.package,
+            vulnerability=vuln1,
+            fix=False,
+        )
+
+    def test_is_vulnerable_attribute(self):
+        self.assertTrue(self.package.is_vulnerable)
 
     def test_api_status(self):
         response = self.csrf_client.get("/api/packages/", format="json")
@@ -156,7 +171,15 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
             "version": "11",
             "qualifiers": {},
             "subpath": "",
-            "affected_by_vulnerabilities": [],
+            "affected_by_vulnerabilities": [
+                {
+                    "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
+                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
+                    "summary": "test-vuln1",
+                    "references": [],
+                    "fixed_packages": [],
+                }
+            ],
             "fixing_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
@@ -167,11 +190,20 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
                         {
                             "url": f"http://testserver/api/packages/{self.package.id}",
                             "purl": "pkg:generic/nginx/test@11",
+                            "is_vulnerable": True,
                         }
                     ],
                 },
             ],
-            "unresolved_vulnerabilities": [],
+            "unresolved_vulnerabilities": [
+                {
+                    "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
+                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
+                    "summary": "test-vuln1",
+                    "references": [],
+                    "fixed_packages": [],
+                }
+            ],
         }
 
     def test_api_with_single_vulnerability_and_vulnerable_package(self):
@@ -195,6 +227,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
                         {
                             "url": f"http://testserver/api/packages/{self.package.id}",
                             "purl": "pkg:generic/nginx/test@11",
+                            "is_vulnerable": True,
                         }
                     ],
                 }
@@ -210,6 +243,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
                         {
                             "url": f"http://testserver/api/packages/{self.package.id}",
                             "purl": "pkg:generic/nginx/test@11",
+                            "is_vulnerable": True,
                         }
                     ],
                 }
