Add initial fixed-affected-matching work #1228

Reference: #1228

Signed-off-by: John M. Horan <johnmhoran@gmail.com>

vulnerabilities/models.py

@@ -588,6 +588,18 @@ def affected_by(self):
     # legacy aliases
     vulnerable_to = affected_by
 
+    @property
+    def test_get_fixing_purls(self):
+        """
+        This is a test -- the goal is to display the closest fixing version for a PURL that is greater
+        than the affected version and is the same type.  We want to filter on type, namespace,
+        name, qualifiers and subpath for the affected PURL.
+        """
+        return [
+            abc.fixed_by_packages
+            for abc in self.vulnerabilities.filter(packagerelatedvulnerability__fix=False)
+        ]
+
     @property
     # TODO: consider renaming to "fixes" or "fixing" ? (TBD) and updating the docstring
     def fixing(self):

vulnerabilities/templates/package_details.html

@@ -40,6 +40,58 @@
                 </table>
             </div>
 
+            <div class="content ml-3 mr-3" style="background-color: #f8f8f8; padding: 10px; border: solid 1px #d8d8d8; border-radius: 5px;">
+                <span style="font-weight: 700; color: #0066ff;">Let's try to display fixing packages for this package: {{ package.purl }}</span>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.purl</span> = {{ package.purl }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.qualifiers</span> = {{ package.qualifiers }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.vulnerabilities</span> = {{ package.vulnerabilities }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.package_url</span> = {{ package.package_url }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.plain_package_url</span> = {{ package.plain_package_url }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.purl_object</span> = {{ package.purl_object }}
+                </div>
+
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.fixing</span> = {{ package.fixing }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.fixed_packages</span> = <span class="inline-code">Server Error (500)</span>
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.is_vulnerable</span> = {{ package.is_vulnerable }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.get_absolute_url</span> = {{ package.get_absolute_url }}
+                </div>
+
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.affected_by</span> = {{ package.affected_by }}
+                </div>
+                <div style="padding: 5px 0px;">
+                    <span style="font-weight: 700; color: #cc0099;">package.test_get_fixing_purls</span> = {{ package.test_get_fixing_purls }}
+                </div>
+
+                {% for abc in package.affected_by %}
+
+                    <div style="padding: 5px 0px;"><span style="font-weight: 700; color: #cc0099;">{{ abc }}</span> -- {{ abc.fixed_by_packages }}</div>
+                    <div style="padding: 5px 0px;"><span style="font-weight: 700; color: #cc0099;">{{ abc }}</span> -- {% for pkg in abc.fixed_by_packages %}{{ pkg.purl }}{% endfor %}</div>
+
+                {% endfor %}
+
+
+
+            </div>
+
             <div class="content ml-3 mr-3">
                 <div class="has-text-weight-bold ml-1 mb-0">
                     Affected by vulnerabilities ({{ affected_by_vulnerabilities|length }})
@@ -51,6 +103,7 @@
                             <th style="width: 175px;">Vulnerability</th>
                             <th>Summary</th>
                             <th style="width: 225px;">Aliases</th>
+                            <th style="color: #ff0000;">Test fixing PURLs</th>
                         </tr>
                     </thead>
 
@@ -74,10 +127,18 @@
                                         {% endif %}
                                     {% endfor %}
                                 </td>
+                                <td style="color: #ff0000;">
+                                    <!-- {{ vulnerability.fixed_by_packages }} -->
+                                    <!-- <br /> -->
+                                    {% for pkg in vulnerability.fixed_by_packages %}
+                                        {{ pkg.purl }}
+                                    {% endfor %}
+                                </td>
                             </tr>
                         {% empty %}
                             <tr>
-                                <td colspan="3">
+                                <!-- <td colspan="3"> -->
+                                <td colspan="4"></td>
                                     This package is not known to be affected by vulnerabilities.
                                 </td>
                             </tr>

vulnerabilities/views.py

@@ -176,7 +176,6 @@ class ApiUserCreateView(generic.CreateView):
     template_name = "api_user_creation_form.html"
 
     def form_valid(self, form):
-
         try:
             response = super().form_valid(form)
         except ValidationError: