Update get_affected_vulnerabilities() and test #1228

Reference: #1228

Signed-off-by: John M. Horan <johnmhoran@gmail.com>

vulnerabilities/api.py

@@ -51,18 +51,17 @@ class MinimalPackageSerializer(serializers.HyperlinkedModelSerializer):
     affected_by_vulnerabilities = serializers.SerializerMethodField("get_affected_vulnerabilities")
 
     def get_affected_vulnerabilities(self, package):
-        parent_affected_vulnerabilities = package.fixed_package_details.get("vulnerabilities", None)
+        parent_affected_vulnerabilities = package.fixed_package_details.get("vulnerabilities") or []
         affected_vulnerabilities = []
 
-        if parent_affected_vulnerabilities:
-            for vuln in parent_affected_vulnerabilities:
-                affected_vulnerability = {}
+        for vuln in parent_affected_vulnerabilities:
+            affected_vulnerability = {}
 
-                affected_vulnerability["vulnerability"] = vuln.get(
-                    "vulnerability", None
-                ).vulnerability_id
+            affected_vulnerability["vulnerability"] = vuln.get(
+                "vulnerability", None
+            ).vulnerability_id
 
-                affected_vulnerabilities.append(affected_vulnerability)
+            affected_vulnerabilities.append(affected_vulnerability)
 
         return affected_vulnerabilities
 
@@ -117,7 +116,6 @@ class Meta:
 
 
 class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
-
     fixed_packages = MinimalPackageSerializer(
         many=True, source="filtered_fixed_packages", read_only=True
     )

vulnerabilities/tests/test_api.py

@@ -18,6 +18,7 @@
 from rest_framework import status
 from rest_framework.test import APIClient
 
+from vulnerabilities.api import MinimalPackageSerializer
 from vulnerabilities.api import PackageSerializer
 from vulnerabilities.models import Alias
 from vulnerabilities.models import ApiUser
@@ -88,7 +89,6 @@ def setUp(self):
         self.client.credentials(HTTP_AUTHORIZATION=self.auth)
 
     def test_query_qualifier_filtering(self):
-
         # packages to check filtering with single/multiple and unordered qualifier filtering
         pk_multi_qf = Package.objects.create(
             name="vlc", version="1.50-1.1", type="deb", qualifiers={"foo": "bar", "tar": "ball"}
@@ -393,12 +393,13 @@ def setUp(self):
         )
 
     def test_api_with_package_with_no_vulnerabilities(self):
-        """
-        This test Package has no vulnerabilities and thus its vuln dictionary includes an empty
-        "vulnerabilities" list, i.e., the vuln dictionary does not have a "vulnerability" property
-        (which would be inside the "vulnerabilities" list).
-        """
         searched_for_package = self.package_maven_jackson_databind_2_14_0_rc1
+        MinimalPackageSerializer.get_affected_vulnerabilities(self, searched_for_package)
+
+        assert (
+            MinimalPackageSerializer.get_affected_vulnerabilities(self, searched_for_package) == []
+        )
+
         searched_for_package_details = searched_for_package.fixed_package_details
 
         expected_searched_for_package_details = {

vulnerabilities/tests/test_models.py

@@ -323,7 +323,6 @@ def test_get_vulnerable_packages(self):
         assert first_fixed_by_package.purl == "pkg:pypi/redis@4.3.6"
 
     def test_string_to_package(self):
-
         purl_string = "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
         purl = PackageURL.from_string(purl_string)
         purl_to_dict = purl.to_dict()
@@ -402,6 +401,9 @@ def test_univers_version_class(self):
         pypi_package_version = RANGE_CLASS_BY_SCHEMES[pypi_package.type].version_class
         assert pypi_package_version == versions.PypiVersion
 
+        alpine_version = RANGE_CLASS_BY_SCHEMES["alpine"].version_class
+        assert alpine_version == versions.AlpineLinuxVersion
+
     def test_sort_by_version(self):
         list_to_sort = [
             "pkg:npm/sequelize@3.13.1",