Do not report ghost packages as fix for vulnerabilities in APIv2

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
aboutcode-org · Nov 22, 2024 · a391b44 · a391b44
1 parent 6f36e15
commit a391b44
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/vulnerabilities/api_v2.py b/vulnerabilities/api_v2.py
@@ -198,6 +198,9 @@ def get_affected_by_vulnerabilities(self, obj):
         return [vuln.vulnerability_id for vuln in obj.affected_by_vulnerabilities.all()]
 
     def get_fixing_vulnerabilities(self, obj):
+        # Ghost package should not fix any vulnerability.
+        if obj.is_ghost:
+            return []
         return [vuln.vulnerability_id for vuln in obj.fixing_vulnerabilities.all()]