From a391b440c9cb60a81c1ba95ab50a7e623c06ddb9 Mon Sep 17 00:00:00 2001
From: Keshav Priyadarshi <git@keshav.space>
Date: Fri, 22 Nov 2024 17:07:23 +0530
Subject: [PATCH] Do not report ghost packages as fix for vulnerabilities in
 APIv2

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
---
 vulnerabilities/api_v2.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/vulnerabilities/api_v2.py b/vulnerabilities/api_v2.py
index 58771c916..2ab782d59 100644
--- a/vulnerabilities/api_v2.py
+++ b/vulnerabilities/api_v2.py
@@ -198,6 +198,9 @@ def get_affected_by_vulnerabilities(self, obj):
         return [vuln.vulnerability_id for vuln in obj.affected_by_vulnerabilities.all()]
 
     def get_fixing_vulnerabilities(self, obj):
+        # Ghost package should not fix any vulnerability.
+        if obj.is_ghost:
+            return []
         return [vuln.vulnerability_id for vuln in obj.fixing_vulnerabilities.all()]