Skip to content

Commit

Permalink
Update MinimalPackageSerializer() and missing-vulnerability-key test #…
Browse files Browse the repository at this point in the history 
…1228

Reference: #1228

Signed-off-by: John M. Horan <johnmhoran@gmail.com>
  • Loading branch information
@johnmhoran
johnmhoran committed Nov 22, 2023
1 parent 6cd41d3 commit e111dbe
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 50 deletions.
18 changes: 10 additions & 8 deletions vulnerabilities/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,22 +48,24 @@ class MinimalPackageSerializer(serializers.HyperlinkedModelSerializer):
Used for nesting inside vulnerability focused APIs.
"""

affected_by_vulnerabilities = serializers.SerializerMethodField("get_affected_vulnerabilities")

def get_affected_vulnerabilities(self, package):
parent_affected_vulnerabilities = package.fixed_package_details.get("vulnerabilities") or []
affected_vulnerabilities = []

for vuln in parent_affected_vulnerabilities:
affected_vulnerability = {}
self.get_vulnerability(vuln, affected_vulnerabilities)

affected_vulnerability["vulnerability"] = vuln.get(
"vulnerability", None
).vulnerability_id
return affected_vulnerabilities

affected_vulnerabilities.append(affected_vulnerability)
def get_vulnerability(self, vuln, affected_vulnerabilities):
affected_vulnerability = {}

return affected_vulnerabilities
if vuln.get("vulnerability"):
affected_vulnerability["vulnerability"] = vuln.get("vulnerability").vulnerability_id

affected_vulnerabilities.append(affected_vulnerability)

affected_by_vulnerabilities = serializers.SerializerMethodField("get_affected_vulnerabilities")

purl = serializers.CharField(source="package_url")

Expand Down
49 changes: 7 additions & 42 deletions vulnerabilities/tests/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -393,51 +393,16 @@ def setUp(self):
)

def test_api_with_package_with_no_vulnerabilities(self):
searched_for_package = self.package_maven_jackson_databind_2_14_0_rc1
MinimalPackageSerializer.get_affected_vulnerabilities(self, searched_for_package)

assert (
MinimalPackageSerializer.get_affected_vulnerabilities(self, searched_for_package) == []
)

searched_for_package_details = searched_for_package.fixed_package_details

expected_searched_for_package_details = {
"purl": PackageURL(
type="maven",
namespace="com.fasterxml.jackson.core",
name="jackson-databind",
version="2.14.0-rc1",
qualifiers={},
subpath=None,
),
"next_non_vulnerable": None,
"latest_non_vulnerable": None,
"vulnerabilities": [],
affected_vulnerabilities = []
vuln = {
"foo": "bar",
}

assert searched_for_package_details == expected_searched_for_package_details

response = self.csrf_client.get(
f"/api/packages/{self.package_maven_jackson_databind_2_14_0_rc1.id}", format="json"
).data

expected_response = {
"url": f"http://testserver/api/packages/{self.package_maven_jackson_databind_2_14_0_rc1.id}",
"purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1",
"type": "maven",
"namespace": "com.fasterxml.jackson.core",
"name": "jackson-databind",
"version": "2.14.0-rc1",
"qualifiers": {},
"subpath": "",
"next_non_vulnerable_version": None,
"latest_non_vulnerable_version": None,
"affected_by_vulnerabilities": [],
"fixing_vulnerabilities": [],
}
package_with_no_vulnerabilities = MinimalPackageSerializer.get_vulnerability(
self, vuln, affected_vulnerabilities
)

assert response == expected_response
assert package_with_no_vulnerabilities is None

def test_api_with_lesser_and_greater_fixed_by_packages(self):
response = self.csrf_client.get(
Expand Down

0 comments on commit e111dbe

Please sign in to comment.