Move fixed_packages to vulnerabilities in packages endpoint #809

Reference: #809
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

vulnerabilities/api.py

@@ -52,41 +52,69 @@ class Meta:
         fields = ["url", "purl"]
 
 
-class VulnSerializerRefsAndSummary(serializers.HyperlinkedModelSerializer):
+class FilteredPackageListSerializer(serializers.ListSerializer):
+    def to_representation(self, data):
+        request = self.context["request"]
+        value = request.query_params.get("purl")
+        if value:
+            purl = unquote(value)
+            try:
+                purl = PackageURL.from_string(purl)
+
+            except ValueError as ve:
+                raise serializers.ValidationError(
+                    detail={"error": f'"{purl}" is not a valid Package URL: {ve}'},
+                )
+
+            attrs = {k: v for k, v in purl.to_dict().items() if v}
+            data = data.filter(**attrs)
+            return data
+        package_filter_data = {}
+        query_params = request.query_params
+
+        for field_name in query_params:
+            value = query_params.get(field_name)
+            if value:
+                package_filter_data[field_name] = value
+        data = data.filter(**package_filter_data)
+        return data
+
+
+class FilteredPackageSerializer(serializers.HyperlinkedModelSerializer):
     """
-    Used for nesting inside package focused APIs.
+    Used for nesting inside vulnerability focused APIs.
     """
 
-    references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
+    purl = serializers.CharField(source="package_url")
 
     class Meta:
-        model = Vulnerability
-        fields = ["url", "vulnerability_id", "summary", "references"]
+        list_serializer_class = FilteredPackageListSerializer
+        model = Package
+        fields = ["url", "purl"]
 
 
-class MinimalVulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
+class VulnSerializerRefsAndSummary(serializers.HyperlinkedModelSerializer):
     """
     Used for nesting inside package focused APIs.
     """
 
+    fixed_packages = MinimalPackageSerializer(many=True, source="resolved_to", read_only=True)
+
+    references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
+
     class Meta:
         model = Vulnerability
-        fields = ["url", "vulnerability_id"]
+        fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages"]
 
 
-class PackageSerializerFixedVulns(serializers.HyperlinkedModelSerializer):
+class MinimalVulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
     """
-    Used for nesting inside vulnerability focused APIs.
+    Used for nesting inside package focused APIs.
     """
 
-    purl = serializers.CharField(source="package_url")
-    fixing_vulnerabilities = MinimalVulnerabilitySerializer(
-        many=True, source="resolved_to", read_only=True
-    )
-
     class Meta:
-        model = Package
-        fields = ["url", "purl", "fixing_vulnerabilities"]
+        model = Vulnerability
+        fields = ["url", "vulnerability_id"]
 
 
 class AliasSerializer(serializers.HyperlinkedModelSerializer):
@@ -135,7 +163,6 @@ def to_representation(self, instance):
     fixing_vulnerabilities = VulnSerializerRefsAndSummary(
         many=True, source="resolved_to", read_only=True
     )
-    fixed_packages = PackageSerializerFixedVulns(many=True, read_only=True)
 
     class Meta:
         model = Package
@@ -149,7 +176,6 @@ class Meta:
             "qualifiers",
             "subpath",
             "affected_by_vulnerabilities",
-            "fixed_packages",
             "fixing_vulnerabilities",
         ]
 

vulnerabilities/tests/test_fix_api.py

@@ -7,6 +7,8 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+from collections import OrderedDict
+
 from django.test import TestCase
 from django.utils.http import int_to_base36
 from rest_framework import status
@@ -138,30 +140,24 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
             "namespace": "nginx",
             "name": "test",
             "version": "11",
-            "unresolved_vulnerabilities": [],
             "qualifiers": {},
             "subpath": "",
-            "fixed_packages": [
-                {
-                    "url": f"http://testserver/api/packages/{self.package.id}",
-                    "purl": "pkg:generic/nginx/test@11",
-                    "fixing_vulnerabilities": [
-                        {
-                            "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                            "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
-                        }
-                    ],
-                }
-            ],
             "affected_by_vulnerabilities": [],
             "fixing_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
                     "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
                     "summary": "test-vuln",
                     "references": [],
-                }
+                    "fixed_packages": [
+                        {
+                            "url": f"http://testserver/api/packages/{self.package.id}",
+                            "purl": "pkg:generic/nginx/test@11",
+                        }
+                    ],
+                },
             ],
+            "unresolved_vulnerabilities": [],
         }
 
     def test_api_with_single_vulnerability_and_vulnerable_package(self):
@@ -173,37 +169,37 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
             "namespace": "nginx",
             "name": "test",
             "version": "9",
-            "unresolved_vulnerabilities": [
+            "qualifiers": {},
+            "subpath": "",
+            "affected_by_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
                     "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
                     "summary": "test-vuln",
                     "references": [],
-                }
-            ],
-            "qualifiers": {},
-            "subpath": "",
-            "fixed_packages": [
-                {
-                    "url": f"http://testserver/api/packages/{self.package.id}",
-                    "purl": "pkg:generic/nginx/test@11",
-                    "fixing_vulnerabilities": [
+                    "fixed_packages": [
                         {
-                            "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                            "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
+                            "url": f"http://testserver/api/packages/{self.package.id}",
+                            "purl": "pkg:generic/nginx/test@11",
                         }
                     ],
                 }
             ],
-            "affected_by_vulnerabilities": [
+            "fixing_vulnerabilities": [],
+            "unresolved_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
                     "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
                     "summary": "test-vuln",
                     "references": [],
+                    "fixed_packages": [
+                        {
+                            "url": f"http://testserver/api/packages/{self.package.id}",
+                            "purl": "pkg:generic/nginx/test@11",
+                        }
+                    ],
                 }
             ],
-            "fixing_vulnerabilities": [],
         }