Provide a way to fetch lists of all vulnerable CPEs and PURLs

[tdruez]

Add extra actions on the packages and cpes API endpoint that would return a single list of all vulnerable PURLs and CPEs.

For examples:

GET /api/packages/all/

[
  "purl1",
  "purl2",
  "purl3",
  ...
]

GET /api/cpes/all/

[
  "cpe1",
  "cpe2",
  "cpe3",
  ...
]

Make sure to not include PURLs nor CPEs that are not vulnerable.

[tdruez]

Tushar Goel: should we add pagination for this #932 ?

tomd What’s your reasoning? It kind of defeat the purpose of having the full list of purl in a single request.

Tushar Goel The reasoning was that when we have a huge volume of purls, the request will take a long time to be fetched, so by pagination we can serve small list of purls quickly.

tomd We’ll have to see how long on the large PURL dataset. We can then decide the type of pagination we may need. I’m not sure that fetching those 100 at the time will be faster than the large request. My suggestion is to deploy this new action and see the performance on the actual set of data before implementing anything else.

Tushar Goel Got it!

[pombredanne]

we have purls but not CPEs yet