From c923840ab854e43dde2b4eac19c9d6f5cadac7db Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 15 Nov 2024 11:13:47 +0530 Subject: [PATCH 1/2] Add reference score to package endpoint Signed-off-by: Keshav Priyadarshi --- vulnerabilities/api.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py index 8cc07b82e..6a69b90eb 100644 --- a/vulnerabilities/api.py +++ b/vulnerabilities/api.py @@ -155,7 +155,7 @@ class VulnSerializerRefsAndSummary(BaseResourceSerializer): many=True, source="filtered_fixed_packages", read_only=True ) - references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set") + references = serializers.SerializerMethodField() aliases = serializers.SerializerMethodField() @@ -163,6 +163,18 @@ def get_aliases(self, obj): # Assuming `obj.aliases` is a queryset of `Alias` objects return [alias.alias for alias in obj.aliases.all()] + def get_references(self, vulnerability): + references = vulnerability.vulnerabilityreference_set.all() + severities = vulnerability.severities.all() + + serialized_references = VulnerabilityReferenceSerializer( + references, + context={"severities": severities}, + many=True, + ).data + + return serialized_references + class Meta: model = Vulnerability fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages", "aliases"] From f1c72748711e5f0591db6c3ad284f13e6155cdb1 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 15 Nov 2024 11:14:12 +0530 Subject: [PATCH 2/2] Test reference score in package endpoint Signed-off-by: Keshav Priyadarshi --- vulnerabilities/tests/test_api.py | 48 +++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py index d9c435528..64b51b7a2 100644 --- a/vulnerabilities/tests/test_api.py +++ b/vulnerabilities/tests/test_api.py @@ -556,6 +556,22 @@ def setUp(self): "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1" ) + self.ref = VulnerabilityReference.objects.create( + reference_type="advisory", reference_id="CVE-xxx-xxx", url="https://example.com" + ) + + self.severity = VulnerabilitySeverity.objects.create( + url="https://example.com", + scoring_system=EPSS.identifier, + scoring_elements=".0016", + value="0.526", + ) + self.vul1.references.add(self.ref) + self.vul1.severities.add(self.severity) + + self.vul3.references.add(self.ref) + self.vul3.severities.add(self.severity) + set_as_fixing(package=self.pkg_2_12_6, vulnerability=self.vul3) set_as_affected_by(package=self.pkg_2_12_6_1, vulnerability=self.vul2) @@ -587,7 +603,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self): "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul1.id), "vulnerability_id": "VCID-vul1-vul1-vul1", "summary": "This is VCID-vul1-vul1-vul1", - "references": [], + "references": [ + { + "reference_url": "https://example.com", + "reference_id": "CVE-xxx-xxx", + "reference_type": "advisory", + "scores": [ + { + "value": "0.526", + "scoring_system": "epss", + "scoring_elements": ".0016", + } + ], + "url": "https://example.com", + } + ], "fixed_packages": [ { "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id), @@ -608,7 +638,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self): "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id), "vulnerability_id": "VCID-vul3-vul3-vul3", "summary": "This is VCID-vul3-vul3-vul3", - "references": [], + "references": [ + { + "reference_url": "https://example.com", + "reference_id": "CVE-xxx-xxx", + "reference_type": "advisory", + "scores": [ + { + "value": "0.526", + "scoring_system": "epss", + "scoring_elements": ".0016", + } + ], + "url": "https://example.com", + } + ], "fixed_packages": [ { "url": "http://testserver/api/packages/{0}".format(self.pkg_2_12_6.id),