Merge pull request #766 from TG1999/alias_api

Add search in API via alias
aboutcode-org · Jun 16, 2022 · b5caea3 · b5caea3
2 parents a4ccd37 + 88f4f4b
commit b5caea3
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 4 deletions.
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -157,6 +157,7 @@ def filter_purl(self, queryset, name, value):
 class PackageViewSet(viewsets.ReadOnlyModelViewSet):
     queryset = Package.objects.all()
     serializer_class = PackageSerializer
+    paginate_by = 50
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = PackageFilterSet
 
@@ -212,10 +213,6 @@ class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet):
 class CPEFilterSet(filters.FilterSet):
     cpe = filters.CharFilter(method="filter_cpe")
 
-    class Meta:
-        model = Vulnerability
-        fields = ["vulnerabilityreference__reference_id"]
-
     def filter_cpe(self, queryset, name, value):
         cpe = unquote(value)
         return self.queryset.filter(vulnerabilityreference__reference_id__startswith=cpe).distinct()
@@ -229,3 +226,19 @@ class CPEViewSet(viewsets.ReadOnlyModelViewSet):
     paginate_by = 50
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = CPEFilterSet
+
+
+class AliasFilterSet(filters.FilterSet):
+    alias = filters.CharFilter(method="filter_alias")
+
+    def filter_alias(self, queryset, name, value):
+        alias = unquote(value)
+        return self.queryset.filter(aliases__alias__icontains=alias)
+
+
+class AliasViewSet(viewsets.ReadOnlyModelViewSet):
+    queryset = Vulnerability.objects.all()
+    serializer_class = VulnerabilitySerializer
+    paginate_by = 50
+    filter_backends = (filters.DjangoFilterBackend,)
+    filterset_class = AliasFilterSet
diff --git a/vulnerabilities/tests/test_fix_api.py b/vulnerabilities/tests/test_fix_api.py
@@ -24,6 +24,7 @@
 from django.utils.http import int_to_base36
 from rest_framework import status
 
+from vulnerabilities.models import Alias
 from vulnerabilities.models import Package
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityReference
@@ -125,3 +126,18 @@ def test_api_status(self):
     def test_api_response(self):
         response = self.client.get("/api/cpes/?cpe=cpe:/a:nginx:9", format="json").data
         self.assertEqual(response["count"], 1)
+
+
+class AliasApi(TestCase):
+    def setUp(self):
+        self.vulnerability = Vulnerability.objects.create(summary="test")
+        for i in range(0, 10):
+            Alias.objects.create(alias=f"CVE-{i}", vulnerability=self.vulnerability)
+
+    def test_api_status(self):
+        response = self.client.get("/api/alias/", format="json")
+        self.assertEqual(status.HTTP_200_OK, response.status_code)
+
+    def test_api_response(self):
+        response = self.client.get("/api/alias?alias=CVE-9", format="json").data
+        self.assertEqual(response["count"], 1)
diff --git a/vulnerablecode/urls.py b/vulnerablecode/urls.py
@@ -26,6 +26,7 @@
 from django.urls import path
 from rest_framework.routers import DefaultRouter
 
+from vulnerabilities.api import AliasViewSet
 from vulnerabilities.api import CPEViewSet
 from vulnerabilities.api import PackageViewSet
 from vulnerabilities.api import VulnerabilityViewSet
@@ -49,6 +50,8 @@ def __init__(self, *args, **kwargs):
 # `DefaultRouter` requires `basename` when registering viewsets that don't define a queryset.
 api_router.register(r"vulnerabilities", VulnerabilityViewSet, basename="vulnerability")
 api_router.register(r"cpes", CPEViewSet, basename="cpe")
+api_router.register(r"alias", AliasViewSet, basename="alias")
+
 
 urlpatterns = [
     path("admin/", admin.site.urls),