diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py index cb3fc1756..73cef8e35 100644 --- a/vulnerabilities/api.py +++ b/vulnerabilities/api.py @@ -136,13 +136,15 @@ class PackageViewSet(viewsets.ReadOnlyModelViewSet): filter_backends = (filters.DjangoFilterBackend,) filterset_class = PackageFilterSet - # TODO: Fix the swagger documentation for this endpoint - @extend_schema(request=placeholder_serializer, responses=placeholder_serializer) + class PackageBulkRequestSerializer(serializers.Serializer): + purls = serializers.ListField(child=serializers.CharField(max_length=100)) + + class PackageBulkResponseSerializer(serializers.Serializer): + result = serializers.ListField(child=PackageSerializer()) + + @extend_schema(request=PackageBulkRequestSerializer, responses=PackageBulkResponseSerializer) @action(detail=False, methods=["post"]) def bulk_search(self, request): - """ - See https://github.com/nexB/vulnerablecode/pull/369#issuecomment-796877606 for docs - """ response = [] purls = request.data.get("purls", []) or [] if not purls or not isinstance(purls, list): @@ -168,8 +170,8 @@ def bulk_search(self, request): purl_response["resolved_vulnerabilities"] = [] purl_response["purl"] = purl_string response.append(purl_response) - - return Response(response) + res = {"result": response} + return Response(res) class VulnerabilityFilterSet(filters.FilterSet): diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py index cb871f58e..130f01d49 100644 --- a/vulnerabilities/tests/test_api.py +++ b/vulnerabilities/tests/test_api.py @@ -46,7 +46,7 @@ def cleaned_response(response): - sort lists with a stable order """ cleaned_response = [] - response_copy = sorted(response, key=lambda x: x.get("purl", "")) + response_copy = sorted(response["result"], key=lambda x: x.get("purl", "")) for package_data in response_copy: package_data["unresolved_vulnerabilities"] = sorted( package_data["unresolved_vulnerabilities"], key=lambda x: x["vulnerability_id"] @@ -256,56 +256,57 @@ def test_bulk_packages_api(self): content_type="application/json", ).json() - expected_response = [ - { - "purl": "pkg:deb/debian/doesnotexist@0.9.7-10?distro=jessie", - "name": "doesnotexist", - "namespace": "debian", - "qualifiers": {"distro": "jessie"}, - "resolved_vulnerabilities": [], - "subpath": None, - "type": "deb", - "unresolved_vulnerabilities": [], - "version": "0.9.7-10", - }, - { - "name": "datadog-api-client", - "namespace": "com.datadoghq", - "purl": "pkg:maven/com.datadoghq/datadog-api-client@1.0.0-beta.7", - "qualifiers": {}, - "resolved_vulnerabilities": [], - "subpath": "", - "type": "maven", - "unresolved_vulnerabilities": [ - { - "references": [ - { - "reference_id": "", - "scores": [], - "source": "", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21331", - }, - { - "reference_id": "GHSA-2cxf-6567-7pp6", - "scores": [{"scoring_system": "cvssv3.1_qr", "value": "LOW"}], - "source": "", - "url": "https://github.com/DataDog/datadog-api-client-java/security/advisories/GHSA-2cxf-6567-7pp6", - }, - { - "reference_id": "GHSA-2cxf-6567-7pp6", - "scores": [], - "source": "", - "url": "https://github.com/advisories/GHSA-2cxf-6567-7pp6", - }, - ], - "url": "http://testserver/api/vulnerabilities/60", - "vulnerability_id": "CVE-2021-21331", - } - ], - "url": "http://testserver/api/packages/3467", - "version": "1.0.0-beta.7", - }, - ] + expected_response = { + "result": [ + { + "name": "doesnotexist", + "namespace": "debian", + "qualifiers": {"distro": "jessie"}, + "resolved_vulnerabilities": [], + "subpath": None, + "type": "deb", + "unresolved_vulnerabilities": [], + "version": "0.9.7-10", + }, + { + "name": "datadog-api-client", + "namespace": "com.datadoghq", + "purl": "pkg:maven/com.datadoghq/datadog-api-client@1.0.0-beta.7", + "qualifiers": {}, + "resolved_vulnerabilities": [], + "subpath": "", + "type": "maven", + "unresolved_vulnerabilities": [ + { + "references": [ + { + "reference_id": "", + "scores": [], + "source": "", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21331", + }, + { + "reference_id": "GHSA-2cxf-6567-7pp6", + "scores": [{"scoring_system": "cvssv3.1_qr", "value": "LOW"}], + "source": "", + "url": "https://github.com/DataDog/datadog-api-client-java/security/advisories/GHSA-2cxf-6567-7pp6", + }, + { + "reference_id": "GHSA-2cxf-6567-7pp6", + "scores": [], + "source": "", + "url": "https://github.com/advisories/GHSA-2cxf-6567-7pp6", + }, + ], + "url": "http://testserver/api/vulnerabilities/60", + "vulnerability_id": "CVE-2021-21331", + } + ], + "url": "http://testserver/api/packages/3467", + "version": "1.0.0-beta.7", + }, + ] + } assert cleaned_response(expected_response) == cleaned_response(response) def test_invalid_request_bulk_packages(self):