Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation of Bulk Search API #400

Closed
wants to merge 7 commits into from
Closed

Add documentation of Bulk Search API #400

wants to merge 7 commits into from

Conversation

AmitGupta7580
Copy link
Contributor

image
image

Response :

{ "result": [ { "url": "string", "unresolved_vulnerabilities": [ { "url": "string", "vulnerability_id": "string", "references": [ { "source": "string", "reference_id": "string", "url": "string", "scores": [ { "value": "string", "scoring_system": "cvssv2" } ] } ] } ], "resolved_vulnerabilities": [ { "url": "string", "vulnerability_id": "string", "references": [ { "source": "string", "reference_id": "string", "url": "string", "scores": [ { "value": "string", "scoring_system": "cvssv2" } ] } ] } ], "purl": "string", "type": "string", "namespace": "string", "name": "string", "version": "string", "subpath": "string", "qualifiers": {} } ] }

POSTMAN

image

@AmitGupta7580 AmitGupta7580 changed the title Added documentation of /api/package/bulk_search/ API Add documentation of Bulk Search API Mar 25, 2021
sbs2001
sbs2001 requested changes Mar 26, 2021
View reviewed changes
Copy link
Collaborator

@sbs2001 sbs2001 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AmitGupta7580 This is much much better. However could you not nest the response inside results ?

And you need to fix the DCO. Write decent commit messages, Update abcd is not very helpful.

@AmitGupta7580
Copy link
Contributor Author

However could you not nest the response inside results ?

@sbs2001 I have tried lots of things. But unable to remove that nesting. Actually some name has to be given here.

class PackageBulkResponseSerializer(serializers.Serializer):
     result = serializers.ListField(child=PackageSerializer())

Is there any problem with this representation ?

Write decent commit messages, Update abcd is not very helpful.

Actually I am just want to pass all these checks thats why I forget to name commits properly. This will not happen in future.

AmitGupta7580 and others added 5 commits March 26, 2021 13:05
@AmitGupta7580
Added documentation of /api/package/bulk_search/ API
8e4c30d 
Signed-off-by: AmitGupta7580 <[email protected]>
@sbs2001 @AmitGupta7580
Fix various importer errors
2ff0749 
- Update debian importer's schema validation
- Add tests for msr2019 importer.

Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: AmitGupta7580 <[email protected]>
@AmitGupta7580
Update test_api.py
de5301a 
Signed-off-by: AmitGupta7580 <[email protected]>
@AmitGupta7580
Update test_api.py
f06b7d8 
Signed-off-by: AmitGupta7580 <[email protected]>
@AmitGupta7580
Update api.py
79ee35a 
Signed-off-by: AmitGupta7580 <[email protected]>
@AmitGupta7580 AmitGupta7580 requested a review from sbs2001 March 27, 2021 08:51
@sbs2001
Copy link
Collaborator

sbs2001 commented Apr 5, 2021

This is still nesting the results.

sbs2001
sbs2001 requested changes Apr 14, 2021
View reviewed changes
Copy link
Collaborator

@sbs2001 sbs2001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't want to nest the results

vulnerabilities/api.py
@@ -168,8 +170,8 @@ def bulk_search(self, request):
purl_response["resolved_vulnerabilities"] = []
purl_response["purl"] = purl_string
response.append(purl_response)

return Response(response)
res = {"result": response}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still nested.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is still nesting the results.

As mentioned here https://drf-spectacular.readthedocs.io/en/latest/drf_spectacular.html#drf_spectacular.utils.extend_schema
to listing object we can use Serializer(many=True)

@extend_schema(request=PackageBulkRequestSerializer, responses=PackageSerializer(many=True))

When I am trying to return a list of Packages then it automatically convert it into paginator view.

Output :

image

And I also tried to remove pagination from setting.py file and add a custom paginator in other API's but then it adds unwanted parameters in bulk_api as it fetches directly from the Package Model.

Preview :

image

Still trying some other options..

@AmitGupta7580 AmitGupta7580 mentioned this pull request Apr 21, 2021
Closed
2 tasks
@pombredanne
Copy link
Member

@AmitGupta7580 gentle ping... do you think you can finish this?

@AmitGupta7580
Copy link
Contributor Author

Hello @pombredanne, I have tried lots of things on this but unable to remove that nesting and also suggested some other possible alternatives to it. I think I will not be able to do this task in the current version of code.

@pombredanne pombredanne mentioned this pull request Jul 21, 2021
Open
@pombredanne
Copy link
Member

In the end this is more of an API structure change than a documentation issue..... this is still valid and need to be visited in light of what we want as API principles... See also #454 as DRF spectacular should be retired IMHO.

So I am closing this now. See #511 for a follow up.

@AmitGupta7580 Thank you ++ for all your efforts here even if this is not merged... this ends up being a very valuable conversation.

@tfranzel
Copy link

tfranzel commented Aug 1, 2021

@pombredanne i tried to explain to you that you are not forced to use a CDN if you are concerned about security (comment) . You are free to host any dist package of SwaggerUI on your side and then point to that with the SWAGGER_UI_DIST and SWAGGER_UI_FAVICON_HREF URL settings. It is simply bad form (for a variety of reasons) to copy&paste an upstream project into our code base. The fact that you did not rebut my statements made me assume you agree.

@AmitGupta7580 the fix for your problem is pretty easy actually. the pagination_class is inherited from the view to bulk_search. you just need to turn off the pagination on the action like so:

    @extend_schema(request=PackageBulkRequestSerializer, responses=PackageBulkResponseSerializer)
    @action(detail=False, methods=["post"], pagination_class=None)
    def bulk_search(self, request):

@AmitGupta7580
Copy link
Contributor Author

image
image

Thank You @tfranzel It workes for me. But I am facing a problem regarding Parameters, Can you guide me how can I remove the default parameters of a Serializer.

image

@tfranzel
Copy link

tfranzel commented Aug 4, 2021
edited
Loading

@AmitGupta7580 the same mechanics apply also todjango-filter. so you need to clear the corresponding (derived) classes that invoke those mechanics (tfranzel/drf-spectacular#399).

@action(detail=False, methods=["post"], pagination_class=None, filter_backends=[])
...

FAQ: https://drf-spectacular.readthedocs.io/en/latest/faq.html#my-action-is-erroneously-paginated-or-has-filter-parameters-that-i-do-not-want

@AmitGupta7580
Copy link
Contributor Author

Thank you very much for your help @tfranzel. @pombredanne, @sbs2001 take a look on it. should I make a new PR?

image

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbs2001 sbs2001 sbs2001 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AmitGupta7580 @sbs2001 @pombredanne @tfranzel