Lookup for vulnerabilities affecting packages.
| 631 | |
| 632 | |
| 633 | class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet): |
| 634 | """ |
| 635 | Lookup for vulnerabilities affecting packages. |
| 636 | """ |
| 637 | |
| 638 | queryset = Vulnerability.objects.all() |
| 639 | |
| 640 | def get_fixed_packages_qs(self): |
| 641 | """ |
| 642 | Filter the packages that fixes a vulnerability |
| 643 | on fields like name, namespace and type. |
| 644 | """ |
| 645 | return ( |
| 646 | self.get_packages_qs() |
| 647 | .filter( |
| 648 | fixingpackagerelatedvulnerability__isnull=False, |
| 649 | is_ghost=False, |
| 650 | ) |
| 651 | .with_is_vulnerable() |
| 652 | ) |
| 653 | |
| 654 | def get_packages_qs(self): |
| 655 | """ |
| 656 | Filter the packages on type, namespace and name. |
| 657 | """ |
| 658 | query_params = self.request.query_params |
| 659 | package_filter_data = {} |
| 660 | for field_name in ("type", "namespace", "name"): |
| 661 | if value := query_params.get(field_name): |
| 662 | package_filter_data[field_name] = value |
| 663 | |
| 664 | return PackageFilterSet(package_filter_data).qs.with_is_vulnerable() |
| 665 | |
| 666 | def get_queryset(self): |
| 667 | """ |
| 668 | Assign filtered packages queryset from `get_fixed_packages_qs` |
| 669 | to a custom attribute `filtered_fixed_packages` |
| 670 | """ |
| 671 | return ( |
| 672 | super() |
| 673 | .get_queryset() |
| 674 | .prefetch_related( |
| 675 | "weaknesses", |
| 676 | "references", |
| 677 | "exploits", |
| 678 | "severities", |
| 679 | Prefetch( |
| 680 | "fixed_by_packages", |
| 681 | queryset=self.get_fixed_packages_qs(), |
| 682 | to_attr="filtered_fixed_packages", |
| 683 | ), |
| 684 | ) |
| 685 | ) |
| 686 | |
| 687 | serializer_class = VulnerabilitySerializer |
| 688 | filter_backends = (filters.DjangoFilterBackend,) |
| 689 | filterset_class = VulnerabilityFilterSet |
| 690 | throttle_classes = [PermissionBasedUserRateThrottle] |