| 253 | |
| 254 | |
| 255 | class V2PackageViewSet(viewsets.ReadOnlyModelViewSet): |
| 256 | queryset = Package.objects.all() |
| 257 | serializer_class = V2LinkedPackageSerializer |
| 258 | lookup_field = "purl" |
| 259 | filter_backends = (filters.DjangoFilterBackend,) |
| 260 | filterset_class = V2PackageFilterSet |
| 261 | throttle_classes = [PermissionBasedUserRateThrottle] |
| 262 | |
| 263 | def get_queryset(self): |
| 264 | return super().get_queryset().with_is_vulnerable().prefetch_related("vulnerabilities") |
| 265 | |
| 266 | @action(detail=False, methods=["get"]) |
| 267 | def all(self, request): |
| 268 | """ |
| 269 | Return vulnerable package PURLs. |
| 270 | """ |
| 271 | vulnerable_purls = ( |
| 272 | Package.objects.vulnerable() |
| 273 | .only("package_url") |
| 274 | .order_by("package_url") |
| 275 | .distinct() |
| 276 | .values_list("package_url") |
| 277 | ) |
| 278 | return Response(vulnerable_purls) |
| 279 | |
| 280 | @extend_schema( |
| 281 | request=V2LookupRequestSerializer, |
| 282 | responses={200: V2PackageSerializer(many=True)}, |
| 283 | ) |
| 284 | @action( |
| 285 | detail=False, |
| 286 | methods=["post"], |
| 287 | serializer_class=V2LookupRequestSerializer, |
| 288 | filter_backends=[], |
| 289 | ) |
| 290 | def lookup(self, request): |
| 291 | """ |
| 292 | Return packages for a single PURL. |
| 293 | """ |
| 294 | return self._do_lookup(request, field="") |
| 295 | |
| 296 | @extend_schema( |
| 297 | request=V2PackageurlListSerializer, |
| 298 | responses={200: V2PackageSerializer(many=True)}, |
| 299 | ) |
| 300 | @action( |
| 301 | detail=False, |
| 302 | methods=["post"], |
| 303 | serializer_class=V2PackageurlListSerializer, |
| 304 | filter_backends=[], |
| 305 | ) |
| 306 | def bulk_lookup(self, request): |
| 307 | """ |
| 308 | Return packages for a list of PURLs. |
| 309 | """ |
| 310 | return self._do_lookup(request, field="purls") |
| 311 | |
| 312 | def _do_lookup(self, request, field): |