| 190 | |
| 191 | |
| 192 | class PackageV2Serializer(serializers.ModelSerializer): |
| 193 | purl = serializers.CharField(source="package_url") |
| 194 | risk_score = serializers.FloatField(read_only=True) |
| 195 | affected_by_vulnerabilities = serializers.SerializerMethodField() |
| 196 | fixing_vulnerabilities = serializers.SerializerMethodField() |
| 197 | next_non_vulnerable_version = serializers.CharField(read_only=True) |
| 198 | latest_non_vulnerable_version = serializers.CharField(read_only=True) |
| 199 | |
| 200 | class Meta: |
| 201 | model = Package |
| 202 | fields = [ |
| 203 | "purl", |
| 204 | "affected_by_vulnerabilities", |
| 205 | "fixing_vulnerabilities", |
| 206 | "next_non_vulnerable_version", |
| 207 | "latest_non_vulnerable_version", |
| 208 | "risk_score", |
| 209 | ] |
| 210 | |
| 211 | def get_affected_by_vulnerabilities(self, obj): |
| 212 | """ |
| 213 | Return a dictionary with vulnerabilities as keys and their details, including fixed_by_packages. |
| 214 | """ |
| 215 | result = {} |
| 216 | request = self.context.get("request") |
| 217 | for vuln in getattr(obj, "prefetched_affected_vulnerabilities", []): |
| 218 | fixed_by_package = vuln.fixed_by_packages.first() |
| 219 | purl = None |
| 220 | if fixed_by_package: |
| 221 | purl = fixed_by_package.package_url |
| 222 | # Get code fixed for a vulnerability |
| 223 | code_fixes = CodeFix.objects.filter( |
| 224 | affected_package_vulnerability__vulnerability=vuln |
| 225 | ).distinct() |
| 226 | code_fix_urls = [ |
| 227 | reverse("codefix-detail", args=[code_fix.id], request=request) |
| 228 | for code_fix in code_fixes |
| 229 | ] |
| 230 | |
| 231 | result[vuln.vulnerability_id] = { |
| 232 | "vulnerability_id": vuln.vulnerability_id, |
| 233 | "fixed_by_packages": purl, |
| 234 | "code_fixes": code_fix_urls, |
| 235 | } |
| 236 | return result |
| 237 | |
| 238 | def get_fixing_vulnerabilities(self, obj): |
| 239 | # Ghost package should not fix any vulnerability. |
| 240 | if obj.is_ghost: |
| 241 | return [] |
| 242 | return [vuln.vulnerability_id for vuln in obj.fixing_vulnerabilities.all()] |
| 243 | |
| 244 | |
| 245 | class PackageurlListSerializer(serializers.Serializer): |
no outgoing calls
no test coverage detected