Lookup for vulnerable packages using many Package URLs at once.
(self, request)
| 487 | pagination_class=None, |
| 488 | ) |
| 489 | def bulk_search(self, request): |
| 490 | """ |
| 491 | Lookup for vulnerable packages using many Package URLs at once. |
| 492 | """ |
| 493 | serializer = self.serializer_class(data=request.data) |
| 494 | if not serializer.is_valid(): |
| 495 | return Response( |
| 496 | status=status.HTTP_400_BAD_REQUEST, |
| 497 | data={ |
| 498 | "error": serializer.errors, |
| 499 | "message": "A non-empty 'purls' list of PURLs is required.", |
| 500 | }, |
| 501 | ) |
| 502 | validated_data = serializer.validated_data |
| 503 | purls = validated_data.get("purls") |
| 504 | purl_only = validated_data.get("purl_only", False) |
| 505 | plain_purl = validated_data.get("plain_purl", False) |
| 506 | |
| 507 | if plain_purl: |
| 508 | purl_objects = [PackageURL.from_string(purl) for purl in purls] |
| 509 | plain_purl_objects = [ |
| 510 | PackageURL( |
| 511 | type=purl.type, |
| 512 | namespace=purl.namespace, |
| 513 | name=purl.name, |
| 514 | version=purl.version, |
| 515 | ) |
| 516 | for purl in purl_objects |
| 517 | ] |
| 518 | plain_purls = [str(purl) for purl in plain_purl_objects] |
| 519 | |
| 520 | query = ( |
| 521 | Package.objects.filter(plain_package_url__in=plain_purls) |
| 522 | .order_by("plain_package_url") |
| 523 | .distinct("plain_package_url") |
| 524 | .with_is_vulnerable() |
| 525 | ) |
| 526 | |
| 527 | if not purl_only: |
| 528 | return Response( |
| 529 | PackageSerializer(query, many=True, context={"request": request}).data |
| 530 | ) |
| 531 | |
| 532 | # using order by and distinct because there will be |
| 533 | # many fully qualified purl for a single plain purl |
| 534 | vulnerable_purls = query.vulnerable().only("plain_package_url") |
| 535 | vulnerable_purls = [str(package.plain_package_url) for package in vulnerable_purls] |
| 536 | return Response(data=vulnerable_purls) |
| 537 | |
| 538 | query = Package.objects.filter(package_url__in=purls).distinct().with_is_vulnerable() |
| 539 | |
| 540 | if not purl_only: |
| 541 | return Response(PackageSerializer(query, many=True, context={"request": request}).data) |
| 542 | |
| 543 | vulnerable_purls = query.vulnerable().only("package_url") |
| 544 | vulnerable_purls = [str(package.package_url) for package in vulnerable_purls] |
| 545 | return Response(data=vulnerable_purls) |
| 546 |
nothing calls this directly
no test coverage detected