MCPcopy Create free account
hub / github.com/aboutcode-org/vulnerablecode / bulk_search

Method bulk_search

vulnerabilities/api.py:489–545  ·  view source on GitHub ↗

Lookup for vulnerable packages using many Package URLs at once.

(self, request)

Source from the content-addressed store, hash-verified

487 pagination_class=None,
488 )
489 def bulk_search(self, request):
490 """
491 Lookup for vulnerable packages using many Package URLs at once.
492 """
493 serializer = self.serializer_class(data=request.data)
494 if not serializer.is_valid():
495 return Response(
496 status=status.HTTP_400_BAD_REQUEST,
497 data={
498 "error": serializer.errors,
499 "message": "A non-empty 'purls' list of PURLs is required.",
500 },
501 )
502 validated_data = serializer.validated_data
503 purls = validated_data.get("purls")
504 purl_only = validated_data.get("purl_only", False)
505 plain_purl = validated_data.get("plain_purl", False)
506
507 if plain_purl:
508 purl_objects = [PackageURL.from_string(purl) for purl in purls]
509 plain_purl_objects = [
510 PackageURL(
511 type=purl.type,
512 namespace=purl.namespace,
513 name=purl.name,
514 version=purl.version,
515 )
516 for purl in purl_objects
517 ]
518 plain_purls = [str(purl) for purl in plain_purl_objects]
519
520 query = (
521 Package.objects.filter(plain_package_url__in=plain_purls)
522 .order_by("plain_package_url")
523 .distinct("plain_package_url")
524 .with_is_vulnerable()
525 )
526
527 if not purl_only:
528 return Response(
529 PackageSerializer(query, many=True, context={"request": request}).data
530 )
531
532 # using order by and distinct because there will be
533 # many fully qualified purl for a single plain purl
534 vulnerable_purls = query.vulnerable().only("plain_package_url")
535 vulnerable_purls = [str(package.plain_package_url) for package in vulnerable_purls]
536 return Response(data=vulnerable_purls)
537
538 query = Package.objects.filter(package_url__in=purls).distinct().with_is_vulnerable()
539
540 if not purl_only:
541 return Response(PackageSerializer(query, many=True, context={"request": request}).data)
542
543 vulnerable_purls = query.vulnerable().only("package_url")
544 vulnerable_purls = [str(package.package_url) for package in vulnerable_purls]
545 return Response(data=vulnerable_purls)
546

Callers

nothing calls this directly

Calls 4

PackageSerializerClass · 0.85
vulnerableMethod · 0.80
getMethod · 0.45
with_is_vulnerableMethod · 0.45

Tested by

no test coverage detected