MCPcopy Index your code
hub / github.com/aboutcode-org/vulnerablecode / bulk_search

Method bulk_search

vulnerabilities/api_v2.py:412–506  ·  view source on GitHub ↗

Lookup for vulnerable packages using many Package URLs at once.

(self, request)

Source from the content-addressed store, hash-verified

410 pagination_class=None,
411 )
412 def bulk_search(self, request):
413 """
414 Lookup for vulnerable packages using many Package URLs at once.
415 """
416 serializer = self.serializer_class(data=request.data)
417 if not serializer.is_valid():
418 return Response(
419 status=status.HTTP_400_BAD_REQUEST,
420 data={
421 "error": serializer.errors,
422 "message": "A non-empty 'purls' list of PURLs is required.",
423 },
424 )
425 validated_data = serializer.validated_data
426 purls = validated_data.get("purls")
427 purl_only = validated_data.get("purl_only", False)
428 plain_purl = validated_data.get("plain_purl", False)
429
430 if plain_purl:
431 purl_objects = [PackageURL.from_string(purl) for purl in purls]
432 plain_purl_objects = [
433 PackageURL(
434 type=purl.type,
435 namespace=purl.namespace,
436 name=purl.name,
437 version=purl.version,
438 )
439 for purl in purl_objects
440 ]
441 plain_purls = [str(purl) for purl in plain_purl_objects]
442
443 query = (
444 Package.objects.filter(plain_package_url__in=plain_purls)
445 .order_by("plain_package_url")
446 .distinct("plain_package_url")
447 .with_is_vulnerable()
448 )
449
450 packages = query
451
452 # Collect vulnerabilities associated with these packages
453 vulnerabilities = set()
454 for package in packages:
455 vulnerabilities.update(package.affected_by_vulnerabilities.all())
456 vulnerabilities.update(package.fixing_vulnerabilities.all())
457
458 vulnerability_data = {
459 vuln.vulnerability_id: VulnerabilityV2Serializer(vuln).data
460 for vuln in vulnerabilities
461 }
462
463 if not purl_only:
464 package_data = PackageV2Serializer(
465 packages, many=True, context={"request": request}
466 ).data
467 return Response(
468 {
469 "vulnerabilities": vulnerability_data,

Callers

nothing calls this directly

Calls 6

PackageV2SerializerClass · 0.85
vulnerableMethod · 0.80
getMethod · 0.45
with_is_vulnerableMethod · 0.45
allMethod · 0.45

Tested by

no test coverage detected