Lookup for vulnerable packages using many Package URLs at once.
(self, request)
| 410 | pagination_class=None, |
| 411 | ) |
| 412 | def bulk_search(self, request): |
| 413 | """ |
| 414 | Lookup for vulnerable packages using many Package URLs at once. |
| 415 | """ |
| 416 | serializer = self.serializer_class(data=request.data) |
| 417 | if not serializer.is_valid(): |
| 418 | return Response( |
| 419 | status=status.HTTP_400_BAD_REQUEST, |
| 420 | data={ |
| 421 | "error": serializer.errors, |
| 422 | "message": "A non-empty 'purls' list of PURLs is required.", |
| 423 | }, |
| 424 | ) |
| 425 | validated_data = serializer.validated_data |
| 426 | purls = validated_data.get("purls") |
| 427 | purl_only = validated_data.get("purl_only", False) |
| 428 | plain_purl = validated_data.get("plain_purl", False) |
| 429 | |
| 430 | if plain_purl: |
| 431 | purl_objects = [PackageURL.from_string(purl) for purl in purls] |
| 432 | plain_purl_objects = [ |
| 433 | PackageURL( |
| 434 | type=purl.type, |
| 435 | namespace=purl.namespace, |
| 436 | name=purl.name, |
| 437 | version=purl.version, |
| 438 | ) |
| 439 | for purl in purl_objects |
| 440 | ] |
| 441 | plain_purls = [str(purl) for purl in plain_purl_objects] |
| 442 | |
| 443 | query = ( |
| 444 | Package.objects.filter(plain_package_url__in=plain_purls) |
| 445 | .order_by("plain_package_url") |
| 446 | .distinct("plain_package_url") |
| 447 | .with_is_vulnerable() |
| 448 | ) |
| 449 | |
| 450 | packages = query |
| 451 | |
| 452 | # Collect vulnerabilities associated with these packages |
| 453 | vulnerabilities = set() |
| 454 | for package in packages: |
| 455 | vulnerabilities.update(package.affected_by_vulnerabilities.all()) |
| 456 | vulnerabilities.update(package.fixing_vulnerabilities.all()) |
| 457 | |
| 458 | vulnerability_data = { |
| 459 | vuln.vulnerability_id: VulnerabilityV2Serializer(vuln).data |
| 460 | for vuln in vulnerabilities |
| 461 | } |
| 462 | |
| 463 | if not purl_only: |
| 464 | package_data = PackageV2Serializer( |
| 465 | packages, many=True, context={"request": request} |
| 466 | ).data |
| 467 | return Response( |
| 468 | { |
| 469 | "vulnerabilities": vulnerability_data, |
nothing calls this directly
no test coverage detected