Skip to content

Commit

Permalink
Add CWE support in the API
Browse files Browse the repository at this point in the history 
Resolve merge conflict

issue: #1094

Signed-off-by: ziadhany <[email protected]>
  • Loading branch information
@ziadhany
ziadhany committed Apr 29, 2023
1 parent 2646d7e commit 52da958
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 2 deletions.
17 changes: 15 additions & 2 deletions vulnerabilities/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from vulnerabilities.models import Vulnerability
from vulnerabilities.models import VulnerabilityReference
from vulnerabilities.models import VulnerabilitySeverity
from vulnerabilities.models import Weakness
from vulnerabilities.models import get_purl_query_lookups
from vulnerabilities.throttling import StaffUserRateThrottle

Expand Down Expand Up @@ -96,15 +97,25 @@ class Meta:
fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages", "aliases"]


class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
class WeaknessSerializer(serializers.HyperlinkedModelSerializer):
"""
Used for nesting inside weakness focused APIs.
"""

class Meta:
model = Weakness
fields = ["cwe_id", "name", "description"]


class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
fixed_packages = MinimalPackageSerializer(
many=True, source="filtered_fixed_packages", read_only=True
)
affected_packages = MinimalPackageSerializer(many=True, read_only=True)

references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
aliases = AliasSerializer(many=True, source="alias")
weaknesses = WeaknessSerializer(many=True)

class Meta:
model = Vulnerability
Expand All @@ -116,6 +127,7 @@ class Meta:
"fixed_packages",
"affected_packages",
"references",
"weaknesses",
]


Expand Down Expand Up @@ -336,11 +348,12 @@ def get_queryset(self):
to a custom attribute `filtered_fixed_packages`
"""
return Vulnerability.objects.prefetch_related(
"weaknesses",
Prefetch(
"packages",
queryset=self.get_fixed_packages_qs(),
to_attr="filtered_fixed_packages",
)
),
)

serializer_class = VulnerabilitySerializer
Expand Down
17 changes: 17 additions & 0 deletions vulnerabilities/tests/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
from vulnerabilities.models import Vulnerability
from vulnerabilities.models import VulnerabilityReference
from vulnerabilities.models import VulnerabilityRelatedReference
from vulnerabilities.models import Weakness

BASE_DIR = os.path.dirname(os.path.abspath(__file__))
TEST_DATA = os.path.join(BASE_DIR, "test_data")
Expand Down Expand Up @@ -197,6 +198,8 @@ def setUp(self):
PackageRelatedVulnerability.objects.create(
package=pkg, vulnerability=self.vulnerability, fix=True
)
self.weaknesses = Weakness.objects.create(cwe_id=119)
self.weaknesses.vulnerabilities.add(self.vulnerability)

def test_api_status(self):
response = self.csrf_client.get("/api/vulnerabilities/")
Expand Down Expand Up @@ -229,6 +232,13 @@ def test_api_with_single_vulnerability(self):
],
"affected_packages": [],
"references": [],
"weaknesses": [
{
"cwe_id": 119,
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
}
],
}

def test_api_with_single_vulnerability_with_filters(self):
Expand All @@ -249,6 +259,13 @@ def test_api_with_single_vulnerability_with_filters(self):
],
"affected_packages": [],
"references": [],
"weaknesses": [
{
"cwe_id": 119,
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"description": "The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.",
}
],
}


Expand Down

0 comments on commit 52da958

Please sign in to comment.