Add fixed by package in V2 API

TG1999 · TG1999 · commit 5fddbb0ffc04 · 2025-01-02T19:20:47.000+05:30
Signed-off-by: Tushar Goel &lt;tushar.goel.dav@gmail.com&gt;
diff --git a/vulnerabilities/api_v2.py b/vulnerabilities/api_v2.py
@@ -195,7 +195,21 @@ class Meta:
         ]
 
     def get_affected_by_vulnerabilities(self, obj):
-        return [vuln.vulnerability_id for vuln in obj.affected_by_vulnerabilities.all()]
+        """
+        Return a dictionary with vulnerabilities as keys and their details, including fixed_by_packages.
+        """
+        vulnerabilities = obj.affected_by_vulnerabilities.prefetch_related("fixed_by_packages")
+        result = {}
+        for vuln in vulnerabilities:
+            fixed_by_package = vuln.fixed_by_packages.first()
+            purl = None
+            if fixed_by_package:
+                purl = fixed_by_package.package_url
+            result[vuln.vulnerability_id] = {
+                "vulnerability_id": vuln.vulnerability_id,
+                "fixed_by_packages": purl,
+            }
+        return result
 
     def get_fixing_vulnerabilities(self, obj):
         # Ghost package should not fix any vulnerability.
diff --git a/vulnerabilities/tests/test_api_v2.py b/vulnerabilities/tests/test_api_v2.py
@@ -266,7 +266,10 @@ def test_package_serializer_fields(self):
         self.assertIn("next_non_vulnerable_version", data)
         self.assertIn("latest_non_vulnerable_version", data)
         self.assertEqual(data["purl"], "pkg:pypi/django@3.2")
-        self.assertEqual(data["affected_by_vulnerabilities"], ["VCID-1234"])
+        self.assertEqual(
+            data["affected_by_vulnerabilities"],
+            {"VCID-1234": {"vulnerability_id": "VCID-1234", "fixed_by_packages": None}},
+        )
         self.assertEqual(data["fixing_vulnerabilities"], [])
 
     def test_list_packages_pagination(self):
@@ -321,7 +324,10 @@ def test_get_affected_by_vulnerabilities(self):
         package = Package.objects.get(package_url="pkg:pypi/django@3.2")
         serializer = PackageV2Serializer()
         vulnerabilities = serializer.get_affected_by_vulnerabilities(package)
-        self.assertEqual(vulnerabilities, ["VCID-1234"])
+        self.assertEqual(
+            vulnerabilities,
+            {"VCID-1234": {"vulnerability_id": "VCID-1234", "fixed_by_packages": None}},
+        )
 
     def test_get_fixing_vulnerabilities(self):
         """
@@ -523,7 +529,10 @@ def test_lookup_with_valid_purl(self):
         self.assertIn("next_non_vulnerable_version", response.data[0])
         self.assertIn("latest_non_vulnerable_version", response.data[0])
         self.assertEqual(response.data[0]["purl"], "pkg:pypi/django@3.2")
-        self.assertEqual(response.data[0]["affected_by_vulnerabilities"], ["VCID-1234"])
+        self.assertEqual(
+            response.data[0]["affected_by_vulnerabilities"],
+            {"VCID-1234": {"vulnerability_id": "VCID-1234", "fixed_by_packages": None}},
+        )
         self.assertEqual(response.data[0]["fixing_vulnerabilities"], [])
 
     def test_lookup_with_invalid_purl(self):
