Skip to content

Commit 9c798cf

Browse files
committed
Include PackageCommitPatch and Patch in AdvisoryV2 serialization
Fixes: #2116 Signed-off-by: Keshav Priyadarshi <git@keshav.space>
1 parent 0318583 commit 9c798cf

File tree

2 files changed

+42
-8
lines changed

2 files changed

+42
-8
lines changed

vulnerabilities/importer.py

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -512,24 +512,30 @@ def from_dict(cls, affected_pkg: dict):
512512
fixed_version_range = None
513513
affected_range = affected_pkg["affected_version_range"]
514514
fixed_range = affected_pkg["fixed_version_range"]
515-
introduced_by_commit_patches = (
516-
affected_pkg.get("introduced_by_package_commit_patches") or []
517-
)
518-
fixed_by_commit_patches = affected_pkg.get("fixed_by_package_commit_patches") or []
515+
introduced_by_commit_patches = affected_pkg.get("introduced_by_commit_patches") or []
516+
fixed_by_commit_patches = affected_pkg.get("fixed_by_commit_patches") or []
519517

520518
try:
521-
affected_version_range = VersionRange.from_string(affected_range)
522-
fixed_version_range = VersionRange.from_string(fixed_range)
519+
affected_version_range = (
520+
VersionRange.from_string(affected_range) if affected_range else None
521+
)
522+
fixed_version_range = VersionRange.from_string(fixed_range) if fixed_range else None
523523
except:
524524
tb = traceback.format_exc()
525525
logger.error(
526526
f"Cannot create AffectedPackage with invalid or unknown range: {affected_pkg!r} with error: {tb!r}"
527527
)
528528
return
529529

530-
if not fixed_version_range and not affected_version_range:
530+
if (
531+
not fixed_version_range
532+
and not affected_version_range
533+
and not introduced_by_commit_patches
534+
and not fixed_by_commit_patches
535+
):
531536
logger.error(
532-
f"Cannot create AffectedPackage without fixed or affected range: {affected_pkg!r}"
537+
f"Cannot create an AffectedPackage for: {affected_pkg!r}, at least one of the following must be provided: "
538+
"a fixed version range, an affected version range, introduced commit patches, or fixed commit patches"
533539
)
534540
return
535541

vulnerabilities/models.py

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2796,6 +2796,19 @@ class Meta:
27962796
)
27972797
]
27982798

2799+
def to_dict(self):
2800+
return {
2801+
"patch_url": self.patch_url,
2802+
"patch_text": self.patch_text,
2803+
"patch_checksum": self.patch_checksum,
2804+
}
2805+
2806+
def to_patch_data(self):
2807+
"""Return `PatchData` from the Patch."""
2808+
from vulnerabilities.importer import PatchData
2809+
2810+
return PatchData.from_dict(self.to_dict())
2811+
27992812

28002813
class PackageCommitPatch(models.Model):
28012814
"""
@@ -2823,6 +2836,14 @@ def save(self, *args, **kwargs):
28232836
class Meta:
28242837
unique_together = ["commit_hash", "vcs_url"]
28252838

2839+
def to_dict(self):
2840+
return {
2841+
"vcs_url": self.vcs_url,
2842+
"commit_hash": self.commit_hash,
2843+
"patch_text": self.patch_text,
2844+
"patch_checksum": self.patch_checksum,
2845+
}
2846+
28262847

28272848
class AdvisoryV2QuerySet(BaseQuerySet):
28282849
def latest_for_avid(self, avid: str):
@@ -3016,6 +3037,7 @@ def to_advisory_data(self) -> "AdvisoryData":
30163037
impacted.to_affected_package_data() for impacted in self.impacted_packages.all()
30173038
],
30183039
references_v2=[ref.to_reference_v2_data() for ref in self.references.all()],
3040+
patches=[patch.to_patch_data() for patch in self.patches.all()],
30193041
date_published=self.date_published,
30203042
weaknesses=[weak.cwe_id for weak in self.weaknesses.all()],
30213043
severities=[sev.to_vulnerability_severity_data() for sev in self.severities.all()],
@@ -3099,6 +3121,12 @@ def to_dict(self):
30993121
"package": purl_to_dict(self.base_purl),
31003122
"affected_version_range": self.affecting_vers,
31013123
"fixed_version_range": self.fixed_vers,
3124+
"introduced_by_commit_patches": [
3125+
commit.to_dict() for commit in self.introduced_by_package_commit_patches.all()
3126+
],
3127+
"fixed_by_commit_patches": [
3128+
commit.to_dict() for commit in self.fixed_by_package_commit_patches.all()
3129+
],
31023130
}
31033131

31043132
def to_affected_package_data(self):

0 commit comments

Comments
 (0)