From 1e4079ddb78caa9630e2dff75fe84a0a80f44d58 Mon Sep 17 00:00:00 2001 From: "John M. Horan" Date: Tue, 25 Jul 2023 20:53:57 -0700 Subject: [PATCH] Add initial fixed-affected-matching work #1228 Reference: https://github.com/nexB/vulnerablecode/issues/1228 Signed-off-by: John M. Horan --- vulnerabilities/models.py | 12 ++++ .../templates/package_details.html | 63 ++++++++++++++++++- vulnerabilities/views.py | 1 - 3 files changed, 74 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index 16c93002f..545953316 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -588,6 +588,18 @@ def affected_by(self): # legacy aliases vulnerable_to = affected_by + @property + def test_get_fixing_purls(self): + """ + This is a test -- the goal is to display the closest fixing version for a PURL that is greater + than the affected version and is the same type. We want to filter on type, namespace, + name, qualifiers and subpath for the affected PURL. + """ + return [ + abc.fixed_by_packages + for abc in self.vulnerabilities.filter(packagerelatedvulnerability__fix=False) + ] + @property # TODO: consider renaming to "fixes" or "fixing" ? (TBD) and updating the docstring def fixing(self): diff --git a/vulnerabilities/templates/package_details.html b/vulnerabilities/templates/package_details.html index 6a391d3d3..bb076c930 100644 --- a/vulnerabilities/templates/package_details.html +++ b/vulnerabilities/templates/package_details.html @@ -40,6 +40,58 @@ +
+ Let's try to display fixing packages for this package: {{ package.purl }} +
+ package.purl = {{ package.purl }} +
+
+ package.qualifiers = {{ package.qualifiers }} +
+
+ package.vulnerabilities = {{ package.vulnerabilities }} +
+
+ package.package_url = {{ package.package_url }} +
+
+ package.plain_package_url = {{ package.plain_package_url }} +
+
+ package.purl_object = {{ package.purl_object }} +
+ +
+ package.fixing = {{ package.fixing }} +
+
+ package.fixed_packages = Server Error (500) +
+
+ package.is_vulnerable = {{ package.is_vulnerable }} +
+
+ package.get_absolute_url = {{ package.get_absolute_url }} +
+ +
+ package.affected_by = {{ package.affected_by }} +
+
+ package.test_get_fixing_purls = {{ package.test_get_fixing_purls }} +
+ + {% for abc in package.affected_by %} + +
{{ abc }} -- {{ abc.fixed_by_packages }}
+
{{ abc }} -- {% for pkg in abc.fixed_by_packages %}{{ pkg.purl }}{% endfor %}
+ + {% endfor %} + + + +
+
Affected by vulnerabilities ({{ affected_by_vulnerabilities|length }}) @@ -51,6 +103,7 @@ Vulnerability Summary Aliases + Test fixing PURLs @@ -74,10 +127,18 @@ {% endif %} {% endfor %} + + + + {% for pkg in vulnerability.fixed_by_packages %} + {{ pkg.purl }} + {% endfor %} + {% empty %} - + + This package is not known to be affected by vulnerabilities. diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py index e96f43a6d..fad42eae8 100644 --- a/vulnerabilities/views.py +++ b/vulnerabilities/views.py @@ -176,7 +176,6 @@ class ApiUserCreateView(generic.CreateView): template_name = "api_user_creation_form.html" def form_valid(self, form): - try: response = super().form_valid(form) except ValidationError: