Add kev to api

Access the vulnerability directly from Alias Signed-off-by: ziadhany <ziadhany2016@gmail.com>
aboutcode-org · May 29, 2024 · bed7b00 · bed7b00
1 parent a99b408
commit bed7b00
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -25,6 +25,7 @@
 from rest_framework.throttling import UserRateThrottle
 
 from vulnerabilities.models import Alias
+from vulnerabilities.models import Kev
 from vulnerabilities.models import Package
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityReference
@@ -167,6 +168,12 @@ def to_representation(self, instance):
         return representation
 
 
+class KEVSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Kev
+        fields = ["date_added", "description", "required_action", "due_date", "resources_and_notes"]
+
+
 class VulnerabilitySerializer(BaseResourceSerializer):
     fixed_packages = MinimalPackageSerializer(
         many=True, source="filtered_fixed_packages", read_only=True
@@ -175,6 +182,7 @@ class VulnerabilitySerializer(BaseResourceSerializer):
 
     references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
     aliases = AliasSerializer(many=True, source="alias")
+    kev = KEVSerializer(read_only=True)
     weaknesses = WeaknessSerializer(many=True)
 
     def to_representation(self, instance):
@@ -183,6 +191,10 @@ def to_representation(self, instance):
         weaknesses = data.get("weaknesses", [])
         data["weaknesses"] = [weakness for weakness in weaknesses if weakness is not None]
 
+        kev = data.get("kev", None)
+        if not kev:
+            data.pop("kev")
+
         return data
 
     class Meta:
@@ -196,6 +208,7 @@ class Meta:
             "affected_packages",
             "references",
             "weaknesses",
+            "kev",
         ]
 
 

diff --git a/vulnerabilities/improvers/vulnerability_kev.py b/vulnerabilities/improvers/vulnerability_kev.py
@@ -11,7 +11,6 @@
 from vulnerabilities.models import Alias
 from vulnerabilities.models import Kev
 from vulnerabilities.models import KnownRansomwareCampaignUseType
-from vulnerabilities.models import Vulnerability
 
 logger = logging.getLogger(__name__)
 
@@ -43,7 +42,7 @@ def get_inferences(self, advisory_data) -> Iterable[Inference]:
             if not alias:
                 continue
 
-            vul = Vulnerability.objects.get_or_none(aliases__alias=alias)
+            vul = alias.vulnerability
 
             if not vul:
                 continue