Use new through model to bulk create package impact relation

keshav-space · keshav-space · commit 3a1b3da96c32 · 2026-02-23T17:44:10.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/pipelines/v2_improvers/unfurl_version_range.py b/vulnerabilities/pipelines/v2_improvers/unfurl_version_range.py
@@ -17,6 +17,7 @@
 from univers.version_range import VersionRange
 
 from vulnerabilities.models import ImpactedPackage
+from vulnerabilities.models import ImpactedPackageAffecting
 from vulnerabilities.models import PackageV2
 from vulnerabilities.pipelines import VulnerableCodePipeline
 from vulnerabilities.pipes.fetchcode_utils import get_versions
@@ -64,7 +65,7 @@ def unfurl_version_range(self):
             processed_affected_packages_count += bulk_create_with_m2m(
                 purls=affected_purls,
                 impact=impact,
-                relation=ImpactedPackage.affecting_packages.through,
+                relation=ImpactedPackageAffecting,
                 logger=self.log,
             )
             processed_impacted_packages_count += 1
@@ -118,7 +119,7 @@ def bulk_create_with_m2m(purls, impact, relation, logger):
     affected_packages_v2 = PackageV2.objects.bulk_get_or_create_from_purls(purls=purls)
 
     relations = [
-        relation(impactedpackage=impact, packagev2=package) for package in affected_packages_v2
+        relation(impacted_package=impact, package=package) for package in affected_packages_v2
     ]
 
     try:
diff --git a/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py b/vulnerabilities/tests/pipelines/v2_improvers/test_unfurl_version_range.py
@@ -8,40 +8,59 @@
 #
 
 
+from datetime import datetime
+from datetime import timedelta
 from unittest.mock import patch
 
 from django.test import TestCase
+from packageurl import PackageURL
+from univers.version_range import VersionRange
 
+from vulnerabilities.importer import AdvisoryDataV2
+from vulnerabilities.importer import AffectedPackageV2
 from vulnerabilities.models import AdvisoryV2
-from vulnerabilities.models import ImpactedPackage
 from vulnerabilities.models import PackageV2
 from vulnerabilities.pipelines.v2_improvers.unfurl_version_range import UnfurlVersionRangePipeline
+from vulnerabilities.pipes.advisory import insert_advisory_v2
 
 
 class TestUnfurlVersionRangePipeline(TestCase):
     def setUp(self):
-        self.advisory1 = AdvisoryV2.objects.create(
-            datasource_id="ghsa",
+        advisory1 = AdvisoryDataV2(
+            summary="Test advisory",
+            aliases=["CVE-2025-0001"],
+            references=[],
+            severities=[],
+            weaknesses=[],
+            affected_packages=[
+                AffectedPackageV2(
+                    package=PackageURL.from_string("pkg:npm/foobar"),
+                    affected_version_range=VersionRange.from_string("vers:npm/>3.2.1|<4.0.0"),
+                    fixed_version_range=VersionRange.from_string("vers:npm/4.0.0"),
+                    introduced_by_commit_patches=[],
+                    fixed_by_commit_patches=[],
+                ),
+            ],
+            patches=[],
             advisory_id="GHSA-1234",
-            avid="ghsa/GHSA-1234",
-            unique_content_id="f" * 64,
+            date_published=datetime.now() - timedelta(days=10),
             url="https://example.com/advisory",
-            date_collected="2025-07-01T00:00:00Z",
         )
-
-        self.impact1 = ImpactedPackage.objects.create(
-            advisory=self.advisory1,
-            base_purl="pkg:npm/foobar",
-            affecting_vers="vers:npm/>3.2.1|<4.0.0",
-            fixed_vers=None,
+        insert_advisory_v2(
+            advisory=advisory1,
+            pipeline_id="test_pipeline_v2",
         )
 
     @patch("vulnerabilities.pipelines.v2_improvers.unfurl_version_range.get_purl_versions")
     def test_affecting_version_range_unfurl(self, mock_fetch):
-        self.assertEqual(0, PackageV2.objects.count())
+        self.assertEqual(1, PackageV2.objects.count())
         mock_fetch.return_value = {"3.4.1", "3.9.0", "2.1.0", "4.0.0", "4.1.0"}
         pipeline = UnfurlVersionRangePipeline()
         pipeline.execute()
 
-        self.assertEqual(2, PackageV2.objects.count())
-        self.assertEqual(2, self.impact1.affecting_packages.count())
+        advisory = AdvisoryV2.objects.first()
+        impact = advisory.impacted_packages.first()
+
+        self.assertEqual(3, PackageV2.objects.count())
+        self.assertEqual(1, impact.fixed_by_packages.count())
+        self.assertEqual(2, impact.affecting_packages.count())
