Filtering of Non Vulnerable packages added in API v2

Author: Rishi-garg03

vulnerabilities/api_v2.py

@@ -254,6 +254,10 @@ class PackageV2FilterSet(filters.FilterSet):
     )
     fixing_vulnerability = filters.CharFilter(field_name="fixing_vulnerabilities__vulnerability_id")
     purl = filters.CharFilter(field_name="package_url")
+    is_vulnerable = filters.BooleanFilter(method="filter_is_vulnerable")
+
+    def filter_is_vulnerable(self, queryset, name, value):
+        return queryset.filter(is_vulnerable=value)
 
 
 class PackageV2ViewSet(viewsets.ReadOnlyModelViewSet):
@@ -273,6 +277,7 @@ def get_queryset(self):
         package_purls = self.request.query_params.getlist("purl")
         affected_by_vulnerability = self.request.query_params.get("affected_by_vulnerability")
         fixing_vulnerability = self.request.query_params.get("fixing_vulnerability")
+        is_vulnerable = self.request.query_params.get("is_vulnerable")
 
         if package_purls:
             queryset = queryset.filter(package_url__in=package_purls)
@@ -284,6 +289,12 @@ def get_queryset(self):
             queryset = queryset.filter(
                 fixing_vulnerabilities__vulnerability_id=fixing_vulnerability
             )
+        if is_vulnerable is not None:
+            queryset = queryset.with_is_vulnerable()
+            is_vulnerable = is_vulnerable.lower() == "true"
+            queryset = queryset.filter(is_vulnerable=is_vulnerable)
+
+        queryset = queryset.exclude(version="")
         return queryset.with_is_vulnerable()
 
     def list(self, request, *args, **kwargs):

vulnerabilities/templates/packages.html

@@ -18,6 +18,14 @@
                 <div>
                     {{ page_obj.paginator.count|intcomma }} results
                 </div>
+                <form method="get" style="display: inline;">
+                    {% if search %}<input type="hidden" name="search" value="{{ search }}">{% endif %}
+                    <select name="vulnerable_only" class="select" id="vulnerable-select" onchange="this.form.submit()">
+                        <option value="">All Packages</option>
+                        <option value="true" {% if request.GET.vulnerable_only == 'true' %}selected{% endif %}>Vulnerable Only</option>
+                        <option value="false" {% if request.GET.vulnerable_only == 'false' %}selected{% endif %}>Non-Vulnerable Only</option>
+                    </select>
+                </form>
                 {% if is_paginated %}
                     {% include 'includes/pagination.html' with page_obj=page_obj %}
                 {% endif %}

vulnerabilities/views.py

@@ -58,12 +58,18 @@ def get_queryset(self, query=None):
         on exact purl, partial purl or just name and namespace.
         """
         query = query or self.request.GET.get("search") or ""
-        return (
+        queryset = (
             self.model.objects.search(query)
             .with_vulnerability_counts()
             .prefetch_related()
             .order_by("package_url")
         )
+        if hasattr(self, "request"):
+            vulnerable_only = self.request.GET.get("vulnerable_only", "").lower()
+            if vulnerable_only in ["true", "false"]:
+                queryset = queryset.with_is_vulnerable()
+                queryset = queryset.filter(is_vulnerable=vulnerable_only == "true")
+        return queryset
 
 
 class VulnerabilitySearch(ListView):