Skip to content

Commit c3b6d51

Browse files
TG1999TG1999
committed
Handle large number of advisories case
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
1 parent de4e8be commit c3b6d51

File tree

2 files changed

+89
-83
lines changed

2 files changed

+89
-83
lines changed

vulnerabilities/api_v3.py

Lines changed: 54 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,45 @@ def get_affected_by_vulnerabilities(self, package):
215215

216216
advisories = []
217217

218+
if package.type not in TYPES_WITH_MULTIPLE_IMPORTERS:
219+
advisories_ids = advisories_qs.only("id")
220+
221+
advisories_ids = list(advisories_ids[:101])
222+
if len(advisories_ids) > 100:
223+
return None
224+
225+
advisory_by_avid = {adv.avid: adv for adv in advisories_qs}
226+
avids = advisory_by_avid.keys()
227+
228+
impacts = (
229+
package.affected_in_impacts.filter(advisory__avid__in=avids)
230+
.select_related("advisory")
231+
.prefetch_related("fixed_by_packages")
232+
)
233+
234+
impact_by_avid = {impact.advisory.avid: impact for impact in impacts}
235+
236+
result = []
237+
238+
for advisory in advisories_qs:
239+
impact = impact_by_avid.get(advisory.avid)
240+
if not impact:
241+
continue
242+
243+
result.append(
244+
{
245+
"advisory_id": advisory.advisory_id.split("/")[-1],
246+
"aliases": [alias.alias for alias in advisory.aliases.all()],
247+
"summary": advisory.summary,
248+
"fixed_by_packages": [pkg.purl for pkg in impact.fixed_by_packages.all()],
249+
"severity": advisory.weighted_severity,
250+
"exploitability": advisory.exploitability,
251+
"risk_score": advisory.risk_score,
252+
}
253+
)
254+
255+
return result
256+
218257
is_grouped = AdvisorySet.objects.filter(package=package, relation_type="affecting").exists()
219258

220259
if is_grouped:
@@ -239,43 +278,25 @@ def get_affected_by_vulnerabilities(self, package):
239278
advisories = merge_and_save_grouped_advisories(package, advisories_qs, "affecting")
240279
return self.return_advisories_data(package, advisories_qs, advisories)
241280

242-
advisories_ids = advisories_qs.only("id")
243-
244-
advisories_ids = list(advisories_ids[:101])
245-
if len(advisories_ids) > 100:
246-
return None
247-
248-
advisory_by_avid = {adv.avid: adv for adv in advisories_qs}
249-
avids = advisory_by_avid.keys()
250-
251-
impacts = (
252-
package.affected_in_impacts.filter(advisory__avid__in=avids)
253-
.select_related("advisory")
254-
.prefetch_related("fixed_by_packages")
255-
)
256-
257-
impact_by_avid = {impact.advisory.avid: impact for impact in impacts}
258-
259-
result = []
281+
def get_fixing_vulnerabilities(self, package):
282+
advisories_qs = AdvisoryV2.objects.latest_fixed_by_advisories_for_purl(package.package_url)
260283

261-
for advisory in advisories_qs:
262-
impact = impact_by_avid.get(advisory.avid)
263-
if not impact:
264-
continue
284+
if not package.type in TYPES_WITH_MULTIPLE_IMPORTERS:
285+
advisories_ids = advisories_qs.only("id")
265286

266-
result.append(
267-
{
268-
"advisory_id": advisory.advisory_id.split("/")[-1],
269-
"aliases": [alias.alias for alias in advisory.aliases.all()],
270-
"summary": advisory.summary,
271-
"fixed_by_packages": [pkg.purl for pkg in impact.fixed_by_packages.all()],
272-
}
273-
)
287+
advisories_ids = list(advisories_ids[:101])
288+
if len(advisories_ids) > 100:
289+
return None
274290

275-
return result
291+
results = []
276292

277-
def get_fixing_vulnerabilities(self, package):
278-
advisories_qs = AdvisoryV2.objects.latest_fixed_by_advisories_for_purl(package.package_url)
293+
for advisory in advisories_qs:
294+
results.append(
295+
{
296+
"advisory_id": advisory.advisory_id.split("/")[-1],
297+
}
298+
)
299+
return results
279300

280301
advisories = []
281302

@@ -302,22 +323,6 @@ def get_fixing_vulnerabilities(self, package):
302323
advisories = merge_and_save_grouped_advisories(package, advisories_qs, "fixing")
303324
return self.return_fixing_advisories_data(advisories)
304325

305-
advisories_ids = advisories_qs.only("id")
306-
307-
advisories_ids = list(advisories_ids[:101])
308-
if len(advisories_ids) > 100:
309-
return None
310-
311-
results = []
312-
313-
for advisory in advisories_qs:
314-
results.append(
315-
{
316-
"advisory_id": advisory.advisory_id.split("/")[-1],
317-
}
318-
)
319-
return results
320-
321326
def return_fixing_advisories_data(self, advisories):
322327
result = []
323328
for advisory in advisories:

vulnerabilities/views.py

Lines changed: 35 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,41 @@ def get_context_data(self, **kwargs):
216216
context["latest_non_vulnerable"] = latest_non_vulnerable
217217
context["package_search_form"] = PackageSearchForm(self.request.GET)
218218

219+
if not package.type in TYPES_WITH_MULTIPLE_IMPORTERS:
220+
context["grouped"] = False
221+
222+
affected_by_advisories_url = None
223+
fixing_advisories_url = None
224+
225+
affected_by_advisories_qs_ids = affecting_advisories.only("id")
226+
fixing_advisories_qs_ids = fixed_by_advisories.only("id")
227+
228+
affected_by_advisories = list(affected_by_advisories_qs_ids[:101])
229+
if len(affected_by_advisories) > 101:
230+
affected_by_advisories_url = reverse_lazy(
231+
"affected_by_advisories_v2", kwargs={"purl": package.package_url}
232+
)
233+
context["affected_by_advisories_v2_url"] = affected_by_advisories_url
234+
235+
else:
236+
fixed_pkg_details = get_fixed_package_details(package)
237+
context["fixed_package_details"] = fixed_pkg_details
238+
context["affected_by_advisories_v2"] = affecting_advisories
239+
context["affected_by_advisories_v2_url"] = None
240+
241+
fixing_advisories = list(fixing_advisories_qs_ids[:101])
242+
if len(fixing_advisories) > 101:
243+
fixing_advisories_url = reverse_lazy(
244+
"fixing_advisories_v2", kwargs={"purl": package.package_url}
245+
)
246+
context["fixing_advisories_v2_url"] = fixing_advisories_url
247+
context["fixing_advisories_v2"] = []
248+
249+
else:
250+
context["fixing_advisories_v2"] = fixed_by_advisories
251+
252+
return context
253+
219254
is_grouped = models.AdvisorySet.objects.filter(package=package).exists()
220255

221256
if is_grouped:
@@ -284,40 +319,6 @@ def get_context_data(self, **kwargs):
284319
context["fixing_advisories_v2"] = fixing_advisories
285320
return context
286321

287-
context["grouped"] = False
288-
289-
affected_by_advisories_url = None
290-
fixing_advisories_url = None
291-
292-
affected_by_advisories_qs_ids = affecting_advisories.only("id")
293-
fixing_advisories_qs_ids = fixed_by_advisories.only("id")
294-
295-
affected_by_advisories = list(affected_by_advisories_qs_ids[:101])
296-
if len(affected_by_advisories) > 101:
297-
affected_by_advisories_url = reverse_lazy(
298-
"affected_by_advisories_v2", kwargs={"purl": package.package_url}
299-
)
300-
context["affected_by_advisories_v2_url"] = affected_by_advisories_url
301-
302-
else:
303-
fixed_pkg_details = get_fixed_package_details(package)
304-
context["fixed_package_details"] = fixed_pkg_details
305-
context["affected_by_advisories_v2"] = affecting_advisories
306-
context["affected_by_advisories_v2_url"] = None
307-
308-
fixing_advisories = list(fixing_advisories_qs_ids[:101])
309-
if len(fixing_advisories) > 101:
310-
fixing_advisories_url = reverse_lazy(
311-
"fixing_advisories_v2", kwargs={"purl": package.package_url}
312-
)
313-
context["fixing_advisories_v2_url"] = fixing_advisories_url
314-
context["fixing_advisories_v2"] = []
315-
316-
else:
317-
context["fixing_advisories_v2"] = fixed_by_advisories
318-
319-
return context
320-
321322
def get_object(self, queryset=None):
322323
if queryset is None:
323324
queryset = self.get_queryset()

0 commit comments

Comments
 (0)