Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose severity from AffectedByPackageRelatedVulnerability in APIv2 #1669

Open
Tracked by #1667
keshav-space opened this issue Nov 19, 2024 · 3 comments · May be fixed by #1799
Open
Tracked by #1667

Expose severity from AffectedByPackageRelatedVulnerability in APIv2 #1669

keshav-space opened this issue Nov 19, 2024 · 3 comments · May be fixed by #1799
Labels
API-v2

Comments

@keshav-space
Copy link
Member

No description provided.

@keshav-space keshav-space mentioned this issue Nov 19, 2024
Open
4 tasks
@unibik
Copy link

unibik commented Mar 3, 2025
edited
Loading

Hello @keshav-space ,@pombredanne I was working on adding severities into the affectedbypackage API response, and everything is displaying correctly in the APIv2. However, when running tests, I encountered five failing test cases, mainly due to:

1)### Query Count Mismatch:

Tests like test_filter_packages_by_purl and test_list_packages are expecting more queries(+1) than what is now executed.

This is happening because we needed to prefetch severities, which introduced one additional query. I tried it with select_related() and modified the serialiizer logic, but the test cases still failing .

2)### Assertion Errors in API Response:

Tests like test_lookup_with_valid_purl and test_list_packages fail because the response now includes "severities": [],

As the additional query is essential for fetching severities , i believe we should update the test cased to Adjust the expected query count and to Modify assertions to account for severities in the API response.

Do you agree with updating the tests? or do you have any other/alternative suggestions? Let me know how to proceed , and i'll make the necessary changes
Thank you

@Dedsec0098
Copy link

Dedsec0098 commented Mar 7, 2025
edited
Loading

Hey @unibik Updating the tests is the most straightforward and maintainable solution. Your approach to adding severities to the affected by package API response is logical, and the issues you're encountering are common when extending functionality that impacts query counts and API responses.

1. Query Count Mismatch
The additional query for prefetching severities is expected, and updating the test cases to account for this is the right approach.

2. Assertion Errors in API Response
The tests are failing because the response now includes "severities": [], which wasn't accounted for in the original test assertions.

If @keshav-space or @pombredanne have concerns, they may suggest alternative approaches, but your reasoning for updating the tests is sound.

@unibik
Copy link

unibik commented Mar 7, 2025

Thank you @Dedsec0098 for your insight and confirmation. Now i'll proceed with updating tests file accordingly .
If @keshav-space or @pombredanne have any alternative solutions , then i'm happy to adapt and work based on it .
Thank you

@unibik unibik linked a pull request Mar 7, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API-v2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

expose severities inside the affected by packages unibik/vulnerablecode
3 participants
@keshav-space @Dedsec0098 @unibik