Skip to content

Expose severity from AffectedByPackageRelatedVulnerability in APIv2 #1669

New issue
New issue
Open
Listed in
#1667
#1799
Open
Expose severity from AffectedByPackageRelatedVulnerability in APIv2#1669
Listed in
#1667
#1799
Labels
API-v2
@keshav-space

Description

@keshav-space
keshav-space
opened on Nov 19, 2024
Member
No description provided.

Activity

keshav-space
mentioned this on Nov 19, 2024
keshav-space
added
API-v2
on Nov 19, 2024
unibik

unibik commented on Mar 3, 2025

@unibik
unibik
on Mar 3, 2025 · edited by unibik

Hello @keshav-space ,@pombredanne I was working on adding severities into the affectedbypackage API response, and everything is displaying correctly in the APIv2. However, when running tests, I encountered five failing test cases, mainly due to:

1)### Query Count Mismatch:

Tests like test_filter_packages_by_purl and test_list_packages are expecting more queries(+1) than what is now executed.

This is happening because we needed to prefetch severities, which introduced one additional query. I tried it with select_related() and modified the serialiizer logic, but the test cases still failing .

2)### Assertion Errors in API Response:

Tests like test_lookup_with_valid_purl and test_list_packages fail because the response now includes "severities": [],

As the additional query is essential for fetching severities , i believe we should update the test cased to Adjust the expected query count and to Modify assertions to account for severities in the API response.

Do you agree with updating the tests? or do you have any other/alternative suggestions? Let me know how to proceed , and i'll make the necessary changes
Thank you

Dedsec0098

Dedsec0098 commented on Mar 7, 2025

@Dedsec0098
Dedsec0098
on Mar 7, 2025 · edited by Dedsec0098

Hey @unibik Updating the tests is the most straightforward and maintainable solution. Your approach to adding severities to the affected by package API response is logical, and the issues you're encountering are common when extending functionality that impacts query counts and API responses.

1. Query Count Mismatch
The additional query for prefetching severities is expected, and updating the test cases to account for this is the right approach.

2. Assertion Errors in API Response
The tests are failing because the response now includes "severities": [], which wasn't accounted for in the original test assertions.

If @keshav-space or @pombredanne have concerns, they may suggest alternative approaches, but your reasoning for updating the tests is sound.

unibik

unibik commented on Mar 7, 2025

@unibik
unibik
on Mar 7, 2025

Thank you @Dedsec0098 for your insight and confirmation. Now i'll proceed with updating tests file accordingly .
If @keshav-space or @pombredanne have any alternative solutions , then i'm happy to adapt and work based on it .
Thank you

unibik
linked a pull request that will close this issue on Mar 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    API-v2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @keshav-space@Dedsec0098@unibik

      Issue actions
        Expose severity from AffectedByPackageRelatedVulnerability in APIv2 · Issue #1669 · aboutcode-org/vulnerablecode