chg: [API] Added new with_linked, with_comments, with_bundles, and wi…

…th_sightings arguments to the Vulnerability resource for the GET method.
cve-search · Dec 16, 2024 · 8cb5954 · 8cb5954
1 parent 375f2e7
commit 8cb5954
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 5 deletions.
diff --git a/website/web/api/v1/vulnerability.py b/website/web/api/v1/vulnerability.py
@@ -13,13 +13,15 @@
 from flask_restx import reqparse
 from flask_restx import Resource
 from redis import Redis
+from sqlalchemy import String, cast, func
 
 from vulnerabilitylookup import __version__
 from vulnerabilitylookup.default import get_config
 from vulnerabilitylookup.helpers import fromisoformat_wrapper
 from website.validators import validate_json
 from website.web.api.v1.common import auth_func
 from website.web.bootstrap import vulnerabilitylookup
+from website.models import Comment, Bundle, Sighting
 from website.web.permissions import reporter_permission, admin_permission
 
 logger = logging.getLogger(__name__)
@@ -45,6 +47,30 @@
     default=False,
     help="Include metada.",
 )
+parser.add_argument(
+    "with_linked",
+    type=bool,
+    default=False,
+    help="Include the linked vulnerabilities.",
+)
+parser.add_argument(
+    "with_comments",
+    type=bool,
+    default=False,
+    help="Include the comments.",
+)
+parser.add_argument(
+    "with_bundles",
+    type=bool,
+    default=False,
+    help="Include the bundles.",
+)
+parser.add_argument(
+    "with_sightings",
+    type=bool,
+    default=False,
+    help="Include the sightings.",
+)
 
 
 vulnerability_query_parser = reqparse.RequestParser()
@@ -56,20 +82,51 @@
 )
 
 
-@vulnerability_ns.route("/<string:vulnerability_id>")
 @legacy_ns.route(
     "cve/<string:vulnerability_id>", doc=False
 )  # "Alias for /api/vulnerability/<string:vulnerability_id
-@legacy_ns.route("vulnerability/<string:vulnerability_id>", doc=False)
+@vulnerability_ns.route("/<string:vulnerability_id>")
 class Vulnerability(Resource):  # type: ignore[misc]
     @vulnerability_ns.doc(description="Get a vulnerability.")  # type: ignore[misc]
     @vulnerability_ns.expect(parser)  # type: ignore[misc]
     def get(self, vulnerability_id: str) -> dict[str, Any] | None:
-        with_meta = True if request.args.get("with_meta") else False
-        return vulnerabilitylookup.get_vulnerability(
+        """Get a vulnerability with its id."""
+        with_meta = True if request.args.get("with_meta", "false") == "true" else False
+        with_linked = (
+            True if request.args.get("with_linked", "false") == "true" else False
+        )
+        with_comments = (
+            True if request.args.get("with_comments", "false") == "true" else False
+        )
+        with_bundles = (
+            True if request.args.get("with_bundles", "false") == "true" else False
+        )
+        with_sightings = (
+            True if request.args.get("with_sightings", "false") == "true" else False
+        )
+
+        to_return = vulnerabilitylookup.get_vulnerability(
             vulnerability_id, with_meta=with_meta
         )
 
+        if with_linked:
+            to_return["linked"] = vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id)  # type: ignore[index]
+        if with_comments:
+            to_return["comments"] = [elem.to_dict() for elem in Comment.query.filter(Comment.vulnerability.ilike(vulnerability_id)).all()]  # type: ignore[index]
+        if with_bundles:
+            to_return["bundles"] = [
+                elem.to_dict()
+                for elem in Bundle.query.filter(  # type: ignore[index]
+                    func.lower(cast(Bundle.related_vulnerabilities, String)).contains(
+                        vulnerability_id.lower()
+                    )
+                ).all()
+            ]
+        if with_sightings:
+            to_return["sightings"] = [elem.to_dict() for elem in Sighting.query.filter(Sighting.vulnerability.ilike(vulnerability_id)).all()]  # type: ignore[index]
+
+        return to_return
+
     @vulnerability_ns.doc(description="Delete a vulnerability from the local source.")  # type: ignore[misc]
     @vulnerability_ns.doc(
         responses={

diff --git a/website/web/views/session_mgmt.py b/website/web/views/session_mgmt.py
@@ -80,7 +80,9 @@ def before_request() -> None:
     if current_user.is_authenticated:
         # Only update if the last_seen was updated more than 1 minute ago
         now = datetime.now(timezone.utc)
-        if not current_user.last_seen or now - current_user.last_seen.replace(tzinfo=timezone.utc) > timedelta(minutes=1):
+        if not current_user.last_seen or now - current_user.last_seen.replace(
+            tzinfo=timezone.utc
+        ) > timedelta(minutes=1):
             current_user.last_seen = now
             db.session.commit()