nexB
API fixed_packages issues
from @tdruez
The current implementation of the fixed_packages on the package endpoint is not convient for the data consumer:
{
'purl': 'pkg:npm/%40theia/[email protected]',
'affected_by_vulnerabilities': [{
'summary': 'Insufficient Verification of Data Authenticity',
'vulnerability_id': 'VULCOID-AWK',
}],
'fixed_packages': [{
'fixing_vulnerabilities': [{
'url': 'http://public.vulnerablecode.io/api/vulnerabilities/14132?format=json',
'vulnerability_id': 'VULCOID-AWK',
}],
'purl': 'pkg:npm/%40theia/[email protected]',
'url': 'http://public.vulnerablecode.io/api/packages/136169?format=json',
}],
}
To make use of this data, one has to reconcile both affected_by_vulnerabilities and fixed_packages data structure through the vulnerability_id.
This make the data hard to use for display.
A better way would be to include the fixed_packages in the affected_by_vulnerabilities data structure (which seems to be the current implementation on the vulnerabilities endpoint), such as:
{
'purl': 'pkg:npm/%40theia/[email protected]',
'affected_by_vulnerabilities': [{
'summary': 'Insufficient Verification of Data Authenticity',
'vulnerability_id': 'VULCOID-AWK',
'fixed_packages': [{
'purl': 'pkg:npm/%40theia/[email protected]',
'url': 'http://public.vulnerablecode.io/api/packages/136169?format=json',
}],
}],
}
@TG1999 any thoughts on this?
This would be for a V2 of the API that will come in V31 milestone .... See also #810
As per discussion with @tdruez we can have this change in this version of the API.
