Merge branch 'main' into 97-vulnerabilities-risk-threshold

aboutcode-org · Dec 16, 2024 · 4ef924d · 4ef924d
2 parents 832c5b2 + 384047a
commit 4ef924d
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/product_portfolio/models.py b/product_portfolio/models.py
@@ -530,6 +530,18 @@ def improve_packages_from_purldb(self, user):
             updated_fields = package.update_from_purldb(user)
             if updated_fields:
                 updated_packages.append(package)
+
+        # Update the Product Package relationship `license_expression` if the
+        # Package.declared_license_expression was updated from "unknwon" value using
+        # PurlDB data.
+        productpackages_unknown_licenses = self.productpackages.filter(
+            package__in=updated_packages, license_expression="unknown"
+        )
+        for product_package in productpackages_unknown_licenses:
+            package_license_expression = product_package.package.declared_license_expression
+            if package_license_expression and package_license_expression != "unknown":
+                product_package.update(license_expression=package_license_expression)
+
         return updated_packages
 
     def fetch_vulnerabilities(self):

diff --git a/product_portfolio/tests/__init__.py b/product_portfolio/tests/__init__.py
@@ -39,7 +39,7 @@ def make_product(dataspace, inventory=None, **data):
     return product
 
 
-def make_product_package(product, package=None):
+def make_product_package(product, package=None, **data):
     dataspace = product.dataspace
 
     if not package:
@@ -49,6 +49,7 @@ def make_product_package(product, package=None):
         product=product,
         package=package,
         dataspace=dataspace,
+        **data,
     )
 
 

diff --git a/product_portfolio/tests/test_models.py b/product_portfolio/tests/test_models.py
@@ -492,14 +492,19 @@ def test_product_model_actions_on_status_change(self):
     def test_product_model_improve_packages_from_purldb(self, mock_update_from_purldb):
         mock_update_from_purldb.return_value = 1
 
-        make_product_package(self.product1)
+        pp1 = make_product_package(self.product1, license_expression="unknown")
+        pp1.package.update(declared_license_expression="apache-2.0")
         make_product_package(self.product1)
         self.assertEqual(2, self.product1.packages.count())
 
         updated_packages = self.product1.improve_packages_from_purldb(self.super_user)
         self.assertEqual(2, len(updated_packages))
         self.assertEqual(2, mock_update_from_purldb.call_count)
 
+        # Updated from the package during improve_packages_from_purldb
+        pp1.refresh_from_db()
+        self.assertEqual("apache-2.0", pp1.license_expression)
+
     def test_product_model_get_vulnerability_qs(self):
         package1 = make_package(self.dataspace)
         package2 = make_package(self.dataspace)