Create get vulnerability details API (#2207)

Issue: #2152 This PR introduces a new GET vulnerability details API
google · Jun 4, 2024 · 4014062 · 4014062
1 parent f3ad15e
commit 4014062
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/gcp/appengine/frontend3/src/templates/vulnerability.html b/gcp/appengine/frontend3/src/templates/vulnerability.html
@@ -34,6 +34,11 @@ <h1 class="title">
           <dt>Import Source</dt>
           <dd><a href="{{ vulnerability.source_link }}" target="_blank" rel="noopener noreferrer">{{
               vulnerability.source }}</a></dd>
+
+          <dt>JSON Data</dt>
+          <dd><a href="https://{{ api_url }}/v1/vulns/{{ vulnerability.id }}" target="_blank" rel="noopener noreferrer">
+            https://{{ api_url }}/v1/vulns/{{ vulnerability.id }}</a>
+          </dd>
           {% if vulnerability.aliases -%}
           <dt>Aliases</dt>
           <dd>

diff --git a/gcp/appengine/frontend_handlers.py b/gcp/appengine/frontend_handlers.py
@@ -224,7 +224,14 @@ def list_vulnerabilities():
 def vulnerability(vuln_id):
   """Vulnerability page."""
   vuln = osv_get_by_id(vuln_id)
-  return render_template('vulnerability.html', vulnerability=vuln)
+
+  if utils.is_prod():
+    api_url = 'api.osv.dev'
+  else:
+    api_url = 'api.test.osv.dev'
+
+  return render_template(
+      'vulnerability.html', vulnerability=vuln, api_url=api_url)
 
 
 @blueprint.route('/<potential_vuln_id>')
@@ -242,6 +249,28 @@ def vulnerability_redirector(potential_vuln_id):
   return None
 
 
+@blueprint.route('/<potential_vuln_id>.json')
+@blueprint.route('/vulnerability/<potential_vuln_id>.json')
+def vulnerability_json_redirector(potential_vuln_id):
+  """Convenience redirector for /VULN-ID.json and /vulnerability/VULN-ID.json to
+  https://api.osv.dev/v1/vulns/VULN-ID.
+  """
+  if not _VALID_VULN_ID.match(potential_vuln_id):
+    abort(404)
+    return None
+
+  vuln = osv_get_by_id(potential_vuln_id)
+  if not vuln:
+    abort(404)
+    return None
+
+  if utils.is_prod():
+    api_url = 'api.osv.dev'
+  else:
+    api_url = 'api.test.osv.dev'
+  return redirect(f'https://{api_url}/v1/vulns/{potential_vuln_id}')
+
+
 def bug_to_response(bug, detailed=True):
   """Convert a Bug entity to a response object."""
   response = osv.vulnerability_to_dict(