From 80fdcf16df7408d3bb385efcb5bcd6c4b1fef07a Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Thu, 11 Jun 2026 11:07:19 +0530 Subject: [PATCH 1/2] Correct logic got non vuln versions Signed-off-by: Tushar Goel --- vulnerabilities/models.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index ee86e7274..ae04d959e 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -3790,9 +3790,25 @@ def get_non_vulnerable_versions(self): if self.version_rank == 0: self.calculate_version_rank + evaluated = Exists( + ImpactedPackageFixedBy.objects.filter( + package_id=OuterRef("pk"), + impacted_package__advisory__is_latest=True, + impacted_package__advisory___all_impacts_unfurled_at__isnull=False, + ) + ) + vulnerable = Exists( + ImpactedPackageAffecting.objects.filter( + package_id=OuterRef("pk"), + impacted_package__advisory__is_latest=True, + impacted_package__advisory___all_impacts_unfurled_at__isnull=False, + ) + ) + qs = ( PackageV2.objects.get_fixed_by_package_versions(self, fix=False) - .only_non_vulnerable() + .annotate(evaluated=evaluated, vulnerable=vulnerable) + .filter(evaluated=True, vulnerable=False) .filter(version_rank__gt=self.version_rank) .order_by("version_rank") ) From 9eaf6b2cfb07c7fcd1b7c317dbb6a78165210c65 Mon Sep 17 00:00:00 2001 From: Tushar Goel Date: Thu, 11 Jun 2026 11:11:00 +0530 Subject: [PATCH 2/2] Remove ghost packages from non vuln versions Signed-off-by: Tushar Goel --- vulnerabilities/models.py | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index ae04d959e..93253937a 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -3583,9 +3583,6 @@ def bulk_get_or_create_from_purls(self, purls: List[Union[PackageURL, str]]): def only_vulnerable(self): return self._vulnerable() - def only_non_vulnerable(self): - return self._not_vulnerable().filter(is_ghost=False) - def for_purl(self, purl): """ Return a queryset matching the ``purl`` Package URL. @@ -3624,20 +3621,6 @@ def with_is_vulnerable(self): ) ) - def with_is_not_vulnerable(self): - """ - Annotate Package with ``is_not_vulnerable`` boolean attribute. - """ - return self.annotate( - is_not_vulnerable=Exists( - ImpactedPackageFixedBy.objects.filter( - package__pk=OuterRef("pk"), - impacted_package__advisory__is_latest=True, - impacted_package__advisory___all_impacts_unfurled_at__isnull=False, - ) - ) - ) - def all_vulnerable(self): latest_unfurled_impacts = ImpactedPackageAffecting.objects.filter( package_id=OuterRef("pk"), @@ -3808,7 +3791,7 @@ def get_non_vulnerable_versions(self): qs = ( PackageV2.objects.get_fixed_by_package_versions(self, fix=False) .annotate(evaluated=evaluated, vulnerable=vulnerable) - .filter(evaluated=True, vulnerable=False) + .filter(evaluated=True, vulnerable=False, is_ghost=False) .filter(version_rank__gt=self.version_rank) .order_by("version_rank") )