fix: reinstate original /v2/vulnerability/analyze and introduce /v3/vulnerability/analyze

Author: Strum355

modules/fundamental/src/vulnerability/endpoints/mod.rs

@@ -5,7 +5,10 @@ use crate::{
     db::DatabaseExt,
     endpoints::Deprecation,
     vulnerability::{
-        model::{AnalysisRequest, AnalysisResponse, VulnerabilityDetails, VulnerabilitySummary},
+        model::{
+            AnalysisRequest, AnalysisResponse, VulnerabilityDetails, VulnerabilitySummary,
+            v2::AnalysisResponseV2,
+        },
         service::VulnerabilityService,
     },
 };
@@ -27,7 +30,8 @@ pub fn configure(config: &mut utoipa_actix_web::service_config::ServiceConfig, d
         .app_data(web::Data::new(db))
         .service(all)
         .service(get)
-        .service(analyze);
+        .service(analyze)
+        .service(analyze_v3);
 }
 
 #[allow(dead_code)]
@@ -107,7 +111,7 @@ pub async fn get(
   tag = "vulnerability",
   request_body = AnalysisRequest,
   responses(
-      (status = 200, description = "Analyze the provided purls to search for known vulnerabilities", body = AnalysisResponse),
+      (status = 200, description = "Analyze the provided purls to search for known vulnerabilities", body = AnalysisResponseV2),
   ),
 )]
 #[post("/v2/vulnerability/analyze")]
@@ -117,6 +121,27 @@ pub async fn analyze(
     db: web::Data<Database>,
     web::Json(AnalysisRequest { purls }): web::Json<AnalysisRequest>,
     _: Require<ReadAdvisory>,
+) -> actix_web::Result<impl Responder> {
+    let tx = db.begin_read().await?;
+    let details = service.analyze_purls_v2(purls, &tx).await?;
+
+    Ok(HttpResponse::Ok().json(details))
+}
+
+#[utoipa::path(
+    operation_id = "analyze_v3",
+    tag = "vulnerability",
+    request_body = AnalysisRequest,
+    responses(
+        (status = 200, description = "Analyze the provided purls to search for known vulnerabilities", body = AnalysisResponse),
+    ),
+)]
+#[post("/v3/vulnerability/analyze")]
+pub async fn analyze_v3(
+    service: web::Data<VulnerabilityService>,
+    db: web::Data<Database>,
+    web::Json(AnalysisRequest { purls }): web::Json<AnalysisRequest>,
+    _: Require<ReadAdvisory>,
 ) -> actix_web::Result<impl Responder> {
     let tx = db.begin_read().await?;
     let details = service.analyze_purls(purls, &tx).await?;

modules/fundamental/src/vulnerability/model/mod.rs

@@ -1,6 +1,7 @@
 mod analyze;
 mod details;
 mod summary;
+pub mod v2;
 
 pub use analyze::*;
 pub use details::*;

modules/fundamental/src/vulnerability/model/v2.rs

@@ -0,0 +1,41 @@
+use crate::{
+    advisory::model::AdvisoryHead, common::model::Score, vulnerability::model::VulnerabilityHead,
+};
+use serde::{Deserialize, Serialize};
+use std::{collections::BTreeMap, ops::Deref};
+use utoipa::ToSchema;
+
+#[derive(Serialize, Deserialize, Debug, ToSchema, Default)]
+pub struct AnalysisResultV2 {
+    pub details: Vec<AnalysisDetailsV2>,
+    pub warnings: Vec<String>,
+}
+
+#[derive(Serialize, Deserialize, Debug, ToSchema)]
+pub struct AnalysisDetailsV2 {
+    #[serde(flatten)]
+    pub head: VulnerabilityHead,
+
+    /// List of purl statuses
+    pub status: BTreeMap<String, Vec<AnalysisAdvisory>>,
+}
+
+#[derive(Serialize, Deserialize, Debug, ToSchema)]
+pub struct AnalysisAdvisory {
+    #[serde(flatten)]
+    pub advisory: AdvisoryHead,
+
+    /// CVSS scores
+    pub scores: Vec<Score>,
+}
+
+#[derive(Serialize, Deserialize, Debug, ToSchema)]
+pub struct AnalysisResponseV2(pub BTreeMap<String, AnalysisResultV2>);
+
+impl Deref for AnalysisResponseV2 {
+    type Target = BTreeMap<String, AnalysisResultV2>;
+
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}