Add API endpoint to check snap CVEs data availability

Author: bartaz

webapp/publisher/cve/cve_helper.py

@@ -109,6 +109,14 @@ def _fetch_file_content(snap_name, revision, file_metadata):
         else:
             raise NotFound
 
+    @staticmethod
+    def has_cve_data(snap_name):
+        file_metadata = CveHelper._get_cve_file_metadata(
+            "snap-cves/{}.json".format(snap_name)
+        )
+
+        return bool(file_metadata)
+
     @staticmethod
     def get_cve_with_revision(snap_name, revision):
         file_metadata = CveHelper._get_cve_file_metadata(

webapp/publisher/cve/cve_views.py

@@ -1,15 +1,84 @@
 import flask
 from canonicalwebteam.store_api.dashboard import Dashboard
-
+from canonicalwebteam.exceptions import StoreApiResourceNotFound, StoreApiError
 from webapp.helpers import api_publisher_session
 from webapp.decorators import login_required
 from webapp.publisher.cve.cve_helper import CveHelper
 
 dashboard = Dashboard(api_publisher_session)
 
 
+def can_user_access_cve_data(snap_name):
+    """
+    Check if the user has access to CVE data for the given snap.
+
+    :return: A tuple containing:
+        has_access (bool): True if the user has access, False otherwise.
+        error_message (str): Error message if access is denied.
+        status_code (int): HTTP status code for the response.
+    """
+    is_user_canonical = flask.session["publisher"].get("is_canonical", False)
+
+    # TODO: in future with brand store support we will need more specific
+    # checks, such as those implemented in CveHelper.can_user_access_cve_data
+    # For now, we only check if user is Canonical member and has
+    # publisher access to the snap.
+    if not is_user_canonical:
+        return (False, "User is not allowed to see snap's CVE data.", 403)
+
+    try:
+        snap_details = dashboard.get_snap_info(flask.session, snap_name)
+    except StoreApiResourceNotFound:
+        return (False, f"CVEs data for '{snap_name}' snap not found.", 404)
+    except StoreApiError:
+        return (False, f"Error fetching '{snap_name}' snap details.", 500)
+
+    if not snap_details:
+        return (False, f"CVEs data for '{snap_name}' snap not found.", 404)
+
+    return (True, None, 200)
+
+
+@login_required
+def has_cves(snap_name):
+
+    # Check if the user has access to CVE data for the given snap
+    has_access, error_message, status_code = can_user_access_cve_data(
+        snap_name
+    )
+    if not has_access:
+        return (
+            flask.jsonify({"success": False, "error": error_message}),
+            status_code,
+        )
+
+    snap_has_cves = CveHelper.has_cve_data(snap_name)
+    if snap_has_cves:
+        return flask.jsonify({"success": True, "has_cves": True})
+    else:
+        return (
+            flask.jsonify(
+                {
+                    "success": True,
+                    "has_cves": False,
+                    "error": f"No CVEs data available for '{snap_name}' snap.",
+                }
+            ),
+            404,
+        )
+
+
 @login_required
 def get_cves(snap_name, revision):
+    # Check if the user has access to CVE data for the given snap
+    has_access, error_message, status_code = can_user_access_cve_data(
+        snap_name
+    )
+    if not has_access:
+        return (
+            flask.jsonify({"success": False, "error": error_message}),
+            status_code,
+        )
 
     # Filtering params
     usn_ids = flask.request.args.getlist("usn_id")
@@ -59,34 +128,6 @@ def get_cves(snap_name, revision):
     # Pagination params
     page = flask.request.args.get("page", default=1, type=int)
     page_size = flask.request.args.get("page_size", default=10, type=int)
-    is_user_canonical = flask.session["publisher"].get("is_canonical", False)
-
-    # TODO: in future with brand store support we will need more specific
-    # checks, such as those implemented in CveHelper.can_user_access_cve_data
-    # For now, we only check if user is Canonical member and has
-    # publisher access to the snap.
-    if not is_user_canonical:
-        return (
-            flask.jsonify(
-                {
-                    "success": False,
-                    "error": "User is not allowed to see snap's CVE data.",
-                }
-            ),
-            403,
-        )
-
-    snap_details = dashboard.get_snap_info(flask.session, snap_name)
-    if not snap_details:
-        return (
-            flask.jsonify(
-                {
-                    "success": False,
-                    "error": f"Snap '{snap_name}' not found.",
-                }
-            ),
-            404,
-        )
 
     cves = CveHelper.get_cve_with_revision(snap_name, revision)
     cves = CveHelper.filter_cve_data(

webapp/publisher/snaps/views.py

@@ -285,6 +285,11 @@
     view_func=cve_views.get_cves,
 )
 
+publisher_snaps.add_url_rule(
+    "/api/snaps/cve/<snap_name>",
+    view_func=cve_views.has_cves,
+)
+
 
 @publisher_snaps.route("/account/snaps")
 @login_required