Update the API so it returns an empty list if no filter

ziadhany · ziadhany · commit b3ce36d59a1e · 2026-05-15T22:22:37.000+03:00
Make sure to use api_v3
Fix a css width for rule_metadat and rule text
Resolve merge conflict

Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/api_v2.py b/vulnerabilities/api_v2.py
@@ -26,11 +26,8 @@
 from rest_framework.reverse import reverse
 from rest_framework.throttling import AnonRateThrottle
 
-from vulnerabilities.models import AdvisoryV2
 from vulnerabilities.models import CodeFix
 from vulnerabilities.models import CodeFixV2
-from vulnerabilities.models import DetectionRule
-from vulnerabilities.models import ImpactedPackage
 from vulnerabilities.models import Package
 from vulnerabilities.models import PipelineRun
 from vulnerabilities.models import PipelineSchedule
@@ -852,36 +849,3 @@ def get_view_name(self):
         if self.detail:
             return "Pipeline Instance"
         return "Pipeline Jobs"
-
-
-class DetectionRuleFilter(filters.FilterSet):
-    advisory_avid = filters.CharFilter(field_name="related_advisories__avid", lookup_expr="exact")
-
-    rule_text_contains = filters.CharFilter(field_name="rule_text", lookup_expr="icontains")
-
-    class Meta:
-        model = DetectionRule
-        fields = ["rule_type"]
-
-
-class DetectionRuleSerializer(serializers.ModelSerializer):
-    advisory_avid = serializers.SerializerMethodField()
-
-    class Meta:
-        model = DetectionRule
-        fields = ["rule_type", "source_url", "rule_metadata", "rule_text", "advisory_avid"]
-
-    def get_advisory_avid(self, obj):
-        avids = set(advisory.avid for advisory in obj.related_advisories.all())
-        return sorted(list(avids))
-
-
-class DetectionRuleViewSet(viewsets.ReadOnlyModelViewSet):
-    advisories_prefetch = Prefetch(
-        "related_advisories", queryset=AdvisoryV2.objects.only("id", "avid").distinct()
-    )
-    queryset = DetectionRule.objects.prefetch_related(advisories_prefetch)
-    serializer_class = DetectionRuleSerializer
-    throttle_classes = [AnonRateThrottle, PermissionBasedUserRateThrottle]
-    filter_backends = [filters.DjangoFilterBackend]
-    filterset_class = DetectionRuleFilter
diff --git a/vulnerabilities/api_v3.py b/vulnerabilities/api_v3.py
@@ -30,6 +30,7 @@
 from vulnerabilities.models import AdvisorySeverity
 from vulnerabilities.models import AdvisoryV2
 from vulnerabilities.models import AdvisoryWeakness
+from vulnerabilities.models import DetectionRule
 from vulnerabilities.models import Group
 from vulnerabilities.models import GroupedAdvisory
 from vulnerabilities.models import ImpactedPackageAffecting
@@ -704,3 +705,47 @@ def get_fixing_advisories_bulk(packages):
         result[package.id] = grouped
 
     return result
+
+
+class DetectionRuleFilter(filters.FilterSet):
+    advisory_avid = filters.CharFilter(field_name="related_advisories__avid", lookup_expr="exact")
+
+    rule_text_contains = filters.CharFilter(field_name="rule_text", lookup_expr="icontains")
+
+    class Meta:
+        model = DetectionRule
+        fields = ["rule_type"]
+
+
+class DetectionRuleSerializer(serializers.ModelSerializer):
+    advisory_avid = serializers.SerializerMethodField()
+
+    class Meta:
+        model = DetectionRule
+        fields = ["rule_type", "source_url", "rule_metadata", "rule_text", "advisory_avid"]
+
+    def get_advisory_avid(self, obj):
+        avids = {advisory.avid for advisory in obj.related_advisories.all()}
+        return sorted(avids)
+
+
+class DetectionRuleViewSet(viewsets.ReadOnlyModelViewSet):
+    advisories_prefetch = Prefetch(
+        "related_advisories", queryset=AdvisoryV2.objects.only("id", "avid").distinct()
+    )
+    queryset = DetectionRule.objects.prefetch_related(advisories_prefetch)
+    serializer_class = DetectionRuleSerializer
+    throttle_classes = [AnonRateThrottle, PermissionBasedUserRateThrottle]
+    filter_backends = [filters.DjangoFilterBackend]
+    filterset_class = DetectionRuleFilter
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        query_params = ["advisory_avid", "rule_text_contains", "rule_type"]
+        has_query_params = any(
+            query_param in self.request.query_params for query_param in query_params
+        )
+        if not has_query_params:
+            return queryset.none()
+
+        return queryset
diff --git a/vulnerabilities/migrations/0130_detectionrule.py b/vulnerabilities/migrations/0130_detectionrule.py
@@ -0,0 +1,65 @@
+# Generated by Django 5.2.11 on 2026-05-15 19:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0129_advisorypoc"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="DetectionRule",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "rule_type",
+                    models.CharField(
+                        choices=[
+                            ("yara", "Yara"),
+                            ("yara-x", "Yara-X"),
+                            ("sigma", "Sigma"),
+                            ("clamav", "ClamAV"),
+                            ("suricata", "Suricata"),
+                        ],
+                        help_text="The type of the detection rule content (e.g., YARA, Sigma).",
+                        max_length=50,
+                    ),
+                ),
+                (
+                    "source_url",
+                    models.URLField(
+                        help_text="URL to the original source or reference for this rule.",
+                        max_length=1024,
+                    ),
+                ),
+                (
+                    "rule_metadata",
+                    models.JSONField(
+                        blank=True,
+                        help_text="Additional structured data such as tags, or author information.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "rule_text",
+                    models.TextField(help_text="The content of the detection signature."),
+                ),
+                (
+                    "related_advisories",
+                    models.ManyToManyField(
+                        help_text="Advisories associated with this DetectionRule.",
+                        related_name="detection_rules",
+                        to="vulnerabilities.advisoryv2",
+                    ),
+                ),
+            ],
+        ),
+    ]
diff --git a/vulnerabilities/templates/detection_rules.html b/vulnerabilities/templates/detection_rules.html
@@ -30,8 +30,8 @@
                 <thead>
                     <tr>
                         <th>Type</th>
-                        <th>Metadata</th>
-                        <th>Text</th>
+                        <th colspan="width: 200px;">Metadata</th>
+                        <th colspan="width: 100px;">Text</th>
                         <th>Source URL</th>
                         <th>Advisory IDs</th>
                     </tr>
diff --git a/vulnerablecode/urls.py b/vulnerablecode/urls.py
@@ -22,12 +22,12 @@
 from vulnerabilities.api import VulnerabilityViewSet
 from vulnerabilities.api_v2 import CodeFixV2ViewSet
 from vulnerabilities.api_v2 import CodeFixViewSet
-from vulnerabilities.api_v2 import DetectionRuleViewSet
 from vulnerabilities.api_v2 import PackageV2ViewSet
 from vulnerabilities.api_v2 import PipelineScheduleV2ViewSet
 from vulnerabilities.api_v2 import VulnerabilityV2ViewSet
 from vulnerabilities.api_v3 import AdvisoryV3ViewSet
 from vulnerabilities.api_v3 import AffectedByAdvisoriesViewSet
+from vulnerabilities.api_v3 import DetectionRuleViewSet
 from vulnerabilities.api_v3 import FixingAdvisoriesViewSet
 from vulnerabilities.api_v3 import PackageV3ViewSet
 from vulnerabilities.views import AdminLoginView
