Add reference score to package endpoint

vulnerabilities/api.py

@@ -155,14 +155,26 @@ class VulnSerializerRefsAndSummary(BaseResourceSerializer):
         many=True, source="filtered_fixed_packages", read_only=True
     )
 
-    references = VulnerabilityReferenceSerializer(many=True, source="vulnerabilityreference_set")
+    references = serializers.SerializerMethodField()
 
     aliases = serializers.SerializerMethodField()
 
     def get_aliases(self, obj):
         # Assuming `obj.aliases` is a queryset of `Alias` objects
         return [alias.alias for alias in obj.aliases.all()]
 
+    def get_references(self, vulnerability):
+        references = vulnerability.vulnerabilityreference_set.all()
+        severities = vulnerability.severities.all()
+
+        serialized_references = VulnerabilityReferenceSerializer(
+            references,
+            context={"severities": severities},
+            many=True,
+        ).data
+
+        return serialized_references
+
     class Meta:
         model = Vulnerability
         fields = ["url", "vulnerability_id", "summary", "references", "fixed_packages", "aliases"]

vulnerabilities/tests/test_api.py

@@ -556,6 +556,22 @@ def setUp(self):
             "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1"
         )
 
+        self.ref = VulnerabilityReference.objects.create(
+            reference_type="advisory", reference_id="CVE-xxx-xxx", url="https://example.com"
+        )
+
+        self.severity = VulnerabilitySeverity.objects.create(
+            url="https://example.com",
+            scoring_system=EPSS.identifier,
+            scoring_elements=".0016",
+            value="0.526",
+        )
+        self.vul1.references.add(self.ref)
+        self.vul1.severities.add(self.severity)
+
+        self.vul3.references.add(self.ref)
+        self.vul3.severities.add(self.severity)
+
         set_as_fixing(package=self.pkg_2_12_6, vulnerability=self.vul3)
 
         set_as_affected_by(package=self.pkg_2_12_6_1, vulnerability=self.vul2)
@@ -587,7 +603,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self):
                     "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul1.id),
                     "vulnerability_id": "VCID-vul1-vul1-vul1",
                     "summary": "This is VCID-vul1-vul1-vul1",
-                    "references": [],
+                    "references": [
+                        {
+                            "reference_url": "https://example.com",
+                            "reference_id": "CVE-xxx-xxx",
+                            "reference_type": "advisory",
+                            "scores": [
+                                {
+                                    "value": "0.526",
+                                    "scoring_system": "epss",
+                                    "scoring_elements": ".0016",
+                                }
+                            ],
+                            "url": "https://example.com",
+                        }
+                    ],
                     "fixed_packages": [
                         {
                             "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id),
@@ -608,7 +638,21 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self):
                     "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id),
                     "vulnerability_id": "VCID-vul3-vul3-vul3",
                     "summary": "This is VCID-vul3-vul3-vul3",
-                    "references": [],
+                    "references": [
+                        {
+                            "reference_url": "https://example.com",
+                            "reference_id": "CVE-xxx-xxx",
+                            "reference_type": "advisory",
+                            "scores": [
+                                {
+                                    "value": "0.526",
+                                    "scoring_system": "epss",
+                                    "scoring_elements": ".0016",
+                                }
+                            ],
+                            "url": "https://example.com",
+                        }
+                    ],
                     "fixed_packages": [
                         {
                             "url": "http://testserver/api/packages/{0}".format(self.pkg_2_12_6.id),