fix: ignore conflicts while bulk creating v2 packages

- This is a TOCTOU problem when multiple workers try to create the same PURL

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/models.py

@@ -3406,7 +3406,6 @@ def bulk_get_or_create_from_purls(self, purls: List[Union[PackageURL, str]]):
         existing_packages = PackageV2.objects.filter(package_url__in=purl_strings)
         existing_purls = set(existing_packages.values_list("package_url", flat=True))
 
-        all_packages = list(existing_packages)
         packages_to_create = []
         for purl in purls:
             if str(purl) in existing_purls:
@@ -3425,13 +3424,12 @@ def bulk_get_or_create_from_purls(self, purls: List[Union[PackageURL, str]]):
             packages_to_create.append(PackageV2(**purl_dict))
 
         try:
-            new_packages = PackageV2.objects.bulk_create(packages_to_create)
+            PackageV2.objects.bulk_create(packages_to_create, ignore_conflicts=True)
         except Exception as e:
             logging.error(f"Error creating PackageV2: {e} \n {traceback_format_exc()}")
             return []
 
-        all_packages.extend(new_packages)
-        return all_packages
+        return PackageV2.objects.filter(package_url__in=purl_strings)
 
     def only_vulnerable(self):
         return self._vulnerable(True)