diff --git a/vulnerabilities/fetch.py b/vulnerabilities/fetch.py index 986cac57..7d3af061 100644 --- a/vulnerabilities/fetch.py +++ b/vulnerabilities/fetch.py @@ -144,14 +144,10 @@ def notify_vulnerability_data_update(dataspace): Trigger the notifications related to fetching vulnerability data from VulnerableCode. """ - # today = timezone.now().date() - vulnerability_qs = Vulnerability.objects.scope( - dataspace - ) # .filter(last_modified_date__date=today) + vulnerability_qs = Vulnerability.objects.scope(dataspace).added_or_updated_today() package_qs = Package.objects.scope(dataspace).filter( affected_by_vulnerabilities__in=vulnerability_qs ) - # product_qs = Product.objects.scope(dataspace).filter(packages=package_qs) vulnerability_count = vulnerability_qs.count() if not vulnerability_count: @@ -160,6 +156,16 @@ def notify_vulnerability_data_update(dataspace): package_count = package_qs.count() subject = "[DejaCode] New vulnerabilities detected!" + # 1. Webhooks (simple message) + message = f"{vulnerability_count} vulnerabilities affecting {package_count} packages" + find_and_fire_hook( + "vulnerability.data_update", + instance=None, + dataspace=dataspace, + payload_override={"text": f"{subject}\n{message}"}, + ) + + # 2. Internal notifications (message with internal links) # TODO: Add filter by ?last_modified_date=today package_list_url = reverse("component_catalog:package_list") package_link = ( @@ -171,18 +177,8 @@ def notify_vulnerability_data_update(dataspace): f'{vulnerability_count} ' f"vulnerabilities" ) - message = f"{vulnerability_link} affecting {package_link}" - # 1. Webhooks - find_and_fire_hook( - "vulnerability.data_update", - instance=None, - dataspace=dataspace, - payload_override={"text": f"{subject}\n{message}"}, - ) - - # 2. Internal notifications users_to_notify = DejacodeUser.objects.get_vulnerability_notifications_users(dataspace) for user in users_to_notify: user.internal_notify( diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index 8f856303..e0437128 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -13,7 +13,7 @@ from django.db import models from django.db.models import Count from django.utils.translation import gettext_lazy as _ - +from django.utils import timezone from cyclonedx.model import vulnerability as cdx_vulnerability from dje.fields import JSONListField @@ -49,6 +49,10 @@ def order_by_risk(self): models.F("exploitability").desc(nulls_last=True), ) + def added_or_updated_today(self): + today = timezone.now().replace(hour=0, minute=0, second=0) + return self.filter(last_modified_date__gte=today) + class Vulnerability(HistoryDateFieldsMixin, DataspacedModel): """