Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ProductVulnerabilityAnalysis model implementation #98 #187

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions dejacode/static/css/dejacode_bootstrap.css
Original file line number Diff line number Diff line change
Expand Up @@ -386,8 +386,11 @@ table.vulnerabilities-table .column-summary {
#tab_vulnerabilities .column-max_score {
width: 105px;
}
#tab_vulnerabilities .column-column-affected_packages {
width: 320px;
#tab_vulnerabilities .column-affected_packages {
min-width: 200px;
}
#tab_vulnerabilities .column-summary {
width: 300px;
}

/* -- Dependency tab -- */
Expand Down
42 changes: 42 additions & 0 deletions product_portfolio/migrations/0008_productvulnerabilityanalysis.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Generated by Django 5.0.9 on 2024-10-24 09:03

import django.contrib.postgres.fields
import django.db.models.deletion
import dje.fields
import uuid
from django.conf import settings
from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('dje', '0004_dataspace_vulnerabilities_updated_at'),
('product_portfolio', '0007_alter_scancodeproject_type'),
('vulnerabilities', '0001_initial'),
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
]

operations = [
migrations.CreateModel(
name='ProductVulnerabilityAnalysis',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('uuid', models.UUIDField(default=uuid.uuid4, editable=False, verbose_name='UUID')),
('state', models.CharField(blank=True, choices=[('resolved', 'Resolved'), ('resolved_with_pedigree', 'Resolved With Pedigree'), ('exploitable', 'Exploitable'), ('in_triage', 'In Triage'), ('false_positive', 'False Positive'), ('not_affected', 'Not Affected')], help_text='Declares the current state of an occurrence of a vulnerability, after automated or manual analysis.', max_length=25)),
('justification', models.CharField(blank=True, choices=[('code_not_present', 'Code Not Present'), ('code_not_reachable', 'Code Not Reachable'), ('protected_at_perimeter', 'Protected At Perimeter'), ('protected_at_runtime', 'Protected At Runtime'), ('protected_by_compiler', 'Protected By Compiler'), ('protected_by_mitigating_control', 'Protected By Mitigating Control'), ('requires_configuration', 'Requires Configuration'), ('requires_dependency', 'Requires Dependency'), ('requires_environment', 'Requires Environment')], help_text='The rationale of why the impact analysis state was asserted.', max_length=35)),
('responses', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(choices=[('can_not_fix', 'Can Not Fix'), ('rollback', 'Rollback'), ('update', 'Update'), ('will_not_fix', 'Will Not Fix'), ('workaround_available', 'Workaround Available')], max_length=20), blank=True, help_text='A response to the vulnerability by the manufacturer, supplier, or project responsible for the affected component or service. More than one response is allowed. Responses are strongly encouraged for vulnerabilities where the analysis state is exploitable.', null=True, size=None)),
('detail', models.TextField(blank=True, help_text='Detailed description of the impact including methods used during assessment. If a vulnerability is not exploitable, this field should include specific details on why the component or service is not impacted by this vulnerability.')),
('first_issued', models.DateTimeField(auto_now_add=True, help_text='The date and time (timestamp) when the analysis was first issued.')),
('last_updated', models.DateTimeField(auto_now=True, help_text='The date and time (timestamp) when the analysis was last updated.')),
('created_by', models.ForeignKey(editable=False, help_text='The application user who created the object.', null=True, on_delete=django.db.models.deletion.PROTECT, related_name='created_%(class)ss', serialize=False, to=settings.AUTH_USER_MODEL)),
('dataspace', models.ForeignKey(editable=False, help_text='A Dataspace is an independent, exclusive set of DejaCode data, which can be either nexB master reference data or installation-specific data.', on_delete=django.db.models.deletion.PROTECT, to='dje.dataspace')),
('last_modified_by', dje.fields.LastModifiedByField(editable=False, help_text='The application user who last modified the object.', null=True, on_delete=django.db.models.deletion.PROTECT, related_name='modified_%(class)ss', serialize=False, to=settings.AUTH_USER_MODEL)),
('product', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='vulnerability_analyses', to='product_portfolio.product')),
('vulnerability', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='product_vulnerability_analyses', to='vulnerabilities.vulnerability')),
],
options={
'unique_together': {('dataspace', 'uuid'), ('product', 'vulnerability')},
},
),
]
25 changes: 25 additions & 0 deletions product_portfolio/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,14 @@
from dje.models import History
from dje.models import HistoryFieldsMixin
from dje.models import ReferenceNotesMixin
from dje.models import HistoryUserFieldsMixin
from dje.models import colored_icon_mixin_factory
from dje.validators import generic_uri_validator
from dje.validators import validate_url_segment
from dje.validators import validate_version
from vulnerabilities.fetch import fetch_for_queryset
from vulnerabilities.models import Vulnerability
from vulnerabilities.models import VulnerabilityAnalysisMixin

RELATION_LICENSE_EXPRESSION_HELP_TEXT = _(
"The License Expression assigned to a DejaCode Product Package or Product "
Expand Down Expand Up @@ -1466,3 +1468,26 @@ def save(self, *args, **kwargs):
"The 'for_package' cannot be the same as 'resolved_to_package'."
)
super().save(*args, **kwargs)


class ProductVulnerabilityAnalysis(
VulnerabilityAnalysisMixin,
HistoryUserFieldsMixin,
DataspacedModel,
):
product = models.ForeignKey(
to="product_portfolio.Product",
related_name="vulnerability_analyses",
on_delete=models.CASCADE,
)
vulnerability = models.ForeignKey(
to="vulnerabilities.Vulnerability",
related_name="product_vulnerability_analyses",
on_delete=models.CASCADE,
)

class Meta:
unique_together = (("product", "vulnerability"), ("dataspace", "uuid"))

def __str__(self):
return f"{self.vulnerability} analysis in {self.product}."
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@
{% endfor %}
</ul>
</td>
<td>
{% if vulnerability.product_vulnerability_analyses.get %}
<ul class="list-unstyled mb-0">
<li>State: {{ vulnerability.product_vulnerability_analyses.get.state }}</li>
<li>Justification: {{ vulnerability.product_vulnerability_analyses.get.justification }}</li>
<li>Responses: {{ vulnerability.product_vulnerability_analyses.get.responses }}</li>
<li>Detail: {{ vulnerability.product_vulnerability_analyses.get.detail }}</li>
</ul>
{% endif %}
</td>
</tr>
{% empty %}
<tr>
Expand Down
1 change: 1 addition & 0 deletions product_portfolio/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -1100,6 +1100,7 @@ class ProductTabVulnerabilitiesView(
Header("max_score", _("Score"), help_text="Severity score range", filter="max_score"),
Header("summary", _("Summary")),
Header("affected_packages", _("Affected packages"), help_text="Affected product packages"),
Header("exploitability", _("Exploitability analysis"), help_text="TODO"),
)

def get_context_data(self, **kwargs):
Expand Down
2 changes: 1 addition & 1 deletion vulnerabilities/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ class State(models.TextChoices):
class Justification(models.TextChoices):
CODE_NOT_PRESENT = "code_not_present"
CODE_NOT_REACHABLE = "code_not_reachable"
PROTECTED_AT_PERIMITER = "protected_at_perimeter"
PROTECTED_AT_PERIMETER = "protected_at_perimeter"
PROTECTED_AT_RUNTIME = "protected_at_runtime"
PROTECTED_BY_COMPILER = "protected_by_compiler"
PROTECTED_BY_MITIGATING_CONTROL = "protected_by_mitigating_control"
Expand Down
Loading