66# See https://aboutcode.org for more information about AboutCode FOSS projects.
77#
88
9- import decimal
109import logging
1110
1211from django .contrib .postgres .fields import ArrayField
@@ -78,6 +77,8 @@ def added_or_updated_today(self):
7877 return self .filter (last_modified_date__gte = today )
7978
8079
80+ # AdvisoryV2
81+ # https://github.com/aboutcode-org/vulnerablecode/blob/api-integration-dejacode/vulnerabilities/models.py#L3126
8182class Vulnerability (HistoryDateFieldsMixin , DataspacedModel ):
8283 """
8384 A software vulnerability with a unique identifier and alternate aliases.
@@ -90,32 +91,19 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
9091 automatically on object addition or during schedule tasks.
9192 """
9293
93- # The first set of fields are storing data as fetched from VulnerableCode
94- vulnerability_id = models .CharField (
95- max_length = 20 ,
94+ advisory_uid = models .CharField (
95+ max_length = 250 ,
9696 help_text = _ (
97- "A unique identifier for the vulnerability, prefixed with 'VCID-'. "
98- "For example, 'VCID-2024-0001'."
97+ "Unique ID for the datasource used for this advisory ."
98+ "e.g.: pysec_importer_v2/PYSEC-2020-2233"
99+ ),
100+ )
101+ advisory_id = models .CharField (
102+ max_length = 200 ,
103+ help_text = _ (
104+ "An advisory is a vulnerability identifier in some database, such as PYSEC-2020-2233"
99105 ),
100106 )
101- # avid = models.CharField(
102- # max_length=500,
103- # blank=False,
104- # null=False,
105- # help_text=_(
106- # "Unique ID for the datasource used for this advisory ."
107- # "e.g.: pysec_importer_v2/PYSEC-2020-2233"
108- # ),
109- # )
110- # advisory_id = models.CharField(
111- # max_length=500,
112- # blank=False,
113- # null=False,
114- # help_text=_(
115- # "An advisory is a unique vulnerability identifier in some database, "
116- # "such as PYSEC-2020-2233"
117- # ),
118- # )
119107 resource_url = models .URLField (
120108 _ ("Resource URL" ),
121109 max_length = 1024 ,
@@ -133,13 +121,6 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
133121 "(e.g., 'CVE-2017-1000136')."
134122 ),
135123 )
136- references = JSONListField (
137- blank = True ,
138- help_text = _ (
139- "A list of references for this vulnerability. Each reference includes a "
140- "URL, an optional reference ID, scores, and the URL for further details. "
141- ),
142- )
143124 fixed_packages = JSONListField (
144125 blank = True ,
145126 help_text = _ ("A list of packages that are not affected by this vulnerability." ),
@@ -206,20 +187,21 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
206187
207188 class Meta :
208189 verbose_name_plural = "Vulnerabilities"
209- unique_together = (("dataspace" , "vulnerability_id " ), ("dataspace" , "uuid" ))
190+ unique_together = (("dataspace" , "advisory_uid " ), ("dataspace" , "uuid" ))
210191 indexes = [
211- models .Index (fields = ["vulnerability_id " ]),
192+ models .Index (fields = ["advisory_id " ]),
212193 models .Index (fields = ["exploitability" ]),
213194 models .Index (fields = ["weighted_severity" ]),
214195 models .Index (fields = ["risk_score" ]),
196+ models .Index (fields = ["risk_level" ]),
215197 ]
216198
217199 def __str__ (self ):
218200 return self .vulnerability_id
219201
220202 @property
221- def vcid (self ):
222- return self .vulnerability_id
203+ def vulnerability_id (self ):
204+ return self .advisory_id
223205
224206 @property
225207 def cve (self ):
@@ -280,51 +262,51 @@ def as_cyclonedx(self, affected_instances, analysis=None):
280262 url = self .resource_url ,
281263 )
282264
283- references = []
284- ratings = []
285- for reference in self .references :
286- reference_source = cdx_vulnerability .VulnerabilitySource (
287- url = reference .get ("reference_url" ),
288- )
289- references .append (
290- cdx_vulnerability .VulnerabilityReference (
291- id = reference .get ("reference_id" ),
292- source = reference_source ,
293- )
294- )
295-
296- for score_entry in reference .get ("scores" , []):
297- # CycloneDX only support a float value for the score field,
298- # where on the VulnerableCode data it can be either a score float value
299- # or a severity string value.
300- score_value = score_entry .get ("value" )
301- try :
302- score = decimal .Decimal (score_value )
303- severity = None
304- except decimal .DecimalException :
305- score = None
306- severity = getattr (
307- cdx_vulnerability .VulnerabilitySeverity ,
308- score_value .upper (),
309- None ,
310- )
311-
312- ratings .append (
313- cdx_vulnerability .VulnerabilityRating (
314- source = reference_source ,
315- score = score ,
316- severity = severity ,
317- vector = score_entry .get ("scoring_elements" ),
318- )
319- )
265+ # references = []
266+ # ratings = []
267+ # for reference in self.references:
268+ # reference_source = cdx_vulnerability.VulnerabilitySource(
269+ # url=reference.get("reference_url"),
270+ # )
271+ # references.append(
272+ # cdx_vulnerability.VulnerabilityReference(
273+ # id=reference.get("reference_id"),
274+ # source=reference_source,
275+ # )
276+ # )
277+
278+ # for score_entry in reference.get("scores", []):
279+ # # CycloneDX only support a float value for the score field,
280+ # # where on the VulnerableCode data it can be either a score float value
281+ # # or a severity string value.
282+ # score_value = score_entry.get("value")
283+ # try:
284+ # score = decimal.Decimal(score_value)
285+ # severity = None
286+ # except decimal.DecimalException:
287+ # score = None
288+ # severity = getattr(
289+ # cdx_vulnerability.VulnerabilitySeverity,
290+ # score_value.upper(),
291+ # None,
292+ # )
293+
294+ # ratings.append(
295+ # cdx_vulnerability.VulnerabilityRating(
296+ # source=reference_source,
297+ # score=score,
298+ # severity=severity,
299+ # vector=score_entry.get("scoring_elements"),
300+ # )
301+ # )
320302
321303 return cdx_vulnerability .Vulnerability (
322304 id = self .vulnerability_id ,
323305 source = source ,
324306 description = self .summary ,
325307 affects = affects ,
326- references = sorted (references ),
327- ratings = ratings ,
308+ # references=sorted(references),
309+ # ratings=ratings,
328310 analysis = analysis ,
329311 )
330312
0 commit comments