Group advisories with same content

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

vulnerabilities/migrations/0113_advisoryv2_precedence.py

@@ -0,0 +1,22 @@
+# Generated by Django 4.2.25 on 2026-02-10 12:46
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0112_alter_advisoryseverity_scoring_system_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="advisoryv2",
+            name="precedence",
+            field=models.IntegerField(
+                blank=True,
+                help_text="Precedence indicates the priority of advisory from different datasources. It is determined based on the reliability of the datasource and how close it is to the source.",
+                null=True,
+            ),
+        ),
+    ]

vulnerabilities/models.py

@@ -10,6 +10,7 @@
 import csv
 import datetime
 import hashlib
+import json
 import logging
 import uuid
 import xml.etree.ElementTree as ET
@@ -68,7 +69,7 @@
 from vulnerabilities.importer import AdvisoryDataV2
 from vulnerabilities.severity_systems import EPSS
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
-from vulnerabilities.utils import compute_patch_checksum
+from vulnerabilities.utils import compute_patch_checksum, normalize_list, normalize_text
 from vulnerabilities.utils import normalize_purl
 from vulnerabilities.utils import purl_to_dict
 from vulnerablecode import __version__ as VULNERABLECODE_VERSION
@@ -2988,11 +2989,11 @@ class AdvisoryV2(models.Model):
         help_text="Weighted severity is the highest value calculated by multiplying each severity by its corresponding weight, divided by 10.",
     )
 
-    # precedence = models.IntegerField(
-    #     null=True,
-    #     blank=True,
-    #     help_text="Precedence indicates the priority level of addressing a vulnerability based on its overall risk",
-    # )
+    precedence = models.IntegerField(
+        null=True,
+        blank=True,
+        help_text="Precedence indicates the priority of advisory from different datasources. It is determined based on the reliability of the datasource and how close it is to the source.",
+    )
 
     @property
     def risk_score(self):
@@ -3057,6 +3058,35 @@ def get_aliases(self):
         Return a queryset of all Aliases for this vulnerability.
         """
         return self.aliases.all()
+    
+    def compute_advisory_content(self):
+        """
+        Compute a unique content hash for an advisory by normalizing its data and hashing it.
+
+        :param advisory: An Advisory object
+        :return: SHA-256 hash digest as content hash
+        """
+        normalized_data = {
+            "summary": normalize_text(self.summary),
+            "impacted_packages": sorted(
+                [impact.to_dict() for impact in self.impacted_packages.all()],
+                key=lambda x: json.dumps(x, sort_keys=True),
+            ),
+            "patches": sorted(
+                [patch.to_patch_data().to_dict() for patch in self.patches.all()],
+                key=lambda x: json.dumps(x, sort_keys=True),
+            ),
+            "severities": sorted(
+                [sev.to_vulnerability_severity_data().to_dict() for sev in self.severities.all()],
+                key=lambda x: (x.get("system"), x.get("value")),
+            ),
+            "weaknesses": normalize_list([weakness.cwe_id for weakness in self.weaknesses.all()]),
+        }
+
+        normalized_json = json.dumps(normalized_data, separators=(",", ":"), sort_keys=True)
+        content_hash = hashlib.sha256(normalized_json.encode("utf-8")).hexdigest()
+
+        return content_hash
 
     alias = get_aliases
 

vulnerabilities/utils.py

@@ -678,12 +678,16 @@ def compute_content_id_v2(advisory_data):
         normalized_data = {
             "aliases": normalize_list(advisory_data.aliases),
             "summary": normalize_text(advisory_data.summary),
-            "affected_packages": [
-                pkg for pkg in normalize_list(advisory_data.affected_packages) if pkg
-            ],
+            "impacted_packages": sorted(
+                [impact.to_dict() for impact in advisory_data.impacted_packages.all()],
+                key=lambda x: json.dumps(x, sort_keys=True),
+            ),
+            "patches": sorted(
+                [patch.to_patch_data().to_dict() for patch in advisory_data.patches.all()],
+                key=lambda x: json.dumps(x, sort_keys=True),
+            ),
             "references": [ref for ref in normalize_list(advisory_data.references) if ref],
             "weaknesses": normalize_list(advisory_data.weaknesses),
-            "patches": normalize_list(advisory_data.patches),
         }
         normalized_data["url"] = advisory_data.url