From 3cc94c2ba24518b93cb0366d11398fafcce4dba0 Mon Sep 17 00:00:00 2001 From: tdruez Date: Wed, 4 Sep 2024 14:12:36 +0200 Subject: [PATCH] Add resource_url on the Vulnerability model #95 Signed-off-by: tdruez --- .../tables/vulnerability_list_table.html | 10 +++++++--- .../tabs/tab_vulnerabilities.html | 10 +++++++--- component_catalog/tests/test_views.py | 2 +- component_catalog/views.py | 2 -- .../tabs/tab_vulnerabilities.html | 10 +++++++--- product_portfolio/views.py | 1 - .../0002_vulnerability_resource_url.py | 18 ++++++++++++++++++ vulnerabilities/models.py | 9 +++++++-- .../idna_3.6_as_cyclonedx.json | 2 +- vulnerabilities/tests/test_models.py | 2 ++ vulnerabilities/tests/test_views.py | 19 +++++++++++-------- vulnerabilities/views.py | 3 +-- 12 files changed, 62 insertions(+), 26 deletions(-) create mode 100644 vulnerabilities/migrations/0002_vulnerability_resource_url.py diff --git a/component_catalog/templates/component_catalog/tables/vulnerability_list_table.html b/component_catalog/templates/component_catalog/tables/vulnerability_list_table.html index c6da9176..012e9c6b 100644 --- a/component_catalog/templates/component_catalog/tables/vulnerability_list_table.html +++ b/component_catalog/templates/component_catalog/tables/vulnerability_list_table.html @@ -10,10 +10,14 @@ - + {% if vulnerability.resource_url %} + + {{ vulnerability.vulnerability_id }} + + + {% else %} {{ vulnerability.vulnerability_id }} - - + {% endif %} diff --git a/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html b/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html index 136ef7fe..77b010f8 100644 --- a/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html +++ b/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html @@ -34,10 +34,14 @@ - + {% if vulnerability.resource_url %} + + {{ vulnerability.vulnerability_id }} + + + {% else %} {{ vulnerability.vulnerability_id }} - - + {% endif %} diff --git a/component_catalog/tests/test_views.py b/component_catalog/tests/test_views.py index 4b86d12c..7dcd5f2f 100644 --- a/component_catalog/tests/test_views.py +++ b/component_catalog/tests/test_views.py @@ -1239,7 +1239,7 @@ def test_package_list_multi_send_about_files_view(self): def test_package_details_view_num_queries(self): self.client.login(username=self.super_user.username, password="secret") - with self.assertNumQueries(29): + with self.assertNumQueries(28): self.client.get(self.package1.get_absolute_url()) def test_package_details_view_content(self): diff --git a/component_catalog/views.py b/component_catalog/views.py index 572296ca..5b6bf3f4 100644 --- a/component_catalog/views.py +++ b/component_catalog/views.py @@ -256,7 +256,6 @@ def tab_vulnerabilities(self): if not vulnerabilities_qs: return - vulnerablecode = VulnerableCode(self.object.dataspace) label = ( f"Vulnerabilities" f' {len(vulnerabilities_qs)}' @@ -270,7 +269,6 @@ def tab_vulnerabilities(self): context = { "vulnerabilities": vulnerabilities, - "vulnerablecode_url": vulnerablecode.service_url, } return { diff --git a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html index f189c4d3..1931d05d 100644 --- a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html +++ b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html @@ -7,10 +7,14 @@ - + {% if vulnerability.resource_url %} + + {{ vulnerability.vulnerability_id }} + + + {% else %} {{ vulnerability.vulnerability_id }} - - + {% endif %} diff --git a/product_portfolio/views.py b/product_portfolio/views.py index 68848905..df994e7c 100644 --- a/product_portfolio/views.py +++ b/product_portfolio/views.py @@ -1136,7 +1136,6 @@ def get_context_data(self, **kwargs): "page_obj": page_obj, "total_count": total_count, "search_query": self.request.GET.get("vulnerabilities-q", ""), - "vulnerablecode_url": VulnerableCode(product.dataspace).service_url, } ) diff --git a/vulnerabilities/migrations/0002_vulnerability_resource_url.py b/vulnerabilities/migrations/0002_vulnerability_resource_url.py new file mode 100644 index 00000000..944c25a4 --- /dev/null +++ b/vulnerabilities/migrations/0002_vulnerability_resource_url.py @@ -0,0 +1,18 @@ +# Generated by Django 5.0.6 on 2024-09-04 11:51 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0001_initial'), + ] + + operations = [ + migrations.AddField( + model_name='vulnerability', + name='resource_url', + field=models.URLField(blank=True, help_text='URL of the data source for this Vulnerability.', max_length=1024, verbose_name='Resource URL'), + ), + ] diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index b2f1a43a..dbd789b4 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -61,6 +61,12 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel): "For example, 'VCID-2024-0001'." ), ) + resource_url = models.URLField( + _("Resource URL"), + max_length=1024, + blank=True, + help_text=_("URL of the data source for this Vulnerability."), + ) summary = models.TextField( help_text=_("A brief summary of the vulnerability, outlining its nature and impact."), blank=True, @@ -203,10 +209,9 @@ def as_cyclonedx(self, affected_instances): for instance in affected_instances ] - source_url = f"https://public.vulnerablecode.io/vulnerabilities/{self.vulnerability_id}" source = cdx_vulnerability.VulnerabilitySource( name="VulnerableCode", - url=source_url, + url=self.resource_url, ) references = [] diff --git a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json index 2f579ffc..bac5f524 100644 --- a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json +++ b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json @@ -130,6 +130,6 @@ ], "source": { "name": "VulnerableCode", - "url": "https://public.vulnerablecode.io/vulnerabilities/VCID-j3au-usaz-aaag" + "url": "http://public.vulnerablecode.io/vulnerabilities/VCID-j3au-usaz-aaag" } } \ No newline at end of file diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py index 021a44a7..a504ab9a 100644 --- a/vulnerabilities/tests/test_models.py +++ b/vulnerabilities/tests/test_models.py @@ -149,6 +149,7 @@ def test_vulnerability_model_create_from_data(self): ], }, ], + "resource_url": "http://public.vulnerablecode.io/vulnerabilities/VCID-q4q6-yfng-aaag", } vulnerability1 = Vulnerability.create_from_data( @@ -160,6 +161,7 @@ def test_vulnerability_model_create_from_data(self): self.assertEqual(vulnerability_data["summary"], vulnerability1.summary) self.assertEqual(vulnerability_data["aliases"], vulnerability1.aliases) self.assertEqual(vulnerability_data["references"], vulnerability1.references) + self.assertEqual(vulnerability_data["resource_url"], vulnerability1.resource_url) self.assertEqual(7.5, vulnerability1.min_score) self.assertEqual(7.5, vulnerability1.max_score) self.assertQuerySetEqual(vulnerability1.affected_packages.all(), [package1]) diff --git a/vulnerabilities/tests/test_views.py b/vulnerabilities/tests/test_views.py index 68eb19d8..d08bda62 100644 --- a/vulnerabilities/tests/test_views.py +++ b/vulnerabilities/tests/test_views.py @@ -13,7 +13,6 @@ from component_catalog.tests import make_component from component_catalog.tests import make_package from dje.models import Dataspace -from dje.models import DataspaceConfiguration from dje.tests import create_superuser from vulnerabilities.models import Vulnerability from vulnerabilities.tests import make_vulnerability @@ -27,10 +26,6 @@ def setUp(self): name="Dataspace", enable_vulnerablecodedb_access=True, ) - DataspaceConfiguration.objects.create( - dataspace=self.dataspace, - vulnerablecode_url="vulnerablecode_url/", - ) self.super_user = create_superuser("super_user", self.dataspace) self.component1 = make_component(self.dataspace) @@ -43,7 +38,7 @@ def setUp(self): def test_vulnerability_list_view_num_queries(self): self.client.login(username=self.super_user.username, password="secret") - with self.assertNumQueries(8): + with self.assertNumQueries(7): response = self.client.get(reverse("vulnerabilities:vulnerability_list")) vulnerability_count = Vulnerability.objects.count() @@ -71,11 +66,19 @@ def test_vulnerability_list_view_enable_vulnerablecodedb_access(self): def test_vulnerability_list_view_vulnerability_id_link(self): self.client.login(username=self.super_user.username, password="secret") response = self.client.get(reverse("vulnerabilities:vulnerability_list")) + + expected = f"{self.vulnerability1.vulnerability_id}" + self.assertContains(response, expected, html=True) + + self.vulnerability1.resource_url = ( + f"https://url/vulnerabilities/{self.vulnerability1.vulnerability_id}" + ) + self.vulnerability1.save() expected = f""" - + {self.vulnerability1.vulnerability_id} """ + response = self.client.get(reverse("vulnerabilities:vulnerability_list")) self.assertContains(response, expected, html=True) diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py index 92320c67..f75fdc41 100644 --- a/vulnerabilities/views.py +++ b/vulnerabilities/views.py @@ -44,6 +44,7 @@ def get_queryset(self): .only( "uuid", "vulnerability_id", + "resource_url", "aliases", "summary", "fixed_packages_count", @@ -67,6 +68,4 @@ def get_context_data(self, **kwargs): if not self.dataspace.enable_vulnerablecodedb_access: raise Http404("VulnerableCode access is not enabled.") - vulnerablecode = VulnerableCode(self.dataspace) - context_data["vulnerablecode_url"] = vulnerablecode.service_url return context_data