Skip to content

Commit

Permalink
Migrate from VULCOID to VCID aboutcode-org#811
Browse files Browse the repository at this point in the history
Use uuid instead of base36
Reference: aboutcode-org#811

Signed-off-by: Tushar Goel <[email protected]>
  • Loading branch information
TG1999 committed Sep 5, 2022
1 parent 9f89bca commit 5d968e5
Show file tree
Hide file tree
Showing 7 changed files with 67 additions and 28 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Generated by Django 4.0.4 on 2022-09-05 11:40

from django.db import migrations
from django.db import models
import vulnerabilities.models


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0019_alter_vulnerabilityreference_options'),
]

operations = [
migrations.AlterField(
model_name='vulnerability',
name='vulnerability_id',
field=models.CharField(blank=True, default=vulnerabilities.models.get_vcid, help_text='Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-', max_length=45, unique=True),
),
]
21 changes: 21 additions & 0 deletions vulnerabilities/migrations/0021_vcid_migration.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
from django.db import migrations
from django.db.models import Q

from vulnerabilities.models import get_vcid


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0020_alter_vulnerability_vulnerability_id'),
]

def save_vulnerability_id(apps, schema_editor):
Vulnerabilities = apps.get_model("vulnerabilities", "Vulnerability")
for vulnerability in Vulnerabilities.objects.filter(~Q(vulnerability_id__startswith="VCID-")):
vulnerability.vulnerability_id = get_vcid()
vulnerability.save()

operations = [
migrations.RunPython(save_vulnerability_id, migrations.RunPython.noop)
]
16 changes: 7 additions & 9 deletions vulnerabilities/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
from django.core.validators import MinValueValidator
from django.db import models
from django.dispatch import receiver
from django.utils.http import int_to_base36
from packageurl import PackageURL
from packageurl.contrib.django.models import PackageURLMixin
from rest_framework.authtoken.models import Token
Expand All @@ -32,6 +31,10 @@
logger = logging.getLogger(__name__)


def get_vcid():
return f"VCID-{uuid.uuid4()}"


class Vulnerability(models.Model):
"""
A software vulnerability with minimal information. Unique identifiers are
Expand All @@ -41,9 +44,10 @@ class Vulnerability(models.Model):
vulnerability_id = models.CharField(
unique=True,
blank=True,
max_length=20,
max_length=45,
default=get_vcid,
help_text="Unique identifier for a vulnerability in the external representation. "
"It is prefixed with VULCOID-",
"It is prefixed with VCID-",
)

summary = models.TextField(
Expand All @@ -59,12 +63,6 @@ class Vulnerability(models.Model):
through="PackageRelatedVulnerability",
)

def save(self, *args, **kwargs):
super().save(*args, **kwargs)
if not self.vulnerability_id:
self.vulnerability_id = f"VULCOID-{int_to_base36(self.id).upper()}"
super().save(update_fields=["vulnerability_id"])

@property
def vulnerable_to(self):
"""
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -84,16 +84,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/vulnerabilities.html
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/vulnerability.html
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
14 changes: 7 additions & 7 deletions vulnerabilities/tests/test_fix_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def test_api_with_single_vulnerability(self):
).data
assert response == {
"url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
"vulnerability_id": self.vulnerability.vulnerability_id,
"summary": "test",
"aliases": [],
"fixed_packages": [
Expand All @@ -84,7 +84,7 @@ def test_api_with_single_vulnerability_with_filters(self):
).data
assert response == {
"url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
"vulnerability_id": self.vulnerability.vulnerability_id,
"summary": "test",
"aliases": [],
"fixed_packages": [
Expand Down Expand Up @@ -182,7 +182,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"affected_by_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
"vulnerability_id": self.vuln1.vulnerability_id,
"summary": "test-vuln1",
"references": [],
"fixed_packages": [],
Expand All @@ -191,7 +191,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"fixing_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand All @@ -206,7 +206,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"unresolved_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
"vulnerability_id": self.vuln1.vulnerability_id,
"summary": "test-vuln1",
"references": [],
"fixed_packages": [],
Expand All @@ -228,7 +228,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
"affected_by_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand All @@ -244,7 +244,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
"unresolved_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand Down

0 comments on commit 5d968e5

Please sign in to comment.