From 5d968e58ec8b149384c58ca267d4cdfff8459d6e Mon Sep 17 00:00:00 2001
From: Tushar Goel <tushar.goel.dav@gmail.com>
Date: Mon, 5 Sep 2022 17:38:49 +0530
Subject: [PATCH] Migrate from VULCOID to VCID #811

Use uuid instead of base36
Reference: https://github.com/nexB/vulnerablecode/issues/811

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
---
 ...20_alter_vulnerability_vulnerability_id.py | 20 ++++++++++++++++++
 .../migrations/0021_vcid_migration.py         | 21 +++++++++++++++++++
 vulnerabilities/models.py                     | 16 +++++++-------
 vulnerabilities/templates/index.html          |  8 +++----
 .../templates/vulnerabilities.html            |  8 +++----
 vulnerabilities/templates/vulnerability.html  |  8 +++----
 vulnerabilities/tests/test_fix_api.py         | 14 ++++++-------
 7 files changed, 67 insertions(+), 28 deletions(-)
 create mode 100644 vulnerabilities/migrations/0020_alter_vulnerability_vulnerability_id.py
 create mode 100644 vulnerabilities/migrations/0021_vcid_migration.py

diff --git a/vulnerabilities/migrations/0020_alter_vulnerability_vulnerability_id.py b/vulnerabilities/migrations/0020_alter_vulnerability_vulnerability_id.py
new file mode 100644
index 000000000..d62da9ba6
--- /dev/null
+++ b/vulnerabilities/migrations/0020_alter_vulnerability_vulnerability_id.py
@@ -0,0 +1,20 @@
+# Generated by Django 4.0.4 on 2022-09-05 11:40
+
+from django.db import migrations
+from django.db import models
+import vulnerabilities.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0019_alter_vulnerabilityreference_options'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='vulnerability',
+            name='vulnerability_id',
+            field=models.CharField(blank=True, default=vulnerabilities.models.get_vcid, help_text='Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-', max_length=45, unique=True),
+        ),
+    ]
diff --git a/vulnerabilities/migrations/0021_vcid_migration.py b/vulnerabilities/migrations/0021_vcid_migration.py
new file mode 100644
index 000000000..715001e04
--- /dev/null
+++ b/vulnerabilities/migrations/0021_vcid_migration.py
@@ -0,0 +1,21 @@
+from django.db import migrations
+from django.db.models import Q
+
+from vulnerabilities.models import get_vcid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0020_alter_vulnerability_vulnerability_id'),
+    ]
+
+    def save_vulnerability_id(apps, schema_editor):
+        Vulnerabilities = apps.get_model("vulnerabilities", "Vulnerability")
+        for vulnerability in Vulnerabilities.objects.filter(~Q(vulnerability_id__startswith="VCID-")):
+            vulnerability.vulnerability_id = get_vcid()
+            vulnerability.save()
+
+    operations = [
+        migrations.RunPython(save_vulnerability_id, migrations.RunPython.noop)
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index 457391fae..6c04751c8 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -18,7 +18,6 @@
 from django.core.validators import MinValueValidator
 from django.db import models
 from django.dispatch import receiver
-from django.utils.http import int_to_base36
 from packageurl import PackageURL
 from packageurl.contrib.django.models import PackageURLMixin
 from rest_framework.authtoken.models import Token
@@ -32,6 +31,10 @@
 logger = logging.getLogger(__name__)
 
 
+def get_vcid():
+    return f"VCID-{uuid.uuid4()}"
+
+
 class Vulnerability(models.Model):
     """
     A software vulnerability with minimal information. Unique identifiers are
@@ -41,9 +44,10 @@ class Vulnerability(models.Model):
     vulnerability_id = models.CharField(
         unique=True,
         blank=True,
-        max_length=20,
+        max_length=45,
+        default=get_vcid,
         help_text="Unique identifier for a vulnerability in the external representation. "
-        "It is prefixed with VULCOID-",
+        "It is prefixed with VCID-",
     )
 
     summary = models.TextField(
@@ -59,12 +63,6 @@ class Vulnerability(models.Model):
         through="PackageRelatedVulnerability",
     )
 
-    def save(self, *args, **kwargs):
-        super().save(*args, **kwargs)
-        if not self.vulnerability_id:
-            self.vulnerability_id = f"VULCOID-{int_to_base36(self.id).upper()}"
-            super().save(update_fields=["vulnerability_id"])
-
     @property
     def vulnerable_to(self):
         """
diff --git a/vulnerabilities/templates/index.html b/vulnerabilities/templates/index.html
index dbe122ebb..0ba1a2fc4 100644
--- a/vulnerabilities/templates/index.html
+++ b/vulnerabilities/templates/index.html
@@ -84,16 +84,16 @@
                 <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
                     <div class="dropdown-content dropdown-instructions-box-shadow">
                         <div class="dropdown-item">
-                            <div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
+                            <div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
                                 <ul>
                                     <li>
-                                        Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
+                                        Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
                                     </li>
                                     <li>
-                                        Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
+                                        Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
                                     </li>
                                     <li>
-                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
+                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
                                     </li>
                                 </ul>
                             </div>
diff --git a/vulnerabilities/templates/vulnerabilities.html b/vulnerabilities/templates/vulnerabilities.html
index 87489050f..a37338772 100644
--- a/vulnerabilities/templates/vulnerabilities.html
+++ b/vulnerabilities/templates/vulnerabilities.html
@@ -21,16 +21,16 @@
                 <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
                     <div class="dropdown-content dropdown-instructions-box-shadow">
                         <div class="dropdown-item">
-                            <div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
+                            <div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
                                 <ul>
                                     <li>
-                                        Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
+                                        Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
                                     </li>
                                     <li>
-                                        Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
+                                        Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
                                     </li>
                                     <li>
-                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
+                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
                                     </li>
                                 </ul>
                             </div>
diff --git a/vulnerabilities/templates/vulnerability.html b/vulnerabilities/templates/vulnerability.html
index e8b3c58f8..ee2afc4d3 100644
--- a/vulnerabilities/templates/vulnerability.html
+++ b/vulnerabilities/templates/vulnerability.html
@@ -21,16 +21,16 @@
                 <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
                     <div class="dropdown-content dropdown-instructions-box-shadow">
                         <div class="dropdown-item">
-                            <div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
+                            <div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
                                 <ul>
                                     <li>
-                                        Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
+                                        Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-1").
                                     </li>
                                     <li>
-                                        Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
+                                        Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
                                     </li>
                                     <li>
-                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
+                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
                                     </li>
                                 </ul>
                             </div>
diff --git a/vulnerabilities/tests/test_fix_api.py b/vulnerabilities/tests/test_fix_api.py
index db6491820..16512e33f 100644
--- a/vulnerabilities/tests/test_fix_api.py
+++ b/vulnerabilities/tests/test_fix_api.py
@@ -59,7 +59,7 @@ def test_api_with_single_vulnerability(self):
         ).data
         assert response == {
             "url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
-            "vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
+            "vulnerability_id": self.vulnerability.vulnerability_id,
             "summary": "test",
             "aliases": [],
             "fixed_packages": [
@@ -84,7 +84,7 @@ def test_api_with_single_vulnerability_with_filters(self):
         ).data
         assert response == {
             "url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
-            "vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
+            "vulnerability_id": self.vulnerability.vulnerability_id,
             "summary": "test",
             "aliases": [],
             "fixed_packages": [
@@ -182,7 +182,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
             "affected_by_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
-                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
+                    "vulnerability_id": self.vuln1.vulnerability_id,
                     "summary": "test-vuln1",
                     "references": [],
                     "fixed_packages": [],
@@ -191,7 +191,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
             "fixing_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
+                    "vulnerability_id": self.vuln.vulnerability_id,
                     "summary": "test-vuln",
                     "references": [],
                     "fixed_packages": [
@@ -206,7 +206,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
             "unresolved_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
-                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
+                    "vulnerability_id": self.vuln1.vulnerability_id,
                     "summary": "test-vuln1",
                     "references": [],
                     "fixed_packages": [],
@@ -228,7 +228,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
             "affected_by_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
+                    "vulnerability_id": self.vuln.vulnerability_id,
                     "summary": "test-vuln",
                     "references": [],
                     "fixed_packages": [
@@ -244,7 +244,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
             "unresolved_vulnerabilities": [
                 {
                     "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
+                    "vulnerability_id": self.vuln.vulnerability_id,
                     "summary": "test-vuln",
                     "references": [],
                     "fixed_packages": [