-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: ziadhany <[email protected]>
- Loading branch information
Showing
11 changed files
with
131 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Generated by Django 4.2.16 on 2024-10-22 06:49 | ||
|
||
from django.db import migrations, models | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
("vulnerabilities", "0073_delete_packagerelatedvulnerability"), | ||
] | ||
|
||
operations = [ | ||
migrations.AddField( | ||
model_name="package", | ||
name="risk", | ||
field=models.DecimalField( | ||
decimal_places=2, | ||
help_text="Enter a risk score between 0.00 and 10.00, where higher values indicate greater vulnerability risk for the package.", | ||
max_digits=4, | ||
null=True, | ||
), | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
from vulnerabilities.models import Package | ||
from vulnerabilities.pipelines import VulnerableCodePipeline | ||
from vulnerabilities.risk import calculate_pkg_risk | ||
|
||
|
||
class RiskPackagePipeline(VulnerableCodePipeline): | ||
""" | ||
Risk Assessment Pipeline for Package Vulnerabilities: Iterate through the packages and evaluate their associated risk. | ||
""" | ||
|
||
pipeline_id = "risk_package" | ||
license_expression = None | ||
|
||
@classmethod | ||
def steps(cls): | ||
return (cls.add_risk_package,) | ||
|
||
def add_risk_package(self): | ||
self.log(f"Add risk package pipeline ") | ||
|
||
updatables = [] | ||
for pkg in Package.objects.filter(affected_by_vulnerabilities__isnull=False): | ||
risk = calculate_pkg_risk(pkg) | ||
pkg.risk = risk | ||
updatables.append(pkg) | ||
|
||
# Bulk update the 'risk' field for all packages | ||
Package.objects.bulk_update(objs=updatables, fields=["risk"], batch_size=1000) | ||
|
||
self.log(f"Successfully added risk package pipeline ") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
import pytest | ||
|
||
from vulnerabilities.models import AffectedByPackageRelatedVulnerability | ||
from vulnerabilities.models import Package | ||
from vulnerabilities.pipelines.risk_package import RiskPackagePipeline | ||
from vulnerabilities.tests.test_risk import vulnerability | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_simple_risk_pipeline(vulnerability): | ||
pkg = Package.objects.create(type="pypi", name="foo", version="2.3.0") | ||
assert Package.objects.count() == 1 | ||
|
||
improver = RiskPackagePipeline() | ||
improver.execute() | ||
|
||
assert pkg.risk is None | ||
|
||
AffectedByPackageRelatedVulnerability.objects.create(package=pkg, vulnerability=vulnerability) | ||
improver = RiskPackagePipeline() | ||
improver.execute() | ||
|
||
pkg = Package.objects.get(type="pypi", name="foo", version="2.3.0") | ||
assert str(pkg.risk) == str(3.11) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -625,6 +625,7 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self): | |
} | ||
], | ||
"resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/[email protected]", | ||
"risk": None, | ||
} | ||
|
||
assert response == expected | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
{ | ||
"https://nvd\\.nist\\.gov/.*": 9, | ||
"https:\\/\\/security-tracker\\.debian\\.org\\/.*": 9, | ||
"^(?:http|ftp)s?://": 1 | ||
"https://nvd.nist.gov/": 9, | ||
"https://security-tracker.debian.org/": 9 | ||
} |