Skip to content

Commit

Permalink
Migrate from VULCOID to VCID #811
Browse files Browse the repository at this point in the history 
Use uuid instead of base36
Reference: #811

Signed-off-by: Tushar Goel <[email protected]>
  • Loading branch information
@TG1999
TG1999 committed Sep 6, 2022
1 parent bf17aa4 commit bef49a2
Show file tree
Hide file tree
Showing 9 changed files with 97 additions and 28 deletions.
1 change: 1 addition & 0 deletions setup.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ install_requires =
defusedxml>=0.7.1
Markdown>=3.3.0
dateparser>=1.1.1
shortuuid>=1.0.0

# networking
GitPython>=3.1.17
Expand Down
19 changes: 19 additions & 0 deletions vulnerabilities/migrations/0022_alter_vulnerability_vulnerability_id.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Generated by Django 4.0.4 on 2022-09-06 11:22

from django.db import migrations, models
import vulnerabilities.models


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0021_alter_vulnerabilityreference_url'),
]

operations = [
migrations.AlterField(
model_name='vulnerability',
name='vulnerability_id',
field=models.CharField(blank=True, default=vulnerabilities.models.get_vcid, help_text='Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-', max_length=20, unique=True),
),
]
21 changes: 21 additions & 0 deletions vulnerabilities/migrations/0023_vcid_migration.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
from django.db import migrations
from django.db.models import Q

from vulnerabilities.models import get_vcid


class Migration(migrations.Migration):

dependencies = [
('vulnerabilities', '0022_alter_vulnerability_vulnerability_id'),
]

def save_vulnerability_id(apps, schema_editor):
Vulnerabilities = apps.get_model("vulnerabilities", "Vulnerability")
for vulnerability in Vulnerabilities.objects.filter(~Q(vulnerability_id__startswith="VCID-")):
vulnerability.vulnerability_id = get_vcid()
vulnerability.save()

operations = [
migrations.RunPython(save_vulnerability_id, migrations.RunPython.noop)
]
19 changes: 10 additions & 9 deletions vulnerabilities/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,14 @@
import hashlib
import json
import logging
import uuid

import shortuuid
from django.conf import settings
from django.core.exceptions import ValidationError
from django.core.validators import MaxValueValidator
from django.core.validators import MinValueValidator
from django.db import models
from django.dispatch import receiver
from django.utils.http import int_to_base36
from packageurl import PackageURL
from packageurl.contrib.django.models import PackageURLMixin
from rest_framework.authtoken.models import Token
Expand All @@ -32,6 +31,13 @@
logger = logging.getLogger(__name__)


def get_vcid():
short_id = shortuuid.ShortUUID().random(length=10)
assert len(short_id) == 10
short_id = short_id[:5] + "-" + short_id[5:]
return f"VCID-{short_id}"


class Vulnerability(models.Model):
"""
A software vulnerability with minimal information. Unique identifiers are
Expand All @@ -42,8 +48,9 @@ class Vulnerability(models.Model):
unique=True,
blank=True,
max_length=20,
default=get_vcid,
help_text="Unique identifier for a vulnerability in the external representation. "
"It is prefixed with VULCOID-",
"It is prefixed with VCID-",
)

summary = models.TextField(
Expand All @@ -59,12 +66,6 @@ class Vulnerability(models.Model):
through="PackageRelatedVulnerability",
)

def save(self, *args, **kwargs):
super().save(*args, **kwargs)
if not self.vulnerability_id:
self.vulnerability_id = f"VULCOID-{int_to_base36(self.id).upper()}"
super().save(update_fields=["vulnerability_id"])

@property
def vulnerable_to(self):
"""
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,16 +84,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-fe0c3d75-204c-4e5d-a7f7-b89f1605e6a1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/vulnerabilities.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-fe0c3d75-204c-4e5d-a7f7-b89f1605e6a1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
8 changes: 4 additions & 4 deletions vulnerabilities/templates/vulnerability.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@
<div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<div>Search for comprehensive information for a <span class="inline-code">VCID</span> (VulnerableCode ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
<ul>
<li>
Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
Search for a specific <span class="inline-code">VCID</span> (e.g., "VCID-fe0c3d75-204c-4e5d-a7f7-b89f1605e6a1").
</li>
<li>
Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
Search for all <span class="inline-code">VCID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
</li>
<li>
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VCID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
</li>
</ul>
</div>
Expand Down
27 changes: 27 additions & 0 deletions vulnerabilities/tests/0020_alter_vulnerability_vulnerability_id.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Generated by Django 4.0.4 on 2022-09-05 11:40

from django.db import migrations
from django.db import models

import vulnerabilities.models


class Migration(migrations.Migration):

dependencies = [
("vulnerabilities", "0019_alter_vulnerabilityreference_options"),
]

operations = [
migrations.AlterField(
model_name="vulnerability",
name="vulnerability_id",
field=models.CharField(
blank=True,
default=vulnerabilities.models.get_vcid,
help_text="Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-",
max_length=15,
unique=True,
),
),
]
14 changes: 7 additions & 7 deletions vulnerabilities/tests/test_fix_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ def test_api_with_single_vulnerability(self):
).data
assert response == {
"url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
"vulnerability_id": self.vulnerability.vulnerability_id,
"summary": "test",
"aliases": [],
"fixed_packages": [
Expand All @@ -84,7 +84,7 @@ def test_api_with_single_vulnerability_with_filters(self):
).data
assert response == {
"url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vulnerability.id).upper()}",
"vulnerability_id": self.vulnerability.vulnerability_id,
"summary": "test",
"aliases": [],
"fixed_packages": [
Expand Down Expand Up @@ -182,7 +182,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"affected_by_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
"vulnerability_id": self.vuln1.vulnerability_id,
"summary": "test-vuln1",
"references": [],
"fixed_packages": [],
Expand All @@ -191,7 +191,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"fixing_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand All @@ -206,7 +206,7 @@ def test_api_with_single_vulnerability_and_fixed_package(self):
"unresolved_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln1.id).upper()}",
"vulnerability_id": self.vuln1.vulnerability_id,
"summary": "test-vuln1",
"references": [],
"fixed_packages": [],
Expand All @@ -228,7 +228,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
"affected_by_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand All @@ -244,7 +244,7 @@ def test_api_with_single_vulnerability_and_vulnerable_package(self):
"unresolved_vulnerabilities": [
{
"url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
"vulnerability_id": f"VULCOID-{int_to_base36(self.vuln.id).upper()}",
"vulnerability_id": self.vuln.vulnerability_id,
"summary": "test-vuln",
"references": [],
"fixed_packages": [
Expand Down

0 comments on commit bef49a2

Please sign in to comment.