diff --git a/setup.cfg b/setup.cfg index aca9f557e..daad670d9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -78,6 +78,7 @@ install_requires = defusedxml>=0.7.1 Markdown>=3.3.0 dateparser>=1.1.1 + shortuuid>=1.0.0 # networking GitPython>=3.1.17 diff --git a/vulnerabilities/migrations/0022_alter_vulnerability_vulnerability_id.py b/vulnerabilities/migrations/0022_alter_vulnerability_vulnerability_id.py new file mode 100644 index 000000000..d923ac91c --- /dev/null +++ b/vulnerabilities/migrations/0022_alter_vulnerability_vulnerability_id.py @@ -0,0 +1,19 @@ +# Generated by Django 4.0.4 on 2022-09-06 11:22 + +from django.db import migrations, models +import vulnerabilities.models + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0021_alter_vulnerabilityreference_url'), + ] + + operations = [ + migrations.AlterField( + model_name='vulnerability', + name='vulnerability_id', + field=models.CharField(blank=True, default=vulnerabilities.models.get_vcid, help_text='Unique identifier for a vulnerability in the external representation. It is prefixed with VCID-', max_length=20, unique=True), + ), + ] diff --git a/vulnerabilities/migrations/0023_vcid_migration.py b/vulnerabilities/migrations/0023_vcid_migration.py new file mode 100644 index 000000000..da14f51fc --- /dev/null +++ b/vulnerabilities/migrations/0023_vcid_migration.py @@ -0,0 +1,21 @@ +from django.db import migrations +from django.db.models import Q + +from vulnerabilities.models import get_vcid + + +class Migration(migrations.Migration): + + dependencies = [ + ('vulnerabilities', '0022_alter_vulnerability_vulnerability_id'), + ] + + def save_vulnerability_id(apps, schema_editor): + Vulnerabilities = apps.get_model("vulnerabilities", "Vulnerability") + for vulnerability in Vulnerabilities.objects.filter(~Q(vulnerability_id__startswith="VCID-")): + vulnerability.vulnerability_id = get_vcid() + vulnerability.save() + + operations = [ + migrations.RunPython(save_vulnerability_id, migrations.RunPython.noop) + ] diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py index bd77d304f..5ef35e9d5 100644 --- a/vulnerabilities/models.py +++ b/vulnerabilities/models.py @@ -10,15 +10,14 @@ import hashlib import json import logging -import uuid +import shortuuid from django.conf import settings from django.core.exceptions import ValidationError from django.core.validators import MaxValueValidator from django.core.validators import MinValueValidator from django.db import models from django.dispatch import receiver -from django.utils.http import int_to_base36 from packageurl import PackageURL from packageurl.contrib.django.models import PackageURLMixin from rest_framework.authtoken.models import Token @@ -32,6 +31,13 @@ logger = logging.getLogger(__name__) +def get_vcid(): + short_id = shortuuid.ShortUUID().random(length=10) + assert len(short_id) == 10 + short_id = short_id[:5] + "-" + short_id[5:] + return f"VCID-{short_id}" + + class Vulnerability(models.Model): """ A software vulnerability with minimal information. Unique identifiers are @@ -42,8 +48,9 @@ class Vulnerability(models.Model): unique=True, blank=True, max_length=20, + default=get_vcid, help_text="Unique identifier for a vulnerability in the external representation. " - "It is prefixed with VULCOID-", + "It is prefixed with VCID-", ) summary = models.TextField( @@ -59,12 +66,6 @@ class Vulnerability(models.Model): through="PackageRelatedVulnerability", ) - def save(self, *args, **kwargs): - super().save(*args, **kwargs) - if not self.vulnerability_id: - self.vulnerability_id = f"VULCOID-{int_to_base36(self.id).upper()}" - super().save(update_fields=["vulnerability_id"]) - @property def vulnerable_to(self): """ diff --git a/vulnerabilities/templates/index.html b/vulnerabilities/templates/index.html index dbe122ebb..ee67279d3 100644 --- a/vulnerabilities/templates/index.html +++ b/vulnerabilities/templates/index.html @@ -84,16 +84,16 @@