From 0dcf2fe53817526bfa43f20ccba79b6353f64b48 Mon Sep 17 00:00:00 2001
From: Indivar Mishra <indimishra@gmail.com>
Date: Thu, 27 Feb 2025 21:56:18 +0530
Subject: [PATCH] feat: VulnerabilityAnalysis properties for issued/updated
 datetime

add first_issued and last_updated to VulnerabilityAnalysis,
update test to verify this

Signed-off-by: Indivar Mishra <indimishra@gmail.com>
---
 cyclonedx/model/vulnerability.py              | 46 +++++++++++--------
 tests/_data/models.py                         |  6 ++-
 ...setuptools_with_vulnerability-1.5.json.bin |  2 +
 ..._setuptools_with_vulnerability-1.5.xml.bin |  2 +
 ...setuptools_with_vulnerability-1.6.json.bin |  2 +
 ..._setuptools_with_vulnerability-1.6.xml.bin |  2 +
 6 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/cyclonedx/model/vulnerability.py b/cyclonedx/model/vulnerability.py
index 9ad3d52f..eadf1e64 100644
--- a/cyclonedx/model/vulnerability.py
+++ b/cyclonedx/model/vulnerability.py
@@ -235,11 +235,15 @@ def __init__(
         justification: Optional[ImpactAnalysisJustification] = None,
         responses: Optional[Iterable[ImpactAnalysisResponse]] = None,
         detail: Optional[str] = None,
+        first_issued: Optional[datetime] = None,
+        last_updated: Optional[datetime] = None,
     ) -> None:
         self.state = state
         self.justification = justification
         self.responses = responses or []  # type:ignore[assignment]
         self.detail = detail
+        self.first_issued = first_issued
+        self.last_updated = last_updated
 
     @property
     @serializable.xml_sequence(1)
@@ -307,29 +311,33 @@ def detail(self) -> Optional[str]:
     def detail(self, detail: Optional[str]) -> None:
         self._detail = detail
 
-    # @property
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.xml_sequence(5)
-    # def first_issued(self) -> ...:
-    #     ...  # TODO since CDX 1.5
-    #
-    # @first_issued.setter
-    # def first_issued(self, ...) -> None:
-    #     ...  # TODO since CDX 1.5
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.type_mapping(serializable.helpers.XsdDateTime)
+    @serializable.xml_sequence(5)
+    def first_issued(self) -> Optional[datetime]:
+        return self._first_issued
 
-    # @property
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.xml_sequence(6)
-    # def last_updated(self) -> ...:
-    #     ...  # TODO since CDX 1.5
-    #
-    # @last_updated.setter
-    # def last_updated(self, ...) -> None:
-    #     ...  # TODO since CDX 1.5
+    @first_issued.setter
+    def first_issued(self, first_issue: Optional[datetime]) -> None:
+        self._first_issued = first_issue
+
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.type_mapping(serializable.helpers.XsdDateTime)
+    @serializable.xml_sequence(6)
+    def last_updated(self) -> Optional[datetime]:
+        return self._last_updated
+
+    @last_updated.setter
+    def last_updated(self, last_updated: Optional[datetime]) -> None:
+        self._last_updated = last_updated
 
     def __comparable_tuple(self) -> _ComparableTuple:
         return _ComparableTuple((
-            self.state, self.justification, tuple(self.responses), self.detail
+            self.state, self.justification, tuple(self.responses), self.detail, self.first_issued, self.last_updated
         ))
 
     def __eq__(self, other: object) -> bool:
diff --git a/tests/_data/models.py b/tests/_data/models.py
index a312178a..6a25c552 100644
--- a/tests/_data/models.py
+++ b/tests/_data/models.py
@@ -503,7 +503,11 @@ def get_bom_with_component_setuptools_with_vulnerability() -> Bom:
         )),
         analysis=VulnerabilityAnalysis(
             state=ImpactAnalysisState.EXPLOITABLE, justification=ImpactAnalysisJustification.REQUIRES_ENVIRONMENT,
-            responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail'
+            responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail',
+            first_issued=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+                                  tzinfo=timezone.utc),
+            last_updated=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+                                  tzinfo=timezone.utc)
         ),
         affects=[
             BomTarget(
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
index acfdf772..14b92331 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin
@@ -59,7 +59,9 @@
       ],
       "analysis": {
         "detail": "Some extra detail",
+        "firstIssued": "2018-09-01T10:50:42.051979+00:00",
         "justification": "requires_environment",
+        "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
         "response": [
           "can_not_fix"
         ],
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
index 719e696d..09e41d34 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin
@@ -120,6 +120,8 @@
           <response>can_not_fix</response>
         </responses>
         <detail>Some extra detail</detail>
+        <firstIssued>2018-09-01T10:50:42.051979+00:00</firstIssued>
+        <lastUpdated>2018-09-01T10:50:42.051979+00:00</lastUpdated>
       </analysis>
       <affects>
         <target>
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
index 0931367c..69742402 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin
@@ -59,7 +59,9 @@
       ],
       "analysis": {
         "detail": "Some extra detail",
+        "firstIssued": "2018-09-01T10:50:42.051979+00:00",
         "justification": "requires_environment",
+        "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
         "response": [
           "can_not_fix"
         ],
diff --git a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
index 9d46b7c0..36cb8aa0 100644
--- a/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
+++ b/tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin
@@ -126,6 +126,8 @@
           <response>can_not_fix</response>
         </responses>
         <detail>Some extra detail</detail>
+        <firstIssued>2018-09-01T10:50:42.051979+00:00</firstIssued>
+        <lastUpdated>2018-09-01T10:50:42.051979+00:00</lastUpdated>
       </analysis>
       <affects>
         <target>