Add new models

Signed-off-by: Tushar Goel <[email protected]>

Author: TG1999

vulnerabilities/admin.py

@@ -13,7 +13,6 @@
 
 from vulnerabilities.models import ApiUser
 from vulnerabilities.models import Package
-from vulnerabilities.models import PackageRelatedVulnerability
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityReference
 from vulnerabilities.models import VulnerabilitySeverity
@@ -35,12 +34,6 @@ class PackageAdmin(admin.ModelAdmin):
     search_fields = ["name"]
 
 
-@admin.register(PackageRelatedVulnerability)
-class PackageRelatedVulnerabilityAdmin(admin.ModelAdmin):
-    list_filter = ("package__type", "package__namespace")
-    search_fields = ["vulnerability__vulnerability_id", "package__name"]
-
-
 @admin.register(VulnerabilitySeverity)
 class VulnerabilitySeverityAdmin(admin.ModelAdmin):
     pass

vulnerabilities/api.py

@@ -287,7 +287,7 @@ def get_fixed_packages(self, package):
                 type=package.type,
                 qualifiers=package.qualifiers,
                 subpath=package.subpath,
-                packagerelatedvulnerability__fix=True,
+                fixingpackagerelatedvulnerability__isnull=False,
             )
             .with_is_vulnerable()
             .distinct()
@@ -300,10 +300,13 @@ def get_vulnerabilities_for_a_package(self, package, fix) -> dict:
         otherwise return vulnerabilities fixed by the `package`.
         """
         fixed_packages = self.get_fixed_packages(package=package)
-        qs = package.vulnerabilities.filter(packagerelatedvulnerability__fix=fix)
+        if fix:
+            qs = package.affected_by_vulnerabilities.all()
+        else:
+            qs = package.fixing_vulnerabilities.all()
         qs = qs.prefetch_related(
             Prefetch(
-                "packages",
+                "fixed_by_packages",
                 queryset=fixed_packages,
                 to_attr="filtered_fixed_packages",
             )
@@ -372,7 +375,6 @@ class Meta:
             "qualifiers",
             "subpath",
             "purl",
-            "packagerelatedvulnerability__fix",
         ]
 
     def filter_purl(self, queryset, name, value):
@@ -590,7 +592,7 @@ def get_fixed_packages_qs(self):
         Filter the packages that fixes a vulnerability
         on fields like name, namespace and type.
         """
-        return self.get_packages_qs().filter(packagerelatedvulnerability__fix=True)
+        return self.get_packages_qs().filter(fixingpackagerelatedvulnerability__isnull=False).with_is_vulnerable()
 
     def get_packages_qs(self):
         """
@@ -613,16 +615,16 @@ def get_queryset(self):
             super()
             .get_queryset()
             .prefetch_related(
-                Prefetch(
-                    "packages",
-                    queryset=self.get_packages_qs(),
-                ),
+                # Prefetch(
+                #     "packages",
+                #     queryset=self.get_packages_qs(),
+                # ),
                 "weaknesses",
-                Prefetch(
-                    "packages",
-                    queryset=self.get_fixed_packages_qs(),
-                    to_attr="filtered_fixed_packages",
-                ),
+                # Prefetch(
+                #     "fixed_by_packages",
+                #     queryset=self.get_fixed_packages_qs(),
+                #     to_attr="filtered_fixed_packages",
+                # ),
             )
         )
 

vulnerabilities/import_runner.py

@@ -23,7 +23,6 @@
 from vulnerabilities.models import Advisory
 from vulnerabilities.models import Alias
 from vulnerabilities.models import Package
-from vulnerabilities.models import PackageRelatedVulnerability
 from vulnerabilities.models import Vulnerability
 from vulnerabilities.models import VulnerabilityChangeLog
 from vulnerabilities.models import VulnerabilityReference
@@ -211,22 +210,20 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver
 
         for affected_purl in inference.affected_purls or []:
             vulnerable_package, _ = Package.objects.get_or_create_from_purl(purl=affected_purl)
-            PackageRelatedVulnerability(
+            AffectedByPackageRelatedVulnerability(
                 vulnerability=vulnerability,
                 package=vulnerable_package,
                 created_by=improver_name,
                 confidence=inference.confidence,
-                fix=False,
             ).update_or_create(advisory=advisory)
 
         if inference.fixed_purl:
             fixed_package, _ = Package.objects.get_or_create_from_purl(purl=inference.fixed_purl)
-            PackageRelatedVulnerability(
+            FixingPackageRelatedVulnerability(
                 vulnerability=vulnerability,
                 package=fixed_package,
                 created_by=improver_name,
                 confidence=inference.confidence,
-                fix=True,
             ).update_or_create(advisory=advisory)
 
         if inference.weaknesses and vulnerability:

vulnerabilities/improve_runner.py

@@ -135,12 +135,11 @@ def process_inferences(
             vulnerable_package, created = Package.objects.get_or_create_from_purl(
                 purl=affected_purl
             )
-            PackageRelatedVulnerability(
+            AffectedByPackageRelatedVulnerability(
                 vulnerability=vulnerability,
                 package=vulnerable_package,
                 created_by=improver_name,
                 confidence=inference.confidence,
-                fix=False,
             ).update_or_create(
                 advisory=advisory,
             )

vulnerabilities/migrations/0071_auto_20241007_1044.py

@@ -0,0 +1,58 @@
+from django.db import migrations, models
+import django.db.models.deletion
+from django.core.validators import MaxValueValidator, MinValueValidator
+from vulnerabilities.improver import MAX_CONFIDENCE
+
+def split_packagerelatedvulnerability(apps, schema_editor):
+    PackageRelatedVulnerability = apps.get_model('vulnerabilities', 'PackageRelatedVulnerability')
+    FixingPackageRelatedVulnerability = apps.get_model('vulnerabilities', 'FixingPackageRelatedVulnerability')
+    AffectedByPackageRelatedVulnerability = apps.get_model('vulnerabilities', 'AffectedByPackageRelatedVulnerability')
+
+    for prv in PackageRelatedVulnerability.objects.all():
+        if prv.fix:
+            FixingPackageRelatedVulnerability.objects.create(
+                package=prv.package,
+                vulnerability=prv.vulnerability,
+                created_by=prv.created_by,
+                confidence=prv.confidence,
+            )
+        else:
+            AffectedByPackageRelatedVulnerability.objects.create(
+                package=prv.package,
+                vulnerability=prv.vulnerability,
+                created_by=prv.created_by,
+                confidence=prv.confidence,
+            )
+
+def reverse_migration(apps, schema_editor):
+    FixingPackageRelatedVulnerability = apps.get_model('vulnerabilities', 'FixingPackageRelatedVulnerability')
+    AffectedByPackageRelatedVulnerability = apps.get_model('vulnerabilities', 'AffectedByPackageRelatedVulnerability')
+    PackageRelatedVulnerability = apps.get_model('vulnerabilities', 'PackageRelatedVulnerability')
+
+    for fpv in FixingPackageRelatedVulnerability.objects.all():
+        PackageRelatedVulnerability.objects.create(
+            package=fpv.package,
+            vulnerability=fpv.vulnerability,
+            created_by=fpv.created_by,
+            confidence=fpv.confidence,
+            fix=True,
+        )
+
+    for apv in AffectedByPackageRelatedVulnerability.objects.all():
+        PackageRelatedVulnerability.objects.create(
+            package=apv.package,
+            vulnerability=apv.vulnerability,
+            created_by=apv.created_by,
+            confidence=apv.confidence,
+            fix=False,
+        )
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0070_alter_advisory_created_by_and_more"),
+    ]
+
+    operations = [
+        migrations.RunPython(split_packagerelatedvulnerability, reverse_migration),
+    ]

vulnerabilities/migrations/0072_remove_package_vulnerabilities.py

@@ -0,0 +1,17 @@
+# Generated by Django 4.2.15 on 2024-10-07 10:52
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0071_auto_20241007_1044"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="package",
+            name="vulnerabilities",
+        ),
+    ]

vulnerabilities/migrations/0073_remove_vulnerability_packages_and_more.py

@@ -0,0 +1,26 @@
+# Generated by Django 4.2.15 on 2024-10-07 10:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0072_remove_package_vulnerabilities"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="vulnerability",
+            name="packages",
+        ),
+        migrations.AddField(
+            model_name="vulnerability",
+            name="affecting_packages",
+            field=models.ManyToManyField(
+                related_name="affected_by_vulnerabilities",
+                through="vulnerabilities.AffectedByPackageRelatedVulnerability",
+                to="vulnerabilities.package",
+            ),
+        ),
+    ]

vulnerabilities/migrations/0074_vulnerability_fixed_by_packages.py

@@ -0,0 +1,22 @@
+# Generated by Django 4.2.15 on 2024-10-07 11:09
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0073_remove_vulnerability_packages_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="vulnerability",
+            name="fixed_by_packages",
+            field=models.ManyToManyField(
+                related_name="fixing_vulnerabilities",
+                through="vulnerabilities.FixingPackageRelatedVulnerability",
+                to="vulnerabilities.package",
+            ),
+        ),
+    ]

vulnerabilities/migrations/0075_package_affected_by_vulnerabilities_and_more.py

@@ -0,0 +1,29 @@
+# Generated by Django 4.2.15 on 2024-10-07 11:39
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0074_vulnerability_fixed_by_packages"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="package",
+            name="affected_by_vulnerabilities",
+            field=models.ManyToManyField(
+                through="vulnerabilities.AffectedByPackageRelatedVulnerability",
+                to="vulnerabilities.vulnerability",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerability",
+            name="affecting_packages",
+            field=models.ManyToManyField(
+                through="vulnerabilities.AffectedByPackageRelatedVulnerability",
+                to="vulnerabilities.package",
+            ),
+        ),
+    ]