Skip to content

Commit

Permalink
Update risk scores in create_vulnerabilities #102
Browse files Browse the repository at this point in the history 
Signed-off-by: tdruez <[email protected]>
  • Loading branch information
@tdruez
tdruez committed Dec 27, 2024
1 parent fa5ab40 commit da1d1d6
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 1 deletion.
2 changes: 1 addition & 1 deletion product_portfolio/tests/test_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,7 @@ def test_product_portfolio_tab_vulnerability_view_analysis_rendering(self):
product1 = make_product(self.dataspace)
product_package1 = make_product_package(product1, package=p1)
make_product_package(product1, package=p2)
analysis1 = make_vulnerability_analysis(product_package1, vulnerability1)
make_vulnerability_analysis(product_package1, vulnerability1)

url = product1.get_url("tab_vulnerabilities")
response = self.client.get(url)
Expand Down
6 changes: 6 additions & 0 deletions vulnerabilities/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,8 @@ def fetch_vulnerabilities(self):
self.create_vulnerabilities(vulnerabilities_data=affected_by_vulnerabilities)

def create_vulnerabilities(self, vulnerabilities_data):
from component_catalog.models import Package

vulnerabilities = []
vulnerability_qs = Vulnerability.objects.scope(self.dataspace)

Expand All @@ -480,6 +482,10 @@ def create_vulnerabilities(self, vulnerabilities_data):
through_defaults = {"dataspace_id": self.dataspace_id}
self.affected_by_vulnerabilities.add(*vulnerabilities, through_defaults=through_defaults)

self.update(risk_score=vulnerability_data["risk_score"])
if isinstance(self, Package):
self.productpackages.update_weighted_risk_score()


class VulnerabilityAnalysis(
VulnerabilityAnalysisMixin,
Expand Down
4 changes: 4 additions & 0 deletions vulnerabilities/tests/test_models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,13 +82,17 @@ def test_vulnerability_mixin_create_vulnerabilities(self):
vulnerabilities_data = response_json["results"][0]["affected_by_vulnerabilities"]

package1 = make_package(self.dataspace, package_url="pkg:pypi/[email protected]")
product1 = make_product(self.dataspace, inventory=[package1])
package1.create_vulnerabilities(vulnerabilities_data)

self.assertEqual(1, Vulnerability.objects.scope(self.dataspace).count())
self.assertEqual(1, package1.affected_by_vulnerabilities.count())
vulnerability = package1.affected_by_vulnerabilities.get()
self.assertEqual("VCID-j3au-usaz-aaag", vulnerability.vulnerability_id)

self.assertEqual(8.4, package1.risk_score)
self.assertEqual("8.4", str(product1.productpackages.get().weighted_risk_score))

def test_vulnerability_model_affected_packages_m2m(self):
package1 = make_package(self.dataspace)
vulnerability1 = make_vulnerability(dataspace=self.dataspace, affecting=package1)
Expand Down

0 comments on commit da1d1d6

Please sign in to comment.