feat(finding): copy finding fix + autodetected vulnerability id type + uniqueness constraint#15145
Open
valentijnscholten wants to merge 1 commit into
Open
Conversation
Member
Author
|
Sibling PR (independent split): #15143 — multiple CWEs per finding. |
…aint Adds Vulnerability_Id.vulnerability_id_type, autodetected from the id's leading prefix (CVE-2024-1234 -> CVE, GHSA-... -> GHSA), stored and indexed so identifiers can be filtered/grouped by type. Populated on import (bulk) and on save(); existing rows backfilled by migration. Also de-duplicates (finding, vulnerability_id) rows and adds a unique constraint on the pair. CWE is a weakness class and is intentionally NOT part of this change; vulnerability_id_type does not participate in hash_code, so existing hash codes and deduplication are unaffected. Migrations: 0276 (type column + lookup index), 0277 (dedupe + backfill, data), 0278 (unique constraint).
5506d52 to
c356327
Compare
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds an autodetected type to each vulnerability identifier, and a uniqueness constraint on
(finding, vulnerability_id).Vulnerability_Idgains avulnerability_id_typefield, autodetected from the identifier's leading prefix — the part before the first-:CVE-2024-1234→CVE,GHSA-…→GHSA,RUSTSEC-2021-0001→RUSTSEC,ALINUX2-SA-…→ALINUX2. It is derived structurally (no registry) and isNULLwhen there is no non-numeric prefix (bare numbers / UUIDs / no dash). The column is indexed so identifiers can be filtered and grouped by type efficiently.save()/get_or_create(via asave()override). Existing rows are backfilled by the migration.(finding, vulnerability_id). Pre-existing duplicate rows (unintended) are consolidated first (keeping the earliest) so the constraint can be created.vulnerability_id_typeis a denormalized, derived attribute — it does not participate inhash_code, so existing hash codes and deduplication are unaffected by this change.Migrations
0276_vulnerability_id_type— adds the indexedvulnerability_id_typecolumn and a leading index onvulnerability_id.0277_backfill_vulnerability_id_type— backfillsvulnerability_id_typefor existing rows and removes duplicate(finding, vulnerability_id)rows (keeping the earliest).0278_unique_finding_vulnerability_id— adds the unique constraint on(finding, vulnerability_id).Test results
unittests/test_vulnerability_id_type.pycovers prefix autodetection, thatsave()and the bulk import path populate the type, and that the uniqueness constraint is enforced.Documentation
docs/content/releases/os_upgrading/3.2.md.Checklist
dev.dev.dojo/db_migrations.