Skip to content

Commit 9933581

Browse files
TG1999TG1999
committed
Add migrations
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
1 parent f3d5202 commit 9933581

2 files changed

Lines changed: 251 additions & 1 deletion

File tree

vulnerabilities/migrations/0092_advisoryalias_advisoryreference_advisoryseverity_and_more.py

Lines changed: 251 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,251 @@
1+
# Generated by Django 4.2.20 on 2025-04-24 09:58
2+
3+
from django.db import migrations, models
4+
5+
6+
class Migration(migrations.Migration):
7+
8+
dependencies = [
9+
("vulnerabilities", "0091_alter_advisory_unique_together_and_more"),
10+
]
11+
12+
operations = [
13+
migrations.CreateModel(
14+
name="AdvisoryAlias",
15+
fields=[
16+
(
17+
"id",
18+
models.AutoField(
19+
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
20+
),
21+
),
22+
(
23+
"alias",
24+
models.CharField(
25+
help_text="An alias is a unique vulnerability identifier in some database, such as CVE-2020-2233",
26+
max_length=50,
27+
unique=True,
28+
),
29+
),
30+
],
31+
options={
32+
"ordering": ["alias"],
33+
},
34+
),
35+
migrations.CreateModel(
36+
name="AdvisoryReference",
37+
fields=[
38+
(
39+
"id",
40+
models.AutoField(
41+
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
42+
),
43+
),
44+
(
45+
"url",
46+
models.URLField(
47+
help_text="URL to the vulnerability reference", max_length=1024, unique=True
48+
),
49+
),
50+
(
51+
"reference_type",
52+
models.CharField(
53+
blank=True,
54+
choices=[
55+
("advisory", "Advisory"),
56+
("exploit", "Exploit"),
57+
("mailing_list", "Mailing List"),
58+
("bug", "Bug"),
59+
("other", "Other"),
60+
],
61+
max_length=20,
62+
),
63+
),
64+
(
65+
"reference_id",
66+
models.CharField(
67+
blank=True,
68+
db_index=True,
69+
help_text="An optional reference ID, such as DSA-4465-1 when available",
70+
max_length=200,
71+
),
72+
),
73+
],
74+
options={
75+
"ordering": ["reference_id", "url", "reference_type"],
76+
},
77+
),
78+
migrations.CreateModel(
79+
name="AdvisorySeverity",
80+
fields=[
81+
(
82+
"id",
83+
models.AutoField(
84+
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
85+
),
86+
),
87+
(
88+
"url",
89+
models.URLField(
90+
db_index=True,
91+
help_text="URL to the vulnerability severity",
92+
max_length=1024,
93+
null=True,
94+
),
95+
),
96+
(
97+
"scoring_system",
98+
models.CharField(
99+
choices=[
100+
("cvssv2", "CVSSv2 Base Score"),
101+
("cvssv3", "CVSSv3 Base Score"),
102+
("cvssv3.1", "CVSSv3.1 Base Score"),
103+
("cvssv4", "CVSSv4 Base Score"),
104+
("rhbs", "RedHat Bugzilla severity"),
105+
("rhas", "RedHat Aggregate severity"),
106+
("archlinux", "Archlinux Vulnerability Group Severity"),
107+
("cvssv3.1_qr", "CVSSv3.1 Qualitative Severity Rating"),
108+
("generic_textual", "Generic textual severity rating"),
109+
("apache_httpd", "Apache Httpd Severity"),
110+
("apache_tomcat", "Apache Tomcat Severity"),
111+
("epss", "Exploit Prediction Scoring System"),
112+
("ssvc", "Stakeholder-Specific Vulnerability Categorization"),
113+
],
114+
help_text="Identifier for the scoring system used. Available choices are: cvssv2: CVSSv2 Base Score,\ncvssv3: CVSSv3 Base Score,\ncvssv3.1: CVSSv3.1 Base Score,\ncvssv4: CVSSv4 Base Score,\nrhbs: RedHat Bugzilla severity,\nrhas: RedHat Aggregate severity,\narchlinux: Archlinux Vulnerability Group Severity,\ncvssv3.1_qr: CVSSv3.1 Qualitative Severity Rating,\ngeneric_textual: Generic textual severity rating,\napache_httpd: Apache Httpd Severity,\napache_tomcat: Apache Tomcat Severity,\nepss: Exploit Prediction Scoring System,\nssvc: Stakeholder-Specific Vulnerability Categorization ",
115+
max_length=50,
116+
),
117+
),
118+
(
119+
"value",
120+
models.CharField(help_text="Example: 9.0, Important, High", max_length=50),
121+
),
122+
(
123+
"scoring_elements",
124+
models.CharField(
125+
help_text="Supporting scoring elements used to compute the score values. For example a CVSS vector string as used to compute a CVSS score.",
126+
max_length=150,
127+
null=True,
128+
),
129+
),
130+
(
131+
"published_at",
132+
models.DateTimeField(
133+
blank=True,
134+
help_text="UTC Date of publication of the vulnerability severity",
135+
null=True,
136+
),
137+
),
138+
],
139+
options={
140+
"ordering": ["url", "scoring_system", "value"],
141+
},
142+
),
143+
migrations.CreateModel(
144+
name="AdvisoryWeakness",
145+
fields=[
146+
(
147+
"id",
148+
models.AutoField(
149+
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
150+
),
151+
),
152+
("cwe_id", models.IntegerField(help_text="CWE id")),
153+
],
154+
),
155+
migrations.CreateModel(
156+
name="AdvisoryV2",
157+
fields=[
158+
(
159+
"id",
160+
models.AutoField(
161+
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
162+
),
163+
),
164+
(
165+
"advisory_id",
166+
models.CharField(
167+
help_text="An advisory is a unique vulnerability identifier in some database, such as CVE-2020-2233",
168+
max_length=50,
169+
),
170+
),
171+
(
172+
"unique_content_id",
173+
models.CharField(
174+
help_text="A 64 character unique identifier for the content of the advisory since we use sha256 as hex",
175+
max_length=64,
176+
unique=True,
177+
),
178+
),
179+
("summary", models.TextField(blank=True)),
180+
(
181+
"affected_packages",
182+
models.JSONField(
183+
blank=True,
184+
default=list,
185+
help_text="A list of serializable AffectedPackage objects",
186+
),
187+
),
188+
(
189+
"date_published",
190+
models.DateTimeField(
191+
blank=True, help_text="UTC Date of publication of the advisory", null=True
192+
),
193+
),
194+
(
195+
"date_collected",
196+
models.DateTimeField(help_text="UTC Date on which the advisory was collected"),
197+
),
198+
(
199+
"date_imported",
200+
models.DateTimeField(
201+
blank=True,
202+
help_text="UTC Date on which the advisory was imported",
203+
null=True,
204+
),
205+
),
206+
(
207+
"created_by",
208+
models.CharField(
209+
help_text="Fully qualified name of the importer prefixed with themodule name importing the advisory. Eg:vulnerabilities.pipeline.nginx_importer.NginxImporterPipeline",
210+
max_length=100,
211+
),
212+
),
213+
("url", models.URLField(help_text="Link to the advisory on the upstream website")),
214+
(
215+
"aliases",
216+
models.ManyToManyField(
217+
help_text="A list of serializable Alias objects",
218+
related_name="advisories",
219+
to="vulnerabilities.advisoryalias",
220+
),
221+
),
222+
(
223+
"references",
224+
models.ManyToManyField(
225+
help_text="A list of serializable Reference objects",
226+
related_name="advisories",
227+
to="vulnerabilities.advisoryreference",
228+
),
229+
),
230+
(
231+
"severities",
232+
models.ManyToManyField(
233+
help_text="A list of vulnerability severities associated with this advisory.",
234+
related_name="advisories",
235+
to="vulnerabilities.advisoryseverity",
236+
),
237+
),
238+
(
239+
"weaknesses",
240+
models.ManyToManyField(
241+
help_text="A list of software weaknesses associated with this advisory.",
242+
related_name="advisories",
243+
to="vulnerabilities.advisoryweakness",
244+
),
245+
),
246+
],
247+
options={
248+
"ordering": ["date_published", "unique_content_id"],
249+
},
250+
),
251+
]

vulnerabilities/models.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1862,7 +1862,6 @@ class AdvisoryWeakness(models.Model):
18621862
"""
18631863

18641864
cwe_id = models.IntegerField(help_text="CWE id")
1865-
vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
18661865

18671866
cwe_by_id = {}
18681867

0 commit comments

Comments
 (0)