Add vulnerabilities_risk_threshold to the DataspaceConfiguration mo…

…del #97 Signed-off-by: tdruez <tdruez@nexb.com>
aboutcode-org · Dec 13, 2024 · 2ea7f70 · 2ea7f70
1 parent 53dac9b
commit 2ea7f70
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 3 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -53,6 +53,10 @@ Release notes
   new `data` dict.
   https://github.com/aboutcode-org/dejacode/issues/202
 
+- Add `vulnerabilities_risk_threshold` field to the DataspaceConfiguration model.
+  This threshold helps prioritize and control the level of attention to vulnerabilities.
+  https://github.com/aboutcode-org/dejacode/issues/97
+
 ### Version 5.2.1
 
 - Fix the models documentation navigation.

diff --git a/dje/admin.py b/dje/admin.py
@@ -1077,6 +1077,7 @@ class DataspaceConfigurationInline(DataspacedFKMixin, admin.StackedInline):
         "scancodeio_api_key",
         "vulnerablecode_url",
         "vulnerablecode_api_key",
+        "vulnerabilities_risk_threshold",
         "purldb_url",
         "purldb_api_key",
     ]

diff --git a/dje/migrations/0005_dataspaceconfiguration_vulnerabilities_risk_threshold.py b/dje/migrations/0005_dataspaceconfiguration_vulnerabilities_risk_threshold.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.0.9 on 2024-12-13 08:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dje', '0004_dataspace_vulnerabilities_updated_at'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='dataspaceconfiguration',
+            name='vulnerabilities_risk_threshold',
+            field=models.DecimalField(blank=True, decimal_places=1, help_text='Enter a risk value between 0.0 and 10.0. This threshold helps prioritize and control the level of attention to vulnerabilities.', max_digits=3, null=True),
+        ),
+    ]
diff --git a/dje/models.py b/dje/models.py
@@ -473,6 +473,17 @@ class DataspaceConfiguration(models.Model):
         ),
     )
 
+    vulnerabilities_risk_threshold = models.DecimalField(
+        null=True,
+        blank=True,
+        max_digits=3,
+        decimal_places=1,
+        help_text=_(
+            "Enter a risk value between 0.0 and 10.0. This threshold helps prioritize "
+            "and control the level of attention to vulnerabilities."
+        ),
+    )
+
     purldb_url = models.URLField(
         _("PurlDB URL"),
         max_length=1024,

diff --git a/product_portfolio/models.py b/product_portfolio/models.py
@@ -515,7 +515,7 @@ def fetch_vulnerabilities(self):
         """Fetch and update the vulnerabilties of all the Package of this Product."""
         return fetch_for_packages(self.all_packages, self.dataspace)
 
-    def get_vulnerability_qs(self, prefetch_related_packages=False):
+    def get_vulnerability_qs(self, prefetch_related_packages=False, risk_threshold=None):
         """Return a QuerySet of all Vulnerability instances related to this product"""
         from vulnerabilities.models import Vulnerability
         from vulnerabilities.models import VulnerabilityAnalysis
@@ -524,6 +524,9 @@ def get_vulnerability_qs(self, prefetch_related_packages=False):
             affected_packages__in=self.packages.all()
         ).distinct()
 
+        if risk_threshold:
+            vulnerability_qs = vulnerability_qs.filter(risk_score__gte=risk_threshold)
+
         if prefetch_related_packages:
             package_qs = Package.objects.filter(product=self).only_rendering_fields()
             analysis_qs = VulnerabilityAnalysis.objects.filter(product=self).select_related(

diff --git a/product_portfolio/views.py b/product_portfolio/views.py
@@ -1151,9 +1151,14 @@ class ProductTabVulnerabilitiesView(
 
     def get_context_data(self, **kwargs):
         product = self.object
-        total_count = product.get_vulnerability_qs().count()
+        dataspace = self.object.dataspace
+        risk_threshold = dataspace.get_configuration("vulnerabilities_risk_threshold")
+
+        total_count = product.get_vulnerability_qs(risk_threshold=risk_threshold).count()
         vulnerability_qs = (
-            product.get_vulnerability_qs(prefetch_related_packages=True)
+            product.get_vulnerability_qs(
+                prefetch_related_packages=True, risk_threshold=risk_threshold
+            )
             .annotate(affected_packages_count=Count("affected_packages"))
             .order_by_risk()
         )
@@ -1189,6 +1194,7 @@ def get_context_data(self, **kwargs):
                 "page_obj": page_obj,
                 "total_count": total_count,
                 "search_query": self.request.GET.get("vulnerabilities-q", ""),
+                "risk_threshold": risk_threshold,
             }
         )