Percolate status CPE context into vulnerability endpoint.

Fully perform a query to find "related" SBOMs to a vulnerability via advisory status. Related is any status other than "not_affected" due to the extreme amount of noise produced by including that status. For an example of the current output at the time of this commit from the /api/v1/vulnerability/{identifier} endpoint, see https://gist.github.com/bobmcwhirter/9bd690ec6f603d28e1c04376fbb8063d
trustification · Jul 9, 2024 · 388d7dd · 388d7dd
1 parent 28863f3
commit 388d7dd
Show file tree

Hide file tree

Showing 12 changed files with 27,113 additions and 38 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/entity/src/advisory_vulnerability.rs b/entity/src/advisory_vulnerability.rs
@@ -1,4 +1,4 @@
-use crate::{advisory, cvss3, vulnerability};
+use crate::{advisory, cvss3, purl_status, vulnerability};
 use sea_orm::entity::prelude::*;
 use time::OffsetDateTime;
 
@@ -33,6 +33,9 @@ pub enum Relation {
 
     #[sea_orm(has_many = "super::cvss3::Entity")]
     Cvss3,
+
+    #[sea_orm(has_many = "super::purl_status::Entity")]
+    PurlStatus,
 }
 
 impl Related<advisory::Entity> for Entity {
@@ -53,4 +56,10 @@ impl Related<cvss3::Entity> for Entity {
     }
 }
 
+impl Related<purl_status::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::PurlStatus.def()
+    }
+}
+
 impl ActiveModelBehavior for ActiveModel {}
diff --git a/entity/src/purl_status.rs b/entity/src/purl_status.rs
@@ -48,6 +48,18 @@ pub enum Relation {
 
     #[sea_orm(has_many = "super::versioned_purl::Entity")]
     VersionedPurl,
+
+    #[sea_orm(belongs_to = "super::advisory_vulnerability::Entity",
+        from = "(Column::AdvisoryId, Column::VulnerabilityId)"
+        to = "(super::advisory_vulnerability::Column::AdvisoryId, super::advisory_vulnerability::Column::VulnerabilityId)"
+    )]
+    AdvisoryVulnerability,
+
+    #[sea_orm(belongs_to = "super::cpe::Entity",
+        from = "Column::ContextCpeId"
+        to = "super::cpe::Column::Id"
+    )]
+    ContextCpe,
 }
 
 impl Related<version_range::Entity> for Entity {
@@ -86,4 +98,16 @@ impl Related<super::status::Entity> for Entity {
     }
 }
 
+impl Related<super::advisory_vulnerability::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::AdvisoryVulnerability.def()
+    }
+}
+
+impl Related<super::cpe::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::ContextCpe.def()
+    }
+}
+
 impl ActiveModelBehavior for ActiveModel {}