Add vulnerabilities_risk_threshold to the Product model #97

Signed-off-by: tdruez <tdruez@nexb.com>
aboutcode-org · Dec 13, 2024 · 61a47e3 · 61a47e3
1 parent 2ea7f70
commit 61a47e3
Show file tree

Hide file tree

Showing 8 changed files with 54 additions and 8 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -53,7 +53,8 @@ Release notes
   new `data` dict.
   https://github.com/aboutcode-org/dejacode/issues/202
 
-- Add `vulnerabilities_risk_threshold` field to the DataspaceConfiguration model.
+- Add the `vulnerabilities_risk_threshold` field to the Product and
+  DataspaceConfiguration models.
   This threshold helps prioritize and control the level of attention to vulnerabilities.
   https://github.com/aboutcode-org/dejacode/issues/97
 

diff --git a/product_portfolio/admin.py b/product_portfolio/admin.py
@@ -362,6 +362,7 @@ class ProductAdmin(
                     "is_active",
                     "configuration_status",
                     "contact",
+                    "vulnerabilities_risk_threshold",
                     "get_feature_datalist",
                 )
             },

diff --git a/product_portfolio/api.py b/product_portfolio/api.py
@@ -137,6 +137,7 @@ class Meta:
             "primary_language",
             "admin_notes",
             "notice_text",
+            "vulnerabilities_risk_threshold",
             "created_date",
             "last_modified_date",
         )

diff --git a/product_portfolio/forms.py b/product_portfolio/forms.py
@@ -122,6 +122,7 @@ class Meta:
             "configuration_status",
             "contact",
             "keywords",
+            "vulnerabilities_risk_threshold",
         ]
         field_classes = {
             "owner": OwnerChoiceField,
@@ -170,6 +171,8 @@ def helper(self):
                 HTML("<hr>"),
                 Group("is_active", "configuration_status", "release_date"),
                 HTML("<hr>"),
+                Group("vulnerabilities_risk_threshold", "", ""),
+                HTML("<hr>"),
                 Submit("submit", self.submit_label, css_class="btn-success"),
                 self.save_as_new_submit,
             ),

diff --git a/product_portfolio/migrations/0009_product_vulnerabilities_risk_threshold.py b/product_portfolio/migrations/0009_product_vulnerabilities_risk_threshold.py
@@ -0,0 +1,18 @@
+# Generated by Django 5.0.9 on 2024-12-13 13:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('product_portfolio', '0008_productdependency_is_resolved_to_is_pinned'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='product',
+            name='vulnerabilities_risk_threshold',
+            field=models.DecimalField(blank=True, decimal_places=1, help_text='Enter a risk value between 0.0 and 10.0. This threshold helps prioritize and control the level of attention to vulnerabilities.', max_digits=3, null=True),
+        ),
+    ]
diff --git a/product_portfolio/models.py b/product_portfolio/models.py
@@ -230,6 +230,17 @@ class Product(BaseProductMixin, FieldChangesMixin, KeywordsMixin, DataspacedMode
         ),
     )
 
+    vulnerabilities_risk_threshold = models.DecimalField(
+        null=True,
+        blank=True,
+        max_digits=3,
+        decimal_places=1,
+        help_text=_(
+            "Enter a risk value between 0.0 and 10.0. This threshold helps prioritize "
+            "and control the level of attention to vulnerabilities."
+        ),
+    )
+
     licenses = models.ManyToManyField(
         to="license_library.License",
         through="ProductAssignedLicense",
@@ -338,6 +349,16 @@ def all_packages(self):
     def vulnerability_count(self):
         return self.get_vulnerability_qs().count()
 
+    def get_vulnerabilities_risk_threshold(self):
+        """
+        Return the local vulnerabilities_risk_threshold value when defined on the
+        Product or look into the Dataspace configuration.
+        """
+        risk_threshold = self.vulnerabilities_risk_threshold
+        if not risk_threshold:
+            risk_threshold = self.dataspace.get_configuration("vulnerabilities_risk_threshold")
+        return risk_threshold
+
     def get_merged_descendant_ids(self):
         """
         Return a list of Component ids collected on the Product descendants:

diff --git a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html
@@ -76,7 +76,7 @@
           </td>
           <td class="text-center">
             {% if package.vulnerability_analysis.is_reachable %}
-              <i class="fa-solid fa-circle-radiation text-danger fs-5" data-bs-toggle="tooltip" title="Vulnerability is reachable"></i>
+              <i class="fa-solid fa-circle-radiation text-danger fs-6" data-bs-toggle="tooltip" title="Vulnerability is reachable"></i>
             {% elif package.vulnerability_analysis.is_reachable is False %}
               <i class="fa-solid fa-bug-slash" data-bs-toggle="tooltip" title="Vulnerability is NOT reachable"></i>
             {% endif %}

diff --git a/product_portfolio/views.py b/product_portfolio/views.py
@@ -531,16 +531,18 @@ def tab_dependencies(self):
         }
 
     def tab_vulnerabilities(self):
-        dataspace = self.object.dataspace
-        vulnerablecode = VulnerableCode(self.object.dataspace)
+        product = self.object
+        dataspace = product.dataspace
+        vulnerablecode = VulnerableCode(dataspace)
         display_tab_contions = [
             dataspace.enable_vulnerablecodedb_access,
             vulnerablecode.is_configured(),
         ]
         if not all(display_tab_contions):
             return
 
-        vulnerability_count = self.object.vulnerability_count
+        risk_threshold = product.get_vulnerabilities_risk_threshold()
+        vulnerability_count = product.get_vulnerability_qs(risk_threshold=risk_threshold).count()
         if not vulnerability_count:
             label = 'Vulnerabilities <span class="badge bg-secondary">0</span>'
             return {
@@ -555,7 +557,7 @@ def tab_vulnerabilities(self):
         )
 
         # Pass the current request query context to the async request
-        tab_view_url = self.object.get_url("tab_vulnerabilities")
+        tab_view_url = product.get_url("tab_vulnerabilities")
         if full_query_string := self.request.META["QUERY_STRING"]:
             tab_view_url += f"?{full_query_string}"
 
@@ -1151,8 +1153,7 @@ class ProductTabVulnerabilitiesView(
 
     def get_context_data(self, **kwargs):
         product = self.object
-        dataspace = self.object.dataspace
-        risk_threshold = dataspace.get_configuration("vulnerabilities_risk_threshold")
+        risk_threshold = product.get_vulnerabilities_risk_threshold()
 
         total_count = product.get_vulnerability_qs(risk_threshold=risk_threshold).count()
         vulnerability_qs = (