Merge pull request #186 from mtruj013/cve-status-update

Update cve status options and apply updates across test fixtures

Author: mtruj013

docker-entrypoint-initdb.d/sample-security-data.sql.gz

@@ -0,0 +1,52 @@
+"""empty message
+
+Revision ID: 654254322cd3
+Revises: 645c9424286e
+Create Date: 2024-12-05 15:16:32.511623
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '654254322cd3'
+down_revision = '645c9424286e'
+branch_labels = None
+depends_on = None
+
+
+# Enum 'type' for PostgreSQL
+enum_name = 'cve_statuses'
+# Set temporary enum 'type' for PostgreSQL
+tmp_enum_name = 'tmp_' + enum_name
+
+# Options for Enum
+old_options = ("not-in-ubuntu", "active", "rejected")
+new_options = ("not-in-ubuntu", "in-progress", "rejected")
+
+# Create enum fields
+old_type = sa.Enum(*old_options, name=enum_name)
+new_type = sa.Enum(*new_options, name=enum_name)
+
+def upgrade():
+    # Rename current enum type to tmp_
+    op.execute('ALTER TYPE ' + enum_name + ' RENAME TO ' + tmp_enum_name)
+    # Create new enum type in db
+    new_type.create(op.get_bind())
+    # Update column to use new enum type
+    op.execute('ALTER TABLE cve ALTER COLUMN status TYPE ' + enum_name + ' USING status::text::' + enum_name)
+    # Drop old enum type
+    op.execute('DROP TYPE ' + tmp_enum_name)
+
+def downgrade():
+    # Instantiate db query
+    status = sa.sql.table('cve', sa.Column('status', new_type, nullable=False))
+    # Rename enum type to tmp_
+    op.execute('ALTER TYPE ' + enum_name + ' RENAME TO ' + tmp_enum_name)
+    # Create enum type using old values
+    old_type.create(op.get_bind())
+    # Set enum type as type for status column
+    op.execute('ALTER TABLE cve ALTER COLUMN status TYPE ' + enum_name + ' USING status::text::' + enum_name)
+    # Drop temp enum type
+    op.execute('DROP TYPE ' + tmp_enum_name)

migrations/versions/654254322cd3_update_cve_statuses.py

@@ -49,7 +49,7 @@
                 patches={},
                 tags={},
                 bugs={},
-                status="active",
+                status="in-progress",
             )
             db.session.add(cve)
             cves.append(cve)

scripts/generate-sample-security-data.py

@@ -80,7 +80,7 @@
             "https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503",
             "https://usn.ubuntu.com/usn/usn-4299-1"
         ],
-        "status": "active",
+        "status": "in-progress",
         "tags": {},
         "ubuntu_description": ""
     }

scripts/payloads/cves.json

@@ -30,7 +30,7 @@ def make_cve(
     patches={},
     tags={},
     bugs={},
-    status="active",
+    status="in-progress",
 ):
     cve = CVE(
         id=id,

tests/fixtures/models.py

@@ -48,6 +48,7 @@
     },
     "priority": "critical",
     "published": "2020-08-01 12:42:54",
+    "status": "not-in-ubuntu",
 }
 
 cve2 = {
@@ -74,7 +75,7 @@
     ],
     "published": "2020-11-01 12:42:54",
     "priority": "high",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve3 = {
@@ -101,7 +102,7 @@
     ],
     "priority": "medium",
     "published": "2019-12-01 12:42:54",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve4 = {
@@ -127,7 +128,7 @@
     ],
     "priority": "medium",
     "published": "2022-12-01 12:42:54",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve5 = {
@@ -152,7 +153,7 @@
     ],
     "published": "2020-12-01 12:42:54",
     "priority": "low",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve6 = {
@@ -177,7 +178,7 @@
     ],
     "published": "2020-12-01 12:42:54",
     "priority": "negligible",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve7 = {
@@ -202,7 +203,7 @@
     ],
     "published": "2020-12-01 12:42:54",
     "priority": "negligible",
-    "status": "active",
+    "status": "in-progress",
 }
 
 cve8 = {
@@ -227,7 +228,7 @@
     ],
     "published": "2020-12-01 12:42:54",
     "priority": "negligible",
-    "status": "active",
+    "status": "in-progress",
 }
 
 notice = {

tests/fixtures/payloads.py

@@ -48,6 +48,23 @@ def test_cves_query_no_500(self):
 
         assert response.status_code == 200
 
+    def test_cves_default_status(self):
+        # Add new CVE without status
+        cve_payload = payloads.cve1.copy()
+
+        add_cve_response = self.client.put(
+            "/security/updates/cves.json",
+            json=[cve_payload],
+        )
+
+        assert add_cve_response.status_code == 200
+        response = self.client.get("/security/cves.json")
+
+        assert response.status_code == 200
+        # Only the CVE with the default "in-progress" status should be returned
+        assert len(response.json["cves"]) == 1
+        assert response.json["cves"][0]["status"] == "in-progress"
+
     def test_cves_returns_200_for_non_existing_package_name(self):
         response = self.client.get("/security/cves.json?package=no-exist")
 
@@ -689,7 +706,7 @@ def test_cve_group_by_functionality(self):
         Tests that CVEs are correctly grouped by priority
         and ordered by publish date.
         """
-        # Check that there is one CVE in the db with an active status
+        # Check that there is one CVE in the db with an "in-progress" status
         # and a critical priority
         initial_cves = self.client.get("/security/cves.json")
 

tests/test_routes.py

@@ -7,7 +7,7 @@
 
 from webapp.api_spec import WebappFlaskApiSpec
 from webapp.commands import register_commands
-from webapp.database import init_db
+from webapp.database import db, init_db  # noqa: F401
 from webapp.views import (
     bulk_upsert_cve,
     create_notice,

webapp/app.py

@@ -6,7 +6,6 @@
     Boolean,
     Column,
     DateTime,
-    Enum,
     Float,
     ForeignKey,
     JSON,
@@ -24,6 +23,7 @@
     COMPONENT_OPTIONS,
     POCKET_OPTIONS,
     PRIORITY_OPTIONS,
+    CVE_STATUSES,
 )
 
 
@@ -63,9 +63,7 @@ class CVE(db.Model):
     patches = Column(JSON)
     tags = Column(JSON)
     bugs = Column(JSON)
-    status = Column(
-        Enum("not-in-ubuntu", "active", "rejected", name="cve_statuses")
-    )
+    status = Column(CVE_STATUSES)
     statuses = relationship("Status", cascade="all, delete-orphan")
     notices = relationship(
         "Notice", secondary=notice_cves, back_populates="cves"

webapp/models.py

@@ -529,7 +529,7 @@ class CVEsAPISchema(Schema):
     ),
     "cve_status": String(
         description="CVE status",
-        enum=["not-in-ubuntu", "active", "rejected"],
+        enum=["not-in-ubuntu", "in-progress", "rejected"],
         allow_none=True,
     ),
     "status": List(

webapp/schemas.py

@@ -49,3 +49,10 @@
     "critical",
     name="priorities",
 )
+
+CVE_STATUSES = Enum(
+    "not-in-ubuntu",
+    "in-progress",
+    "rejected",
+    name="cve_statuses",
+)

webapp/types.py

@@ -104,14 +104,14 @@ def get_cves(**kwargs):
     sort_by = kwargs.get("sort_by")
     show_hidden = kwargs.get("show_hidden", False)
 
-    # query cves by filters. Default filter by active CVEs
+    # query cves by filters. Default filter by "in-progress" CVEs
     if cve_status:
         cves_query: Query = db.session.query(CVE).filter(
             CVE.status == cve_status
         )
     else:
         cves_query: Query = db.session.query(CVE).filter(
-            CVE.status == "active"
+            CVE.status == "in-progress"
         )
 
     # order by priority