Fix

Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>

Author: TG1999

vulnerabilities/migrations/0085_codefix.py

@@ -0,0 +1,124 @@
+# Generated by Django 4.2.16 on 2024-12-23 19:32
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0085_alter_package_is_ghost_alter_package_version_rank_and_more"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="CodeFix",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "commits",
+                    models.JSONField(
+                        blank=True,
+                        default=list,
+                        help_text="List of commit identifiers associated with the code change.",
+                    ),
+                ),
+                (
+                    "pulls",
+                    models.JSONField(
+                        blank=True,
+                        default=list,
+                        help_text="List of pull request URLs associated with the code change.",
+                    ),
+                ),
+                (
+                    "downloads",
+                    models.JSONField(
+                        blank=True,
+                        default=list,
+                        help_text="List of download URLs for the patched code.",
+                    ),
+                ),
+                (
+                    "patch",
+                    models.TextField(
+                        blank=True,
+                        help_text="The code change in patch format (e.g., git diff).",
+                        null=True,
+                    ),
+                ),
+                (
+                    "notes",
+                    models.TextField(
+                        blank=True,
+                        help_text="Additional notes or instructions about the code change.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "references",
+                    models.JSONField(
+                        blank=True,
+                        default=list,
+                        help_text="External references related to this code change.",
+                    ),
+                ),
+                (
+                    "status_reviewed",
+                    models.BooleanField(
+                        default=False, help_text="Indicates if the code change has been reviewed."
+                    ),
+                ),
+                (
+                    "base_commit",
+                    models.CharField(
+                        blank=True,
+                        help_text="The commit ID representing the state of the code before applying the fix or change.",
+                        max_length=255,
+                        null=True,
+                    ),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        auto_now_add=True,
+                        help_text="Timestamp indicating when the code change was created.",
+                    ),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(
+                        auto_now=True,
+                        help_text="Timestamp indicating when the code change was last updated.",
+                    ),
+                ),
+                (
+                    "base_version",
+                    models.ForeignKey(
+                        blank=True,
+                        help_text="The base version of the package to which this code change applies.",
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="base_version_codechanges",
+                        to="vulnerabilities.package",
+                    ),
+                ),
+                (
+                    "package_vulnerabilities",
+                    models.ManyToManyField(
+                        help_text="The vulnerabilities fixed by this code change.",
+                        related_name="code_fixes",
+                        to="vulnerabilities.affectedbypackagerelatedvulnerability",
+                    ),
+                ),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+    ]

vulnerabilities/migrations/0086_codefix.py

@@ -1619,7 +1619,7 @@ class CodeChange(models.Model):
         null=True,
         blank=True,
         on_delete=models.SET_NULL,
-        related_name="base_version_changes",
+        related_name="base_version_codechanges",
         help_text="The base version of the package to which this code change applies.",
     )
     base_commit = models.CharField(

vulnerabilities/models.py

@@ -16,21 +16,6 @@
 from vulnerabilities.pipelines import VulnerableCodePipeline
 
 
-def extract_commit_id(url):
-    """
-    Extract a commit ID from a URL, if available.
-    Supports different URL structures for commit references.
-
-    >>> extract_commit_id("https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65")
-    'c1789474020a6d668d616464cb2da5e90e123f65'
-    """
-    if "/commit/" in url:
-        parts = url.split("/")
-        if len(parts) > 1 and parts[-2] == "commit":
-            return parts[-1]
-    return None
-
-
 def is_reference_already_processed(reference_url, commit_id):
     """
     Check if a reference and commit ID pair already exists in a CodeFix entry.
@@ -62,15 +47,14 @@ def collect_and_store_fix_commits(self):
         for reference in progress.iter(references.paginated(per_page=500)):
             for vulnerability in reference.vulnerabilities.all():
                 vcs_url = normalize_vcs_url(reference.url)
-                commit_id = extract_commit_id(reference.url)
 
-                if not commit_id or not vcs_url:
+                if not vcs_url:
                     continue
 
                 # Skip if already processed
-                if is_reference_already_processed(reference.url, commit_id):
+                if is_reference_already_processed(reference.url, vcs_url):
                     self.log(
-                        f"Skipping already processed reference: {reference.url} with commit {commit_id}"
+                        f"Skipping already processed reference: {reference.url} with VCS URL {vcs_url}"
                     )
                     continue
                 purl = url2purl(vcs_url)
@@ -81,7 +65,7 @@ def collect_and_store_fix_commits(self):
                 codefix = self.create_codefix_entry(
                     vulnerability=vulnerability,
                     package=package,
-                    commit_id=commit_id,
+                    vcs_url=vcs_url,
                     reference=reference.url,
                 )
                 if codefix:
@@ -100,15 +84,15 @@ def get_or_create_package(self, purl):
             self.log(f"Error creating package from purl {purl}: {e}")
             return None
 
-    def create_codefix_entry(self, vulnerability, package, commit_id, reference):
+    def create_codefix_entry(self, vulnerability, package, vcs_url, reference):
         """
         Create a CodeFix entry associated with the given vulnerability and package.
         """
         try:
             codefix, created = CodeFix.objects.get_or_create(
                 base_version=package,
                 defaults={
-                    "commits": [commit_id],
+                    "commits": [vcs_url],
                     "references": [reference],
                 },
             )