Add three columns to advisory:

* published * modified * withdrawn Ingest those from OSV where appropriate.
trustification · Mar 26, 2024 · 18b840d · 18b840d
1 parent c2a262f
commit 18b840d
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/entity/Cargo.toml b/entity/Cargo.toml
@@ -10,6 +10,7 @@ time = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
 trustify-common = { path = "../common" }
 trustify-cvss = { path = "../cvss" }
+chrono = { workspace = true }
 
 [dev-dependencies]
 anyhow = { workspace = true }
diff --git a/entity/src/advisory.rs b/entity/src/advisory.rs
@@ -8,6 +8,9 @@ pub struct Model {
     pub identifier: String,
     pub location: String,
     pub sha256: String,
+    pub published: Option<DateTimeUtc>,
+    pub modified: Option<DateTimeUtc>,
+    pub withdrawn: Option<DateTimeUtc>,
     pub title: Option<String>,
 }
 

diff --git a/migration/src/m0000060_create_advisory.rs b/migration/src/m0000060_create_advisory.rs
@@ -19,6 +19,9 @@ impl MigrationTrait for Migration {
                             .auto_increment()
                             .primary_key(),
                     )
+                    .col(ColumnDef::new(Advisory::Published).timestamp_with_time_zone())
+                    .col(ColumnDef::new(Advisory::Modified).timestamp_with_time_zone())
+                    .col(ColumnDef::new(Advisory::Withdrawn).timestamp_with_time_zone())
                     .col(ColumnDef::new(Advisory::Identifier).string().not_null())
                     .col(ColumnDef::new(Advisory::Location).string().not_null())
                     .col(ColumnDef::new(Advisory::Sha256).string().not_null())
@@ -39,6 +42,9 @@ impl MigrationTrait for Migration {
 pub enum Advisory {
     Table,
     Id,
+    Published,
+    Modified,
+    Withdrawn,
     Identifier,
     Location,
     Sha256,

diff --git a/modules/graph/src/graph/advisory/mod.rs b/modules/graph/src/graph/advisory/mod.rs
@@ -3,8 +3,9 @@
 use crate::graph::advisory::advisory_vulnerability::AdvisoryVulnerabilityContext;
 use crate::graph::error::Error;
 use crate::graph::Graph;
+use sea_orm::prelude::DateTimeUtc;
 use sea_orm::ActiveValue::Set;
-use sea_orm::{ActiveModelTrait, EntityTrait, FromQueryResult, QueryFilter};
+use sea_orm::{ActiveModelTrait, EntityTrait, FromQueryResult, IntoActiveModel, QueryFilter};
 use sea_orm::{ColumnTrait, QuerySelect, RelationTrait};
 use sea_query::{Condition, JoinType};
 use std::cmp::min;
@@ -102,6 +103,51 @@ impl<'g> From<(&'g Graph, entity::advisory::Model)> for AdvisoryContext<'g> {
 }
 
 impl<'g> AdvisoryContext<'g> {
+    pub async fn set_published_at<TX: AsRef<Transactional>>(
+        &self,
+        published_at: DateTimeUtc,
+        tx: TX,
+    ) -> Result<(), Error> {
+        let mut entity = self.advisory.clone().into_active_model();
+        entity.published = Set(Some(published_at));
+        entity.save(&self.graph.connection(&tx)).await?;
+        Ok(())
+    }
+
+    pub fn published_at(&self) -> Option<DateTimeUtc> {
+        self.advisory.published
+    }
+
+    pub async fn set_modified_at<TX: AsRef<Transactional>>(
+        &self,
+        modified_at: DateTimeUtc,
+        tx: TX,
+    ) -> Result<(), Error> {
+        let mut entity = self.advisory.clone().into_active_model();
+        entity.modified = Set(Some(modified_at));
+        entity.save(&self.graph.connection(&tx)).await?;
+        Ok(())
+    }
+
+    pub fn modified_at(&self) -> Option<DateTimeUtc> {
+        self.advisory.modified
+    }
+
+    pub async fn set_withdrawn_at<TX: AsRef<Transactional>>(
+        &self,
+        withdrawn_at: DateTimeUtc,
+        tx: TX,
+    ) -> Result<(), Error> {
+        let mut entity = self.advisory.clone().into_active_model();
+        entity.withdrawn = Set(Some(withdrawn_at));
+        entity.save(&self.graph.connection(&tx)).await?;
+        Ok(())
+    }
+
+    pub fn withdrawn_at(&self) -> Option<DateTimeUtc> {
+        self.advisory.withdrawn
+    }
+
     pub async fn get_vulnerability<TX: AsRef<Transactional>>(
         &self,
         identifier: &str,

diff --git a/modules/ingestor/src/service/advisory/osv/loader.rs b/modules/ingestor/src/service/advisory/osv/loader.rs
@@ -43,6 +43,12 @@ impl<'g> OsvLoader<'g> {
                 .ingest_advisory(osv.id, location, sha256, &tx)
                 .await?;
 
+            advisory.set_published_at(osv.published, &tx).await?;
+            advisory.set_modified_at(osv.modified, &tx).await?;
+            if let Some(withdrawn) = osv.withdrawn {
+                advisory.set_withdrawn_at(withdrawn, &tx).await?;
+            }
+
             for cve_id in cve_ids {
                 let advisory_vuln = advisory.link_to_vulnerability(cve_id, &tx).await?;