From b7b9ab779d53278cb03d4f7137cbe9890327d6ea Mon Sep 17 00:00:00 2001
From: Keshav Priyadarshi <git@keshav.space>
Date: Fri, 15 Nov 2024 16:40:34 +0530
Subject: [PATCH 1/2] Avoid migrations on version bumps

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
---
 ...kagechangelog_software_version_and_more.py | 27 ++++++++
 vulnerabilities/models.py                     |  3 +-
 vulnerabilities/tests/test_changelog.py       | 69 ++++++++++++++-----
 vulnerablecode/__init__.py                    |  2 -
 4 files changed, 79 insertions(+), 22 deletions(-)
 create mode 100644 vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py

diff --git a/vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py b/vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py
new file mode 100644
index 000000000..2314460d2
--- /dev/null
+++ b/vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py
@@ -0,0 +1,27 @@
+# Generated by Django 4.2.16 on 2024-11-15 11:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0081_alter_packagechangelog_software_version_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="packagechangelog",
+            name="software_version",
+            field=models.CharField(
+                help_text="Version of the software at the time of change", max_length=100
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerabilitychangelog",
+            name="software_version",
+            field=models.CharField(
+                help_text="Version of the software at the time of change", max_length=100
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index e5fe231f6..d6fae2408 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -1281,7 +1281,8 @@ class ChangeLog(models.Model):
     software_version = models.CharField(
         max_length=100,
         help_text="Version of the software at the time of change",
-        default=VULNERABLECODE_VERSION,
+        blank=False,
+        null=False,
     )
 
     @property
diff --git a/vulnerabilities/tests/test_changelog.py b/vulnerabilities/tests/test_changelog.py
index b560d7338..1d5eedaea 100644
--- a/vulnerabilities/tests/test_changelog.py
+++ b/vulnerabilities/tests/test_changelog.py
@@ -7,22 +7,23 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 from datetime import datetime
+from unittest.mock import patch
 
 import pytest
+from packageurl import PackageURL
 from univers.version_range import NpmVersionRange
 from univers.versions import SemverVersion
 
-from vulnerabilities.import_runner import ImportRunner
+from vulnerabilities import models
 from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.models import *
 from vulnerabilities.pipelines.npm_importer import NpmImporterPipeline
 
 
 @pytest.mark.django_db
 def test_package_changelog():
-    pkg, _ = Package.objects.get_or_create_from_purl("pkg:npm/foo@1.0.0")
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 0
-    adv = Advisory.objects.create(
+    pkg, _ = models.Package.objects.get_or_create_from_purl("pkg:npm/foo@1.0.0")
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 0
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST",
         date_collected=datetime.now(),
@@ -39,16 +40,18 @@ def test_package_changelog():
         aliases=["CVE-123"],
     )
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 1
     assert (
-        PackageChangeLog.objects.filter(action_type=PackageChangeLog.FIXING, package=pkg).count()
+        models.PackageChangeLog.objects.filter(
+            action_type=models.PackageChangeLog.FIXING, package=pkg
+        ).count()
         == 1
     )
-    pkg1, _ = Package.objects.get_or_create_from_purl("pkg:npm/foo@2.0.0")
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 0
-    adv = Advisory.objects.create(
+    pkg1, _ = models.Package.objects.get_or_create_from_purl("pkg:npm/foo@2.0.0")
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 0
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST-1",
         date_collected=datetime.now(),
@@ -65,12 +68,13 @@ def test_package_changelog():
         aliases=["CVE-145"],
     )
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 1
     assert (
-        PackageChangeLog.objects.filter(
-            action_type=PackageChangeLog.AFFECTED_BY, package=pkg1
+        models.PackageChangeLog.objects.filter(
+            action_type=models.PackageChangeLog.AFFECTED_BY,
+            package=pkg1,
         ).count()
         == 1
     )
@@ -78,7 +82,7 @@ def test_package_changelog():
 
 @pytest.mark.django_db
 def test_vulnerability_changelog():
-    adv = Advisory.objects.create(
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST_1",
         date_collected=datetime.now(),
@@ -97,10 +101,37 @@ def test_vulnerability_changelog():
     NpmImporterPipeline().import_advisory(advisory=adv)
     # 1 Changelogs is expected here:
     # 1 for importing vuln details
-    assert VulnerabilityChangeLog.objects.count() == 1
+    assert models.VulnerabilityChangeLog.objects.count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert VulnerabilityChangeLog.objects.count() == 1
+    assert models.VulnerabilityChangeLog.objects.count() == 1
     assert (
-        VulnerabilityChangeLog.objects.filter(action_type=VulnerabilityChangeLog.IMPORT).count()
+        models.VulnerabilityChangeLog.objects.filter(
+            action_type=models.VulnerabilityChangeLog.IMPORT
+        ).count()
         == 1
     )
+
+
+@patch("vulnerabilities.models.VULNERABLECODE_VERSION", "test-version")
+@pytest.mark.django_db
+def test_vulnerability_changelog_software_version():
+    adv = models.Advisory.objects.create(
+        created_by=NpmImporterPipeline.pipeline_id,
+        summary="TEST_1",
+        date_collected=datetime.now(),
+        url="https://test.com/source",
+        affected_packages=[
+            AffectedPackage(
+                package=PackageURL(
+                    type="npm",
+                    name="foo",
+                ),
+                fixed_version=SemverVersion("1.0"),
+            ).to_dict()
+        ],
+        aliases=["CVE-TEST-1234"],
+    )
+    NpmImporterPipeline().import_advisory(advisory=adv)
+    npm_vulnerability_log = models.VulnerabilityChangeLog.objects.first()
+
+    assert ("test-version", npm_vulnerability_log.software_version)
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
index bfc9e4eea..10dd64cfd 100644
--- a/vulnerablecode/__init__.py
+++ b/vulnerablecode/__init__.py
@@ -9,8 +9,6 @@
 
 import os
 import sys
-import warnings
-from pathlib import Path
 
 __version__ = "34.3.2"
 

From 91112af3c0d35fada608cdd0bd82cedd09bb3f60 Mon Sep 17 00:00:00 2001
From: Keshav Priyadarshi <git@keshav.space>
Date: Tue, 19 Nov 2024 10:58:13 +0530
Subject: [PATCH 2/2] Resolve migration conflict

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
---
 ...=> 0083_alter_packagechangelog_software_version_and_more.py} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename vulnerabilities/migrations/{0082_alter_packagechangelog_software_version_and_more.py => 0083_alter_packagechangelog_software_version_and_more.py} (89%)

diff --git a/vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py b/vulnerabilities/migrations/0083_alter_packagechangelog_software_version_and_more.py
similarity index 89%
rename from vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py
rename to vulnerabilities/migrations/0083_alter_packagechangelog_software_version_and_more.py
index 2314460d2..54c5a7b14 100644
--- a/vulnerabilities/migrations/0082_alter_packagechangelog_software_version_and_more.py
+++ b/vulnerabilities/migrations/0083_alter_packagechangelog_software_version_and_more.py
@@ -6,7 +6,7 @@
 class Migration(migrations.Migration):
 
     dependencies = [
-        ("vulnerabilities", "0081_alter_packagechangelog_software_version_and_more"),
+        ("vulnerabilities", "0082_vulnerability_exploitability_and_more"),
     ]
 
     operations = [