aboutcode-org · keshav-space · Nov 19, 2024 · Nov 15, 2024 · Nov 19, 2024
diff --git a/vulnerabilities/migrations/0083_alter_packagechangelog_software_version_and_more.py b/vulnerabilities/migrations/0083_alter_packagechangelog_software_version_and_more.py
@@ -0,0 +1,27 @@
+# Generated by Django 4.2.16 on 2024-11-15 11:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0082_vulnerability_exploitability_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="packagechangelog",
+            name="software_version",
+            field=models.CharField(
+                help_text="Version of the software at the time of change", max_length=100
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerabilitychangelog",
+            name="software_version",
+            field=models.CharField(
+                help_text="Version of the software at the time of change", max_length=100
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -1281,7 +1281,8 @@ class ChangeLog(models.Model):
     software_version = models.CharField(
         max_length=100,
         help_text="Version of the software at the time of change",
-        default=VULNERABLECODE_VERSION,
+        blank=False,
+        null=False,
     )
 
     @property

diff --git a/vulnerabilities/tests/test_changelog.py b/vulnerabilities/tests/test_changelog.py
@@ -7,22 +7,23 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 from datetime import datetime
+from unittest.mock import patch
 
 import pytest
+from packageurl import PackageURL
 from univers.version_range import NpmVersionRange
 from univers.versions import SemverVersion
 
-from vulnerabilities.import_runner import ImportRunner
+from vulnerabilities import models
 from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.models import *
 from vulnerabilities.pipelines.npm_importer import NpmImporterPipeline
 
 
 @pytest.mark.django_db
 def test_package_changelog():
-    pkg, _ = Package.objects.get_or_create_from_purl("pkg:npm/foo@1.0.0")
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 0
-    adv = Advisory.objects.create(
+    pkg, _ = models.Package.objects.get_or_create_from_purl("pkg:npm/foo@1.0.0")
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 0
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST",
         date_collected=datetime.now(),
@@ -39,16 +40,18 @@ def test_package_changelog():
         aliases=["CVE-123"],
     )
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg).count() == 1
     assert (
-        PackageChangeLog.objects.filter(action_type=PackageChangeLog.FIXING, package=pkg).count()
+        models.PackageChangeLog.objects.filter(
+            action_type=models.PackageChangeLog.FIXING, package=pkg
+        ).count()
         == 1
     )
-    pkg1, _ = Package.objects.get_or_create_from_purl("pkg:npm/foo@2.0.0")
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 0
-    adv = Advisory.objects.create(
+    pkg1, _ = models.Package.objects.get_or_create_from_purl("pkg:npm/foo@2.0.0")
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 0
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST-1",
         date_collected=datetime.now(),
@@ -65,20 +68,21 @@ def test_package_changelog():
         aliases=["CVE-145"],
     )
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert PackageChangeLog.objects.filter(package=pkg1).count() == 1
+    assert models.PackageChangeLog.objects.filter(package=pkg1).count() == 1
     assert (
-        PackageChangeLog.objects.filter(
-            action_type=PackageChangeLog.AFFECTED_BY, package=pkg1
+        models.PackageChangeLog.objects.filter(
+            action_type=models.PackageChangeLog.AFFECTED_BY,
+            package=pkg1,
         ).count()
         == 1
     )
 
 
 @pytest.mark.django_db
 def test_vulnerability_changelog():
-    adv = Advisory.objects.create(
+    adv = models.Advisory.objects.create(
         created_by=NpmImporterPipeline.pipeline_id,
         summary="TEST_1",
         date_collected=datetime.now(),
@@ -97,10 +101,37 @@ def test_vulnerability_changelog():
     NpmImporterPipeline().import_advisory(advisory=adv)
     # 1 Changelogs is expected here:
     # 1 for importing vuln details
-    assert VulnerabilityChangeLog.objects.count() == 1
+    assert models.VulnerabilityChangeLog.objects.count() == 1
     NpmImporterPipeline().import_advisory(advisory=adv)
-    assert VulnerabilityChangeLog.objects.count() == 1
+    assert models.VulnerabilityChangeLog.objects.count() == 1
     assert (
-        VulnerabilityChangeLog.objects.filter(action_type=VulnerabilityChangeLog.IMPORT).count()
+        models.VulnerabilityChangeLog.objects.filter(
+            action_type=models.VulnerabilityChangeLog.IMPORT
+        ).count()
         == 1
     )
+
+
+@patch("vulnerabilities.models.VULNERABLECODE_VERSION", "test-version")
+@pytest.mark.django_db
+def test_vulnerability_changelog_software_version():
+    adv = models.Advisory.objects.create(
+        created_by=NpmImporterPipeline.pipeline_id,
+        summary="TEST_1",
+        date_collected=datetime.now(),
+        url="https://test.com/source",
+        affected_packages=[
+            AffectedPackage(
+                package=PackageURL(
+                    type="npm",
+                    name="foo",
+                ),
+                fixed_version=SemverVersion("1.0"),
+            ).to_dict()
+        ],
+        aliases=["CVE-TEST-1234"],
+    )
+    NpmImporterPipeline().import_advisory(advisory=adv)
+    npm_vulnerability_log = models.VulnerabilityChangeLog.objects.first()
+
+    assert ("test-version", npm_vulnerability_log.software_version)
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
@@ -9,8 +9,6 @@
 
 import os
 import sys
-import warnings
-from pathlib import Path
 
 __version__ = "34.3.2"