From e335a161f8354251d623a0f7e1243918b3a08319 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Mon, 9 Dec 2024 18:53:01 +0400
Subject: [PATCH] Add `is_reachable` field on the VulnerabilityAnalysis model
 #103

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                                 |  5 ++++
 dejacode/static/css/dejacode_bootstrap.css    | 17 ++++++++----
 .../tabs/tab_vulnerabilities.html             |  9 +++++++
 product_portfolio/views.py                    |  9 +++++++
 vulnerabilities/api.py                        |  1 +
 vulnerabilities/filters.py                    | 12 +++++++++
 vulnerabilities/forms.py                      |  3 ++-
 ...erabilityanalysis_is_reachable_and_more.py | 27 +++++++++++++++++++
 vulnerabilities/models.py                     | 10 +++++++
 9 files changed, 87 insertions(+), 6 deletions(-)
 create mode 100644 vulnerabilities/migrations/0005_vulnerabilityanalysis_is_reachable_and_more.py

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5f19d8b3..3bb1dc77 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -38,6 +38,11 @@ Release notes
   Add `risk_score` filter in Package endpoint.
   https://github.com/aboutcode-org/dejacode/issues/104
 
+- Add new `is_reachable` field on the VulnerabilityAnalysis model.
+  It can be used to declare if a this vulnerability is reachable, not reachable, or
+  if this fact is not known in the context of a Product Package.
+  https://github.com/aboutcode-org/dejacode/issues/103
+
 ### Version 5.2.1
 
 - Fix the models documentation navigation.
diff --git a/dejacode/static/css/dejacode_bootstrap.css b/dejacode/static/css/dejacode_bootstrap.css
index f559cc68..34ef5908 100644
--- a/dejacode/static/css/dejacode_bootstrap.css
+++ b/dejacode/static/css/dejacode_bootstrap.css
@@ -388,16 +388,16 @@ table.vulnerabilities-table .column-summary {
   width: 210px;
 }
 #tab_vulnerabilities .column-affected_packages {
-  min-width: 300px;
+  min-width: 250px;
 }
 #tab_vulnerabilities .column-exploitability {
-  width: 155px;
+  width: 140px;
 }
 #tab_vulnerabilities .column-weighted_severity {
-  width: 120px;
+  width: 105px;
 }
 #tab_vulnerabilities .column-risk_score {
-  width: 90px;
+  width: 80px;
 }
 #tab_vulnerabilities .column-summary {
   width: 300px;
@@ -411,6 +411,9 @@ table.vulnerabilities-table .column-summary {
 #tab_vulnerabilities .column-vulnerability_analyses__responses {
   min-width: 120px;
 }
+#tab_vulnerabilities .column-vulnerability_analyses__is_reachable {
+  min-width: 80px;
+}
 /* -- Vulnerability analysis modal -- */
 #vulnerability-analysis-modal #div_id_responses .form-check {
   display: inline-block;
@@ -655,11 +658,15 @@ td.sub-header {
 .table thead tr th a.sort:hover {
   color: #ccc;
   text-decoration: none;
-  margin-left: 0.0625rem;
+  margin-left: 0;
 }
 .table thead tr th a.sort.active {
   color: var(--bs-body-color);
 }
+.tab-content .table thead tr th {
+  font-size: 0.875rem;
+}
+th a.sort i {width: auto;}
 
 /* -- Better looks for the popover fake links -- */
 .tag_popover,
diff --git a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html
index 9c712658..585b79c4 100644
--- a/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html
+++ b/product_portfolio/templates/product_portfolio/tabs/tab_vulnerabilities.html
@@ -1,4 +1,6 @@
 {% load i18n %}
+{% load as_icon from dje_tags %}
+
 {% include 'tabs/pagination.html' %}
 <table class="table table-bordered table-md text-break">
   {% include 'includes/object_list_table_header.html' with filter=filterset include_actions=True %}
@@ -72,6 +74,13 @@
               </ul>
             {% endif %}
           </td>
+          <td class="text-center">
+            {% if package.vulnerability_analysis.is_reachable %}
+              <i class="fa-solid fa-circle-radiation text-danger fs-5" data-bs-toggle="tooltip" title="Vulnerability is reachable"></i>
+            {% elif package.vulnerability_analysis.is_reachable is False %}
+              <i class="fa-solid fa-bug-slash" data-bs-toggle="tooltip" title="Vulnerability is NOT reachable"></i>
+            {% endif %}
+          </td>
           <td class="p-1">
             <span data-bs-toggle="modal"
                   data-bs-target="#vulnerability-analysis-modal"
diff --git a/product_portfolio/views.py b/product_portfolio/views.py
index 99e8614a..10437edd 100644
--- a/product_portfolio/views.py
+++ b/product_portfolio/views.py
@@ -1138,6 +1138,15 @@ class ProductTabVulnerabilitiesView(
             ),
             filter="responses",
         ),
+        Header(
+            "vulnerability_analyses__is_reachable",
+            _("Reach"),
+            help_text=_(
+                "Indicates whether the vulnerability is reachable in the context of "
+                "this product package."
+            ),
+            filter="is_reachable",
+        ),
     )
 
     def get_context_data(self, **kwargs):
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
index 3d5dbce6..81c008c0 100644
--- a/vulnerabilities/api.py
+++ b/vulnerabilities/api.py
@@ -142,6 +142,7 @@ class Meta:
             "justification",
             "responses",
             "detail",
+            "is_reachable",
         )
         extra_kwargs = {
             "product_package": {
diff --git a/vulnerabilities/filters.py b/vulnerabilities/filters.py
index 8ec23c82..5d475653 100644
--- a/vulnerabilities/filters.py
+++ b/vulnerabilities/filters.py
@@ -11,6 +11,7 @@
 
 import django_filters
 
+from dje.filters import BooleanChoiceFilter
 from dje.filters import DataspacedFilterSet
 from dje.filters import SearchFilter
 from dje.widgets import SortDropDownWidget
@@ -122,6 +123,7 @@ class ProductVulnerabilityFilterSet(VulnerabilityFilterSet):
         "vulnerability_analyses__state",
         "vulnerability_analyses__justification",
         "responses",
+        "is_reachable",
     ]
     sort = NullsLastOrderingFilter(
         label=_("Sort"),
@@ -139,6 +141,15 @@ class ProductVulnerabilityFilterSet(VulnerabilityFilterSet):
         lookup_expr="icontains",
         choices=VulnerabilityAnalysisMixin.Response.choices,
     )
+    is_reachable = BooleanChoiceFilter(
+        field_name="vulnerability_analyses__is_reachable",
+        empty_label="All",
+        choices=(
+            ("yes", _("Reachable")),
+            ("no", _("Not reachable")),
+            ("unknown", _("Reachability not known")),
+        ),
+    )
 
     class Meta:
         model = Vulnerability
@@ -146,6 +157,7 @@ class Meta:
             "q",
             "vulnerability_analyses__state",
             "vulnerability_analyses__justification",
+            "is_reachable",
             "exploitability",
         ]
 
diff --git a/vulnerabilities/forms.py b/vulnerabilities/forms.py
index 0fa8c602..3d87d3ba 100644
--- a/vulnerabilities/forms.py
+++ b/vulnerabilities/forms.py
@@ -45,6 +45,7 @@ class Meta:
             "justification",
             "responses",
             "detail",
+            "is_reachable",
             "propagate_to_products",
         ]
         widgets = {
@@ -84,7 +85,7 @@ def helper(self):
                 "",
                 "product_package",
                 "vulnerability",
-                Group("state", "justification"),
+                Group("state", "justification", "is_reachable"),
                 "responses",
                 "detail",
                 Field(
diff --git a/vulnerabilities/migrations/0005_vulnerabilityanalysis_is_reachable_and_more.py b/vulnerabilities/migrations/0005_vulnerabilityanalysis_is_reachable_and_more.py
new file mode 100644
index 00000000..6403cd52
--- /dev/null
+++ b/vulnerabilities/migrations/0005_vulnerabilityanalysis_is_reachable_and_more.py
@@ -0,0 +1,27 @@
+# Generated by Django 5.0.9 on 2024-12-09 14:03
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('component_catalog', '0010_component_risk_score_package_risk_score'),
+        ('dje', '0004_dataspace_vulnerabilities_updated_at'),
+        ('product_portfolio', '0008_productdependency_is_resolved_to_is_pinned'),
+        ('vulnerabilities', '0004_vulnerabilityanalysis_indexes'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='vulnerabilityanalysis',
+            name='is_reachable',
+            field=models.BooleanField(help_text='Indicates whether the vulnerability is reachable in the context of this product package.', null=True),
+        ),
+        migrations.AddIndex(
+            model_name='vulnerabilityanalysis',
+            index=models.Index(fields=['is_reachable'], name='vulnerabili_is_reac_4ae33a_idx'),
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index c2439e26..6206a560 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -502,12 +502,21 @@ class VulnerabilityAnalysis(
         on_delete=models.CASCADE,
         related_name="vulnerability_analyses",
     )
+    # Regular fields
+    is_reachable = models.BooleanField(
+        null=True,
+        help_text=_(
+            "Indicates whether the vulnerability is reachable in the context of this "
+            "product package."
+        ),
+    )
 
     class Meta:
         unique_together = (("product_package", "vulnerability"), ("dataspace", "uuid"))
         indexes = [
             models.Index(fields=["state"]),
             models.Index(fields=["justification"]),
+            models.Index(fields=["is_reachable"]),
         ]
 
     def __str__(self):
@@ -556,6 +565,7 @@ def propagate(self, product_uuid, user):
             "justification",
             "responses",
             "detail",
+            "is_reachable",
         ]
         for field_name in fields_to_clone:
             field_value = getattr(self, field_name, None)