aboutcode-org
diff --git a/‎vulnerabilities/importer.py
Lines changed: 7 additions & 3 deletions b/‎vulnerabilities/importer.py
Lines changed: 7 additions & 3 deletions
diff --git a/‎vulnerabilities/improvers/__init__.py
Lines changed: 2 additions & 0 deletions b/‎vulnerabilities/improvers/__init__.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎vulnerabilities/migrations/0093_advisorytodo_todorelatedadvisory_and_more.py
Lines changed: 137 additions & 0 deletions b/‎vulnerabilities/migrations/0093_advisorytodo_todorelatedadvisory_and_more.py
Lines changed: 137 additions & 0 deletions
diff --git a/‎vulnerabilities/models.py
Lines changed: 93 additions & 0 deletions b/‎vulnerabilities/models.py
Lines changed: 93 additions & 0 deletions
@@ -268,9 +268,13 @@ def from_dict(cls, affected_pkg: dict):
                 return
 
         fixed_version = affected_pkg["fixed_version"]
-        if fixed_version and affected_version_range:
-            # TODO: revisit after https://github.com/nexB/univers/issues/10
-            fixed_version = affected_version_range.version_class(fixed_version)
+        if fixed_version:
+            if affected_version_range:
+                # TODO: revisit after https://github.com/nexB/univers/issues/10
+                fixed_version = affected_version_range.version_class(fixed_version)
+            elif package.type in RANGE_CLASS_BY_SCHEMES:
+                vrc = RANGE_CLASS_BY_SCHEMES[package.type]
+                fixed_version = vrc.version_class(fixed_version)
 
         if not fixed_version and not affected_version_range:
             logger.error(
 
@@ -12,6 +12,7 @@
 from vulnerabilities.pipelines import VulnerableCodePipeline
 from vulnerabilities.pipelines import add_cvss31_to_CVEs
 from vulnerabilities.pipelines import collect_commits
+from vulnerabilities.pipelines import compute_advisory_todo
 from vulnerabilities.pipelines import compute_package_risk
 from vulnerabilities.pipelines import compute_package_version_rank
 from vulnerabilities.pipelines import enhance_with_exploitdb
@@ -49,6 +50,7 @@
     add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
     remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
     populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
+    compute_advisory_todo.ComputeToDo,
 ]
 
 IMPROVERS_REGISTRY = {
 
@@ -0,0 +1,137 @@
+# Generated by Django 4.2.22 on 2025-06-27 15:59
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0092_pipelineschedule_pipelinerun"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="AdvisoryToDo",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "related_advisories_id",
+                    models.CharField(
+                        help_text="SHA1 digest of the unique_content_id field of the applicable advisories.",
+                        max_length=40,
+                    ),
+                ),
+                (
+                    "issue_type",
+                    models.CharField(
+                        choices=[
+                            ("MISSING_AFFECTED_PACKAGE", "Advisory is missing affected package"),
+                            ("MISSING_FIXED_BY_PACKAGE", "Advisory is missing fixed-by package"),
+                            (
+                                "MISSING_AFFECTED_AND_FIXED_BY_PACKAGES",
+                                "Advisory is missing both affected and fixed-by packages",
+                            ),
+                            ("MISSING_SUMMARY", "Advisory is missing summary"),
+                            (
+                                "CONFLICTING_FIXED_BY_PACKAGES",
+                                "Advisories have conflicting fixed-by packages",
+                            ),
+                            (
+                                "CONFLICTING_AFFECTED_PACKAGES",
+                                "Advisories have conflicting affected packages",
+                            ),
+                            (
+                                "CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES",
+                                "Advisories have conflicting affected and fixed-by packages",
+                            ),
+                            (
+                                "CONFLICTING_SEVERITY_SCORES",
+                                "Advisories have conflicting severity scores",
+                            ),
+                        ],
+                        db_index=True,
+                        help_text="Select the issue that needs to be addressed from the available options.",
+                        max_length=50,
+                    ),
+                ),
+                (
+                    "issue_detail",
+                    models.TextField(blank=True, help_text="Additional details about the issue."),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        auto_now_add=True,
+                        help_text="Timestamp indicating when this TODO was created.",
+                    ),
+                ),
+                (
+                    "is_resolved",
+                    models.BooleanField(
+                        db_index=True, default=False, help_text="This TODO is resolved or not."
+                    ),
+                ),
+                (
+                    "resolved_at",
+                    models.DateTimeField(
+                        blank=True,
+                        help_text="Timestamp indicating when this TODO was resolved.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "resolution_detail",
+                    models.TextField(
+                        blank=True, help_text="Additional detail on how this TODO was resolved."
+                    ),
+                ),
+            ],
+        ),
+        migrations.CreateModel(
+            name="ToDoRelatedAdvisory",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "advisory",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE, to="vulnerabilities.advisory"
+                    ),
+                ),
+                (
+                    "todo",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="vulnerabilities.advisorytodo",
+                    ),
+                ),
+            ],
+            options={
+                "unique_together": {("todo", "advisory")},
+            },
+        ),
+        migrations.AddField(
+            model_name="advisorytodo",
+            name="advisories",
+            field=models.ManyToManyField(
+                help_text="Advisory/ies where this TODO is applicable.",
+                related_name="advisory_todos",
+                through="vulnerabilities.ToDoRelatedAdvisory",
+                to="vulnerabilities.advisory",
+            ),
+        ),
+        migrations.AlterUniqueTogether(
+            name="advisorytodo",
+            unique_together={("related_advisories_id", "issue_type")},
+        ),
+    ]
@@ -2258,3 +2258,96 @@ def create_new_job(self, execute_now=False):
             schedules.clear_job(self.schedule_work_id)
 
         return schedules.schedule_execution(self, execute_now) if self.is_active else None
+
+
+ISSUE_TYPE_CHOICES = [
+    ("MISSING_AFFECTED_PACKAGE", "Advisory is missing affected package"),
+    ("MISSING_FIXED_BY_PACKAGE", "Advisory is missing fixed-by package"),
+    (
+        "MISSING_AFFECTED_AND_FIXED_BY_PACKAGES",
+        "Advisory is missing both affected and fixed-by packages",
+    ),
+    ("MISSING_SUMMARY", "Advisory is missing summary"),
+    ("CONFLICTING_FIXED_BY_PACKAGES", "Advisories have conflicting fixed-by packages"),
+    ("CONFLICTING_AFFECTED_PACKAGES", "Advisories have conflicting affected packages"),
+    (
+        "CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES",
+        "Advisories have conflicting affected and fixed-by packages",
+    ),
+    ("CONFLICTING_SEVERITY_SCORES", "Advisories have conflicting severity scores"),
+]
+
+
+class AdvisoryToDo(models.Model):
+    """Track the TODOs for advisory/ies that need to be addressed."""
+
+    # Since we can not make advisories field (M2M field) unique
+    # (see https://code.djangoproject.com/ticket/702), we use related_advisories_id
+    # to avoid creating duplicate issue for same set of advisories,
+    related_advisories_id = models.CharField(
+        max_length=40,
+        help_text="SHA1 digest of the unique_content_id field of the applicable advisories.",
+    )
+
+    advisories = models.ManyToManyField(
+        Advisory,
+        through="ToDoRelatedAdvisory",
+        related_name="advisory_todos",
+        help_text="Advisory/ies where this TODO is applicable.",
+    )
+
+    issue_type = models.CharField(
+        max_length=50,
+        choices=ISSUE_TYPE_CHOICES,
+        db_index=True,
+        help_text="Select the issue that needs to be addressed from the available options.",
+    )
+
+    issue_detail = models.TextField(
+        blank=True,
+        help_text="Additional details about the issue.",
+    )
+
+    created_at = models.DateTimeField(
+        auto_now_add=True,
+        help_text="Timestamp indicating when this TODO was created.",
+    )
+
+    is_resolved = models.BooleanField(
+        default=False,
+        db_index=True,
+        help_text="This TODO is resolved or not.",
+    )
+
+    resolved_at = models.DateTimeField(
+        null=True,
+        blank=True,
+        help_text="Timestamp indicating when this TODO was resolved.",
+    )
+
+    resolution_detail = models.TextField(
+        blank=True,
+        help_text="Additional detail on how this TODO was resolved.",
+    )
+
+    class Meta:
+        unique_together = ("related_advisories_id", "issue_type")
+
+    def save(self, *args, **kwargs):
+        self.full_clean()
+        return super().save(*args, **kwargs)
+
+
+class ToDoRelatedAdvisory(models.Model):
+    todo = models.ForeignKey(
+        AdvisoryToDo,
+        on_delete=models.CASCADE,
+    )
+
+    advisory = models.ForeignKey(
+        Advisory,
+        on_delete=models.CASCADE,
+    )
+
+    class Meta:
+        unique_together = ("todo", "advisory")