def add_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
vuln_clone = vuln.copy()
form.populate_obj(vuln_clone)
vuln_clone.version = None
vuln_clone.prev_version = vuln.version
vuln_clone.state = VulnerabilityState.READY
vuln_clone.creator = g.user
# Reset any previous feedback data.
vuln_clone.reviewer_id = None
vuln_clone.review_feedback = None
db.session.add(vuln_clone)
db.session.commit()
if not vuln_clone.vcdb_id:
# TODO: Improve this hack to assign a new vcdb_id here.
# Currently, we are just piggy backing on the auto increment of the primary key to ensure uniqueness.
# This will likely be prone to race conditions.
vuln_clone.vcdb_id = vuln_clone.id
db.session.add(vuln_clone)
db.session.commit()
flash(
"Your proposal will be reviewed soon. You can monitor progress in your Proposals Section.",
"success")
def add_proposal(vuln: Vulnerability, view: VulnerabilityView,
form: VulnerabilityDetailsForm) -> Optional[Vulnerability]:
"""
Attempts to create a proposal entry which is basically a copy of an existing Vulnerability entry.
:param vuln:
:param view:
:param form:
:return: A new Vulnerability copy of the existing entry.
"""
vuln_clone = vuln.copy()
form.populate_obj(vuln_clone)
try:
update_products(vuln_clone)
except InvalidProducts as e:
flash_error(e.args[0])
return None
with db.session.no_autoflush:
changes = vuln.diff(vuln_clone)
# ignore metadata
changes.pop('date_modified', None)
changes.pop('date_created', None)
changes.pop('creator', None)
changes.pop('state', None)
changes.pop('version', None)
changes.pop('prev_version', None)
changes.pop('reviewer_id', None)
changes.pop('reviewer', None)
changes.pop('review_feedback', None)
changes.pop('id', None)
if not changes:
flash_error(
"No changes detected. Please modify the entry first to propose a change"
)
return None
logging.debug("Detected changes: %r", changes)
vuln_clone.version = None
vuln_clone.prev_version = vuln.version
vuln_clone.state = VulnerabilityState.READY
vuln_clone.creator = g.user
# Reset any previous feedback data.
vuln_clone.reviewer_id = None
vuln_clone.review_feedback = None
db.session.add(vuln_clone)
db.session.commit()
if not vuln_clone.vcdb_id:
# TODO: Improve this hack to assign a new vcdb_id here.
# Currently, we are just piggy backing on the auto increment of the primary key to ensure uniqueness.
# This will likely be prone to race conditions.
vuln_clone.vcdb_id = vuln_clone.id
db.session.add(vuln_clone)
db.session.commit()
flash("Your proposal will be reviewed soon.", "success")
return vuln_clone
def add_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
vuln_clone = vuln.copy()
form.populate_obj(vuln_clone)
vuln_clone.version = None
vuln_clone.prev_version = vuln.version
vuln_clone.state = VulnerabilityState.READY
vuln_clone.creator = g.user
db.session.add(vuln_clone)
db.session.commit()
flash(
"Your proposal will be reviewed soon. You can monitor progress in your Proposals Section.",
"success")
