class Meta(BaseModel):
__tablename__ = "metas"
name = db.Column(db.String(), nullable=False)
value = db.Column(db.String(), nullable=False)
def __repr__(self):
return "<Meta {}>".format(self.name)
class Cwe(BaseModel):
__tablename__ = "cwes"
cwe_id = db.Column(db.String(), nullable=False, index=True)
name = db.Column(db.String())
description = db.Column(db.String())
def __repr__(self):
return "<Cwe {}>".format(self.cwe_id)
class Cve(BaseModel):
__tablename__ = "cves"
# CVE are sorted by last modified date, we need to index it.
updated_at = db.Column(
db.DateTime(timezone=True),
default=db.func.now(),
onupdate=db.func.now(),
nullable=False,
index=True,
)
cve_id = db.Column(db.String(), nullable=False, index=True)
json = db.Column(JSONB)
# We used initially secondary relationships to fetch the list of
# associated vendors, products and cwes. But it was complicated
# to maintain, and the performance were poor. So we now use the
# JSONB data type associated to the GIN index type.
vendors = db.Column(JSONB)
cwes = db.Column(JSONB)
# Keep the summary separated when searching keywords
summary = db.Column(db.String(), nullable=False)
# Keep CVSS separated when searching a particupal score
cvss2 = db.Column(db.Float())
cvss3 = db.Column(db.Float())
# Relationships
events = db.relationship("Event", back_populates="cve")
changes = db.relationship("Change", back_populates="cve")
alerts = db.relationship("Alert", back_populates="cve")
# Index
__table_args__ = (
db.Index("cves_vendors_gin_idx", vendors, postgresql_using="gin"),
db.Index("cves_cwes_gin_idx", cwes, postgresql_using="gin"),
)
def __repr__(self):
return "<Cve {}>".format(self.cve_id)
@property
def cvss_weight(self):
"""Only used to sort several CVE by their CVSS"""
w = 0
if self.cvss2:
w += self.cvss2
if self.cvss3:
w += self.cvss3
return w
class Cwe(BaseModel):
__tablename__ = "cwes"
cwe_id = db.Column(db.String(), nullable=False, index=True)
name = db.Column(db.String())
description = db.Column(db.String())
@property
def short_id(self):
if not self.cwe_id.startswith("CWE-"):
return None
return self.cwe_id.split("CWE-")[1]
def __repr__(self):
return "<Cwe {}>".format(self.cwe_id)
class UserTag(BaseModel):
__tablename__ = "users_tags"
name = db.Column(db.String(), nullable=False)
description = db.Column(db.String())
color = db.Column(db.String(), nullable=False)
# Relationships
user_id = db.Column(UUIDType(binary=False),
db.ForeignKey("users.id"),
nullable=False)
user = db.relationship("User", back_populates="tags")
__table_args__ = (UniqueConstraint("name",
"user_id",
name="ix_userstags_name_userid"), )
def __repr__(self):
return "<UserTag {}>".format(self.id)
class Vendor(BaseModel):
__tablename__ = "vendors"
name = db.Column(db.String(), nullable=False, unique=True)
# Relationships
products = db.relationship("Product", back_populates="vendor")
users = db.relationship("User", secondary=users_vendors)
def __repr__(self):
return "<Vendor {}>".format(self.name)
class Product(BaseModel):
__tablename__ = "products"
name = db.Column(db.String(), nullable=False, index=True)
# Relationships
vendor_id = db.Column(UUIDType(binary=False), db.ForeignKey("vendors.id"))
vendor = db.relationship("Vendor", back_populates="products")
users = db.relationship("User", secondary=users_products)
def __repr__(self):
return "<Product {}>".format(self.name)
class Report(BaseModel):
__tablename__ = "reports"
public_link = db.Column(db.String(), default=generate_public_link)
seen = db.Column(db.Boolean(), default=False)
details = db.Column(JSONType)
user_id = db.Column(UUIDType(binary=False), db.ForeignKey("users.id"))
user = db.relationship("User", back_populates="reports")
alerts = db.relationship("Alert", back_populates="report")
def __repr__(self):
return "<Report {}>".format(self.id)
class User(BaseModel, UserMixin):
__tablename__ = "users"
__hash__ = UserMixin.__hash__
# User authentication information
username = db.Column(db.String(50), nullable=False, unique=True)
password = db.Column(db.String(255), nullable=False, server_default="")
reset_password_token = db.Column(db.String(100),
nullable=False,
server_default="")
# User email information
email = db.Column(db.String(255), nullable=False, unique=True)
email_confirmed_at = db.Column(db.DateTime(timezone=True))
# Notification parameters
enable_notifications = db.Column(db.Boolean(),
nullable=False,
server_default=expression.true())
filters_notifications = db.Column(JSONType, default=get_default_filters)
settings = db.Column(JSONType,
default=get_default_settings,
nullable=False)
frequency_notifications = db.Column(ChoiceType(FREQUENCIES_TYPES),
default="always")
# User information
active = db.Column("is_active",
db.Boolean(),
nullable=False,
server_default=expression.false())
first_name = db.Column(db.String(100), nullable=False, server_default="")
last_name = db.Column(db.String(100), nullable=False, server_default="")
admin = db.Column(db.Boolean,
unique=False,
server_default=expression.false())
# Relationships
vendors = db.relationship("Vendor", secondary=users_vendors)
products = db.relationship("Product", secondary=users_products)
alerts = db.relationship("Alert", back_populates="user")
reports = db.relationship("Report", back_populates="user")
tags = db.relationship("UserTag", back_populates="user")
cve_tags = db.relationship("CveTag", back_populates="user")
@property
def is_confirmed(self):
return bool(self.email_confirmed_at)
def __repr__(self):
return "<User {}>".format(self.username)
def __eq__(self, user):
return self.id == user.id if user else False
def set_password(self, password):
self.password = app.user_manager.hash_password(password)
class User(BaseModel, UserMixin):
__tablename__ = "users"
# User authentication information
username = db.Column(db.String(50), nullable=False, unique=True)
password = db.Column(db.String(255), nullable=False, server_default="")
reset_password_token = db.Column(db.String(100),
nullable=False,
server_default="")
# User email information
email = db.Column(db.String(255), nullable=False, unique=True)
email_confirmed_at = db.Column(db.DateTime(timezone=True))
# Notification parameters
enable_notifications = db.Column(db.Boolean(),
nullable=False,
server_default=expression.true())
filters_notifications = db.Column(JSONType, default=get_default_filters)
frequency_notifications = db.Column(ChoiceType(FREQUENCIES_TYPES),
default="always")
# User information
active = db.Column("is_active",
db.Boolean(),
nullable=False,
server_default=expression.false())
first_name = db.Column(db.String(100), nullable=False, server_default="")
last_name = db.Column(db.String(100), nullable=False, server_default="")
admin = db.Column(db.Boolean,
unique=False,
server_default=expression.false())
# Relationships
vendors = db.relationship("Vendor", secondary=users_vendors)
products = db.relationship("Product", secondary=users_products)
alerts = db.relationship("Alert", back_populates="user")
reports = db.relationship("Report", back_populates="user")
def __repr__(self):
return "<User {}>".format(self.username)