Create model for DiscoveredDependency #447

Signed-off-by: Jono Yang <[email protected]>

Author: JonoYang

scanpipe/migrations/0017_discovereddependency.py

@@ -0,0 +1,36 @@
+# Generated by Django 4.0.5 on 2022-06-14 19:26
+
+from django.db import migrations, models
+import django.db.models.deletion
+import scanpipe.models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('scanpipe', '0016_discoveredpackage_package_uid'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='DiscoveredDependency',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('purl', models.CharField(help_text='The Package URL of this dependency.', max_length=1024)),
+                ('extracted_requirement', models.CharField(help_text='The version requirements of this dependency.', max_length=32)),
+                ('scope', models.CharField(help_text='The scope of this dependency, how it is used in a project.', max_length=32)),
+                ('is_runtime', models.BooleanField(default=False)),
+                ('is_optional', models.BooleanField(default=False)),
+                ('is_resolved', models.BooleanField(default=False)),
+                ('dependency_uid', models.CharField(help_text='The unique identifier of this dependency.', max_length=1024)),
+                ('for_package_uid', models.CharField(help_text='The unique identifier of the package this dependency is for.', max_length=1024)),
+                ('datafile_path', models.CharField(blank=True, help_text='The relative path to the datafile where this dependency was detected from.', max_length=1024)),
+                ('datasource_id', models.CharField(help_text='The identifier for the datafile handler used to obtain this dependency.', max_length=64)),
+                ('project', models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)ss', to='scanpipe.project')),
+            ],
+            options={
+                'abstract': False,
+            },
+            bases=(models.Model, scanpipe.models.SaveProjectErrorMixin),
+        ),
+    ]

scanpipe/models.py

@@ -1837,6 +1837,103 @@ def update_from_data(self, package_data):
         return updated_fields
 
 
+class DiscoveredDependency(
+    ProjectRelatedModel,
+    SaveProjectErrorMixin,
+):
+    """
+    A project's Discovered Dependencies are records of the dependencies used by
+    system and application packages discovered in the code under analysis.
+    """
+    purl = models.CharField(
+        max_length=1024,
+        help_text=_(
+            "The Package URL of this dependency."
+        ),
+    )
+    extracted_requirement = models.CharField(
+        max_length=32,
+        help_text=_(
+            "The version requirements of this dependency."
+        ),
+    )
+    scope = models.CharField(
+        max_length=32,
+        help_text=_(
+            "The scope of this dependency, how it is used in a project."
+        ),
+    )
+
+    is_runtime = models.BooleanField(default=False)
+    is_optional = models.BooleanField(default=False)
+    is_resolved = models.BooleanField(default=False)
+
+    dependency_uid = models.CharField(
+        max_length=1024,
+        help_text=_(
+            "The unique identifier of this dependency."
+        ),
+    )
+    for_package_uid = models.CharField(
+        max_length=1024,
+        help_text=_(
+            "The unique identifier of the package this dependency is for."
+        ),
+    )
+    datafile_path = models.CharField(
+        max_length=1024,
+        blank=True,
+        help_text=_(
+            "The relative path to the datafile where this dependency was detected from."
+        ),
+    )
+    datasource_id = models.CharField(
+        max_length=64,
+        help_text=_(
+            "The identifier for the datafile handler used to obtain this dependency."
+        )
+    )
+
+    @classmethod
+    def create_from_data(cls, project, dependency_data):
+        """
+        Creates and returns a DiscoveredPackage for a `project` from the `dependency_data`.
+        """
+        if "resolved_package" in dependency_data:
+            dependency_data.pop("resolved_package")
+        discovered_dependency = cls(project=project, **dependency_data)
+        discovered_dependency.save()
+        return discovered_dependency
+
+    def update_from_data(self, dependency_data):
+        """
+        Update this discovered dependency instance with the provided `dependency_data`.
+        The `save()` is called only if at least one field was modified.
+        """
+        model_fields = DiscoveredPackage.model_fields()
+        updated_fields = []
+
+        for field_name, value in dependency_data.items():
+            skip_reasons = [
+                not value,
+                field_name not in model_fields,
+            ]
+            if any(skip_reasons):
+                continue
+
+            current_value = getattr(self, field_name, None)
+            if not current_value:
+                setattr(self, field_name, value)
+                updated_fields.append(field_name)
+            elif current_value != value:
+                pass  # TODO: handle this case
+
+        if updated_fields:
+            self.save()
+
+        return updated_fields
+
+
 class WebhookSubscription(UUIDPKModel, ProjectRelatedModel):
     target_url = models.URLField(_("Target URL"), max_length=1024)
     sent = models.BooleanField(default=False)