Revert "Revert "add vulnerabilitystatus to blocklist (bug 778365)""

This reverts commit 1880c104b8.
2012-09-02 10:05:02 -07:00 · 2012-09-02 10:05:02 -07:00 · 890505f3fc
--- a/apps/blocklist/admin.py
+++ b/apps/blocklist/admin.py
@ -1,8 +1,13 @@
 from django.contrib import admin

+from . import forms
 from . import models


+class PluginAdmin(admin.ModelAdmin):
+    form = forms.BlocklistPluginForm
+
+
 ms = models.BlocklistItem, models.BlocklistPlugin, models.BlocklistGfx
 inlines = [type(cls.__name__ + 'Inline', (admin.StackedInline,),
                {'model': cls})
@ -12,9 +17,10 @@ inlines = [type(cls.__name__ + 'Inline', (admin.StackedInline,),
 class DetailAdmin(admin.ModelAdmin):
    inlines = inlines

+
 admin.site.register(models.BlocklistApp)
 admin.site.register(models.BlocklistCA)
 admin.site.register(models.BlocklistItem)
-admin.site.register(models.BlocklistPlugin)
+admin.site.register(models.BlocklistPlugin, PluginAdmin)
 admin.site.register(models.BlocklistGfx)
 admin.site.register(models.BlocklistDetail, DetailAdmin)
--- a/apps/blocklist/forms.py
+++ b/apps/blocklist/forms.py
@ -0,0 +1,18 @@
+from django import forms
+
+from .models import BlocklistPlugin
+
+
+class BlocklistPluginForm(forms.ModelForm):
+    class Meta:
+        model = BlocklistPlugin
+
+    def clean(self):
+        severity = self.cleaned_data.get('severity')
+        vulnerability = self.cleaned_data.get('vulnerability_status')
+
+        if severity and vulnerability:
+            raise forms.ValidationError(
+                'Vulnerability status must be blank if Severity is non zero')
+
+        return self.cleaned_data
--- a/apps/blocklist/models.py
+++ b/apps/blocklist/models.py
@ -91,6 +91,10 @@ class BlocklistPlugin(BlocklistBase, amo.models.ModelBase):
    description = models.CharField(max_length=255, blank=True, null=True)
    filename = models.CharField(max_length=255, blank=True, null=True)
    severity = models.SmallIntegerField(blank=True, null=True)
+    vulnerability_status = models.SmallIntegerField(blank=True, null=True,
+                                                    choices=
+                                                    ((1, 'update available'),
+                                                     (2, 'update unavailable')))
    details = models.OneToOneField(BlocklistDetail, null=True)

    class Meta(amo.models.ModelBase.Meta):
@ -100,6 +104,16 @@ class BlocklistPlugin(BlocklistBase, amo.models.ModelBase):
        return '%s: %s - %s' % (self.name or self.guid or self.filename,
                                    self.min, self.max)

+    @property
+    def get_vulnerability_status(self):
+        """Returns vulnerability status per bug 778365
+
+        Returns None when criteria aren't met so jinja2 excludes it from when
+        using the attrs filter.
+        """
+        if self.severity == 0 and self.vulnerability_status in (1,2):
+            return self.vulnerability_status
+
    def flush_urls(self):
        return ['/blocklist*']  # no lang/app

--- a/apps/blocklist/templates/blocklist/blocklist.xml
+++ b/apps/blocklist/templates/blocklist/blocklist.xml
@ -30,9 +30,9 @@
      {% if plugin.name %}<match name="name" exp="{{ plugin.name }}" />{% endif %}
      {% if plugin.description %}<match name="description" exp="{{ plugin.description }}" />{% endif %}
      {% if plugin.filename %}<match name="filename" exp="{{ plugin.filename }}" />{% endif %}
-      {% if plugin.severity or plugin.min or plugin.max %}
+      {% if plugin.severity or plugin.min or plugin.max or plugin.get_vulnerability_status %}
        {% if plugin.guid %}
-        <versionRange {{ attrs(severity=plugin.severity) }}>
+        <versionRange {{ attrs(severity=plugin.severity, vulnerabilitystatus=plugin.get_vulnerability_status) }}>
          {% if apiver > 2 and plugin.min and plugin.max %}
            <targetApplication id="{{ plugin.guid }}">
              <versionRange {{ attrs(minVersion=plugin.min, maxVersion=plugin.max) }} />
@ -40,9 +40,11 @@
          {% endif %}
        </versionRange>
        {% elif apiver > 2 and plugin.min and plugin.max %}
-        <versionRange {{ attrs(severity=plugin.severity, minVersion=plugin.min, maxVersion=plugin.max) }}></versionRange>
+        <versionRange {{ attrs(severity=plugin.severity, minVersion=plugin.min, maxVersion=plugin.max, vulnerabilitystatus=plugin.get_vulnerability_status) }}></versionRange>
        {% elif plugin.severity and not (plugin.min or plugin.max) %}
        <versionRange {{ attrs(severity=plugin.severity) }}></versionRange>
+        {% elif plugin.vulnerability_status %}
+        <versionRange {{ attrs(severity=plugin.severity, vulnerabilitystatus=plugin.get_vulnerability_status) }}></versionRange>
        {% endif %}
      {% elif plugin.severity == 0 %}
        <versionRange {{ attrs(severity=plugin.severity) }}></versionRange>
--- a/apps/blocklist/tests.py
+++ b/apps/blocklist/tests.py
@ -328,6 +328,21 @@ class BlocklistPluginTest(BlocklistTest):
        self.plugin.update(guid=amo.FIREFOX.guid, severity=1, min='1', max='2')
        vr = self.dom().getElementsByTagName('versionRange')[0]
        eq_(vr.getAttribute('severity'), '1')
+        assert not vr.getAttribute('vulnerabilitystatus')
+
+        app = vr.getElementsByTagName('targetApplication')[0]
+        eq_(app.getAttribute('id'), amo.FIREFOX.guid)
+
+        vr = app.getElementsByTagName('versionRange')[0]
+        eq_(vr.getAttribute('minVersion'), '1')
+        eq_(vr.getAttribute('maxVersion'), '2')
+
+    def test_plugin_with_target_app_with_vulnerability(self):
+        self.plugin.update(guid=amo.FIREFOX.guid, severity=0, min='1', max='2',
+                           vulnerability_status=2)
+        vr = self.dom().getElementsByTagName('versionRange')[0]
+        eq_(vr.getAttribute('severity'), '0')
+        eq_(vr.getAttribute('vulnerabilitystatus'), '2')

        app = vr.getElementsByTagName('targetApplication')[0]
        eq_(app.getAttribute('id'), amo.FIREFOX.guid)
@ -340,12 +355,30 @@ class BlocklistPluginTest(BlocklistTest):
        self.plugin.update(guid=None, severity=1)
        vr = self.dom().getElementsByTagName('versionRange')[0]
        eq_(vr.getAttribute('severity'), '1')
+        assert not vr.getAttribute('vulnerabilitystatus')
        eq_(vr.getAttribute('minVersion'), '')
        eq_(vr.getAttribute('maxVersion'), '')

        eq_(vr.getElementsByTagName('targetApplication'), [],
            'There should not be a <targetApplication> if there was no app')

+    def test_plugin_without_severity_and_with_vulnerability(self):
+        self.plugin.update(guid=None, severity=0, vulnerability_status=1)
+        vr = self.dom().getElementsByTagName('versionRange')[0]
+        eq_(vr.getAttribute('severity'), '0')
+        eq_(vr.getAttribute('vulnerabilitystatus'), '1')
+        eq_(vr.getAttribute('minVersion'), '')
+        eq_(vr.getAttribute('maxVersion'), '')
+
+    def test_plugin_without_severity_and_with_vulnerability_and_minmax(self):
+        self.plugin.update(guid=None, severity=0, vulnerability_status=1,
+                           min='2.0', max='3.0')
+        vr = self.dom().getElementsByTagName('versionRange')[0]
+        eq_(vr.getAttribute('severity'), '0')
+        eq_(vr.getAttribute('vulnerabilitystatus'), '1')
+        eq_(vr.getAttribute('minVersion'), '2.0')
+        eq_(vr.getAttribute('maxVersion'), '3.0')
+
    def test_plugin_apiver_lt_3(self):
        self.plugin.update(severity='2')
        # No min & max so the app matches.
--- a/migrations/463-add-vulnerability-status-to-blocklist.sql
+++ b/migrations/463-add-vulnerability-status-to-blocklist.sql
@ -0,0 +1 @@
+alter table blplugins add column vulnerability_status tinyint(1) unsigned default null;
				`@ -0,0 +1 @@`
				`alter table blplugins add column vulnerability_status tinyint(1) unsigned default null;`