feat(vulnerability): add status field + carry-over across re-scans#1240
feat(vulnerability): add status field + carry-over across re-scans#1240ocervell wants to merge 1 commit into
Conversation
Add a `status` field to the Vulnerability output type (NEW / ACKNOWLEDGED / FIXED, default NEW), marked compare=False so dedup identity (name/id/matched_at) is unchanged. Normalize/validate in __post_init__ (coerce empty/None/unknown to NEW, uppercase) and display it via _table_fields. Carry status across re-scans: add `status` to the duplicate_main_copy_fields defaults of MongodbAddon and SqliteAddon, and in compute_duplicate_updates treat a status of ''/None/'NEW' as unset (per-field sentinel) so a prior ACKNOWLEDGED/FIXED carries forward onto a re-found main whose status is still the default NEW, while never-touched vulns stay NEW. Other fields keep the generic `not value` emptiness check. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01P5vSjfkBuGAAHdKxHS3ySm
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (6)
WalkthroughAdds a ChangesVulnerability Status and Dedup Carry-Forward
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary
Adds a
statusfield to theVulnerabilityfinding type (NEW|ACKNOWLEDGED|FIXED, defaultNEW) and makes it carry over across re-scans. This is the secator core layer (§1) of the Vulnerability status feature.Repo 1/3 of Vulnerability status (secator → secator-api → secator-ui).
The field (
output_types/vulnerability.py)status: str = field(default='NEW', compare=False)—compare=Falseso it does not affect dedup equality; identity staysname/id/matched_at.__post_init__normalizes/validates: empty /None/ unknown →'NEW', uppercased; allowed set isNEW/ACKNOWLEDGED/FIXED(Vulnerability.STATUSES).STATUSto_table_fieldsso it renders; addedSTATUS = 'status'todefinitions.py.Carry-over behavior
'status'toduplicate_main_copy_fieldsdefaults of bothMongodbAddonandSqliteAddon(config.py).hooks/_dedup.py(compute_duplicate_updates): introduced a small_is_unset(field, value)helper. Forstatusit treats''/None/'NEW'as unset; all other fields keep the genericnot valueemptiness check. Applied to both the previous-value guard and the current-value copy condition, so a priorACKNOWLEDGED/FIXEDis copied forward onto a re-found main whose status is still the defaultNEW, while a never-touched vuln staysNEW.Tests
tests/unit/test_output_types.py(TestVulnerabilityStatus): defaultNEW; empty/None/unknown coerce toNEW; valid values preserved + uppercased + trimmed; status does not affect equality or_compare_key().tests/unit/test_dedup.py(TestComputeDuplicateUpdates): priorACKNOWLEDGEDcopies onto a newNEWmain; a newFIXEDmain is not overwritten; a priorNEWis not carried; non-status fields keepnot valuesemantics.All 59 relevant unit tests pass;
flake8 secator/is clean (matches CIsecator test lint). Pre-existingtest_config.pyfailures are an unrelated env-fixture issue (SECATOR_DIRS_DATA), present onorigin/mainwithout these changes.🤖 Generated with Claude Code
https://claude.ai/code/session_01P5vSjfkBuGAAHdKxHS3ySm
Summary by CodeRabbit
New Features
NEW,ACKNOWLEDGED, andFIXED.Bug Fixes
Recreates #1209 (merged in 0d7bf7d, then reverted by #1234). Same changes, re-applied on top of current main.