Add TODO model for Advisory

Signed-off-by: Keshav Priyadarshi <git@keshav.space>

Author: keshav-space

vulnerabilities/migrations/0088_advisorytodo.py

@@ -0,0 +1,89 @@
+# Generated by Django 4.2.17 on 2025-01-16 10:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0087_update_alpine_advisory_created_by"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="AdvisoryTODO",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "issue_type",
+                    models.CharField(
+                        choices=[
+                            ("MISSING_AFFECTED_PACKAGE", "Advisory is missing affected package"),
+                            ("MISSING_FIXED_BY_PACKAGE", "Advisory is missing fixed-by package"),
+                            (
+                                "MISSING_AFFECTED_AND_FIXED_BY_PACKAGES",
+                                "Advisory is missing both affected and fixed-by packages",
+                            ),
+                            ("MISSING_SUMMARY", "Advisory is missing summary"),
+                            (
+                                "CONFLICTING_FIXED_BY_PACKAGES",
+                                "Advisories have conflicting fixed-by packages",
+                            ),
+                            (
+                                "CONFLICTING_AFFECTED_PACKAGES",
+                                "Advisories have conflicting affected packages",
+                            ),
+                            (
+                                "CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES",
+                                "Advisories have conflicting affected and fixed-by packages",
+                            ),
+                            (
+                                "CONFLICTING_SEVERITY_SCORES",
+                                "Advisories have conflicting severity scores",
+                            ),
+                        ],
+                        db_index=True,
+                        help_text="Select the issue that needs to be addressed from the available options.",
+                        max_length=50,
+                    ),
+                ),
+                ("issue_detail", models.TextField(help_text="Additional details about the issue.")),
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        auto_now_add=True,
+                        help_text="Timestamp indicating when this TODO was created.",
+                    ),
+                ),
+                (
+                    "is_resolved",
+                    models.BooleanField(
+                        db_index=True, default=False, help_text="This TODO is resolved or not."
+                    ),
+                ),
+                (
+                    "resolved_at",
+                    models.DateTimeField(
+                        help_text="Timestamp indicating when this TODO was resolved."
+                    ),
+                ),
+                (
+                    "resolution_detail",
+                    models.TextField(help_text="Additional detail on how this TODO was resolved."),
+                ),
+                (
+                    "advisories",
+                    models.ManyToManyField(
+                        help_text="Advisory/ies where this TODO is applicable.",
+                        related_name="advisory_todos",
+                        to="vulnerabilities.advisory",
+                    ),
+                ),
+            ],
+        ),
+    ]

vulnerabilities/models.py

@@ -2258,3 +2258,58 @@ def create_new_job(self, execute_now=False):
             schedules.clear_job(self.schedule_work_id)
 
         return schedules.schedule_execution(self, execute_now) if self.is_active else None
+class AdvisoryTODO(models.Model):
+    """Track the TODOs for advisory/ies that need to be addressed."""
+
+    ISSUE_TYPE_CHOICES = [
+        ("MISSING_AFFECTED_PACKAGE", "Advisory is missing affected package"),
+        ("MISSING_FIXED_BY_PACKAGE", "Advisory is missing fixed-by package"),
+        (
+            "MISSING_AFFECTED_AND_FIXED_BY_PACKAGES",
+            "Advisory is missing both affected and fixed-by packages",
+        ),
+        ("MISSING_SUMMARY", "Advisory is missing summary"),
+        ("CONFLICTING_FIXED_BY_PACKAGES", "Advisories have conflicting fixed-by packages"),
+        ("CONFLICTING_AFFECTED_PACKAGES", "Advisories have conflicting affected packages"),
+        (
+            "CONFLICTING_AFFECTED_AND_FIXED_BY_PACKAGES",
+            "Advisories have conflicting affected and fixed-by packages",
+        ),
+        ("CONFLICTING_SEVERITY_SCORES", "Advisories have conflicting severity scores"),
+    ]
+
+    issue_type = models.CharField(
+        max_length=50,
+        choices=ISSUE_TYPE_CHOICES,
+        blank=False,
+        null=False,
+        db_index=True,
+        help_text="Select the issue that needs to be addressed from the available options.",
+    )
+    issue_detail = models.TextField(
+        help_text="Additional details about the issue.",
+    )
+    advisories = models.ManyToManyField(
+        Advisory,
+        related_name="advisory_todos",
+        help_text="Advisory/ies where this TODO is applicable.",
+    )
+
+    created_at = models.DateTimeField(
+        auto_now_add=True,
+        help_text="Timestamp indicating when this TODO was created.",
+    )
+
+    is_resolved = models.BooleanField(
+        default=False,
+        db_index=True,
+        help_text="This TODO is resolved or not.",
+    )
+
+    resolved_at = models.DateTimeField(
+        help_text="Timestamp indicating when this TODO was resolved.",
+    )
+
+    resolution_detail = models.TextField(
+        help_text="Additional detail on how this TODO was resolved.",
+    )