Skip to content

EPSS scores support #9520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dogboat wants to merge 13 commits into from
Closed

EPSS scores support #9520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
37be21c
sc-4117 Add initial support for EPSS: score, percentile fields on Fin…
dogboat Feb 6, 2024
2b327d0
sc-4117 Rework how epss info is passed to the template, change templa…
dogboat Feb 6, 2024
d103d85
sc-4117 Remove setting of epps to None in finding template helper method
dogboat Feb 6, 2024
7e0a0dd
sc-4117 Reformat EPSS info on finding template
dogboat Feb 6, 2024
44b98c5
sc-4117 Remove square parens from around EPSS percentile
dogboat Feb 6, 2024
cdd9797
sc-4117 Don't clear out stored epss info when saving vuln ids
dogboat Feb 8, 2024
5c5b8ff
sc-4117 Update single Finding view to capitalize "N/A" displayed when…
dogboat Feb 8, 2024
597e89b
sc-4117 Add min/max validation on Finding model for EPSS values
dogboat Feb 8, 2024
f650a64
sc-4117 remove inclusion of epss info on ViewFinding#post
dogboat Feb 8, 2024
08a8989
sc-4117 Update api_v2 serializers for Finding to enforce min/max rang…
dogboat Feb 8, 2024
33c5c30
sc-4117 remove get_epss_data from ViewFinding, just use the Finding c…
dogboat Feb 9, 2024
dcc37ae
sc-4117 remove serializer stuff; handled by underlying model validation
dogboat Feb 9, 2024
785e004
sc-4117 Add EPSS Score/Percentile columns to finding listing page
dogboat Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions dojo/db_migrations/0200_finding_epss_score_percentile_fields.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
# Generated by Django 4.1.13 on 2024-02-05 19:52

import django.core.validators
from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('dojo', '0199_whitesource_to_mend'),
]

operations = [
migrations.AddField(
model_name='finding',
name='epss_percentile',
field=models.FloatField(blank=True, help_text='Percentile for the EPSS score: the proportion of all scored vulnerabilities with the same or a lower EPSS score.', null=True, validators=[django.core.validators.MinValueValidator(0.0), django.core.validators.MaxValueValidator(1.0)], verbose_name='EPSS percentile'),
),
migrations.AddField(
model_name='finding',
name='epss_score',
field=models.FloatField(blank=True, help_text='EPSS score representing the probability [0-1] of exploitation in the wild in the 30 days following score publication.', null=True, validators=[django.core.validators.MinValueValidator(0.0), django.core.validators.MaxValueValidator(1.0)], verbose_name='EPSS value'),
),
migrations.AddIndex(
model_name='finding',
index=models.Index(fields=['epss_score'], name='dojo_findin_epss_sc_e40540_idx'),
),
migrations.AddIndex(
model_name='finding',
index=models.Index(fields=['epss_percentile'], name='dojo_findin_epss_pe_567499_idx'),
),
]
15 changes: 14 additions & 1 deletion dojo/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
from django.contrib.auth.models import Group
from django.db.models.expressions import Case, When
from django.urls import reverse
from django.core.validators import RegexValidator, validate_ipv46_address
from django.core.validators import RegexValidator, validate_ipv46_address, MinValueValidator, MaxValueValidator
from django.core.files.base import ContentFile
from django.core.exceptions import ValidationError
from django.db import models, connection
Expand Down Expand Up @@ -2422,6 +2422,17 @@ class Finding(models.Model):
tags = TagField(blank=True, force_lowercase=True, help_text=_("Add tags that help describe this finding. Choose from the list or add new tags. Press Enter key to add."))
inherited_tags = TagField(blank=True, force_lowercase=True, help_text=_("Internal use tags sepcifically for maintaining parity with product. This field will be present as a subset in the tags field"))

epss_score = models.FloatField(null = True,
blank = True,
verbose_name = _('EPSS value'),
help_text = _("EPSS score representing the probability [0-1] of exploitation in the wild in the 30 days following score publication."),
validators=[MinValueValidator(0.0), MaxValueValidator(1.0)],)
epss_percentile = models.FloatField(null = True,
blank = True,
verbose_name = _('EPSS percentile'),
help_text = _("Percentile for the EPSS score: the proportion of all scored vulnerabilities with the same or a lower EPSS score."),
validators=[MinValueValidator(0.0), MaxValueValidator(1.0)],)

SEVERITIES = {'Info': 4, 'Low': 3, 'Medium': 2,
'High': 1, 'Critical': 0}

Expand Down Expand Up @@ -2458,6 +2469,8 @@ class Meta:
models.Index(fields=['duplicate']),
models.Index(fields=['is_mitigated']),
models.Index(fields=['duplicate_finding', 'id']),
models.Index(fields=['epss_score']),
models.Index(fields=['epss_percentile']),
]

def __init__(self, *args, **kwargs):
Expand Down
22 changes: 22 additions & 0 deletions dojo/templates/dojo/findings_list_snippet.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -322,6 +322,12 @@ <h3 class="has-filters">
<th>
{% trans "Vulnerability Id" %}
</th>
<th>
{% trans "EPSS Score" %}
</th>
<th>
{% trans "EPSS Percentile" %}
</th>
<th class="nowrap">
{% if filter_name == 'Closed' %}
{% comment %} The display field is translated in the function. No need to translate here as well{% endcomment %}
Expand Down Expand Up @@ -593,6 +599,20 @@ <h3 class="has-filters">
{% endif %}
{% endwith %}
</td>
<td class="nowrap">
{% if finding.epss_score is not None %}
{{ finding.epss_score|percentage:1.0 }}
{% else %}
N/A
{% endif %}
</td>
<td class="nowrap">
{% if finding.epss_percentile is not None %}
{{ finding.epss_percentile|percentage:1.0 }}
{% else %}
N/A
{% endif %}
</td>
<td class="nowrap">
{% if filter_name == 'Closed' %}
{{ finding.mitigated|date }}
Expand Down Expand Up @@ -721,6 +741,8 @@ <h3 class="has-filters">
}},
{ "data": "cwe" },
{ "data": "cve" },
{ "data": "epss_score" },
{ "data": "epss_percentile" },
{ "data": "found_date" },
{ "data": "finding_age" },
{% if system_settings.enable_finding_sla %}
Expand Down
14 changes: 14 additions & 0 deletions dojo/templates/dojo/view_finding.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@ <h3 class="pull-left finding-title">
{% endif %}
<th>CWE</th>
<th>Vulnerability Id</th>
<th>EPSS Score / Percentile</th>
<th>Found by</th>
{% if finding.vuln_id_from_tool %}
<th>Vuln ID from tool</th>
Expand Down Expand Up @@ -421,6 +422,19 @@ <h3 class="pull-left finding-title">
{% endif %}
{% endif %}
</td>
<td>
{% if finding.epss_score is not None %}
{{ finding.epss_score|percentage:1.0 }}
{% else %}
N/A
{% endif %}
/
{% if finding.epss_percentile is not None %}
{{ finding.epss_percentile|percentage:1.0 }}
{% else %}
N/A
{% endif %}
</td>
<td>
{% if found_by %}
{% for scanner in found_by %}
Expand Down