Add title and description to Vulnerability models and entities.

Provide a handy method for getting a new db transaction.
CVE record importer uses transactions and sets title/description.
A few small renames of system->graph.

entity/src/vulnerability.rs

@@ -7,6 +7,8 @@ pub struct Model {
     #[sea_orm(primary_key)]
     pub id: i32,
     pub identifier: String,
+    pub title: Option<String>,
+    pub description_en: Option<String>,
 }
 
 #[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]

graph/src/graph/advisory/mod.rs

@@ -130,7 +130,7 @@ impl<'g> AdvisoryContext<'g> {
 
         let entity = entity::advisory_vulnerability::ActiveModel {
             advisory_id: Set(self.advisory.id),
-            vulnerability_id: Set(cve.cve.id),
+            vulnerability_id: Set(cve.vulnerability.id),
         };
 
         Ok((self, entity.insert(&self.graph.connection(tx)).await?).into())

graph/src/graph/mod.rs

@@ -3,7 +3,10 @@ use log::debug;
 use migration::Migrator;
 use postgresql_embedded;
 use postgresql_embedded::PostgreSQL;
-use sea_orm::{ConnectOptions, ConnectionTrait, Database, DatabaseConnection, DbErr, Statement};
+use sea_orm::{
+    ConnectOptions, ConnectionTrait, Database, DatabaseConnection, DatabaseTransaction, DbErr,
+    Statement, TransactionTrait,
+};
 use sea_orm_migration::MigratorTrait;
 use std::fmt::{Debug, Display, Formatter};
 use std::sync::Arc;
@@ -59,6 +62,10 @@ impl Graph {
         Self { db }
     }
 
+    pub async fn transaction(&self) -> Result<DatabaseTransaction, error::Error> {
+        Ok(self.db.begin().await?)
+    }
+
     pub(crate) fn connection<'db>(
         &'db self,
         tx: Transactional<'db>,

graph/src/graph/vulnerability.rs

@@ -3,9 +3,9 @@
 use crate::graph::advisory::AdvisoryContext;
 use crate::graph::error::Error;
 use crate::graph::Graph;
-use sea_orm::ActiveValue::Set;
+use sea_orm::ActiveValue::{Set, Unchanged};
 use sea_orm::{
-    ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, QuerySelect, RelationTrait,
+    ActiveModelTrait, ColumnTrait, EntityTrait, NotSet, QueryFilter, QuerySelect, RelationTrait,
 };
 use sea_query::JoinType;
 use std::fmt::{Debug, Formatter};
@@ -25,6 +25,8 @@ impl Graph {
             let entity = vulnerability::ActiveModel {
                 id: Default::default(),
                 identifier: Set(identifier.to_string()),
+                title: NotSet,
+                description_en: NotSet,
             };
 
             Ok((self, entity.insert(&self.connection(tx)).await?).into())
@@ -46,21 +48,21 @@ impl Graph {
 
 #[derive(Clone)]
 pub struct VulnerabilityContext {
-    pub(crate) system: Graph,
-    pub(crate) cve: vulnerability::Model,
+    pub(crate) graph: Graph,
+    pub(crate) vulnerability: vulnerability::Model,
 }
 
 impl Debug for VulnerabilityContext {
     fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
-        self.cve.fmt(f)
+        self.vulnerability.fmt(f)
     }
 }
 
 impl From<(&Graph, vulnerability::Model)> for VulnerabilityContext {
     fn from((system, cve): (&Graph, Model)) -> Self {
         Self {
-            system: system.clone(),
-            cve,
+            graph: system.clone(),
+            vulnerability: cve,
         }
     }
 }
@@ -72,13 +74,39 @@ impl VulnerabilityContext {
                 JoinType::Join,
                 advisory_vulnerability::Relation::Advisory.def().rev(),
             )
-            .filter(advisory_vulnerability::Column::VulnerabilityId.eq(self.cve.id))
-            .all(&self.system.connection(tx))
+            .filter(advisory_vulnerability::Column::VulnerabilityId.eq(self.vulnerability.id))
+            .all(&self.graph.connection(tx))
             .await?
             .drain(0..)
-            .map(|advisory| (&self.system, advisory).into())
+            .map(|advisory| (&self.graph, advisory).into())
             .collect())
     }
+
+    pub async fn set_title(
+        &self,
+        title: Option<String>,
+        tx: Transactional<'_>,
+    ) -> Result<(), Error> {
+        let mut entity: vulnerability::ActiveModel = self.vulnerability.clone().into();
+        entity.title = Set(title);
+
+        entity.save(&self.graph.connection(tx)).await?;
+
+        Ok(())
+    }
+
+    pub async fn set_description_en(
+        &self,
+        description_en: Option<String>,
+        tx: Transactional<'_>,
+    ) -> Result<(), Error> {
+        let mut entity: vulnerability::ActiveModel = self.vulnerability.clone().into();
+        entity.description_en = Set(description_en);
+
+        entity.save(&self.graph.connection(tx)).await?;
+
+        Ok(())
+    }
 }
 
 #[cfg(test)]
@@ -103,8 +131,8 @@ mod tests {
             .ingest_vulnerability("CVE-456", Transactional::None)
             .await?;
 
-        assert_eq!(cve1.cve.id, cve2.cve.id);
-        assert_ne!(cve1.cve.id, cve3.cve.id);
+        assert_eq!(cve1.vulnerability.id, cve2.vulnerability.id);
+        assert_ne!(cve1.vulnerability.id, cve3.vulnerability.id);
 
         let not_found = system
             .get_vulnerability("CVE-NOT_FOUND", Transactional::None)

ingestors/Cargo.toml

@@ -22,6 +22,7 @@ ring = "0.17.8"
 hex = "0.4.3"
 csaf = "0.5.0"
 sha2 = "0.10.8"
+sea-orm = "*"
 
 [dev-dependencies]
 test-log = { version = "0.2.15", features = ["env_logger", "trace"] }

ingestors/src/cve/cve_record/v5.rs

@@ -63,6 +63,7 @@ pub struct Containers {
 #[derive(Serialize, Deserialize, Debug)]
 #[serde(rename_all = "camelCase")]
 pub struct CnaContainer {
+    pub title: Option<String>,
     pub descriptions: Vec<Description>,
     pub problem_types: Vec<ProblemType>,
 }

ingestors/src/cve/loader.rs

@@ -30,23 +30,43 @@ impl<'g> CveLoader<'g> {
         let mut reader = HashingRead::new(record);
         let cve: CveRecord = serde_json::from_reader(&mut reader)?;
 
-        self.graph
+        let tx = self.graph.transaction().await?;
+
+        let vulnerability = self
+            .graph
             .ingest_vulnerability(cve.cve_metadata.cve_id(), Transactional::None)
             .await?;
 
-        let hashes = reader.hashes();
+        vulnerability
+            .set_title(cve.containers.cna.title.clone(), Transactional::Some(&tx))
+            .await?;
 
+        vulnerability
+            .set_description_en(
+                cve.containers
+                    .cna
+                    .descriptions
+                    .iter()
+                    .find(|e| e.lang == "en")
+                    .map(|en| en.value.clone()),
+                Transactional::Some(&tx),
+            )
+            .await?;
+
+        let hashes = reader.hashes();
         let sha256 = hex::encode(hashes.sha256.as_ref());
 
         self.graph
             .ingest_advisory(
                 cve.cve_metadata.cve_id(),
                 location,
                 sha256,
-                Transactional::None,
+                Transactional::Some(&tx),
             )
             .await?;
 
+        tx.commit().await?;
+
         Ok(())
     }
 }

ingestors/src/lib.rs

@@ -1,13 +1,18 @@
 pub mod advisory;
 pub mod cve;
+
 pub mod hashing;
 
+use sea_orm::error::DbErr;
+
 #[derive(Debug, thiserror::Error)]
 pub enum Error {
     #[error(transparent)]
     Json(serde_json::Error),
     #[error(transparent)]
     Graph(trustify_graph::graph::error::Error),
+    #[error(transparent)]
+    Db(DbErr),
 }
 
 impl From<serde_json::Error> for Error {
@@ -21,3 +26,9 @@ impl From<trustify_graph::graph::error::Error> for Error {
         Self::Graph(value)
     }
 }
+
+impl From<DbErr> for Error {
+    fn from(value: DbErr) -> Self {
+        Self::Db(value)
+    }
+}

migration/src/m0000011_create_vulnerability.rs

@@ -31,6 +31,8 @@ impl MigrationTrait for Migration {
                             .string()
                             .not_null(),
                     )
+                    .col(ColumnDef::new(Vulnerability::Title).string())
+                    .col(ColumnDef::new(Vulnerability::DescriptionEn).string())
                     .to_owned(),
             )
             .await
@@ -50,4 +52,6 @@ pub enum Vulnerability {
     Timestamp,
     // --
     Identifier,
+    Title,
+    DescriptionEn,
 }