rename exception->security_exception

backend/core/migrations/0052_securityexception_appliedcontrol_security_exceptions_and_more.py

@@ -0,0 +1,65 @@
+# Generated by Django 5.1.4 on 2025-02-08 17:25
+
+import django.db.models.deletion
+import iam.models
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0051_rename_project_perimeter_alter_perimeter_options_and_more'),
+        ('iam', '0010_user_preferences'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='SecurityException',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='Created at')),
+                ('updated_at', models.DateTimeField(auto_now=True, verbose_name='Updated at')),
+                ('is_published', models.BooleanField(default=False, verbose_name='published')),
+                ('name', models.CharField(max_length=200, verbose_name='Name')),
+                ('description', models.TextField(blank=True, null=True, verbose_name='Description')),
+                ('ref_id', models.CharField(blank=True, max_length=100, null=True, verbose_name='Reference ID')),
+                ('severity', models.SmallIntegerField(choices=[(-1, 'undefined'), (0, 'low'), (1, 'medium'), (2, 'high'), (3, 'critical')], default=-1, verbose_name='Severity')),
+                ('status', models.CharField(choices=[('draft', 'draft'), ('in review', 'in review'), ('approved', 'approved'), ('resolved', 'resolved'), ('expired', 'expired'), ('deprecated', 'deprecated')], default='draft', max_length=10, verbose_name='Status')),
+                ('expiration_date', models.DateField(help_text='Specify when the security exception will no longer apply', null=True, verbose_name='Expiration date')),
+                ('folder', models.ForeignKey(default=iam.models.Folder.get_root_folder_id, on_delete=django.db.models.deletion.CASCADE, related_name='%(class)s_folder', to='iam.folder')),
+                ('owners', models.ManyToManyField(blank=True, related_name='security_exceptions', to=settings.AUTH_USER_MODEL, verbose_name='Owner')),
+            ],
+            options={
+                'ordering': ['name'],
+                'abstract': False,
+            },
+        ),
+        migrations.AddField(
+            model_name='appliedcontrol',
+            name='security_exceptions',
+            field=models.ManyToManyField(blank=True, related_name='applied_controls', to='core.securityexception', verbose_name='Security exceptions'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='security_exceptions',
+            field=models.ManyToManyField(blank=True, related_name='assets', to='core.securityexception', verbose_name='Security exceptions'),
+        ),
+        migrations.AddField(
+            model_name='requirementassessment',
+            name='security_exceptions',
+            field=models.ManyToManyField(blank=True, related_name='requirement_assessments', to='core.securityexception', verbose_name='Security exceptions'),
+        ),
+        migrations.AddField(
+            model_name='riskscenario',
+            name='security_exceptions',
+            field=models.ManyToManyField(blank=True, related_name='risk_scenarios', to='core.securityexception', verbose_name='Security exceptions'),
+        ),
+        migrations.AddField(
+            model_name='vulnerability',
+            name='security_exceptions',
+            field=models.ManyToManyField(blank=True, related_name='vulnerabilities', to='core.securityexception', verbose_name='Security exceptions'),
+        ),
+    ]

backend/core/models.py

@@ -1393,7 +1393,7 @@ def __str__(self):
         return self.folder.name + "/" + self.name
 
 
-class Exception(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
+class SecurityException(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
     class Severity(models.IntegerChoices):
         UNDEFINED = -1, "undefined"
         LOW = 0, "low"
@@ -1402,10 +1402,11 @@ class Severity(models.IntegerChoices):
         CRITICAL = 3, "critical"
 
     class Status(models.TextChoices):
-        UNDEFINED = "undefined", "undefined"
-        ACTIVE = "active", "active"
-        MITIGATED = "mitigated", "mitigated"
+        DRAFT = "draft", "draft"
+        IN_REVIEW = "in review", "in review"
+        APPROVED = "approved", "approved"
         RESOLVED = "resolved", "resolved"
+        EXPIRED = "expired", "expired"
         DEPRECATED = "deprecated", "deprecated"
 
     ref_id = models.CharField(
@@ -1417,19 +1418,20 @@ class Status(models.TextChoices):
     status = models.CharField(
         verbose_name="Status",
         choices=Status.choices,
-        default=Status.UNDEFINED,
+        null=False,
+        default=Status.DRAFT,
         max_length=10,
     )
     expiration_date = models.DateField(
-        help_text="Specify when the exception will no longer apply",
+        help_text="Specify when the security exception will no longer apply",
         null=True,
         verbose_name="Expiration date",
     )
     owners = models.ManyToManyField(
         User,
         blank=True,
         verbose_name="Owner",
-        related_name="exceptions",
+        related_name="security_exceptions",
     )
 
     fields_to_check = ["name"]
@@ -1561,10 +1563,10 @@ class Type(models.TextChoices):
         verbose_name=_("Owner"),
         related_name="assets",
     )
-    exceptions = models.ManyToManyField(
-        Exception,
+    security_exceptions = models.ManyToManyField(
+        SecurityException,
         blank=True,
-        verbose_name="Exceptions",
+        verbose_name="Security exceptions",
         related_name="assets",
     )
 
@@ -1912,10 +1914,10 @@ class Status(models.TextChoices):
             MaxValueValidator(100, message="Progress cannot be more than 100"),
         ],
     )
-    exceptions = models.ManyToManyField(
-        Exception,
+    security_exceptions = models.ManyToManyField(
+        SecurityException,
         blank=True,
-        verbose_name="Exceptions",
+        verbose_name="Security exceptions",
         related_name="applied_controls",
     )
 
@@ -2063,10 +2065,10 @@ class Status(models.TextChoices):
         verbose_name=_("Applied controls"),
         related_name="vulnerabilities",
     )
-    exceptions = models.ManyToManyField(
-        Exception,
+    security_exceptions = models.ManyToManyField(
+        SecurityException,
         blank=True,
-        verbose_name="Exceptions",
+        verbose_name="Security exceptions",
         related_name="vulnerabilities",
     )
 
@@ -2653,10 +2655,10 @@ class RiskScenario(NameDescriptionMixin):
     justification = models.CharField(
         max_length=500, blank=True, null=True, verbose_name=_("Justification")
     )
-    exceptions = models.ManyToManyField(
-        Exception,
+    security_exceptions = models.ManyToManyField(
+        SecurityException,
         blank=True,
-        verbose_name="Exceptions",
+        verbose_name="Security exceptions",
         related_name="risk_scenarios",
     )
 
@@ -3435,10 +3437,10 @@ class Result(models.TextChoices):
         null=True,
         verbose_name=_("Answer"),
     )
-    exceptions = models.ManyToManyField(
-        Exception,
+    security_exceptions = models.ManyToManyField(
+        SecurityException,
         blank=True,
-        verbose_name="Exceptions",
+        verbose_name="Security exceptions",
         related_name="requirement_assessments",
     )