feat: add the "reserved" field for vulnerabilities

Closes #964

Author: ctron

entity/src/advisory_vulnerability.rs

@@ -13,6 +13,7 @@ pub struct Model {
     pub title: Option<String>,
     pub summary: Option<String>,
     pub description: Option<String>,
+    pub reserved_date: Option<OffsetDateTime>,
     pub discovery_date: Option<OffsetDateTime>,
     pub release_date: Option<OffsetDateTime>,
     pub cwes: Option<Vec<String>>,

entity/src/vulnerability.rs

@@ -10,6 +10,7 @@ pub struct Model {
     #[sea_orm(primary_key)]
     pub id: String,
     pub title: Option<String>,
+    pub reserved: Option<OffsetDateTime>,
     pub published: Option<OffsetDateTime>,
     pub modified: Option<OffsetDateTime>,
     pub withdrawn: Option<OffsetDateTime>,

migration/src/lib.rs

@@ -86,6 +86,7 @@ mod m0000660_purl_id_indexes;
 mod m0000670_version_cmp;
 mod m0000680_fix_update_deprecated_advisory;
 mod m0000690_alter_sbom_details;
+mod m0000700_advisory_add_reserved;
 
 pub struct Migrator;
 
@@ -179,6 +180,7 @@ impl MigratorTrait for Migrator {
             Box::new(m0000670_version_cmp::Migration),
             Box::new(m0000680_fix_update_deprecated_advisory::Migration),
             Box::new(m0000690_alter_sbom_details::Migration),
+            Box::new(m0000700_advisory_add_reserved::Migration),
         ]
     }
 }

migration/src/m0000700_advisory_add_reserved.rs

@@ -0,0 +1,71 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Vulnerability::Table)
+                    .add_column(
+                        ColumnDef::new(Vulnerability::Reserved)
+                            .timestamp_with_time_zone()
+                            .to_owned(),
+                    )
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(AdvisoryVulnerability::Table)
+                    .add_column(
+                        ColumnDef::new(AdvisoryVulnerability::ReservedDate)
+                            .timestamp_with_time_zone()
+                            .to_owned(),
+                    )
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(AdvisoryVulnerability::Table)
+                    .drop_column(AdvisoryVulnerability::ReservedDate)
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Vulnerability::Table)
+                    .drop_column(Vulnerability::Reserved)
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(DeriveIden)]
+enum Vulnerability {
+    Table,
+    Reserved,
+}
+
+#[derive(DeriveIden)]
+enum AdvisoryVulnerability {
+    Table,
+    ReservedDate,
+}

modules/fundamental/src/purl/model/details/purl.rs

@@ -137,6 +137,7 @@ impl PurlAdvisory {
             let vulnerability = vuln.unwrap_or(vulnerability::Model {
                 id: status.vulnerability_id.clone(),
                 title: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,

modules/fundamental/src/vulnerability/endpoints/test.rs

@@ -172,6 +172,7 @@ async fn one_vulnerability(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
             VulnerabilityInformation {
                 title: Some("Something wicked this way comes".to_string()),
                 published: Some(OffsetDateTime::now_utc()),
+                reserved: None,
                 modified: None,
                 withdrawn: None,
                 cwes: None,
@@ -268,6 +269,7 @@ async fn delete_vulnerability(ctx: &TrustifyContext) -> Result<(), anyhow::Error
             "CVE-123",
             VulnerabilityInformation {
                 title: Some("Something wicked this way comes".to_string()),
+                reserved: None,
                 published: Some(OffsetDateTime::now_utc()),
                 modified: None,
                 withdrawn: None,

modules/fundamental/src/vulnerability/model/details/mod.rs

@@ -64,6 +64,7 @@ impl VulnerabilityDetails {
                 identifier: vulnerability.id.clone(),
                 title: None,
                 description: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,

modules/fundamental/src/vulnerability/model/mod.rs

@@ -31,6 +31,11 @@ pub struct VulnerabilityHead {
     #[schema(required)]
     pub description: Option<String>,
 
+    /// The date (in RFC3339 format) of when the vulnerability identifier was reserved, if any.
+    #[schema(required)]
+    #[serde(with = "time::serde::rfc3339::option")]
+    pub reserved: Option<OffsetDateTime>,
+
     /// The date (in RFC3339 format) of when the vulnerability was published, if any.
     #[schema(required)]
     #[serde(with = "time::serde::rfc3339::option")]
@@ -92,6 +97,7 @@ impl VulnerabilityHead {
             identifier: entity.id.clone(),
             title: entity.title.clone(),
             description,
+            reserved: entity.reserved,
             published: entity.published,
             modified: entity.modified,
             withdrawn: entity.withdrawn,
@@ -110,6 +116,7 @@ impl VulnerabilityHead {
             identifier: vuln.id.clone(),
             title: advisory_vulnerability.title.clone(),
             description: advisory_vulnerability.description.clone(),
+            reserved: advisory_vulnerability.reserved_date,
             published: None,
             modified: None,
             withdrawn: None,

modules/fundamental/tests/advisory/csaf/delete.rs

@@ -131,6 +131,7 @@ async fn delete_check_vulns(ctx: &TrustifyContext) -> anyhow::Result<()> {
                 identifier: "CVE-2023-33201".to_string(),
                 title: None,
                 description: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,

modules/fundamental/tests/advisory/csaf/reingest.rs

@@ -143,6 +143,7 @@ async fn change_ps_list_vulns(ctx: &TrustifyContext) -> anyhow::Result<()> {
                 identifier: "CVE-2023-33201".to_string(),
                 title: None,
                 description: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,
@@ -240,6 +241,7 @@ async fn change_ps_list_vulns_all(ctx: &TrustifyContext) -> anyhow::Result<()> {
                 identifier: "CVE-2023-33201".to_string(),
                 title: None,
                 description: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,
@@ -261,6 +263,7 @@ async fn change_ps_list_vulns_all(ctx: &TrustifyContext) -> anyhow::Result<()> {
                 identifier: "CVE-2023-33201".to_string(),
                 title: None,
                 description: None,
+                reserved: None,
                 published: None,
                 modified: None,
                 withdrawn: None,