feat: support INFO for severity accross the objects using it (#2652)

ab-smith · web-flow · commit fc6589ec0275 · 2025-10-04T12:52:42.000+02:00
* feat: support INFO for severity accross the objects using it

* fixup

* fixup for findings assessment widgets

* missing migrtion - will be squashed

* fixup

* fixup

* squashing the migrations (manually)

* status alignment for findings
diff --git a/backend/core/migrations/0104_add_info_severity.py b/backend/core/migrations/0104_add_info_severity.py
@@ -0,0 +1,107 @@
+# Generated manually
+
+from django.db import migrations, models
+
+
+def shift_severity_values(apps, schema_editor):
+    """
+    Shift existing severity values up by 1 to make room for INFO level.
+    OLD -> NEW mapping:
+    0 (LOW) -> 1
+    1 (MEDIUM) -> 2
+    2 (HIGH) -> 3
+    3 (CRITICAL) -> 4
+    -1 (UNDEFINED) stays -1
+    """
+    SecurityException = apps.get_model("core", "SecurityException")
+    Finding = apps.get_model("core", "Finding")
+    Vulnerability = apps.get_model("core", "Vulnerability")
+
+    # Update in reverse order to avoid conflicts
+    for model in [SecurityException, Finding, Vulnerability]:
+        model.objects.filter(severity=3).update(severity=4)  # CRITICAL: 3 -> 4
+        model.objects.filter(severity=2).update(severity=3)  # HIGH: 2 -> 3
+        model.objects.filter(severity=1).update(severity=2)  # MEDIUM: 1 -> 2
+        model.objects.filter(severity=0).update(severity=1)  # LOW: 0 -> 1
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0103_alter_terminology_field_path"),
+    ]
+
+    operations = [
+        # Update Finding status choices
+        migrations.AlterField(
+            model_name="finding",
+            name="status",
+            field=models.CharField(
+                choices=[
+                    ("--", "Undefined"),
+                    ("identified", "Identified"),
+                    ("confirmed", "Confirmed"),
+                    ("dismissed", "Dismissed"),
+                    ("assigned", "Assigned"),
+                    ("in_progress", "In Progress"),
+                    ("mitigated", "Mitigated"),
+                    ("resolved", "Resolved"),
+                    ("closed", "Closed"),
+                    ("deprecated", "Deprecated"),
+                ],
+                default="--",
+                max_length=32,
+                verbose_name="Status",
+            ),
+        ),
+        # Shift existing severity data
+        migrations.RunPython(shift_severity_values, migrations.RunPython.noop),
+        # Update severity field choices with INFO level
+        migrations.AlterField(
+            model_name="finding",
+            name="severity",
+            field=models.SmallIntegerField(
+                choices=[
+                    (-1, "undefined"),
+                    (0, "info"),
+                    (1, "low"),
+                    (2, "medium"),
+                    (3, "high"),
+                    (4, "critical"),
+                ],
+                default=-1,
+                verbose_name="Severity",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="securityexception",
+            name="severity",
+            field=models.SmallIntegerField(
+                choices=[
+                    (-1, "undefined"),
+                    (0, "info"),
+                    (1, "low"),
+                    (2, "medium"),
+                    (3, "high"),
+                    (4, "critical"),
+                ],
+                default=-1,
+                verbose_name="Severity",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerability",
+            name="severity",
+            field=models.SmallIntegerField(
+                choices=[
+                    (-1, "undefined"),
+                    (0, "info"),
+                    (1, "low"),
+                    (2, "medium"),
+                    (3, "high"),
+                    (4, "critical"),
+                ],
+                default=-1,
+                verbose_name="Severity",
+            ),
+        ),
+    ]
diff --git a/backend/core/models.py b/backend/core/models.py
@@ -227,10 +227,11 @@ def get_locales(self):
 
 class Severity(models.IntegerChoices):
     UNDEFINED = -1, "undefined"
-    LOW = 0, "low"
-    MEDIUM = 1, "medium"
-    HIGH = 2, "high"
-    CRITICAL = 3, "critical"
+    INFO = 0, "info"
+    LOW = 1, "low"
+    MEDIUM = 2, "medium"
+    HIGH = 3, "high"
+    CRITICAL = 4, "critical"
 
 
 class StoredLibrary(LibraryMixin):
@@ -5529,27 +5530,29 @@ def get_findings_metrics(self):
         # Severity distribution using the defined severity levels - we need a better way for this
         severity_values = {
             -1: "undefined",
-            0: "low",
-            1: "medium",
-            2: "high",
-            3: "critical",
+            0: "info",
+            1: "low",
+            2: "medium",
+            3: "high",
+            4: "critical",
         }
 
         severity_distribution = {}
         for value, label in severity_values.items():
             severity_distribution[label] = findings.filter(severity=value).count()
 
         # Count of unresolved important findings (severity is HIGH or CRITICAL)
-        # Excludes findings that are mitigated, resolved, or dismissed
+        # Excludes findings that are mitigated, resolved, dismissed, or closed
         unresolved_important = (
             findings.filter(
-                severity__gte=2  # HIGH or CRITICAL (>=2)
+                severity__gte=3  # HIGH or CRITICAL (>=3)
             )
             .exclude(
                 status__in=[
                     Finding.Status.MITIGATED,
                     Finding.Status.RESOLVED,
                     Finding.Status.DISMISSED,
+                    Finding.Status.CLOSED,
                 ]
             )
             .count()
@@ -5573,6 +5576,7 @@ class Status(models.TextChoices):
         IN_PROGRESS = "in_progress", _("In Progress")
         MITIGATED = "mitigated", _("Mitigated")
         RESOLVED = "resolved", _("Resolved")
+        CLOSED = "closed", _("Closed")
         DEPRECATED = "deprecated", _("Deprecated")
 
     findings_assessment = models.ForeignKey(
diff --git a/backend/core/tests/test_vulnerability.py b/backend/core/tests/test_vulnerability.py
@@ -90,7 +90,7 @@ def test_serialization(self, domain_perimeter_fixture, applied_controls):
             description="Cross-site scripting vulnerability in comments section",
             folder=folder,
             status="open",
-            severity=3,
+            severity=4,
             created_at="2025-01-13T10:00:00Z",
             updated_at="2025-01-13T10:00:00Z",
         )
@@ -101,7 +101,7 @@ def test_serialization(self, domain_perimeter_fixture, applied_controls):
 
         assert data["ref_id"] == "VULN-2025-002"
         assert data["name"] == "XSS in Comments"
-        assert data["severity"] == 3
+        assert data["severity"] == 4
         assert (
             data["folder"]
             == hashlib.sha256(str(getattr(folder, "pk")).encode()).hexdigest()[:12]
diff --git a/backend/core/views.py b/backend/core/views.py
@@ -6724,6 +6724,7 @@ def metrics(self, request, pk=None):
 
         def format_severity_data(metrics):
             severity_colors = {
+                "info": "#3B82F6",
                 "low": "#59BBB2",
                 "medium": "#F5C481",
                 "high": "#E6686D",
@@ -6906,6 +6907,7 @@ def md(self, request, pk):
             Finding.Status.DISMISSED,
             Finding.Status.MITIGATED,
             Finding.Status.RESOLVED,
+            Finding.Status.CLOSED,
             Finding.Status.DEPRECATED,
         ]
         open_statuses = [
@@ -7030,6 +7032,7 @@ def pdf(self, request, pk):
             Finding.Status.DISMISSED,
             Finding.Status.MITIGATED,
             Finding.Status.RESOLVED,
+            Finding.Status.CLOSED,
             Finding.Status.DEPRECATED,
         ]
         open_statuses = [
diff --git a/backend/data_wizard/views.py b/backend/data_wizard/views.py
@@ -368,10 +368,11 @@ def _process_findings_assessment(self, request, records, folder_id, perimeter_id
                 )
 
                 SEVERITY_MAP = {
-                    "low": 0,
-                    "medium": 1,
-                    "high": 2,
-                    "critical": 3,
+                    "info": 0,
+                    "low": 1,
+                    "medium": 2,
+                    "high": 3,
+                    "critical": 4,
                 }
 
                 for record in records:
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
@@ -953,6 +953,7 @@
 	"tooManyLoginAttempts": "Too many login attempts. Please try again later.",
 	"step": "Step {number}",
 	"critical": "Critical",
+	"info": "Information",
 	"vulnerabilities": "Vulnerabilities",
 	"severity": "Severity",
 	"potential": "Potential",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
@@ -929,6 +929,7 @@
 	"tooManyLoginAttempts": "Trop de tentatives de connexion. Veuillez réessayer plus tard.",
 	"step": "Étape {number}",
 	"critical": "Critique",
+	"info": "Information",
 	"vulnerabilities": "Vulnérabilités",
 	"severity": "Niveau de gravité",
 	"potential": "Potentielle",
diff --git a/frontend/src/routes/(app)/(internal)/findings-assessments/[id=uuid]/+page.svelte b/frontend/src/routes/(app)/(internal)/findings-assessments/[id=uuid]/+page.svelte
@@ -15,6 +15,19 @@
 
 	let { data, form }: Props = $props();
 	let exportPopupOpen = $state(false);
+	let chartKey = $state(0);
+
+	function resizeObserver(node: HTMLElement) {
+		const observer = new ResizeObserver(() => {
+			chartKey = chartKey + 1;
+		});
+		observer.observe(node);
+		return {
+			destroy() {
+				observer.disconnect();
+			}
+		};
+	}
 </script>
 
 {#if data.data?.is_locked}
@@ -93,24 +106,26 @@
 					</div>
 				</div>
 
-				<div class="card p-4 bg-gray-50 shadow-xs grow">
-					<div class="h-1/2">
-						<HalfDonutChart
-							name="current_h"
-							title={m.severity()}
-							classesContainer="flex-1 card p-4 bg-white"
-							values={data.findings_metrics.severity_chart_data}
-							colors={data.findings_metrics.severity_chart_data.map((object) => object.color)}
-						/>
-					</div>
-					<div class="h-1/2">
-						<DonutChart
-							classesContainer="flex-1 card p-4 bg-white"
-							name="f_treatment_progress"
-							title={m.progress()}
-							values={data.findings_metrics.status_chart_data.values}
-						/>
-					</div>
+				<div class="card p-2 bg-gray-50 shadow-xs flex-1 flex flex-col gap-2" use:resizeObserver>
+					{#key chartKey}
+						<div class="flex-1 min-h-0">
+							<HalfDonutChart
+								name="current_h"
+								title={m.severity()}
+								classesContainer="card p-2 bg-white h-full"
+								values={data.findings_metrics.severity_chart_data}
+								colors={data.findings_metrics.severity_chart_data.map((object) => object.color)}
+							/>
+						</div>
+						<div class="flex-1 min-h-0">
+							<DonutChart
+								classesContainer="card p-2 bg-white h-full"
+								name="f_treatment_progress"
+								title={m.progress()}
+								values={data.findings_metrics.status_chart_data.values}
+							/>
+						</div>
+					{/key}
 				</div>
 			</div>
 		{/key}

Original file line number	Diff line number	Diff line change
`@@ -368,10 +368,11 @@ def _process_findings_assessment(self, request, records, folder_id, perimeter_id`
`368`	`368`	`)`
`369`	`369`
`370`	`370`	`SEVERITY_MAP = {`
`371`		`- "low": 0,`
`372`		`- "medium": 1,`
`373`		`- "high": 2,`
`374`		`- "critical": 3,`
	`371`	`+ "info": 0,`
	`372`	`+ "low": 1,`
	`373`	`+ "medium": 2,`
	`374`	`+ "high": 3,`
	`375`	`+ "critical": 4,`
`375`	`376`	`}`
`376`	`377`
`377`	`378`	`for record in records:`