feat: model.VulnerabilityAnalysis properties for issued/updated datetime (#794)

Signed-off-by: Indivar Mishra <[email protected]>

Author: indiVar0508

cyclonedx/model/vulnerability.py

@@ -235,11 +235,15 @@ def __init__(
         justification: Optional[ImpactAnalysisJustification] = None,
         responses: Optional[Iterable[ImpactAnalysisResponse]] = None,
         detail: Optional[str] = None,
+        first_issued: Optional[datetime] = None,
+        last_updated: Optional[datetime] = None,
     ) -> None:
         self.state = state
         self.justification = justification
         self.responses = responses or []  # type:ignore[assignment]
         self.detail = detail
+        self.first_issued = first_issued
+        self.last_updated = last_updated
 
     @property
     @serializable.xml_sequence(1)
@@ -307,29 +311,33 @@ def detail(self) -> Optional[str]:
     def detail(self, detail: Optional[str]) -> None:
         self._detail = detail
 
-    # @property
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.xml_sequence(5)
-    # def first_issued(self) -> ...:
-    #     ...  # TODO since CDX 1.5
-    #
-    # @first_issued.setter
-    # def first_issued(self, ...) -> None:
-    #     ...  # TODO since CDX 1.5
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.type_mapping(serializable.helpers.XsdDateTime)
+    @serializable.xml_sequence(5)
+    def first_issued(self) -> Optional[datetime]:
+        return self._first_issued
 
-    # @property
-    # @serializable.view(SchemaVersion1Dot5)
-    # @serializable.xml_sequence(6)
-    # def last_updated(self) -> ...:
-    #     ...  # TODO since CDX 1.5
-    #
-    # @last_updated.setter
-    # def last_updated(self, ...) -> None:
-    #     ...  # TODO since CDX 1.5
+    @first_issued.setter
+    def first_issued(self, first_issue: Optional[datetime]) -> None:
+        self._first_issued = first_issue
+
+    @property
+    @serializable.view(SchemaVersion1Dot5)
+    @serializable.view(SchemaVersion1Dot6)
+    @serializable.type_mapping(serializable.helpers.XsdDateTime)
+    @serializable.xml_sequence(6)
+    def last_updated(self) -> Optional[datetime]:
+        return self._last_updated
+
+    @last_updated.setter
+    def last_updated(self, last_updated: Optional[datetime]) -> None:
+        self._last_updated = last_updated
 
     def __comparable_tuple(self) -> _ComparableTuple:
         return _ComparableTuple((
-            self.state, self.justification, tuple(self.responses), self.detail
+            self.state, self.justification, tuple(self.responses), self.detail, self.first_issued, self.last_updated
         ))
 
     def __eq__(self, other: object) -> bool:

tests/_data/models.py

@@ -503,7 +503,11 @@ def get_bom_with_component_setuptools_with_vulnerability() -> Bom:
         )),
         analysis=VulnerabilityAnalysis(
             state=ImpactAnalysisState.EXPLOITABLE, justification=ImpactAnalysisJustification.REQUIRES_ENVIRONMENT,
-            responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail'
+            responses=[ImpactAnalysisResponse.CAN_NOT_FIX], detail='Some extra detail',
+            first_issued=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+                                  tzinfo=timezone.utc),
+            last_updated=datetime(year=2018, month=9, day=1, hour=10, minute=50, second=42, microsecond=51979,
+                                  tzinfo=timezone.utc)
         ),
         affects=[
             BomTarget(

tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.json.bin

@@ -59,7 +59,9 @@
       ],
       "analysis": {
         "detail": "Some extra detail",
+        "firstIssued": "2018-09-01T10:50:42.051979+00:00",
         "justification": "requires_environment",
+        "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
         "response": [
           "can_not_fix"
         ],

tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.5.xml.bin

@@ -120,6 +120,8 @@
           <response>can_not_fix</response>
         </responses>
         <detail>Some extra detail</detail>
+        <firstIssued>2018-09-01T10:50:42.051979+00:00</firstIssued>
+        <lastUpdated>2018-09-01T10:50:42.051979+00:00</lastUpdated>
       </analysis>
       <affects>
         <target>

tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.json.bin

@@ -59,7 +59,9 @@
       ],
       "analysis": {
         "detail": "Some extra detail",
+        "firstIssued": "2018-09-01T10:50:42.051979+00:00",
         "justification": "requires_environment",
+        "lastUpdated": "2018-09-01T10:50:42.051979+00:00",
         "response": [
           "can_not_fix"
         ],

tests/_data/snapshots/get_bom_with_component_setuptools_with_vulnerability-1.6.xml.bin

@@ -126,6 +126,8 @@
           <response>can_not_fix</response>
         </responses>
         <detail>Some extra detail</detail>
+        <firstIssued>2018-09-01T10:50:42.051979+00:00</firstIssued>
+        <lastUpdated>2018-09-01T10:50:42.051979+00:00</lastUpdated>
       </analysis>
       <affects>
         <target>