|
| 1 | +<?php |
| 2 | + |
| 3 | +declare(strict_types=1); |
| 4 | + |
| 5 | +use Phinx\Migration\AbstractMigration; |
| 6 | + |
| 7 | +final class VulnerabilityDatabase extends AbstractMigration |
| 8 | +{ |
| 9 | + public function change(): void |
| 10 | + { |
| 11 | + if ($this->isMigratingUp()) { |
| 12 | + // Add settings |
| 13 | + $this->execute("INSERT INTO `Instance_Settings`(`IS_ID`, `IS_Name`) VALUES (19, 'Vulnerability Monitoring')"); |
| 14 | + $this->execute("INSERT INTO `Instance_Settings_Values`(`ISV_IS_ID`, `ISV_Value`) VALUES (19, '0')"); |
| 15 | + |
| 16 | + // OS releases (e.g. Ubuntu 22.04 LTS jammy) |
| 17 | + $this->table('Operating_Systems', ['id' => 'OS_ID', 'primary_key' => ['OS_ID'], 'signed' => true]) |
| 18 | + ->addColumn('OS_Name', 'string', ['limit' => 50, 'null' => false]) |
| 19 | + ->addColumn('OS_Version', 'string', ['limit' => 50, 'null' => false]) |
| 20 | + ->addColumn('OS_Codename', 'string', ['limit' => 50, 'null' => true]) |
| 21 | + ->addIndex(['OS_Name', 'OS_Version'], ['unique' => true, 'name' => 'unique_os_name_version']) |
| 22 | + ->create(); |
| 23 | + |
| 24 | + // One row per USN/advisory notice |
| 25 | + $this->table('Vulnerabilities', ['id' => 'V_ID', 'primary_key' => ['V_ID'], 'signed' => true]) |
| 26 | + ->addColumn('V_Title', 'string', ['limit' => 500, 'null' => false]) |
| 27 | + ->addColumn('V_USN_Id', 'string', ['limit' => 50, 'null' => true]) |
| 28 | + ->addColumn('V_USN_Url', 'string', ['limit' => 500, 'null' => true]) |
| 29 | + ->addColumn('V_Severity', 'string', ['limit' => 20, 'null' => false, 'default' => 'Unknown']) |
| 30 | + ->addColumn('V_Issued_Date', 'date', ['null' => false]) |
| 31 | + ->addColumn('V_Description', 'text', ['null' => true]) |
| 32 | + ->addColumn('V_OS_ID', 'integer', ['null' => false]) |
| 33 | + ->addIndex(['V_USN_Id'], ['unique' => true, 'name' => 'unique_usn_id']) |
| 34 | + ->addIndex(['V_Issued_Date'], ['name' => 'idx_vuln_issued_date']) |
| 35 | + ->addForeignKey('V_OS_ID', 'Operating_Systems', 'OS_ID', ['delete' => 'CASCADE']) |
| 36 | + ->create(); |
| 37 | + |
| 38 | + // Individual CVE records for a vulnerability |
| 39 | + $this->table('CVEs', ['id' => 'C_ID', 'primary_key' => ['C_ID'], 'signed' => true]) |
| 40 | + ->addColumn('C_CVE_Id', 'string', ['limit' => 30, 'null' => false]) |
| 41 | + ->addColumn('C_Priority', 'string', ['limit' => 20, 'null' => true]) |
| 42 | + ->addColumn('C_CVSS_Score', 'decimal', ['precision' => 3, 'scale' => 1, 'null' => true]) |
| 43 | + ->addColumn('C_CVSS_Severity', 'string', ['limit' => 20, 'null' => true]) |
| 44 | + ->addColumn('C_CVSS_Vector', 'string', ['limit' => 500, 'null' => true]) |
| 45 | + ->addColumn('C_Public_Date', 'date', ['null' => true]) |
| 46 | + ->addColumn('C_V_ID', 'integer', ['null' => false]) |
| 47 | + ->addIndex(['C_CVE_Id'], ['name' => 'idx_cve_id']) |
| 48 | + ->addIndex(['C_V_ID'], ['name' => 'idx_cve_vuln']) |
| 49 | + ->addForeignKey('C_V_ID', 'Vulnerabilities', 'V_ID', ['delete' => 'CASCADE']) |
| 50 | + ->create(); |
| 51 | + |
| 52 | + // Packages affected by a vulnerability (with the fixed version to compare against) |
| 53 | + $this->table('Vulnerable_Packages', ['id' => 'VP_ID', 'primary_key' => ['VP_ID'], 'signed' => true]) |
| 54 | + ->addColumn('VP_Package_Name', 'string', ['limit' => 200, 'null' => false]) |
| 55 | + ->addColumn('VP_Fixed_Version', 'string', ['limit' => 200, 'null' => true]) |
| 56 | + ->addColumn('VP_V_ID', 'integer', ['null' => false]) |
| 57 | + ->addIndex(['VP_Package_Name'], ['name' => 'idx_pkg_name']) |
| 58 | + ->addIndex(['VP_V_ID'], ['name' => 'idx_pkg_vuln']) |
| 59 | + ->addIndex(['VP_V_ID', 'VP_Package_Name'], ['unique' => true, 'name' => 'unique_vuln_package']) |
| 60 | + ->addForeignKey('VP_V_ID', 'Vulnerabilities', 'V_ID', ['delete' => 'CASCADE']) |
| 61 | + ->create(); |
| 62 | + } |
| 63 | + } |
| 64 | +} |
0 commit comments