add fields for kev-related data to finding model (#12678)

* add fields for kev-related data to finding model: known_exploited, ransomeware_used, kev_date

* linter fix

* test updates

* remove maxdiff setting

Author: dogboat

dojo/db_migrations/0230_add_finding_kev_fields.py

@@ -0,0 +1,42 @@
+# Generated by Django 5.1.8 on 2025-06-23 19:34
+
+import django.core.validators
+import dojo.models
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0229_alter_finding_unique_id_from_tool'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='finding',
+            name='kev_date',
+            field=models.DateField(blank=True, help_text='The date the vulnerability was added to the KEV catalog.', null=True, validators=[django.core.validators.MaxValueValidator(dojo.models.tomorrow)], verbose_name='KEV Date Added'),
+        ),
+        migrations.AddField(
+            model_name='finding',
+            name='known_exploited',
+            field=models.BooleanField(default=False, help_text='Whether this vulnerability is known to have been exploited in the wild.', verbose_name='Known Exploited'),
+        ),
+        migrations.AddField(
+            model_name='finding',
+            name='ransomware_used',
+            field=models.BooleanField(default=False, help_text='Whether this vulnerability is known to have been leveraged as part of a ransomware campaign.', verbose_name='Used in Ransomware'),
+        ),
+        migrations.AddIndex(
+            model_name='finding',
+            index=models.Index(fields=['known_exploited'], name='dojo_findin_known_e_8c584e_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='finding',
+            index=models.Index(fields=['ransomware_used'], name='dojo_findin_ransomw_c185c6_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='finding',
+            index=models.Index(fields=['kev_date'], name='dojo_findin_kev_dat_b54260_idx'),
+        ),
+    ]

dojo/models.py

@@ -5,7 +5,7 @@
 import re
 import warnings
 from contextlib import suppress
-from datetime import datetime
+from datetime import datetime, timedelta
 from decimal import Decimal
 from pathlib import Path
 from uuid import uuid4
@@ -137,6 +137,11 @@ def _copy_model_util(model_in_database, exclude_fields: list[str] | None = None)
     return new_model_instance
 
 
+def tomorrow():
+    """Returns a date representing the day after today."""
+    return timezone.now().date() + timedelta(days=1)
+
+
 @deconstructible
 class UniqueUploadNameProvider:
 
@@ -2331,6 +2336,16 @@ class Finding(models.Model):
                               verbose_name=_("EPSS percentile"),
                               help_text=_("EPSS percentile for the CVE. Describes how many CVEs are scored at or below this one."),
                               validators=[MinValueValidator(0.0), MaxValueValidator(1.0)])
+    known_exploited = models.BooleanField(default=False,
+                                          verbose_name=_("Known Exploited"),
+                                          help_text=_("Whether this vulnerability is known to have been exploited in the wild."))
+    ransomware_used = models.BooleanField(default=False,
+                                          verbose_name=_("Used in Ransomware"),
+                                          help_text=_("Whether this vulnerability is known to have been leveraged as part of a ransomware campaign."))
+    kev_date = models.DateField(null=True, blank=True,
+                                verbose_name=_("KEV Date Added"),
+                                help_text=_("The date the vulnerability was added to the KEV catalog."),
+                                validators=[MaxValueValidator(tomorrow)])
     cvssv3_regex = RegexValidator(regex=r"^AV:[NALP]|AC:[LH]|PR:[UNLH]|UI:[NR]|S:[UC]|[CIA]:[NLH]", message="CVSS must be entered in format: 'AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'")
     cvssv3 = models.TextField(validators=[cvssv3_regex],
                               max_length=117,
@@ -2660,6 +2675,9 @@ class Meta:
             models.Index(fields=["duplicate"]),
             models.Index(fields=["is_mitigated"]),
             models.Index(fields=["duplicate_finding", "id"]),
+            models.Index(fields=["known_exploited"]),
+            models.Index(fields=["ransomware_used"]),
+            models.Index(fields=["kev_date"]),
         ]
 
     def __init__(self, *args, **kwargs):