Use boolean field to flag ghost package

keshav-space · keshav-space · commit 5c8770bd6502 · 2024-08-23T18:17:29.000+05:30
Signed-off-by: Keshav Priyadarshi &lt;git@keshav.space&gt;
diff --git a/vulnerabilities/migrations/0060_package_status.py b/vulnerabilities/migrations/0060_package_status.py
diff --git a/vulnerabilities/migrations/0061_package_is_ghost.py b/vulnerabilities/migrations/0061_package_is_ghost.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.1.13 on 2024-08-23 10:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0060_alter_kev_known_ransomware_campaign_use_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="package",
+            name="is_ghost",
+            field=models.BooleanField(
+                default=False,
+                help_text="True if the package does not exist in the upstream package manager or its repository.",
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -591,13 +591,6 @@ class Package(PackageURLMixin):
     # https://github.com/package-url/packageurl-python/pull/35
     # https://github.com/package-url/packageurl-python/pull/67
     # gets merged
-    STATUS_CHOICES = [
-        ("malicious", "Malicious Package"),
-        ("ghost", "Ghost Package"),
-        ("yanked", "Yanked Package"),
-        ("valid", "Valid Package"),
-        ("unknown", "Unknown"),
-    ]
 
     vulnerabilities = models.ManyToManyField(
         to="Vulnerability", through="PackageRelatedVulnerability"
@@ -617,12 +610,9 @@ class Package(PackageURLMixin):
         db_index=True,
     )
 
-    status = models.CharField(
-        max_length=20,
-        choices=STATUS_CHOICES,
-        default="unknown",
-        help_text="The status of the package, malicious, ghost, yanked, valid or unknown.",
-        db_index=True,
+    is_ghost = models.BooleanField(
+        default=False,
+        help_text="True if the package does not exist in the upstream package manager or its repository.",
     )
 
     objects = PackageQuerySet.as_manager()
@@ -1457,7 +1447,7 @@ class Kev(models.Model):
 
     known_ransomware_campaign_use = models.BooleanField(
         default=False,
-        help_text="""Known if this vulnerability is known to have been leveraged as part of a ransomware campaign; 
+        help_text="""Known if this vulnerability is known to have been leveraged as part of a ransomware campaign;
         or 'Unknown' if CISA lacks confirmation that the vulnerability has been utilized for ransomware.""",
     )
 
