Update yara rules models

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/improvers/__init__.py

@@ -38,43 +38,43 @@
 
 IMPROVERS_REGISTRY = create_registry(
     [
-        valid_versions.GitHubBasicImprover,
-        valid_versions.GitLabBasicImprover,
-        valid_versions.NginxBasicImprover,
-        valid_versions.ApacheHTTPDImprover,
-        valid_versions.DebianBasicImprover,
-        valid_versions.NpmImprover,
-        valid_versions.ElixirImprover,
-        valid_versions.ApacheTomcatImprover,
-        valid_versions.ApacheKafkaImprover,
-        valid_versions.IstioImprover,
-        valid_versions.DebianOvalImprover,
-        valid_versions.UbuntuOvalImprover,
-        valid_versions.OSSFuzzImprover,
-        valid_versions.RubyImprover,
-        valid_versions.GithubOSVImprover,
-        vulnerability_status.VulnerabilityStatusImprover,
-        valid_versions.CurlImprover,
-        flag_ghost_packages.FlagGhostPackagePipeline,
-        enhance_with_kev.VulnerabilityKevPipeline,
-        enhance_with_metasploit.MetasploitImproverPipeline,
-        enhance_with_exploitdb.ExploitDBImproverPipeline,
-        compute_package_risk.ComputePackageRiskPipeline,
-        compute_package_version_rank.ComputeVersionRankPipeline,
-        add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
-        remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
-        populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
-        exploitdb_v2.ExploitDBImproverPipeline,
-        enhance_with_kev_v2.VulnerabilityKevPipeline,
-        flag_ghost_packages_v2.FlagGhostPackagePipeline,
-        enhance_with_metasploit_v2.MetasploitImproverPipeline,
-        compute_package_risk_v2.ComputePackageRiskPipeline,
-        compute_version_rank_v2.ComputeVersionRankPipeline,
-        compute_advisory_todo_v2.ComputeToDo,
-        unfurl_version_range_v2.UnfurlVersionRangePipeline,
-        compute_advisory_todo.ComputeToDo,
-        collect_ssvc_trees.CollectSSVCPipeline,
-        relate_severities.RelateSeveritiesPipeline,
+        # valid_versions.GitHubBasicImprover,
+        # valid_versions.GitLabBasicImprover,
+        # valid_versions.NginxBasicImprover,
+        # valid_versions.ApacheHTTPDImprover,
+        # valid_versions.DebianBasicImprover,
+        # valid_versions.NpmImprover,
+        # valid_versions.ElixirImprover,
+        # valid_versions.ApacheTomcatImprover,
+        # valid_versions.ApacheKafkaImprover,
+        # valid_versions.IstioImprover,
+        # valid_versions.DebianOvalImprover,
+        # valid_versions.UbuntuOvalImprover,
+        # valid_versions.OSSFuzzImprover,
+        # valid_versions.RubyImprover,
+        # valid_versions.GithubOSVImprover,
+        # vulnerability_status.VulnerabilityStatusImprover,
+        # valid_versions.CurlImprover,
+        # flag_ghost_packages.FlagGhostPackagePipeline,
+        # enhance_with_kev.VulnerabilityKevPipeline,
+        # enhance_with_metasploit.MetasploitImproverPipeline,
+        # enhance_with_exploitdb.ExploitDBImproverPipeline,
+        # compute_package_risk.ComputePackageRiskPipeline,
+        # compute_package_version_rank.ComputeVersionRankPipeline,
+        # add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
+        # remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
+        # populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
+        # exploitdb_v2.ExploitDBImproverPipeline,
+        # enhance_with_kev_v2.VulnerabilityKevPipeline,
+        # flag_ghost_packages_v2.FlagGhostPackagePipeline,
+        # enhance_with_metasploit_v2.MetasploitImproverPipeline,
+        # compute_package_risk_v2.ComputePackageRiskPipeline,
+        # compute_version_rank_v2.ComputeVersionRankPipeline,
+        # compute_advisory_todo_v2.ComputeToDo,
+        # unfurl_version_range_v2.UnfurlVersionRangePipeline,
+        # compute_advisory_todo.ComputeToDo,
+        # collect_ssvc_trees.CollectSSVCPipeline,
+        # relate_severities.RelateSeveritiesPipeline,
         yara_rules.YaraRulesImproverPipeline,
     ]
 )

vulnerabilities/migrations/0117_remove_detectionrule_advisory_and_more.py

@@ -0,0 +1,26 @@
+# Generated by Django 5.2.11 on 2026-03-25 13:46
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0116_detectionrule"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="detectionrule",
+            name="advisory",
+        ),
+        migrations.AddField(
+            model_name="detectionrule",
+            name="related_advisories",
+            field=models.ManyToManyField(
+                help_text="Advisories associated with this DetectionRule.",
+                related_name="detection_rules",
+                to="vulnerabilities.advisoryv2",
+            ),
+        ),
+    ]

vulnerabilities/models.py

@@ -3684,10 +3684,8 @@ class DetectionRule(models.Model):
 
     rule_text = models.TextField(help_text="The content of the detection signature.")
 
-    advisory = models.ForeignKey(
+    related_advisories = models.ManyToManyField(
         AdvisoryV2,
         related_name="detection_rules",
-        on_delete=models.SET_NULL,
-        null=True,
-        blank=True,
+        help_text="Advisories associated with this DetectionRule.",
     )

vulnerabilities/pipelines/v2_improvers/yara_rules.py

@@ -11,9 +11,12 @@
 from aboutcode.pipeline import LoopProgress
 from fetchcode.vcs import fetch_via_vcs
 
+from vulnerabilities.models import AdvisoryAlias
+from vulnerabilities.models import AdvisoryV2
 from vulnerabilities.models import DetectionRule
 from vulnerabilities.models import DetectionRuleTypes
 from vulnerabilities.pipelines import VulnerableCodePipeline
+from vulnerabilities.utils import find_all_cve
 from vulnerabilities.utils import get_advisory_url
 
 
@@ -119,7 +122,6 @@ def collect_and_store_rules(self):
 
             rules_count = len(yara_files)
             self.log(f"Processing {rules_count:,d} rules from {repo_url}")
-
             progress = LoopProgress(total_iterations=rules_count, logger=self.log)
             for file_path in progress.iter(yara_files):
                 if not file_path.exists() or not file_path.is_file():
@@ -141,13 +143,30 @@ def collect_and_store_rules(self):
                     url=f"{repo_url}/blob/master/",
                 )
 
-                DetectionRule.objects.update_or_create(
-                    rule_text=raw_text,
+                cve_ids = find_all_cve(f"{file_path}\n{raw_text}")
+
+                advisories = set()
+                for cve_id in cve_ids:
+                    alias = AdvisoryAlias.objects.filter(alias=cve_id).first()
+                    if alias:
+                        for adv in alias.advisories.all():
+                            advisories.add(adv)
+                    else:
+                        advs = AdvisoryV2.objects.filter(advisory_id=cve_id)
+                        for adv in advs:
+                            advisories.add(adv)
+
+                detection_rule, _ = DetectionRule.objects.update_or_create(
                     rule_type=DetectionRuleTypes.YARA,
-                    advisory=None,
                     source_url=rule_url,
+                    defaults={
+                        "rule_text": raw_text,
+                    },
                 )
 
+                for adv in advisories:
+                    detection_rule.related_advisories.add(adv)
+
     def clean_downloads(self):
         for vcs_response, _ in self.vcs_responses:
             if vcs_response: