Add :mitigated and :mitigation to risk:vulnerable (#3910)

changes/73060aaa2e5d391b2d02a22f368350f8.yaml

@@ -0,0 +1,6 @@
+---
+desc: Added ``:mitigated=<bool>`` and ``:mitigation=<risk:mitigation>`` properties to the ``risk:vulnerable``
+      form to track mitigations used to address vulnerable nodes.
+prs: []
+type: model
+...

synapse/models/risk.py

@@ -648,12 +648,21 @@ def getModelDefs(self):
                 )),
 
                 ('risk:vulnerable', {}, (
+
                     ('vuln', ('risk:vuln', {}), {
                         'doc': 'The vulnerability that the node is susceptible to.'}),
+
                     ('period', ('ival', {}), {
                         'doc': 'The time window where the node was vulnerable.'}),
+
                     ('node', ('ndef', {}), {
                         'doc': 'The node which is vulnerable.'}),
+
+                    ('mitigated', ('bool', {}), {
+                        'doc': 'Set to true if the vulnerable node has been mitigated.'}),
+
+                    ('mitigation', ('risk:mitigation', {}), {
+                        'doc': 'The mitigation which was used to address the vulnerable node.'}),
                 )),
 
                 ('risk:alert:taxonomy', {}, {}),

synapse/tests/test_model_risk.py

@@ -523,14 +523,18 @@ async def addNode(text):
                     :period=(2022, ?)
                     :node=(inet:fqdn, vertex.link)
                     :vuln={[ risk:vuln=* :name=redtree ]}
+                    :mitigated=true
+                    :mitigation={[ risk:mitigation=* :name=patchstuff ]}
                 ]
             ''')
             self.len(1, nodes)
             self.nn(nodes[0].get('vuln'))
+            self.eq(True, nodes[0].get('mitigated'))
             self.eq((1640995200000, 9223372036854775807), nodes[0].get('period'))
             self.eq(('inet:fqdn', 'vertex.link'), nodes[0].get('node'))
             self.len(1, await core.nodes('risk:vulnerable -> risk:vuln'))
             self.len(1, await core.nodes('risk:vuln:name=redtree -> risk:vulnerable :node -> *'))
+            self.len(1, await core.nodes('risk:vulnerable -> risk:mitigation'))
 
     async def test_model_risk_mitigation(self):
         async with self.getTestCore() as core: