Remove isDependency to pkgName (#2021)

* remove un-needed fields from isDep in the graphql schema Signed-off-by: pxp928 <parth.psu@gmail.com> * remove un-needed fields from isDep in the graphql schema Signed-off-by: pxp928 <parth.psu@gmail.com> * update bulk assembler to only ingest pkgVersion Signed-off-by: pxp928 <parth.psu@gmail.com> * update arango backend and remove version range from filter and input spec Signed-off-by: pxp928 <parth.psu@gmail.com> * remove version range from deps.dev handler Signed-off-by: pxp928 <parth.psu@gmail.com> * update keyvalue backend for isDep Signed-off-by: pxp928 <parth.psu@gmail.com> * update ent backend isDep Signed-off-by: pxp928 <parth.psu@gmail.com> * update cmd and other usecases of depPkgName Signed-off-by: pxp928 <parth.psu@gmail.com> * fix patch planning unit tests and lint issues Signed-off-by: pxp928 <parth.psu@gmail.com> * update e2e query output for isDep Signed-off-by: pxp928 <parth.psu@gmail.com> * add check to bulk assembler for nil values Signed-off-by: pxp928 <parth.psu@gmail.com> * update ent schema Signed-off-by: pxp928 <parth.psu@gmail.com> --------- Signed-off-by: pxp928 <parth.psu@gmail.com>
guacsec · Jul 16, 2024 · 8c54ef5 · 8c54ef5
1 parent 9d51e44
commit 8c54ef5
Show file tree

Hide file tree

Showing 71 changed files with 410 additions and 2,709 deletions.
diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go
@@ -22,8 +22,6 @@ import (
 	"os"
 	"strings"
 
-	"github.com/guacsec/guac/pkg/dependencies"
-
 	"github.com/Khan/genqlient/graphql"
 	model "github.com/guacsec/guac/pkg/assembler/clients/generated"
 	"github.com/guacsec/guac/pkg/assembler/helpers"
@@ -518,37 +516,26 @@ func searchPkgViaHasSBOM(ctx context.Context, gqlclient graphql.Client, searchSt
 				if isDep.DependencyPackage.Type == guacType {
 					continue
 				}
-				var matchingDepPkgVersionIDs []string
-				if len(isDep.DependencyPackage.Namespaces[0].Names[0].Versions) == 0 {
-					findMatchingDepPkgVersionIDs, err := dependencies.FindDepPkgVersionIDs(ctx, gqlclient, isDep.DependencyPackage.Type, isDep.DependencyPackage.Namespaces[0].Namespace,
-						isDep.DependencyPackage.Namespaces[0].Names[0].Name, isDep.VersionRange)
-					if err != nil {
-						return nil, nil, fmt.Errorf("error from FindMatchingDepPkgVersionIDs:%w", err)
+				depPkgID := isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id
+				dfsN, seen := nodeMap[depPkgID]
+				if !seen {
+					dfsN = dfsNode{
+						parent: now,
+						pkgID:  depPkgID,
+						depth:  nowNode.depth + 1,
 					}
-					matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, findMatchingDepPkgVersionIDs...)
-				} else {
-					matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id)
+					nodeMap[depPkgID] = dfsN
 				}
-				for _, pkgID := range matchingDepPkgVersionIDs {
-					dfsN, seen := nodeMap[pkgID]
-					if !seen {
-						dfsN = dfsNode{
-							parent: now,
-							pkgID:  pkgID,
-							depth:  nowNode.depth + 1,
-						}
-						nodeMap[pkgID] = dfsN
-					}
-					if !dfsN.expanded {
-						queue = append(queue, pkgID)
-					}
-					pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, pkgID, isDep)
-					if err != nil {
-						return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err)
-					}
-					collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors)
-					checkedPkgIDs[pkgID] = true
+				if !dfsN.expanded {
+					queue = append(queue, depPkgID)
 				}
+				pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, depPkgID, isDep)
+				if err != nil {
+					return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err)
+				}
+				collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors)
+				checkedPkgIDs[depPkgID] = true
+
 			}
 		}
 		nowNode.expanded = true

diff --git a/demo/graphql/queries.gql b/demo/graphql/queries.gql
@@ -51,7 +51,6 @@ query PkgQ4 {
 fragment allIsDependencyTree on IsDependency {
   id
   justification
-  versionRange
   package {
     ...allPkgTree
   }

diff --git a/demo/workflow/queries.gql b/demo/workflow/queries.gql
@@ -46,7 +46,6 @@ query isDependency {
         }
       }
     }
-    versionRange
     origin
     collector
   }

diff --git a/internal/testing/backend/hasSBOM_test.go b/internal/testing/backend/hasSBOM_test.go
@@ -29,10 +29,9 @@ import (
 )
 
 type testDependency struct {
-	pkg       *model.PkgInputSpec
-	depPkg    *model.PkgInputSpec
-	matchType model.MatchFlags
-	isDep     *model.IsDependencyInputSpec
+	pkg    *model.PkgInputSpec
+	depPkg *model.PkgInputSpec
+	isDep  *model.IsDependencyInputSpec
 }
 
 type testOccurrence struct {
@@ -106,33 +105,29 @@ var includedPackageArtifacts = &model.PackageOrArtifactInputs{
 }
 
 var includedDependency1 = &model.IsDependencyInputSpec{
-	VersionRange:   "dep1_range",
 	DependencyType: model.DependencyTypeDirect,
 	Justification:  "dep1_justification",
 	Origin:         "dep1_origin",
 	Collector:      "dep1_collector",
 }
 
 var includedDependency2 = &model.IsDependencyInputSpec{
-	VersionRange:   "dep2_range",
 	DependencyType: model.DependencyTypeIndirect,
 	Justification:  "dep2_justification",
 	Origin:         "dep2_origin",
 	Collector:      "dep2_collector",
 }
 
 var includedTestDependency1 = &testDependency{
-	pkg:       includedPackage1,
-	depPkg:    includedPackage2,
-	matchType: mSpecific,
-	isDep:     includedDependency1,
+	pkg:    includedPackage1,
+	depPkg: includedPackage2,
+	isDep:  includedDependency1,
 }
 
 var includedTestDependency2 = &testDependency{
-	pkg:       includedPackage1,
-	depPkg:    includedPackage3,
-	matchType: mSpecific,
-	isDep:     includedDependency2,
+	pkg:    includedPackage1,
+	depPkg: includedPackage3,
+	isDep:  includedDependency2,
 }
 
 var includedTestDependencies = []testDependency{*includedTestDependency1, *includedTestDependency2}
@@ -263,15 +258,13 @@ var includedTestExpectedSBOM = &model.HasSbom{
 	IncludedDependencies: []*model.IsDependency{{
 		Package:           includedTestExpectedPackage1,
 		DependencyPackage: includedTestExpectedPackage2,
-		VersionRange:      "dep1_range",
 		DependencyType:    model.DependencyTypeDirect,
 		Justification:     "dep1_justification",
 		Origin:            "dep1_origin",
 		Collector:         "dep1_collector",
 	}, {
 		Package:           includedTestExpectedPackage1,
 		DependencyPackage: includedTestExpectedPackage3,
-		VersionRange:      "dep2_range",
 		DependencyType:    model.DependencyTypeIndirect,
 		Justification:     "dep2_justification",
 		Origin:            "dep2_origin",
@@ -486,9 +479,8 @@ func TestHasSBOM(t *testing.T) {
 				Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
 			},
 			IsDeps: []testDependency{{
-				pkg:       testdata.P2,
-				depPkg:    testdata.P4,
-				matchType: mSpecific,
+				pkg:    testdata.P2,
+				depPkg: testdata.P4,
 				isDep: &model.IsDependencyInputSpec{
 					Justification: "test justification",
 				},
@@ -739,9 +731,8 @@ func TestHasSBOM(t *testing.T) {
 				Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
 			},
 			IsDeps: []testDependency{{
-				pkg:       testdata.P2,
-				depPkg:    testdata.P4,
-				matchType: mSpecific,
+				pkg:    testdata.P2,
+				depPkg: testdata.P4,
 				isDep: &model.IsDependencyInputSpec{
 					Justification: "test justification",
 				},
@@ -1841,40 +1832,6 @@ func TestHasSBOM(t *testing.T) {
 			Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{Package: &model.PkgSpec{Name: ptrfrom.String("invalid_name")}, DependencyPackage: &model.PkgSpec{Name: &includedPackage2.Name}}}},
 			ExpHS: nil,
 		},
-		{
-			Name:   "IncludedDependencies - Valid Included VersionRange",
-			InPkg:  includedPackages,
-			InArt:  includedArtifacts,
-			InSrc:  includedSources,
-			PkgArt: includedPackageArtifacts,
-			IsDeps: includedTestDependencies,
-			IsOccs: includedTestOccurrences,
-			Calls: []call{{
-				Sub: model.PackageOrArtifactInput{
-					Package: &model.IDorPkgInput{PackageInput: includedPackage1},
-				},
-				HS: includedHasSBOM,
-			}},
-			Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: &includedDependency1.VersionRange}}},
-			ExpHS: []*model.HasSbom{includedTestExpectedSBOM},
-		},
-		{
-			Name:   "IncludedDependencies - Invalid Included VersionRange",
-			InPkg:  includedPackages,
-			InArt:  includedArtifacts,
-			InSrc:  includedSources,
-			PkgArt: includedPackageArtifacts,
-			IsDeps: includedTestDependencies,
-			IsOccs: includedTestOccurrences,
-			Calls: []call{{
-				Sub: model.PackageOrArtifactInput{
-					Package: &model.IDorPkgInput{PackageInput: includedPackage1},
-				},
-				HS: includedHasSBOM,
-			}},
-			Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: ptrfrom.String("invalid_range")}}},
-			ExpHS: nil,
-		},
 		{
 			Name:   "IncludedDependencies - Valid Included DependencyType",
 			InPkg:  includedPackages,
@@ -1913,7 +1870,6 @@ func TestHasSBOM(t *testing.T) {
 			Query: &model.HasSBOMSpec{
 				IncludedDependencies: []*model.IsDependencySpec{{
 					DependencyType: &includedDependency2.DependencyType,
-					VersionRange:   &includedDependency1.VersionRange,
 					Justification:  &includedDependency1.Justification,
 				}},
 			},
@@ -2768,7 +2724,7 @@ func TestHasSBOM(t *testing.T) {
 			}
 
 			for _, dep := range test.IsDeps {
-				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
+				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
 					t.Fatalf("Could not ingest dependency: %v", err)
 				} else {
 					includes.Dependencies = append(includes.Dependencies, isDep)
@@ -2946,9 +2902,8 @@ func TestIngestHasSBOMs(t *testing.T) {
 				Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
 			},
 			IsDeps: []testDependency{{
-				pkg:       testdata.P2,
-				depPkg:    testdata.P4,
-				matchType: mSpecific,
+				pkg:    testdata.P2,
+				depPkg: testdata.P4,
 				isDep: &model.IsDependencyInputSpec{
 					Justification: "test justification",
 				},
@@ -3124,7 +3079,7 @@ func TestIngestHasSBOMs(t *testing.T) {
 			}
 
 			for _, dep := range test.IsDeps {
-				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
+				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
 					t.Fatalf("Could not ingest dependency: %v", err)
 				} else {
 					includes.Dependencies = append(includes.Dependencies, isDep)
@@ -3201,9 +3156,8 @@ func TestDeleteHasSBOM(t *testing.T) {
 				Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
 			},
 			IsDeps: []testDependency{{
-				pkg:       testdata.P2,
-				depPkg:    testdata.P4,
-				matchType: mSpecific,
+				pkg:    testdata.P2,
+				depPkg: testdata.P4,
 				isDep: &model.IsDependencyInputSpec{
 					Justification: "test justification",
 				},
@@ -3351,7 +3305,7 @@ func TestDeleteHasSBOM(t *testing.T) {
 			}
 
 			for _, dep := range test.IsDeps {
-				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
+				if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
 					t.Fatalf("Could not ingest dependency: %v", err)
 				} else {
 					includes.Dependencies = append(includes.Dependencies, isDep)

diff --git a/internal/testing/backend/helpers_test.go b/internal/testing/backend/helpers_test.go
@@ -34,8 +34,6 @@ var (
 	testTime2          = time.Unix(1e9, 0)
 	startTime          = time.Now()
 	finishTime         = time.Now().Add(10 * time.Second)
-	mAll               = model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}
-	mSpecific          = model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}
 )
 
 var ignoreID = cmp.FilterPath(func(p cmp.Path) bool {
@@ -440,9 +438,6 @@ func lessIsDep(a, b *model.IsDependency) bool {
 	if d := cmpPkg(a.DependencyPackage, b.DependencyPackage); d != 0 {
 		return d < 0
 	}
-	if d := strings.Compare(a.VersionRange, b.VersionRange); d != 0 {
-		return d < 0
-	}
 	if d := strings.Compare(a.Justification, b.Justification); d != 0 {
 		return d < 0
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -46,7 +46,6 @@ query isDependency { @@
             }
           }
         }
-        versionRange
         origin
         collector
       }
@@ Expand Down @@