Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove isDependency to pkgName #2021

Merged
merged 12 commits into from
Jul 16, 2024
Merged

Remove isDependency to pkgName #2021

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
d031b50
remove un-needed fields from isDep in the graphql schema
pxp928 Jul 10, 2024
0a6acf6
remove un-needed fields from isDep in the graphql schema
pxp928 Jul 10, 2024
e8f78b2
update bulk assembler to only ingest pkgVersion
pxp928 Jul 10, 2024
765b118
update arango backend and remove version range from filter and input …
pxp928 Jul 12, 2024
afd4a55
remove version range from deps.dev handler
pxp928 Jul 12, 2024
eb02bb2
update keyvalue backend for isDep
pxp928 Jul 12, 2024
bfd1ea8
update ent backend isDep
pxp928 Jul 12, 2024
528f556
update cmd and other usecases of depPkgName
pxp928 Jul 15, 2024
0dec308
fix patch planning unit tests and lint issues
pxp928 Jul 15, 2024
345ae17
update e2e query output for isDep
pxp928 Jul 16, 2024
919854a
add check to bulk assembler for nil values
pxp928 Jul 16, 2024
c890709
update ent schema
pxp928 Jul 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 17 additions & 30 deletions cmd/guacone/cmd/vulnerability.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ import (
"os"
"strings"

"github.com/guacsec/guac/pkg/dependencies"

"github.com/Khan/genqlient/graphql"
model "github.com/guacsec/guac/pkg/assembler/clients/generated"
"github.com/guacsec/guac/pkg/assembler/helpers"
Expand Down Expand Up @@ -518,37 +516,26 @@ func searchPkgViaHasSBOM(ctx context.Context, gqlclient graphql.Client, searchSt
if isDep.DependencyPackage.Type == guacType {
continue
}
var matchingDepPkgVersionIDs []string
if len(isDep.DependencyPackage.Namespaces[0].Names[0].Versions) == 0 {
findMatchingDepPkgVersionIDs, err := dependencies.FindDepPkgVersionIDs(ctx, gqlclient, isDep.DependencyPackage.Type, isDep.DependencyPackage.Namespaces[0].Namespace,
isDep.DependencyPackage.Namespaces[0].Names[0].Name, isDep.VersionRange)
if err != nil {
return nil, nil, fmt.Errorf("error from FindMatchingDepPkgVersionIDs:%w", err)
depPkgID := isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id
dfsN, seen := nodeMap[depPkgID]
if !seen {
dfsN = dfsNode{
parent: now,
pkgID: depPkgID,
depth: nowNode.depth + 1,
}
matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, findMatchingDepPkgVersionIDs...)
} else {
matchingDepPkgVersionIDs = append(matchingDepPkgVersionIDs, isDep.DependencyPackage.Namespaces[0].Names[0].Versions[0].Id)
nodeMap[depPkgID] = dfsN
}
for _, pkgID := range matchingDepPkgVersionIDs {
dfsN, seen := nodeMap[pkgID]
if !seen {
dfsN = dfsNode{
parent: now,
pkgID: pkgID,
depth: nowNode.depth + 1,
}
nodeMap[pkgID] = dfsN
}
if !dfsN.expanded {
queue = append(queue, pkgID)
}
pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, pkgID, isDep)
if err != nil {
return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err)
}
collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors)
checkedPkgIDs[pkgID] = true
if !dfsN.expanded {
queue = append(queue, depPkgID)
}
pkgVersionNeighbors, err := getVulnAndVexNeighbors(ctx, gqlclient, depPkgID, isDep)
if err != nil {
return nil, nil, fmt.Errorf("getVulnAndVexNeighbors failed with error: %w", err)
}
collectedPkgVersionResults = append(collectedPkgVersionResults, pkgVersionNeighbors)
checkedPkgIDs[depPkgID] = true

}
}
nowNode.expanded = true
Expand Down
1 change: 0 additions & 1 deletion demo/graphql/queries.gql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ query PkgQ4 {
fragment allIsDependencyTree on IsDependency {
id
justification
versionRange
package {
...allPkgTree
}
Expand Down
1 change: 0 additions & 1 deletion demo/workflow/queries.gql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ query isDependency {
}
}
}
versionRange
origin
collector
}
Expand Down
86 changes: 20 additions & 66 deletions internal/testing/backend/hasSBOM_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@ import (
)

type testDependency struct {
pkg *model.PkgInputSpec
depPkg *model.PkgInputSpec
matchType model.MatchFlags
isDep *model.IsDependencyInputSpec
pkg *model.PkgInputSpec
depPkg *model.PkgInputSpec
isDep *model.IsDependencyInputSpec
}

type testOccurrence struct {
Expand Down Expand Up @@ -106,33 +105,29 @@ var includedPackageArtifacts = &model.PackageOrArtifactInputs{
}

var includedDependency1 = &model.IsDependencyInputSpec{
VersionRange: "dep1_range",
DependencyType: model.DependencyTypeDirect,
Justification: "dep1_justification",
Origin: "dep1_origin",
Collector: "dep1_collector",
}

var includedDependency2 = &model.IsDependencyInputSpec{
VersionRange: "dep2_range",
DependencyType: model.DependencyTypeIndirect,
Justification: "dep2_justification",
Origin: "dep2_origin",
Collector: "dep2_collector",
}

var includedTestDependency1 = &testDependency{
pkg: includedPackage1,
depPkg: includedPackage2,
matchType: mSpecific,
isDep: includedDependency1,
pkg: includedPackage1,
depPkg: includedPackage2,
isDep: includedDependency1,
}

var includedTestDependency2 = &testDependency{
pkg: includedPackage1,
depPkg: includedPackage3,
matchType: mSpecific,
isDep: includedDependency2,
pkg: includedPackage1,
depPkg: includedPackage3,
isDep: includedDependency2,
}

var includedTestDependencies = []testDependency{*includedTestDependency1, *includedTestDependency2}
Expand Down Expand Up @@ -263,15 +258,13 @@ var includedTestExpectedSBOM = &model.HasSbom{
IncludedDependencies: []*model.IsDependency{{
Package: includedTestExpectedPackage1,
DependencyPackage: includedTestExpectedPackage2,
VersionRange: "dep1_range",
DependencyType: model.DependencyTypeDirect,
Justification: "dep1_justification",
Origin: "dep1_origin",
Collector: "dep1_collector",
}, {
Package: includedTestExpectedPackage1,
DependencyPackage: includedTestExpectedPackage3,
VersionRange: "dep2_range",
DependencyType: model.DependencyTypeIndirect,
Justification: "dep2_justification",
Origin: "dep2_origin",
Expand Down Expand Up @@ -486,9 +479,8 @@ func TestHasSBOM(t *testing.T) {
Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
},
IsDeps: []testDependency{{
pkg: testdata.P2,
depPkg: testdata.P4,
matchType: mSpecific,
pkg: testdata.P2,
depPkg: testdata.P4,
isDep: &model.IsDependencyInputSpec{
Justification: "test justification",
},
Expand Down Expand Up @@ -739,9 +731,8 @@ func TestHasSBOM(t *testing.T) {
Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
},
IsDeps: []testDependency{{
pkg: testdata.P2,
depPkg: testdata.P4,
matchType: mSpecific,
pkg: testdata.P2,
depPkg: testdata.P4,
isDep: &model.IsDependencyInputSpec{
Justification: "test justification",
},
Expand Down Expand Up @@ -1841,40 +1832,6 @@ func TestHasSBOM(t *testing.T) {
Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{Package: &model.PkgSpec{Name: ptrfrom.String("invalid_name")}, DependencyPackage: &model.PkgSpec{Name: &includedPackage2.Name}}}},
ExpHS: nil,
},
{
Name: "IncludedDependencies - Valid Included VersionRange",
InPkg: includedPackages,
InArt: includedArtifacts,
InSrc: includedSources,
PkgArt: includedPackageArtifacts,
IsDeps: includedTestDependencies,
IsOccs: includedTestOccurrences,
Calls: []call{{
Sub: model.PackageOrArtifactInput{
Package: &model.IDorPkgInput{PackageInput: includedPackage1},
},
HS: includedHasSBOM,
}},
Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: &includedDependency1.VersionRange}}},
ExpHS: []*model.HasSbom{includedTestExpectedSBOM},
},
{
Name: "IncludedDependencies - Invalid Included VersionRange",
InPkg: includedPackages,
InArt: includedArtifacts,
InSrc: includedSources,
PkgArt: includedPackageArtifacts,
IsDeps: includedTestDependencies,
IsOccs: includedTestOccurrences,
Calls: []call{{
Sub: model.PackageOrArtifactInput{
Package: &model.IDorPkgInput{PackageInput: includedPackage1},
},
HS: includedHasSBOM,
}},
Query: &model.HasSBOMSpec{IncludedDependencies: []*model.IsDependencySpec{{VersionRange: ptrfrom.String("invalid_range")}}},
ExpHS: nil,
},
{
Name: "IncludedDependencies - Valid Included DependencyType",
InPkg: includedPackages,
Expand Down Expand Up @@ -1913,7 +1870,6 @@ func TestHasSBOM(t *testing.T) {
Query: &model.HasSBOMSpec{
IncludedDependencies: []*model.IsDependencySpec{{
DependencyType: &includedDependency2.DependencyType,
VersionRange: &includedDependency1.VersionRange,
Justification: &includedDependency1.Justification,
}},
},
Expand Down Expand Up @@ -2768,7 +2724,7 @@ func TestHasSBOM(t *testing.T) {
}

for _, dep := range test.IsDeps {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
t.Fatalf("Could not ingest dependency: %v", err)
} else {
includes.Dependencies = append(includes.Dependencies, isDep)
Expand Down Expand Up @@ -2946,9 +2902,8 @@ func TestIngestHasSBOMs(t *testing.T) {
Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
},
IsDeps: []testDependency{{
pkg: testdata.P2,
depPkg: testdata.P4,
matchType: mSpecific,
pkg: testdata.P2,
depPkg: testdata.P4,
isDep: &model.IsDependencyInputSpec{
Justification: "test justification",
},
Expand Down Expand Up @@ -3124,7 +3079,7 @@ func TestIngestHasSBOMs(t *testing.T) {
}

for _, dep := range test.IsDeps {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
t.Fatalf("Could not ingest dependency: %v", err)
} else {
includes.Dependencies = append(includes.Dependencies, isDep)
Expand Down Expand Up @@ -3201,9 +3156,8 @@ func TestDeleteHasSBOM(t *testing.T) {
Artifacts: []*model.IDorArtifactInput{{ArtifactInput: testdata.A1}},
},
IsDeps: []testDependency{{
pkg: testdata.P2,
depPkg: testdata.P4,
matchType: mSpecific,
pkg: testdata.P2,
depPkg: testdata.P4,
isDep: &model.IsDependencyInputSpec{
Justification: "test justification",
},
Expand Down Expand Up @@ -3351,7 +3305,7 @@ func TestDeleteHasSBOM(t *testing.T) {
}

for _, dep := range test.IsDeps {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, dep.matchType, *dep.isDep); err != nil {
if isDep, err := b.IngestDependency(ctx, model.IDorPkgInput{PackageInput: dep.pkg}, model.IDorPkgInput{PackageInput: dep.depPkg}, *dep.isDep); err != nil {
t.Fatalf("Could not ingest dependency: %v", err)
} else {
includes.Dependencies = append(includes.Dependencies, isDep)
Expand Down
5 changes: 0 additions & 5 deletions internal/testing/backend/helpers_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,6 @@ var (
testTime2 = time.Unix(1e9, 0)
startTime = time.Now()
finishTime = time.Now().Add(10 * time.Second)
mAll = model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}
mSpecific = model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}
)

var ignoreID = cmp.FilterPath(func(p cmp.Path) bool {
Expand Down Expand Up @@ -440,9 +438,6 @@ func lessIsDep(a, b *model.IsDependency) bool {
if d := cmpPkg(a.DependencyPackage, b.DependencyPackage); d != 0 {
return d < 0
}
if d := strings.Compare(a.VersionRange, b.VersionRange); d != 0 {
return d < 0
}
if d := strings.Compare(a.Justification, b.Justification); d != 0 {
return d < 0
}
Expand Down
Loading
Loading