Feature/pkg equals bulk ingestion and arango updates (guacsec#1239)

* update generated code Signed-off-by: pxp928 <[email protected]> * update bulk assembler and rename ingest hashEqauls Signed-off-by: pxp928 <[email protected]> * udpate resolver with unit tests Signed-off-by: pxp928 <[email protected]> * add to backend interface Signed-off-by: pxp928 <[email protected]> * update inmem backend with tests Signed-off-by: pxp928 <[email protected]> * fix inmem unit tests Signed-off-by: pxp928 <[email protected]> * update inmem pkgEqual Signed-off-by: pxp928 <[email protected]> --------- Signed-off-by: pxp928 <[email protected]>
ctron · Sep 8, 2023 · 70774ce · 70774ce
1 parent 4f2c49e
commit 70774ce
Show file tree

Hide file tree

Showing 22 changed files with 2,447 additions and 293 deletions.
diff --git a/cmd/guacgql/cmd/ingest.go b/cmd/guacgql/cmd/ingest.go
@@ -1255,7 +1255,7 @@ func ingestPkgEqual(ctx context.Context, client graphql.Client) {
 		if _, err := model.IngestPackage(ctx, client, ingest.depPkg); err != nil {
 			logger.Errorf("Error in ingesting dependency package: %v\n", err)
 		}
-		if _, err := model.PkgEqual(ctx, client, ingest.pkg, ingest.depPkg, ingest.pkgEqual); err != nil {
+		if _, err := model.IngestPkgEqual(ctx, client, ingest.pkg, ingest.depPkg, ingest.pkgEqual); err != nil {
 			logger.Errorf("Error in ingesting: %v\n", err)
 		}
 	}
@@ -1957,7 +1957,7 @@ func ingestHashEqual(ctx context.Context, client graphql.Client) {
 		if _, err := model.IngestArtifact(ctx, client, ingest.equalArtifact); err != nil {
 			logger.Errorf("Error in ingesting equal artifact: %v\n", err)
 		}
-		if _, err := model.HashEqual(ctx, client, ingest.artifact, ingest.equalArtifact, ingest.hashEqual); err != nil {
+		if _, err := model.IngestHashEqual(ctx, client, ingest.artifact, ingest.equalArtifact, ingest.hashEqual); err != nil {
 			logger.Errorf("Error in ingesting: %v\n", err)
 		}
 	}

diff --git a/internal/testing/mocks/backend.go b/internal/testing/mocks/backend.go
diff --git a/pkg/assembler/backends/arangodb/backend.go b/pkg/assembler/backends/arangodb/backend.go
@@ -128,6 +128,12 @@ const (
 	vulnEqualSubjectVulnEdgesStr string = "vulnEqualSubjectVulnEdges"
 	vulnEqualsStr                string = "vulnEquals"
 
+	// pkgEquals collections
+
+	pkgEqualPkgEdgesStr        string = "pkgEqualPkgEdges"
+	pkgEqualSubjectPkgEdgesStr string = "pkgEqualSubjectPkgEdges"
+	pkgEqualsStr               string = "pkgEquals"
+
 	// certifyScorecard collection
 
 	scorecardSrcEdgesStr string = "scorecardSrcEdges"
@@ -408,6 +414,17 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
 		vulnEqualSubjectVulnEdges.From = []string{vulnerabilitiesStr}
 		vulnEqualSubjectVulnEdges.To = []string{vulnEqualsStr}
 
+		// setup pkgEqual collections
+		var pkgEqualPkgEdges driver.EdgeDefinition
+		pkgEqualPkgEdges.Collection = pkgEqualPkgEdgesStr
+		pkgEqualPkgEdges.From = []string{pkgEqualsStr}
+		pkgEqualPkgEdges.To = []string{pkgVersionsStr}
+
+		var pkgEqualSubjectPkgEdges driver.EdgeDefinition
+		pkgEqualSubjectPkgEdges.Collection = pkgEqualSubjectPkgEdgesStr
+		pkgEqualSubjectPkgEdges.From = []string{pkgVersionsStr}
+		pkgEqualSubjectPkgEdges.To = []string{pkgEqualsStr}
+
 		// setup certifyScorecard collections
 		var certifyScorecardSrcEdges driver.EdgeDefinition
 		certifyScorecardSrcEdges.Collection = scorecardSrcEdgesStr
@@ -464,7 +481,8 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
 			hasSLSABuiltByEdges, hasSLSABuiltFromEdges, hashEqualArtEdges, hashEqualSubjectArtEdges, hasSBOMPkgEdges,
 			hasSBOMArtEdges, certifyVulnPkgEdges, certifyVulnEdges, certifyScorecardSrcEdges, certifyBadPkgVersionEdges, certifyBadPkgNameEdges,
 			certifyBadArtEdges, certifyBadSrcEdges, certifyGoodPkgVersionEdges, certifyGoodPkgNameEdges, certifyGoodArtEdges, certifyGoodSrcEdges,
-			certifyVexPkgEdges, certifyVexArtEdges, certifyVexVulnEdges, vulnMetadataEdges, vulnEqualVulnEdges, vulnEqualSubjectVulnEdges}
+			certifyVexPkgEdges, certifyVexArtEdges, certifyVexVulnEdges, vulnMetadataEdges, vulnEqualVulnEdges, vulnEqualSubjectVulnEdges,
+			pkgEqualPkgEdges, pkgEqualSubjectPkgEdges}
 
 		// create a graph
 		graph, err = db.CreateGraphV2(ctx, "guac", &options)
@@ -816,20 +834,12 @@ func (c *arangoClient) HasSourceAt(ctx context.Context, hasSourceAtSpec *model.H
 	panic(fmt.Errorf("not implemented: HasSourceAt - HasSourceAt"))
 }
 
-func (c *arangoClient) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqualSpec) ([]*model.PkgEqual, error) {
-	panic(fmt.Errorf("not implemented: PkgEqual - PkgEqual"))
-}
-
 // Mutations for evidence trees (read-write queries, assume software trees ingested)
 
 func (c *arangoClient) IngestHasSourceAt(ctx context.Context, pkg model.PkgInputSpec, pkgMatchType model.MatchFlags, source model.SourceInputSpec, hasSourceAt model.HasSourceAtInputSpec) (*model.HasSourceAt, error) {
 	panic(fmt.Errorf("not implemented: IngestHasSourceAt - IngestHasSourceAt"))
 }
 
-func (c *arangoClient) IngestPkgEqual(ctx context.Context, pkg model.PkgInputSpec, depPkg model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) (*model.PkgEqual, error) {
-	panic(fmt.Errorf("not implemented: IngestPkgEqual - IngestPkgEqual"))
-}
-
 // Topological queries: queries where node connectivity matters more than node type
 func (c *arangoClient) Neighbors(ctx context.Context, node string, usingOnly []model.Edge) ([]model.Node, error) {
 	panic(fmt.Errorf("not implemented: Neighbors - Neighbors"))