Feature/vuln equal bulk ingestion and arango updates (guacsec#1227)

* add bulk ingest for vulnEqual graphQL schema Signed-off-by: pxp928 <[email protected]> * update resolver with tests Signed-off-by: pxp928 <[email protected]> * updated bulk assembler Signed-off-by: pxp928 <[email protected]> * update inmem backend with tests Signed-off-by: pxp928 <[email protected]> * add unit test for vuln Equal Signed-off-by: pxp928 <[email protected]> * update unit tests for vulnEqual Signed-off-by: pxp928 <[email protected]> --------- Signed-off-by: pxp928 <[email protected]>
ctron · Sep 7, 2023 · 9fdc9a2 · 9fdc9a2
1 parent e59bbf4
commit 9fdc9a2
Show file tree

Hide file tree

Showing 22 changed files with 2,212 additions and 124 deletions.
diff --git a/cmd/guacgql/cmd/ingest.go b/cmd/guacgql/cmd/ingest.go
@@ -2241,7 +2241,7 @@ func ingestIsVulnerability(ctx context.Context, client graphql.Client) {
 		if _, err := model.IngestVulnerability(ctx, client, *ingest.otherVuln); err != nil {
 			logger.Errorf("Error in ingesting other vuln: %v\n", err)
 		}
-		if _, err := model.VulnEqual(ctx, client, *ingest.vuln, *ingest.otherVuln, ingest.vulnEqual); err != nil {
+		if _, err := model.IngestVulnEqual(ctx, client, *ingest.vuln, *ingest.otherVuln, ingest.vulnEqual); err != nil {
 			logger.Errorf("Error in ingesting: %v\n", err)
 		}
 

diff --git a/internal/testing/mocks/backend.go b/internal/testing/mocks/backend.go
diff --git a/pkg/assembler/backends/arangodb/backend.go b/pkg/assembler/backends/arangodb/backend.go
@@ -122,6 +122,12 @@ const (
 	vulnMetadataEdgesStr string = "vulnMetadataEdges"
 	vulnMetadatasStr     string = "vulnMetadatas"
 
+	// vulnEquals collections
+
+	vulnEqualVulnEdgesStr        string = "vulnEqualVulnEdges"
+	vulnEqualSubjectVulnEdgesStr string = "vulnEqualSubjectVulnEdges"
+	vulnEqualsStr                string = "vulnEquals"
+
 	// certifyScorecard collection
 
 	scorecardSrcEdgesStr string = "scorecardSrcEdges"
@@ -391,6 +397,17 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
 		vulnMetadataEdges.From = []string{vulnerabilitiesStr}
 		vulnMetadataEdges.To = []string{vulnMetadatasStr}
 
+		// setup vulnEqual collections
+		var vulnEqualVulnEdges driver.EdgeDefinition
+		vulnEqualVulnEdges.Collection = vulnEqualVulnEdgesStr
+		vulnEqualVulnEdges.From = []string{vulnEqualsStr}
+		vulnEqualVulnEdges.To = []string{vulnerabilitiesStr}
+
+		var vulnEqualSubjectVulnEdges driver.EdgeDefinition
+		vulnEqualSubjectVulnEdges.Collection = vulnEqualSubjectVulnEdgesStr
+		vulnEqualSubjectVulnEdges.From = []string{vulnerabilitiesStr}
+		vulnEqualSubjectVulnEdges.To = []string{vulnEqualsStr}
+
 		// setup certifyScorecard collections
 		var certifyScorecardSrcEdges driver.EdgeDefinition
 		certifyScorecardSrcEdges.Collection = scorecardSrcEdgesStr
@@ -447,7 +464,7 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
 			hasSLSABuiltByEdges, hasSLSABuiltFromEdges, hashEqualArtEdges, hashEqualSubjectArtEdges, hasSBOMPkgEdges,
 			hasSBOMArtEdges, certifyVulnPkgEdges, certifyVulnEdges, certifyScorecardSrcEdges, certifyBadPkgVersionEdges, certifyBadPkgNameEdges,
 			certifyBadArtEdges, certifyBadSrcEdges, certifyGoodPkgVersionEdges, certifyGoodPkgNameEdges, certifyGoodArtEdges, certifyGoodSrcEdges,
-			certifyVexPkgEdges, certifyVexArtEdges, certifyVexVulnEdges, vulnMetadataEdges}
+			certifyVexPkgEdges, certifyVexArtEdges, certifyVexVulnEdges, vulnMetadataEdges, vulnEqualVulnEdges, vulnEqualSubjectVulnEdges}
 
 		// create a graph
 		graph, err = db.CreateGraphV2(ctx, "guac", &options)
@@ -799,9 +816,6 @@ func (c *arangoClient) HasSourceAt(ctx context.Context, hasSourceAtSpec *model.H
 	panic(fmt.Errorf("not implemented: HasSourceAt - HasSourceAt"))
 }
 
-func (c *arangoClient) VulnEqual(ctx context.Context, vulnEqualSpec *model.VulnEqualSpec) ([]*model.VulnEqual, error) {
-	panic(fmt.Errorf("not implemented: VulnEqual"))
-}
 func (c *arangoClient) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqualSpec) ([]*model.PkgEqual, error) {
 	panic(fmt.Errorf("not implemented: PkgEqual - PkgEqual"))
 }
@@ -811,9 +825,7 @@ func (c *arangoClient) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqua
 func (c *arangoClient) IngestHasSourceAt(ctx context.Context, pkg model.PkgInputSpec, pkgMatchType model.MatchFlags, source model.SourceInputSpec, hasSourceAt model.HasSourceAtInputSpec) (*model.HasSourceAt, error) {
 	panic(fmt.Errorf("not implemented: IngestHasSourceAt - IngestHasSourceAt"))
 }
-func (c *arangoClient) IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) {
-	panic(fmt.Errorf("not implemented: IngestVulnEqual"))
-}
+
 func (c *arangoClient) IngestPkgEqual(ctx context.Context, pkg model.PkgInputSpec, depPkg model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) (*model.PkgEqual, error) {
 	panic(fmt.Errorf("not implemented: IngestPkgEqual - IngestPkgEqual"))
 }

diff --git a/pkg/assembler/backends/arangodb/hashEqual.go b/pkg/assembler/backends/arangodb/hashEqual.go
@@ -239,12 +239,6 @@ func (c *arangoClient) IngestHashEquals(ctx context.Context, artifacts []*model.
 }
 
 func (c *arangoClient) IngestHashEqual(ctx context.Context, artifact model.ArtifactInputSpec, equalArtifact model.ArtifactInputSpec, hashEqual model.HashEqualInputSpec) (*model.HashEqual, error) {
-
-	artifacts := []model.ArtifactInputSpec{artifact, equalArtifact}
-	sort.SliceStable(artifacts, func(i, j int) bool {
-		return artifacts[i].Digest < artifacts[j].Digest
-	})
-
 	query := `
 LET artifact = FIRST(FOR art IN artifacts FILTER art.algorithm == @art_algorithm FILTER art.digest == @art_digest RETURN art)
 LET equalArtifact = FIRST(FOR art IN artifacts FILTER art.algorithm == @equal_algorithm FILTER art.digest == @equal_digest RETURN art)
@@ -275,7 +269,7 @@ RETURN {
     'origin': hashEqual.origin
 }`
 
-	cursor, err := executeQueryWithRetry(ctx, c.db, query, getHashEqualQueryValues(&artifacts[0], &artifacts[1], &hashEqual), "IngestHashEqual")
+	cursor, err := executeQueryWithRetry(ctx, c.db, query, getHashEqualQueryValues(&artifact, &equalArtifact, &hashEqual), "IngestHashEqual")
 	if err != nil {
 		return nil, fmt.Errorf("failed to ingest hashEqual: %w", err)
 	}