Skip to content

Commit

Permalink
Feature/update arango hasSBOM adding includes (#1564)
Browse files Browse the repository at this point in the history 
* update hasSBOM to evaluate includes in arangoDB backend

Signed-off-by: pxp928 <parth.psu@gmail.com>

* add updates to neighbors query for hasSbom

Signed-off-by: pxp928 <parth.psu@gmail.com>

* update unit tests with includes

Signed-off-by: pxp928 <parth.psu@gmail.com>

* update search by ID to collect Includes

Signed-off-by: pxp928 <parth.psu@gmail.com>

* update unit tests with dynamic noun and verb IDs

Signed-off-by: pxp928 <parth.psu@gmail.com>

* update path unit tests for hasSBOM add includes

Signed-off-by: pxp928 <parth.psu@gmail.com>

---------

Signed-off-by: pxp928 <parth.psu@gmail.com>
  • Loading branch information
@pxp928
pxp928 committed Dec 8, 2023
1 parent a4e806c commit 09b3c74
Show file tree
Hide file tree
Showing 16 changed files with 3,247 additions and 197 deletions.
43 changes: 39 additions & 4 deletions pkg/assembler/backends/arangodb/backend.go
View file
Expand Up @@ -127,9 +127,13 @@ const (

// hasSBOM collection

hasSBOMPkgEdgesStr string = "hasSBOMPkgEdges"
hasSBOMArtEdgesStr string = "hasSBOMArtEdges"
hasSBOMsStr string = "hasSBOMs"
hasSBOMPkgEdgesStr string = "hasSBOMPkgEdges"
hasSBOMArtEdgesStr string = "hasSBOMArtEdges"
hasSBOMIncludedSoftwarePkgEdgesStr string = "hasSBOMIncludedSoftwarePkgEdges"
hasSBOMIncludedSoftwareArtEdgesStr string = "hasSBOMIncludedSoftwareArtEdges"
hasSBOMIncludedDependencyEdgesStr string = "hasSBOMIncludedDependencyEdges"
hasSBOMIncludedOccurrenceEdgesStr string = "hasSBOMIncludedOccurrenceEdges"
hasSBOMsStr string = "hasSBOMs"

// hasSourceAt collection

Expand Down Expand Up @@ -219,6 +223,9 @@ var mapEdgeToArangoEdgeCollection = map[model.Edge][]string{
model.EdgePackageCertifyVuln: {certifyVulnPkgEdgesStr},
model.EdgePackageHasMetadata: {hasMetadataPkgNameEdgesStr, hasMetadataPkgVersionEdgesStr},
model.EdgePackageHasSbom: {hasSBOMPkgEdgesStr},
model.EdgeHasSbomIncludedSoftware: {hasSBOMIncludedSoftwarePkgEdgesStr, hasMetadataArtEdgesStr},
model.EdgeHasSbomIncludedDependencies: {hasSBOMIncludedDependencyEdgesStr},
model.EdgeHasSbomIncludedOccurrences: {hasSBOMIncludedOccurrenceEdgesStr},
model.EdgePackageHasSourceAt: {hasMetadataPkgVersionEdgesStr, hasSourceAtPkgNameEdgesStr},
model.EdgePackageIsDependency: {isDependencySubjectPkgEdgesStr},
model.EdgePackageIsOccurrence: {isOccurrenceSubjectPkgEdgesStr},
Expand Down Expand Up @@ -541,6 +548,26 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
hasSBOMArtEdges.From = []string{artifactsStr}
hasSBOMArtEdges.To = []string{hasSBOMsStr}

var hasSBOMIncludedSoftwarePkgEdges driver.EdgeDefinition
hasSBOMIncludedSoftwarePkgEdges.Collection = hasSBOMIncludedSoftwarePkgEdgesStr
hasSBOMIncludedSoftwarePkgEdges.From = []string{hasSBOMsStr}
hasSBOMIncludedSoftwarePkgEdges.To = []string{pkgVersionsStr}

var hasSBOMIncludedSoftwareArtEdges driver.EdgeDefinition
hasSBOMIncludedSoftwareArtEdges.Collection = hasSBOMIncludedSoftwareArtEdgesStr
hasSBOMIncludedSoftwareArtEdges.From = []string{hasSBOMsStr}
hasSBOMIncludedSoftwareArtEdges.To = []string{artifactsStr}

var hasSBOMIncludedDependencyEdges driver.EdgeDefinition
hasSBOMIncludedDependencyEdges.Collection = hasSBOMIncludedDependencyEdgesStr
hasSBOMIncludedDependencyEdges.From = []string{hasSBOMsStr}
hasSBOMIncludedDependencyEdges.To = []string{isDependenciesStr}

var hasSBOMIncludedOccurrenceEdges driver.EdgeDefinition
hasSBOMIncludedOccurrenceEdges.Collection = hasSBOMIncludedOccurrenceEdgesStr
hasSBOMIncludedOccurrenceEdges.From = []string{hasSBOMsStr}
hasSBOMIncludedOccurrenceEdges.To = []string{isOccurrencesStr}

// setup hasSourceAt collections
var hasSourceAtPkgVersionEdges driver.EdgeDefinition
hasSourceAtPkgVersionEdges.Collection = hasSourceAtPkgVersionEdgesStr
Expand Down Expand Up @@ -687,7 +714,8 @@ func getBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen
pkgHasVersion, srcHasNamespace, srcHasName, vulnHasVulnerabilityID, isDependencyDepPkgVersionEdges, isDependencyDepPkgNameEdges, isDependencySubjectPkgEdges,
isOccurrenceArtEdges, isOccurrenceSubjectPkgEdges, isOccurrenceSubjectSrcEdges, hasSLSASubjectArtEdges,
hasSLSABuiltByEdges, hasSLSABuiltFromEdges, hashEqualArtEdges, hashEqualSubjectArtEdges, hasSBOMPkgEdges,
hasSBOMArtEdges, certifyVulnPkgEdges, certifyVulnEdges, certifyScorecardSrcEdges, certifyBadPkgVersionEdges, certifyBadPkgNameEdges,
hasSBOMArtEdges, hasSBOMIncludedSoftwarePkgEdges, hasSBOMIncludedSoftwareArtEdges, hasSBOMIncludedDependencyEdges, hasSBOMIncludedOccurrenceEdges,
certifyVulnPkgEdges, certifyVulnEdges, certifyScorecardSrcEdges, certifyBadPkgVersionEdges, certifyBadPkgNameEdges,
certifyBadArtEdges, certifyBadSrcEdges, certifyGoodPkgVersionEdges, certifyGoodPkgNameEdges, certifyGoodArtEdges, certifyGoodSrcEdges,
certifyVexPkgEdges, certifyVexArtEdges, certifyVexVulnEdges, vulnMetadataEdges, vulnEqualVulnEdges, vulnEqualSubjectVulnEdges,
pkgEqualPkgEdges, pkgEqualSubjectPkgEdges, hasMetadataPkgVersionEdges, hasMetadataPkgNameEdges,
Expand Down Expand Up @@ -1177,3 +1205,10 @@ func getPreloadString(prefix, name string) string {
func ptrfromArangoSearchNGramStreamType(s driver.ArangoSearchNGramStreamType) *driver.ArangoSearchNGramStreamType {
return &s
}

func noMatch(filter *string, value string) bool {
if filter != nil {
return value != *filter
}
return false
}

0 comments on commit 09b3c74

Please sign in to comment.