implement PointOfContact in inmem backend (#1033)

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

pkg/assembler/backends/arangodb/contact.go

@@ -0,0 +1,31 @@
+//
+// Copyright 2023 The GUAC Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package arangodb
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/guacsec/guac/pkg/assembler/graphql/model"
+)
+
+func (c *arangoClient) IngestPointOfContact(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType *model.MatchFlags, pointOfContact model.PointOfContactInputSpec) (*model.PointOfContact, error) {
+	return nil, fmt.Errorf("not implemented: IngestPointOfContact")
+}
+
+func (c *arangoClient) PointOfContact(ctx context.Context, pointOfContactSpec *model.PointOfContactSpec) ([]*model.PointOfContact, error) {
+	return nil, fmt.Errorf("not implemented: PointOfContact")
+}

pkg/assembler/backends/backends.go

@@ -49,6 +49,7 @@ type Backend interface {
 	PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqualSpec) ([]*model.PkgEqual, error)
 	Scorecards(ctx context.Context, certifyScorecardSpec *model.CertifyScorecardSpec) ([]*model.CertifyScorecard, error)
 	HasMetadata(ctx context.Context, hasMetadataSpec *model.HasMetadataSpec) ([]*model.HasMetadata, error)
+	PointOfContact(ctx context.Context, pointOfContactSpec *model.PointOfContactSpec) ([]*model.PointOfContact, error)
 
 	// Mutations for software trees (read-write queries)
 	IngestArtifact(ctx context.Context, artifact *model.ArtifactInputSpec) (*model.Artifact, error)
@@ -79,6 +80,7 @@ type Backend interface {
 	IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error)
 	IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error)
 	IngestHasMetadata(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType *model.MatchFlags, hasMetadata model.HasMetadataInputSpec) (*model.HasMetadata, error)
+	IngestPointOfContact(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType *model.MatchFlags, pointOfContact model.PointOfContactInputSpec) (*model.PointOfContact, error)
 
 	// Topological queries: queries where node connectivity matters more than node type
 	Neighbors(ctx context.Context, node string, usingOnly []model.Edge) ([]model.Node, error)

pkg/assembler/backends/inmem/artifact.go

@@ -30,17 +30,18 @@ import (
 // Internal data: Artifacts
 type artMap map[string]*artStruct
 type artStruct struct {
-	id               uint32
-	algorithm        string
-	digest           string
-	hashEquals       []uint32
-	occurrences      []uint32
-	hasSBOMs         []uint32
-	hasSLSAs         []uint32
-	vexLinks         []uint32
-	badLinks         []uint32
-	goodLinks        []uint32
-	hasMetadataLinks []uint32
+	id                  uint32
+	algorithm           string
+	digest              string
+	hashEquals          []uint32
+	occurrences         []uint32
+	hasSBOMs            []uint32
+	hasSLSAs            []uint32
+	vexLinks            []uint32
+	badLinks            []uint32
+	goodLinks           []uint32
+	hasMetadataLinks    []uint32
+	pointOfContactLinks []uint32
 }
 
 func (n *artStruct) ID() uint32 { return n.id }
@@ -71,6 +72,9 @@ func (n *artStruct) Neighbors(allowedEdges edgeMap) []uint32 {
 	if allowedEdges[model.EdgeArtifactHasMetadata] {
 		out = append(out, n.hasMetadataLinks...)
 	}
+	if allowedEdges[model.EdgeArtifactPointOfContact] {
+		out = append(out, n.pointOfContactLinks...)
+	}
 
 	return out
 }
@@ -89,6 +93,9 @@ func (n *artStruct) setCertifyGoodLinks(id uint32) { n.goodLinks = append(n.good
 func (n *artStruct) setHasMetadataLinks(id uint32) {
 	n.hasMetadataLinks = append(n.hasMetadataLinks, id)
 }
+func (n *artStruct) setPointOfContactLinks(id uint32) {
+	n.pointOfContactLinks = append(n.pointOfContactLinks, id)
+}
 
 // Ingest Artifacts
 

pkg/assembler/backends/inmem/backend.go

@@ -84,6 +84,7 @@ type demoClient struct {
 	equalVulnerabilities equalVulnerabilityList
 	ghsas                ghsaMap
 	hasMetadatas         hasMetadataList
+	pointOfContacts      pointOfContactList
 	hasSBOMs             hasSBOMList
 	hasSLSAs             hasSLSAList
 	hasSources           hasSrcList

pkg/assembler/backends/inmem/pkg.go

@@ -95,33 +95,35 @@ type pkgNameStruct struct {
 }
 type pkgNameMap map[string]*pkgVersionStruct
 type pkgVersionStruct struct {
-	id                uint32
-	parent            uint32
-	name              string
-	versions          pkgVersionList
-	srcMapLinks       []uint32
-	isDependencyLinks []uint32
-	badLinks          []uint32
-	goodLinks         []uint32
-	hasMetadataLinks  []uint32
+	id                  uint32
+	parent              uint32
+	name                string
+	versions            pkgVersionList
+	srcMapLinks         []uint32
+	isDependencyLinks   []uint32
+	badLinks            []uint32
+	goodLinks           []uint32
+	hasMetadataLinks    []uint32
+	pointOfContactLinks []uint32
 }
 type pkgVersionList []*pkgVersionNode
 type pkgVersionNode struct {
-	id                uint32
-	parent            uint32
-	version           string
-	subpath           string
-	qualifiers        map[string]string
-	srcMapLinks       []uint32
-	isDependencyLinks []uint32
-	occurrences       []uint32
-	certifyVulnLinks  []uint32
-	hasSBOMs          []uint32
-	vexLinks          []uint32
-	badLinks          []uint32
-	goodLinks         []uint32
-	hasMetadataLinks  []uint32
-	pkgEquals         []uint32
+	id                  uint32
+	parent              uint32
+	version             string
+	subpath             string
+	qualifiers          map[string]string
+	srcMapLinks         []uint32
+	isDependencyLinks   []uint32
+	occurrences         []uint32
+	certifyVulnLinks    []uint32
+	hasSBOMs            []uint32
+	vexLinks            []uint32
+	badLinks            []uint32
+	goodLinks           []uint32
+	hasMetadataLinks    []uint32
+	pointOfContactLinks []uint32
+	pkgEquals           []uint32
 }
 
 // Be type safe, don't use any / interface{}
@@ -137,6 +139,9 @@ type pkgNameOrVersion interface {
 	getCertifyGoodLinks() []uint32
 	setHasMetadataLinks(id uint32)
 	getHasMetadataLinks() []uint32
+	setPointOfContactLinks(id uint32)
+	getPointOfContactLinks() []uint32
+
 	node
 }
 
@@ -181,6 +186,10 @@ func (n *pkgVersionStruct) Neighbors(allowedEdges edgeMap) []uint32 {
 	if allowedEdges[model.EdgePackageHasMetadata] {
 		out = append(out, n.hasMetadataLinks...)
 	}
+	if allowedEdges[model.EdgePackagePointOfContact] {
+		out = append(out, n.pointOfContactLinks...)
+	}
+
 	return out
 }
 func (n *pkgVersionNode) Neighbors(allowedEdges edgeMap) []uint32 {
@@ -216,6 +225,9 @@ func (n *pkgVersionNode) Neighbors(allowedEdges edgeMap) []uint32 {
 	if allowedEdges[model.EdgePackageHasMetadata] {
 		out = append(out, n.hasMetadataLinks...)
 	}
+	if allowedEdges[model.EdgePackagePointOfContact] {
+		out = append(out, n.pointOfContactLinks...)
+	}
 
 	return out
 }
@@ -290,6 +302,16 @@ func (p *pkgVersionNode) setHasMetadataLinks(id uint32) {
 func (p *pkgVersionStruct) getHasMetadataLinks() []uint32 { return p.hasMetadataLinks }
 func (p *pkgVersionNode) getHasMetadataLinks() []uint32   { return p.hasMetadataLinks }
 
+// pointOfContact back edges
+func (p *pkgVersionStruct) setPointOfContactLinks(id uint32) {
+	p.pointOfContactLinks = append(p.pointOfContactLinks, id)
+}
+func (p *pkgVersionNode) setPointOfContactLinks(id uint32) {
+	p.pointOfContactLinks = append(p.pointOfContactLinks, id)
+}
+func (p *pkgVersionStruct) getPointOfContactLinks() []uint32 { return p.pointOfContactLinks }
+func (p *pkgVersionNode) getPointOfContactLinks() []uint32   { return p.pointOfContactLinks }
+
 // pkgEqual back edges
 func (p *pkgVersionNode) setPkgEquals(id uint32) { p.pkgEquals = append(p.pkgEquals, id) }