Include Timestamps for Verbs (#1338)

* Included Timestamp for Verbs * Fixes #1030 Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Edited GraphQL Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Fixed some stuff Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Fixed SBOM issue Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Fixed tests Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Stored Times to UTC Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> * Updated spec Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com> --------- Signed-off-by: nathannaveen <42319948+nathannaveen@users.noreply.github.com>
guacsec · Oct 4, 2023 · d681a8d · d681a8d
1 parent 686fcad
commit d681a8d
Show file tree

Hide file tree

Showing 33 changed files with 704 additions and 56 deletions.
diff --git a/cmd/guacgql/cmd/ingest.go b/cmd/guacgql/cmd/ingest.go
@@ -1965,6 +1965,7 @@ func ingestHashEqual(ctx context.Context, client graphql.Client) {
 
 func ingestHasSBOM(ctx context.Context, client graphql.Client) {
 	logger := logging.FromContext(ctx)
+	tm, _ := time.Parse(time.RFC3339, "2022-11-21T17:45:50.52Z")
 	opensslNs := "openssl.org"
 	opensslVersion := "3.0.3"
 	ingestHasSBOM := []struct {
@@ -1989,6 +1990,7 @@ func ingestHasSBOM(ctx context.Context, client graphql.Client) {
 				DownloadLocation: "uri: download location of the SBOM",
 				Origin:           "Demo ingestion",
 				Collector:        "Demo ingestion",
+				KnownSince:       tm,
 			},
 		},
 		{
@@ -2004,6 +2006,7 @@ func ingestHasSBOM(ctx context.Context, client graphql.Client) {
 				DownloadLocation: "uri: download location of the SBOM",
 				Origin:           "Demo ingestion",
 				Collector:        "Demo ingestion",
+				KnownSince:       tm,
 			},
 		},
 		{
@@ -2022,6 +2025,7 @@ func ingestHasSBOM(ctx context.Context, client graphql.Client) {
 				DownloadLocation: "uri: download location of the SBOM",
 				Origin:           "Demo ingestion",
 				Collector:        "Demo ingestion",
+				KnownSince:       tm,
 			},
 		},
 		{
@@ -2037,6 +2041,7 @@ func ingestHasSBOM(ctx context.Context, client graphql.Client) {
 				DownloadLocation: "uri: download location of the SBOM",
 				Origin:           "Demo ingestion",
 				Collector:        "Demo ingestion",
+				KnownSince:       tm,
 			},
 		},
 	}

diff --git a/cmd/guacone/cmd/certify.go b/cmd/guacone/cmd/certify.go
@@ -20,6 +20,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"time"
 
 	"github.com/guacsec/guac/pkg/assembler"
 	model "github.com/guacsec/guac/pkg/assembler/clients/generated"
@@ -122,6 +123,7 @@ var certifyCmd = &cobra.Command{
 				Justification: opts.justification,
 				Origin:        "GUAC Certify CLI",
 				Collector:     "GUAC",
+				KnownSince:    time.Now().UTC(),
 			}
 			preds.CertifyGood = append(preds.CertifyGood, *certifyGood)
 		} else {
@@ -140,6 +142,7 @@ var certifyCmd = &cobra.Command{
 				Justification: opts.justification,
 				Origin:        "GUAC Certify CLI",
 				Collector:     "GUAC",
+				KnownSince:    time.Now().UTC(),
 			}
 			preds.CertifyBad = append(preds.CertifyBad, *certifyBad)
 		}

diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go
@@ -725,6 +725,8 @@ var (
 		},
 	}
 
+	spdxTime, _ = time.Parse(time.RFC3339, "2022-09-24T17:27:55.556104Z")
+
 	SpdxHasSBOM = []assembler.HasSBOMIngest{
 		{
 			Pkg: topLevelPack,
@@ -733,6 +735,7 @@ var (
 				Algorithm:        "sha256",
 				Digest:           "8b5e8212cae084f92ff91f8625a50ea1070738cfc68ecca08bf04d64f64b9feb",
 				DownloadLocation: "TestSource",
+				KnownSince:       spdxTime,
 			},
 		},
 	}
@@ -852,6 +855,8 @@ var (
 		},
 	}
 
+	cdxTime, _ = time.Parse(time.RFC3339, "2022-10-08T10:01:23-04:00")
+
 	CdxHasSBOM = []assembler.HasSBOMIngest{
 		{
 			Pkg: cdxTopLevelPack,
@@ -860,6 +865,7 @@ var (
 				Algorithm:        "sha256",
 				Digest:           "01942b5eefd3c15b50318c66d8d16627be573197c877e8a286a8cb12de7939cb",
 				DownloadLocation: "TestSource",
+				KnownSince:       cdxTime,
 			},
 		},
 	}
@@ -942,6 +948,8 @@ var (
 		},
 	}
 
+	cdxQuarkusTime, _ = time.Parse(time.RFC3339, "2022-11-09T11:14:31Z")
+
 	CdxQuarkusHasSBOM = []assembler.HasSBOMIngest{
 		{
 			Pkg: cdxTopQuarkusPack,
@@ -950,6 +958,7 @@ var (
 				Algorithm:        "sha256",
 				Digest:           "036a9f51468f5ce6eec7c310583164ed0ab9f58d7c03380a3fe19d420609e3de",
 				DownloadLocation: "TestSource",
+				KnownSince:       cdxQuarkusTime,
 			},
 		},
 	}
@@ -977,6 +986,8 @@ var (
 		},
 	}
 
+	cdxNpmTime, _ = time.Parse(time.RFC3339, "2022-11-22T17:14:57Z")
+
 	CdxNpmHasSBOM = []assembler.HasSBOMIngest{
 		{
 			Pkg: cdxWebAppPackage,
@@ -985,6 +996,7 @@ var (
 				Algorithm:        "sha256",
 				Digest:           "35363f03c80f26a88db6f2400771bdcc6624bb7b61b96da8503be0f757605fde",
 				DownloadLocation: "TestSource",
+				KnownSince:       cdxNpmTime,
 			},
 		},
 	}
@@ -995,6 +1007,7 @@ var (
 	}
 
 	quarkusParentPackage, _ = asmhelpers.PurlToPkg("pkg:maven/io.quarkus/quarkus-parent@999-SNAPSHOT?type=pom")
+	quarkusTime, _          = time.Parse(time.RFC3339, "2023-02-16T21:52:02Z")
 
 	quarkusParentPackageHasSBOM = []assembler.HasSBOMIngest{
 		{
@@ -1004,6 +1017,7 @@ var (
 				Algorithm:        "sha256",
 				Digest:           "fcd4d1f9c83c274fbc2dabdca4e7de749b23fab1aa15dc2854880a13479fa74e",
 				DownloadLocation: "TestSource",
+				KnownSince:       quarkusTime,
 			},
 		},
 	}

diff --git a/pkg/assembler/backends/inmem/certifyBad.go b/pkg/assembler/backends/inmem/certifyBad.go
@@ -18,12 +18,15 @@ package inmem
 import (
 	"context"
 	"strconv"
+	"time"
 
 	"github.com/vektah/gqlparser/v2/gqlerror"
 
 	"github.com/guacsec/guac/pkg/assembler/graphql/model"
 )
 
+// TODO: update the other backends to handle the new timestamp fields beacuse of: https://github.com/guacsec/guac/pull/1338/files#r1343080326
+
 // Internal data: link that a package/source/artifact is bad
 type badList []*badLink
 type badLink struct {
@@ -34,6 +37,7 @@ type badLink struct {
 	justification string
 	origin        string
 	collector     string
+	knownSince    time.Time
 }
 
 func (n *badLink) ID() uint32 { return n.id }
@@ -157,7 +161,8 @@ func (c *demoClient) ingestCertifyBad(ctx context.Context, subject model.Package
 			subjectMatch = true
 		}
 		if subjectMatch && certifyBad.Justification == v.justification &&
-			certifyBad.Origin == v.origin && certifyBad.Collector == v.collector {
+			certifyBad.Origin == v.origin && certifyBad.Collector == v.collector &&
+			certifyBad.KnownSince.Equal(v.knownSince) {
 
 			collectedCertifyBadLink = *v
 			duplicate = true
@@ -180,6 +185,7 @@ func (c *demoClient) ingestCertifyBad(ctx context.Context, subject model.Package
 			justification: certifyBad.Justification,
 			origin:        certifyBad.Origin,
 			collector:     certifyBad.Collector,
+			knownSince:    certifyBad.KnownSince.UTC(),
 		}
 		c.index[collectedCertifyBadLink.id] = &collectedCertifyBadLink
 		c.certifyBads = append(c.certifyBads, &collectedCertifyBadLink)
@@ -282,14 +288,13 @@ func (c *demoClient) addCBIfMatch(out []*model.CertifyBad,
 	filter *model.CertifyBadSpec, link *badLink) (
 	[]*model.CertifyBad, error) {
 
-	if filter != nil && noMatch(filter.Justification, link.justification) {
-		return out, nil
-	}
-	if filter != nil && noMatch(filter.Collector, link.collector) {
-		return out, nil
-	}
-	if filter != nil && noMatch(filter.Origin, link.origin) {
-		return out, nil
+	if filter != nil {
+		if noMatch(filter.Justification, link.justification) ||
+			noMatch(filter.Collector, link.collector) ||
+			noMatch(filter.Origin, link.origin) ||
+			(filter.KnownSince != nil && filter.KnownSince.After(link.knownSince)) {
+			return out, nil
+		}
 	}
 
 	foundCertifyBad, err := c.buildCertifyBad(link, filter, false)
@@ -379,6 +384,7 @@ func (c *demoClient) buildCertifyBad(link *badLink, filter *model.CertifyBadSpec
 		Justification: link.justification,
 		Origin:        link.origin,
 		Collector:     link.collector,
+		KnownSince:    link.knownSince.UTC(),
 	}
 	return &certifyBad, nil
 }
diff --git a/pkg/assembler/backends/inmem/certifyBad_test.go b/pkg/assembler/backends/inmem/certifyBad_test.go
@@ -19,6 +19,7 @@ import (
 	"context"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/guacsec/guac/internal/testing/ptrfrom"
@@ -28,6 +29,8 @@ import (
 )
 
 func TestCertifyBad(t *testing.T) {
+	curTime := time.Now()
+	timeAfterOneSecond := curTime.Add(time.Second)
 	type call struct {
 		Sub   model.PackageSourceOrArtifactInput
 		Match *model.MatchFlags
@@ -170,6 +173,43 @@ func TestCertifyBad(t *testing.T) {
 				},
 			},
 		},
+		{
+			Name:  "Query on KnownSince",
+			InPkg: []*model.PkgInputSpec{p1},
+			Calls: []call{
+				{
+					Sub: model.PackageSourceOrArtifactInput{
+						Package: p1,
+					},
+					Match: &model.MatchFlags{
+						Pkg: model.PkgMatchTypeSpecificVersion,
+					},
+					CB: &model.CertifyBadInputSpec{
+						KnownSince: timeAfterOneSecond,
+					},
+				},
+				{
+					Sub: model.PackageSourceOrArtifactInput{
+						Package: p1,
+					},
+					Match: &model.MatchFlags{
+						Pkg: model.PkgMatchTypeSpecificVersion,
+					},
+					CB: &model.CertifyBadInputSpec{
+						KnownSince: curTime,
+					},
+				},
+			},
+			Query: &model.CertifyBadSpec{
+				KnownSince: &timeAfterOneSecond,
+			},
+			ExpCB: []*model.CertifyBad{
+				{
+					Subject:    p1out,
+					KnownSince: timeAfterOneSecond,
+				},
+			},
+		},
 		{
 			Name:  "Query on Package",
 			InPkg: []*model.PkgInputSpec{p1, p2},

diff --git a/pkg/assembler/backends/inmem/certifyGood.go b/pkg/assembler/backends/inmem/certifyGood.go
@@ -18,6 +18,7 @@ package inmem
 import (
 	"context"
 	"strconv"
+	"time"
 
 	"github.com/vektah/gqlparser/v2/gqlerror"
 
@@ -34,6 +35,7 @@ type goodLink struct {
 	justification string
 	origin        string
 	collector     string
+	knownSince    time.Time
 }
 
 func (n *goodLink) ID() uint32 { return n.id }
@@ -158,7 +160,8 @@ func (c *demoClient) ingestCertifyGood(ctx context.Context, subject model.Packag
 			subjectMatch = true
 		}
 		if subjectMatch && certifyGood.Justification == v.justification &&
-			certifyGood.Origin == v.origin && certifyGood.Collector == v.collector {
+			certifyGood.Origin == v.origin && certifyGood.Collector == v.collector &&
+			certifyGood.KnownSince.Equal(v.knownSince) {
 
 			collectedCertifyGoodLink = *v
 			duplicate = true
@@ -181,6 +184,7 @@ func (c *demoClient) ingestCertifyGood(ctx context.Context, subject model.Packag
 			justification: certifyGood.Justification,
 			origin:        certifyGood.Origin,
 			collector:     certifyGood.Collector,
+			knownSince:    certifyGood.KnownSince.UTC(),
 		}
 		c.index[collectedCertifyGoodLink.id] = &collectedCertifyGoodLink
 		c.certifyGoods = append(c.certifyGoods, &collectedCertifyGoodLink)
@@ -283,14 +287,14 @@ func (c *demoClient) addCGIfMatch(out []*model.CertifyGood,
 	filter *model.CertifyGoodSpec, link *goodLink) (
 	[]*model.CertifyGood, error) {
 
-	if filter != nil && noMatch(filter.Justification, link.justification) {
-		return out, nil
-	}
-	if filter != nil && noMatch(filter.Collector, link.collector) {
-		return out, nil
-	}
-	if filter != nil && noMatch(filter.Origin, link.origin) {
-		return out, nil
+	if filter != nil {
+		if noMatch(filter.Justification, link.justification) ||
+			noMatch(filter.Collector, link.collector) ||
+			noMatch(filter.Collector, link.collector) ||
+			noMatch(filter.Origin, link.origin) ||
+			filter.KnownSince != nil && filter.KnownSince.After(link.knownSince) {
+			return out, nil
+		}
 	}
 
 	foundCertifyGood, err := c.buildCertifyGood(link, filter, false)
@@ -380,6 +384,7 @@ func (c *demoClient) buildCertifyGood(link *goodLink, filter *model.CertifyGoodS
 		Justification: link.justification,
 		Origin:        link.origin,
 		Collector:     link.collector,
+		KnownSince:    link.knownSince.UTC(),
 	}
 	return &certifyGood, nil
 }