Skip to content

Commit

Permalink
Define edges within software tries related nodes (#1450)
Browse files Browse the repository at this point in the history 
Signed-off-by: mrizzi <mrizzi@redhat.com>
  • Loading branch information
@mrizzi
mrizzi committed Oct 31, 2023
1 parent 25250e2 commit fb58ab3
Show file tree
Hide file tree
Showing 13 changed files with 368 additions and 205 deletions.
12 changes: 12 additions & 0 deletions pkg/assembler/backends/arangodb/backend.go
View file
Expand Up @@ -222,6 +222,12 @@ var mapEdgeToArangoEdgeCollection = map[model.Edge][]string{
model.EdgePackageHasSourceAt: {hasMetadataPkgVersionEdgesStr, hasSourceAtPkgNameEdgesStr},
model.EdgePackageIsDependency: {isDependencySubjectPkgEdgesStr},
model.EdgePackageIsOccurrence: {isOccurrenceSubjectPkgEdgesStr},
model.EdgePackageNamePackageNamespace: {},
model.EdgePackageNamePackageVersion: {pkgHasVersionStr},
model.EdgePackageNamespacePackageName: {pkgHasNameStr},
model.EdgePackageNamespacePackageType: {},
model.EdgePackageTypePackageNamespace: {pkgHasNamespaceStr},
model.EdgePackageVersionPackageName: {},
model.EdgePackagePkgEqual: {pkgEqualSubjectPkgEdgesStr},
model.EdgePackagePointOfContact: {pointOfContactPkgVersionEdgesStr, pointOfContactPkgNameEdgesStr},
model.EdgeSourceCertifyBad: {certifyBadSrcEdgesStr},
Expand All @@ -231,6 +237,10 @@ var mapEdgeToArangoEdgeCollection = map[model.Edge][]string{
model.EdgeSourceHasMetadata: {hasMetadataSrcEdgesStr},
model.EdgeSourceHasSourceAt: {hasSourceAtEdgesStr},
model.EdgeSourceIsOccurrence: {isOccurrenceSubjectSrcEdgesStr},
model.EdgeSourceNameSourceNamespace: {},
model.EdgeSourceNamespaceSourceName: {srcHasNameStr},
model.EdgeSourceNamespaceSourceType: {},
model.EdgeSourceTypeSourceNamespace: {srcHasNamespaceStr},
model.EdgeSourcePointOfContact: {pointOfContactSrcEdgesStr},
model.EdgeVulnerabilityCertifyVexStatement: {certifyVexVulnEdgesStr},
model.EdgeVulnerabilityCertifyVuln: {certifyVulnEdgesStr},
Expand Down Expand Up @@ -270,6 +280,8 @@ var mapEdgeToArangoEdgeCollection = map[model.Edge][]string{
model.EdgePointOfContactPackage: {pointOfContactPkgVersionEdgesStr, pointOfContactPkgNameEdgesStr},
model.EdgePointOfContactSource: {pointOfContactSrcEdgesStr},
model.EdgeVulnEqualVulnerability: {vulnEqualVulnEdgesStr},
model.EdgeVulnerabilityIDVulnerabilityType: {},
model.EdgeVulnerabilityTypeVulnerabilityID: {vulnHasVulnerabilityIDStr},
model.EdgeVulnMetadataVulnerability: {vulnMetadataEdgesStr},
}

Expand Down
94 changes: 32 additions & 62 deletions pkg/assembler/backends/arangodb/path_test.go
View file
Expand Up @@ -1288,11 +1288,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -1459,11 +1454,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -2109,11 +2099,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -2405,11 +2390,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -2532,11 +2512,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -2815,11 +2790,6 @@ func Test_Neighbors(t *testing.T) {
queryPkgNameID: true,
want: []model.Node{
testdata.P2out,
&model.Package{
Type: "pypi",
Namespaces: []*model.PackageNamespace{{
Names: []*model.PackageName{},
}}},
testdata.P1out,
&model.Package{
Type: "pypi",
Expand Down Expand Up @@ -3196,15 +3166,15 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyBad}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyBad, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyBad}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyBad, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyBad}
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyBad, model.EdgeSourceNameSourceNamespace}
}
if tt.queryCertifyBadID {
nodeID = found.ID
Expand All @@ -3225,15 +3195,15 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyGood}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyGood, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyGood}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyGood, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyGood}
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyGood, model.EdgeSourceNameSourceNamespace}
}
if tt.queryCertifyGoodID {
nodeID = found.ID
Expand All @@ -3250,11 +3220,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyLegal}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyLegal, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyLegal}
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyLegal, model.EdgeSourceNameSourceNamespace}
}
if tt.queryDeclaredLicenseID {
nodeID = found.DeclaredLicenses[0].ID
Expand All @@ -3278,7 +3248,7 @@ func Test_Neighbors(t *testing.T) {
}
if tt.querySrcNameID {
nodeID = found.Source.Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyScorecard}
tt.usingOnly = []model.Edge{model.EdgeSourceCertifyScorecard, model.EdgeSourceNameSourceNamespace}
}
if tt.queryScorecardID {
nodeID = found.ID
Expand All @@ -3298,11 +3268,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyVexStatement}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyVexStatement, model.EdgePackageVersionPackageName}
}
if tt.queryVulnID {
nodeID = found.Vulnerability.VulnerabilityIDs[0].ID
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityCertifyVexStatement}
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityCertifyVexStatement, model.EdgeVulnerabilityIDVulnerabilityType}
}
if tt.queryCertifyVexID {
nodeID = found.ID
Expand All @@ -3318,11 +3288,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Package.Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageCertifyVuln}
tt.usingOnly = []model.Edge{model.EdgePackageCertifyVuln, model.EdgePackageVersionPackageName}
}
if tt.queryVulnID {
nodeID = found.Vulnerability.VulnerabilityIDs[0].ID
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityCertifyVuln}
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityCertifyVuln, model.EdgeVulnerabilityIDVulnerabilityType}
}
if tt.queryCertifyVulnID {
nodeID = found.ID
Expand Down Expand Up @@ -3363,15 +3333,15 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageHasMetadata}
tt.usingOnly = []model.Edge{model.EdgePackageHasMetadata, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageHasMetadata}
tt.usingOnly = []model.Edge{model.EdgePackageHasMetadata, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceHasMetadata}
tt.usingOnly = []model.Edge{model.EdgeSourceHasMetadata, model.EdgeSourceNameSourceNamespace}
}
if tt.queryHasMetadataID {
nodeID = found.ID
Expand All @@ -3392,7 +3362,7 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageHasSbom}
tt.usingOnly = []model.Edge{model.EdgePackageHasSbom, model.EdgePackageVersionPackageName}
}
if tt.queryHasSbomID {
nodeID = found.ID
Expand Down Expand Up @@ -3428,15 +3398,15 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.Package.Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageHasSourceAt}
tt.usingOnly = []model.Edge{model.EdgePackageHasSourceAt, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.Package.Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageHasSourceAt}
tt.usingOnly = []model.Edge{model.EdgePackageHasSourceAt, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Source.Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceHasSourceAt}
tt.usingOnly = []model.Edge{model.EdgeSourceHasSourceAt, model.EdgeSourceNameSourceNamespace}
}
if tt.queryHasSourceAtID {
nodeID = found.ID
Expand All @@ -3452,11 +3422,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.DependencyPackage.Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageIsDependency}
tt.usingOnly = []model.Edge{model.EdgePackageIsDependency, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.DependencyPackage.Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageIsDependency}
tt.usingOnly = []model.Edge{model.EdgePackageIsDependency, model.EdgePackageVersionPackageName}
}
if tt.queryIsDependencyID {
nodeID = found.ID
Expand All @@ -3476,11 +3446,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackageIsOccurrence}
tt.usingOnly = []model.Edge{model.EdgePackageIsOccurrence, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourceIsOccurrence}
tt.usingOnly = []model.Edge{model.EdgeSourceIsOccurrence, model.EdgeSourceNameSourceNamespace}
}
if tt.queryIsOccurrenceID {
nodeID = found.ID
Expand All @@ -3496,11 +3466,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgVersionID {
nodeID = found.Packages[0].Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackagePkgEqual}
tt.usingOnly = []model.Edge{model.EdgePackagePkgEqual, model.EdgePackageVersionPackageName}
}
if tt.queryEqualPkgID {
nodeID = found.Packages[1].Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackagePkgEqual}
tt.usingOnly = []model.Edge{model.EdgePackagePkgEqual, model.EdgePackageVersionPackageName}
}
if tt.queryPkgEqualID {
nodeID = found.ID
Expand All @@ -3520,15 +3490,15 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryPkgNameID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgePackagePointOfContact}
tt.usingOnly = []model.Edge{model.EdgePackagePointOfContact, model.EdgePackageNamePackageNamespace, model.EdgePackageNamePackageVersion}
}
if tt.queryPkgVersionID {
nodeID = found.Subject.(*model.Package).Namespaces[0].Names[0].Versions[0].ID
tt.usingOnly = []model.Edge{model.EdgePackagePointOfContact}
tt.usingOnly = []model.Edge{model.EdgePackagePointOfContact, model.EdgePackageVersionPackageName}
}
if tt.querySrcNameID {
nodeID = found.Subject.(*model.Source).Namespaces[0].Names[0].ID
tt.usingOnly = []model.Edge{model.EdgeSourcePointOfContact}
tt.usingOnly = []model.Edge{model.EdgeSourcePointOfContact, model.EdgeSourceNameSourceNamespace}
}
if tt.queryPointOfContactID {
nodeID = found.ID
Expand All @@ -3544,11 +3514,11 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryVulnID {
nodeID = found.Vulnerabilities[0].VulnerabilityIDs[0].ID
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityVulnEqual}
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityVulnEqual, model.EdgeVulnerabilityIDVulnerabilityType}
}
if tt.queryEqualVulnID {
nodeID = found.Vulnerabilities[1].VulnerabilityIDs[0].ID
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityVulnEqual}
tt.usingOnly = []model.Edge{model.EdgeVulnerabilityVulnEqual, model.EdgeVulnerabilityIDVulnerabilityType}
}
if tt.queryVulnEqualID {
nodeID = found.ID
Expand All @@ -3569,7 +3539,7 @@ func Test_Neighbors(t *testing.T) {
}
if tt.queryVulnID {
nodeID = ingestedVuln.VulnerabilityIDs[0].ID
tt.usingOnly = []model.Edge{model.EdgeVulnMetadataVulnerability}
tt.usingOnly = []model.Edge{model.EdgeVulnMetadataVulnerability, model.EdgeVulnerabilityIDVulnerabilityType}
}
if tt.queryVulnMetadataID {
nodeID = vulnMetadataID
Expand Down

0 comments on commit fb58ab3

Please sign in to comment.