[feature] Query for package URL (purl)

[ridhoq]

Is your feature request related to a problem? Please describe.
A subset of the guacone tooling is centered around using purl. For example:

• guacone patch command uses start-purl and stop-purl
• guacone query vuln uses purl as an argument

However, when querying for packages using the GraphQL API, there is no way to actually get the purl of a package without constructing it manually yourself like this:

cat results.json | jq '.data.findSoftware[] | "pkg:" + .type + "/" + .namespaces[0].namespace + "/" + .namespaces[0].names[0].name'

It's fairly trivial to do so, but it adds friction.

Describe the solution you'd like
We could use a custom GraphQL schema directive. In our case, we could use a schema directive on the id field on PackageVersion to return a purl.

directive @packageURL(packageVersionID: String) on FIELD_DEFINITION

gqlgen does support schema directives but we would have to do further investigation if this particular use case is supported.

Describe alternatives you've considered
Alternatively, we could implement a findSoftwarePurl query similar to findSoftware. However, it would require maintaining another GraphQL query for all backends. It would also potentially require a user to make two queries to get the purl for a package.

Additional context
Inspired by some schema directive examples from here, specifically, the date formatting one

[kanchan-dhamane]

Hi @ridhoq , adding GraphQL custom directive on id field of PackageVersion module might not work. In custom directive function, we can only access a id value not the Package object.
Tried adding the custom resolver for namespaces field in Package object, it populates the purl in PackageVersion object. Created a PR.