Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add certifyBad query, certifyGood ingestion and query, update bulk assembler #1123

Merged
merged 4 commits into from
Aug 3, 2023
Merged

add certifyBad query, certifyGood ingestion and query, update bulk assembler #1123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cc0d920
add query for certifyBad
pxp928 Aug 2, 2023
0bd3629
remove root src and pkg and seperate query for subjects
pxp928 Aug 2, 2023
d291623
add certifyGood to arango
pxp928 Aug 2, 2023
226974e
update batch assembler to use certifyBad and certifyGood bulk ingestion
pxp928 Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 162 additions & 0 deletions cmd/guacgql/cmd/ingest.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ func ingestData(port int) {
ingestCertifyBad(ctx, gqlclient)
ingestCertifyBads(ctx, gqlclient)
ingestCertifyGood(ctx, gqlclient)
ingestCertifyGoods(ctx, gqlclient)
ingestHashEqual(ctx, gqlclient)
ingestHasSBOM(ctx, gqlclient)
ingestHasSourceAt(ctx, gqlclient)
Expand Down Expand Up @@ -1220,6 +1221,167 @@ func ingestCertifyGood(ctx context.Context, client graphql.Client) {
}
}

func ingestCertifyGoods(ctx context.Context, client graphql.Client) {
logger := logging.FromContext(ctx)
opensslNs := "openssl.org"
opensslVersion := "3.0.3"
djangoNameSpace := ""
sourceTag := "v0.0.1"
ingestCertifyGood := []struct {
name string
pkg []model.PkgInputSpec
pkgMatchType model.MatchFlags
source []model.SourceInputSpec
artifact []model.ArtifactInputSpec
certifyGood []model.CertifyGoodInputSpec
}{
{
name: "this package as this specific version has been audited",
pkg: []model.PkgInputSpec{
{
Type: "conan",
Namespace: &opensslNs,
Name: "openssl",
Version: &opensslVersion,
Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}},
},
{
Type: "conan",
Namespace: &opensslNs,
Name: "openssl",
Version: &opensslVersion,
Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}},
},
},
pkgMatchType: model.MatchFlags{
Pkg: model.PkgMatchTypeSpecificVersion,
},
certifyGood: []model.CertifyGoodInputSpec{
{
Justification: "this package as this specific version has been audited",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
{
Justification: "this package as this specific version has been audited",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
},
},
{
name: "this package (all versions) is trusted",
pkg: []model.PkgInputSpec{
{
Type: "pypi",
Namespace: &djangoNameSpace,
Name: "django",
},
{
Type: "pypi",
Namespace: &djangoNameSpace,
Name: "django",
},
},
pkgMatchType: model.MatchFlags{
Pkg: model.PkgMatchTypeAllVersions,
},
certifyGood: []model.CertifyGoodInputSpec{
{
Justification: "this package (all versions) is trusted",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
{
Justification: "this package (all versions) is trusted",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
},
},
{
name: "this source repo is trusted",
source: []model.SourceInputSpec{
{
Type: "git",
Namespace: "github",
Name: "github.com/guacsec/guac",
Tag: &sourceTag,
},
{
Type: "git",
Namespace: "github",
Name: "github.com/guacsec/guac",
Tag: &sourceTag,
},
},
certifyGood: []model.CertifyGoodInputSpec{
{
Justification: "this source repo is trusted",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
{
Justification: "this source repo is trusted",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
},
},
{
name: "artifact is associated with an audited build",
artifact: []model.ArtifactInputSpec{
{
Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf",
Algorithm: "sha256",
},
{
Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf",
Algorithm: "sha256",
},
},
certifyGood: []model.CertifyGoodInputSpec{
{
Justification: "this artifact is associated with an audited build",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
{
Justification: "this artifact is associated with an audited build",
Origin: "Demo ingestion",
Collector: "Demo ingestion",
},
},
},
}
for _, ingest := range ingestCertifyGood {
if ingest.pkg != nil {
if _, err := model.IngestPackages(ctx, client, ingest.pkg); err != nil {
logger.Errorf("Error in ingesting package: %v\n", err)
}
if _, err := model.CertifyGoodPkgs(ctx, client, ingest.pkg, ingest.pkgMatchType, ingest.certifyGood); err != nil {
logger.Errorf("Error in ingesting: %v\n", err)
}
} else if ingest.source != nil {
if _, err := model.IngestSources(ctx, client, ingest.source); err != nil {
logger.Errorf("Error in ingesting source: %v\n", err)
}
if _, err := model.CertifyGoodSrcs(ctx, client, ingest.source, ingest.certifyGood); err != nil {
logger.Errorf("Error in ingesting: %v\n", err)
}
} else if ingest.artifact != nil {
if _, err := model.IngestArtifacts(ctx, client, ingest.artifact); err != nil {
logger.Errorf("Error in ingesting artifact: %v\n", err)
}
if _, err := model.CertifyGoodArtifacts(ctx, client, ingest.artifact, ingest.certifyGood); err != nil {
logger.Errorf("Error in ingesting: %v\n", err)
}
} else {
fmt.Printf("input missing for cve, osv or ghsa")
}
}
}

func ingestHashEqual(ctx context.Context, client graphql.Client) {
logger := logging.FromContext(ctx)
ingestHashEqual := []struct {
Expand Down
8 changes: 3 additions & 5 deletions pkg/assembler/backends/arangodb/artifact.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
func (c *arangoClient) Artifacts(ctx context.Context, artifactSpec *model.ArtifactSpec) ([]*model.Artifact, error) {
values := map[string]any{}

arangoQueryBuilder := setArtifactMatchValues(nil, artifactSpec, values)
arangoQueryBuilder := setArtifactMatchValues(artifactSpec, values)
arangoQueryBuilder.query.WriteString("\n")
arangoQueryBuilder.query.WriteString(`RETURN {
"id": art._id,
Expand All @@ -46,10 +46,8 @@ func (c *arangoClient) Artifacts(ctx context.Context, artifactSpec *model.Artifa
return getArtifacts(ctx, cursor)
}

func setArtifactMatchValues(arangoQueryBuilder *arangoQueryBuilder, artifactSpec *model.ArtifactSpec, queryValues map[string]any) *arangoQueryBuilder {
if arangoQueryBuilder == nil {
arangoQueryBuilder = newForQuery(artifactsStr, "art")
}
func setArtifactMatchValues(artifactSpec *model.ArtifactSpec, queryValues map[string]any) *arangoQueryBuilder {
arangoQueryBuilder := newForQuery(artifactsStr, "art")
if artifactSpec != nil {
if artifactSpec.ID != nil {
arangoQueryBuilder.filter("art", "_id", "==", "@id")
Expand Down
Loading
Loading