Skip to content

Commit

Permalink
add direct subject queries for verbs
Browse files Browse the repository at this point in the history 
Signed-off-by: pxp928 <[email protected]>
  • Loading branch information
@pxp928
pxp928 committed Oct 8, 2024
1 parent c78dbdc commit ab4d400
Show file tree
Hide file tree
Showing 9 changed files with 140 additions and 40 deletions.
2 changes: 1 addition & 1 deletion pkg/assembler/backends/ent/backend/certifyVuln.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,7 +310,7 @@ func certifyVulnPredicate(spec model.CertifyVulnSpec) predicate.CertifyVuln {

if spec.Vulnerability != nil {
if spec.Vulnerability.ID != nil {
predicates = append(predicates, optionalPredicate(spec.Package.ID, packageIDEQ))
predicates = append(predicates, optionalPredicate(spec.Vulnerability.ID, vulnerabilityIDEQ))
} else {
predicates = append(predicates,
certifyvuln.HasVulnerabilityWith(
Expand Down
29 changes: 23 additions & 6 deletions pkg/assembler/backends/ent/backend/hasMetadata.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,14 +165,31 @@ func hasMetadataPredicate(filter *model.HasMetadataSpec) predicate.HasMetadata {
if filter.Subject != nil {
switch {
case filter.Subject.Artifact != nil:
predicates = append(predicates, hasmetadata.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact)))
if filter.Subject.Artifact.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Subject.Artifact.ID, artifactIDEQ))
} else {
predicates = append(predicates,
hasmetadata.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact)))
}
case filter.Subject.Package != nil:
predicates = append(predicates, hasmetadata.Or(
hasmetadata.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))),
hasmetadata.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)),
))
if filter.Subject.Package.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageVersionOrNameIDEQ))
} else {
predicates = append(predicates, hasmetadata.Or(
hasmetadata.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))),
hasmetadata.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)),
))
}

case filter.Subject.Source != nil:
predicates = append(predicates, hasmetadata.HasSourceWith(sourceQuery(filter.Subject.Source)))
if filter.Subject.Source.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Subject.Source.ID, sourceIDEQ))
} else {
predicates = append(predicates,
hasmetadata.HasSourceWith(sourceQuery(filter.Subject.Source)))
}
}
}
return hasmetadata.And(predicates...)
Expand Down
20 changes: 18 additions & 2 deletions pkg/assembler/backends/ent/backend/helpers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ import (
"entgo.io/ent/dialect/sql"
"github.com/google/uuid"
"github.com/guacsec/guac/pkg/assembler/backends/ent/packagename"
"github.com/guacsec/guac/pkg/assembler/backends/ent/slsaattestation"
"github.com/guacsec/guac/pkg/assembler/backends/ent/vulnerabilitymetadata"
"github.com/guacsec/guac/pkg/assembler/graphql/model"
)

Expand Down Expand Up @@ -92,14 +94,28 @@ func sourceIDEQ(id string) func(*sql.Selector) {
return sql.FieldEQ("source_id", filterGlobalID.id)
}

func builderIDEQ(id string) func(*sql.Selector) {
filterGlobalID := fromGlobalID(id)
return sql.FieldEQ("built_by_id", filterGlobalID.id)
}

func artifactIDEQ(id string) func(*sql.Selector) {
filterGlobalID := fromGlobalID(id)
return sql.FieldEQ("artifact_id", filterGlobalID.id)
if filterGlobalID.nodeType == slsaattestation.Table {
return sql.FieldEQ("subject_id", filterGlobalID.id)
} else {
return sql.FieldEQ("artifact_id", filterGlobalID.id)
}
}

func vulnerabilityIDEQ(id string) func(*sql.Selector) {
filterGlobalID := fromGlobalID(id)
return sql.FieldEQ("vulnerability_id", filterGlobalID.id)
if filterGlobalID.nodeType == vulnerabilitymetadata.Table {
return sql.FieldEQ("vulnerability_id_id", filterGlobalID.id)
} else {
return sql.FieldEQ("vulnerability_id", filterGlobalID.id)
}

}

func NoOpSelector() func(*sql.Selector) {
Expand Down
32 changes: 23 additions & 9 deletions pkg/assembler/backends/ent/backend/occurrence.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,20 +389,34 @@ func isOccurrenceQuery(filter *model.IsOccurrenceSpec) predicate.Occurrence {
}

if filter.Artifact != nil {
predicates = append(predicates,
occurrence.HasArtifactWith(artifactQueryPredicates(filter.Artifact)),
)
if filter.Artifact.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Artifact.ID, artifactIDEQ))
} else {
predicates = append(predicates,
occurrence.HasArtifactWith(artifactQueryPredicates(filter.Artifact)),
)
}
}

if filter.Subject != nil {
if filter.Subject.Package != nil {
predicates = append(predicates, occurrence.HasPackageWith(packageVersionQuery(filter.Subject.Package)))
if filter.Subject.Package.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageIDEQ))
} else {
predicates = append(predicates,
occurrence.HasPackageWith(packageVersionQuery(filter.Subject.Package)))
}
} else if filter.Subject.Source != nil {
predicates = append(predicates,
occurrence.HasSourceWith(
sourceQuery(filter.Subject.Source),
),
)
if filter.Subject.Source.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Subject.Source.ID, sourceIDEQ))
} else {
predicates = append(predicates,
occurrence.HasSourceWith(
sourceQuery(filter.Subject.Source),
),
)
}
}
}
return occurrence.And(predicates...)
Expand Down
28 changes: 22 additions & 6 deletions pkg/assembler/backends/ent/backend/pointOfContact.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,14 +162,30 @@ func pointOfContactPredicate(filter *model.PointOfContactSpec) predicate.PointOf
if filter.Subject != nil {
switch {
case filter.Subject.Artifact != nil:
predicates = append(predicates, pointofcontact.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact)))
if filter.Subject.Artifact.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Subject.Artifact.ID, artifactIDEQ))
} else {
predicates = append(predicates,
pointofcontact.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact)))
}
case filter.Subject.Package != nil:
predicates = append(predicates, pointofcontact.Or(
pointofcontact.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))),
pointofcontact.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)),
))
if filter.Subject.Package.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageVersionOrNameIDEQ))
} else {
predicates = append(predicates, pointofcontact.Or(
pointofcontact.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))),
pointofcontact.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)),
))
}
case filter.Subject.Source != nil:
predicates = append(predicates, pointofcontact.HasSourceWith(sourceQuery(filter.Subject.Source)))
if filter.Subject.Source.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Subject.Source.ID, sourceIDEQ))
} else {
predicates = append(predicates,
pointofcontact.HasSourceWith(sourceQuery(filter.Subject.Source)))
}
}
}
return pointofcontact.And(predicates...)
Expand Down
15 changes: 13 additions & 2 deletions pkg/assembler/backends/ent/backend/sbom.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -342,9 +342,20 @@ func hasSBOMQuery(spec model.HasSBOMSpec) predicate.BillOfMaterials {

if spec.Subject != nil {
if spec.Subject.Package != nil {
predicates = append(predicates, billofmaterials.HasPackageWith(packageVersionQuery(spec.Subject.Package)))
if spec.Subject.Package.ID != nil {
predicates = append(predicates, optionalPredicate(spec.Subject.Package.ID, packageIDEQ))
} else {
predicates = append(predicates,
billofmaterials.HasPackageWith(packageVersionQuery(spec.Subject.Package)))
}
} else if spec.Subject.Artifact != nil {
predicates = append(predicates, billofmaterials.HasArtifactWith(artifactQueryPredicates(spec.Subject.Artifact)))
if spec.Subject.Artifact.ID != nil {
predicates = append(predicates,
optionalPredicate(spec.Subject.Artifact.ID, artifactIDEQ))
} else {
predicates = append(predicates,
billofmaterials.HasArtifactWith(artifactQueryPredicates(spec.Subject.Artifact)))
}
}
}

Expand Down
16 changes: 14 additions & 2 deletions pkg/assembler/backends/ent/backend/slsa.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,11 +129,23 @@ func hasSLSAQuery(spec model.HasSLSASpec) predicate.SLSAAttestation {
}

if spec.BuiltBy != nil {
predicates = append(predicates, slsaattestation.HasBuiltByWith(builderQueryPredicate(spec.BuiltBy)))
if spec.BuiltBy.ID != nil {
predicates = append(predicates,
optionalPredicate(spec.BuiltBy.ID, builderIDEQ))
} else {
predicates = append(predicates,
slsaattestation.HasBuiltByWith(builderQueryPredicate(spec.BuiltBy)))
}
}

if spec.Subject != nil {
predicates = append(predicates, slsaattestation.HasSubjectWith(artifactQueryPredicates(spec.Subject)))
if spec.Subject.ID != nil {
predicates = append(predicates,
optionalPredicate(spec.Subject.ID, artifactIDEQ))
} else {
predicates = append(predicates,
slsaattestation.HasSubjectWith(artifactQueryPredicates(spec.Subject)))
}
}

for _, art := range spec.BuiltFrom {
Expand Down
24 changes: 17 additions & 7 deletions pkg/assembler/backends/ent/backend/source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,16 +145,26 @@ func hasSourceAtQuery(filter model.HasSourceAtSpec) predicate.HasSourceAt {
}

if filter.Package != nil {
predicates = append(predicates,
hassourceat.Or(
hassourceat.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Package))),
hassourceat.HasPackageVersionWith(packageVersionQuery(filter.Package)),
),
)
if filter.Package.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Package.ID, packageVersionOrNameIDEQ))
} else {
predicates = append(predicates,
hassourceat.Or(
hassourceat.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Package))),
hassourceat.HasPackageVersionWith(packageVersionQuery(filter.Package)),
),
)
}
}

if filter.Source != nil {
predicates = append(predicates, hassourceat.HasSourceWith(sourceQuery(filter.Source)))
if filter.Source.ID != nil {
predicates = append(predicates,
optionalPredicate(filter.Source.ID, sourceIDEQ))
} else {
predicates = append(predicates,
hassourceat.HasSourceWith(sourceQuery(filter.Source)))
}
}
return hassourceat.And(predicates...)
}
Expand Down
14 changes: 9 additions & 5 deletions pkg/assembler/backends/ent/backend/vulnMetadata.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,11 +193,15 @@ func vulnerabilityMetadataPredicate(filter *model.VulnerabilityMetadataSpec) (pr
predicates = append(predicates, comparator)

if filter.Vulnerability != nil {
predicates = append(predicates,
vulnerabilitymetadata.HasVulnerabilityIDWith(
vulnerabilityQueryPredicates(*filter.Vulnerability)...,
),
)
if filter.Vulnerability.ID != nil {
predicates = append(predicates, optionalPredicate(filter.Vulnerability.ID, vulnerabilityIDEQ))
} else {
predicates = append(predicates,
vulnerabilitymetadata.HasVulnerabilityIDWith(
vulnerabilityQueryPredicates(*filter.Vulnerability)...,
),
)
}
}
return vulnerabilitymetadata.And(predicates...), nil
}
Expand Down

0 comments on commit ab4d400

Please sign in to comment.