diff --git a/pkg/assembler/backends/ent/backend/certifyVuln.go b/pkg/assembler/backends/ent/backend/certifyVuln.go index cb669c1253..2b0e53025e 100644 --- a/pkg/assembler/backends/ent/backend/certifyVuln.go +++ b/pkg/assembler/backends/ent/backend/certifyVuln.go @@ -310,7 +310,7 @@ func certifyVulnPredicate(spec model.CertifyVulnSpec) predicate.CertifyVuln { if spec.Vulnerability != nil { if spec.Vulnerability.ID != nil { - predicates = append(predicates, optionalPredicate(spec.Package.ID, packageIDEQ)) + predicates = append(predicates, optionalPredicate(spec.Vulnerability.ID, vulnerabilityIDEQ)) } else { predicates = append(predicates, certifyvuln.HasVulnerabilityWith( diff --git a/pkg/assembler/backends/ent/backend/hasMetadata.go b/pkg/assembler/backends/ent/backend/hasMetadata.go index 6415e60ab9..5106a0e1e4 100644 --- a/pkg/assembler/backends/ent/backend/hasMetadata.go +++ b/pkg/assembler/backends/ent/backend/hasMetadata.go @@ -165,14 +165,31 @@ func hasMetadataPredicate(filter *model.HasMetadataSpec) predicate.HasMetadata { if filter.Subject != nil { switch { case filter.Subject.Artifact != nil: - predicates = append(predicates, hasmetadata.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact))) + if filter.Subject.Artifact.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Subject.Artifact.ID, artifactIDEQ)) + } else { + predicates = append(predicates, + hasmetadata.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact))) + } case filter.Subject.Package != nil: - predicates = append(predicates, hasmetadata.Or( - hasmetadata.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))), - hasmetadata.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)), - )) + if filter.Subject.Package.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageVersionOrNameIDEQ)) + } else { + predicates = append(predicates, hasmetadata.Or( + hasmetadata.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))), + hasmetadata.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)), + )) + } + case filter.Subject.Source != nil: - predicates = append(predicates, hasmetadata.HasSourceWith(sourceQuery(filter.Subject.Source))) + if filter.Subject.Source.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Subject.Source.ID, sourceIDEQ)) + } else { + predicates = append(predicates, + hasmetadata.HasSourceWith(sourceQuery(filter.Subject.Source))) + } } } return hasmetadata.And(predicates...) diff --git a/pkg/assembler/backends/ent/backend/helpers.go b/pkg/assembler/backends/ent/backend/helpers.go index c8ecc0fba8..1102f2b72a 100644 --- a/pkg/assembler/backends/ent/backend/helpers.go +++ b/pkg/assembler/backends/ent/backend/helpers.go @@ -23,6 +23,8 @@ import ( "entgo.io/ent/dialect/sql" "github.com/google/uuid" "github.com/guacsec/guac/pkg/assembler/backends/ent/packagename" + "github.com/guacsec/guac/pkg/assembler/backends/ent/slsaattestation" + "github.com/guacsec/guac/pkg/assembler/backends/ent/vulnerabilitymetadata" "github.com/guacsec/guac/pkg/assembler/graphql/model" ) @@ -92,14 +94,28 @@ func sourceIDEQ(id string) func(*sql.Selector) { return sql.FieldEQ("source_id", filterGlobalID.id) } +func builderIDEQ(id string) func(*sql.Selector) { + filterGlobalID := fromGlobalID(id) + return sql.FieldEQ("built_by_id", filterGlobalID.id) +} + func artifactIDEQ(id string) func(*sql.Selector) { filterGlobalID := fromGlobalID(id) - return sql.FieldEQ("artifact_id", filterGlobalID.id) + if filterGlobalID.nodeType == slsaattestation.Table { + return sql.FieldEQ("subject_id", filterGlobalID.id) + } else { + return sql.FieldEQ("artifact_id", filterGlobalID.id) + } } func vulnerabilityIDEQ(id string) func(*sql.Selector) { filterGlobalID := fromGlobalID(id) - return sql.FieldEQ("vulnerability_id", filterGlobalID.id) + if filterGlobalID.nodeType == vulnerabilitymetadata.Table { + return sql.FieldEQ("vulnerability_id_id", filterGlobalID.id) + } else { + return sql.FieldEQ("vulnerability_id", filterGlobalID.id) + } + } func NoOpSelector() func(*sql.Selector) { diff --git a/pkg/assembler/backends/ent/backend/occurrence.go b/pkg/assembler/backends/ent/backend/occurrence.go index 04691ac43f..960aad697e 100644 --- a/pkg/assembler/backends/ent/backend/occurrence.go +++ b/pkg/assembler/backends/ent/backend/occurrence.go @@ -389,20 +389,34 @@ func isOccurrenceQuery(filter *model.IsOccurrenceSpec) predicate.Occurrence { } if filter.Artifact != nil { - predicates = append(predicates, - occurrence.HasArtifactWith(artifactQueryPredicates(filter.Artifact)), - ) + if filter.Artifact.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Artifact.ID, artifactIDEQ)) + } else { + predicates = append(predicates, + occurrence.HasArtifactWith(artifactQueryPredicates(filter.Artifact)), + ) + } } if filter.Subject != nil { if filter.Subject.Package != nil { - predicates = append(predicates, occurrence.HasPackageWith(packageVersionQuery(filter.Subject.Package))) + if filter.Subject.Package.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageIDEQ)) + } else { + predicates = append(predicates, + occurrence.HasPackageWith(packageVersionQuery(filter.Subject.Package))) + } } else if filter.Subject.Source != nil { - predicates = append(predicates, - occurrence.HasSourceWith( - sourceQuery(filter.Subject.Source), - ), - ) + if filter.Subject.Source.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Subject.Source.ID, sourceIDEQ)) + } else { + predicates = append(predicates, + occurrence.HasSourceWith( + sourceQuery(filter.Subject.Source), + ), + ) + } } } return occurrence.And(predicates...) diff --git a/pkg/assembler/backends/ent/backend/pointOfContact.go b/pkg/assembler/backends/ent/backend/pointOfContact.go index ef773ee28f..c8909402bd 100644 --- a/pkg/assembler/backends/ent/backend/pointOfContact.go +++ b/pkg/assembler/backends/ent/backend/pointOfContact.go @@ -162,14 +162,30 @@ func pointOfContactPredicate(filter *model.PointOfContactSpec) predicate.PointOf if filter.Subject != nil { switch { case filter.Subject.Artifact != nil: - predicates = append(predicates, pointofcontact.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact))) + if filter.Subject.Artifact.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Subject.Artifact.ID, artifactIDEQ)) + } else { + predicates = append(predicates, + pointofcontact.HasArtifactWith(artifactQueryPredicates(filter.Subject.Artifact))) + } case filter.Subject.Package != nil: - predicates = append(predicates, pointofcontact.Or( - pointofcontact.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))), - pointofcontact.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)), - )) + if filter.Subject.Package.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Subject.Package.ID, packageVersionOrNameIDEQ)) + } else { + predicates = append(predicates, pointofcontact.Or( + pointofcontact.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Subject.Package))), + pointofcontact.HasPackageVersionWith(packageVersionQuery(filter.Subject.Package)), + )) + } case filter.Subject.Source != nil: - predicates = append(predicates, pointofcontact.HasSourceWith(sourceQuery(filter.Subject.Source))) + if filter.Subject.Source.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Subject.Source.ID, sourceIDEQ)) + } else { + predicates = append(predicates, + pointofcontact.HasSourceWith(sourceQuery(filter.Subject.Source))) + } } } return pointofcontact.And(predicates...) diff --git a/pkg/assembler/backends/ent/backend/sbom.go b/pkg/assembler/backends/ent/backend/sbom.go index 9ed777558a..8120e2020b 100644 --- a/pkg/assembler/backends/ent/backend/sbom.go +++ b/pkg/assembler/backends/ent/backend/sbom.go @@ -342,9 +342,20 @@ func hasSBOMQuery(spec model.HasSBOMSpec) predicate.BillOfMaterials { if spec.Subject != nil { if spec.Subject.Package != nil { - predicates = append(predicates, billofmaterials.HasPackageWith(packageVersionQuery(spec.Subject.Package))) + if spec.Subject.Package.ID != nil { + predicates = append(predicates, optionalPredicate(spec.Subject.Package.ID, packageIDEQ)) + } else { + predicates = append(predicates, + billofmaterials.HasPackageWith(packageVersionQuery(spec.Subject.Package))) + } } else if spec.Subject.Artifact != nil { - predicates = append(predicates, billofmaterials.HasArtifactWith(artifactQueryPredicates(spec.Subject.Artifact))) + if spec.Subject.Artifact.ID != nil { + predicates = append(predicates, + optionalPredicate(spec.Subject.Artifact.ID, artifactIDEQ)) + } else { + predicates = append(predicates, + billofmaterials.HasArtifactWith(artifactQueryPredicates(spec.Subject.Artifact))) + } } } diff --git a/pkg/assembler/backends/ent/backend/slsa.go b/pkg/assembler/backends/ent/backend/slsa.go index 5c40d23127..bf5ebcdbc9 100644 --- a/pkg/assembler/backends/ent/backend/slsa.go +++ b/pkg/assembler/backends/ent/backend/slsa.go @@ -129,11 +129,23 @@ func hasSLSAQuery(spec model.HasSLSASpec) predicate.SLSAAttestation { } if spec.BuiltBy != nil { - predicates = append(predicates, slsaattestation.HasBuiltByWith(builderQueryPredicate(spec.BuiltBy))) + if spec.BuiltBy.ID != nil { + predicates = append(predicates, + optionalPredicate(spec.BuiltBy.ID, builderIDEQ)) + } else { + predicates = append(predicates, + slsaattestation.HasBuiltByWith(builderQueryPredicate(spec.BuiltBy))) + } } if spec.Subject != nil { - predicates = append(predicates, slsaattestation.HasSubjectWith(artifactQueryPredicates(spec.Subject))) + if spec.Subject.ID != nil { + predicates = append(predicates, + optionalPredicate(spec.Subject.ID, artifactIDEQ)) + } else { + predicates = append(predicates, + slsaattestation.HasSubjectWith(artifactQueryPredicates(spec.Subject))) + } } for _, art := range spec.BuiltFrom { diff --git a/pkg/assembler/backends/ent/backend/source.go b/pkg/assembler/backends/ent/backend/source.go index 187e922976..3fa33ed2a2 100644 --- a/pkg/assembler/backends/ent/backend/source.go +++ b/pkg/assembler/backends/ent/backend/source.go @@ -145,16 +145,26 @@ func hasSourceAtQuery(filter model.HasSourceAtSpec) predicate.HasSourceAt { } if filter.Package != nil { - predicates = append(predicates, - hassourceat.Or( - hassourceat.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Package))), - hassourceat.HasPackageVersionWith(packageVersionQuery(filter.Package)), - ), - ) + if filter.Package.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Package.ID, packageVersionOrNameIDEQ)) + } else { + predicates = append(predicates, + hassourceat.Or( + hassourceat.HasAllVersionsWith(packageNameQuery(pkgNameQueryFromPkgSpec(filter.Package))), + hassourceat.HasPackageVersionWith(packageVersionQuery(filter.Package)), + ), + ) + } } if filter.Source != nil { - predicates = append(predicates, hassourceat.HasSourceWith(sourceQuery(filter.Source))) + if filter.Source.ID != nil { + predicates = append(predicates, + optionalPredicate(filter.Source.ID, sourceIDEQ)) + } else { + predicates = append(predicates, + hassourceat.HasSourceWith(sourceQuery(filter.Source))) + } } return hassourceat.And(predicates...) } diff --git a/pkg/assembler/backends/ent/backend/vulnMetadata.go b/pkg/assembler/backends/ent/backend/vulnMetadata.go index 7b5af307b9..d700c6ee63 100644 --- a/pkg/assembler/backends/ent/backend/vulnMetadata.go +++ b/pkg/assembler/backends/ent/backend/vulnMetadata.go @@ -193,11 +193,15 @@ func vulnerabilityMetadataPredicate(filter *model.VulnerabilityMetadataSpec) (pr predicates = append(predicates, comparator) if filter.Vulnerability != nil { - predicates = append(predicates, - vulnerabilitymetadata.HasVulnerabilityIDWith( - vulnerabilityQueryPredicates(*filter.Vulnerability)..., - ), - ) + if filter.Vulnerability.ID != nil { + predicates = append(predicates, optionalPredicate(filter.Vulnerability.ID, vulnerabilityIDEQ)) + } else { + predicates = append(predicates, + vulnerabilitymetadata.HasVulnerabilityIDWith( + vulnerabilityQueryPredicates(*filter.Vulnerability)..., + ), + ) + } } return vulnerabilitymetadata.And(predicates...), nil }