Implement transitive dependency search

Signed-off-by: Marco Deicas <mdeicas@google.com>
guacsec · Apr 26, 2024 · e31535d · e31535d
1 parent b7df3a3
commit e31535d
Show file tree

Hide file tree

Showing 16 changed files with 1,688 additions and 57 deletions.
diff --git a/pkg/assembler/helpers/purl.go b/pkg/assembler/helpers/purl.go
@@ -22,6 +22,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/guacsec/guac/internal/testing/ptrfrom"
 	model "github.com/guacsec/guac/pkg/assembler/clients/generated"
 	purl "github.com/package-url/packageurl-go"
 )
@@ -42,6 +43,35 @@ func PurlToPkg(purlUri string) (*model.PkgInputSpec, error) {
 	return purlConvert(p)
 }
 
+// PurlToPkgFilter converts a purl URI string into a graphql package filter spec.
+// The result will only match the input purl, and no other packages. The filter
+// is created with Guac's purl special casing.
+func PurlToPkgFilter(purl string) (model.PkgSpec, error) {
+	inputSpec, err := PurlToPkg(purl)
+	if err != nil {
+		return model.PkgSpec{}, err
+	}
+
+	var qualifiers []model.PackageQualifierSpec
+	for _, q := range inputSpec.Qualifiers {
+		q := q
+		qualifiers = append(qualifiers, model.PackageQualifierSpec{
+			Key:   q.Key,
+			Value: &q.Value,
+		})
+	}
+
+	return model.PkgSpec{
+		Type:                     &inputSpec.Type,
+		Namespace:                ptrfrom.String(nilToEmpty(inputSpec.Namespace)),
+		Name:                     &inputSpec.Name,
+		Version:                  ptrfrom.String(nilToEmpty(inputSpec.Version)),
+		Qualifiers:               qualifiers,
+		Subpath:                  ptrfrom.String(nilToEmpty(inputSpec.Subpath)),
+		MatchOnlyEmptyQualifiers: ptrfrom.Bool(len(qualifiers) == 0),
+	}, nil
+}
+
 // AllPkgTreeToPurl takes one package trie evaluation and converts it into a PURL
 // it will only do this for one PURL, and will ignore other pkg tries in the fragment
 func AllPkgTreeToPurl(v *model.AllPkgTree) string {
@@ -258,3 +288,10 @@ func GuacGenericPurl(s string) string {
 		return fmt.Sprintf("pkg:guac/generic/%s", sanitizedString)
 	}
 }
+
+func nilToEmpty(s *string) string {
+	if s == nil {
+		return ""
+	}
+	return *s
+}
diff --git a/pkg/guacrest/client/client.go b/pkg/guacrest/client/client.go
diff --git a/pkg/guacrest/client/models.go b/pkg/guacrest/client/models.go
diff --git a/pkg/guacrest/generated/models.go b/pkg/guacrest/generated/models.go
diff --git a/pkg/guacrest/generated/server.go b/pkg/guacrest/generated/server.go
diff --git a/pkg/guacrest/generated/spec.go b/pkg/guacrest/generated/spec.go