Skip to content

Commit

Permalink
update deps.dev parser to output hasSbom (guacsec#1584)
Browse files Browse the repository at this point in the history
Signed-off-by: pxp928 <parth.psu@gmail.com>
  • Loading branch information
pxp928 authored Dec 13, 2023
1 parent f2198ad commit de8350f
Show file tree
Hide file tree
Showing 3 changed files with 93 additions and 12 deletions.
10 changes: 5 additions & 5 deletions pkg/ingestor/parser/common/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func GetIsDep(foundNode *model.PkgInputSpec, relatedPackNodes []*model.PkgInputS
return &assembler.IsDependencyIngest{
Pkg: foundNode,
DepPkg: rfileNode,
DepPkgMatchFlag: getMatchFlagsFromPkgInput(rfileNode),
DepPkgMatchFlag: GetMatchFlagsFromPkgInput(rfileNode),
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeUnknown,
Justification: justification,
Expand All @@ -48,7 +48,7 @@ func GetIsDep(foundNode *model.PkgInputSpec, relatedPackNodes []*model.PkgInputS
return &assembler.IsDependencyIngest{
Pkg: foundNode,
DepPkg: rpackNode,
DepPkgMatchFlag: getMatchFlagsFromPkgInput(rpackNode),
DepPkgMatchFlag: GetMatchFlagsFromPkgInput(rpackNode),
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeUnknown,
Justification: justification,
Expand All @@ -70,7 +70,7 @@ func CreateTopLevelIsDeps(topLevel *model.PkgInputSpec, packages map[string][]*m
p := assembler.IsDependencyIngest{
Pkg: topLevel,
DepPkg: packNode,
DepPkgMatchFlag: getMatchFlagsFromPkgInput(packNode),
DepPkgMatchFlag: GetMatchFlagsFromPkgInput(packNode),
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeUnknown,
Justification: justification,
Expand All @@ -87,7 +87,7 @@ func CreateTopLevelIsDeps(topLevel *model.PkgInputSpec, packages map[string][]*m
p := assembler.IsDependencyIngest{
Pkg: topLevel,
DepPkg: fileNode,
DepPkgMatchFlag: getMatchFlagsFromPkgInput(fileNode),
DepPkgMatchFlag: GetMatchFlagsFromPkgInput(fileNode),
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeUnknown,
Justification: justification,
Expand Down Expand Up @@ -116,7 +116,7 @@ func CreateTopLevelHasSBOM(topLevel *model.PkgInputSpec, sbomDoc *processor.Docu
}
}

func getMatchFlagsFromPkgInput(p *model.PkgInputSpec) model.MatchFlags {
func GetMatchFlagsFromPkgInput(p *model.PkgInputSpec) model.MatchFlags {
matchFlags := model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions}
if p.Version != nil && *p.Version != "" {
matchFlags = model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion}
Expand Down
3 changes: 2 additions & 1 deletion pkg/ingestor/parser/deps_dev/deps_dev.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,11 @@ func (d *depsDevParser) GetPredicates(ctx context.Context) *assembler.IngestPred
preds.IsDependency = append(preds.IsDependency, assembler.IsDependencyIngest{
Pkg: isDepComp.CurrentPackageInput,
DepPkg: isDepComp.DepPackageInput,
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: common.GetMatchFlagsFromPkgInput(isDepComp.DepPackageInput),
IsDependency: isDepComp.IsDependency,
})
}
preds.HasSBOM = append(preds.HasSBOM, common.CreateTopLevelHasSBOM(d.packComponent.CurrentPackage, d.doc, helpers.PkgInputSpecToPurl(d.packComponent.CurrentPackage), d.packComponent.UpdateTime))

return preds
}
Expand Down
92 changes: 86 additions & 6 deletions pkg/ingestor/parser/deps_dev/deps_dev_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ package deps_dev

import (
"context"
"crypto/sha256"
"encoding/hex"
"reflect"
"testing"
"time"
Expand All @@ -26,6 +28,7 @@ import (
"github.com/guacsec/guac/internal/testing/testdata"
"github.com/guacsec/guac/pkg/assembler"
model "github.com/guacsec/guac/pkg/assembler/clients/generated"
"github.com/guacsec/guac/pkg/assembler/helpers"
"github.com/guacsec/guac/pkg/handler/processor"
"github.com/guacsec/guac/pkg/ingestor/parser/common"
"github.com/guacsec/guac/pkg/logging"
Expand All @@ -51,7 +54,9 @@ func TestNewDepsDevParser(t *testing.T) {
func Test_depsDevParser_Parse(t *testing.T) {
tm, _ := time.Parse(time.RFC3339, "2022-11-21T17:45:50.52Z")
ctx := logging.WithLogger(context.Background())

sha256sumNPMReact := sha256.Sum256([]byte(testdata.CollectedNPMReact))
sha256sumForeignTypes := sha256.Sum256([]byte(testdata.CollectedForeignTypes))
sha256sumYargsParser := sha256.Sum256([]byte(testdata.CollectedYargsParser))
tests := []struct {
name string
doc *processor.Document
Expand All @@ -75,7 +80,7 @@ func Test_depsDevParser_Parse(t *testing.T) {
Version: ptrfrom.String("1.4.0"),
Subpath: ptrfrom.String(""),
},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion},
DepPkg: &model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Expand All @@ -98,7 +103,7 @@ func Test_depsDevParser_Parse(t *testing.T) {
Version: ptrfrom.String("17.0.0"),
Subpath: ptrfrom.String(""),
},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion},
DepPkg: &model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Expand Down Expand Up @@ -128,7 +133,7 @@ func Test_depsDevParser_Parse(t *testing.T) {
Version: ptrfrom.String("4.1.1"),
Subpath: ptrfrom.String(""),
},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion},
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeDirect,
VersionRange: "^4.1.1",
Expand Down Expand Up @@ -207,6 +212,31 @@ func Test_depsDevParser_Parse(t *testing.T) {
},
},
},
HasSBOM: []assembler.HasSBOMIngest{
{
Pkg: &model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Name: "react",
Version: ptrfrom.String("17.0.0"),
Subpath: ptrfrom.String(""),
},
HasSBOM: &model.HasSBOMInputSpec{
Uri: helpers.PkgInputSpecToPurl(&model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Name: "react",
Version: ptrfrom.String("17.0.0"),
Subpath: ptrfrom.String(""),
}),
Algorithm: "sha256",
Digest: hex.EncodeToString(sha256sumNPMReact[:]),
KnownSince: tm.UTC(),
Origin: "",
Collector: "",
},
},
},
},
wantErr: false,
}, {
Expand Down Expand Up @@ -295,7 +325,7 @@ func Test_depsDevParser_Parse(t *testing.T) {
Version: ptrfrom.String("0.1.1"),
Subpath: ptrfrom.String(""),
},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion},
IsDependency: &model.IsDependencyInputSpec{
DependencyType: model.DependencyTypeDirect,
VersionRange: "^0.1",
Expand Down Expand Up @@ -352,6 +382,31 @@ func Test_depsDevParser_Parse(t *testing.T) {
},
},
},
HasSBOM: []assembler.HasSBOMIngest{
{
Pkg: &model.PkgInputSpec{
Type: "cargo",
Namespace: ptrfrom.String(""),
Name: "foreign-types",
Version: ptrfrom.String("0.3.2"),
Subpath: ptrfrom.String(""),
},
HasSBOM: &model.HasSBOMInputSpec{
Uri: helpers.PkgInputSpecToPurl(&model.PkgInputSpec{
Type: "cargo",
Namespace: ptrfrom.String(""),
Name: "foreign-types",
Version: ptrfrom.String("0.3.2"),
Subpath: ptrfrom.String(""),
}),
Algorithm: "sha256",
Digest: hex.EncodeToString(sha256sumForeignTypes[:]),
KnownSince: tm.UTC(),
Origin: "",
Collector: "",
},
},
},
},
wantErr: false,
}, {
Expand All @@ -372,7 +427,7 @@ func Test_depsDevParser_Parse(t *testing.T) {
Version: ptrfrom.String("4.2.1"),
Subpath: ptrfrom.String(""),
},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeAllVersions},
DepPkgMatchFlag: model.MatchFlags{Pkg: model.PkgMatchTypeSpecificVersion},
DepPkg: &model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Expand Down Expand Up @@ -437,6 +492,31 @@ func Test_depsDevParser_Parse(t *testing.T) {
},
},
},
HasSBOM: []assembler.HasSBOMIngest{
{
Pkg: &model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Name: "yargs-parser",
Version: ptrfrom.String("4.2.1"),
Subpath: ptrfrom.String(""),
},
HasSBOM: &model.HasSBOMInputSpec{
Uri: helpers.PkgInputSpecToPurl(&model.PkgInputSpec{
Type: "npm",
Namespace: ptrfrom.String(""),
Name: "yargs-parser",
Version: ptrfrom.String("4.2.1"),
Subpath: ptrfrom.String(""),
}),
Algorithm: "sha256",
Digest: hex.EncodeToString(sha256sumYargsParser[:]),
KnownSince: tm.UTC(),
Origin: "",
Collector: "",
},
},
},
},
wantErr: false,
}}
Expand Down

0 comments on commit de8350f

Please sign in to comment.