TC-1642 Fix VulnerabilityID not found (guacsec#128)

Signed-off-by: mrizzi <[email protected]>
mrizzi · Sep 20, 2024 · 840130f · 840130f
1 parent a577a7b
commit 840130f
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 3 deletions.
diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql
@@ -403,3 +403,9 @@ query CVE_2023_1664 {
     documentRef
   }
 }
+
+query VulnerabilityIDNotFound {
+  findTopLevelPackagesRelatedToVulnerability (vulnerabilityID:"CVE") {
+    __typename
+  }
+}
diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e
@@ -93,6 +93,9 @@ diff -u "${SCRIPT_DIR}/expectFindRelatedProductsCount.json" "${GUAC_DIR}/gotFind
 cat "$queries" | gql-cli http://localhost:8080/query -o FindRelatedProducts | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability[] ' > "${GUAC_DIR}/gotFindRelatedProducts.json"
 diff -u <(sort "${SCRIPT_DIR}/expectFindRelatedProducts.json") <(sort "${GUAC_DIR}/gotFindRelatedProducts.json")
 
+cat "$queries" | gql-cli http://localhost:8080/query -o VulnerabilityIDNotFound | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability ' > "${GUAC_DIR}/gotVulnerabilityIDNotFound.json"
+diff -u "${SCRIPT_DIR}/expectVulnerabilityIDNotFound.json" "${GUAC_DIR}/gotVulnerabilityIDNotFound.json"
+
 cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .findDependentProduct | sort_by(.digest)' > "${GUAC_DIR}/gotFindDependentProduct.json"
 diff -u "${SCRIPT_DIR}/expectFindDependentProduct.json" "${GUAC_DIR}/gotFindDependentProduct.json"
 

diff --git a/internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json b/internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json
@@ -0,0 +1 @@
+[]
diff --git a/pkg/assembler/backends/ent/backend/search.go b/pkg/assembler/backends/ent/backend/search.go
@@ -156,11 +156,15 @@ func (b *EntBackend) FindTopLevelPackagesRelatedToVulnerability(ctx context.Cont
 				})
 		}).
 		Only(ctx)
-	if err != nil {
-		return nil, gqlerror.Errorf("error querying for SBOMs related to %v due to : %v", vulnerabilityID, err)
-	}
 	// build the output result backward compatible with the previous version
 	var result [][]model.Node
+	if err != nil {
+		if ent.IsNotFound(err) {
+			return result, nil
+		} else {
+			return nil, gqlerror.Errorf("error querying for SBOMs related to %v due to : %v", vulnerabilityID, err)
+		}
+	}
 	// Vex has priority over Vuln just for consistency with previous implementation, but it could be changed
 	if len(vulnerability.Edges.Vex) > 0 {
 		for _, vex := range vulnerability.Edges.Vex {