Skip to content

Commit

Permalink
TC-1689 Add 'rpmmod' package type (guacsec#129)
Browse files Browse the repository at this point in the history
Signed-off-by: mrizzi <[email protected]>
  • Loading branch information
mrizzi authored Sep 23, 2024
1 parent 840130f commit d03019f
Show file tree
Hide file tree
Showing 5 changed files with 76 additions and 1 deletion.
6 changes: 6 additions & 0 deletions demo/graphql/queries-trustification.gql
Original file line number Diff line number Diff line change
Expand Up @@ -409,3 +409,9 @@ query VulnerabilityIDNotFound {
__typename
}
}

query TC_1609_HasSBOM {
HasSBOM (hasSBOMSpec: {uri: "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod"}) {
...allHasSBOMTree
}
}
8 changes: 8 additions & 0 deletions internal/testing/e2e-trustification/e2e
Original file line number Diff line number Diff line change
Expand Up @@ -116,4 +116,12 @@ echo @@@@ Running TC_1609 queries and validating output
cat "$queries" | gql-cli http://localhost:8080/query -o TC_1609_FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .findDependentProduct[].subject.namespaces[]?.names[]?.versions[]?.qualifiers? |= sort | .findDependentProduct' > "${GUAC_DIR}/gotTC_1609_FindDependentProduct.json"
diff -u "${SCRIPT_DIR}/expectTC_1609_FindDependentProduct.json" "${GUAC_DIR}/gotTC_1609_FindDependentProduct.json"

echo @@@@ Ingesting TC-1689-spdx-rpmmod.json into server
time go run ./cmd/guacone collect files ${GUAC_DIR}/internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json;

echo @@@@ Running TC-1689 queries and validating output

cat "$queries" | gql-cli http://localhost:8080/query -o TC_1609_HasSBOM | jq --sort-keys 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .HasSBOM[] ' > "${GUAC_DIR}/gotTC_1689_HasSBOM.json"
diff -u "${SCRIPT_DIR}/expectTC_1689_HasSBOM.json" "${GUAC_DIR}/gotTC_1689_HasSBOM.json"

# Note: graphql_playground is left running, CI will clean it up
27 changes: 27 additions & 0 deletions internal/testing/e2e-trustification/expectTC_1689_HasSBOM.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{
"algorithm": "sha256",
"collector": "FileCollector",
"digest": "6240b3dd495214421ee3788069b58234bb8c1a27016bf65608560d0e2071a04c",
"subject": {
"__typename": "Package",
"namespaces": [
{
"names": [
{
"name": "sample-rpmmod",
"versions": [
{
"qualifiers": [],
"subpath": "",
"version": ""
}
]
}
],
"namespace": "spdx"
}
],
"type": "guac"
},
"uri": "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod"
}
34 changes: 34 additions & 0 deletions internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"SPDXID": "SPDXRef-DOCUMENT",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "2024-09-23T17:24:42Z"
},
"name": "sample-rpmmod",
"dataLicense": "CC0-1.0",
"documentDescribes": [
"SPDXRef-sample-rpmmod"
],
"documentNamespace": "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod",
"packages": [
{
"SPDXID": "SPDXRef-97f5899f-fb76-4ea9-819e-244f68b35bd9",
"copyrightText": "NOASSERTION",
"downloadLocation": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "PACKAGE_MANAGER",
"referenceLocator": "pkg:rpmmod/redhat/inkscape@flatpak:9000020220406181214:4a735dea",
"referenceType": "purl"
}
],
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"name": "inkscape",
"originator": "NOASSERTION",
"supplier": "Organization: Red Hat",
"versionInfo": "flatpak-9000020220406181214.4a735dea"
}
]
}
2 changes: 1 addition & 1 deletion pkg/assembler/helpers/purl.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ func purlConvert(p purl.PackageURL) (*model.PkgInputSpec, error) {
// so that they can be referenced with higher specificity in GUAC
//
// PURL types not defined in purl library handled generically
case "alpine", "alpm", "apk", "huggingface", "githubactions", "mlflow", "qpkg", "pub", "swid", PurlTypeGuac:
case "alpine", "alpm", "apk", "huggingface", "githubactions", "mlflow", "qpkg", "pub", "swid", PurlTypeGuac, "rpmmod":
fallthrough
// PURL types defined in purl library handled generically
case purl.TypeBitbucket, purl.TypeCocoapods, purl.TypeCargo,
Expand Down

0 comments on commit d03019f

Please sign in to comment.