Updated based on code review

Signed-off-by: nathannaveen <[email protected]>
guacsec · Dec 4, 2024 · 1f419a5 · 1f419a5
1 parent 0577c13
commit 1f419a5
Show file tree

Hide file tree

Showing 6 changed files with 335 additions and 345 deletions.
diff --git a/pkg/guacrest/generated/server.go b/pkg/guacrest/generated/server.go
diff --git a/pkg/guacrest/generated/spec.go b/pkg/guacrest/generated/spec.go
diff --git a/pkg/guacrest/openapi.yaml b/pkg/guacrest/openapi.yaml
@@ -61,6 +61,8 @@ paths:
       description: >
         If a partial purl, pkg:foo/bar is passed in, then it would find all purls 
         associated with the given purl, such as pkg:foo/[email protected], and pkg:foo/[email protected].
+        Searching via qualifiers is similar. If searching for pkg:foo/bar@a=b 
+        the endpoint will return both pkg:foo/bar@a=b and pkg:foo/bar@c=d&a=b.
       operationId: getPackagePurls
       parameters:
         - name: purl
@@ -82,12 +84,9 @@ paths:
     get:
       summary: Get vulnerabilities for a Package URL (purl)
       description: >
-        If a partial purl is passed in, then it will find all associated purls 
-        and find vulnerabilities of those. For example, if the partial purl 
-        pkg:foo/bar is passed in, it would find all purls associated with 
-        pkg:foo/bar, such as pkg:foo/[email protected], and pkg:foo/[email protected]. This endpoint 
-        will then find all vulnerabilities for these purls. If the `includeDependencies`
-        flag is set to true, it will also include vulnerabilities of the dependencies.
+        This endpoint will find all vulnerabilities for the purl passed in. 
+        If the `includeDependencies` flag is set to true, it will also include 
+        vulnerabilities of the dependencies of the purl passed in.
       operationId: getPackageVulns
       parameters:
         - name: purl
@@ -119,11 +118,7 @@ paths:
     get:
       summary: Get dependencies for a specific Package URL (purl)
       description: >
-        If a partial purl is passed in, then it will find all associated purls 
-        and find the dependencies of those. For example, if the partial purl 
-        pkg:foo/bar is passed in, it would find all purls associated with 
-        pkg:foo/bar, such as pkg:foo/[email protected], and pkg:foo/[email protected]. This endpoint 
-        will then find all dependencies for these purls.
+        This endpoint will find all dependencies of the purl passed in.
       operationId: getPackageDeps
       parameters:
         - name: purl
@@ -143,7 +138,7 @@ paths:
           $ref: "#/components/responses/BadGateway"
   "/v0/artifact/{digest}/vulns":
     get:
-      summary: Get vulnerabilities for a specific digest
+      summary: Get vulnerabilities for an artifact, identified by a digest
       operationId: getArtifactVulns
       parameters:
         - name: digest
@@ -163,7 +158,7 @@ paths:
           $ref: "#/components/responses/BadGateway"
   "/v0/artifact/{digest}/dependencies":
     get:
-      summary: Get dependencies for a specific digest
+      summary: Get dependencies for an artifact, identified by a digest
       operationId: getArtifactDeps
       parameters:
         - name: digest

diff --git a/pkg/guacrest/server/retrieveDependencies.go b/pkg/guacrest/server/retrieveDependencies.go
@@ -18,8 +18,6 @@ package server
 import (
 	"context"
 	"fmt"
-	"net/url"
-
 	gql "github.com/guacsec/guac/pkg/assembler/clients/generated"
 	assembler_helpers "github.com/guacsec/guac/pkg/assembler/helpers"
 	"github.com/guacsec/guac/pkg/guacrest/helpers"
@@ -43,7 +41,7 @@ type edgeGen interface {
 	getEquivalentNodes(ctx context.Context, v node) ([]node, error)
 }
 
-// byDigest is a edgeGen that observes relationships between noun when they are
+// byDigest is an edgeGen that observes relationships between nouns when they are
 // linked by digest.
 //
 // The dependency edges are:
@@ -355,11 +353,7 @@ func GetDepsForPackage(
 	purl string,
 ) (map[string]string, error) {
 	// Find the start node
-	unescapedPurl, err := url.QueryUnescape(purl)
-	if err != nil {
-		return nil, fmt.Errorf("failed to unescape package url: %w", err)
-	}
-	pkg, err := helpers.FindPackageWithPurl(ctx, gqlClient, unescapedPurl)
+	pkg, err := helpers.FindPackageWithPurl(ctx, gqlClient, purl)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find package with purl: %w", err)
 	}
@@ -387,11 +381,7 @@ func GetDepsForArtifact(
 	digest string,
 ) (map[string]string, error) {
 	// Find the start node
-	unescapedDigest, err := url.QueryUnescape(digest)
-	if err != nil {
-		return nil, fmt.Errorf("failed to unescape digest: %w", err)
-	}
-	art, err := helpers.FindArtifactWithDigest(ctx, gqlClient, unescapedDigest)
+	art, err := helpers.FindArtifactWithDigest(ctx, gqlClient, digest)
 	if err != nil {
 		return nil, fmt.Errorf("failed to find digest: %w", err)
 	}