Updated based on code review

Signed-off-by: nathannaveen <[email protected]>
guacsec · Feb 7, 2025 · 631fe64 · 631fe64
1 parent bee7d8c
commit 631fe64
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 42 deletions.
diff --git a/pkg/guacrest/generated/spec.go b/pkg/guacrest/generated/spec.go
diff --git a/pkg/guacrest/openapi.yaml b/pkg/guacrest/openapi.yaml
@@ -118,7 +118,9 @@ paths:
     get:
       summary: Get dependencies for a specific Package URL (purl)
       description: >
-        This endpoint will find all dependencies of the purl passed in.
+        This endpoint will find all dependencies of the purl passed in, including both direct 
+        and indirect (transitive) dependencies. For example, if package A depends on B, and B 
+        depends on C, then requesting dependencies for A will return both B and C.
       operationId: getPackageDeps
       parameters:
         - name: purl

diff --git a/pkg/guacrest/server/retrieveDependencies_test.go b/pkg/guacrest/server/retrieveDependencies_test.go
@@ -16,9 +16,10 @@ package server_test
 import (
 	stdcmp "cmp"
 	"context"
-	gen "github.com/guacsec/guac/pkg/guacrest/generated"
 	"testing"
 
+	gen "github.com/guacsec/guac/pkg/guacrest/generated"
+
 	. "github.com/guacsec/guac/internal/testing/graphqlClients"
 	_ "github.com/guacsec/guac/pkg/assembler/backends/keyvalue"
 	"github.com/guacsec/guac/pkg/guacrest/server"
@@ -76,7 +77,7 @@ func Test_RetrieveDependencies_ByPurl(t *testing.T) {
 			data: GuacData{
 				Packages:      []string{"pkg:guac/foo", "pkg:guac/bar"},
 				Artifacts:     []string{"sha-xyz"},
-				HasSboms:      []HasSbom{{Subject: "sha-xyz", IncludedSoftware: []string{"pkg:guac/bar"}}},
+				HasSboms:      []HasSbom{{Subject: "pkg:guac/foo", IncludedSoftware: []string{"pkg:guac/bar"}}},
 				IsOccurrences: []IsOccurrence{{Subject: "pkg:guac/foo", Artifact: "sha-xyz"}},
 			},
 			purl:           "pkg:guac/foo",
@@ -239,7 +240,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
 		expectedByDigest []string
 	}{
 		{
-			name: "Artifact -> SBOM -> package",
+			name: "Digest -> SBOM -> package",
 			data: GuacData{
 				Packages:  []string{"pkg:guac/bar"},
 				Artifacts: []string{"sha-xyz"},
@@ -299,7 +300,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
 			expectedByDigest: []string{"pkg:guac/foo"},
 		},
 		{
-			name: "Artifact -> hashEqual -> digest, digest",
+			name: "Artifact -> hashEqual -> artifact, artifact",
 			data: GuacData{
 				Packages:  []string{"pkg:guac/foo", "pkg:guac/bar"},
 				Artifacts: []string{"sha-123", "sha-456", "sha-789"},
@@ -316,7 +317,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
 			expectedByDigest: []string{"pkg:guac/foo", "pkg:guac/bar"},
 		},
 		{
-			name: "digest -> SLSA -> digest -> occurrence -> package",
+			name: "artifact -> SLSA -> artifact -> occurrence -> package",
 			data: GuacData{
 				Packages:      []string{"pkg:guac/foo"},
 				Artifacts:     []string{"sha-123", "sha-xyz"},
@@ -328,7 +329,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
 			expectedByDigest: []string{"pkg:guac/foo"},
 		},
 		{
-			name: "digest -> SLSA -> digest, digest",
+			name: "artifact -> SLSA -> artifact, artifact",
 			data: GuacData{
 				Packages:  []string{"pkg:guac/foo", "pkg:guac/bar"},
 				Artifacts: []string{"sha-123", "sha-xyz", "sha-abc"},
@@ -492,6 +493,9 @@ func Test_ClientErrorsForArtifact(t *testing.T) {
 		digest: "sha-abc",
 	}, {
 		name: "Neither Purl nor Digest provided",
+	}, {
+		name:   "Badly formatted digest - missing algorithm prefix",
+		digest: "abcdef123456", // Missing sha256: or similar prefix
 	}}
 
 	for _, tt := range tests {
@@ -502,12 +506,11 @@ func Test_ClientErrorsForArtifact(t *testing.T) {
 
 			res, err := restApi.GetArtifactDeps(ctx, gen.GetArtifactDepsRequestObject{Digest: tt.digest})
 			if err != nil {
-				t.Fatalf("RetrieveDependencies returned unexpected error: %v", err)
+				t.Fatalf("GetArtifactDeps returned unexpected error: %v", err)
 			}
 			if _, ok := res.(gen.GetArtifactDeps400JSONResponse); !ok {
-				t.Fatalf("Did not receive a 400 Response: recieved %v of type %T", res, res)
+				t.Fatalf("Did not receive a 400 Response: received %v of type %T", res, res)
 			}
-
 		})
 	}
 }
diff --git a/pkg/guacrest/server/server.go b/pkg/guacrest/server/server.go
@@ -102,11 +102,19 @@ func (s *DefaultServer) AnalyzeDependencies(ctx context.Context, request gen.Ana
 }
 
 func (s *DefaultServer) GetPackagePurls(ctx context.Context, request gen.GetPackagePurlsRequestObject) (gen.GetPackagePurlsResponseObject, error) {
-	return gen.GetPackagePurls200JSONResponse{}, nil
+	return gen.GetPackagePurls500JSONResponse{
+		InternalServerErrorJSONResponse: gen.InternalServerErrorJSONResponse{
+			Message: "GetPackagePurls not implemented",
+		},
+	}, nil
 }
 
 func (s *DefaultServer) GetPackageVulns(ctx context.Context, request gen.GetPackageVulnsRequestObject) (gen.GetPackageVulnsResponseObject, error) {
-	return gen.GetPackageVulns200JSONResponse{}, nil
+	return gen.GetPackageVulns500JSONResponse{
+		InternalServerErrorJSONResponse: gen.InternalServerErrorJSONResponse{
+			Message: "GetPackageVulns not implemented",
+		},
+	}, nil
 }
 
 func (s *DefaultServer) GetPackageDeps(ctx context.Context, request gen.GetPackageDepsRequestObject) (gen.GetPackageDepsResponseObject, error) {
@@ -139,7 +147,11 @@ func (s *DefaultServer) GetPackageDeps(ctx context.Context, request gen.GetPacka
 }
 
 func (s *DefaultServer) GetArtifactVulns(ctx context.Context, request gen.GetArtifactVulnsRequestObject) (gen.GetArtifactVulnsResponseObject, error) {
-	return gen.GetArtifactVulns200JSONResponse{}, nil
+	return gen.GetArtifactVulns500JSONResponse{
+		InternalServerErrorJSONResponse: gen.InternalServerErrorJSONResponse{
+			Message: "GetArtifactVulns not implemented",
+		},
+	}, nil
 }
 
 func (s *DefaultServer) GetArtifactDeps(ctx context.Context, request gen.GetArtifactDepsRequestObject) (gen.GetArtifactDepsResponseObject, error) {