Skip to content

Commit

Permalink
Updated based on code review
Browse files Browse the repository at this point in the history 
Signed-off-by: nathannaveen <[email protected]>
  • Loading branch information
@nathannaveen
nathannaveen committed Feb 7, 2025
1 parent a1a91c8 commit baa43fb
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 11 deletions.
4 changes: 3 additions & 1 deletion pkg/guacrest/openapi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,9 @@ paths:
get:
summary: Get dependencies for a specific Package URL (purl)
description: >
This endpoint will find all dependencies of the purl passed in.
This endpoint will find all dependencies of the purl passed in, including both direct
and indirect (transitive) dependencies. For example, if package A depends on B, and B
depends on C, then requesting dependencies for A will return both B and C.
operationId: getPackageDeps
parameters:
- name: purl
Expand Down
21 changes: 12 additions & 9 deletions pkg/guacrest/server/retrieveDependencies_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,10 @@ package server_test
import (
stdcmp "cmp"
"context"
gen "github.com/guacsec/guac/pkg/guacrest/generated"
"testing"

gen "github.com/guacsec/guac/pkg/guacrest/generated"

. "github.com/guacsec/guac/internal/testing/graphqlClients"
_ "github.com/guacsec/guac/pkg/assembler/backends/keyvalue"
"github.com/guacsec/guac/pkg/guacrest/server"
Expand Down Expand Up @@ -76,7 +77,7 @@ func Test_RetrieveDependencies_ByPurl(t *testing.T) {
data: GuacData{
Packages: []string{"pkg:guac/foo", "pkg:guac/bar"},
Artifacts: []string{"sha-xyz"},
HasSboms: []HasSbom{{Subject: "sha-xyz", IncludedSoftware: []string{"pkg:guac/bar"}}},
HasSboms: []HasSbom{{Subject: "pkg:guac/foo", IncludedSoftware: []string{"pkg:guac/bar"}}},
IsOccurrences: []IsOccurrence{{Subject: "pkg:guac/foo", Artifact: "sha-xyz"}},
},
purl: "pkg:guac/foo",
Expand Down Expand Up @@ -239,7 +240,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
expectedByDigest []string
}{
{
name: "Artifact -> SBOM -> package",
name: "Digest -> SBOM -> package",
data: GuacData{
Packages: []string{"pkg:guac/bar"},
Artifacts: []string{"sha-xyz"},
Expand Down Expand Up @@ -299,7 +300,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
expectedByDigest: []string{"pkg:guac/foo"},
},
{
name: "Artifact -> hashEqual -> digest, digest",
name: "Artifact -> hashEqual -> artifact, artifact",
data: GuacData{
Packages: []string{"pkg:guac/foo", "pkg:guac/bar"},
Artifacts: []string{"sha-123", "sha-456", "sha-789"},
Expand All @@ -316,7 +317,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
expectedByDigest: []string{"pkg:guac/foo", "pkg:guac/bar"},
},
{
name: "digest -> SLSA -> digest -> occurrence -> package",
name: "artifact -> SLSA -> artifact -> occurrence -> package",
data: GuacData{
Packages: []string{"pkg:guac/foo"},
Artifacts: []string{"sha-123", "sha-xyz"},
Expand All @@ -328,7 +329,7 @@ func Test_RetrieveDependencies_ByDigest(t *testing.T) {
expectedByDigest: []string{"pkg:guac/foo"},
},
{
name: "digest -> SLSA -> digest, digest",
name: "artifact -> SLSA -> artifact, artifact",
data: GuacData{
Packages: []string{"pkg:guac/foo", "pkg:guac/bar"},
Artifacts: []string{"sha-123", "sha-xyz", "sha-abc"},
Expand Down Expand Up @@ -492,6 +493,9 @@ func Test_ClientErrorsForArtifact(t *testing.T) {
digest: "sha-abc",
}, {
name: "Neither Purl nor Digest provided",
}, {
name: "Badly formatted digest - missing algorithm prefix",
digest: "abcdef123456", // Missing sha256: or similar prefix
}}

for _, tt := range tests {
Expand All @@ -502,12 +506,11 @@ func Test_ClientErrorsForArtifact(t *testing.T) {

res, err := restApi.GetArtifactDeps(ctx, gen.GetArtifactDepsRequestObject{Digest: tt.digest})
if err != nil {
t.Fatalf("RetrieveDependencies returned unexpected error: %v", err)
t.Fatalf("GetArtifactDeps returned unexpected error: %v", err)
}
if _, ok := res.(gen.GetArtifactDeps400JSONResponse); !ok {
t.Fatalf("Did not receive a 400 Response: recieved %v of type %T", res, res)
t.Fatalf("Did not receive a 400 Response: received %v of type %T", res, res)
}

})
}
}
6 changes: 5 additions & 1 deletion pkg/guacrest/server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,11 @@ func (s *DefaultServer) AnalyzeDependencies(ctx context.Context, request gen.Ana
}

func (s *DefaultServer) GetPackagePurls(ctx context.Context, request gen.GetPackagePurlsRequestObject) (gen.GetPackagePurlsResponseObject, error) {
return gen.GetPackagePurls200JSONResponse{}, nil
return gen.GetPackagePurls500JSONResponse{
InternalServerErrorJSONResponse: gen.InternalServerErrorJSONResponse{
Message: "GetPackagePurls not implemented",
},
}, nil
}

func (s *DefaultServer) GetPackageVulns(ctx context.Context, request gen.GetPackageVulnsRequestObject) (gen.GetPackageVulnsResponseObject, error) {
Expand Down

0 comments on commit baa43fb

Please sign in to comment.