Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare release 0.2.1 #1193

Merged
merged 41 commits into from
Jan 23, 2025
+8,905 −3,027
Merged

Prepare release 0.2.1 #1193

Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
0693b5c
feat: allow locating by CPE
ctron Jan 14, 2025
52fce44
feat: add a way to find related SBOMs by CPE
ctron Jan 14, 2025
3f16a24
chore: cleanup
ctron Jan 16, 2025
75e5190
test: add or amend some test for CPE
ctron Jan 16, 2025
280ad9e
chore: add purl and cpe identity ingestion for cdx
ctron Jan 17, 2025
7233612
chore: rework cdx ingestion to also ingest some pedigree information
ctron Jan 17, 2025
99002aa
test: add test for aliases on ancestor
ctron Jan 17, 2025
3f0d86a
chore: relax urlencoding on purl qualifier values
ctron Jan 17, 2025
c7be980
test: enable one more test after not having a global instance
ctron Jan 17, 2025
2d16653
allow more relationships in analysis graph
JimFuller-RedHat Jan 17, 2025
e3783b2
OSV loader: set properly VersionScheme in version_range
mrizzi Jan 17, 2025
a4b12cd
fix: /api/v2/purl/{purl} now honors qualifiers, or lack thereof
jcrossley3 Jan 17, 2025
9573043
Refactor the purl_by's a bit
jcrossley3 Jan 17, 2025
38740d1
Add unit test affirming TC-2051
jcrossley3 Jan 20, 2025
63f9ada
feat: create VariantOf relationship from cdx pedigree/variants
jcrossley3 Jan 20, 2025
7d39379
refactor: re-use some code, add endpoint for single component
ctron Jan 20, 2025
31acd1f
chore: regenerate api spec
ctron Jan 20, 2025
532a12a
feat: create AncestorOf relationship from cdx pedigree/ancestors
jcrossley3 Jan 20, 2025
a532dd8
Clarify the parent and child purl's in the unit test
jcrossley3 Jan 21, 2025
009295b
Add unit test affirming TC-2053
jcrossley3 Jan 21, 2025
3096472
test: add test for load performance
ctron Jan 21, 2025
843b26b
chore: start working on performance
ctron Jan 21, 2025
40d1c42
chore: work on graph loading performance
ctron Jan 20, 2025
e0c5ba7
chore: fix up tests after graph load changes
ctron Jan 21, 2025
cd155b7
chore: make clippy happy
ctron Jan 21, 2025
3e46969
Revert exposing relationships via /api/v2/purl endpoint
jcrossley3 Jan 21, 2025
4c4e8be
Rename tests to reflect their use instead of downstream issue #'s
jcrossley3 Jan 21, 2025
372228f
Update openapi.yaml after removing relationships from purl endpoint
jcrossley3 Jan 21, 2025
6470938
clippiness
jcrossley3 Jan 21, 2025
c9b7fe4
fix: infinite loop when invalid file passed to Format::from_bytes
jcrossley3 Jan 21, 2025
1c1f900
clipilicious
jcrossley3 Jan 21, 2025
ca799fa
Add support for spdx "relationshipType": "PACKAGE_OF"
chirino Jan 21, 2025
f54d171
Apply suggestions from code review
chirino Jan 21, 2025
b048e4b
fix: sbom license migration to update nulls
dejanb Jan 21, 2025
efc14da
fix: report CPE parsing as "bad request"
ctron Jan 22, 2025
cdb4d9d
Affirm AncestorOf relationship for SPDX files
jcrossley3 Jan 22, 2025
27e5482
feat: Seeing OTEL traces at development time
helio-frota Jan 22, 2025
feb530a
fix(analysis): aggregate in way that we don't have duplicate purls/cpes
ctron Jan 23, 2025
616bbf0
chore: update Rust to 1.84
ctron Jan 23, 2025
3ba71e4
chore: prepare release 0.2.1
ctron Jan 23, 2025
1cdbc77
test: fix up license test after dependency update
ctron Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Revert exposing relationships via /api/v2/purl endpoint 
Signed-off-by: Jim Crossley <[email protected]>
@jcrossley3
jcrossley3 committed Jan 21, 2025

Verified

This commit was signed with the committer’s verified signature.
erikmd Erik Martin-Dorel
GPG key ID: 9ED87DA01733593F
Verified
Learn about vigilant mode
commit 3e469698197f8879e407f1ccf7551d93d48e1e51
20 changes: 0 additions & 20 deletions modules/fundamental/src/purl/endpoints/test.rs
View file
Original file line number Diff line number Diff line change
@@ -346,23 +346,3 @@ async fn package_with_status(ctx: &TrustifyContext) -> Result<(), anyhow::Error>

Ok(())
}

#[test_context(TrustifyContext)]
#[test(actix_web::test)]
async fn purl_relationships(ctx: &TrustifyContext) -> Result<(), anyhow::Error> {
let app = caller(ctx).await?;
ctx.ingest_documents(["cyclonedx/openssl-3.0.7-18.el9_2.cdx_1.6.sbom.json"])
.await?;

let src = "pkg:rpm/redhat/[email protected]_2?arch=src";
let bin = "pkg:rpm/redhat/[email protected]_2?arch=x86_64";

let uri = format!("/api/v2/purl/{}", urlencoding::encode(bin));
let request = TestRequest::get().uri(&uri).to_request();
let response: Value = app.call_and_read_body_json(request).await;
log::debug!("{response:#?}");

assert_eq!(src, response["relationships"]["generated_from"][0]);

Ok(())
}
24 changes: 4 additions & 20 deletions modules/fundamental/src/purl/model/details/purl.rs
View file
Original file line number Diff line number Diff line change
@@ -21,10 +21,10 @@ use trustify_common::{
};
use trustify_cvss::cvss3::{score::Score, severity::Severity, Cvss3Base};
use trustify_entity::{
advisory, base_purl, cpe, cvss3, license, organization, package_relates_to_package, product,
product_status, product_version, product_version_range, purl_license_assertion, purl_status,
qualified_purl, relationship::Relationship, sbom, sbom_package, sbom_package_purl_ref, status,
version_range, versioned_purl, vulnerability,
advisory, base_purl, cpe, cvss3, license, organization, product, product_status,
product_version, product_version_range, purl_license_assertion, purl_status, qualified_purl,
sbom, sbom_package, sbom_package_purl_ref, status, version_range, versioned_purl,
vulnerability,
};
use trustify_module_ingestor::common::{Deprecation, DeprecationForExt};
use utoipa::ToSchema;
@@ -38,7 +38,6 @@ pub struct PurlDetails {
pub base: BasePurlHead,
pub advisories: Vec<PurlAdvisory>,
pub licenses: Vec<PurlLicenseSummary>,
pub relationships: HashMap<Relationship, Vec<String>>,
}

impl PurlDetails {
@@ -115,27 +114,12 @@ impl PurlDetails {
.all(tx)
.await?;

let relationships: HashMap<Relationship, Vec<_>> =
package_relates_to_package::Entity::find()
.filter(
package_relates_to_package::Column::LeftNodeId
.eq(qualified_package.purl.to_string()),
)
.all(tx)
.await?
.into_iter()
.fold(HashMap::new(), |mut h, m| {
h.entry(m.relationship).or_default().push(m.right_node_id);
h
});

Ok(PurlDetails {
head: PurlHead::from_entity(&package, &package_version, qualified_package, tx).await?,
version: VersionedPurlHead::from_entity(&package, &package_version, tx).await?,
base: BasePurlHead::from_entity(&package).await?,
advisories: PurlAdvisory::from_entities(purl_statuses, product_statuses, tx).await?,
licenses: PurlLicenseSummary::from_entities(&licenses, tx).await?,
relationships,
})
}
}