From 56d0bc2aebbd2e78f1b81445292f2aee33ceb400 Mon Sep 17 00:00:00 2001 From: JimFuller-RedHat Date: Thu, 30 Jan 2025 16:13:26 +0100 Subject: [PATCH] remove old relationships --- entity/src/relationship.rs | 56 +++++-------------- .../src/m0000860_normalise_relationships.rs | 28 +++++----- modules/analysis/src/model/roots.rs | 18 +++--- modules/analysis/src/service/load.rs | 2 +- modules/fundamental/src/sbom/service/sbom.rs | 2 +- modules/fundamental/tests/sbom/graph.rs | 51 +++++++++-------- modules/fundamental/tests/sbom/spdx.rs | 4 +- modules/ingestor/src/graph/sbom/mod.rs | 7 ++- modules/ingestor/src/graph/sbom/spdx.rs | 11 ++-- 9 files changed, 78 insertions(+), 101 deletions(-) diff --git a/entity/src/relationship.rs b/entity/src/relationship.rs index 4cf9a2fa8..5fc068785 100644 --- a/entity/src/relationship.rs +++ b/entity/src/relationship.rs @@ -20,64 +20,36 @@ use std::fmt; // When adding a new variant, also add this to the "relationship" table. pub enum Relationship { #[sea_orm(num_value = 0)] - ContainedBy, + Contains, #[sea_orm(num_value = 1)] - DependencyOf, + Dependency, #[sea_orm(num_value = 2)] - DevDependencyOf, + DevDependency, #[sea_orm(num_value = 3)] - OptionalDependencyOf, + OptionalDependency, #[sea_orm(num_value = 4)] - ProvidedDependencyOf, + ProvidedDependency, #[sea_orm(num_value = 5)] - TestDependencyOf, + TestDependency, #[sea_orm(num_value = 6)] - RuntimeDependencyOf, + RuntimeDependency, #[sea_orm(num_value = 7)] - ExampleOf, + Example, #[sea_orm(num_value = 8)] - GeneratedFrom, + Generates, #[sea_orm(num_value = 9)] AncestorOf, #[sea_orm(num_value = 10)] - VariantOf, + Variant, #[sea_orm(num_value = 11)] - BuildToolOf, + BuildTool, #[sea_orm(num_value = 12)] - DevToolOf, + DevTool, #[sea_orm(num_value = 13)] - DescribedBy, + Describes, #[sea_orm(num_value = 14)] - PackageOf, + Package, #[sea_orm(num_value = 15)] - Contains, - #[sea_orm(num_value = 16)] - Dependency, - #[sea_orm(num_value = 17)] - DevDependency, - #[sea_orm(num_value = 18)] - OptionalDependency, - #[sea_orm(num_value = 19)] - ProvidedDependency, - #[sea_orm(num_value = 20)] - TestDependency, - #[sea_orm(num_value = 21)] - RuntimeDependency, - #[sea_orm(num_value = 22)] - Example, - #[sea_orm(num_value = 23)] - Generates, - #[sea_orm(num_value = 24)] - Variant, - #[sea_orm(num_value = 25)] - BuildTool, - #[sea_orm(num_value = 26)] - DevTool, - #[sea_orm(num_value = 27)] - Describes, - #[sea_orm(num_value = 28)] - Packages, - #[sea_orm(num_value = 29)] Undefined, } diff --git a/migration/src/m0000860_normalise_relationships.rs b/migration/src/m0000860_normalise_relationships.rs index e132346c3..9ebf207f6 100644 --- a/migration/src/m0000860_normalise_relationships.rs +++ b/migration/src/m0000860_normalise_relationships.rs @@ -3,20 +3,20 @@ use sea_orm_migration::prelude::*; #[derive(DeriveMigrationName)] pub struct Migration; const DATA: [(i32, &str); 14] = [ - (16, "Contains"), - (17, "Dependency"), - (18, "DevDependency"), - (19, "OptionalDependency"), - (20, "ProvidedDependency"), - (21, "TestDependency"), - (22, "RuntimeDependency"), - (23, "Example"), - (24, "Generates"), - (25, "Variant"), - (26, "BuildTool"), - (27, "DevTool"), - (28, "Describes"), - (29, "Packages"), + (0, "Contains"), + (1, "Dependency"), + (2, "DevDependency"), + (3, "OptionalDependency"), + (4, "ProvidedDependency"), + (5, "TestDependency"), + (6, "RuntimeDependency"), + (7, "Example"), + (8, "Generates"), + (10, "Variant"), + (11, "BuildTool"), + (12, "DevTool"), + (13, "Describes"), + (14, "Packages"), ]; #[async_trait::async_trait] diff --git a/modules/analysis/src/model/roots.rs b/modules/analysis/src/model/roots.rs index b2ef74a20..2d881700b 100644 --- a/modules/analysis/src/model/roots.rs +++ b/modules/analysis/src/model/roots.rs @@ -131,7 +131,7 @@ mod test { relationship: None, ancestors: Some(vec![Node { ancestors: Some(vec![]), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ..node("A") }]), descendants: None, @@ -142,7 +142,7 @@ mod test { result, vec![Node { base: base("A"), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ancestors: Some(vec![]), descendants: None, }] @@ -154,10 +154,10 @@ mod test { let result = vec![Node { ancestors: Some(vec![Node { base: base("AA"), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ancestors: Some(vec![Node { ancestors: Some(vec![]), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ..node("A") }]), descendants: None, @@ -170,7 +170,7 @@ mod test { result, vec![Node { base: base("A"), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ancestors: Some(vec![]), descendants: None, }] @@ -182,10 +182,10 @@ mod test { let result = vec![Node { ancestors: Some(vec![Node { base: base("AA"), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ancestors: Some(vec![Node { ancestors: Some(vec![]), - relationship: Some(Relationship::DependencyOf), + relationship: Some(Relationship::Dependency), // TODO: Is this right ? ..node("A") }]), descendants: None, @@ -197,8 +197,8 @@ mod test { assert_eq!( result, vec![vec![ - (&base("AA"), Relationship::DependencyOf), - (&base("A"), Relationship::DependencyOf), + (&base("AA"), Relationship::Dependency), // TODO: Is this right ? + (&base("A"), Relationship::Dependency), // TODO: Is this right ? ]] ); } diff --git a/modules/analysis/src/service/load.rs b/modules/analysis/src/service/load.rs index 5b386c050..936c03fb8 100644 --- a/modules/analysis/src/service/load.rs +++ b/modules/analysis/src/service/load.rs @@ -292,7 +292,7 @@ impl AnalysisService { nodes.get(&edge.left_node_id), nodes.get(&edge.right_node_id), ) { - if edge.relationship == Relationship::DescribedBy { + if edge.relationship == Relationship::Describes { describedby_node_id.push(*left); } diff --git a/modules/fundamental/src/sbom/service/sbom.rs b/modules/fundamental/src/sbom/service/sbom.rs index 9afaebe58..091474d3c 100644 --- a/modules/fundamental/src/sbom/service/sbom.rs +++ b/modules/fundamental/src/sbom/service/sbom.rs @@ -210,7 +210,7 @@ impl SbomService { paginated, Which::Right, SbomNodeReference::All, - Some(Relationship::DescribedBy), + Some(Relationship::Describes), // TODO: Is this right ? db, ) .await diff --git a/modules/fundamental/tests/sbom/graph.rs b/modules/fundamental/tests/sbom/graph.rs index 6f626264a..bb8e9e3da 100644 --- a/modules/fundamental/tests/sbom/graph.rs +++ b/modules/fundamental/tests/sbom/graph.rs @@ -18,7 +18,10 @@ async fn ingest_sboms(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { let sbom_v1 = system .ingest_sbom( - ("source", "http://sbom.com/test.json"), + ( + "sour// TODO: Is this right ?ce", + "http://sbom.com/test.json", + ), &Digests::digest("8"), Some("a".to_string()), (), @@ -208,52 +211,52 @@ async fn transitive_dependency_of(ctx: &TrustifyContext) -> Result<(), anyhow::E sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/transitive-b@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/transitive-a@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/transitive-b@1.2.3")?, &ctx.db, ) .await?; sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/transitive-c@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/transitive-b@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/transitive-c@1.2.3")?, &ctx.db, ) .await?; sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/transitive-d@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/transitive-c@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/transitive-d@1.2.3")?, &ctx.db, ) .await?; sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/transitive-e@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/transitive-c@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/transitive-e@1.2.3")?, &ctx.db, ) .await?; sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/transitive-d@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/transitive-b@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/transitive-d@1.2.3")?, &ctx.db, ) .await?; let _results = sbom1 .related_packages_transitively( - &[Relationship::DependencyOf], + &[Relationship::Dependency], &"pkg:maven/io.quarkus/transitive-a@1.2.3".try_into()?, &ctx.db, ) @@ -282,9 +285,9 @@ async fn ingest_package_relates_to_package_dependency_of( sbom1 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/quarkus-postgres@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/quarkus-core@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/quarkus-postgres@1.2.3")?, &ctx.db, ) .await?; @@ -301,9 +304,9 @@ async fn ingest_package_relates_to_package_dependency_of( sbom2 .ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/quarkus-sqlite@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/quarkus-core@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/quarkus-sqlite@1.2.3")?, &ctx.db, ) .await?; @@ -311,7 +314,7 @@ async fn ingest_package_relates_to_package_dependency_of( let dependencies = fetch .related_packages( sbom1.sbom.sbom_id, - Relationship::DependencyOf, + Relationship::Dependency, "pkg:maven/io.quarkus/quarkus-core@1.2.3", &ctx.db, ) @@ -334,7 +337,7 @@ async fn ingest_package_relates_to_package_dependency_of( let dependencies = fetch .related_packages( sbom2.sbom.sbom_id, - Relationship::DependencyOf, + Relationship::Dependency, "pkg:maven/io.quarkus/quarkus-core@1.2.3", &ctx.db, ) @@ -381,27 +384,27 @@ async fn sbom_vulnerabilities(ctx: &TrustifyContext) -> Result<(), anyhow::Error log::debug!("-------------------- B"); sbom.ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/quarkus-core@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:oci/my-app@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/quarkus-core@1.2.3")?, &ctx.db, ) .await?; log::debug!("-------------------- C"); sbom.ingest_package_relates_to_package( - Purl::from_str("pkg:maven/io.quarkus/quarkus-postgres@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/quarkus-core@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/io.quarkus/quarkus-postgres@1.2.3")?, &ctx.db, ) .await?; log::debug!("-------------------- D"); sbom.ingest_package_relates_to_package( - Purl::from_str("pkg:maven/postgres/postgres-driver@1.2.3")?, - Relationship::DependencyOf, Purl::from_str("pkg:maven/io.quarkus/quarkus-postgres@1.2.3")?, + Relationship::Dependency, + Purl::from_str("pkg:maven/postgres/postgres-driver@1.2.3")?, &ctx.db, ) .await?; diff --git a/modules/fundamental/tests/sbom/spdx.rs b/modules/fundamental/tests/sbom/spdx.rs index 17e2535eb..dbc00bafe 100644 --- a/modules/fundamental/tests/sbom/spdx.rs +++ b/modules/fundamental/tests/sbom/spdx.rs @@ -57,7 +57,7 @@ async fn parse_spdx_quarkus(ctx: &TrustifyContext) -> Result<(), anyhow::Error> let contains = service .related_packages( sbom.sbom.sbom_id, - Relationship::ContainedBy, + Relationship::Contains, // TODO: Is this right ? first, &ctx.db, ) @@ -93,7 +93,7 @@ async fn test_parse_spdx(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { Default::default(), Which::Right, first, - Some(Relationship::ContainedBy), + Some(Relationship::Contains), //TODO: Is this right ? &ctx.db, ) .await? diff --git a/modules/ingestor/src/graph/sbom/mod.rs b/modules/ingestor/src/graph/sbom/mod.rs index f6abf02b5..2d79f43fc 100644 --- a/modules/ingestor/src/graph/sbom/mod.rs +++ b/modules/ingestor/src/graph/sbom/mod.rs @@ -492,7 +492,7 @@ impl SbomContext { fn query_describes_packages(&self) -> Select { sbom_package::Entity::find() .filter(sbom::Column::SbomId.eq(self.sbom.sbom_id)) - .filter(package_relates_to_package::Column::Relationship.eq(Relationship::DescribedBy)) + .filter(package_relates_to_package::Column::Relationship.eq(Relationship::Describes)) .select_only() .join(JoinType::Join, sbom_package::Relation::Sbom.def()) .join(JoinType::Join, sbom_package::Relation::Node.def()) @@ -663,7 +663,7 @@ impl SbomContext { ) -> anyhow::Result<()> { self.ingest_package_relates_to_package( RelationshipReference::Root, - Relationship::DescribedBy, + Relationship::Describes, RelationshipReference::Purl(package), connection, ) @@ -678,8 +678,9 @@ impl SbomContext { connection: &C, ) -> anyhow::Result<()> { self.ingest_package_relates_to_package( + // TODO: Is this right ? RelationshipReference::Root, - Relationship::DescribedBy, + Relationship::Describes, RelationshipReference::Cpe(cpe), connection, ) diff --git a/modules/ingestor/src/graph/sbom/spdx.rs b/modules/ingestor/src/graph/sbom/spdx.rs index eb8d96797..9cb1dca5e 100644 --- a/modules/ingestor/src/graph/sbom/spdx.rs +++ b/modules/ingestor/src/graph/sbom/spdx.rs @@ -74,12 +74,13 @@ impl SbomContext { for described in sbom_data.document_creation_information.document_describes { relationships.relate( - described, - Relationship::DescribedBy, + // TODO: Is this right ? sbom_data .document_creation_information .spdx_identifier .clone(), + Relationship::Describes, + described, ); product_packages.push( sbom_data @@ -96,8 +97,8 @@ impl SbomContext { relationships.relate(left.to_string(), rel, right.to_string()); - if rel == Relationship::DescribedBy { - product_packages.push(left.to_string()); + if rel == Relationship::Describes { + product_packages.push(right.to_string()); // TODO: Is this right ? } } @@ -267,7 +268,7 @@ impl<'spdx> TryFrom<(&'spdx str, &'spdx RelationshipType, &'spdx str)> for SpdxR RelationshipType::OptionalDependencyOf => { Ok((right, Relationship::OptionalDependency, left)) } - RelationshipType::PackageOf => Ok((right, Relationship::Packages, left)), + RelationshipType::PackageOf => Ok((right, Relationship::Package, left)), RelationshipType::ProvidedDependencyOf => { Ok((right, Relationship::ProvidedDependency, left)) }