From aaf1893f187f1b526b23de20102024465a869e36 Mon Sep 17 00:00:00 2001 From: Jim Crossley Date: Tue, 21 Jan 2025 11:49:31 -0500 Subject: [PATCH 1/4] Revert exposing relationships via /api/v2/purl endpoint Signed-off-by: Jim Crossley --- .../fundamental/src/purl/endpoints/test.rs | 20 ---------------- .../src/purl/model/details/purl.rs | 24 ++++--------------- 2 files changed, 4 insertions(+), 40 deletions(-) diff --git a/modules/fundamental/src/purl/endpoints/test.rs b/modules/fundamental/src/purl/endpoints/test.rs index 5e5c41d8e..c72b030c5 100644 --- a/modules/fundamental/src/purl/endpoints/test.rs +++ b/modules/fundamental/src/purl/endpoints/test.rs @@ -346,23 +346,3 @@ async fn package_with_status(ctx: &TrustifyContext) -> Result<(), anyhow::Error> Ok(()) } - -#[test_context(TrustifyContext)] -#[test(actix_web::test)] -async fn purl_relationships(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { - let app = caller(ctx).await?; - ctx.ingest_documents(["cyclonedx/openssl-3.0.7-18.el9_2.cdx_1.6.sbom.json"]) - .await?; - - let src = "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=src"; - let bin = "pkg:rpm/redhat/openssl@3.0.7-18.el9_2?arch=x86_64"; - - let uri = format!("/api/v2/purl/{}", urlencoding::encode(bin)); - let request = TestRequest::get().uri(&uri).to_request(); - let response: Value = app.call_and_read_body_json(request).await; - log::debug!("{response:#?}"); - - assert_eq!(src, response["relationships"]["generated_from"][0]); - - Ok(()) -} diff --git a/modules/fundamental/src/purl/model/details/purl.rs b/modules/fundamental/src/purl/model/details/purl.rs index 33186c66b..6759ff9c5 100644 --- a/modules/fundamental/src/purl/model/details/purl.rs +++ b/modules/fundamental/src/purl/model/details/purl.rs @@ -21,10 +21,10 @@ use trustify_common::{ }; use trustify_cvss::cvss3::{score::Score, severity::Severity, Cvss3Base}; use trustify_entity::{ - advisory, base_purl, cpe, cvss3, license, organization, package_relates_to_package, product, - product_status, product_version, product_version_range, purl_license_assertion, purl_status, - qualified_purl, relationship::Relationship, sbom, sbom_package, sbom_package_purl_ref, status, - version_range, versioned_purl, vulnerability, + advisory, base_purl, cpe, cvss3, license, organization, product, product_status, + product_version, product_version_range, purl_license_assertion, purl_status, qualified_purl, + sbom, sbom_package, sbom_package_purl_ref, status, version_range, versioned_purl, + vulnerability, }; use trustify_module_ingestor::common::{Deprecation, DeprecationForExt}; use utoipa::ToSchema; @@ -38,7 +38,6 @@ pub struct PurlDetails { pub base: BasePurlHead, pub advisories: Vec, pub licenses: Vec, - pub relationships: HashMap>, } impl PurlDetails { @@ -115,27 +114,12 @@ impl PurlDetails { .all(tx) .await?; - let relationships: HashMap> = - package_relates_to_package::Entity::find() - .filter( - package_relates_to_package::Column::LeftNodeId - .eq(qualified_package.purl.to_string()), - ) - .all(tx) - .await? - .into_iter() - .fold(HashMap::new(), |mut h, m| { - h.entry(m.relationship).or_default().push(m.right_node_id); - h - }); - Ok(PurlDetails { head: PurlHead::from_entity(&package, &package_version, qualified_package, tx).await?, version: VersionedPurlHead::from_entity(&package, &package_version, tx).await?, base: BasePurlHead::from_entity(&package).await?, advisories: PurlAdvisory::from_entities(purl_statuses, product_statuses, tx).await?, licenses: PurlLicenseSummary::from_entities(&licenses, tx).await?, - relationships, }) } } From ebebcc82004f1e6891fb38211d201712f784350f Mon Sep 17 00:00:00 2001 From: Jim Crossley Date: Tue, 21 Jan 2025 12:04:01 -0500 Subject: [PATCH 2/4] Rename tests to reflect their use instead of downstream issue #'s Signed-off-by: Jim Crossley --- modules/analysis/src/endpoints/test.rs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/analysis/src/endpoints/test.rs b/modules/analysis/src/endpoints/test.rs index 1c3d26666..ce26d1638 100644 --- a/modules/analysis/src/endpoints/test.rs +++ b/modules/analysis/src/endpoints/test.rs @@ -419,7 +419,7 @@ where #[test_context(TrustifyContext)] #[test(actix_web::test)] -async fn issue_tc_2050(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { +async fn cdx_generated_from(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { let app = caller(ctx).await?; ctx.ingest_documents(["cyclonedx/openssl-3.0.7-18.el9_2.cdx_1.6.sbom.json"]) .await?; @@ -457,7 +457,7 @@ async fn issue_tc_2050(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { #[test_context(TrustifyContext)] #[test(actix_web::test)] -async fn issue_tc_2051(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { +async fn spdx_generated_from(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { let app = caller(ctx).await?; ctx.ingest_documents(["spdx/openssl-3.0.7-18.el9_2.spdx.json"]) .await?; @@ -495,7 +495,7 @@ async fn issue_tc_2051(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { #[test_context(TrustifyContext)] #[test(actix_web::test)] -async fn issue_tc_2052(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { +async fn cdx_variant_of(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { let app = caller(ctx).await?; ctx.ingest_documents(["cyclonedx/66FF73123BB3489.json"]) .await?; @@ -533,7 +533,7 @@ async fn issue_tc_2052(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { #[test_context(TrustifyContext)] #[test(actix_web::test)] -async fn issue_tc_2053(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { +async fn spdx_variant_of(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { let app = caller(ctx).await?; ctx.ingest_documents(["ubi9-9.2-755.1697625012.json"]) .await?; @@ -584,7 +584,10 @@ async fn issue_tc_2053(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { #[test_context(TrustifyContext)] #[test(actix_web::test)] -async fn issue_tc_2054(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { +async fn cdx_ancestor_of(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { + use std::str::FromStr; + use trustify_common::purl::Purl; + let app = caller(ctx).await?; ctx.ingest_documents(["cyclonedx/openssl-3.0.7-18.el9_2.cdx_1.6.sbom.json"]) .await?; From 4272ebab1b98783ea256af6f174cf4400a4cb569 Mon Sep 17 00:00:00 2001 From: Jim Crossley Date: Tue, 21 Jan 2025 12:25:26 -0500 Subject: [PATCH 3/4] Update openapi.yaml after removing relationships from purl endpoint Signed-off-by: Jim Crossley --- openapi.yaml | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 048ecac21..afe528dac 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -3607,7 +3607,6 @@ components: - base - advisories - licenses - - relationships properties: advisories: type: array @@ -3619,31 +3618,6 @@ components: type: array items: $ref: '#/components/schemas/PurlLicenseSummary' - relationships: - type: object - additionalProperties: - type: array - items: - type: string - propertyNames: - type: string - enum: - - contained_by - - dependency_of - - dev_dependency_of - - optional_dependency_of - - provided_dependency_of - - test_dependency_of - - runtime_dependency_of - - example_of - - generated_from - - ancestor_of - - variant_of - - build_tool_of - - dev_tool_of - - described_by - - package_of - - undefined version: $ref: '#/components/schemas/VersionedPurlHead' PurlHead: From 6c36ec1c4cf6372e9ce52e646188e730ddbeb1e3 Mon Sep 17 00:00:00 2001 From: Jim Crossley Date: Tue, 21 Jan 2025 13:15:43 -0500 Subject: [PATCH 4/4] clippiness Signed-off-by: Jim Crossley --- modules/analysis/src/endpoints/test.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/analysis/src/endpoints/test.rs b/modules/analysis/src/endpoints/test.rs index ce26d1638..3b9370072 100644 --- a/modules/analysis/src/endpoints/test.rs +++ b/modules/analysis/src/endpoints/test.rs @@ -585,9 +585,6 @@ async fn spdx_variant_of(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { #[test_context(TrustifyContext)] #[test(actix_web::test)] async fn cdx_ancestor_of(ctx: &TrustifyContext) -> Result<(), anyhow::Error> { - use std::str::FromStr; - use trustify_common::purl::Purl; - let app = caller(ctx).await?; ctx.ingest_documents(["cyclonedx/openssl-3.0.7-18.el9_2.cdx_1.6.sbom.json"]) .await?;