Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add ability to have search depth in query known #1692

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add ability to have search depth in query known #1692

wants to merge 1 commit into from

Conversation

lumjjb
Copy link
Contributor

@lumjjb lumjjb commented Feb 6, 2024

Description of the PR

Add --search-depth parameter to allow recursive search for query known, will default to 0 which will recursively query max depth. In addition, added SUBJECT to output tables which says which subject the predicate is referring to within the tree of metadata returned.

guacone query known package pkg:guac/cdx/docker.io/library/consul@sha256:22ab19cf1326abbfaafec6a14eb68f96e899e88ffe9ce26fa36affcf8ffb582c

Before (without recursion):

+----------------------------------------------------------+
| Package Name Nodes                                       |
+---------+-----------+-----------+------------------------+
| SUBJECT | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION |
+---------+-----------+-----------+------------------------+
+---------+-----------+-----------+------------------------+
Visualizer url: http://localhost:3000/?path=833,24,23
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Version Nodes                                                                                                                                                                                                                                   |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
| SUBJECT                                                                                                       | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                                                                                          |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
| pkg:guac/cdx/docker.io/library/consul@sha256:22ab19cf1326abbfaafec6a14eb68f96e899e88ffe9ce26fa36affcf8ffb582c | hasSBOM   | 1300      | SBOM Download Location: file:///../guac-data/docs/cyclonedx/syft-cyclonedx-docker.io-library-consul.latest.json |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
Visualizer url: http://localhost:3000/?path=834,833,24,23,1300

With recursive:

+----------------------------------------------------------+
| Package Name Nodes                                       |
+---------+-----------+-----------+------------------------+
| SUBJECT | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION |
+---------+-----------+-----------+------------------------+
+---------+-----------+-----------+------------------------+
Visualizer url: http://localhost:3000/?path=833,24,23
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Version Nodes                                                                                                                                                                                                                                   |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
| SUBJECT                                                                                                       | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                                                                                          |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
| pkg:guac/cdx/docker.io/library/consul@sha256:22ab19cf1326abbfaafec6a14eb68f96e899e88ffe9ce26fa36affcf8ffb582c | hasSBOM   | 1300      | SBOM Download Location: file:///../guac-data/docs/cyclonedx/syft-cyclonedx-docker.io-library-consul.latest.json |
+---------------------------------------------------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------------------------------------------------------------------+
Visualizer url: http://localhost:3000/?path=834,833,24,23,1300
+------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Name Nodes                                                                                                                             |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| SUBJECT                                                          | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | hasSrcAt  | 136898    | Source: git+https://github.com/form3tech-oss/jwt-go |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
Visualizer url: http://localhost:3000/?path=1001,1000,94,136898
+-------------------------------------------------------------------------------------------------------------------------------+
| Package Version Nodes                                                                                                         |
+------------------------------------------------------------------+-------------+-----------+----------------------------------+
| SUBJECT                                                          | NODE TYPE   | NODE ID # | ADDITIONAL INFORMATION           |
+------------------------------------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | certifyVuln | 146067    | vulnerability ID: novuln         |
+------------------------------------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | hasSBOM     | 150996    | SBOM Download Location: deps.dev |
+------------------------------------------------------------------+-------------+-----------+----------------------------------+
Visualizer url: http://localhost:3000/?path=1002,1001,1000,94,146067,150996
+------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Name Nodes                                                                                                                             |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| SUBJECT                                                          | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | hasSrcAt  | 136898    | Source: git+https://github.com/form3tech-oss/jwt-go |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/kr/text@v0.2.0                             | hasSrcAt  | 136861    | Source: git+https://github.com/kr/text              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
Visualizer url: http://localhost:3000/?path=1004,1003,94,136861
+---------------------------------------------------------------------------------------------------+
| Package Version Nodes                                                                             |
+--------------------------------------+-------------+-----------+----------------------------------+
| SUBJECT                              | NODE TYPE   | NODE ID # | ADDITIONAL INFORMATION           |
+--------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/kr/text@v0.2.0 | certifyVuln | 146070    | vulnerability ID: novuln         |
+--------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/kr/text@v0.2.0 | hasSBOM     | 140634    | SBOM Download Location: deps.dev |
+--------------------------------------+-------------+-----------+----------------------------------+
Visualizer url: http://localhost:3000/?path=1005,1004,1003,94,146070,140634
+------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Name Nodes                                                                                                                             |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| SUBJECT                                                          | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | hasSrcAt  | 136898    | Source: git+https://github.com/form3tech-oss/jwt-go |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/kr/text@v0.2.0                             | hasSrcAt  | 136861    | Source: git+https://github.com/kr/text              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0     | hasSrcAt  | 136851    | Source: git+https://github.com/azure/go-autorest    |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
Visualizer url: http://localhost:3000/?path=1006,785,94,136851
+---------------------------------------------------------------------------------------------------------------------------+
| Package Version Nodes                                                                                                     |
+--------------------------------------------------------------+-------------+-----------+----------------------------------+
| SUBJECT                                                      | NODE TYPE   | NODE ID # | ADDITIONAL INFORMATION           |
+--------------------------------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0 | certifyVuln | 145840    | vulnerability ID: novuln         |
+--------------------------------------------------------------+-------------+-----------+----------------------------------+
| pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0 | hasSBOM     | 150987    | SBOM Download Location: deps.dev |
+--------------------------------------------------------------+-------------+-----------+----------------------------------+
Visualizer url: http://localhost:3000/?path=1007,1006,785,94,145840,150987
+------------------------------------------------------------------------------------------------------------------------------------------------+
| Package Name Nodes                                                                                                                             |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| SUBJECT                                                          | NODE TYPE | NODE ID # | ADDITIONAL INFORMATION                              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/form3tech-oss/jwt-go@v3.2.2%2Bincompatible | hasSrcAt  | 136898    | Source: git+https://github.com/form3tech-oss/jwt-go |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/kr/text@v0.2.0                             | hasSrcAt  | 136861    | Source: git+https://github.com/kr/text              |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
| pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0     | hasSrcAt  | 136851    | Source: git+https://github.com/azure/go-autorest    |
+------------------------------------------------------------------+-----------+-----------+-----------------------------------------------------+
Visualizer url: http://localhost:3000/?path=305,199,94
+-----------------------------------------------------------------------------------------+
| Package Version Nodes                                                                   |
+------------------------------------+-------------+-----------+--------------------------+
| SUBJECT                            | NODE TYPE   | NODE ID # | ADDITIONAL INFORMATION   |
+------------------------------------+-------------+-----------+--------------------------+
| pkg:golang/gopkg.in/yaml.v2@v2.2.8 | certifyVuln | 145535    | vulnerability ID: novuln |
+------------------------------------+-------------+-----------+--------------------------+
Visualizer url: http://localhost:3000/?path=1008,305,199,94,145535
...

This change will require doc change

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@lumjjb lumjjb mentioned this pull request Feb 6, 2024
Open
pxp928
pxp928 approved these changes Feb 8, 2024
View reviewed changes
Copy link
Collaborator

@pxp928 pxp928 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, small lint issue.

I do think we may want to figure out a better method to display the information more cohesively. Like how OSV scanner outputs some of its data.

cmd/guacone/cmd/known.go Outdated
@@ -87,10 +90,11 @@ var queryKnownCmd = &cobra.Command{
<subject> is in the form of "<purl>" for package, "<vcs_tool>+<transport>" for source, or "<algorithm>:<digest>" for artiact.`,
Run: func(cmd *cobra.Command, args []string) {
ctx := logging.WithLogger(context.Background())
logger := logging.FromContext(ctx)
//logger := logging.FromContext(ctx)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logger commented out?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed.

wasn't used in top level since most of the code abstracted out to the helper function where logger is obtained directly.

@lumjjb lumjjb mentioned this pull request Feb 12, 2024
Open
@lumjjb
add ability to have search depth in query known
85caccf 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
jeffmendoza
jeffmendoza approved these changes Feb 28, 2024
View reviewed changes
Copy link
Collaborator

@jeffmendoza jeffmendoza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just need to move the arg location. Looks like all the query commands use this now, so can be on the "query" command itself and all these will inherit it.

cmd/guacone/cmd/root.go
@@ -30,7 +30,7 @@ import (
func init() {
cobra.OnInitialize(cli.InitConfig)

set, err := cli.BuildFlags([]string{"gql-addr", "csub-addr", "csub-tls", "csub-tls-skip-verify"})
set, err := cli.BuildFlags([]string{"gql-addr", "csub-addr", "csub-tls", "csub-tls-skip-verify", "search-depth"})
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add this as a flag on just the query known command

@stale Stale
Copy link

stale bot commented Apr 28, 2024

This pull request has been automatically marked as stale because it has not had recent activity (60 days of inactivity).
It will be closed in 30 days if no further activity occurs.
Thank you for your contribution!

@stale stale bot added the wontfix This will not be worked on label Apr 28, 2024
@pxp928
Copy link
Collaborator

pxp928 commented Apr 29, 2024

ping @lumjjb to remove stale flag

@stale stale bot removed the wontfix This will not be worked on label Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pxp928 pxp928 pxp928 approved these changes

@jeffmendoza jeffmendoza jeffmendoza approved these changes

Assignees
No one assigned
Labels
size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lumjjb @pxp928 @jeffmendoza