update vulnerability api #1147

pxp928 · 2023-08-14T13:47:27Z

Description of the PR

update server side graphQL
fix spacing
remove novuln node
regen based on new api
delete cve,ghsa,osv
update client side api
fix assembler and backend interface
change vulnerabilityMetadata to scanMetadata for certifyVuln
add vulnerability to inmem
update vuln and equal vuln for inmem
update certifyVuln and add in missing unit tests
update test
comment out neo4j
udpate ingest and unknown cli
update vuln cli and remove old arango
udpate arango for vulnerability
update vuln parser and tests
update vex parser
fix lint
update examples
fix noVuln case
fix vuln cli
fix preloads for vulnerabilities
enforce lowercase in resolver and address other comments

fixes issue #1097

PR Checklist

All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
All new changes are covered by tests
If GraphQL schema is changed, make generate has been run
If collectsub protobuf has been changed, make proto has been run
All CI checks are passing (tests and formatting)
All dependent PRs have already been merged

.github/scripts/excluded_from_copyright

lumjjb

LGTM, besides minor comment on novuln, rest reviewed in #1141

pkg/assembler/graphql/schema/vulnerability.graphql

jeffmendoza

Awesome, just some minor questions.

pkg/assembler/backends/inmem/backend.go

pkg/assembler/backends/inmem/vulnerability.go

pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go

* update server side graphQL Signed-off-by: pxp928 <[email protected]> * fix spacing Signed-off-by: pxp928 <[email protected]> * remove novuln node Signed-off-by: pxp928 <[email protected]> * regen based on new api Signed-off-by: pxp928 <[email protected]> * delete cve,ghsa,osv Signed-off-by: pxp928 <[email protected]> * update client side api Signed-off-by: pxp928 <[email protected]> * fix assembler and backend interface Signed-off-by: pxp928 <[email protected]> * change vulnerabilityMetadata to scanMetadata for certifyVuln Signed-off-by: pxp928 <[email protected]> * add vulnerability to inmem Signed-off-by: pxp928 <[email protected]> * update vuln and equal vuln for inmem Signed-off-by: pxp928 <[email protected]> * update certifyVuln and add in missing unit tests Signed-off-by: pxp928 <[email protected]> * update test Signed-off-by: pxp928 <[email protected]> * comment out neo4j Signed-off-by: pxp928 <[email protected]> * udpate ingest and unknown cli Signed-off-by: pxp928 <[email protected]> * update vuln cli and remove old arango Signed-off-by: pxp928 <[email protected]> * udpate arango for vulnerability Signed-off-by: pxp928 <[email protected]> * update vuln parser and tests Signed-off-by: pxp928 <[email protected]> * update vex parser Signed-off-by: pxp928 <[email protected]> * fix lint Signed-off-by: pxp928 <[email protected]> * update examples Signed-off-by: pxp928 <[email protected]> * fix noVuln case Signed-off-by: pxp928 <[email protected]> * fix vuln cli Signed-off-by: pxp928 <[email protected]> * fix preloads for vulnerabilites Signed-off-by: pxp928 <[email protected]> * enforce lowercase in resolver and address other comments Signed-off-by: pxp928 <[email protected]> --------- Signed-off-by: pxp928 <[email protected]>

Signed-off-by: pxp928 <[email protected]>

pxp928 requested review from mihaimaruseac and jeffmendoza as code owners August 14, 2023 13:47

pull-request-size bot added the size/XXL label Aug 14, 2023

pxp928 changed the title ~~update vulnerability api (#1141)~~ update vulnerability api Aug 14, 2023

pxp928 linked an issue Aug 14, 2023 that may be closed by this pull request

CertifyVuln should be scanner/db-agnostic #1097

Closed

pxp928 force-pushed the vuln-gql-change branch 2 times, most recently from 95c3994 to 0c26a20 Compare August 14, 2023 15:12

pxp928 mentioned this pull request Aug 15, 2023

Add bulk ingestion for certifyVuln along with arango implementation #1158

Closed

6 tasks

lumjjb reviewed Aug 15, 2023

View reviewed changes

.github/scripts/excluded_from_copyright Show resolved Hide resolved

lumjjb approved these changes Aug 15, 2023

View reviewed changes

pkg/assembler/graphql/schema/vulnerability.graphql Show resolved Hide resolved

jeffmendoza approved these changes Aug 15, 2023

View reviewed changes

pkg/assembler/backends/inmem/backend.go Show resolved Hide resolved

pkg/assembler/backends/inmem/vulnerability.go Outdated Show resolved Hide resolved

pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go Show resolved Hide resolved

mihaimaruseac approved these changes Aug 16, 2023

View reviewed changes

pxp928 and others added 5 commits August 16, 2023 12:57

fix fmt

79bbbc1

Signed-off-by: pxp928 <[email protected]>

update e2e test

8e7db6d

Signed-off-by: pxp928 <[email protected]>

update e2e test and fix parser unit test

d29b81e

Signed-off-by: pxp928 <[email protected]>

fix method name and add check for vulnEqual

0b4ae33

Signed-off-by: pxp928 <[email protected]>

pxp928 force-pushed the vuln-gql-change branch from 8b5c143 to 0b4ae33 Compare August 16, 2023 16:57

kodiakhq bot merged commit a085423 into main Aug 16, 2023

kodiakhq bot deleted the vuln-gql-change branch August 16, 2023 18:40

This was referenced Aug 17, 2023

Feature/add novuln bool to vulnerability filter #1165

Merged

[feature] Add missing unit tests for certifyVuln #922

Closed

This was referenced Oct 5, 2023

Update documentation based on v0.2.0 release guacsec/guac-docs#99

Open

Update documentation based on v0.2.0 release #1354

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update vulnerability api #1147

update vulnerability api #1147

pxp928 commented Aug 14, 2023

lumjjb left a comment

jeffmendoza left a comment

update vulnerability api #1147

update vulnerability api #1147

Conversation

pxp928 commented Aug 14, 2023

Description of the PR

PR Checklist

lumjjb left a comment

Choose a reason for hiding this comment

jeffmendoza left a comment

Choose a reason for hiding this comment