diff --git a/.github/scripts/excluded_from_copyright b/.github/scripts/excluded_from_copyright index aaae575e04..063edf6371 100644 --- a/.github/scripts/excluded_from_copyright +++ b/.github/scripts/excluded_from_copyright @@ -42,8 +42,6 @@ ./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go ./pkg/assembler/graphql/generated/hasSLSA.generated.go ./pkg/assembler/graphql/resolvers/hasSLSA.resolvers.go -./pkg/assembler/graphql/generated/isVulnerability.generated.go -./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go ./pkg/assembler/graphql/generated/certifyVEXStatement.generated.go ./pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go ./pkg/assembler/graphql/resolvers/search.resolvers.go @@ -53,5 +51,9 @@ ./pkg/assembler/graphql/resolvers/metadata.resolvers.go ./pkg/assembler/graphql/resolvers/contact.resolvers.go ./pkg/assembler/graphql/generated/contact.generated.go +./pkg/assembler/graphql/generated/vulnEqual.generated.go +./pkg/assembler/graphql/generated/vulnerability.generated.go +./pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go +./pkg/assembler/graphql/resolvers/vulnerability.resolvers.go ./internal/testing/mocks/scorecard.go ./internal/testing/mocks/documentparser.go diff --git a/cmd/guacgql/cmd/ingest.go b/cmd/guacgql/cmd/ingest.go index 27fd00ae8e..a6f6b1ee62 100644 --- a/cmd/guacgql/cmd/ingest.go +++ b/cmd/guacgql/cmd/ingest.go @@ -381,10 +381,8 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { ingestVulnerabilities := []struct { name string pkg *model.PkgInputSpec - cve *model.CVEInputSpec - osv *model.OSVInputSpec - ghsa *model.GHSAInputSpec - vulnerability model.VulnerabilityMetaDataInput + vuln *model.VulnerabilityInputSpec + vulnerability model.ScanMetadataInput }{ { name: "cve openssl", @@ -398,11 +396,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { {Key: "channel", Value: "stable"}, }, }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.0.0", @@ -424,10 +422,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { {Key: "channel", Value: "stable"}, }, }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-13110", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.0.0", @@ -449,10 +448,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { {Key: "channel", Value: "stable"}, }, }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.0.0", @@ -469,11 +469,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { Namespace: &djangoNs, Name: "django", }, - cve: &model.CVEInputSpec{ - Year: 2018, - CveId: "CVE-2018-12310", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2018-12310", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.2.0", @@ -490,10 +490,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { Namespace: &djangoNs, Name: "django", }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2018-12310", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2018-12310", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.2.0", @@ -510,10 +511,32 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { Namespace: &djangoNs, Name: "django", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-f45f-jj4w-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-f45f-jj4w-2rv2", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ + TimeScanned: tm, + DbUri: "MITRE", + DbVersion: "v1.2.0", + ScannerUri: "osv.dev", + ScannerVersion: "0.0.14", + Origin: "Demo ingestion", + Collector: "Demo ingestion", + }, + }, + { + name: "noVuln", + pkg: &model.PkgInputSpec{ + Type: "pypi", + Namespace: &djangoNs, + Name: "django", + }, + vuln: &model.VulnerabilityInputSpec{ + Type: "noVuln", + VulnerabilityID: "", + }, + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.2.0", @@ -535,11 +558,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { {Key: "channel", Value: "stable"}, }, }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.0.0", @@ -556,10 +579,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { Namespace: &djangoNs, Name: "django", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-f45f-jj4w-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-f45f-jj4w-2rv2", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.2.0", @@ -581,10 +605,11 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { {Key: "channel", Value: "stable"}, }, }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-13110", }, - vulnerability: model.VulnerabilityMetaDataInput{ + vulnerability: model.ScanMetadataInput{ TimeScanned: tm, DbUri: "MITRE", DbVersion: "v1.0.0", @@ -594,35 +619,39 @@ func ingestVulnerability(ctx context.Context, client graphql.Client) { Collector: "Demo ingestion", }, }, + { + name: "noVuln (duplicate)", + pkg: &model.PkgInputSpec{ + Type: "pypi", + Namespace: &djangoNs, + Name: "django", + }, + vuln: &model.VulnerabilityInputSpec{ + Type: "noVuln", + VulnerabilityID: "", + }, + vulnerability: model.ScanMetadataInput{ + TimeScanned: tm, + DbUri: "MITRE", + DbVersion: "v1.2.0", + ScannerUri: "osv.dev", + ScannerVersion: "0.0.14", + Origin: "Demo ingestion", + Collector: "Demo ingestion", + }, + }, } for _, ingest := range ingestVulnerabilities { if _, err := model.IngestPackage(ctx, client, *ingest.pkg); err != nil { logger.Errorf("Error in ingesting package: %v\n", err) } - if ingest.cve != nil { - if _, err := model.IngestCVE(ctx, client, *ingest.cve); err != nil { - logger.Errorf("Error in ingesting CVE: %v\n", err) - } - if _, err := model.CertifyCVE(ctx, client, *ingest.pkg, *ingest.cve, ingest.vulnerability); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.osv != nil { - if _, err := model.IngestOSV(ctx, client, *ingest.osv); err != nil { - logger.Errorf("Error in ingesting OSV: %v\n", err) - } - if _, err := model.CertifyOSV(ctx, client, *ingest.pkg, *ingest.osv, ingest.vulnerability); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.ghsa != nil { - if _, err := model.IngestGHSA(ctx, client, *ingest.ghsa); err != nil { - logger.Errorf("Error in ingesting GHSA: %v\n", err) - } - if _, err := model.CertifyGHSA(ctx, client, *ingest.pkg, *ingest.ghsa, ingest.vulnerability); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else { - fmt.Printf("input missing for cve, osv or ghsa") + if _, err := model.IngestVulnerability(ctx, client, *ingest.vuln); err != nil { + logger.Errorf("Error in ingesting vulnerability: %v\n", err) } + if _, err := model.CertifyVulnPkg(ctx, client, *ingest.pkg, *ingest.vuln, ingest.vulnerability); err != nil { + logger.Errorf("Error in ingesting: %v\n", err) + } + } } @@ -1638,22 +1667,22 @@ func ingestHasSourceAt(ctx context.Context, client graphql.Client) { func ingestIsVulnerability(ctx context.Context, client graphql.Client) { logger := logging.FromContext(ctx) ingestIsVulnerability := []struct { - name string - osv *model.OSVInputSpec - cve *model.CVEInputSpec - ghsa *model.GHSAInputSpec - isVulnerability model.IsVulnerabilityInputSpec + name string + vuln *model.VulnerabilityInputSpec + otherVuln *model.VulnerabilityInputSpec + vulnEqual model.VulnEqualInputSpec }{ { name: "OSV maps to CVE", - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-13110", }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + otherVuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, - isVulnerability: model.IsVulnerabilityInputSpec{ + vulnEqual: model.VulnEqualInputSpec{ Justification: "OSV maps to CVE", Origin: "Demo ingestion", Collector: "Demo ingestion", @@ -1661,13 +1690,15 @@ func ingestIsVulnerability(ctx context.Context, client graphql.Client) { }, { name: "OSV maps to GHSA", - osv: &model.OSVInputSpec{ - OsvId: "GHSA-h45f-rjvw-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + otherVuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, - isVulnerability: model.IsVulnerabilityInputSpec{ + vulnEqual: model.VulnEqualInputSpec{ Justification: "OSV maps to GHSA", Origin: "Demo ingestion", Collector: "Demo ingestion", @@ -1675,27 +1706,30 @@ func ingestIsVulnerability(ctx context.Context, client graphql.Client) { }, { name: "OSV maps to CVE (duplicate)", - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-13110", }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + otherVuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, - isVulnerability: model.IsVulnerabilityInputSpec{ + vulnEqual: model.VulnEqualInputSpec{ Justification: "OSV maps to CVE", Origin: "Demo ingestion", Collector: "Demo ingestion", }, }, { name: "OSV maps to GHSA (duplicate)", - osv: &model.OSVInputSpec{ - OsvId: "GHSA-h45f-rjvw-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + otherVuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, - isVulnerability: model.IsVulnerabilityInputSpec{ + vulnEqual: model.VulnEqualInputSpec{ Justification: "OSV maps to GHSA", Origin: "Demo ingestion", Collector: "Demo ingestion", @@ -1703,26 +1737,16 @@ func ingestIsVulnerability(ctx context.Context, client graphql.Client) { }, } for _, ingest := range ingestIsVulnerability { - if _, err := model.IngestOSV(ctx, client, *ingest.osv); err != nil { - logger.Errorf("Error in ingesting osv: %v\n", err) + if _, err := model.IngestVulnerability(ctx, client, *ingest.vuln); err != nil { + logger.Errorf("Error in ingesting vuln: %v\n", err) } - if ingest.cve != nil { - if _, err := model.IngestCVE(ctx, client, *ingest.cve); err != nil { - logger.Errorf("Error in ingesting cve: %v\n", err) - } - if _, err := model.IsVulnerabilityCVE(ctx, client, *ingest.osv, *ingest.cve, ingest.isVulnerability); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.ghsa != nil { - if _, err := model.IngestGHSA(ctx, client, *ingest.ghsa); err != nil { - logger.Errorf("Error in ingesting ghsa: %v\n", err) - } - if _, err := model.IsVulnerabilityGHSA(ctx, client, *ingest.osv, *ingest.ghsa, ingest.isVulnerability); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else { - fmt.Printf("input missing for cve or ghsa") + if _, err := model.IngestVulnerability(ctx, client, *ingest.otherVuln); err != nil { + logger.Errorf("Error in ingesting other vuln: %v\n", err) + } + if _, err := model.VulnEqual(ctx, client, *ingest.vuln, *ingest.otherVuln, ingest.vulnEqual); err != nil { + logger.Errorf("Error in ingesting: %v\n", err) } + } } @@ -1735,9 +1759,7 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { name string pkg *model.PkgInputSpec artifact *model.ArtifactInputSpec - cve *model.CVEInputSpec - ghsa *model.GHSAInputSpec - osv *model.OSVInputSpec + vuln *model.VulnerabilityInputSpec vexStatement model.VexStatementInputSpec }{ { @@ -1749,8 +1771,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-14750", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-14750", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusFixed, @@ -1769,9 +1792,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusAffected, @@ -1791,8 +1814,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1808,8 +1832,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2018-15710", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2018-15710", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusUnderInvestigation, @@ -1825,9 +1850,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - cve: &model.CVEInputSpec{ - Year: 2018, - CveId: "CVE-2018-43610", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2018-43610", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1845,8 +1870,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-hj5f-4gvw-4rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-hj5f-4gvw-4rv2", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1865,8 +1891,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2019-14750", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2019-14750", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusFixed, @@ -1885,9 +1912,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusAffected, @@ -1907,8 +1934,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Version: &opensslVersion, Qualifiers: []model.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1924,8 +1952,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - osv: &model.OSVInputSpec{ - OsvId: "CVE-2018-15710", + vuln: &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2018-15710", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusUnderInvestigation, @@ -1941,9 +1970,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - cve: &model.CVEInputSpec{ - Year: 2018, - CveId: "CVE-2018-43610", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2018-43610", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1961,8 +1990,9 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - ghsa: &model.GHSAInputSpec{ - GhsaId: "GHSA-hj5f-4gvw-4rv2", + vuln: &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-hj5f-4gvw-4rv2", }, vexStatement: model.VexStatementInputSpec{ Status: model.VexStatusNotAffected, @@ -1978,58 +2008,24 @@ func ingestVEXStatement(ctx context.Context, client graphql.Client) { if _, err := model.IngestPackage(ctx, client, *ingest.pkg); err != nil { logger.Errorf("Error in ingesting package: %v\n", err) } - if ingest.cve != nil { - if _, err := model.IngestCVE(ctx, client, *ingest.cve); err != nil { - logger.Errorf("Error in ingesting CVE: %v\n", err) - } - if _, err := model.VexPackageAndCve(ctx, client, *ingest.pkg, *ingest.cve, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.ghsa != nil { - if _, err := model.IngestGHSA(ctx, client, *ingest.ghsa); err != nil { - logger.Errorf("Error in ingesting GHSA: %v\n", err) - } - if _, err := model.VEXPackageAndGhsa(ctx, client, *ingest.pkg, *ingest.ghsa, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.osv != nil { - if _, err := model.IngestOSV(ctx, client, *ingest.osv); err != nil { - logger.Errorf("Error in ingesting OSV: %v\n", err) - } - if _, err := model.VexPackageAndOsv(ctx, client, *ingest.pkg, *ingest.osv, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else { - fmt.Printf("input missing for cve, ghsa or osv") + if _, err := model.IngestVulnerability(ctx, client, *ingest.vuln); err != nil { + logger.Errorf("Error in ingesting vulnerability: %v\n", err) + } + if _, err := model.CertifyVexPkg(ctx, client, *ingest.pkg, *ingest.vuln, ingest.vexStatement); err != nil { + logger.Errorf("Error in ingesting: %v\n", err) } + } else if ingest.artifact != nil { if _, err := model.IngestArtifact(ctx, client, *ingest.artifact); err != nil { logger.Errorf("Error in ingesting artifact: %v\n", err) } - if ingest.cve != nil { - if _, err := model.IngestCVE(ctx, client, *ingest.cve); err != nil { - logger.Errorf("Error in ingesting CVE: %v\n", err) - } - if _, err := model.VexArtifactAndCve(ctx, client, *ingest.artifact, *ingest.cve, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.ghsa != nil { - if _, err := model.IngestGHSA(ctx, client, *ingest.ghsa); err != nil { - logger.Errorf("Error in ingesting GHSA: %v\n", err) - } - if _, err := model.VexArtifactAndGhsa(ctx, client, *ingest.artifact, *ingest.ghsa, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else if ingest.osv != nil { - if _, err := model.IngestOSV(ctx, client, *ingest.osv); err != nil { - logger.Errorf("Error in ingesting OSV: %v\n", err) - } - if _, err := model.VexArtifactAndOsv(ctx, client, *ingest.artifact, *ingest.osv, ingest.vexStatement); err != nil { - logger.Errorf("Error in ingesting: %v\n", err) - } - } else { - fmt.Printf("input missing for cve, ghsa or osv") + if _, err := model.IngestVulnerability(ctx, client, *ingest.vuln); err != nil { + logger.Errorf("Error in ingesting vulnerability: %v\n", err) } + if _, err := model.CertifyVexArtifact(ctx, client, *ingest.artifact, *ingest.vuln, ingest.vexStatement); err != nil { + logger.Errorf("Error in ingesting: %v\n", err) + } + } else { fmt.Printf("input missing for package or artifact") } @@ -2056,8 +2052,8 @@ func ingestReachabilityTestData(ctx context.Context, client graphql.Client) { hasSourceAt model.HasSourceAtInputSpec sourceArt model.ArtifactInputSpec sourceOccurrence model.IsOccurrenceInputSpec - cve *model.CVEInputSpec - vulnerability model.VulnerabilityMetaDataInput + vuln *model.VulnerabilityInputSpec + scanMetadata model.ScanMetadataInput }{ { name: "deb: part of SBOM - openssl", @@ -2118,11 +2114,11 @@ func ingestReachabilityTestData(ctx context.Context, client graphql.Client) { Origin: "Demo ingestion", Collector: "Demo ingestion", }, - cve: &model.CVEInputSpec{ - Year: 2019, - CveId: "CVE-2019-13110", + vuln: &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", }, - vulnerability: model.VulnerabilityMetaDataInput{ + scanMetadata: model.ScanMetadataInput{ TimeScanned: time.Now(), DbUri: "MITRE", DbVersion: "v1.0.0", @@ -2152,8 +2148,8 @@ func ingestReachabilityTestData(ctx context.Context, client graphql.Client) { if _, err := model.IngestSource(ctx, client, ingest.source); err != nil { logger.Errorf("Error in ingesting source: %v\n", err) } - if _, err := model.IngestCVE(ctx, client, *ingest.cve); err != nil { - logger.Errorf("Error in ingesting CVE: %v\n", err) + if _, err := model.IngestVulnerability(ctx, client, *ingest.vuln); err != nil { + logger.Errorf("Error in ingesting vuln: %v\n", err) } if _, err := model.IsDependency(ctx, client, ingest.pkg, ingest.depPkg, ingest.dependency); err != nil { logger.Errorf("Error in ingesting: %v\n", err) @@ -2167,7 +2163,7 @@ func ingestReachabilityTestData(ctx context.Context, client graphql.Client) { if _, err := model.IsOccurrenceSrc(ctx, client, ingest.source, ingest.sourceArt, ingest.sourceOccurrence); err != nil { logger.Errorf("Error in ingesting: %v\n", err) } - if _, err := model.CertifyCVE(ctx, client, ingest.depPkgWithVersion, *ingest.cve, ingest.vulnerability); err != nil { + if _, err := model.CertifyVulnPkg(ctx, client, ingest.depPkgWithVersion, *ingest.vuln, ingest.scanMetadata); err != nil { logger.Errorf("Error in ingesting: %v\n", err) } } diff --git a/cmd/guacone/cmd/known.go b/cmd/guacone/cmd/known.go index 51117d9fc2..6afd82661b 100644 --- a/cmd/guacone/cmd/known.go +++ b/cmd/guacone/cmd/known.go @@ -331,15 +331,9 @@ func getOutputBasedOnNode(ctx context.Context, gqlclient graphql.Client, collect var tableRows []table.Row switch nodeType { case certifyVulnStr: - for _, vuln := range collectedNeighbors.certifyVulns { - if osv, ok := vuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityOSV); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, vuln.Id, "vulnerability ID: " + osv.OsvId}) - } else if cve, ok := vuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityCVE); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, vuln.Id, "vulnerability ID: " + cve.CveId}) - } else if ghsa, ok := vuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityGHSA); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, vuln.Id, "vulnerability ID: " + ghsa.GhsaId}) - } else if noVuln, ok := vuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityNoVuln); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, vuln.Id, "vulnerability ID: " + *noVuln.Typename}) + for _, certVuln := range collectedNeighbors.certifyVulns { + for _, vuln := range certVuln.Vulnerability.VulnerabilityIDs { + tableRows = append(tableRows, table.Row{certifyVulnStr, certVuln.Id, "vulnerability ID: " + vuln.VulnerabilityID}) } } case badLinkStr: diff --git a/cmd/guacone/cmd/vulnerability.go b/cmd/guacone/cmd/vulnerability.go index 84dd3cc0b1..28ac43b8cd 100644 --- a/cmd/guacone/cmd/vulnerability.go +++ b/cmd/guacone/cmd/vulnerability.go @@ -34,10 +34,8 @@ import ( ) const ( - guacType string = "guac" - osvType string = "osv" - cveType string = "cve" - ghsaType string = "ghsa" + guacType string = "guac" + noVulnType string = "novuln" ) type queryOptions struct { @@ -110,60 +108,22 @@ var queryVulnCmd = &cobra.Command{ if opts.vulnerabilityID != "" { var tableRows []table.Row - cveResponse := &model.CVEsResponse{} - ghsaResponse := &model.GHSAsResponse{} - osvResponse, err := model.OSVs(ctx, gqlclient, model.OSVSpec{OsvId: &opts.vulnerabilityID}) + vulnResponse, err := model.Vulnerabilities(ctx, gqlclient, model.VulnerabilitySpec{VulnerabilityID: &opts.vulnerabilityID}) if err != nil { - logger.Fatalf("error querying for osvs: %v", err) + logger.Fatalf("error querying for vulnerabilities: %v", err) } + var path []string + if len(vulnResponse.Vulnerabilities) > 0 { - if len(osvResponse.Osv) == 0 { - if strings.HasPrefix(opts.vulnerabilityID, "cve") { - cveResponse, err = model.CVEs(ctx, gqlclient, model.CVESpec{CveId: &opts.vulnerabilityID}) - if err != nil { - logger.Fatalf("error querying for cves: %v", err) - } - if len(cveResponse.Cve) == 0 { - logger.Debugf("error failed to find CVE or OSV matching vulnerability ID") - } else { - tableRows = append(tableRows, table.Row{cveType, cveResponse.Cve[0].Id, "vulnerability ID: " + cveResponse.Cve[0].CveId}) - } - } else if strings.HasPrefix(opts.vulnerabilityID, "ghsa") { - ghsaResponse, err = model.GHSAs(ctx, gqlclient, model.GHSASpec{GhsaId: &opts.vulnerabilityID}) - if err != nil { - logger.Fatalf("error querying for ghsas: %v", err) - } - if len(ghsaResponse.Ghsa) == 0 { - logger.Debugf("error failed to find CVE or OSV matching vulnerability ID") - } else { - tableRows = append(tableRows, table.Row{ghsaType, ghsaResponse.Ghsa[0].Id, "vulnerability ID: " + ghsaResponse.Ghsa[0].GhsaId}) - } - } else { - logger.Debugf("failed to identify vulnerability as cve or ghsa and no results found for OSV") - } - } else { - tableRows = append(tableRows, table.Row{osvType, osvResponse.Osv[0].Id, "vulnerability ID: " + osvResponse.Osv[0].OsvId}) - } + tableRows = append(tableRows, table.Row{vulnResponse.Vulnerabilities[0].Type, vulnResponse.Vulnerabilities[0].Id, "vulnerability ID: " + vulnResponse.Vulnerabilities[0].VulnerabilityIDs[0].VulnerabilityID}) - var path []string - if len(osvResponse.Osv) > 0 { - path, err = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse, osvResponse.Osv[0].Id, model.EdgeOsvCertifyVuln, opts.depth, opts.pathsToReturn) - if err != nil { - logger.Fatalf("error querying neighbor: %v", err) - } - } else if len(cveResponse.Cve) > 0 { - path, err = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse, cveResponse.Cve[0].Id, model.EdgeCveCertifyVuln, opts.depth, opts.pathsToReturn) - if err != nil { - logger.Fatalf("error querying neighbor: %v", err) - } - } else if len(ghsaResponse.Ghsa) > 0 { - path, err = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse, ghsaResponse.Ghsa[0].Id, model.EdgeGhsaCertifyVuln, opts.depth, opts.pathsToReturn) + path, err = queryVulnsViaVulnNodeNeighbors(ctx, gqlclient, pkgResponse, vulnResponse.Vulnerabilities[0].VulnerabilityIDs[0].Id, model.EdgeVulnerabilityCertifyVuln, opts.depth, opts.pathsToReturn) if err != nil { logger.Fatalf("error querying neighbor: %v", err) } } else { - fmt.Printf("Failed to identify vulnerability as cve or ghsa and no results found for OSV\n") + fmt.Printf("Failed to identify vulnerability \n") } if len(path) > 0 { t.AppendRows(tableRows) @@ -217,36 +177,20 @@ func queryVulnsViaPackageNeighbors(ctx context.Context, gqlclient graphql.Client for _, neighbor := range pkgVersionNeighborResponse.Neighbors { if certifyVuln, ok := neighbor.(*model.NeighborsNeighborsCertifyVuln); ok { certifyVulnFound = true - if vuln, ok := certifyVuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityOSV); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.OsvId}) - path = append(path, []string{vuln.Id, certifyVuln.Id, - certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id, - certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id, - certifyVuln.Package.Id}...) - } else if vuln, ok := certifyVuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityCVE); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.CveId}) - path = append(path, []string{vuln.Id, certifyVuln.Id, - certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id, - certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id, - certifyVuln.Package.Id}...) - } else if vuln, ok := certifyVuln.Vulnerability.(*model.AllCertifyVulnVulnerabilityGHSA); ok { - tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.GhsaId}) - path = append(path, []string{vuln.Id, certifyVuln.Id, - certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id, - certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id, - certifyVuln.Package.Id}...) + if certifyVuln.Vulnerability.Type != noVulnType { + for _, vuln := range certifyVuln.Vulnerability.VulnerabilityIDs { + tableRows = append(tableRows, table.Row{certifyVulnStr, certifyVuln.Id, "vulnerability ID: " + vuln.VulnerabilityID}) + path = append(path, []string{vuln.Id, certifyVuln.Id, + certifyVuln.Package.Namespaces[0].Names[0].Versions[0].Id, + certifyVuln.Package.Namespaces[0].Names[0].Id, certifyVuln.Package.Namespaces[0].Id, + certifyVuln.Package.Id}...) + } } } if certifyVex, ok := neighbor.(*model.NeighborsNeighborsCertifyVEXStatement); ok { - if vuln, ok := certifyVex.Vulnerability.(*model.AllCertifyVEXStatementVulnerabilityOSV); ok { - tableRows = append(tableRows, table.Row{vexLinkStr, certifyVex.Id, "vulnerability ID: " + vuln.OsvId + ", Vex Status: " + string(certifyVex.Status) + ", Subject: " + vexSubjectString(certifyVex.Subject)}) - path = append(path, certifyVex.Id, vuln.Id) - } else if vuln, ok := certifyVex.Vulnerability.(*model.AllCertifyVEXStatementVulnerabilityCVE); ok { - tableRows = append(tableRows, table.Row{vexLinkStr, certifyVex.Id, "vulnerability ID: " + vuln.CveId + ", Vex Status: " + string(certifyVex.Status) + ", Subject: " + vexSubjectString(certifyVex.Subject)}) - path = append(path, certifyVex.Id, vuln.Id) - } else if vuln, ok := certifyVex.Vulnerability.(*model.AllCertifyVEXStatementVulnerabilityGHSA); ok { - tableRows = append(tableRows, table.Row{vexLinkStr, certifyVex.Id, "vulnerability ID: " + vuln.GhsaId + ", Vex Status: " + string(certifyVex.Status) + ", Subject: " + vexSubjectString(certifyVex.Subject)}) + for _, vuln := range certifyVex.Vulnerability.VulnerabilityIDs { + tableRows = append(tableRows, table.Row{vexLinkStr, certifyVex.Id, "vulnerability ID: " + vuln.VulnerabilityID + ", Vex Status: " + string(certifyVex.Status) + ", Subject: " + vexSubjectString(certifyVex.Subject)}) path = append(path, certifyVex.Id, vuln.Id) } path = append(path, vexSubjectIds(certifyVex.Subject)...) @@ -491,7 +435,7 @@ func searchDependencyPackagesReverse(ctx context.Context, gqlclient graphql.Clie } if topPkgID != "" && !found { - return nil, fmt.Errorf("No path found up to specified length") + return nil, fmt.Errorf("no path found up to specified length") } var now string diff --git a/demo/graphql/queries.gql b/demo/graphql/queries.gql index ef5a56523b..d60dd73c9f 100644 --- a/demo/graphql/queries.gql +++ b/demo/graphql/queries.gql @@ -146,37 +146,44 @@ query Node ($nodeId: ID!) { } } -fragment allCveTree on CVE { +fragment allVulnerabilityTree on Vulnerability { id - year - cveId -} - -fragment allGHSATree on GHSA { - id - ghsaId -} - -fragment allOSVTree on OSV { - id - osvId + type + vulnerabilityIDs { + id + vulnerabilityID + } } fragment allCertifyVulnTree on CertifyVuln { id package { - ...allPkgTree + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } } vulnerability { - __typename - ... on CVE { - ...allCveTree - } - ... on OSV { - ...allOSVTree - } - ... on GHSA { - ...allGHSATree + id + type + vulnerabilityIDs { + id + vulnerabilityID } } metadata { @@ -191,13 +198,13 @@ fragment allCertifyVulnTree on CertifyVuln { } query OSVQ1 { - osv(osvSpec: {osvId: "ghsa-jfh8-c2jp-5v3q"}) { - ...allOSVTree + vulnerabilities(vulnSpec: {type: "osv", vulnerabilityID: "ghsa-jfh8-c2jp-5v3q"}) { + ...allVulnerabilityTree } } query CertifyVulnQ1 { - CertifyVuln(certifyVulnSpec: {vulnerability: {osv: {osvId: "ghsa-jfh8-c2jp-5v3q"}}}) { + CertifyVuln(certifyVulnSpec: {vulnerability: {type: "osv", vulnerabilityID: "ghsa-jfh8-c2jp-5v3q"}}) { ...allCertifyVulnTree } } diff --git a/internal/testing/e2e/expectCertifyVulnQ1.json b/internal/testing/e2e/expectCertifyVulnQ1.json index 236f832a67..a7ad4ba7d3 100644 --- a/internal/testing/e2e/expectCertifyVulnQ1.json +++ b/internal/testing/e2e/expectCertifyVulnQ1.json @@ -22,8 +22,12 @@ ] }, "vulnerability": { - "__typename": "OSV", - "osvId": "ghsa-jfh8-c2jp-5v3q" + "type": "osv", + "vulnerabilityIDs": [ + { + "vulnerabilityID": "ghsa-jfh8-c2jp-5v3q" + } + ] }, "metadata": { "dbUri": "", diff --git a/internal/testing/e2e/expectOSVQ1.json b/internal/testing/e2e/expectOSVQ1.json index d2f54f2628..249dfcc83a 100644 --- a/internal/testing/e2e/expectOSVQ1.json +++ b/internal/testing/e2e/expectOSVQ1.json @@ -1,7 +1,12 @@ { - "osv": [ + "vulnerabilities": [ { - "osvId": "ghsa-jfh8-c2jp-5v3q" + "type": "osv", + "vulnerabilityIDs": [ + { + "vulnerabilityID": "ghsa-jfh8-c2jp-5v3q" + } + ] } ] } diff --git a/internal/testing/testdata/exampledata/ingest_predicates.json b/internal/testing/testdata/exampledata/ingest_predicates.json index 4635b798a8..6801fa74d5 100644 --- a/internal/testing/testdata/exampledata/ingest_predicates.json +++ b/internal/testing/testdata/exampledata/ingest_predicates.json @@ -275,9 +275,9 @@ "qualifiers": null, "subpath": "" }, - "cve": { - "year": 2023, - "cveId": "CVE-2023-1944" + "vulnerability": { + "type": "cve", + "vulnerabilityID": "cve-2023-1944" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -298,8 +298,9 @@ "qualifiers": null, "subpath": "" }, - "osv": { - "osvId": "GHSA-8489-44mv-ggj8" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-8489-44mv-ggj8" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -320,8 +321,9 @@ "qualifiers": null, "subpath": "" }, - "osv": { - "osvId": "GHSA-fxph-q3j8-mv87" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-fxph-q3j8-mv87" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -342,8 +344,9 @@ "qualifiers": null, "subpath": "" }, - "osv": { - "osvId": "GHSA-jfh8-c2jp-5v3q" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-jfh8-c2jp-5v3q" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -364,8 +367,9 @@ "qualifiers": null, "subpath": "" }, - "osv": { - "osvId": "GHSA-p6xc-xr62-6r2g" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-p6xc-xr62-6r2g" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -386,8 +390,9 @@ "qualifiers": null, "subpath": "" }, - "osv": { - "osvId": "GHSA-vwqq-5vrc-xw9h" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-vwqq-5vrc-xw9h" }, "vulnData": { "timeScanned": "2022-11-21T17:45:50.52Z", @@ -400,81 +405,92 @@ } } ], - "isVuln": [ + "vulnEqual": [ { - "osv": { - "osvId": "CVE-2023-1944" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "cve-2023-1944" }, - "cve": { - "year": 2023, - "cveId": "CVE-2023-1944" + "equalVulnerability": { + "type": "cve", + "vulnerabilityID": "cve-2023-1944" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" } }, { - "osv": { - "osvId": "GHSA-7rjr-3q55-vv33" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-7rjr-3q55-vv33" }, - "ghsa": { - "ghsaId": "GHSA-7rjr-3q55-vv33" + "equalVulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-7rjr-3q55-vv33" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" } }, { - "osv": { - "osvId": "GHSA-8489-44mv-ggj8" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-8489-44mv-ggj8" }, - "ghsa": { - "ghsaId": "GHSA-8489-44mv-ggj8" + "equalVulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-8489-44mv-ggj8" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" } }, { - "osv": { - "osvId": "GHSA-fxph-q3j8-mv87" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-fxph-q3j8-mv87" }, - "ghsa": { - "ghsaId": "GHSA-fxph-q3j8-mv87" + "equalVulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-fxph-q3j8-mv87" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" } }, { - "osv": { - "osvId": "GHSA-jfh8-c2jp-5v3q" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-jfh8-c2jp-5v3q" }, - "ghsa": { - "ghsaId": "GHSA-jfh8-c2jp-5v3q" + "equalVulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-jfh8-c2jp-5v3q" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" } }, { - "osv": { - "osvId": "GHSA-p6xc-xr62-6r2g" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "ghsa-p6xc-xr62-6r2g" }, - "ghsa": { - "ghsaId": "GHSA-p6xc-xr62-6r2g" + "equalVulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-p6xc-xr62-6r2g" }, - "isVuln": { + "vulnEqual": { "justification": "Decoded OSV data", "origin": "", "collector": "" @@ -701,8 +717,9 @@ ], "subpath": "" }, - "ghsa": { - "ghsaId": "GHSA-h45f-rjvw-2rv2" + "vulnerability": { + "type": "ghsa", + "vulnerabilityID": "ghsa-h45f-rjvw-2rv2" }, "vexData": { "status": "NOT_AFFECTED", @@ -719,8 +736,9 @@ "algorithm": "sha256", "digest": "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf" }, - "osv": { - "osvId": "CVE-2018-15710" + "vulnerability": { + "type": "osv", + "vulnerabilityID": "cve-2018-15710" }, "vexData": { "status": "UNDER_INVESTIGATION", @@ -737,9 +755,9 @@ "algorithm": "sha256", "digest": "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf" }, - "cve": { - "year": 2018, - "cveId": "CVE-2018-43610" + "vulnerability": { + "type": "cve", + "vulnerabilityID": "cve-2018-43610" }, "vexData": { "status": "NOT_AFFECTED", diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go index 702c4b69d9..96172a0d2e 100644 --- a/internal/testing/testdata/testdata.go +++ b/internal/testing/testdata/testdata.go @@ -484,10 +484,6 @@ var ( Justification: "spdx file with checksum", } - isOccJustifyPkg = &model.IsOccurrenceInputSpec{ - Justification: "spdx package with checksum", - } - SpdxDeps = []assembler.IsDependencyIngest{ { Pkg: topLevelPack, @@ -1909,7 +1905,7 @@ var ( Qualifiers: []model.PackageQualifierInputSpec{{Key: "arch", Value: "x86_64"}, {Key: "epoch", Value: "1"}}, Subpath: strP(""), }, - CVE: &model.CVEInputSpec{Year: 2023, CveId: "CVE-2023-0286"}, + Vulnerability: &model.VulnerabilityInputSpec{Type: "cve", VulnerabilityID: "cve-2023-0286"}, VexData: &model.VexStatementInputSpec{ Status: "AFFECTED", VexJustification: "NOT_PROVIDED", @@ -1937,8 +1933,8 @@ For the update to take effect, all services linked to the OpenSSL library must b }, Subpath: strP(""), }, - CVE: &model.CVEInputSpec{Year: 2023, CveId: "CVE-2023-0286"}, - VulnData: &model.VulnerabilityMetaDataInput{ + Vulnerability: &model.VulnerabilityInputSpec{Type: "cve", VulnerabilityID: "cve-2023-0286"}, + VulnData: &model.ScanMetadataInput{ TimeScanned: parseRfc3339("2023-03-23T11:14:00Z"), }, }, @@ -2066,11 +2062,11 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - CVE: &generated.CVEInputSpec{ - Year: 2023, - CveId: "CVE-2023-1944", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2023-1944", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -2084,10 +2080,11 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -2101,10 +2098,11 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -2118,10 +2116,11 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -2135,10 +2134,11 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -2152,87 +2152,93 @@ For the update to take effect, all services linked to the OpenSSL library must b Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-vwqq-5vrc-xw9h", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: parseRfc3339("2022-11-21T17:45:50.52Z"), ScannerUri: "osv.dev", ScannerVersion: "0.0.14", }, }, }, - IsVuln: []assembler.IsVulnIngest{ + VulnEqual: []assembler.VulnEqualIngest{ { - OSV: &generated.OSVInputSpec{ - OsvId: "CVE-2023-1944", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "cve-2023-1944", }, - CVE: &generated.CVEInputSpec{ - Year: 2023, - CveId: "CVE-2023-1944", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2023-1944", }, - GHSA: nil, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-7rjr-3q55-vv33", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-7rjr-3q55-vv33", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-8489-44mv-ggj8", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-fxph-q3j8-mv87", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-jfh8-c2jp-5v3q", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-p6xc-xr62-6r2g", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, @@ -2363,8 +2369,9 @@ For the update to take effect, all services linked to the OpenSSL library must b Qualifiers: []generated.PackageQualifierInputSpec{{Key: "user", Value: "bincrafters"}, {Key: "channel", Value: "stable"}}, Subpath: ptrfrom.String(""), }, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-h45f-rjvw-2rv2", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusNotAffected, @@ -2379,8 +2386,9 @@ For the update to take effect, all services linked to the OpenSSL library must b Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - OSV: &generated.OSVInputSpec{ - OsvId: "CVE-2018-15710", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "cve-2018-15710", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusUnderInvestigation, @@ -2395,9 +2403,9 @@ For the update to take effect, all services linked to the OpenSSL library must b Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - CVE: &generated.CVEInputSpec{ - Year: 2018, - CveId: "CVE-2018-43610", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2018-43610", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusNotAffected, diff --git a/pkg/assembler/assembler.go b/pkg/assembler/assembler.go index 149cb634db..7132ae8c39 100644 --- a/pkg/assembler/assembler.go +++ b/pkg/assembler/assembler.go @@ -36,7 +36,7 @@ type IngestPredicates struct { IsOccurrence []IsOccurrenceIngest `json:"isOccurrence,omitempty"` HasSlsa []HasSlsaIngest `json:"hasSlsa,omitempty"` CertifyVuln []CertifyVulnIngest `json:"certifyVuln,omitempty"` - IsVuln []IsVulnIngest `json:"isVuln,omitempty"` + VulnEqual []VulnEqualIngest `json:"vulnEqual,omitempty"` HasSourceAt []HasSourceAtIngest `json:"hasSourceAt,omitempty"` CertifyBad []CertifyBadIngest `json:"certifyBad,omitempty"` CertifyGood []CertifyGoodIngest `json:"certifyGood,omitempty"` @@ -86,20 +86,16 @@ type CertifyVulnIngest struct { // pkg is required Pkg *generated.PkgInputSpec `json:"pkg,omitempty"` - // vulnerability should be either OSV, CVE, GHSA, or none if no vulnerability is found - OSV *generated.OSVInputSpec `json:"osv,omitempty"` - CVE *generated.CVEInputSpec `json:"cve,omitempty"` - GHSA *generated.GHSAInputSpec `json:"ghsa,omitempty"` + // vulnerability or noVuln if no vulnerability is found + Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"` - VulnData *generated.VulnerabilityMetaDataInput `json:"vulnData,omitempty"` + VulnData *generated.ScanMetadataInput `json:"vulnData,omitempty"` } -// Only CVE or GHSA needed, not both -type IsVulnIngest struct { - OSV *generated.OSVInputSpec `json:"osv,omitempty"` - CVE *generated.CVEInputSpec `json:"cve,omitempty"` - GHSA *generated.GHSAInputSpec `json:"ghsa,omitempty"` - IsVuln *generated.IsVulnerabilityInputSpec `json:"isVuln,omitempty"` +type VulnEqualIngest struct { + Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"` + EqualVulnerability *generated.VulnerabilityInputSpec `json:"equalVulnerability,omitempty"` + VulnEqual *generated.VulnEqualInputSpec `json:"vulnEqual,omitempty"` } type HasSourceAtIngest struct { @@ -140,10 +136,8 @@ type VexIngest struct { Pkg *generated.PkgInputSpec `json:"pkg,omitempty"` Artifact *generated.ArtifactInputSpec `json:"artifact,omitempty"` - // vulnerability should be either OSV, CVE, GHSA - OSV *generated.OSVInputSpec `json:"osv,omitempty"` - CVE *generated.CVEInputSpec `json:"cve,omitempty"` - GHSA *generated.GHSAInputSpec `json:"ghsa,omitempty"` + // vulnerability (cannot be set to noVuln) + Vulnerability *generated.VulnerabilityInputSpec `json:"vulnerability,omitempty"` VexData *generated.VexStatementInputSpec `json:"vexData,omitempty"` } @@ -448,97 +442,41 @@ func (i IngestPredicates) GetBuilders(ctx context.Context) []*generated.BuilderI return builders } -func (i IngestPredicates) GetCVEs(ctx context.Context) []*generated.CVEInputSpec { - cveMap := make(map[string]*generated.CVEInputSpec) - for _, vuln := range i.CertifyVuln { - if vuln.CVE != nil { - if _, ok := cveMap[vuln.CVE.CveId]; !ok { - cveMap[vuln.CVE.CveId] = vuln.CVE - } - } - } - for _, v := range i.IsVuln { - if v.CVE != nil { - if _, ok := cveMap[v.CVE.CveId]; !ok { - cveMap[v.CVE.CveId] = v.CVE - } - } - } - for _, v := range i.Vex { - if v.CVE != nil { - if _, ok := cveMap[v.CVE.CveId]; !ok { - cveMap[v.CVE.CveId] = v.CVE - } - } - } - cves := make([]*generated.CVEInputSpec, 0, len(cveMap)) - - for _, cve := range cveMap { - cves = append(cves, cve) - } - return cves -} - -func (i IngestPredicates) GetOSVs(ctx context.Context) []*generated.OSVInputSpec { - osvMap := make(map[string]*generated.OSVInputSpec) - for _, vuln := range i.CertifyVuln { - if vuln.OSV != nil { - if _, ok := osvMap[vuln.OSV.OsvId]; !ok { - osvMap[vuln.OSV.OsvId] = vuln.OSV - } - } - } - for _, v := range i.IsVuln { - if v.OSV != nil { - if _, ok := osvMap[v.OSV.OsvId]; !ok { - osvMap[v.OSV.OsvId] = v.OSV - } +func (i IngestPredicates) GetVulnerabilities(ctx context.Context) []*generated.VulnerabilityInputSpec { + vulnMap := make(map[string]*generated.VulnerabilityInputSpec) + for _, v := range i.CertifyVuln { + equalVURI := helpers.VulnInputToVURI(v.Vulnerability) + if _, ok := vulnMap[equalVURI]; !ok { + vulnMap[equalVURI] = v.Vulnerability } - } - for _, v := range i.Vex { - if v.OSV != nil { - if _, ok := osvMap[v.OSV.OsvId]; !ok { - osvMap[v.OSV.OsvId] = v.OSV - } - } - } - osvs := make([]*generated.OSVInputSpec, 0, len(osvMap)) - for _, osv := range osvMap { - osvs = append(osvs, osv) } - return osvs -} - -func (i IngestPredicates) GetGHSAs(ctx context.Context) []*generated.GHSAInputSpec { - ghsaMap := make(map[string]*generated.GHSAInputSpec) - for _, vuln := range i.CertifyVuln { - if vuln.GHSA != nil { - if _, ok := ghsaMap[vuln.GHSA.GhsaId]; !ok { - ghsaMap[vuln.GHSA.GhsaId] = vuln.GHSA + for _, v := range i.VulnEqual { + if v.Vulnerability != nil { + equalVURI := helpers.VulnInputToVURI(v.Vulnerability) + if _, ok := vulnMap[equalVURI]; !ok { + vulnMap[equalVURI] = v.Vulnerability } } - } - for _, v := range i.IsVuln { - if v.GHSA != nil { - if _, ok := ghsaMap[v.GHSA.GhsaId]; !ok { - ghsaMap[v.GHSA.GhsaId] = v.GHSA + if v.EqualVulnerability != nil { + equalVURI := helpers.VulnInputToVURI(v.EqualVulnerability) + if _, ok := vulnMap[equalVURI]; !ok { + vulnMap[equalVURI] = v.EqualVulnerability } } } for _, v := range i.Vex { - if v.GHSA != nil { - if _, ok := ghsaMap[v.GHSA.GhsaId]; !ok { - ghsaMap[v.GHSA.GhsaId] = v.GHSA - } + equalVURI := helpers.VulnInputToVURI(v.Vulnerability) + if _, ok := vulnMap[equalVURI]; !ok { + vulnMap[equalVURI] = v.Vulnerability } } - ghsas := make([]*generated.GHSAInputSpec, 0, len(ghsaMap)) + vulns := make([]*generated.VulnerabilityInputSpec, 0, len(vulnMap)) - for _, ghsa := range ghsaMap { - ghsas = append(ghsas, ghsa) + for _, vuln := range vulnMap { + vulns = append(vulns, vuln) } - return ghsas + return vulns } func concatenateSourceInput(source *generated.SourceInputSpec) string { diff --git a/pkg/assembler/assembler_test.go b/pkg/assembler/assembler_test.go index 4c2ac25a78..fc59c33d3f 100644 --- a/pkg/assembler/assembler_test.go +++ b/pkg/assembler/assembler_test.go @@ -83,9 +83,7 @@ func TestIngestPredicates(t *testing.T) { wantArtifact []*generated.ArtifactInputSpec wantMaterials []generated.ArtifactInputSpec wantBuilder []*generated.BuilderInputSpec - wantOSV []*generated.OSVInputSpec - wantCVE []*generated.CVEInputSpec - wantGHSA []*generated.GHSAInputSpec + wantVuln []*generated.VulnerabilityInputSpec }{{ name: "get nouns", field: IngestPredicates{ @@ -205,11 +203,11 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - CVE: &generated.CVEInputSpec{ - Year: 2023, - CveId: "CVE-2023-1944", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2023-1944", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -223,10 +221,11 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -240,10 +239,11 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -257,10 +257,11 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -274,10 +275,11 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -291,87 +293,93 @@ func TestIngestPredicates(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-vwqq-5vrc-xw9h", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", }, }, }, - IsVuln: []IsVulnIngest{ + VulnEqual: []VulnEqualIngest{ { - OSV: &generated.OSVInputSpec{ - OsvId: "CVE-2023-1944", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "cve-2023-1944", }, - CVE: &generated.CVEInputSpec{ - Year: 2023, - CveId: "CVE-2023-1944", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2023-1944", }, - GHSA: nil, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-7rjr-3q55-vv33", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-7rjr-3q55-vv33", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-8489-44mv-ggj8", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-fxph-q3j8-mv87", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-jfh8-c2jp-5v3q", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-p6xc-xr62-6r2g", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, @@ -472,8 +480,9 @@ func TestIngestPredicates(t *testing.T) { Vex: []VexIngest{ { Pkg: openSSLWithQualifier, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-h45f-rjvw-2rv2", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-h45f-rjvw-2rv2", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusNotAffected, @@ -488,8 +497,9 @@ func TestIngestPredicates(t *testing.T) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - OSV: &generated.OSVInputSpec{ - OsvId: "CVE-2018-15710", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "cve-2018-15710", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusUnderInvestigation, @@ -504,9 +514,9 @@ func TestIngestPredicates(t *testing.T) { Digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf", Algorithm: "sha256", }, - CVE: &generated.CVEInputSpec{ - Year: 2018, - CveId: "CVE-2018-43610", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2018-43610", }, VexData: &generated.VexStatementInputSpec{ Status: generated.VexStatusNotAffected, @@ -559,60 +569,70 @@ func TestIngestPredicates(t *testing.T) { Uri: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v0.0.1", }, }, - wantOSV: []*generated.OSVInputSpec{ + wantVuln: []*generated.VulnerabilityInputSpec{ { - OsvId: "CVE-2018-15710", + Type: "osv", + VulnerabilityID: "cve-2018-15710", }, { - OsvId: "CVE-2023-1944", + Type: "osv", + VulnerabilityID: "cve-2023-1944", }, { - OsvId: "GHSA-7rjr-3q55-vv33", + Type: "osv", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, { - OsvId: "GHSA-8489-44mv-ggj8", + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, { - OsvId: "GHSA-fxph-q3j8-mv87", + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, { - OsvId: "GHSA-jfh8-c2jp-5v3q", + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, { - OsvId: "GHSA-p6xc-xr62-6r2g", + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, { - OsvId: "GHSA-vwqq-5vrc-xw9h", + Type: "osv", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - }, - wantCVE: []*generated.CVEInputSpec{ { - Year: 2018, - CveId: "CVE-2018-43610", + Type: "cve", + VulnerabilityID: "cve-2018-43610", }, { - Year: 2023, - CveId: "CVE-2023-1944", + Type: "cve", + VulnerabilityID: "cve-2023-1944", }, - }, - wantGHSA: []*generated.GHSAInputSpec{ { - GhsaId: "GHSA-7rjr-3q55-vv33", + Type: "ghsa", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, { - GhsaId: "GHSA-8489-44mv-ggj8", + Type: "ghsa", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, { - GhsaId: "GHSA-fxph-q3j8-mv87", + Type: "ghsa", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, { - GhsaId: "GHSA-h45f-rjvw-2rv2", + Type: "ghsa", + VulnerabilityID: "ghsa-h45f-rjvw-2rv2", }, { - GhsaId: "GHSA-jfh8-c2jp-5v3q", + Type: "ghsa", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, { - GhsaId: "GHSA-p6xc-xr62-6r2g", + Type: "ghsa", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, }, }} @@ -651,22 +671,12 @@ func TestIngestPredicates(t *testing.T) { t.Errorf("Unexpected GetBuilders results. (-want +got):\n%s", diff) } - gotOSVs := i.GetOSVs(ctx) - osvSort := func(a, b *generated.OSVInputSpec) bool { return a.OsvId < b.OsvId } - if diff := cmp.Diff(tt.wantOSV, gotOSVs, cmpopts.SortSlices(osvSort)); diff != "" { - t.Errorf("Unexpected GetOSVs results. (-want +got):\n%s", diff) + gotVulns := i.GetVulnerabilities(ctx) + vulnSort := func(a, b *generated.VulnerabilityInputSpec) bool { + return helpers.VulnInputToVURI(a) < helpers.VulnInputToVURI(b) } - - gotCVEs := i.GetCVEs(ctx) - cveSort := func(a, b *generated.CVEInputSpec) bool { return a.CveId < b.CveId } - if diff := cmp.Diff(tt.wantCVE, gotCVEs, cmpopts.SortSlices(cveSort)); diff != "" { - t.Errorf("Unexpected GetCVEs results. (-want +got):\n%s", diff) - } - - gotGHSAs := i.GetGHSAs(ctx) - ghsaSort := func(a, b *generated.GHSAInputSpec) bool { return a.GhsaId < b.GhsaId } - if diff := cmp.Diff(tt.wantGHSA, gotGHSAs, cmpopts.SortSlices(ghsaSort)); diff != "" { - t.Errorf("Unexpected GetGHSAs results. (-want +got):\n%s", diff) + if diff := cmp.Diff(tt.wantVuln, gotVulns, cmpopts.SortSlices(vulnSort)); diff != "" { + t.Errorf("Unexpected gotVulns results. (-want +got):\n%s", diff) } }) } diff --git a/pkg/assembler/backends/arangodb/backend.go b/pkg/assembler/backends/arangodb/backend.go index 9e34cd6b03..a72f1dd2a3 100644 --- a/pkg/assembler/backends/arangodb/backend.go +++ b/pkg/assembler/backends/arangodb/backend.go @@ -31,15 +31,16 @@ import ( ) const ( - namespaces string = "namespaces" - names string = namespaces + ".names" - versions string = names + ".versions" - origin string = "origin" - collector string = "collector" - justification string = "justification" - maxRetires int = 100 - retryTimer time.Duration = time.Microsecond - guacEmpty string = "guac-empty-@@" + namespaces string = "namespaces" + names string = namespaces + ".names" + versions string = names + ".versions" + vulnerabilityID string = "vulnerabilityIDs" + origin string = "origin" + collector string = "collector" + justification string = "justification" + maxRetires int = 100 + retryTimer time.Duration = time.Microsecond + guacEmpty string = "guac-empty-@@" // Package collections pkgTypesStr string = "pkgTypes" @@ -65,17 +66,11 @@ const ( artifactsStr string = "artifacts" - // cve collection + // vulnerabilities collection - cvesStr string = "cves" - - // ghsa collection - - ghsasStr string = "ghsas" - - // osv collection - - osvsStr string = "osvs" + vulnTypesStr string = "vulnTypes" + vulnHasVulnerabilityIDStr string = "vulnHasVulnerabilityID" + vulnerabilitiesStr string = "vulnerabilities" // isDependency collections @@ -242,6 +237,12 @@ func GetBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen srcHasName.From = []string{srcNamespacesStr} srcHasName.To = []string{srcNamesStr} + // setup vulnerability collections + var vulnHasVulnerabilityID driver.EdgeDefinition + vulnHasVulnerabilityID.Collection = vulnHasVulnerabilityIDStr + vulnHasVulnerabilityID.From = []string{vulnTypesStr} + vulnHasVulnerabilityID.To = []string{vulnerabilitiesStr} + // setup isDependency collections var isDependencyDepPkgEdges driver.EdgeDefinition isDependencyDepPkgEdges.Collection = isDependencyDepPkgEdgesStr @@ -311,7 +312,7 @@ func GetBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen var certifyVulnEdges driver.EdgeDefinition certifyVulnEdges.Collection = certifyVulnEdgesStr certifyVulnEdges.From = []string{pkgVersionsStr, certifyVulnsStr} - certifyVulnEdges.To = []string{certifyVulnsStr, cvesStr, ghsasStr, osvsStr} + certifyVulnEdges.To = []string{certifyVulnsStr, vulnerabilitiesStr} // setup certifyScorecard collections var certifyScorecardSrcEdges driver.EdgeDefinition @@ -364,7 +365,7 @@ func GetBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen // A graph can contain additional vertex collections, defined in the set of orphan collections var options driver.CreateGraphOptions options.EdgeDefinitions = []driver.EdgeDefinition{pkgHasNamespace, pkgHasName, - pkgHasVersion, srcHasNamespace, srcHasName, isDependencyDepPkgEdges, isDependencySubjectPkgEdges, + pkgHasVersion, srcHasNamespace, srcHasName, vulnHasVulnerabilityID, isDependencyDepPkgEdges, isDependencySubjectPkgEdges, isOccurrenceArtEdges, isOccurrenceSubjectPkgEdges, isOccurrenceSubjectSrcEdges, hasSLSASubjectArtEdges, hasSLSABuiltByEdges, hasSLSABuiltFromEdges, hashEqualArtEdges, hashEqualSubjectArtEdges, hasSBOMPkgEdges, hasSBOMArtEdges, certifyVulnEdges, certifyScorecardSrcEdges, certifyBadPkgVersionEdges, certifyBadPkgNameEdges, @@ -391,16 +392,12 @@ func GetBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen return nil, fmt.Errorf("failed to generate index for builders: %w", err) } - if err := createIndexPerCollection(ctx, db, cvesStr, []string{"cveID"}, false, "byCveID"); err != nil { - return nil, fmt.Errorf("failed to generate index for cves: %w", err) + if err := createIndexPerCollection(ctx, db, vulnTypesStr, []string{"type"}, true, "byVulnType"); err != nil { + return nil, fmt.Errorf("failed to generate index for vulnTypes: %w", err) } - if err := createIndexPerCollection(ctx, db, ghsasStr, []string{"ghsaID"}, false, "byGhsaID"); err != nil { - return nil, fmt.Errorf("failed to generate index for ghsas: %w", err) - } - - if err := createIndexPerCollection(ctx, db, osvsStr, []string{"osvID"}, false, "byOsvID"); err != nil { - return nil, fmt.Errorf("failed to generate index for osvs: %w", err) + if err := createIndexPerCollection(ctx, db, vulnerabilitiesStr, []string{"vulnerabilityID"}, false, "byVulnID"); err != nil { + return nil, fmt.Errorf("failed to generate index for vulnerabilities: %w", err) } if err := createIndexPerCollection(ctx, db, hashEqualsStr, []string{"artifactID", "equalArtifactID"}, true, "byArtIDEqualArtID"); err != nil { @@ -477,6 +474,11 @@ func GetBackend(ctx context.Context, args backends.BackendArgs) (backends.Backen return nil, fmt.Errorf("failed to generate guackey index for srcNames: %w", err) } + // GUAC key indices for vulnerabilities + if err := createIndexPerCollection(ctx, db, vulnerabilitiesStr, []string{"guacKey"}, false, "byVulnGuacKey"); err != nil { + return nil, fmt.Errorf("failed to generate index for vulnerabilities: %w", err) + } + if err := createAnalyzer(ctx, db, driver.ArangoSearchAnalyzerDefinition{ Name: "customgram", Type: driver.ArangoSearchAnalyzerTypeNGram, @@ -722,8 +724,8 @@ func (c *arangoClient) HasSourceAt(ctx context.Context, hasSourceAtSpec *model.H panic(fmt.Errorf("not implemented: HasSourceAt - HasSourceAt")) } -func (c *arangoClient) IsVulnerability(ctx context.Context, isVulnerabilitySpec *model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) { - panic(fmt.Errorf("not implemented: IsVulnerability - IsVulnerability")) +func (c *arangoClient) VulnEqual(ctx context.Context, vulnEqualSpec *model.VulnEqualSpec) ([]*model.VulnEqual, error) { + panic(fmt.Errorf("not implemented: VulnEqual")) } func (c *arangoClient) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqualSpec) ([]*model.PkgEqual, error) { panic(fmt.Errorf("not implemented: PkgEqual - PkgEqual")) @@ -734,17 +736,17 @@ func (c *arangoClient) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqua func (c *arangoClient) IngestHasSourceAt(ctx context.Context, pkg model.PkgInputSpec, pkgMatchType model.MatchFlags, source model.SourceInputSpec, hasSourceAt model.HasSourceAtInputSpec) (*model.HasSourceAt, error) { panic(fmt.Errorf("not implemented: IngestHasSourceAt - IngestHasSourceAt")) } -func (c *arangoClient) IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) { - panic(fmt.Errorf("not implemented: IngestIsVulnerability - IngestIsVulnerability")) +func (c *arangoClient) IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) { + panic(fmt.Errorf("not implemented: IngestVulnEqual")) } func (c *arangoClient) IngestPkgEqual(ctx context.Context, pkg model.PkgInputSpec, depPkg model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) (*model.PkgEqual, error) { panic(fmt.Errorf("not implemented: IngestPkgEqual - IngestPkgEqual")) } -func (c *arangoClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { +func (c *arangoClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { panic(fmt.Errorf("not implemented: IngestVEXStatement - IngestVEXStatement")) } -func (c *arangoClient) IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) { - panic(fmt.Errorf("not implemented: IngestVulnerability - IngestVulnerability")) +func (c *arangoClient) IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) { + panic(fmt.Errorf("not implemented: IngestCertifyVuln")) } // Topological queries: queries where node connectivity matters more than node type diff --git a/pkg/assembler/backends/arangodb/cve.go b/pkg/assembler/backends/arangodb/cve.go deleted file mode 100644 index f6f663d2e8..0000000000 --- a/pkg/assembler/backends/arangodb/cve.go +++ /dev/null @@ -1,160 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package arangodb - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/arangodb/go-driver" - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -func (c *arangoClient) Cve(ctx context.Context, cveSpec *model.CVESpec) ([]*model.Cve, error) { - values := map[string]any{} - arangoQueryBuilder := newForQuery(cvesStr, "cve") - if cveSpec.ID != nil { - arangoQueryBuilder.filter("cve", "_id", "==", "@id") - values["id"] = *cveSpec.ID - } - if cveSpec.Year != nil { - arangoQueryBuilder.filter("cve", "year", "==", "@year") - values["year"] = *cveSpec.Year - } - if cveSpec.CveID != nil { - arangoQueryBuilder.filter("cve", "cveId", "==", "@cveId") - values["cveId"] = strings.ToLower(*cveSpec.CveID) - } - arangoQueryBuilder.query.WriteString("\n") - arangoQueryBuilder.query.WriteString(`RETURN { - "id": cve._id, - "year": cve.year, - "cveID": cve.cveId - }`) - - fmt.Println(arangoQueryBuilder.string()) - cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "Cve") - if err != nil { - return nil, fmt.Errorf("failed to query for cve: %w", err) - } - defer cursor.Close() - - return getCVEs(ctx, cursor) -} - -func getCVEQueryValues(cve *model.CVEInputSpec) map[string]any { - values := map[string]any{} - values["year"] = cve.Year - values["cveId"] = strings.ToLower(cve.CveID) - return values -} - -func (c *arangoClient) IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) { - var listOfValues []map[string]any - for i := range cves { - listOfValues = append(listOfValues, getCVEQueryValues(cves[i])) - } - - var documents []string - for _, val := range listOfValues { - bs, _ := json.Marshal(val) - documents = append(documents, string(bs)) - } - - queryValues := map[string]any{} - queryValues["documents"] = fmt.Sprint(strings.Join(documents, ",")) - - var sb strings.Builder - - sb.WriteString("for doc in [") - for i, val := range listOfValues { - bs, _ := json.Marshal(val) - if i == len(listOfValues)-1 { - sb.WriteString(string(bs)) - } else { - sb.WriteString(string(bs) + ",") - } - } - sb.WriteString("]") - - query := ` -UPSERT { year:doc.year, cveId:doc.cveId } -INSERT { year:doc.year, cveId:doc.cveId } -UPDATE {} IN cves OPTIONS { indexHint: "byCveID" } -RETURN { - "id": NEW._id, - "year": NEW.year, - "cveID": NEW.cveId - }` - - sb.WriteString(query) - - cursor, err := executeQueryWithRetry(ctx, c.db, sb.String(), nil, "IngestCVEs") - if err != nil { - return nil, fmt.Errorf("failed to ingest cve: %w", err) - } - defer cursor.Close() - - return getCVEs(ctx, cursor) -} - -func (c *arangoClient) IngestCve(ctx context.Context, cve *model.CVEInputSpec) (*model.Cve, error) { - query := ` -UPSERT { year:@year, cveId:@cveId } -INSERT { year:@year, cveId:@cveId } -UPDATE {} IN cves OPTIONS { indexHint: "byCveID" } -RETURN { - "id": NEW._id, - "year": NEW.year, - "cveID": NEW.cveId - }` - - cursor, err := executeQueryWithRetry(ctx, c.db, query, getCVEQueryValues(cve), "IngestCve") - if err != nil { - return nil, fmt.Errorf("failed to ingest cve: %w", err) - } - defer cursor.Close() - - createdCVEs, err := getCVEs(ctx, cursor) - if err != nil { - return nil, fmt.Errorf("failed to get cves from arango cursor: %w", err) - } - if len(createdCVEs) == 1 { - return createdCVEs[0], nil - } else { - return nil, fmt.Errorf("number of cves ingested is greater than one") - } -} - -func getCVEs(ctx context.Context, cursor driver.Cursor) ([]*model.Cve, error) { - var createdCVEs []*model.Cve - for { - var doc *model.Cve - _, err := cursor.ReadDocument(ctx, &doc) - if err != nil { - if driver.IsNoMoreDocuments(err) { - break - } else { - return nil, fmt.Errorf("failed to get cve from cursor: %w", err) - } - } else { - createdCVEs = append(createdCVEs, doc) - } - } - return createdCVEs, nil -} diff --git a/pkg/assembler/backends/arangodb/ghsa.go b/pkg/assembler/backends/arangodb/ghsa.go deleted file mode 100644 index 0e0ea6f674..0000000000 --- a/pkg/assembler/backends/arangodb/ghsa.go +++ /dev/null @@ -1,152 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package arangodb - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/arangodb/go-driver" - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -func (c *arangoClient) Ghsa(ctx context.Context, ghsaSpec *model.GHSASpec) ([]*model.Ghsa, error) { - values := map[string]any{} - arangoQueryBuilder := newForQuery(ghsasStr, "ghsa") - if ghsaSpec.ID != nil { - arangoQueryBuilder.filter("ghsa", "_id", "==", "@id") - values["id"] = *ghsaSpec.ID - } - if ghsaSpec.GhsaID != nil { - arangoQueryBuilder.filter("ghsa", "ghsaId", "==", "@ghsaId") - values["ghsaId"] = strings.ToLower(*ghsaSpec.GhsaID) - } - arangoQueryBuilder.query.WriteString("\n") - arangoQueryBuilder.query.WriteString(`RETURN { - "id": ghsa._id, - "ghsaId": ghsa.ghsaId - }`) - - fmt.Println(arangoQueryBuilder.string()) - cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "Ghsa") - if err != nil { - return nil, fmt.Errorf("failed to query for ghsa: %w", err) - } - defer cursor.Close() - - return getGHSAs(ctx, cursor) -} - -func getGHSAQueryValues(ghsa *model.GHSAInputSpec) map[string]any { - values := map[string]any{} - values["ghsaId"] = strings.ToLower(ghsa.GhsaID) - return values -} - -func (c *arangoClient) IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) { - var listOfValues []map[string]any - for i := range ghsas { - listOfValues = append(listOfValues, getGHSAQueryValues(ghsas[i])) - } - - var documents []string - for _, val := range listOfValues { - bs, _ := json.Marshal(val) - documents = append(documents, string(bs)) - } - - queryValues := map[string]any{} - queryValues["documents"] = fmt.Sprint(strings.Join(documents, ",")) - - var sb strings.Builder - - sb.WriteString("for doc in [") - for i, val := range listOfValues { - bs, _ := json.Marshal(val) - if i == len(listOfValues)-1 { - sb.WriteString(string(bs)) - } else { - sb.WriteString(string(bs) + ",") - } - } - sb.WriteString("]") - - query := ` -UPSERT { ghsaId:doc.ghsaId } -INSERT { ghsaId:doc.ghsaId } -UPDATE {} IN ghsas OPTIONS { indexHint: "byGhsaID" } -RETURN { - "id": NEW._id, - "ghsaId": NEW.ghsaId - }` - - sb.WriteString(query) - - cursor, err := executeQueryWithRetry(ctx, c.db, sb.String(), nil, "IngestGHSAs") - if err != nil { - return nil, fmt.Errorf("failed to ingest ghsa: %w", err) - } - defer cursor.Close() - - return getGHSAs(ctx, cursor) -} - -func (c *arangoClient) IngestGhsa(ctx context.Context, ghsa *model.GHSAInputSpec) (*model.Ghsa, error) { - query := ` -UPSERT { ghsaId:@ghsaId } -INSERT { ghsaId:@ghsaId } -UPDATE {} IN ghsas OPTIONS { indexHint: "byGhsaID" } -RETURN { - "id": NEW._id, - "ghsaId": NEW.ghsaId - }` - - cursor, err := executeQueryWithRetry(ctx, c.db, query, getGHSAQueryValues(ghsa), "IngestGhsa") - if err != nil { - return nil, fmt.Errorf("failed to ingest ghsa: %w", err) - } - defer cursor.Close() - - createdGHSAs, err := getGHSAs(ctx, cursor) - if err != nil { - return nil, fmt.Errorf("failed to get ghsas from arango cursor: %w", err) - } - if len(createdGHSAs) == 1 { - return createdGHSAs[0], nil - } else { - return nil, fmt.Errorf("number of ghsas ingested is greater than one") - } -} - -func getGHSAs(ctx context.Context, cursor driver.Cursor) ([]*model.Ghsa, error) { - var createdGHSAs []*model.Ghsa - for { - var doc *model.Ghsa - _, err := cursor.ReadDocument(ctx, &doc) - if err != nil { - if driver.IsNoMoreDocuments(err) { - break - } else { - return nil, fmt.Errorf("failed to get ghsa from cursor: %w", err) - } - } else { - createdGHSAs = append(createdGHSAs, doc) - } - } - return createdGHSAs, nil -} diff --git a/pkg/assembler/backends/arangodb/osv.go b/pkg/assembler/backends/arangodb/osv.go deleted file mode 100644 index c2355ec832..0000000000 --- a/pkg/assembler/backends/arangodb/osv.go +++ /dev/null @@ -1,152 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package arangodb - -import ( - "context" - "encoding/json" - "fmt" - "strings" - - "github.com/arangodb/go-driver" - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -func (c *arangoClient) Osv(ctx context.Context, osvSpec *model.OSVSpec) ([]*model.Osv, error) { - values := map[string]any{} - arangoQueryBuilder := newForQuery(osvsStr, "osv") - if osvSpec.ID != nil { - arangoQueryBuilder.filter("osv", "_id", "==", "@id") - values["id"] = *osvSpec.ID - } - if osvSpec.OsvID != nil { - arangoQueryBuilder.filter("osv", "osvId", "==", "@osvId") - values["osvId"] = strings.ToLower(*osvSpec.OsvID) - } - arangoQueryBuilder.query.WriteString("\n") - arangoQueryBuilder.query.WriteString(`RETURN { - "id": osv._id, - "osvId": osv.osvId - }`) - - fmt.Println(arangoQueryBuilder.string()) - cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "Osv") - if err != nil { - return nil, fmt.Errorf("failed to query for osv: %w", err) - } - defer cursor.Close() - - return getOSVs(ctx, cursor) -} - -func getOSVQueryValues(osv *model.OSVInputSpec) map[string]any { - values := map[string]any{} - values["osvId"] = strings.ToLower(osv.OsvID) - return values -} - -func (c *arangoClient) IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) { - var listOfValues []map[string]any - for i := range osvs { - listOfValues = append(listOfValues, getOSVQueryValues(osvs[i])) - } - - var documents []string - for _, val := range listOfValues { - bs, _ := json.Marshal(val) - documents = append(documents, string(bs)) - } - - queryValues := map[string]any{} - queryValues["documents"] = fmt.Sprint(strings.Join(documents, ",")) - - var sb strings.Builder - - sb.WriteString("for doc in [") - for i, val := range listOfValues { - bs, _ := json.Marshal(val) - if i == len(listOfValues)-1 { - sb.WriteString(string(bs)) - } else { - sb.WriteString(string(bs) + ",") - } - } - sb.WriteString("]") - - query := ` -UPSERT { osvId:doc.osvId } -INSERT { osvId:doc.osvId } -UPDATE {} IN osvs OPTIONS { indexHint: "byOsvID" } -RETURN { - "id": NEW._id, - "osvId": NEW.osvId - }` - - sb.WriteString(query) - - cursor, err := executeQueryWithRetry(ctx, c.db, sb.String(), nil, "IngestOSVs") - if err != nil { - return nil, fmt.Errorf("failed to ingest osv: %w", err) - } - defer cursor.Close() - - return getOSVs(ctx, cursor) -} - -func (c *arangoClient) IngestOsv(ctx context.Context, osv *model.OSVInputSpec) (*model.Osv, error) { - query := ` -UPSERT { osvId:@osvId } -INSERT { osvId:@osvId } -UPDATE {} IN osvs OPTIONS { indexHint: "byOsvID" } -RETURN { - "id": NEW._id, - "osvId": NEW.osvId - }` - - cursor, err := executeQueryWithRetry(ctx, c.db, query, getOSVQueryValues(osv), "IngestOsv") - if err != nil { - return nil, fmt.Errorf("failed to ingest osv: %w", err) - } - defer cursor.Close() - - createdOSVs, err := getOSVs(ctx, cursor) - if err != nil { - return nil, fmt.Errorf("failed to get osvs from arango cursor: %w", err) - } - if len(createdOSVs) == 1 { - return createdOSVs[0], nil - } else { - return nil, fmt.Errorf("number of osvs ingested is greater than one") - } -} - -func getOSVs(ctx context.Context, cursor driver.Cursor) ([]*model.Osv, error) { - var createdOSVs []*model.Osv - for { - var doc *model.Osv - _, err := cursor.ReadDocument(ctx, &doc) - if err != nil { - if driver.IsNoMoreDocuments(err) { - break - } else { - return nil, fmt.Errorf("failed to get ghsa from cursor: %w", err) - } - } else { - createdOSVs = append(createdOSVs, doc) - } - } - return createdOSVs, nil -} diff --git a/pkg/assembler/backends/arangodb/pkg.go b/pkg/assembler/backends/arangodb/pkg.go index 4aa254247f..b10d7a4de6 100644 --- a/pkg/assembler/backends/arangodb/pkg.go +++ b/pkg/assembler/backends/arangodb/pkg.go @@ -60,15 +60,15 @@ type dbPkgType struct { PkgType string `json:"type"` } -type PkgIds struct { +type pkgIds struct { TypeId string NamespaceId string NameId string VersionId string } -func guacPkgId(pkg model.PkgInputSpec) PkgIds { - ids := PkgIds{} +func guacPkgId(pkg model.PkgInputSpec) pkgIds { + ids := pkgIds{} ids.TypeId = pkg.Type @@ -117,7 +117,7 @@ func guacPkgId(pkg model.PkgInputSpec) PkgIds { return ids } -func getPackageQueryValues(c *arangoClient, pkg *model.PkgInputSpec) map[string]any { +func getPackageQueryValues(pkg *model.PkgInputSpec) map[string]any { values := map[string]any{} // add guac keys @@ -163,7 +163,7 @@ func getPackageQueryValues(c *arangoClient, pkg *model.PkgInputSpec) map[string] func (c *arangoClient) IngestPackages(ctx context.Context, pkgs []*model.PkgInputSpec) ([]*model.Package, error) { var listOfValues []map[string]any for i := range pkgs { - listOfValues = append(listOfValues, getPackageQueryValues(c, pkgs[i])) + listOfValues = append(listOfValues, getPackageQueryValues(pkgs[i])) } var documents []string @@ -315,7 +315,7 @@ func (c *arangoClient) IngestPackage(ctx context.Context, pkg model.PkgInputSpec "qualifier_list": pkgVersionObj.qualifier_list }` - cursor, err := executeQueryWithRetry(ctx, c.db, query, getPackageQueryValues(c, &pkg), "IngestPackage") + cursor, err := executeQueryWithRetry(ctx, c.db, query, getPackageQueryValues(&pkg), "IngestPackage") if err != nil { return nil, fmt.Errorf("failed to ingest package: %w", err) } diff --git a/pkg/assembler/backends/arangodb/src.go b/pkg/assembler/backends/arangodb/src.go index d853dd8b44..6084cb051b 100644 --- a/pkg/assembler/backends/arangodb/src.go +++ b/pkg/assembler/backends/arangodb/src.go @@ -48,14 +48,14 @@ type dbSrcType struct { SrcType string `json:"type"` } -type SrcIds struct { +type srcIds struct { TypeId string NamespaceId string NameId string } -func guacSrcId(src model.SourceInputSpec) SrcIds { - ids := SrcIds{} +func guacSrcId(src model.SourceInputSpec) srcIds { + ids := srcIds{} ids.TypeId = src.Type @@ -89,7 +89,7 @@ func guacSrcId(src model.SourceInputSpec) SrcIds { return ids } -func getSourceQueryValues(c *arangoClient, source *model.SourceInputSpec) map[string]any { +func getSourceQueryValues(source *model.SourceInputSpec) map[string]any { values := map[string]any{} // add guac keys guacIds := guacSrcId(*source) @@ -119,7 +119,7 @@ func (c *arangoClient) IngestSources(ctx context.Context, sources []*model.Sourc var listOfValues []map[string]any for i := range sources { - listOfValues = append(listOfValues, getSourceQueryValues(c, sources[i])) + listOfValues = append(listOfValues, getSourceQueryValues(sources[i])) } var documents []string @@ -243,7 +243,7 @@ func (c *arangoClient) IngestSource(ctx context.Context, source model.SourceInpu "tag": name.tag }` - cursor, err := executeQueryWithRetry(ctx, c.db, query, getSourceQueryValues(c, &source), "IngestSource") + cursor, err := executeQueryWithRetry(ctx, c.db, query, getSourceQueryValues(&source), "IngestSource") if err != nil { return nil, fmt.Errorf("failed to ingest source: %w", err) } diff --git a/pkg/assembler/backends/arangodb/vulnerability.go b/pkg/assembler/backends/arangodb/vulnerability.go new file mode 100644 index 0000000000..6e29a726e3 --- /dev/null +++ b/pkg/assembler/backends/arangodb/vulnerability.go @@ -0,0 +1,321 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package arangodb + +import ( + "context" + "encoding/json" + "fmt" + "strings" + + "github.com/arangodb/go-driver" + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// dbVulnID is the full presentation of the vulnerability node within the arango database +type dbVulnID struct { + TypeID string `json:"type_id"` + VulnType string `json:"type"` + // VulnID is the ID of the vulnerability node within the database + VulnID string `json:"vuln_id"` + // Vuln is the actual vulnerabilityID within the vulnerability ID node within the database + Vuln string `json:"vuln"` +} + +type dbVulnType struct { + TypeID string `json:"type_id"` + VulnType string `json:"type"` +} + +type vulnIds struct { + TypeId string + VulnerabilityID string +} + +func (c *arangoClient) Vulnerabilities(ctx context.Context, vulnSpec *model.VulnerabilitySpec) ([]*model.Vulnerability, error) { + + // fields: [type vulnerabilityIDs ] + fields := getPreloads(ctx) + + vulnerabilityRequired := false + for _, f := range fields { + if f == vulnerabilityID { + vulnerabilityRequired = true + } + } + + if !vulnerabilityRequired { + return c.vulnerabilityType(ctx, vulnSpec) + } + + values := map[string]any{} + + arangoQueryBuilder := setVulnMatchValues(vulnSpec, values) + + arangoQueryBuilder.query.WriteString("\n") + arangoQueryBuilder.query.WriteString(`RETURN { + "type_id": vType._id, + "type": vType.type, + "vuln_id": vVulnID._id, + "vuln": vVulnID.vulnerabilityID + }`) + + fmt.Println(arangoQueryBuilder.string()) + + cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "Vulnerabilities") + if err != nil { + return nil, fmt.Errorf("failed to query for sources: %w", err) + } + defer cursor.Close() + + return getVulnerabilities(ctx, cursor) +} + +func (c *arangoClient) vulnerabilityType(ctx context.Context, vulnSpec *model.VulnerabilitySpec) ([]*model.Vulnerability, error) { + + values := map[string]any{} + + arangoQueryBuilder := newForQuery(vulnTypesStr, "vType") + if vulnSpec.Type != nil { + arangoQueryBuilder.filter("vType", "type", "==", "@vulnType") + values["vulnType"] = strings.ToLower(*vulnSpec.Type) + } + arangoQueryBuilder.query.WriteString("\n") + arangoQueryBuilder.query.WriteString(`RETURN { + "type_id": vType._id, + "type": vType.type + }`) + + fmt.Println(arangoQueryBuilder.string()) + + cursor, err := executeQueryWithRetry(ctx, c.db, arangoQueryBuilder.string(), values, "vulnerabilityType") + if err != nil { + return nil, fmt.Errorf("failed to query for vulnerability type: %w", err) + } + defer cursor.Close() + + var vulnerabilities []*model.Vulnerability + for { + var doc dbVulnType + _, err := cursor.ReadDocument(ctx, &doc) + if err != nil { + if driver.IsNoMoreDocuments(err) { + break + } else { + return nil, fmt.Errorf("failed to query source type: %w", err) + } + } else { + collectedVuln := &model.Vulnerability{ + ID: doc.TypeID, + Type: doc.VulnType, + VulnerabilityIDs: []*model.VulnerabilityID{}, + } + vulnerabilities = append(vulnerabilities, collectedVuln) + } + } + + return vulnerabilities, nil +} + +func setVulnMatchValues(vulnSpec *model.VulnerabilitySpec, queryValues map[string]any) *arangoQueryBuilder { + var arangoQueryBuilder *arangoQueryBuilder + if vulnSpec != nil { + arangoQueryBuilder = newForQuery(vulnTypesStr, "vType") + if vulnSpec.Type != nil { + arangoQueryBuilder.filter("vType", "type", "==", "@vulnType") + queryValues["vulnType"] = strings.ToLower(*vulnSpec.Type) + } + arangoQueryBuilder.forOutBound(vulnHasVulnerabilityIDStr, "vVulnID", "vType") + if vulnSpec.VulnerabilityID != nil { + arangoQueryBuilder.filter("vVulnID", "vulnerabilityID", "==", "@vulnerabilityID") + queryValues["vulnerabilityID"] = strings.ToLower(*vulnSpec.VulnerabilityID) + } + } else { + arangoQueryBuilder = newForQuery(vulnTypesStr, "vType") + arangoQueryBuilder.forOutBound(vulnHasVulnerabilityIDStr, "vVulnID", "vType") + } + return arangoQueryBuilder +} + +func guacVulnId(vuln model.VulnerabilityInputSpec) vulnIds { + ids := vulnIds{} + ids.TypeId = strings.ToLower(vuln.Type) + ids.VulnerabilityID = fmt.Sprintf("%s::%s", ids.TypeId, strings.ToLower(vuln.VulnerabilityID)) + return ids +} + +func getVulnQueryValues(vuln *model.VulnerabilityInputSpec) map[string]any { + values := map[string]any{} + // add guac keys + guacIds := guacVulnId(*vuln) + values["guacVulnKey"] = guacIds.VulnerabilityID + values["vulnerabilityID"] = strings.ToLower(vuln.VulnerabilityID) + values["vulnType"] = strings.ToLower(vuln.Type) + + return values +} + +func (c *arangoClient) IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) { + var listOfValues []map[string]any + + for i := range vulns { + listOfValues = append(listOfValues, getVulnQueryValues(vulns[i])) + } + + var documents []string + for _, val := range listOfValues { + bs, _ := json.Marshal(val) + documents = append(documents, string(bs)) + } + + queryValues := map[string]any{} + queryValues["documents"] = fmt.Sprint(strings.Join(documents, ",")) + + var sb strings.Builder + + sb.WriteString("for doc in [") + for i, val := range listOfValues { + bs, _ := json.Marshal(val) + if i == len(listOfValues)-1 { + sb.WriteString(string(bs)) + } else { + sb.WriteString(string(bs) + ",") + } + } + sb.WriteString("]") + + query := ` + LET type = FIRST( + UPSERT { type: doc.vulnType } + INSERT { type: doc.vulnType } + UPDATE {} + IN vulnTypes OPTIONS { indexHint: "byVulnType" } + RETURN NEW + ) + + LET vuln = FIRST( + UPSERT { vulnerabilityID: doc.vulnerabilityID, _parent: type._id , guacKey: doc.guacVulnKey} + INSERT { vulnerabilityID: doc.vulnerabilityID, _parent: type._id , guacKey: doc.guacVulnKey} + UPDATE {} + IN vulnerabilities OPTIONS { indexHint: "byVulnGuacKey" } + RETURN NEW + ) + + LET vulnHasVulnerabilityIDCollection = ( + INSERT { _key: CONCAT("vulnHasVulnerabilityID", type._key, vuln._key), _from: type._id, _to: vuln._id } INTO vulnHasVulnerabilityID OPTIONS { overwriteMode: "ignore" } + ) + + RETURN { + "type_id": type._id, + "type": type.type, + "vuln_id": vuln._id, + "vuln": vuln.vulnerabilityID + }` + + sb.WriteString(query) + + cursor, err := executeQueryWithRetry(ctx, c.db, sb.String(), nil, "IngestVulnerabilities") + if err != nil { + return nil, fmt.Errorf("failed to ingest source: %w", err) + } + + return getVulnerabilities(ctx, cursor) +} + +func (c *arangoClient) IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) { + query := ` + LET type = FIRST( + UPSERT { type: @vulnType } + INSERT { type: @vulnType } + UPDATE {} + IN vulnTypes OPTIONS { indexHint: "byVulnType" } + RETURN NEW + ) + + LET vuln = FIRST( + UPSERT { vulnerabilityID: @vulnerabilityID, _parent: type._id , guacKey: @guacVulnKey} + INSERT { vulnerabilityID: @vulnerabilityID, _parent: type._id , guacKey: @guacVulnKey} + UPDATE {} + IN vulnerabilities OPTIONS { indexHint: "byVulnGuacKey" } + RETURN NEW + ) + + LET vulnHasVulnerabilityIDCollection = ( + INSERT { _key: CONCAT("vulnHasVulnerabilityID", type._key, vuln._key), _from: type._id, _to: vuln._id } INTO vulnHasVulnerabilityID OPTIONS { overwriteMode: "ignore" } + ) + + RETURN { + "type_id": type._id, + "type": type.type, + "vuln_id": vuln._id, + "vuln": vuln.vulnerabilityID + }` + + cursor, err := executeQueryWithRetry(ctx, c.db, query, getVulnQueryValues(&vuln), "IngestVulnerability") + if err != nil { + return nil, fmt.Errorf("failed to ingest cve: %w", err) + } + defer cursor.Close() + + createdVulns, err := getVulnerabilities(ctx, cursor) + if err != nil { + return nil, fmt.Errorf("failed to get vulnerabilities from arango cursor: %w", err) + } + if len(createdVulns) == 1 { + return createdVulns[0], nil + } else { + return nil, fmt.Errorf("number of vulnerabilities ingested is greater than one") + } +} + +func getVulnerabilities(ctx context.Context, cursor driver.Cursor) ([]*model.Vulnerability, error) { + vulnTypes := map[string][]*model.VulnerabilityID{} + var doc dbVulnID + for { + _, err := cursor.ReadDocument(ctx, &doc) + if err != nil { + if driver.IsNoMoreDocuments(err) { + break + } else { + return nil, fmt.Errorf("failed to get vulnerabilities from cursor: %w", err) + } + } else { + typeString := doc.VulnType + "," + doc.TypeID + vulnID := &model.VulnerabilityID{ + ID: doc.VulnID, + VulnerabilityID: doc.Vuln, + } + if _, ok := vulnTypes[typeString]; ok { + vulnTypes[typeString] = append(vulnTypes[typeString], vulnID) + } else { + var vulnIDs []*model.VulnerabilityID + vulnIDs = append(vulnIDs, vulnID) + vulnTypes[typeString] = vulnIDs + } + } + } + var vulnerabilities []*model.Vulnerability + for vulnType, vulnIDs := range vulnTypes { + typeValues := strings.Split(vulnType, ",") + vuln := &model.Vulnerability{ + ID: typeValues[1], + Type: typeValues[0], + VulnerabilityIDs: vulnIDs, + } + vulnerabilities = append(vulnerabilities, vuln) + } + return vulnerabilities, nil +} diff --git a/pkg/assembler/backends/backends.go b/pkg/assembler/backends/backends.go index b0603cd7bd..f52e1f12d2 100644 --- a/pkg/assembler/backends/backends.go +++ b/pkg/assembler/backends/backends.go @@ -28,9 +28,7 @@ type Backend interface { // Retrieval read-only queries for software trees Artifacts(ctx context.Context, artifactSpec *model.ArtifactSpec) ([]*model.Artifact, error) Builders(ctx context.Context, builderSpec *model.BuilderSpec) ([]*model.Builder, error) - Cve(ctx context.Context, cveSpec *model.CVESpec) ([]*model.Cve, error) - Ghsa(ctx context.Context, ghsaSpec *model.GHSASpec) ([]*model.Ghsa, error) - Osv(ctx context.Context, osvSpec *model.OSVSpec) ([]*model.Osv, error) + Vulnerabilities(ctx context.Context, vulnSpec *model.VulnerabilitySpec) ([]*model.Vulnerability, error) Packages(ctx context.Context, pkgSpec *model.PkgSpec) ([]*model.Package, error) Sources(ctx context.Context, sourceSpec *model.SourceSpec) ([]*model.Source, error) @@ -45,7 +43,7 @@ type Backend interface { HashEqual(ctx context.Context, hashEqualSpec *model.HashEqualSpec) ([]*model.HashEqual, error) IsDependency(ctx context.Context, isDependencySpec *model.IsDependencySpec) ([]*model.IsDependency, error) IsOccurrence(ctx context.Context, isOccurrenceSpec *model.IsOccurrenceSpec) ([]*model.IsOccurrence, error) - IsVulnerability(ctx context.Context, isVulnerabilitySpec *model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) + VulnEqual(ctx context.Context, vulnEqualSpec *model.VulnEqualSpec) ([]*model.VulnEqual, error) PkgEqual(ctx context.Context, pkgEqualSpec *model.PkgEqualSpec) ([]*model.PkgEqual, error) Scorecards(ctx context.Context, certifyScorecardSpec *model.CertifyScorecardSpec) ([]*model.CertifyScorecard, error) HasMetadata(ctx context.Context, hasMetadataSpec *model.HasMetadataSpec) ([]*model.HasMetadata, error) @@ -56,12 +54,8 @@ type Backend interface { IngestArtifacts(ctx context.Context, artifacts []*model.ArtifactInputSpec) ([]*model.Artifact, error) IngestBuilder(ctx context.Context, builder *model.BuilderInputSpec) (*model.Builder, error) IngestBuilders(ctx context.Context, builders []*model.BuilderInputSpec) ([]*model.Builder, error) - IngestCve(ctx context.Context, cve *model.CVEInputSpec) (*model.Cve, error) - IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) - IngestGhsa(ctx context.Context, ghsa *model.GHSAInputSpec) (*model.Ghsa, error) - IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) - IngestOsv(ctx context.Context, osv *model.OSVInputSpec) (*model.Osv, error) - IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) + IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) + IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) IngestPackage(ctx context.Context, pkg model.PkgInputSpec) (*model.Package, error) IngestPackages(ctx context.Context, pkgs []*model.PkgInputSpec) ([]*model.Package, error) IngestSource(ctx context.Context, source model.SourceInputSpec) (*model.Source, error) @@ -81,14 +75,14 @@ type Backend interface { IngestHasSourceAt(ctx context.Context, pkg model.PkgInputSpec, pkgMatchType model.MatchFlags, source model.SourceInputSpec, hasSourceAt model.HasSourceAtInputSpec) (*model.HasSourceAt, error) IngestHashEqual(ctx context.Context, artifact model.ArtifactInputSpec, equalArtifact model.ArtifactInputSpec, hashEqual model.HashEqualInputSpec) (*model.HashEqual, error) IngestHashEquals(ctx context.Context, artifacts []*model.ArtifactInputSpec, otherArtifacts []*model.ArtifactInputSpec, hashEquals []*model.HashEqualInputSpec) ([]*model.HashEqual, error) - IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) + IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) IngestOccurrence(ctx context.Context, subject model.PackageOrSourceInput, artifact model.ArtifactInputSpec, occurrence model.IsOccurrenceInputSpec) (*model.IsOccurrence, error) IngestOccurrences(ctx context.Context, subjects model.PackageOrSourceInputs, artifacts []*model.ArtifactInputSpec, occurrences []*model.IsOccurrenceInputSpec) ([]*model.IsOccurrence, error) IngestPkgEqual(ctx context.Context, pkg model.PkgInputSpec, depPkg model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) (*model.PkgEqual, error) IngestSLSA(ctx context.Context, subject model.ArtifactInputSpec, builtFrom []*model.ArtifactInputSpec, builtBy model.BuilderInputSpec, slsa model.SLSAInputSpec) (*model.HasSlsa, error) IngestSLSAs(ctx context.Context, subjects []*model.ArtifactInputSpec, builtFromList [][]*model.ArtifactInputSpec, builtByList []*model.BuilderInputSpec, slsaList []*model.SLSAInputSpec) ([]*model.HasSlsa, error) - IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) - IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) + IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) + IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) IngestHasMetadata(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType *model.MatchFlags, hasMetadata model.HasMetadataInputSpec) (*model.HasMetadata, error) IngestPointOfContact(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType *model.MatchFlags, pointOfContact model.PointOfContactInputSpec) (*model.PointOfContact, error) diff --git a/pkg/assembler/backends/helper/conversion.go b/pkg/assembler/backends/helper/conversion.go index 84f2afec8d..03b6f499ef 100644 --- a/pkg/assembler/backends/helper/conversion.go +++ b/pkg/assembler/backends/helper/conversion.go @@ -16,8 +16,6 @@ package helper import ( - "strings" - "github.com/guacsec/guac/pkg/assembler/graphql/model" ) @@ -80,34 +78,6 @@ func ConvertSrcInputSpecToSrcSpec(srcInput *model.SourceInputSpec) *model.Source return &srcSpec } -// TODO: maybe use generics for OSVInputSpec and OSVSpec? -func ConvertOsvInputSpecToOsvSpec(osvInput *model.OSVInputSpec) *model.OSVSpec { - osvID := strings.ToLower(osvInput.OsvID) - osvSpec := model.OSVSpec{ - OsvID: &osvID, - } - return &osvSpec -} - -// TODO: maybe use generics for GHSAInputSpec and GHSASpec? -func ConvertGhsaInputSpecToGhsaSpec(ghsaInput *model.GHSAInputSpec) *model.GHSASpec { - ghsaID := strings.ToLower(ghsaInput.GhsaID) - ghsaSpec := model.GHSASpec{ - GhsaID: &ghsaID, - } - return &ghsaSpec -} - -// TODO: maybe use generics for CVEInputSpec and CVESpec? -func ConvertCveInputSpecToCveSpec(cveInput *model.CVEInputSpec) *model.CVESpec { - cveID := strings.ToLower(cveInput.CveID) - cveSpec := model.CVESpec{ - Year: &cveInput.Year, - CveID: &cveID, - } - return &cveSpec -} - // TODO: maybe use generics for ArtifactInputSpec and ArtifactSpec? func ConvertArtInputSpecToArtSpec(artInput *model.ArtifactInputSpec) *model.ArtifactSpec { artSpec := model.ArtifactSpec{ diff --git a/pkg/assembler/backends/helper/validation.go b/pkg/assembler/backends/helper/validation.go index 98427e7098..7fe1ce56cf 100644 --- a/pkg/assembler/backends/helper/validation.go +++ b/pkg/assembler/backends/helper/validation.go @@ -20,88 +20,6 @@ import ( "github.com/vektah/gqlparser/v2/gqlerror" ) -func ValidateVulnerabilityIngestionInput(vulnerability model.VulnerabilityInput, path string, noVulnAllowed bool) error { - vulnDefined := 0 - if vulnerability.Osv != nil { - vulnDefined = vulnDefined + 1 - } - if vulnerability.Ghsa != nil { - vulnDefined = vulnDefined + 1 - } - if vulnerability.Cve != nil { - vulnDefined = vulnDefined + 1 - } - if noVulnAllowed && vulnerability.NoVuln != nil && *vulnerability.NoVuln { - if vulnDefined != 0 { - return gqlerror.Errorf("Since NoVuln is set, no other vulnerability type is allowed for %v", path) - } - return nil - } - if vulnDefined != 1 { - return gqlerror.Errorf("Must specify at most one vulnerability (cve, osv, or ghsa) for %v", path) - } - return nil -} - -func ValidateVulnerabilityQueryFilter(vulnerability *model.VulnerabilitySpec, noVulnAllowed bool) error { - if vulnerability == nil { - return nil - } else { - vulnDefined := 0 - if vulnerability.Osv != nil { - vulnDefined = vulnDefined + 1 - } - if vulnerability.Ghsa != nil { - vulnDefined = vulnDefined + 1 - } - if vulnerability.Cve != nil { - vulnDefined = vulnDefined + 1 - } - if noVulnAllowed && vulnerability.NoVuln != nil { - if vulnDefined != 0 { - return gqlerror.Errorf("Since NoVuln is set, no other vulnerability type is allowed") - } - return nil - } - if vulnDefined != 1 { - return gqlerror.Errorf("Must specify at most one vulnerability (cve, osv, or ghsa)") - } - } - return nil -} - -func ValidateCveOrGhsaIngestionInput(cveOrGhsa model.CveOrGhsaInput, path string) error { - vulnDefined := 0 - if cveOrGhsa.Ghsa != nil { - vulnDefined = vulnDefined + 1 - } - if cveOrGhsa.Cve != nil { - vulnDefined = vulnDefined + 1 - } - if vulnDefined != 1 { - return gqlerror.Errorf("Must specify at most one vulnerability (cve, or ghsa) for %v", path) - } - return nil -} - -func ValidateCveOrGhsaQueryFilter(cveOrGhsa *model.CveOrGhsaSpec) error { - if cveOrGhsa == nil { - return nil - } else { - vulnDefined := 0 - if cveOrGhsa.Ghsa != nil { - vulnDefined = vulnDefined + 1 - } - if cveOrGhsa.Cve != nil { - vulnDefined = vulnDefined + 1 - } - if vulnDefined != 1 { - return gqlerror.Errorf("Must specify at most one vulnerability (cve, or ghsa)") - } - } - return nil -} - func ValidatePackageSourceOrArtifactQueryFilter(subject *model.PackageSourceOrArtifactSpec) error { if subject == nil { return nil diff --git a/pkg/assembler/backends/inmem/backend.go b/pkg/assembler/backends/inmem/backend.go index 290e50ac63..14554f6899 100644 --- a/pkg/assembler/backends/inmem/backend.go +++ b/pkg/assembler/backends/inmem/backend.go @@ -60,7 +60,7 @@ type node interface { type indexType map[uint32]node -var errNotFound = errors.New("Not found") +var errNotFound = errors.New("not found") // Scorecard scores are in range of 1-10, so a single step at 100 should be // plenty big @@ -75,87 +75,52 @@ type demoClient struct { id uint32 m sync.RWMutex - artifacts artMap - builders builderMap - certifyBads badList - certifyGoods goodList - pkgEquals pkgEqualList - cves cveMap - equalVulnerabilities equalVulnerabilityList - ghsas ghsaMap - hasMetadatas hasMetadataList - pointOfContacts pointOfContactList - hasSBOMs hasSBOMList - hasSLSAs hasSLSAList - hasSources hasSrcList - hashEquals hashEqualList - index indexType - isDependencies isDependencyList - occurrences isOccurrenceList - osvs osvMap - packages pkgTypeMap - scorecards scorecardList - sources srcTypeMap - vexs vexList - vulnerabilities vulnerabilityList - - // Ensures that only one noKnownVuln node is created - noKnownVulnNode noKnownVuln -} - -// This node is a singleton! -type noKnownVuln struct { - id uint32 - certifyVulnLinks []uint32 -} - -func (n *noKnownVuln) ID() uint32 { return n.id } - -func (n *noKnownVuln) Neighbors(allowedEdges edgeMap) []uint32 { - if allowedEdges[model.EdgeNoVulnCertifyVuln] { - return n.certifyVulnLinks - } - return []uint32{} -} - -func (n *noKnownVuln) BuildModelNode(c *demoClient) (model.Node, error) { - return &model.NoVuln{ID: nodeID(n.id)}, nil -} - -func (n *noKnownVuln) setVulnerabilityLinks(id uint32) { - n.certifyVulnLinks = append(n.certifyVulnLinks, id) + artifacts artMap + builders builderMap + certifyBads badList + certifyGoods goodList + pkgEquals pkgEqualList + vulnerabilities vulnTypeMap + vulnerabilityEquals vulnerabilityEqualList + hasMetadatas hasMetadataList + pointOfContacts pointOfContactList + hasSBOMs hasSBOMList + hasSLSAs hasSLSAList + hasSources hasSrcList + hashEquals hashEqualList + index indexType + isDependencies isDependencyList + occurrences isOccurrenceList + packages pkgTypeMap + scorecards scorecardList + sources srcTypeMap + vexs vexList + certifyVulnerabilities certifyVulnerabilityList } func GetBackend(args backends.BackendArgs) (backends.Backend, error) { client := &demoClient{ - artifacts: artMap{}, - builders: builderMap{}, - certifyBads: badList{}, - certifyGoods: goodList{}, - pkgEquals: pkgEqualList{}, - cves: cveMap{}, - equalVulnerabilities: equalVulnerabilityList{}, - ghsas: ghsaMap{}, - hasSBOMs: hasSBOMList{}, - hasSLSAs: hasSLSAList{}, - hasSources: hasSrcList{}, - hashEquals: hashEqualList{}, - index: indexType{}, - isDependencies: isDependencyList{}, - occurrences: isOccurrenceList{}, - osvs: osvMap{}, - packages: pkgTypeMap{}, - scorecards: scorecardList{}, - sources: srcTypeMap{}, - vexs: vexList{}, - vulnerabilities: vulnerabilityList{}, - noKnownVulnNode: noKnownVuln{}, + artifacts: artMap{}, + builders: builderMap{}, + certifyBads: badList{}, + certifyGoods: goodList{}, + pkgEquals: pkgEqualList{}, + vulnerabilities: vulnTypeMap{}, + vulnerabilityEquals: vulnerabilityEqualList{}, + hasSBOMs: hasSBOMList{}, + hasSLSAs: hasSLSAList{}, + hasSources: hasSrcList{}, + hashEquals: hashEqualList{}, + index: indexType{}, + isDependencies: isDependencyList{}, + occurrences: isOccurrenceList{}, + packages: pkgTypeMap{}, + scorecards: scorecardList{}, + sources: srcTypeMap{}, + vexs: vexList{}, + certifyVulnerabilities: certifyVulnerabilityList{}, } - // Build the special noKnownVuln node and link it everywhere - client.noKnownVulnNode.id = client.getNextID() - client.index[client.noKnownVulnNode.id] = &client.noKnownVulnNode - return client, nil } @@ -241,12 +206,3 @@ func unlock(m *sync.RWMutex, readOnly bool) { m.Unlock() } } - -func (c *demoClient) buildNoVulnResponse() (*model.NoVuln, error) { - if c.noKnownVulnNode.id == 0 { - return nil, fmt.Errorf("noKnownVulnNode has not been initialized") - } - return &model.NoVuln{ - ID: nodeID(c.noKnownVulnNode.id), - }, nil -} diff --git a/pkg/assembler/backends/inmem/certifyBad_test.go b/pkg/assembler/backends/inmem/certifyBad_test.go index 07171d48fb..8ffe32a2b7 100644 --- a/pkg/assembler/backends/inmem/certifyBad_test.go +++ b/pkg/assembler/backends/inmem/certifyBad_test.go @@ -454,7 +454,7 @@ func TestCertifyBad(t *testing.T) { }, }, Query: &model.CertifyBadSpec{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, ExpCB: []*model.CertifyBad{ { @@ -905,8 +905,8 @@ func TestCertifyBadNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "6"}, // pkg version - "6": []string{"2"}, // certify bad + "4": []string{"1", "5"}, // pkg version + "5": []string{"1"}, // certify bad }, }, { @@ -944,17 +944,17 @@ func TestCertifyBadNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"2"}, - "3": []string{"2", "2"}, - "4": []string{"2", "2", "10"}, // pkg name - "5": []string{"2"}, // pkg version - "6": []string{"6"}, - "7": []string{"6", "6"}, - "8": []string{"6", "11"}, // src name - "9": []string{"12"}, // art - "10": []string{"2"}, // cb 1 -> pkg name - "11": []string{"6"}, // cb 2 -> src name - "12": []string{"9"}, // cb 3 -> art + "1": []string{"1"}, + "2": []string{"1", "1"}, + "3": []string{"1", "1", "9"}, // pkg name + "4": []string{"1"}, // pkg version + "5": []string{"5"}, + "6": []string{"5", "5"}, + "7": []string{"5", "10"}, // src name + "8": []string{"11"}, // art + "9": []string{"1"}, // cb 1 -> pkg name + "10": []string{"5"}, // cb 2 -> src name + "11": []string{"8"}, // cb 3 -> art }, }, } diff --git a/pkg/assembler/backends/inmem/certifyGood_test.go b/pkg/assembler/backends/inmem/certifyGood_test.go index 883d8304e1..ef8e7ed11a 100644 --- a/pkg/assembler/backends/inmem/certifyGood_test.go +++ b/pkg/assembler/backends/inmem/certifyGood_test.go @@ -454,7 +454,7 @@ func TestCertifyGood(t *testing.T) { }, }, Query: &model.CertifyGoodSpec{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, ExpCG: []*model.CertifyGood{ { @@ -905,8 +905,8 @@ func TestCertifyGoodNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "6"}, // pkg version - "6": []string{"2"}, // certify good + "4": []string{"1", "5"}, // pkg version + "5": []string{"1"}, // certify good }, }, { @@ -944,17 +944,17 @@ func TestCertifyGoodNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"2"}, - "3": []string{"2", "2"}, - "4": []string{"2", "2", "10"}, // pkg name - "5": []string{"2"}, // pkg version - "6": []string{"6"}, - "7": []string{"6", "6"}, - "8": []string{"6", "11"}, // src name - "9": []string{"12"}, // art - "10": []string{"2"}, // cb 1 -> pkg name - "11": []string{"6"}, // cb 2 -> src name - "12": []string{"9"}, // cb 3 -> art + "1": []string{"1"}, + "2": []string{"1", "1"}, + "3": []string{"1", "1", "9"}, // pkg name + "4": []string{"1"}, // pkg version + "5": []string{"5"}, + "6": []string{"5", "5"}, + "7": []string{"5", "10"}, // src name + "8": []string{"11"}, // art + "9": []string{"1"}, // cb 1 -> pkg name + "10": []string{"5"}, // cb 2 -> src name + "11": []string{"8"}, // cb 3 -> art }, }, } diff --git a/pkg/assembler/backends/inmem/certifyScorecard_test.go b/pkg/assembler/backends/inmem/certifyScorecard_test.go index 223ef09a0f..17a78f8849 100644 --- a/pkg/assembler/backends/inmem/certifyScorecard_test.go +++ b/pkg/assembler/backends/inmem/certifyScorecard_test.go @@ -353,7 +353,7 @@ func TestCertifyScorecard(t *testing.T) { }, }, Query: &model.CertifyScorecardSpec{ - ID: ptrfrom.String("5"), + ID: ptrfrom.String("4"), }, ExpSC: []*model.CertifyScorecard{ { @@ -646,8 +646,8 @@ func TestCertifyScorecardNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "4": []string{"2", "5"}, // src name - "5": []string{"2"}, // SC + "3": []string{"1", "4"}, // src name + "4": []string{"1"}, // SC }, }, { @@ -675,11 +675,11 @@ func TestCertifyScorecardNeighbors(t *testing.T) { }, ExpNeighbors: map[string][]string{ // test sources are all type git, id:2 - "4": []string{"2", "7"}, // src name 1 -> src namespace, SC1 - "6": []string{"2", "8", "9"}, // src name 2 -> src namespace, SC2, SC3 - "7": []string{"2"}, // SC 1 - "8": []string{"2"}, // SC 2 - "9": []string{"2"}, // SC 3 + "3": []string{"1", "6"}, // src name 1 -> src namespace, SC1 + "5": []string{"1", "7", "8"}, // src name 2 -> src namespace, SC2, SC3 + "6": []string{"1"}, // SC 1 + "7": []string{"1"}, // SC 2 + "8": []string{"1"}, // SC 3 }, }, } diff --git a/pkg/assembler/backends/inmem/certifyVEXStatement.go b/pkg/assembler/backends/inmem/certifyVEXStatement.go index a8949783f3..91dfb083de 100644 --- a/pkg/assembler/backends/inmem/certifyVEXStatement.go +++ b/pkg/assembler/backends/inmem/certifyVEXStatement.go @@ -30,19 +30,17 @@ import ( // Internal data: link between a package or an artifact with its corresponding vulnerability VEX statement type vexList []*vexLink type vexLink struct { - id uint32 - packageID uint32 - artifactID uint32 - cveID uint32 - ghsaID uint32 - osvID uint32 - knownSince time.Time - status model.VexStatus - statement string - statusNotes string - justification model.VexJustification - origin string - collector string + id uint32 + packageID uint32 + artifactID uint32 + vulnerabilityID uint32 + knownSince time.Time + status model.VexStatus + statement string + statusNotes string + justification model.VexJustification + origin string + collector string } func (n *vexLink) ID() uint32 { return n.id } @@ -55,14 +53,8 @@ func (n *vexLink) Neighbors(allowedEdges edgeMap) []uint32 { if n.artifactID != 0 && allowedEdges[model.EdgeCertifyVexStatementArtifact] { out = append(out, n.artifactID) } - if n.cveID != 0 && allowedEdges[model.EdgeCertifyVexStatementCve] { - out = append(out, n.cveID) - } - if n.ghsaID != 0 && allowedEdges[model.EdgeCertifyVexStatementGhsa] { - out = append(out, n.ghsaID) - } - if n.osvID != 0 && allowedEdges[model.EdgeCertifyVexStatementOsv] { - out = append(out, n.osvID) + if n.vulnerabilityID != 0 && allowedEdges[model.EdgeCertifyVexStatementVulnerability] { + out = append(out, n.vulnerabilityID) } return out } @@ -73,18 +65,15 @@ func (n *vexLink) BuildModelNode(c *demoClient) (model.Node, error) { // Ingest CertifyVex -func (c *demoClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { +func (c *demoClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { return c.ingestVEXStatement(ctx, subject, vulnerability, vexStatement, true) } -func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec, readOnly bool) (*model.CertifyVEXStatement, error) { +func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec, readOnly bool) (*model.CertifyVEXStatement, error) { funcName := "IngestVEXStatement" if err := helper.ValidatePackageOrArtifactInput(&subject, "IngestVEXStatement"); err != nil { return nil, gqlerror.Errorf("%v :: %s", funcName, err) } - if err := helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVEXStatement", false); err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } err := validateVexInputBasedOnStatus(vexStatement.Status, vexStatement.VexJustification, vexStatement.Statement) if err != nil { @@ -123,47 +112,16 @@ func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.Packa subjectVexLinks = foundArtStrct.vexLinks } - var osvID uint32 - var foundOsvNode *osvNode - var cveID uint32 - var foundCveNode *cveNode - var ghsaID uint32 - var foundGhsaNode *ghsaNode var vulnerabilityVexLinks []uint32 - if vulnerability.Osv != nil { - var err error - osvID, err = getOsvIDFromInput(c, *vulnerability.Osv) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundOsvNode, err = byID[*osvNode](osvID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityVexLinks = foundOsvNode.vexLinks - } else if vulnerability.Cve != nil { - var err error - cveID, err = getCveIDFromInput(c, *vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundCveNode, err = byID[*cveNode](cveID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityVexLinks = foundCveNode.vexLinks - } else { - var err error - ghsaID, err = getGhsaIDFromInput(c, *vulnerability.Ghsa) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundGhsaNode, err = byID[*ghsaNode](ghsaID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityVexLinks = foundGhsaNode.vexLinks + vulnID, err := getVulnerabilityIDFromInput(c, vulnerability) + if err != nil { + return nil, gqlerror.Errorf("%v :: %s", funcName, err) } + foundVulnNode, err := byID[*vulnIDNode](vulnID, c) + if err != nil { + return nil, gqlerror.Errorf("%v :: %s", funcName, err) + } + vulnerabilityVexLinks = foundVulnNode.vexLinks var searchIDs []uint32 if len(subjectVexLinks) < len(vulnerabilityVexLinks) { @@ -182,13 +140,7 @@ func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.Packa } vulnMatch := false subjectMatch := false - if osvID != 0 && osvID == v.osvID { - vulnMatch = true - } - if cveID != 0 && cveID == v.cveID { - vulnMatch = true - } - if ghsaID != 0 && ghsaID == v.ghsaID { + if vulnID != 0 && vulnID == v.vulnerabilityID { vulnMatch = true } if packageID != 0 && packageID == v.packageID { @@ -215,19 +167,17 @@ func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.Packa } // store the link collectedCertifyVexLink = vexLink{ - id: c.getNextID(), - packageID: packageID, - artifactID: artifactID, - cveID: cveID, - ghsaID: ghsaID, - osvID: osvID, - knownSince: vexStatement.KnownSince.UTC(), - status: vexStatement.Status, - justification: vexStatement.VexJustification, - statement: vexStatement.Statement, - statusNotes: vexStatement.StatusNotes, - origin: vexStatement.Origin, - collector: vexStatement.Collector, + id: c.getNextID(), + packageID: packageID, + artifactID: artifactID, + vulnerabilityID: vulnID, + knownSince: vexStatement.KnownSince.UTC(), + status: vexStatement.Status, + justification: vexStatement.VexJustification, + statement: vexStatement.Statement, + statusNotes: vexStatement.StatusNotes, + origin: vexStatement.Origin, + collector: vexStatement.Collector, } c.index[collectedCertifyVexLink.id] = &collectedCertifyVexLink c.vexs = append(c.vexs, &collectedCertifyVexLink) @@ -238,14 +188,8 @@ func (c *demoClient) ingestVEXStatement(ctx context.Context, subject model.Packa if artifactID != 0 { foundArtStrct.setVexLinks(collectedCertifyVexLink.id) } - if osvID != 0 { - foundOsvNode.setVexLinks(collectedCertifyVexLink.id) - } - if cveID != 0 { - foundCveNode.setVexLinks(collectedCertifyVexLink.id) - } - if ghsaID != 0 { - foundGhsaNode.setVexLinks(collectedCertifyVexLink.id) + if vulnID != 0 { + foundVulnNode.setVexLinks(collectedCertifyVexLink.id) } } @@ -267,9 +211,6 @@ func (c *demoClient) CertifyVEXStatement(ctx context.Context, filter *model.Cert if err := helper.ValidatePackageOrArtifactQueryFilter(filter.Subject); err != nil { return nil, err } - if err := helper.ValidateVulnerabilityQueryFilter(filter.Vulnerability, false); err != nil { - return nil, err - } } if filter != nil && filter.ID != nil { @@ -314,33 +255,13 @@ func (c *demoClient) CertifyVEXStatement(ctx context.Context, filter *model.Cert foundOne = true } } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Osv != nil { - exactOSV, err := c.exactOSV(filter.Vulnerability.Osv) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactOSV != nil { - search = append(search, exactOSV.vexLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Cve != nil { - exactCVE, err := c.exactCVE(filter.Vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactCVE != nil { - search = append(search, exactCVE.vexLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Ghsa != nil { - exactGHSA, err := c.exactGHSA(filter.Vulnerability.Ghsa) + if !foundOne && filter != nil && filter.Vulnerability != nil { + exactVuln, err := c.exactVulnerability(filter.Vulnerability) if err != nil { return nil, gqlerror.Errorf("%v :: %v", funcName, err) } - if exactGHSA != nil { - search = append(search, exactGHSA.vexLinks...) + if exactVuln != nil { + search = append(search, exactVuln.vexLinks...) foundOne = true } } @@ -409,9 +330,7 @@ func (c *demoClient) addVexIfMatch(out []*model.CertifyVEXStatement, func (c *demoClient) buildCertifyVEXStatement(link *vexLink, filter *model.CertifyVEXStatementSpec, ingestOrIDProvided bool) (*model.CertifyVEXStatement, error) { var p *model.Package var a *model.Artifact - var osv *model.Osv - var cve *model.Cve - var ghsa *model.Ghsa + var vuln *model.Vulnerability var err error if filter != nil && filter.Subject != nil { if filter.Subject.Package != nil && link.packageID != 0 { @@ -442,39 +361,15 @@ func (c *demoClient) buildCertifyVEXStatement(link *vexLink, filter *model.Certi } if filter != nil && filter.Vulnerability != nil { - if filter.Vulnerability.Osv != nil && link.osvID != 0 { - osv, err = c.buildOsvResponse(link.osvID, filter.Vulnerability.Osv) - if err != nil { - return nil, err - } - } - if filter.Vulnerability.Cve != nil && link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, filter.Vulnerability.Cve) - if err != nil { - return nil, err - } - } - if filter.Vulnerability.Ghsa != nil && link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, filter.Vulnerability.Ghsa) + if filter.Vulnerability != nil && link.vulnerabilityID != 0 { + vuln, err = c.buildVulnResponse(link.vulnerabilityID, filter.Vulnerability) if err != nil { return nil, err } } } else { - if link.osvID != 0 { - osv, err = c.buildOsvResponse(link.osvID, nil) - if err != nil { - return nil, err - } - } - if link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, nil) - if err != nil { - return nil, err - } - } - if link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, nil) + if link.vulnerabilityID != 0 { + vuln, err = c.buildVulnResponse(link.vulnerabilityID, nil) if err != nil { return nil, err } @@ -499,30 +394,12 @@ func (c *demoClient) buildCertifyVEXStatement(link *vexLink, filter *model.Certi subj = a } - var vuln model.Vulnerability - if link.osvID != 0 { - if osv == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve osv via osvID") - } else if osv == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = osv - } - if link.cveID != 0 { - if cve == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve cve via cveID") - } else if cve == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = cve - } - if link.ghsaID != 0 { - if ghsa == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve ghsa via ghsaID") - } else if ghsa == nil && !ingestOrIDProvided { + if link.vulnerabilityID != 0 { + if vuln == nil && ingestOrIDProvided { + return nil, gqlerror.Errorf("failed to retrieve vuln via vulnID") + } else if vuln == nil && !ingestOrIDProvided { return nil, nil } - vuln = ghsa } certifyVuln := model.CertifyVEXStatement{ diff --git a/pkg/assembler/backends/inmem/certifyVEXStatement_test.go b/pkg/assembler/backends/inmem/certifyVEXStatement_test.go index adb6042a85..f34b4e25df 100644 --- a/pkg/assembler/backends/inmem/certifyVEXStatement_test.go +++ b/pkg/assembler/backends/inmem/certifyVEXStatement_test.go @@ -32,16 +32,14 @@ func TestVEX(t *testing.T) { testTime := time.Unix(1e9+5, 0) type call struct { Sub model.PackageOrArtifactInput - Vuln model.VulnerabilityInput + Vuln *model.VulnerabilityInputSpec In *model.VexStatementInputSpec } tests := []struct { Name string InPkg []*model.PkgInputSpec InArt []*model.ArtifactInputSpec - InOsv []*model.OSVInputSpec - InCve []*model.CVEInputSpec - InGhsa []*model.GHSAInputSpec + InVuln []*model.VulnerabilityInputSpec Calls []call Query *model.CertifyVEXStatementSpec ExpVEX []*model.CertifyVEXStatement @@ -49,17 +47,15 @@ func TestVEX(t *testing.T) { ExpQueryErr bool }{ { - Name: "HappyPath", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "HappyPath", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -70,38 +66,37 @@ func TestVEX(t *testing.T) { VexJustification: (*model.VexJustification)(ptrfrom.String("test justification")), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Ingest same twice", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Ingest same twice", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -112,38 +107,37 @@ func TestVEX(t *testing.T) { VexJustification: (*model.VexJustification)(ptrfrom.String("test justification")), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query on Justification", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on Justification", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification 2", KnownSince: time.Unix(1e9, 0), @@ -154,51 +148,48 @@ func TestVEX(t *testing.T) { VexJustification: (*model.VexJustification)(ptrfrom.String("test justification 2")), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification 2", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query on Package", - InPkg: []*model.PkgInputSpec{p1, p2}, - InArt: []*model.ArtifactInputSpec{a1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on Package", + InPkg: []*model.PkgInputSpec{p1, p2}, + InArt: []*model.ArtifactInputSpec{a1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p2, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Artifact: a1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -213,51 +204,48 @@ func TestVEX(t *testing.T) { }, }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query on Artifact", - InPkg: []*model.PkgInputSpec{p1}, - InArt: []*model.ArtifactInputSpec{a1, a2}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on Artifact", + InPkg: []*model.PkgInputSpec{p1}, + InArt: []*model.ArtifactInputSpec{a1, a2}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Artifact: a1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Artifact: a2, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -272,51 +260,111 @@ func TestVEX(t *testing.T) { }, }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: a1out, - Vulnerability: o1out, + { + Subject: a1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query on Vuln", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1, o2}, - InCve: []*model.CVEInputSpec{c1}, + Name: "Query on Vuln", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2, c1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, + Vuln: o1, + In: &model.VexStatementInputSpec{ + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, + { + Sub: model.PackageOrArtifactInput{ + Package: p1, }, + Vuln: o2, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o2, + Vuln: c1, + In: &model.VexStatementInputSpec{ + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, + }, + Query: &model.CertifyVEXStatementSpec{ + Vulnerability: &model.VulnerabilitySpec{ + Type: ptrfrom.String("osv"), + VulnerabilityID: ptrfrom.String("cve-2014-8140"), + }, + }, + ExpVEX: []*model.CertifyVEXStatement{ + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, }, + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, + }, + { + Name: "Query on noVuln", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2, c1, noVulnInput}, + Calls: []call{ + { + Sub: model.PackageOrArtifactInput{ + Package: p1, + }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { + Sub: model.PackageOrArtifactInput{ + Package: p1, + }, + Vuln: o2, + In: &model.VexStatementInputSpec{ + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Cve: c1, + Vuln: c1, + In: &model.VexStatementInputSpec{ + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, + { + Sub: model.PackageOrArtifactInput{ + Package: p1, }, + Vuln: noVulnInput, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -325,45 +373,42 @@ func TestVEX(t *testing.T) { }, Query: &model.CertifyVEXStatementSpec{ Vulnerability: &model.VulnerabilitySpec{ - Osv: &model.OSVSpec{ - OsvID: ptrfrom.String("CVE-2014-8140"), - }, + Type: ptrfrom.String("noVuln"), }, }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query on Status", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on Status", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{c1, o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: c1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), Status: "status one", }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -375,9 +420,12 @@ func TestVEX(t *testing.T) { Status: (*model.VexStatus)(ptrfrom.String("status one")), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), Status: "status one", @@ -385,30 +433,26 @@ func TestVEX(t *testing.T) { }, }, { - Name: "Query on Statement", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on Statement", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), Statement: "statement one", }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -420,9 +464,12 @@ func TestVEX(t *testing.T) { Statement: ptrfrom.String("statement two"), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), Statement: "statement two", @@ -430,29 +477,25 @@ func TestVEX(t *testing.T) { }, }, { - Name: "Query on KnownSince", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query on KnownSince", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: testTime, @@ -463,38 +506,37 @@ func TestVEX(t *testing.T) { KnownSince: &testTime, }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: testTime, }, }, }, { - Name: "Query on ID", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1, o2}, + Name: "Query on ID", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o2, - }, + Vuln: o2, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -505,51 +547,47 @@ func TestVEX(t *testing.T) { ID: ptrfrom.String("8"), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Query None", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1, o2}, - InCve: []*model.CVEInputSpec{c1}, + Name: "Query None", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2, c1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o2, - }, + Vuln: o2, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Cve: c1, - }, + Vuln: c1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -558,50 +596,41 @@ func TestVEX(t *testing.T) { }, Query: &model.CertifyVEXStatementSpec{ Vulnerability: &model.VulnerabilitySpec{ - Osv: &model.OSVSpec{ - OsvID: ptrfrom.String("asdf"), - }, + VulnerabilityID: ptrfrom.String("asdf"), }, }, ExpVEX: nil, }, { - Name: "Query multiple", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1, o2}, - InCve: []*model.CVEInputSpec{c1}, + Name: "Query multiple", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2, c1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o2, - }, + Vuln: o2, In: &model.VexStatementInputSpec{ VexJustification: "test justification two", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Cve: c1, - }, + Vuln: c1, In: &model.VexStatementInputSpec{ VexJustification: "test justification two", KnownSince: time.Unix(1e9, 0), @@ -612,50 +641,68 @@ func TestVEX(t *testing.T) { VexJustification: (*model.VexJustification)(ptrfrom.String("test justification two")), }, ExpVEX: []*model.CertifyVEXStatement{ - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: o2out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o2out}, + }, VexJustification: "test justification two", KnownSince: time.Unix(1e9, 0), }, - &model.CertifyVEXStatement{ - Subject: p1out, - Vulnerability: c1out, + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, VexJustification: "test justification two", KnownSince: time.Unix(1e9, 0), }, }, }, { - Name: "Ingest noVuln", - InPkg: []*model.PkgInputSpec{p1}, + Name: "Ingest noVuln", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{noVulnInput}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - NoVuln: ptrfrom.Bool(true), - }, + Vuln: noVulnInput, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, }, - ExpIngestErr: true, + Query: &model.CertifyVEXStatementSpec{ + Vulnerability: &model.VulnerabilitySpec{ + Type: ptrfrom.String("noVuln"), + }, + }, + ExpVEX: []*model.CertifyVEXStatement{ + { + Subject: p1out, + Vulnerability: &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, + VexJustification: "test justification", + KnownSince: time.Unix(1e9, 0), + }, + }, }, { - Name: "Ingest without sub", - InOsv: []*model.OSVInputSpec{o1}, + Name: "Ingest without sub", + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -668,13 +715,11 @@ func TestVEX(t *testing.T) { Name: "Ingest without vuln", InPkg: []*model.PkgInputSpec{p1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -684,19 +729,17 @@ func TestVEX(t *testing.T) { ExpIngestErr: true, }, { - Name: "Ingest double sub", - InPkg: []*model.PkgInputSpec{p1}, - InArt: []*model.ArtifactInputSpec{a1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Ingest double sub", + InPkg: []*model.PkgInputSpec{p1}, + InArt: []*model.ArtifactInputSpec{a1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, Artifact: a1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -706,39 +749,15 @@ func TestVEX(t *testing.T) { ExpIngestErr: true, }, { - Name: "Ingest double vuln", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, + Name: "Query double sub", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - Cve: c1, - }, - In: &model.VexStatementInputSpec{ - VexJustification: "test justification", - KnownSince: time.Unix(1e9, 0), - }, - }, - }, - ExpIngestErr: true, - }, - { - Name: "Query double sub", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, - Calls: []call{ - call{ - Sub: model.PackageOrArtifactInput{ - Package: p1, - }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -758,72 +777,15 @@ func TestVEX(t *testing.T) { ExpQueryErr: true, }, { - Name: "Query double vuln", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, - Calls: []call{ - call{ - Sub: model.PackageOrArtifactInput{ - Package: p1, - }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, - In: &model.VexStatementInputSpec{ - VexJustification: "test justification", - KnownSince: time.Unix(1e9, 0), - }, - }, - }, - Query: &model.CertifyVEXStatementSpec{ - Vulnerability: &model.VulnerabilitySpec{ - Osv: &model.OSVSpec{ - OsvID: ptrfrom.String("asdf"), - }, - Cve: &model.CVESpec{ - CveID: ptrfrom.String("asdf"), - }, - }, - }, - ExpQueryErr: true, - }, - { - Name: "Query no vuln", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "Query bad id", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, - In: &model.VexStatementInputSpec{ - VexJustification: "test justification", - KnownSince: time.Unix(1e9, 0), - }, - }, - }, - Query: &model.CertifyVEXStatementSpec{ - Vulnerability: &model.VulnerabilitySpec{ - NoVuln: ptrfrom.Bool(true), - }, - }, - ExpQueryErr: true, - }, - { - Name: "Query bad id", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, - Calls: []call{ - call{ - Sub: model.PackageOrArtifactInput{ - Package: p1, - }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -856,23 +818,13 @@ func TestVEX(t *testing.T) { t.Fatalf("Could not ingest artifact: %a", err) } } - for _, o := range test.InOsv { - if _, err := b.IngestOsv(ctx, o); err != nil { - t.Fatalf("Could not ingest osv: %v", err) - } - } - for _, c := range test.InCve { - if _, err := b.IngestCve(ctx, c); err != nil { - t.Fatalf("Could not ingest cve: %v", err) - } - } - for _, g := range test.InGhsa { - if _, err := b.IngestGhsa(ctx, g); err != nil { - t.Fatalf("Could not ingest ghsa: %a", err) + for _, v := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *v); err != nil { + t.Fatalf("Could not ingest vulnerability: %v", err) } } for _, o := range test.Calls { - _, err := b.IngestVEXStatement(ctx, o.Sub, o.Vuln, *o.In) + _, err := b.IngestVEXStatement(ctx, o.Sub, *o.Vuln, *o.In) if (err != nil) != test.ExpIngestErr { t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) } @@ -897,31 +849,27 @@ func TestVEX(t *testing.T) { func TestVEXNeighbors(t *testing.T) { type call struct { Sub model.PackageOrArtifactInput - Vuln model.VulnerabilityInput + Vuln *model.VulnerabilityInputSpec In *model.VexStatementInputSpec } tests := []struct { Name string InPkg []*model.PkgInputSpec InArt []*model.ArtifactInputSpec - InOsv []*model.OSVInputSpec - InCve []*model.CVEInputSpec - InGhsa []*model.GHSAInputSpec + InVuln []*model.VulnerabilityInputSpec Calls []call ExpNeighbors map[string][]string }{ { - Name: "HappyPath", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1}, + Name: "HappyPath", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, Calls: []call{ call{ Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -929,35 +877,31 @@ func TestVEXNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "7"}, // pkg version -> pkg name, vex - "6": []string{"7"}, // Vuln -> vex - "7": []string{"2", "6"}, // Vex -> pkg version, vuln + "4": []string{"1", "7"}, // pkg version -> pkg name, vex + "6": []string{"5", "7"}, // vuln -> vuln type, vex + "7": []string{"1", "5"}, // Vex -> pkg version, vuln }, }, { - Name: "Two vex on same package", - InPkg: []*model.PkgInputSpec{p1}, - InOsv: []*model.OSVInputSpec{o1, o2}, + Name: "Two vex on same package", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2}, Calls: []call{ - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o1, - }, + Vuln: o1, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), }, }, - call{ + { Sub: model.PackageOrArtifactInput{ Package: p1, }, - Vuln: model.VulnerabilityInput{ - Osv: o2, - }, + Vuln: o2, In: &model.VexStatementInputSpec{ VexJustification: "test justification", KnownSince: time.Unix(1e9, 0), @@ -965,11 +909,11 @@ func TestVEXNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "8", "9"}, // pkg version -> pkg name, vex1, vex2 - "6": []string{"8"}, // Vuln1 -> vex1 - "7": []string{"9"}, // Vuln2 -> vex2 - "8": []string{"2", "6"}, // Vex1 -> pkg version, vuln1 - "9": []string{"2", "7"}, // Vex2 -> pkg version, vuln2 + "4": []string{"1", "8", "9"}, // pkg version -> pkg name, vex1, vex2 + "6": []string{"5", "8"}, // Vuln1 -> vulnType, vex1 + "7": []string{"5", "9"}, // Vuln2 -> vulnType, vex2 + "8": []string{"1", "5"}, // Vex1 -> pkg version, vuln1 + "9": []string{"1", "5"}, // Vex2 -> pkg version, vuln2 }, }, } @@ -990,23 +934,13 @@ func TestVEXNeighbors(t *testing.T) { t.Fatalf("Could not ingest artifact: %a", err) } } - for _, o := range test.InOsv { - if _, err := b.IngestOsv(ctx, o); err != nil { - t.Fatalf("Could not ingest osv: %v", err) - } - } - for _, c := range test.InCve { - if _, err := b.IngestCve(ctx, c); err != nil { - t.Fatalf("Could not ingest cve: %v", err) - } - } - for _, g := range test.InGhsa { - if _, err := b.IngestGhsa(ctx, g); err != nil { - t.Fatalf("Could not ingest ghsa: %a", err) + for _, v := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *v); err != nil { + t.Fatalf("Could not ingest vulnerability: %v", err) } } for _, o := range test.Calls { - if _, err := b.IngestVEXStatement(ctx, o.Sub, o.Vuln, *o.In); err != nil { + if _, err := b.IngestVEXStatement(ctx, o.Sub, *o.Vuln, *o.In); err != nil { t.Fatalf("Could not ingest VEXStatement") } } diff --git a/pkg/assembler/backends/inmem/certifyVuln.go b/pkg/assembler/backends/inmem/certifyVuln.go index 3314b82827..68049600a1 100644 --- a/pkg/assembler/backends/inmem/certifyVuln.go +++ b/pkg/assembler/backends/inmem/certifyVuln.go @@ -23,65 +23,48 @@ import ( "github.com/vektah/gqlparser/v2/gqlerror" - "github.com/guacsec/guac/pkg/assembler/backends/helper" "github.com/guacsec/guac/pkg/assembler/graphql/model" ) // Internal data: link between packages and vulnerabilities (certifyVulnerability) -type vulnerabilityList []*vulnerabilityLink -type vulnerabilityLink struct { - id uint32 - packageID uint32 - osvID uint32 - cveID uint32 - ghsaID uint32 - noKnownVulnID uint32 - timeScanned time.Time - dbURI string - dbVersion string - scannerURI string - scannerVersion string - origin string - collector string +type certifyVulnerabilityList []*certifyVulnerabilityLink +type certifyVulnerabilityLink struct { + id uint32 + packageID uint32 + vulnerabilityID uint32 + timeScanned time.Time + dbURI string + dbVersion string + scannerURI string + scannerVersion string + origin string + collector string } -func (n *vulnerabilityLink) ID() uint32 { return n.id } +func (n *certifyVulnerabilityLink) ID() uint32 { return n.id } -func (n *vulnerabilityLink) Neighbors(allowedEdges edgeMap) []uint32 { +func (n *certifyVulnerabilityLink) Neighbors(allowedEdges edgeMap) []uint32 { out := make([]uint32, 0, 2) if allowedEdges[model.EdgeCertifyVulnPackage] { out = append(out, n.packageID) } - if n.osvID != 0 && allowedEdges[model.EdgeCertifyVulnOsv] { - out = append(out, n.osvID) - } - if n.cveID != 0 && allowedEdges[model.EdgeCertifyVulnCve] { - out = append(out, n.cveID) - } - if n.ghsaID != 0 && allowedEdges[model.EdgeCertifyVulnGhsa] { - out = append(out, n.ghsaID) - } - if n.noKnownVulnID != 0 && allowedEdges[model.EdgeCertifyVulnNoVuln] { - out = append(out, n.noKnownVulnID) + if n.vulnerabilityID != 0 && allowedEdges[model.EdgeCertifyVulnVulnerability] { + out = append(out, n.vulnerabilityID) } return out } -func (n *vulnerabilityLink) BuildModelNode(c *demoClient) (model.Node, error) { +func (n *certifyVulnerabilityLink) BuildModelNode(c *demoClient) (model.Node, error) { return c.buildCertifyVulnerability(n, nil, true) } // Ingest CertifyVuln -func (c *demoClient) IngestVulnerability(ctx context.Context, packageArg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) { - return c.ingestVulnerability(ctx, packageArg, vulnerability, certifyVuln, true) +func (c *demoClient) IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) { + return c.ingestVulnerability(ctx, pkg, vulnerability, certifyVuln, true) } -func (c *demoClient) ingestVulnerability(ctx context.Context, packageArg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput, readOnly bool) (*model.CertifyVuln, error) { +func (c *demoClient) ingestVulnerability(ctx context.Context, packageArg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput, readOnly bool) (*model.CertifyVuln, error) { funcName := "IngestVulnerability" - if err := helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVulnerability", true); err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - lock(&c.m, readOnly) defer unlock(&c.m, readOnly) @@ -95,48 +78,17 @@ func (c *demoClient) ingestVulnerability(ctx context.Context, packageArg model.P } packageVulns := foundPackage.certifyVulnLinks - var osvID uint32 - var foundOsvNode *osvNode - var cveID uint32 - var foundCveNode *cveNode - var ghsaID uint32 - var foundGhsaNode *ghsaNode - var noKnownVulnID uint32 var vulnerabilityLinks []uint32 - if vulnerability.Osv != nil { - osvID, err = getOsvIDFromInput(c, *vulnerability.Osv) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundOsvNode, err = byID[*osvNode](osvID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityLinks = foundOsvNode.certifyVulnLinks - } else if vulnerability.Cve != nil { - cveID, err = getCveIDFromInput(c, *vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundCveNode, err = byID[*cveNode](cveID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityLinks = foundCveNode.certifyVulnLinks - } else if vulnerability.Ghsa != nil { - ghsaID, err = getGhsaIDFromInput(c, *vulnerability.Ghsa) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundGhsaNode, err = byID[*ghsaNode](ghsaID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityLinks = foundGhsaNode.certifyVulnLinks - } else { - noKnownVulnID = c.noKnownVulnNode.id - vulnerabilityLinks = c.noKnownVulnNode.certifyVulnLinks + + vulnID, err := getVulnerabilityIDFromInput(c, vulnerability) + if err != nil { + return nil, gqlerror.Errorf("%v :: %s", funcName, err) } + foundVulnNode, err := byID[*vulnIDNode](vulnID, c) + if err != nil { + return nil, gqlerror.Errorf("%v :: %s", funcName, err) + } + vulnerabilityLinks = foundVulnNode.certifyVulnLinks var searchIDs []uint32 if len(packageVulns) < len(vulnerabilityLinks) { @@ -147,23 +99,14 @@ func (c *demoClient) ingestVulnerability(ctx context.Context, packageArg model.P // Don't insert duplicates duplicate := false - collectedCertifyVulnLink := vulnerabilityLink{} + collectedCertifyVulnLink := certifyVulnerabilityLink{} for _, id := range searchIDs { - v, err := byID[*vulnerabilityLink](id, c) + v, err := byID[*certifyVulnerabilityLink](id, c) if err != nil { return nil, gqlerror.Errorf("%v :: %s", funcName, err) } vulnMatch := false - if osvID != 0 && osvID == v.osvID { - vulnMatch = true - } - if cveID != 0 && cveID == v.cveID { - vulnMatch = true - } - if ghsaID != 0 && ghsaID == v.ghsaID { - vulnMatch = true - } - if noKnownVulnID != 0 && noKnownVulnID == v.noKnownVulnID { + if vulnID != 0 && vulnID == v.vulnerabilityID { vulnMatch = true } if vulnMatch && packageID == v.packageID && certifyVuln.TimeScanned.Equal(v.timeScanned) && certifyVuln.DbURI == v.dbURI && @@ -184,36 +127,24 @@ func (c *demoClient) ingestVulnerability(ctx context.Context, packageArg model.P return cv, err } // store the link - collectedCertifyVulnLink = vulnerabilityLink{ - id: c.getNextID(), - packageID: packageID, - osvID: osvID, - cveID: cveID, - ghsaID: ghsaID, - noKnownVulnID: noKnownVulnID, - timeScanned: certifyVuln.TimeScanned, - dbURI: certifyVuln.DbURI, - dbVersion: certifyVuln.DbVersion, - scannerURI: certifyVuln.ScannerURI, - scannerVersion: certifyVuln.ScannerVersion, - origin: certifyVuln.Origin, - collector: certifyVuln.Collector, + collectedCertifyVulnLink = certifyVulnerabilityLink{ + id: c.getNextID(), + packageID: packageID, + vulnerabilityID: vulnID, + timeScanned: certifyVuln.TimeScanned, + dbURI: certifyVuln.DbURI, + dbVersion: certifyVuln.DbVersion, + scannerURI: certifyVuln.ScannerURI, + scannerVersion: certifyVuln.ScannerVersion, + origin: certifyVuln.Origin, + collector: certifyVuln.Collector, } c.index[collectedCertifyVulnLink.id] = &collectedCertifyVulnLink - c.vulnerabilities = append(c.vulnerabilities, &collectedCertifyVulnLink) + c.certifyVulnerabilities = append(c.certifyVulnerabilities, &collectedCertifyVulnLink) // set the backlinks foundPackage.setVulnerabilityLinks(collectedCertifyVulnLink.id) - if osvID != 0 { - foundOsvNode.setVulnerabilityLinks(collectedCertifyVulnLink.id) - } - if cveID != 0 { - foundCveNode.setVulnerabilityLinks(collectedCertifyVulnLink.id) - } - if ghsaID != 0 { - foundGhsaNode.setVulnerabilityLinks(collectedCertifyVulnLink.id) - } - if noKnownVulnID != 0 { - c.noKnownVulnNode.setVulnerabilityLinks(collectedCertifyVulnLink.id) + if vulnID != 0 { + foundVulnNode.setVulnerabilityLinks(collectedCertifyVulnLink.id) } } @@ -231,19 +162,13 @@ func (c *demoClient) CertifyVuln(ctx context.Context, filter *model.CertifyVulnS defer c.m.RUnlock() funcName := "CertifyVuln" - if filter != nil { - if err := helper.ValidateVulnerabilityQueryFilter(filter.Vulnerability, true); err != nil { - return nil, err - } - } - if filter != nil && filter.ID != nil { id64, err := strconv.ParseUint(*filter.ID, 10, 32) if err != nil { return nil, gqlerror.Errorf("%v :: invalid ID %s", funcName, err) } id := uint32(id64) - link, err := byID[*vulnerabilityLink](id, c) + link, err := byID[*certifyVulnerabilityLink](id, c) if err != nil { // Not found return nil, nil @@ -268,46 +193,21 @@ func (c *demoClient) CertifyVuln(ctx context.Context, filter *model.CertifyVulnS foundOne = true } } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Osv != nil { - exactOSV, err := c.exactOSV(filter.Vulnerability.Osv) + if !foundOne && filter != nil && filter.Vulnerability != nil { + exactVuln, err := c.exactVulnerability(filter.Vulnerability) if err != nil { return nil, gqlerror.Errorf("%v :: %v", funcName, err) } - if exactOSV != nil { - search = append(search, exactOSV.certifyVulnLinks...) + if exactVuln != nil { + search = append(search, exactVuln.certifyVulnLinks...) foundOne = true } } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Cve != nil { - exactCVE, err := c.exactCVE(filter.Vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactCVE != nil { - search = append(search, exactCVE.certifyVulnLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Ghsa != nil { - exactGHSA, err := c.exactGHSA(filter.Vulnerability.Ghsa) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactGHSA != nil { - search = append(search, exactGHSA.certifyVulnLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && - filter.Vulnerability.NoVuln != nil && *filter.Vulnerability.NoVuln { - search = append(search, c.noKnownVulnNode.certifyVulnLinks...) - foundOne = true - } var out []*model.CertifyVuln if foundOne { for _, id := range search { - link, err := byID[*vulnerabilityLink](id, c) + link, err := byID[*certifyVulnerabilityLink](id, c) if err != nil { return nil, gqlerror.Errorf("%v :: %v", funcName, err) } @@ -317,7 +217,7 @@ func (c *demoClient) CertifyVuln(ctx context.Context, filter *model.CertifyVulnS } } } else { - for _, link := range c.vulnerabilities { + for _, link := range c.certifyVulnerabilities { var err error out, err = c.addCVIfMatch(out, filter, link) if err != nil { @@ -331,7 +231,7 @@ func (c *demoClient) CertifyVuln(ctx context.Context, filter *model.CertifyVulnS func (c *demoClient) addCVIfMatch(out []*model.CertifyVuln, filter *model.CertifyVulnSpec, - link *vulnerabilityLink) ([]*model.CertifyVuln, error) { + link *certifyVulnerabilityLink) ([]*model.CertifyVuln, error) { if filter != nil && filter.TimeScanned != nil && !filter.TimeScanned.Equal(link.timeScanned) { return out, nil } @@ -364,12 +264,9 @@ func (c *demoClient) addCVIfMatch(out []*model.CertifyVuln, return append(out, foundCertifyVuln), nil } -func (c *demoClient) buildCertifyVulnerability(link *vulnerabilityLink, filter *model.CertifyVulnSpec, ingestOrIDProvided bool) (*model.CertifyVuln, error) { +func (c *demoClient) buildCertifyVulnerability(link *certifyVulnerabilityLink, filter *model.CertifyVulnSpec, ingestOrIDProvided bool) (*model.CertifyVuln, error) { var p *model.Package - var osv *model.Osv - var cve *model.Cve - var ghsa *model.Ghsa - var noVuln *model.NoVuln + var vuln *model.Vulnerability var err error if filter != nil { p, err = c.buildPackageResponse(link.packageID, filter.Package) @@ -383,61 +280,22 @@ func (c *demoClient) buildCertifyVulnerability(link *vulnerabilityLink, filter * } } - if filter != nil && filter.Vulnerability != nil && filter.Vulnerability.NoVuln == nil { - if filter.Vulnerability.Osv != nil && link.osvID != 0 { - osv, err = c.buildOsvResponse(link.osvID, filter.Vulnerability.Osv) - if err != nil { - return nil, err - } - } - if filter.Vulnerability.Cve != nil && link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, filter.Vulnerability.Cve) - if err != nil { - return nil, err - } - } - if filter.Vulnerability.Ghsa != nil && link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, filter.Vulnerability.Ghsa) + if filter != nil && filter.Vulnerability != nil { + if filter.Vulnerability != nil && link.vulnerabilityID != 0 { + vuln, err = c.buildVulnResponse(link.vulnerabilityID, filter.Vulnerability) if err != nil { return nil, err } } - if filter.Vulnerability.NoVuln != nil && link.noKnownVulnID != 0 { - noVuln, err = c.buildNoVulnResponse() + } else { + if link.vulnerabilityID != 0 { + vuln, err = c.buildVulnResponse(link.vulnerabilityID, nil) if err != nil { return nil, err } } - } else { - if checkNoVulnFilter(filter, false) { - if link.osvID != 0 { - osv, err = c.buildOsvResponse(link.osvID, nil) - if err != nil { - return nil, err - } - } - if link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, nil) - if err != nil { - return nil, err - } - } - if link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, nil) - if err != nil { - return nil, err - } - } - } - if checkNoVulnFilter(filter, true) { - if link.noKnownVulnID != 0 { - noVuln, err = c.buildNoVulnResponse() - if err != nil { - return nil, err - } - } - } } + // if package not found during ingestion or if ID is provided in filter, send error. On query do not send error to continue search if p == nil && ingestOrIDProvided { return nil, gqlerror.Errorf("failed to retrieve package via packageID") @@ -445,36 +303,15 @@ func (c *demoClient) buildCertifyVulnerability(link *vulnerabilityLink, filter * return nil, nil } - var vuln model.Vulnerability - if link.osvID != 0 { - if osv == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve osv via osvID") - } else if osv == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = osv - } - if link.cveID != 0 { - if cve == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve cve via cveID") - } else if cve == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = cve - } - if link.ghsaID != 0 { - if ghsa == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve ghsa via ghsaID") - } else if ghsa == nil && !ingestOrIDProvided { + if link.vulnerabilityID != 0 { + if vuln == nil && ingestOrIDProvided { + return nil, gqlerror.Errorf("failed to retrieve vuln via vulnID") + } else if vuln == nil && !ingestOrIDProvided { return nil, nil } - vuln = ghsa - } - if link.noKnownVulnID != 0 { - vuln = noVuln } - metadata := &model.VulnerabilityMetaData{ + metadata := &model.ScanMetadata{ TimeScanned: link.timeScanned, DbURI: link.dbURI, DbVersion: link.dbVersion, @@ -492,12 +329,3 @@ func (c *demoClient) buildCertifyVulnerability(link *vulnerabilityLink, filter * } return &certifyVuln, nil } - -// Checks if the given filter satisfies the condition for NoVuln in the CertifyVulnSpec. -// It returns true if any of the following conditions are met: -// 1. The filter is nil. -// 2. The filter.Vulnerability is nil. -// 3. The value of filter.Vulnerability.NoVuln matches the expected value. -func checkNoVulnFilter(filter *model.CertifyVulnSpec, expected bool) bool { - return filter == nil || filter.Vulnerability == nil || *filter.Vulnerability.NoVuln == expected -} diff --git a/pkg/assembler/backends/inmem/certifyVuln_test.go b/pkg/assembler/backends/inmem/certifyVuln_test.go new file mode 100644 index 0000000000..f45dc0f5af --- /dev/null +++ b/pkg/assembler/backends/inmem/certifyVuln_test.go @@ -0,0 +1,553 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inmem_test + +import ( + "context" + "strconv" + "strings" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/guacsec/guac/internal/testing/ptrfrom" + "github.com/guacsec/guac/pkg/assembler/backends/inmem" + "github.com/guacsec/guac/pkg/assembler/graphql/model" + "golang.org/x/exp/slices" +) + +var t1, _ = time.Parse(time.RFC3339, "2023-01-01T00:00:00Z") + +var vmd1 = &model.ScanMetadata{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, +} + +func TestIngestCertifyVulnerability(t *testing.T) { + type call struct { + Pkg *model.PkgInputSpec + Vuln *model.VulnerabilityInputSpec + CertifyVuln *model.ScanMetadataInput + } + + tests := []struct { + InPkg []*model.PkgInputSpec + Name string + InVuln []*model.VulnerabilityInputSpec + Calls []call + ExpVuln []*model.CertifyVuln + Query *model.CertifyVulnSpec + ExpIngestErr bool + ExpQueryErr bool + }{ + { + Name: "HappyPath", + InVuln: []*model.VulnerabilityInputSpec{c1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: c1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Collector: ptrfrom.String("test collector"), + }, + ExpVuln: []*model.CertifyVuln{ + { + ID: "1", + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Certify NoVuln", + InVuln: []*model.VulnerabilityInputSpec{noVulnInput}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: noVulnInput, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Collector: ptrfrom.String("test collector"), + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Certify OSV", + InVuln: []*model.VulnerabilityInputSpec{o1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: o1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Collector: ptrfrom.String("test collector"), + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Certify GHSA", + InVuln: []*model.VulnerabilityInputSpec{g1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: g1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Collector: ptrfrom.String("test collector"), + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Query on GHSA", + InVuln: []*model.VulnerabilityInputSpec{g1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: g1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Vulnerability: &model.VulnerabilitySpec{ + VulnerabilityID: &g1.VulnerabilityID, + }, + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Query ID", + InVuln: []*model.VulnerabilityInputSpec{g1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: g1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + ID: ptrfrom.String("7"), + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Query on Package", + InVuln: []*model.VulnerabilityInputSpec{g1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: g1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Package: &model.PkgSpec{ + Name: ptrfrom.String(p2.Name), + }, + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g1out}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Query none", + InVuln: []*model.VulnerabilityInputSpec{g1}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: g1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Vulnerability: &model.VulnerabilitySpec{ + VulnerabilityID: ptrfrom.String("asdf"), + }, + }, + ExpVuln: nil, + }, + { + Name: "Query No Vuln", + InVuln: []*model.VulnerabilityInputSpec{noVulnInput}, + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: noVulnInput, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + Query: &model.CertifyVulnSpec{ + Vulnerability: &model.VulnerabilitySpec{ + Type: ptrfrom.String("noVuln"), + }, + }, + ExpVuln: []*model.CertifyVuln{ + { + Package: p2out, + Vulnerability: &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, + Metadata: vmd1, + }, + }, + }, + { + Name: "Ingest without vuln", + InPkg: []*model.PkgInputSpec{p2}, + Calls: []call{ + { + Pkg: p2, + Vuln: &model.VulnerabilityInputSpec{}, + CertifyVuln: &model.ScanMetadataInput{}, + }, + }, + Query: &model.CertifyVulnSpec{}, + ExpIngestErr: true, + }, + { + Name: "Ingest missing pkg", + InPkg: []*model.PkgInputSpec{}, + Calls: []call{ + { + Pkg: p2, + Vuln: &model.VulnerabilityInputSpec{}, + CertifyVuln: &model.ScanMetadataInput{}, + }, + }, + Query: &model.CertifyVulnSpec{}, + ExpIngestErr: true, + }, + } + ignoreID := cmp.FilterPath(func(p cmp.Path) bool { + return strings.Compare(".ID", p[len(p)-1].String()) == 0 + }, cmp.Ignore()) + ctx := context.Background() + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + for _, g := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *g); err != nil { + t.Fatalf("Could not ingest vulnerability: %a", err) + } + } + if _, err := b.IngestPackages(ctx, test.InPkg); err != nil { + t.Fatalf("Could not ingest packages: %v", err) + } + + ids := make([]string, len(test.Calls)) + for i, o := range test.Calls { + record, err := b.IngestCertifyVuln(ctx, *o.Pkg, *o.Vuln, *o.CertifyVuln) + if (err != nil) != test.ExpIngestErr { + t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) + } + if err != nil { + return + } + ids[i] = record.ID + } + if test.Query != nil { + if test.Query.ID != nil { + idIndex, err := strconv.Atoi(*test.Query.ID) + if err == nil && idIndex > -1 && idIndex < len(ids) { + test.Query.ID = ptrfrom.String(ids[idIndex]) + } + } + } + + got, err := b.CertifyVuln(ctx, test.Query) + if (err != nil) != test.ExpQueryErr { + t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) + } + if err != nil { + return + } + if diff := cmp.Diff(test.ExpVuln, got, ignoreID); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + }) + } +} + +func TestCertifyVulnNeighbors(t *testing.T) { + type call struct { + Pkg *model.PkgInputSpec + Vuln *model.VulnerabilityInputSpec + CertifyVuln *model.ScanMetadataInput + } + tests := []struct { + Name string + InPkg []*model.PkgInputSpec + InVuln []*model.VulnerabilityInputSpec + Calls []call + ExpNeighbors map[string][]string + }{ + { + Name: "HappyPath", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1}, + Calls: []call{ + call{ + Pkg: p1, + Vuln: o1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + ExpNeighbors: map[string][]string{ + "4": []string{"1", "7"}, // pkg version -> pkg name, vex + "6": []string{"5", "7"}, // Vuln -> vex + "7": []string{"1", "5"}, // Vex -> pkg version, vuln + }, + }, + { + Name: "Two vex on same package", + InPkg: []*model.PkgInputSpec{p1}, + InVuln: []*model.VulnerabilityInputSpec{o1, o2}, + Calls: []call{ + call{ + Pkg: p1, + Vuln: o1, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + call{ + Pkg: p1, + Vuln: o2, + CertifyVuln: &model.ScanMetadataInput{ + Collector: "test collector", + Origin: "test origin", + ScannerVersion: "v1.0.0", + ScannerURI: "test scanner uri", + DbVersion: "2023.01.01", + DbURI: "test db uri", + TimeScanned: t1, + }, + }, + }, + ExpNeighbors: map[string][]string{ + "4": []string{"1", "8", "9"}, // pkg version -> pkg name, certVuln1, certVuln2 + "6": []string{"5", "8"}, // Vuln1 -> vunType, certVuln1 + "7": []string{"5", "9"}, // Vuln2 -> vunType, certVuln2 + "8": []string{"1", "5"}, // certVuln1 -> pkg version, vuln1 + "9": []string{"1", "5"}, // certVuln2 -> pkg version, vuln2 + }, + }, + } + ctx := context.Background() + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + for _, p := range test.InPkg { + if _, err := b.IngestPackage(ctx, *p); err != nil { + t.Fatalf("Could not ingest package: %v", err) + } + } + for _, o := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *o); err != nil { + t.Fatalf("Could not ingest osv: %v", err) + } + } + for _, o := range test.Calls { + if _, err := b.IngestCertifyVuln(ctx, *o.Pkg, *o.Vuln, *o.CertifyVuln); err != nil { + t.Fatalf("Could not ingest certifyVuln") + } + } + for q, r := range test.ExpNeighbors { + got, err := b.Neighbors(ctx, q, nil) + if err != nil { + t.Fatalf("Could not query neighbors: %s", err) + } + gotIDs := convNodes(got) + slices.Sort(r) + slices.Sort(gotIDs) + if diff := cmp.Diff(r, gotIDs); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + } + }) + } +} diff --git a/pkg/assembler/backends/inmem/cve.go b/pkg/assembler/backends/inmem/cve.go deleted file mode 100644 index 1bac89ebda..0000000000 --- a/pkg/assembler/backends/inmem/cve.go +++ /dev/null @@ -1,254 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem - -import ( - "context" - "errors" - "fmt" - "strconv" - "strings" - - "github.com/vektah/gqlparser/v2/gqlerror" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// func registerAllCVE(client *demoClient) { -// ctx := context.Background() - -// inputs := []model.CVEInputSpec{{ -// Year: 2019, -// CveID: "CVE-2019-13110", -// }, { -// Year: 2014, -// CveID: "CVE-2014-8139", -// }, { -// Year: 2014, -// CveID: "CVE-2014-8140", -// }, { -// Year: 2022, -// CveID: "CVE-2022-26499", -// }, { -// Year: 2014, -// CveID: "CVE-2014-8140", -// }} -// for _, input := range inputs { -// _, err := client.IngestCve(ctx, &input) -// if err != nil { -// log.Printf("Error in ingesting: %v\n", err) -// } -// } -// } - -// Internal data: csv -type cveMap map[string]*cveNode -type cveNode struct { - id uint32 - year int - cveID string - certifyVulnLinks []uint32 - equalVulnLinks []uint32 - vexLinks []uint32 -} - -func (n *cveNode) ID() uint32 { return n.id } - -func (n *cveNode) Neighbors(allowedEdges edgeMap) []uint32 { - out := []uint32{} - if allowedEdges[model.EdgeCveCertifyVuln] { - out = append(out, n.certifyVulnLinks...) - } - if allowedEdges[model.EdgeCveIsVulnerability] { - out = append(out, n.equalVulnLinks...) - } - if allowedEdges[model.EdgeCveCertifyVexStatement] { - out = append(out, n.vexLinks...) - } - return out -} - -func (n *cveNode) BuildModelNode(c *demoClient) (model.Node, error) { - return c.buildCveResponse(n.id, nil) -} - -// certifyVulnerability back edges -func (n *cveNode) setVulnerabilityLinks(id uint32) { - n.certifyVulnLinks = append(n.certifyVulnLinks, id) -} - -// isVulnerability back edges -func (n *cveNode) setEqualVulnLinks(id uint32) { - n.equalVulnLinks = append(n.equalVulnLinks, id) -} - -// certifyVexStatement back edges -func (n *cveNode) setVexLinks(id uint32) { - n.vexLinks = append(n.vexLinks, id) -} - -// Ingest CVE - -func (c *demoClient) IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) { - var modelCVEs []*model.Cve - for _, cve := range cves { - modelCVE, err := c.IngestCve(ctx, cve) - if err != nil { - return nil, gqlerror.Errorf("IngestCve failed with err: %v", err) - } - modelCVEs = append(modelCVEs, modelCVE) - } - return modelCVEs, nil -} - -func (c *demoClient) IngestCve(ctx context.Context, input *model.CVEInputSpec) (*model.Cve, error) { - return c.ingestCve(ctx, input, true) -} - -func (c *demoClient) ingestCve(ctx context.Context, input *model.CVEInputSpec, readOnly bool) (*model.Cve, error) { - lock(&c.m, readOnly) - defer unlock(&c.m, readOnly) - cveID := strings.ToLower(input.CveID) - - cveIDStruct, hasCveID := c.cves[cveID] - if !hasCveID { - if readOnly { - c.m.RUnlock() - cve, err := c.ingestCve(ctx, input, false) - c.m.RLock() // relock so that defer unlock does not panic - return cve, err - } - cveIDStruct = &cveNode{ - id: c.getNextID(), - cveID: cveID, - year: input.Year, - } - c.index[cveIDStruct.id] = cveIDStruct - c.cves[cveID] = cveIDStruct - } - - // build return GraphQL type - return c.buildCveResponse(cveIDStruct.id, nil) -} - -// Query CVE -func (c *demoClient) Cve(ctx context.Context, filter *model.CVESpec) ([]*model.Cve, error) { - c.m.RLock() - defer c.m.RUnlock() - if filter != nil && filter.ID != nil { - id, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - cve, err := c.buildCveResponse(uint32(id), filter) - if err != nil { - if errors.Is(err, errNotFound) { - // not found - return nil, nil - } - return nil, err - } - return []*model.Cve{cve}, nil - } - - var out []*model.Cve - if filter != nil && filter.CveID != nil { - foundCveNode, ok := c.cves[strings.ToLower(*filter.CveID)] - if ok { - out = append(out, &model.Cve{ - ID: nodeID(foundCveNode.id), - Year: foundCveNode.year, - CveID: foundCveNode.cveID, - }) - } - } else { - for _, cveNode := range c.cves { - if filter == nil || filter.Year == nil || *filter.Year == cveNode.year { - out = append(out, &model.Cve{ - ID: nodeID(cveNode.id), - Year: cveNode.year, - CveID: cveNode.cveID, - }) - } - } - } - return out, nil -} - -func (c *demoClient) exactCVE(filter *model.CVESpec) (*cveNode, error) { - if filter == nil { - return nil, nil - } - if filter.ID != nil { - id64, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - id := uint32(id64) - if node, ok := c.index[id]; ok { - if c, ok := node.(*cveNode); ok { - return c, nil - } - } - } - if filter.CveID != nil { - if node, ok := c.cves[strings.ToLower(*filter.CveID)]; ok { - return node, nil - } - } - return nil, nil -} - -// Builds a model.Cve to send as GraphQL response, starting from id. -// The optional filter allows restricting output (on selection operations). -func (c *demoClient) buildCveResponse(id uint32, filter *model.CVESpec) (*model.Cve, error) { - if filter != nil && filter.ID != nil { - filteredID, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - if uint32(filteredID) != id { - return nil, nil - } - } - - cve, err := byID[*cveNode](id, c) - if err != nil { - return nil, fmt.Errorf("Could not find node to build cve response, %w", err) - } - if filter != nil && - (noMatch(toLower(filter.CveID), cve.cveID) || - (filter.Year != nil && *filter.Year != cve.year)) { - return nil, nil - } - - return &model.Cve{ - ID: nodeID(cve.id), - Year: cve.year, - CveID: cve.cveID, - }, nil -} - -func getCveIDFromInput(c *demoClient, input model.CVEInputSpec) (uint32, error) { - cveID := strings.ToLower(input.CveID) - - cveIDStruct, hasCveID := c.cves[cveID] - if !hasCveID { - return 0, gqlerror.Errorf("cve id \"%s\" not found", input.CveID) - } - - return cveIDStruct.id, nil -} diff --git a/pkg/assembler/backends/inmem/cve_test.go b/pkg/assembler/backends/inmem/cve_test.go deleted file mode 100644 index f21f91392f..0000000000 --- a/pkg/assembler/backends/inmem/cve_test.go +++ /dev/null @@ -1,201 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem_test - -import ( - "context" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/guacsec/guac/internal/testing/ptrfrom" - "github.com/guacsec/guac/pkg/assembler/backends/inmem" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "golang.org/x/exp/slices" -) - -var c1 = &model.CVEInputSpec{ - Year: 2019, - CveID: "CVE-2019-13110", -} -var c1out = &model.Cve{ - Year: 2019, - CveID: "cve-2019-13110", -} - -var c2 = &model.CVEInputSpec{ - Year: 2014, - CveID: "CVE-2014-8139", -} -var c2out = &model.Cve{ - Year: 2014, - CveID: "cve-2014-8139", -} - -var c3 = &model.CVEInputSpec{ - Year: 2014, - CveID: "cVe-2014-8140", -} -var c3out = &model.Cve{ - Year: 2014, - CveID: "cve-2014-8140", -} - -func lessCve(a, b *model.Cve) bool { - return a.CveID < b.CveID -} - -func TestCVE(t *testing.T) { - tests := []struct { - Name string - Ingests []*model.CVEInputSpec - ExpIngestErr bool - Query *model.CVESpec - Exp []*model.Cve - ExpQueryErr bool - }{ - { - Name: "HappyPath", - Ingests: []*model.CVEInputSpec{c1}, - Query: &model.CVESpec{}, - Exp: []*model.Cve{c1out}, - }, - { - Name: "Multiple", - Ingests: []*model.CVEInputSpec{c1, c2}, - Query: &model.CVESpec{}, - Exp: []*model.Cve{c2out, c1out}, - }, - { - Name: "Duplicates", - Ingests: []*model.CVEInputSpec{c1, c1, c1}, - Query: &model.CVESpec{}, - Exp: []*model.Cve{c1out}, - }, - { - Name: "Query by year", - Ingests: []*model.CVEInputSpec{c1, c2, c3}, - Query: &model.CVESpec{ - Year: ptrfrom.Int(2014), - }, - Exp: []*model.Cve{c2out, c3out}, - }, - { - Name: "Query by CveID", - Ingests: []*model.CVEInputSpec{c1, c2, c3}, - Query: &model.CVESpec{ - CveID: ptrfrom.String("CVE-2014-8140"), - }, - Exp: []*model.Cve{c3out}, - }, - { - Name: "Query by ID", - Ingests: []*model.CVEInputSpec{c1}, - Query: &model.CVESpec{ - ID: ptrfrom.String("2"), - }, - Exp: []*model.Cve{c1out}, - }, - { - Name: "Query none", - Ingests: []*model.CVEInputSpec{c1, c2, c3}, - Query: &model.CVESpec{ - Year: ptrfrom.Int(2099), - }, - Exp: nil, - }, - { - Name: "Query none ID", - Ingests: []*model.CVEInputSpec{c1, c2, c3}, - Query: &model.CVESpec{ - ID: ptrfrom.String("12345"), - }, - Exp: nil, - }, - { - Name: "Query invalid ID", - Ingests: []*model.CVEInputSpec{c1, c2, c3}, - Query: &model.CVESpec{ - ID: ptrfrom.String("asdf"), - }, - ExpQueryErr: true, - }, - } - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.Name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - for _, i := range test.Ingests { - _, err := b.IngestCve(ctx, i) - if (err != nil) != test.ExpIngestErr { - t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) - } - if err != nil { - return - } - } - got, err := b.Cve(ctx, test.Query) - if (err != nil) != test.ExpQueryErr { - t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) - } - if err != nil { - return - } - slices.SortFunc(got, lessCve) - if diff := cmp.Diff(test.Exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} - -func TestIngestCVEs(t *testing.T) { - tests := []struct { - name string - ingests []*model.CVEInputSpec - exp []*model.Cve - }{{ - name: "Multiple", - ingests: []*model.CVEInputSpec{c1, c2, c3}, - exp: []*model.Cve{c1out, c2out, c3out}, - }} - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - got, err := b.IngestCVEs(ctx, test.ingests) - if err != nil { - t.Fatalf("ingest error: %v", err) - return - } - if diff := cmp.Diff(test.exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} diff --git a/pkg/assembler/backends/inmem/ghsa.go b/pkg/assembler/backends/inmem/ghsa.go deleted file mode 100644 index 3bff566034..0000000000 --- a/pkg/assembler/backends/inmem/ghsa.go +++ /dev/null @@ -1,237 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem - -import ( - "context" - "errors" - "fmt" - "strconv" - "strings" - - "github.com/vektah/gqlparser/v2/gqlerror" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// TODO: convert to unit test -// func registerAllGHSA(client *demoClient) { -// ctx := context.Background() - -// inputs := []model.GHSAInputSpec{{ -// GhsaID: "GHSA-h45f-rjvw-2rv2", -// }, { -// GhsaID: "GHSA-xrw3-wqph-3fxg", -// }, { -// GhsaID: "GHSA-8v4j-7jgf-5rg9", -// }} -// for _, input := range inputs { -// _, err := client.IngestGhsa(ctx, &input) -// if err != nil { -// log.Printf("Error in ingesting: %v\n", err) -// } -// } -// } - -// Internal data: osv -type ghsaMap map[string]*ghsaNode -type ghsaNode struct { - id uint32 - ghsaID string - certifyVulnLinks []uint32 - equalVulnLinks []uint32 - vexLinks []uint32 -} - -func (n *ghsaNode) ID() uint32 { return n.id } - -func (n *ghsaNode) Neighbors(allowedEdges edgeMap) []uint32 { - out := []uint32{} - if allowedEdges[model.EdgeGhsaCertifyVuln] { - out = append(out, n.certifyVulnLinks...) - } - if allowedEdges[model.EdgeGhsaIsVulnerability] { - out = append(out, n.equalVulnLinks...) - } - if allowedEdges[model.EdgeGhsaCertifyVexStatement] { - out = append(out, n.vexLinks...) - } - return out -} - -func (n *ghsaNode) BuildModelNode(c *demoClient) (model.Node, error) { - return c.buildGhsaResponse(n.id, nil) -} - -// certifyVulnerability back edges -func (n *ghsaNode) setVulnerabilityLinks(id uint32) { - n.certifyVulnLinks = append(n.certifyVulnLinks, id) -} - -// isVulnerability back edges -func (n *ghsaNode) setEqualVulnLinks(id uint32) { - n.equalVulnLinks = append(n.equalVulnLinks, id) -} - -// certifyVexStatement back edges -func (n *ghsaNode) setVexLinks(id uint32) { - n.vexLinks = append(n.vexLinks, id) -} - -// Ingest GHSA - -func (c *demoClient) IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) { - var modelGHSAs []*model.Ghsa - for _, ghsa := range ghsas { - modelGHSA, err := c.IngestGhsa(ctx, ghsa) - if err != nil { - return nil, gqlerror.Errorf("IngestGhsa failed with err: %v", err) - } - modelGHSAs = append(modelGHSAs, modelGHSA) - } - return modelGHSAs, nil -} - -func (c *demoClient) IngestGhsa(ctx context.Context, input *model.GHSAInputSpec) (*model.Ghsa, error) { - return c.ingestGhsa(ctx, input, true) -} - -func (c *demoClient) ingestGhsa(ctx context.Context, input *model.GHSAInputSpec, readOnly bool) (*model.Ghsa, error) { - lock(&c.m, readOnly) - defer unlock(&c.m, readOnly) - - ghsaID := strings.ToLower(input.GhsaID) - ghsaIDStruct, hasGhsaID := c.ghsas[ghsaID] - if !hasGhsaID { - if readOnly { - c.m.RUnlock() - g, err := c.ingestGhsa(ctx, input, false) - c.m.RLock() // relock so that defer unlock does not panic - return g, err - } - ghsaIDStruct = &ghsaNode{ - id: c.getNextID(), - ghsaID: ghsaID, - } - c.index[ghsaIDStruct.id] = ghsaIDStruct - c.ghsas[ghsaID] = ghsaIDStruct - } - - // build return GraphQL type - return c.buildGhsaResponse(ghsaIDStruct.id, nil) -} - -// Query GHSA -func (c *demoClient) Ghsa(ctx context.Context, filter *model.GHSASpec) ([]*model.Ghsa, error) { - c.m.RLock() - defer c.m.RUnlock() - if filter != nil && filter.ID != nil { - id, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - ghsa, err := c.buildGhsaResponse(uint32(id), filter) - if err != nil { - if errors.Is(err, errNotFound) { - // not found - return nil, nil - } - return nil, err - } - return []*model.Ghsa{ghsa}, nil - } - var out []*model.Ghsa - if filter != nil && filter.GhsaID != nil { - ghsaNode, hasGhsaIDNode := c.ghsas[strings.ToLower(*filter.GhsaID)] - if hasGhsaIDNode { - out = append(out, &model.Ghsa{ - ID: nodeID(ghsaNode.id), - GhsaID: ghsaNode.ghsaID, - }) - } - } else { - for _, ghsaNode := range c.ghsas { - out = append(out, &model.Ghsa{ - ID: nodeID(ghsaNode.id), - GhsaID: ghsaNode.ghsaID, - }) - } - } - return out, nil -} - -// Builds a model.Ghsa to send as GraphQL response, starting from id. -// The optional filter allows restricting output (on selection operations). -func (c *demoClient) buildGhsaResponse(id uint32, filter *model.GHSASpec) (*model.Ghsa, error) { - if filter != nil && filter.ID != nil { - filteredID, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - if uint32(filteredID) != id { - return nil, nil - } - } - - ghsa, err := byID[*ghsaNode](id, c) - if err != nil { - return nil, fmt.Errorf("Could not find node to build ghsa response, %w", err) - } - - if filter != nil && noMatch(toLower(filter.GhsaID), ghsa.ghsaID) { - return nil, nil - } - - return &model.Ghsa{ - ID: nodeID(ghsa.id), - GhsaID: ghsa.ghsaID, - }, nil -} - -func (c *demoClient) exactGHSA(filter *model.GHSASpec) (*ghsaNode, error) { - if filter == nil { - return nil, nil - } - if filter.ID != nil { - id64, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - id := uint32(id64) - if node, ok := c.index[id]; ok { - if g, ok := node.(*ghsaNode); ok { - return g, nil - } - } - } - if filter.GhsaID != nil { - if node, ok := c.ghsas[strings.ToLower(*filter.GhsaID)]; ok { - return node, nil - } - } - return nil, nil -} - -func getGhsaIDFromInput(c *demoClient, input model.GHSAInputSpec) (uint32, error) { - ghsaID := strings.ToLower(input.GhsaID) - - ghsaIDStruct, hasGhsaID := c.ghsas[ghsaID] - if !hasGhsaID { - return 0, gqlerror.Errorf("ghsa id \"%s\" not found", input.GhsaID) - } - - return ghsaIDStruct.id, nil -} diff --git a/pkg/assembler/backends/inmem/ghsa_test.go b/pkg/assembler/backends/inmem/ghsa_test.go deleted file mode 100644 index e837398efa..0000000000 --- a/pkg/assembler/backends/inmem/ghsa_test.go +++ /dev/null @@ -1,187 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem_test - -import ( - "context" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/guacsec/guac/internal/testing/ptrfrom" - "github.com/guacsec/guac/pkg/assembler/backends/inmem" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "golang.org/x/exp/slices" -) - -var g1 = &model.GHSAInputSpec{ - GhsaID: "GHSA-h45f-rjvw-2rv2", -} -var g1out = &model.Ghsa{ - GhsaID: "ghsa-h45f-rjvw-2rv2", -} - -var g2 = &model.GHSAInputSpec{ - GhsaID: "GHSA-xrw3-wqph-3fxg", -} -var g2out = &model.Ghsa{ - GhsaID: "ghsa-xrw3-wqph-3fxg", -} - -var g3 = &model.GHSAInputSpec{ - GhsaID: "GHSA-8v4j-7jgf-5rg9", -} -var g3out = &model.Ghsa{ - GhsaID: "ghsa-8v4j-7jgf-5rg9", -} - -func lessGhsa(a, b *model.Ghsa) bool { - return a.GhsaID < b.GhsaID -} - -func TestGHSA(t *testing.T) { - tests := []struct { - Name string - Ingests []*model.GHSAInputSpec - ExpIngestErr bool - Query *model.GHSASpec - Exp []*model.Ghsa - ExpQueryErr bool - }{ - { - Name: "HappyPath", - Ingests: []*model.GHSAInputSpec{g1}, - Query: &model.GHSASpec{}, - Exp: []*model.Ghsa{g1out}, - }, - { - Name: "Multiple", - Ingests: []*model.GHSAInputSpec{g1, g2}, - Query: &model.GHSASpec{}, - Exp: []*model.Ghsa{g1out, g2out}, - }, - { - Name: "Duplicates", - Ingests: []*model.GHSAInputSpec{g1, g1, g1}, - Query: &model.GHSASpec{}, - Exp: []*model.Ghsa{g1out}, - }, - { - Name: "Query by GHSA ID", - Ingests: []*model.GHSAInputSpec{g1, g2, g3}, - Query: &model.GHSASpec{ - GhsaID: ptrfrom.String("GHSA-8v4j-7jgf-5rg9"), - }, - Exp: []*model.Ghsa{g3out}, - }, - { - Name: "Query by ID", - Ingests: []*model.GHSAInputSpec{g1}, - Query: &model.GHSASpec{ - ID: ptrfrom.String("2"), - }, - Exp: []*model.Ghsa{g1out}, - }, - { - Name: "Query None", - Ingests: []*model.GHSAInputSpec{g1, g2, g3}, - Query: &model.GHSASpec{ - GhsaID: ptrfrom.String("asdf"), - }, - Exp: nil, - }, - { - Name: "Query none ID", - Ingests: []*model.GHSAInputSpec{g1}, - Query: &model.GHSASpec{ - ID: ptrfrom.String("123456"), - }, - Exp: nil, - }, - { - Name: "Query invalid ID", - Ingests: []*model.GHSAInputSpec{g1}, - Query: &model.GHSASpec{ - ID: ptrfrom.String("asdf"), - }, - ExpQueryErr: true, - }, - } - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.Name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - for _, i := range test.Ingests { - _, err := b.IngestGhsa(ctx, i) - if (err != nil) != test.ExpIngestErr { - t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) - } - if err != nil { - return - } - } - got, err := b.Ghsa(ctx, test.Query) - if (err != nil) != test.ExpQueryErr { - t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) - } - if err != nil { - return - } - slices.SortFunc(got, lessGhsa) - if diff := cmp.Diff(test.Exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} - -func TestIngestGHSAs(t *testing.T) { - tests := []struct { - name string - ingests []*model.GHSAInputSpec - exp []*model.Ghsa - }{{ - name: "Multiple", - ingests: []*model.GHSAInputSpec{g1, g2, g3}, - exp: []*model.Ghsa{g1out, g2out, g3out}, - }} - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - got, err := b.IngestGHSAs(ctx, test.ingests) - if err != nil { - t.Fatalf("ingest error: %v", err) - return - } - if diff := cmp.Diff(test.exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} diff --git a/pkg/assembler/backends/inmem/hasMetadata_test.go b/pkg/assembler/backends/inmem/hasMetadata_test.go index c746cead62..2f3acec7c8 100644 --- a/pkg/assembler/backends/inmem/hasMetadata_test.go +++ b/pkg/assembler/backends/inmem/hasMetadata_test.go @@ -576,7 +576,7 @@ func TestHasMetadata(t *testing.T) { }, }, Query: &model.HasMetadataSpec{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, ExpHM: []*model.HasMetadata{ { @@ -739,8 +739,8 @@ func TestHasMetadataNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": {"2", "6"}, // pkg version - "6": {"2"}, // certify good + "4": {"1", "5"}, // pkg version + "5": {"1"}, // certify good }, }, { @@ -778,17 +778,17 @@ func TestHasMetadataNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": {"2"}, - "3": {"2", "2"}, - "4": {"2", "2", "10"}, // pkg name - "5": {"2"}, // pkg version - "6": {"6"}, - "7": {"6", "6"}, - "8": {"6", "11"}, // src name - "9": {"12"}, // art - "10": {"2"}, // cb 1 -> pkg name - "11": {"6"}, // cb 2 -> src name - "12": {"9"}, // cb 3 -> art + "1": {"1"}, + "2": {"1", "1"}, + "3": {"1", "1", "9"}, // pkg name + "4": {"1"}, // pkg version + "5": {"5"}, + "6": {"5", "5"}, + "7": {"5", "10"}, // src name + "8": {"11"}, // art + "9": {"1"}, // cb 1 -> pkg name + "10": {"5"}, // cb 2 -> src name + "11": {"8"}, // cb 3 -> art }, }, } diff --git a/pkg/assembler/backends/inmem/hasSBOM_test.go b/pkg/assembler/backends/inmem/hasSBOM_test.go index 509aaddf2f..ca8d3f807e 100644 --- a/pkg/assembler/backends/inmem/hasSBOM_test.go +++ b/pkg/assembler/backends/inmem/hasSBOM_test.go @@ -399,7 +399,7 @@ func TestHasSBOM(t *testing.T) { }, }, Query: &model.HasSBOMSpec{ - ID: ptrfrom.String("7"), + ID: ptrfrom.String("6"), }, ExpHS: []*model.HasSbom{ { @@ -782,8 +782,8 @@ func TestHasSBOMNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "6"}, // pkg version - "6": []string{"2"}, // hasSBOM + "4": []string{"1", "5"}, // pkg version + "5": []string{"1"}, // hasSBOM }, }, { @@ -809,10 +809,10 @@ func TestHasSBOMNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "7"}, // pkg version -> hs1 - "6": []string{"8"}, // artifact -> hs2 - "7": []string{"2"}, // hs1 -> pkg version - "8": []string{"6"}, // hs2 -> artifact + "4": []string{"1", "6"}, // pkg version -> hs1 + "5": []string{"7"}, // artifact -> hs2 + "6": []string{"1"}, // hs1 -> pkg version + "7": []string{"5"}, // hs2 -> artifact }, }, } diff --git a/pkg/assembler/backends/inmem/hasSLSA_test.go b/pkg/assembler/backends/inmem/hasSLSA_test.go index fe2703affd..021d324509 100644 --- a/pkg/assembler/backends/inmem/hasSLSA_test.go +++ b/pkg/assembler/backends/inmem/hasSLSA_test.go @@ -361,7 +361,7 @@ func TestHasSLSA(t *testing.T) { }, }, Query: &model.HasSLSASpec{ - ID: ptrfrom.String("6"), + ID: ptrfrom.String("5"), }, ExpHS: []*model.HasSlsa{ { @@ -804,10 +804,10 @@ func TestHasSLSANeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"5"}, // a1 - "3": []string{"5"}, // a2 - "4": []string{"5"}, // b1 - "5": []string{"2", "3", "4"}, // hasSBOM + "1": []string{"4"}, // a1 + "2": []string{"4"}, // a2 + "3": []string{"4"}, // b1 + "4": []string{"1", "2", "3"}, // hasSBOM }, }, { @@ -833,13 +833,13 @@ func TestHasSLSANeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"7"}, // a1 - "3": []string{"7"}, // a2 - "4": []string{"8"}, // a3 - "5": []string{"8"}, // a4 - "6": []string{"7", "8"}, // b1 - "7": []string{"2", "3", "6"}, // hasSBOM 1 - "8": []string{"4", "5", "6"}, // hasSBOM 2 + "1": []string{"6"}, // a1 + "2": []string{"6"}, // a2 + "3": []string{"7"}, // a3 + "4": []string{"7"}, // a4 + "5": []string{"6", "7"}, // b1 + "6": []string{"1", "2", "5"}, // hasSBOM 1 + "7": []string{"3", "4", "5"}, // hasSBOM 2 }, }, } diff --git a/pkg/assembler/backends/inmem/hasSourceAt_test.go b/pkg/assembler/backends/inmem/hasSourceAt_test.go index 6a34086285..fcfac84702 100644 --- a/pkg/assembler/backends/inmem/hasSourceAt_test.go +++ b/pkg/assembler/backends/inmem/hasSourceAt_test.go @@ -389,7 +389,7 @@ func TestHasSourceAt(t *testing.T) { }, }, Query: &model.HasSourceAtSpec{ - ID: ptrfrom.String("10"), + ID: ptrfrom.String("9"), }, ExpHSA: []*model.HasSourceAt{ { @@ -569,9 +569,9 @@ func TestHasSourceAtNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "9"}, // Package Version - "8": []string{"6", "9"}, // Source Name - "9": []string{"2", "6"}, // HSA + "4": []string{"1", "8"}, // Package Version + "7": []string{"5", "8"}, // Source Name + "8": []string{"1", "5"}, // HSA }, }, { @@ -599,11 +599,11 @@ func TestHasSourceAtNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "4": []string{"2", "2", "10"}, // Package Name - "5": []string{"2", "9"}, // Package Version - "8": []string{"6", "9", "10"}, // Source Name - "9": []string{"2", "6"}, // HSA -> Version - "10": []string{"2", "6"}, // HSA -> Name + "3": []string{"1", "1", "9"}, // Package Name + "4": []string{"1", "8"}, // Package Version + "7": []string{"5", "8", "9"}, // Source Name + "8": []string{"1", "5"}, // HSA -> Version + "9": []string{"1", "5"}, // HSA -> Name }, }, } diff --git a/pkg/assembler/backends/inmem/hashEqual_test.go b/pkg/assembler/backends/inmem/hashEqual_test.go index ee64798a0c..c6c41ff0f3 100644 --- a/pkg/assembler/backends/inmem/hashEqual_test.go +++ b/pkg/assembler/backends/inmem/hashEqual_test.go @@ -139,7 +139,7 @@ func TestHashEqual(t *testing.T) { }, Query: &model.HashEqualSpec{ Artifacts: []*model.ArtifactSpec{{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }}, }, ExpHE: []*model.HashEqual{ @@ -165,7 +165,7 @@ func TestHashEqual(t *testing.T) { }, Query: &model.HashEqualSpec{ Artifacts: []*model.ArtifactSpec{{ - ID: ptrfrom.String("2"), + ID: ptrfrom.String("1"), }}, }, ExpHE: []*model.HashEqual{ @@ -252,7 +252,7 @@ func TestHashEqual(t *testing.T) { Digest: ptrfrom.String("7A8F47318E4676DACB0142AFA0B83029CD7BEFD9"), }, { - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, }, }, @@ -351,7 +351,7 @@ func TestHashEqual(t *testing.T) { }, }, Query: &model.HashEqualSpec{ - ID: ptrfrom.String("6"), + ID: ptrfrom.String("5"), }, ExpHE: []*model.HashEqual{ { @@ -597,7 +597,7 @@ func TestIngestHashEquals(t *testing.T) { }, Query: &model.HashEqualSpec{ Artifacts: []*model.ArtifactSpec{{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }}, }, ExpHE: []*model.HashEqual{ @@ -621,7 +621,7 @@ func TestIngestHashEquals(t *testing.T) { }, Query: &model.HashEqualSpec{ Artifacts: []*model.ArtifactSpec{{ - ID: ptrfrom.String("2"), + ID: ptrfrom.String("1"), }}, }, ExpHE: []*model.HashEqual{ @@ -702,7 +702,7 @@ func TestIngestHashEquals(t *testing.T) { Digest: ptrfrom.String("7A8F47318E4676DACB0142AFA0B83029CD7BEFD9"), }, { - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, }, }, @@ -783,9 +783,9 @@ func TestHashEqualNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"4"}, // a1 - "3": []string{"4"}, // a2 - "4": []string{"2", "3"}, // hashequal + "1": []string{"3"}, // a1 + "2": []string{"3"}, // a2 + "3": []string{"1", "2"}, // hashequal }, }, { @@ -808,11 +808,11 @@ func TestHashEqualNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"5", "6"}, // a1 - "3": []string{"5"}, // a2 - "4": []string{"6"}, // a3 - "5": []string{"2", "3"}, // hashequal 1 - "6": []string{"2", "4"}, // hashequal 2 + "1": []string{"4", "5"}, // a1 + "2": []string{"4"}, // a2 + "3": []string{"5"}, // a3 + "4": []string{"1", "2"}, // hashequal 1 + "5": []string{"1", "3"}, // hashequal 2 }, }, } diff --git a/pkg/assembler/backends/inmem/isDependency_test.go b/pkg/assembler/backends/inmem/isDependency_test.go index 0b3f4e9e8f..6b103263c5 100644 --- a/pkg/assembler/backends/inmem/isDependency_test.go +++ b/pkg/assembler/backends/inmem/isDependency_test.go @@ -172,7 +172,7 @@ func TestIsDependency(t *testing.T) { }, Query: &model.IsDependencySpec{ Package: &model.PkgSpec{ - ID: ptrfrom.String("5"), + ID: ptrfrom.String("4"), }, }, ExpID: []*model.IsDependency{ @@ -318,7 +318,7 @@ func TestIsDependency(t *testing.T) { }, }, Query: &model.IsDependencySpec{ - ID: ptrfrom.String("9"), + ID: ptrfrom.String("8"), }, ExpID: []*model.IsDependency{ { @@ -580,10 +580,10 @@ func TestIsDependencyNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "4": []string{"2", "2", "2", "7"}, // p1/p2 name - "5": []string{"2", "7"}, // p1 version - "6": []string{"2"}, // p2 version - "7": []string{"2", "2"}, // isDep + "3": []string{"1", "1", "1", "6"}, // p1/p2 name + "4": []string{"1", "6"}, // p1 version + "5": []string{"1"}, // p2 version + "6": []string{"1", "1"}, // isDep }, }, { @@ -606,12 +606,12 @@ func TestIsDependencyNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "4": []string{"2", "2", "2"}, // p1/p2 name, 1 up, 2 down - "5": []string{"2", "11"}, // p1 version, 1 up, isdep - "6": []string{"2", "12"}, // p2 version, 1 up, isdep - "9": []string{"7", "7", "11", "12"}, // p4 name, 1 up, 1 down, 2 isdeps - "11": []string{"2", "7"}, // isdep 1 - "12": []string{"2", "7"}, // isdep 2 + "3": []string{"1", "1", "1"}, // p1/p2 name, 1 up, 2 down + "4": []string{"1", "10"}, // p1 version, 1 up, isdep + "5": []string{"1", "11"}, // p2 version, 1 up, isdep + "8": []string{"6", "6", "10", "11"}, // p4 name, 1 up, 1 down, 2 isdeps + "10": []string{"1", "6"}, // isdep 1 + "11": []string{"1", "6"}, // isdep 2 }, }, } diff --git a/pkg/assembler/backends/inmem/isOccurrence_test.go b/pkg/assembler/backends/inmem/isOccurrence_test.go index 518c19330a..fea4499a34 100644 --- a/pkg/assembler/backends/inmem/isOccurrence_test.go +++ b/pkg/assembler/backends/inmem/isOccurrence_test.go @@ -738,12 +738,12 @@ func TestOccurrenceNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": []string{"2"}, - "3": []string{"2", "2"}, - "4": []string{"2", "2"}, - "5": []string{"2", "7"}, // pkg version - "6": []string{"7"}, // artifact - "7": []string{"2", "6"}, // isOccurence + "1": []string{"1"}, + "2": []string{"1", "1"}, + "3": []string{"1", "1"}, + "4": []string{"1", "6"}, // pkg version + "5": []string{"6"}, // artifact + "6": []string{"1", "5"}, // isOccurence }, }, { @@ -771,11 +771,11 @@ func TestOccurrenceNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "8", "9"}, // pkg version - "6": []string{"8"}, // artifact1 - "7": []string{"9"}, // artifact2 - "8": []string{"2", "6"}, // isOccurence 1 - "9": []string{"2", "7"}, // isOccurence 2 + "4": []string{"1", "7", "8"}, // pkg version + "5": []string{"7"}, // artifact1 + "6": []string{"8"}, // artifact2 + "7": []string{"1", "5"}, // isOccurence 1 + "8": []string{"1", "6"}, // isOccurence 2 }, }, } diff --git a/pkg/assembler/backends/inmem/isVulnerability.go b/pkg/assembler/backends/inmem/isVulnerability.go deleted file mode 100644 index 2085a4e35a..0000000000 --- a/pkg/assembler/backends/inmem/isVulnerability.go +++ /dev/null @@ -1,366 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem - -import ( - "context" - "strconv" - - "github.com/vektah/gqlparser/v2/gqlerror" - - "github.com/guacsec/guac/pkg/assembler/backends/helper" - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// Internal data: link between equal vulnerabilities (isVulnerability) -type equalVulnerabilityList []*equalVulnerabilityLink -type equalVulnerabilityLink struct { - id uint32 - osvID uint32 - cveID uint32 - ghsaID uint32 - justification string - origin string - collector string -} - -func (n *equalVulnerabilityLink) ID() uint32 { return n.id } - -func (n *equalVulnerabilityLink) Neighbors(allowedEdges edgeMap) []uint32 { - out := make([]uint32, 0, 2) - if n.osvID != 0 && allowedEdges[model.EdgeIsVulnerabilityOsv] { - out = append(out, n.osvID) - } - if n.cveID != 0 && allowedEdges[model.EdgeIsVulnerabilityCve] { - out = append(out, n.cveID) - } - if n.ghsaID != 0 && allowedEdges[model.EdgeIsVulnerabilityGhsa] { - out = append(out, n.ghsaID) - } - return out -} - -func (n *equalVulnerabilityLink) BuildModelNode(c *demoClient) (model.Node, error) { - return c.buildIsVulnerability(n, nil, true) -} - -// Ingest IsVulnerability -func (c *demoClient) IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) { - return c.ingestIsVulnerability(ctx, osv, vulnerability, isVulnerability, true) -} - -func (c *demoClient) ingestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec, readOnly bool) (*model.IsVulnerability, error) { - funcName := "IngestIsVulnerability" - if err := helper.ValidateCveOrGhsaIngestionInput(vulnerability, "IngestIsVulnerability"); err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - - lock(&c.m, readOnly) - defer unlock(&c.m, readOnly) - - osvID, err := getOsvIDFromInput(c, osv) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - osvN, err := byID[*osvNode](osvID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - osvEqualVulns := osvN.equalVulnLinks - - var cveID uint32 - var foundCveNode *cveNode - var ghsaID uint32 - var foundGhsaNode *ghsaNode - var vulnerabilityLinks []uint32 - if vulnerability.Cve != nil { - cveID, err = getCveIDFromInput(c, *vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundCveNode, err = byID[*cveNode](cveID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityLinks = foundCveNode.equalVulnLinks - } else { - ghsaID, err = getGhsaIDFromInput(c, *vulnerability.Ghsa) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - foundGhsaNode, err = byID[*ghsaNode](ghsaID, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnerabilityLinks = foundGhsaNode.equalVulnLinks - } - - var searchIDs []uint32 - if len(osvEqualVulns) < len(vulnerabilityLinks) { - searchIDs = osvEqualVulns - } else { - searchIDs = vulnerabilityLinks - } - - // Don't insert duplicates - duplicate := false - collectedEqualVulnLink := equalVulnerabilityLink{} - for _, id := range searchIDs { - v, err := byID[*equalVulnerabilityLink](id, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %s", funcName, err) - } - vulnMatch := false - if cveID != 0 && cveID == v.cveID { - vulnMatch = true - } - if ghsaID != 0 && ghsaID == v.ghsaID { - vulnMatch = true - } - if vulnMatch && osvID == v.osvID && isVulnerability.Justification == v.justification && - isVulnerability.Origin == v.origin && isVulnerability.Collector == v.collector { - - collectedEqualVulnLink = *v - duplicate = true - break - } - } - if !duplicate { - if readOnly { - c.m.RUnlock() - iv, err := c.ingestIsVulnerability(ctx, osv, vulnerability, isVulnerability, false) - c.m.RLock() // relock so that defer unlock does not panic - return iv, err - } - // store the link - collectedEqualVulnLink = equalVulnerabilityLink{ - id: c.getNextID(), - osvID: osvID, - cveID: cveID, - ghsaID: ghsaID, - justification: isVulnerability.Justification, - origin: isVulnerability.Origin, - collector: isVulnerability.Collector, - } - c.index[collectedEqualVulnLink.id] = &collectedEqualVulnLink - c.equalVulnerabilities = append(c.equalVulnerabilities, &collectedEqualVulnLink) - // set the backlinks - osvN.setEqualVulnLinks(collectedEqualVulnLink.id) - if cveID != 0 { - foundCveNode.setEqualVulnLinks(collectedEqualVulnLink.id) - } - if ghsaID != 0 { - foundGhsaNode.setEqualVulnLinks(collectedEqualVulnLink.id) - } - } - - // build return GraphQL type - builtIsVuln, err := c.buildIsVulnerability(&collectedEqualVulnLink, nil, true) - if err != nil { - return nil, err - } - return builtIsVuln, nil -} - -// Query IsVulnerability -func (c *demoClient) IsVulnerability(ctx context.Context, filter *model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) { - funcName := "IsVulnerability" - if filter != nil { - if err := helper.ValidateCveOrGhsaQueryFilter(filter.Vulnerability); err != nil { - return nil, err - } - } - - c.m.RLock() - defer c.m.RUnlock() - if filter != nil && filter.ID != nil { - id64, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, gqlerror.Errorf("%v :: invalid ID %s", funcName, err) - } - id := uint32(id64) - link, err := byID[*equalVulnerabilityLink](id, c) - if err != nil { - return nil, nil - } - foundIsVuln, err := c.buildIsVulnerability(link, filter, true) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - return []*model.IsVulnerability{foundIsVuln}, nil - } - - var search []uint32 - foundOne := false - if filter != nil && filter.Osv != nil { - exactOSV, err := c.exactOSV(filter.Osv) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactOSV != nil { - search = append(search, exactOSV.equalVulnLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Cve != nil { - exactCVE, err := c.exactCVE(filter.Vulnerability.Cve) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactCVE != nil { - search = append(search, exactCVE.equalVulnLinks...) - foundOne = true - } - } - if !foundOne && filter != nil && filter.Vulnerability != nil && filter.Vulnerability.Ghsa != nil { - exactGHSA, err := c.exactGHSA(filter.Vulnerability.Ghsa) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - if exactGHSA != nil { - search = append(search, exactGHSA.equalVulnLinks...) - foundOne = true - } - } - var out []*model.IsVulnerability - if foundOne { - for _, id := range search { - link, err := byID[*equalVulnerabilityLink](id, c) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - out, err = c.addVulnIfMatch(out, filter, link) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - } - } else { - for _, link := range c.equalVulnerabilities { - var err error - out, err = c.addVulnIfMatch(out, filter, link) - if err != nil { - return nil, gqlerror.Errorf("%v :: %v", funcName, err) - } - } - } - - return out, nil -} - -func (c *demoClient) addVulnIfMatch(out []*model.IsVulnerability, - filter *model.IsVulnerabilitySpec, link *equalVulnerabilityLink) ( - []*model.IsVulnerability, error) { - - if filter != nil && noMatch(filter.Justification, link.justification) { - return out, nil - } - if filter != nil && noMatch(filter.Collector, link.collector) { - return out, nil - } - if filter != nil && noMatch(filter.Origin, link.origin) { - return out, nil - } - - foundIsVuln, err := c.buildIsVulnerability(link, filter, false) - if err != nil { - return nil, err - } - if foundIsVuln == nil { - return out, nil - } - return append(out, foundIsVuln), nil -} - -func (c *demoClient) buildIsVulnerability(link *equalVulnerabilityLink, filter *model.IsVulnerabilitySpec, ingestOrIDProvided bool) (*model.IsVulnerability, error) { - var osv *model.Osv - var cve *model.Cve - var ghsa *model.Ghsa - var err error - if filter != nil { - osv, err = c.buildOsvResponse(link.osvID, filter.Osv) - if err != nil { - return nil, err - } - - } else { - osv, err = c.buildOsvResponse(link.osvID, nil) - if err != nil { - return nil, err - } - } - - if filter != nil && filter.Vulnerability != nil { - if filter.Vulnerability.Cve != nil && link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, filter.Vulnerability.Cve) - if err != nil { - return nil, err - } - } - if filter.Vulnerability.Ghsa != nil && link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, filter.Vulnerability.Ghsa) - if err != nil { - return nil, err - } - } - } else { - if link.cveID != 0 { - cve, err = c.buildCveResponse(link.cveID, nil) - if err != nil { - return nil, err - } - } - if link.ghsaID != 0 { - ghsa, err = c.buildGhsaResponse(link.ghsaID, nil) - if err != nil { - return nil, err - } - } - } - // if osv not found during ingestion or if ID is provided in filter, send error. On query do not send error to continue search - if osv == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve osv via osvID") - } else if osv == nil && !ingestOrIDProvided { - return nil, nil - } - - var vuln model.CveOrGhsa - if link.cveID != 0 { - if cve == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve cve via cveID") - } else if cve == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = cve - } - if link.ghsaID != 0 { - if ghsa == nil && ingestOrIDProvided { - return nil, gqlerror.Errorf("failed to retrieve ghsa via ghsaID") - } else if ghsa == nil && !ingestOrIDProvided { - return nil, nil - } - vuln = ghsa - } - - isVuln := model.IsVulnerability{ - ID: nodeID(link.id), - Osv: osv, - Vulnerability: vuln, - Justification: link.justification, - Origin: link.origin, - Collector: link.collector, - } - return &isVuln, nil -} diff --git a/pkg/assembler/backends/inmem/isVulnerability_test.go b/pkg/assembler/backends/inmem/isVulnerability_test.go deleted file mode 100644 index 34dafa16c7..0000000000 --- a/pkg/assembler/backends/inmem/isVulnerability_test.go +++ /dev/null @@ -1,614 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem_test - -import ( - "context" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/guacsec/guac/internal/testing/ptrfrom" - "github.com/guacsec/guac/pkg/assembler/backends/inmem" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "golang.org/x/exp/slices" -) - -func TestVulnerability(t *testing.T) { - type call struct { - Osv *model.OSVInputSpec - Vuln model.CveOrGhsaInput - In *model.IsVulnerabilityInputSpec - } - tests := []struct { - Name string - InOsv []*model.OSVInputSpec - InCve []*model.CVEInputSpec - InGhsa []*model.GHSAInputSpec - Calls []call - Query *model.IsVulnerabilitySpec - ExpOcc []*model.IsVulnerability - ExpIngestErr bool - ExpQueryErr bool - }{ - { - Name: "HappyPath", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Justification: ptrfrom.String("test justification"), - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c1out, - Justification: "test justification", - }, - }, - }, - { - Name: "Igest same twice", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Justification: ptrfrom.String("test justification"), - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c1out, - Justification: "test justification", - }, - }, - }, - { - Name: "Query on Justification", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification one", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification two", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Justification: ptrfrom.String("test justification one"), - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c1out, - Justification: "test justification one", - }, - }, - }, - { - Name: "Query on OSV", - InOsv: []*model.OSVInputSpec{o1, o2}, - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o2, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Osv: &model.OSVSpec{ - OsvID: ptrfrom.String("CVE-2022-26499"), - }, - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o2out, - Vulnerability: c1out, - Justification: "test justification", - }, - }, - }, - { - Name: "Query on GHSA", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1, c2}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c2, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Vulnerability: &model.CveOrGhsaSpec{ - Ghsa: &model.GHSASpec{}, - }, - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: g1out, - Justification: "test justification", - }, - }, - }, - { - Name: "Query none", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1, c2}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c2, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Vulnerability: &model.CveOrGhsaSpec{ - Ghsa: &model.GHSASpec{ - GhsaID: ptrfrom.String("asdf"), - }, - }, - }, - ExpOcc: nil, - }, - { - Name: "Query multiple", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1, c2}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c2, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - Vulnerability: &model.CveOrGhsaSpec{ - Cve: &model.CVESpec{}, - }, - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c1out, - Justification: "test justification", - }, - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c2out, - Justification: "test justification", - }, - }, - }, - { - Name: "Query ID", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1, c2}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c2, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - ID: ptrfrom.String("6"), - }, - ExpOcc: []*model.IsVulnerability{ - &model.IsVulnerability{ - Osv: o1out, - Vulnerability: c1out, - Justification: "test justification", - }, - }, - }, - { - Name: "Query ID not found", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1, c2}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c2, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - Query: &model.IsVulnerabilitySpec{ - ID: ptrfrom.String("123456"), - }, - ExpOcc: nil, - }, - { - Name: "Ingest without Osv", - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - ExpIngestErr: true, - }, - { - Name: "Ingest without GHSA", - InOsv: []*model.OSVInputSpec{o1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - ExpIngestErr: true, - }, - { - Name: "Query Error", - Query: &model.IsVulnerabilitySpec{ - Vulnerability: &model.CveOrGhsaSpec{ - Cve: &model.CVESpec{}, - Ghsa: &model.GHSASpec{}, - }, - }, - ExpQueryErr: true, - }, - { - Name: "Query Bad ID", - Query: &model.IsVulnerabilitySpec{ - ID: ptrfrom.String("-123"), - }, - ExpQueryErr: true, - }, - } - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.Name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - for _, o := range test.InOsv { - if _, err := b.IngestOsv(ctx, o); err != nil { - t.Fatalf("Could not ingest osv: %v", err) - } - } - for _, c := range test.InCve { - if _, err := b.IngestCve(ctx, c); err != nil { - t.Fatalf("Could not ingest cve: %v", err) - } - } - for _, g := range test.InGhsa { - if _, err := b.IngestGhsa(ctx, g); err != nil { - t.Fatalf("Could not ingest ghsa: %a", err) - } - } - for _, o := range test.Calls { - _, err := b.IngestIsVulnerability(ctx, *o.Osv, o.Vuln, *o.In) - if (err != nil) != test.ExpIngestErr { - t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) - } - if err != nil { - return - } - } - got, err := b.IsVulnerability(ctx, test.Query) - if (err != nil) != test.ExpQueryErr { - t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) - } - if err != nil { - return - } - if diff := cmp.Diff(test.ExpOcc, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} - -func TestVulnerabilityNeighbors(t *testing.T) { - type call struct { - Osv *model.OSVInputSpec - Vuln model.CveOrGhsaInput - In *model.IsVulnerabilityInputSpec - } - tests := []struct { - Name string - InOsv []*model.OSVInputSpec - InCve []*model.CVEInputSpec - InGhsa []*model.GHSAInputSpec - Calls []call - ExpNeighbors map[string][]string - }{ - { - Name: "HappyPath", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - ExpNeighbors: map[string][]string{ - "2": []string{"4"}, // osv to isVuln - "3": []string{"4"}, // cve to isVuln - "4": []string{"2", "3"}, // isVuln to osv and cve - }, - }, - { - Name: "Two IsVuln", - InOsv: []*model.OSVInputSpec{o1}, - InCve: []*model.CVEInputSpec{c1}, - InGhsa: []*model.GHSAInputSpec{g1}, - Calls: []call{ - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Cve: c1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - call{ - Osv: o1, - Vuln: model.CveOrGhsaInput{ - Ghsa: g1, - }, - In: &model.IsVulnerabilityInputSpec{ - Justification: "test justification", - }, - }, - }, - ExpNeighbors: map[string][]string{ - "2": []string{"5", "6"}, // osv to both isVuln - "3": []string{"5"}, - "4": []string{"6"}, - "5": []string{"2", "3"}, - "6": []string{"2", "4"}, - }, - }, - } - ctx := context.Background() - for _, test := range tests { - t.Run(test.Name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - for _, o := range test.InOsv { - if _, err := b.IngestOsv(ctx, o); err != nil { - t.Fatalf("Could not ingest osv: %v", err) - } - } - for _, c := range test.InCve { - if _, err := b.IngestCve(ctx, c); err != nil { - t.Fatalf("Could not ingest cve: %v", err) - } - } - for _, g := range test.InGhsa { - if _, err := b.IngestGhsa(ctx, g); err != nil { - t.Fatalf("Could not ingest ghsa: %s", err) - } - } - for _, o := range test.Calls { - if _, err := b.IngestIsVulnerability(ctx, *o.Osv, o.Vuln, *o.In); err != nil { - t.Fatalf("Could not ingest isVulnerability: %s", err) - } - } - for q, r := range test.ExpNeighbors { - got, err := b.Neighbors(ctx, q, nil) - if err != nil { - t.Fatalf("Could not query neighbors: %s", err) - } - gotIDs := convNodes(got) - slices.Sort(r) - slices.Sort(gotIDs) - if diff := cmp.Diff(r, gotIDs); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - } - }) - } -} diff --git a/pkg/assembler/backends/inmem/osv.go b/pkg/assembler/backends/inmem/osv.go deleted file mode 100644 index 6041ec6b55..0000000000 --- a/pkg/assembler/backends/inmem/osv.go +++ /dev/null @@ -1,240 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem - -import ( - "context" - "errors" - "fmt" - "strconv" - "strings" - - "github.com/vektah/gqlparser/v2/gqlerror" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// TODO: convert to unit test -// func registerAllOSV(client *demoClient) { -// ctx := context.Background() - -// inputs := []model.OSVInputSpec{{ -// OsvID: "CVE-2019-13110", -// }, { -// OsvID: "CVE-2014-8139", -// }, { -// OsvID: "CVE-2014-8140", -// }, { -// OsvID: "CVE-2022-26499", -// }, { -// OsvID: "GHSA-h45f-rjvw-2rv2", -// }} -// for _, input := range inputs { -// _, err := client.IngestOsv(ctx, &input) -// if err != nil { -// log.Printf("Error in ingesting: %v\n", err) -// } -// } -// } - -// Internal data: osv -type osvMap map[string]*osvNode -type osvNode struct { - id uint32 - osvID string - certifyVulnLinks []uint32 - equalVulnLinks []uint32 - vexLinks []uint32 -} - -func (n *osvNode) ID() uint32 { return n.id } - -func (n *osvNode) Neighbors(allowedEdges edgeMap) []uint32 { - out := []uint32{} - if allowedEdges[model.EdgeOsvCertifyVuln] { - out = append(out, n.certifyVulnLinks...) - } - if allowedEdges[model.EdgeOsvIsVulnerability] { - out = append(out, n.equalVulnLinks...) - } - if allowedEdges[model.EdgeOsvCertifyVexStatement] { - out = append(out, n.vexLinks...) - } - return out -} - -func (n *osvNode) BuildModelNode(c *demoClient) (model.Node, error) { - return c.buildOsvResponse(n.id, nil) -} - -// certifyVulnerability back edges -func (n *osvNode) setVulnerabilityLinks(id uint32) { - n.certifyVulnLinks = append(n.certifyVulnLinks, id) -} - -// isVulnerability back edges -func (n *osvNode) setEqualVulnLinks(id uint32) { - n.equalVulnLinks = append(n.equalVulnLinks, id) -} - -// certifyVexStatement back edges -func (n *osvNode) setVexLinks(id uint32) { - n.vexLinks = append(n.vexLinks, id) -} - -// Ingest OSV - -func (c *demoClient) IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) { - var modelOSVs []*model.Osv - for _, osv := range osvs { - modelOSV, err := c.IngestOsv(ctx, osv) - if err != nil { - return nil, gqlerror.Errorf("IngestOsv failed with err: %v", err) - } - modelOSVs = append(modelOSVs, modelOSV) - } - return modelOSVs, nil -} - -func (c *demoClient) IngestOsv(ctx context.Context, input *model.OSVInputSpec) (*model.Osv, error) { - return c.ingestOsv(ctx, input, true) -} - -func (c *demoClient) ingestOsv(ctx context.Context, input *model.OSVInputSpec, readOnly bool) (*model.Osv, error) { - lock(&c.m, readOnly) - defer unlock(&c.m, readOnly) - osvID := strings.ToLower(input.OsvID) - - osvIDStruct, hasOsvID := c.osvs[osvID] - if !hasOsvID { - if readOnly { - c.m.RUnlock() - o, err := c.ingestOsv(ctx, input, false) - c.m.RLock() // relock so that defer unlock does not panic - return o, err - } - osvIDStruct = &osvNode{ - id: c.getNextID(), - osvID: osvID, - } - c.index[osvIDStruct.id] = osvIDStruct - c.osvs[osvID] = osvIDStruct - } - - // build return GraphQL type - return c.buildOsvResponse(osvIDStruct.id, nil) -} - -// Query OSV -func (c *demoClient) Osv(ctx context.Context, filter *model.OSVSpec) ([]*model.Osv, error) { - c.m.RLock() - defer c.m.RUnlock() - if filter != nil && filter.ID != nil { - id, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - osv, err := c.buildOsvResponse(uint32(id), filter) - if err != nil { - if errors.Is(err, errNotFound) { - // not found - return nil, nil - } - return nil, err - } - return []*model.Osv{osv}, nil - } - var out []*model.Osv - if filter != nil && filter.OsvID != nil { - o, hasOsvIDNode := c.osvs[strings.ToLower(*filter.OsvID)] - if hasOsvIDNode { - out = append(out, &model.Osv{ - ID: nodeID(o.id), - OsvID: o.osvID, - }) - } - } else { - for _, o := range c.osvs { - out = append(out, &model.Osv{ - ID: nodeID(o.id), - OsvID: o.osvID, - }) - } - } - return out, nil -} - -func (c *demoClient) exactOSV(filter *model.OSVSpec) (*osvNode, error) { - if filter == nil { - return nil, nil - } - if filter.ID != nil { - id64, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - id := uint32(id64) - if node, ok := c.index[id]; ok { - if o, ok := node.(*osvNode); ok { - return o, nil - } - } - } - if filter.OsvID != nil { - if node, ok := c.osvs[strings.ToLower(*filter.OsvID)]; ok { - return node, nil - } - } - return nil, nil -} - -// Builds a model.osv to send as GraphQL response, starting from id. -// The optional filter allows restricting output (on selection operations). -func (c *demoClient) buildOsvResponse(id uint32, filter *model.OSVSpec) (*model.Osv, error) { - if filter != nil && filter.ID != nil { - filteredID, err := strconv.ParseUint(*filter.ID, 10, 32) - if err != nil { - return nil, err - } - if uint32(filteredID) != id { - return nil, nil - } - } - - osv, err := byID[*osvNode](id, c) - if err != nil { - return nil, fmt.Errorf("Could not find node to build osv response, %w", err) - } - if filter != nil && noMatch(toLower(filter.OsvID), osv.osvID) { - return nil, nil - } - - return &model.Osv{ - ID: nodeID(osv.id), - OsvID: osv.osvID, - }, nil -} - -func getOsvIDFromInput(c *demoClient, input model.OSVInputSpec) (uint32, error) { - osvID := strings.ToLower(input.OsvID) - - osvIDStruct, hasOsvID := c.osvs[osvID] - if !hasOsvID { - return 0, gqlerror.Errorf("osv id \"%s\" not found", input.OsvID) - } - - return osvIDStruct.id, nil -} diff --git a/pkg/assembler/backends/inmem/osv_test.go b/pkg/assembler/backends/inmem/osv_test.go deleted file mode 100644 index 38f20f1e56..0000000000 --- a/pkg/assembler/backends/inmem/osv_test.go +++ /dev/null @@ -1,187 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package inmem_test - -import ( - "context" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/guacsec/guac/internal/testing/ptrfrom" - "github.com/guacsec/guac/pkg/assembler/backends/inmem" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "golang.org/x/exp/slices" -) - -var o1 = &model.OSVInputSpec{ - OsvID: "CVE-2014-8140", -} -var o1out = &model.Osv{ - OsvID: "cve-2014-8140", -} - -var o2 = &model.OSVInputSpec{ - OsvID: "CVE-2022-26499", -} -var o2out = &model.Osv{ - OsvID: "cve-2022-26499", -} - -var o3 = &model.OSVInputSpec{ - OsvID: "GHSA-h45f-rjvw-2rv2", -} -var o3out = &model.Osv{ - OsvID: "ghsa-h45f-rjvw-2rv2", -} - -func lessOsv(a, b *model.Osv) bool { - return a.OsvID < b.OsvID -} - -func TestOSV(t *testing.T) { - tests := []struct { - Name string - Ingests []*model.OSVInputSpec - ExpIngestErr bool - Query *model.OSVSpec - Exp []*model.Osv - ExpQueryErr bool - }{ - { - Name: "HappyPath", - Ingests: []*model.OSVInputSpec{o1}, - Query: &model.OSVSpec{}, - Exp: []*model.Osv{o1out}, - }, - { - Name: "Multiple", - Ingests: []*model.OSVInputSpec{o1, o2}, - Query: &model.OSVSpec{}, - Exp: []*model.Osv{o1out, o2out}, - }, - { - Name: "Duplicates", - Ingests: []*model.OSVInputSpec{o1, o1, o1}, - Query: &model.OSVSpec{}, - Exp: []*model.Osv{o1out}, - }, - { - Name: "Query by OSV ID", - Ingests: []*model.OSVInputSpec{o1, o2, o3}, - Query: &model.OSVSpec{ - OsvID: ptrfrom.String("CVE-2022-26499"), - }, - Exp: []*model.Osv{o2out}, - }, - { - Name: "Query by ID", - Ingests: []*model.OSVInputSpec{o3}, - Query: &model.OSVSpec{ - ID: ptrfrom.String("2"), - }, - Exp: []*model.Osv{o3out}, - }, - { - Name: "Query None", - Ingests: []*model.OSVInputSpec{o1, o2, o3}, - Query: &model.OSVSpec{ - OsvID: ptrfrom.String("asdf"), - }, - Exp: nil, - }, - { - Name: "Query none ID", - Ingests: []*model.OSVInputSpec{o1}, - Query: &model.OSVSpec{ - ID: ptrfrom.String("123456"), - }, - Exp: nil, - }, - { - Name: "Query invalid ID", - Ingests: []*model.OSVInputSpec{o1}, - Query: &model.OSVSpec{ - ID: ptrfrom.String("asdf"), - }, - ExpQueryErr: true, - }, - } - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.Name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - for _, i := range test.Ingests { - _, err := b.IngestOsv(ctx, i) - if (err != nil) != test.ExpIngestErr { - t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) - } - if err != nil { - return - } - } - got, err := b.Osv(ctx, test.Query) - if (err != nil) != test.ExpQueryErr { - t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) - } - if err != nil { - return - } - slices.SortFunc(got, lessOsv) - if diff := cmp.Diff(test.Exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} - -func TestIngestOSVs(t *testing.T) { - tests := []struct { - name string - ingests []*model.OSVInputSpec - exp []*model.Osv - }{{ - name: "Multiple", - ingests: []*model.OSVInputSpec{o1, o2, o3}, - exp: []*model.Osv{o1out, o2out, o3out}, - }} - ignoreID := cmp.FilterPath(func(p cmp.Path) bool { - return strings.Compare(".ID", p[len(p)-1].String()) == 0 - }, cmp.Ignore()) - ctx := context.Background() - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - b, err := inmem.GetBackend(nil) - if err != nil { - t.Fatalf("Could not instantiate testing backend: %v", err) - } - got, err := b.IngestOSVs(ctx, test.ingests) - if err != nil { - t.Fatalf("ingest error: %v", err) - return - } - if diff := cmp.Diff(test.exp, got, ignoreID); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - }) - } -} diff --git a/pkg/assembler/backends/inmem/pkgEqual_test.go b/pkg/assembler/backends/inmem/pkgEqual_test.go index f126029f0d..40160ac9a0 100644 --- a/pkg/assembler/backends/inmem/pkgEqual_test.go +++ b/pkg/assembler/backends/inmem/pkgEqual_test.go @@ -139,7 +139,7 @@ func TestPkgEqual(t *testing.T) { }, Query: &model.PkgEqualSpec{ Packages: []*model.PkgSpec{{ - ID: ptrfrom.String("7"), + ID: ptrfrom.String("6"), }}, }, ExpHE: []*model.PkgEqual{ @@ -165,7 +165,7 @@ func TestPkgEqual(t *testing.T) { }, Query: &model.PkgEqualSpec{ Packages: []*model.PkgSpec{{ - ID: ptrfrom.String("5"), + ID: ptrfrom.String("4"), }}, }, ExpHE: []*model.PkgEqual{ @@ -351,7 +351,7 @@ func TestPkgEqual(t *testing.T) { }, }, Query: &model.PkgEqualSpec{ - ID: ptrfrom.String("9"), + ID: ptrfrom.String("8"), }, ExpHE: []*model.PkgEqual{ { @@ -514,9 +514,9 @@ func TestPkgEqualNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "7"}, // p1 - "6": []string{"2", "7"}, // p2 - "7": []string{"2", "2"}, // pkgequal + "4": []string{"1", "6"}, // p1 + "5": []string{"1", "6"}, // p2 + "6": []string{"1", "1"}, // pkgequal }, }, { @@ -539,11 +539,11 @@ func TestPkgEqualNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": []string{"2", "8", "9"}, // p1 - "6": []string{"2", "8"}, // p2 - "7": []string{"2", "9"}, // p3 - "8": []string{"2", "2"}, // pkgequal 1 - "9": []string{"2", "2"}, // pkgequal 2 + "4": []string{"1", "7", "8"}, // p1 + "5": []string{"1", "7"}, // p2 + "6": []string{"1", "8"}, // p3 + "7": []string{"1", "1"}, // pkgequal 1 + "8": []string{"1", "1"}, // pkgequal 2 }, }, } diff --git a/pkg/assembler/backends/inmem/pointOfContact_test.go b/pkg/assembler/backends/inmem/pointOfContact_test.go index 741abdfc3f..0c9710bc9c 100644 --- a/pkg/assembler/backends/inmem/pointOfContact_test.go +++ b/pkg/assembler/backends/inmem/pointOfContact_test.go @@ -576,7 +576,7 @@ func TestPointOfContact(t *testing.T) { }, }, Query: &model.PointOfContactSpec{ - ID: ptrfrom.String("4"), + ID: ptrfrom.String("3"), }, ExpHM: []*model.PointOfContact{ { @@ -739,8 +739,8 @@ func TestPointOfContactNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "5": {"2", "6"}, // pkg version - "6": {"2"}, // certify good + "4": {"1", "5"}, // pkg version + "5": {"1"}, // certify good }, }, { @@ -778,17 +778,17 @@ func TestPointOfContactNeighbors(t *testing.T) { }, }, ExpNeighbors: map[string][]string{ - "2": {"2"}, - "3": {"2", "2"}, - "4": {"2", "2", "10"}, // pkg name - "5": {"2"}, // pkg version - "6": {"6"}, - "7": {"6", "6"}, - "8": {"6", "11"}, // src name - "9": {"12"}, // art - "10": {"2"}, // cb 1 -> pkg name - "11": {"6"}, // cb 2 -> src name - "12": {"9"}, // cb 3 -> art + "1": {"1"}, + "2": {"1", "1"}, + "3": {"1", "1", "9"}, // pkg name + "4": {"1"}, // pkg version + "5": {"5"}, + "6": {"5", "5"}, + "7": {"5", "10"}, // src name + "8": {"11"}, // art + "9": {"1"}, // cb 1 -> pkg name + "10": {"5"}, // cb 2 -> src name + "11": {"8"}, // cb 3 -> art }, }, } diff --git a/pkg/assembler/backends/inmem/src.go b/pkg/assembler/backends/inmem/src.go index b783e173c1..6c4856b0f1 100644 --- a/pkg/assembler/backends/inmem/src.go +++ b/pkg/assembler/backends/inmem/src.go @@ -424,7 +424,7 @@ func (c *demoClient) buildSourceResponse(id uint32, filter *model.SourceSpec) (* namespaceStruct, ok := node.(*srcNamespaceStruct) if !ok { - return nil, fmt.Errorf("%w: ID does not match expected node type for package namespace", errNotFound) + return nil, fmt.Errorf("%w: ID does not match expected node type for source namespace", errNotFound) } s := model.Source{ ID: nodeID(namespaceStruct.id), diff --git a/pkg/assembler/backends/inmem/vulnEqual.go b/pkg/assembler/backends/inmem/vulnEqual.go new file mode 100644 index 0000000000..65da41a7b6 --- /dev/null +++ b/pkg/assembler/backends/inmem/vulnEqual.go @@ -0,0 +1,230 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inmem + +import ( + "context" + "strconv" + + "github.com/vektah/gqlparser/v2/gqlerror" + "golang.org/x/exp/slices" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// Internal data: link between equal vulnerabilities (isVulnerability) +type vulnerabilityEqualList []*vulnerabilityEqualLink +type vulnerabilityEqualLink struct { + id uint32 + vulnerabilities []uint32 + justification string + origin string + collector string +} + +func (n *vulnerabilityEqualLink) ID() uint32 { return n.id } + +func (n *vulnerabilityEqualLink) Neighbors(allowedEdges edgeMap) []uint32 { + out := make([]uint32, 0, 2) + if len(n.vulnerabilities) > 0 && allowedEdges[model.EdgeVulnEqualVulnerability] { + out = append(out, n.vulnerabilities...) + } + return out +} + +func (n *vulnerabilityEqualLink) BuildModelNode(c *demoClient) (model.Node, error) { + return c.convVulnEqual(n) +} + +// Ingest IsVulnerability +func (c *demoClient) IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) { + return c.ingestVulnEqual(ctx, vulnerability, otherVulnerability, vulnEqual, true) +} + +func (c *demoClient) ingestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec, readOnly bool) (*model.VulnEqual, error) { + funcName := "ingestVulnEqual" + lock(&c.m, readOnly) + defer unlock(&c.m, readOnly) + + vIDs := make([]uint32, 0, 2) + for _, vi := range []model.VulnerabilityInputSpec{vulnerability, otherVulnerability} { + vid, err := getVulnerabilityIDFromInput(c, vi) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + vIDs = append(vIDs, vid) + } + slices.Sort(vIDs) + + vs := make([]*vulnIDNode, 0, 2) + for _, vID := range vIDs { + v, _ := byID[*vulnIDNode](vID, c) + vs = append(vs, v) + } + + for _, id := range vs[0].vulnEqualLinks { + ve, err := byID[*vulnerabilityEqualLink](id, c) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + if slices.Equal(ve.vulnerabilities, vIDs) && + ve.justification == vulnEqual.Justification && + ve.origin == vulnEqual.Origin && + ve.collector == vulnEqual.Collector { + return c.convVulnEqual(ve) + } + } + + if readOnly { + c.m.RUnlock() + cp, err := c.ingestVulnEqual(ctx, vulnerability, otherVulnerability, vulnEqual, false) + c.m.RLock() // relock so that defer unlock does not panic + return cp, err + } + + ve := &vulnerabilityEqualLink{ + id: c.getNextID(), + vulnerabilities: vIDs, + justification: vulnEqual.Justification, + origin: vulnEqual.Origin, + collector: vulnEqual.Collector, + } + c.index[ve.id] = ve + for _, v := range vs { + v.setVulnEqualLinks(ve.id) + } + c.vulnerabilityEquals = append(c.vulnerabilityEquals, ve) + + return c.convVulnEqual(ve) +} + +func (c *demoClient) convVulnEqual(in *vulnerabilityEqualLink) (*model.VulnEqual, error) { + out := &model.VulnEqual{ + ID: nodeID(in.id), + Justification: in.justification, + Origin: in.origin, + Collector: in.collector, + } + for _, id := range in.vulnerabilities { + v, err := c.buildVulnResponse(id, nil) + if err != nil { + return nil, err + } + out.Vulnerabilities = append(out.Vulnerabilities, v) + } + return out, nil +} + +// Query IsVulnerability +func (c *demoClient) VulnEqual(ctx context.Context, filter *model.VulnEqualSpec) ([]*model.VulnEqual, error) { + funcName := "VulnEqual" + if filter != nil && len(filter.Vulnerabilities) > 2 { + return nil, gqlerror.Errorf("%v :: too many vulnerabilities in query, max 2, got: %v", funcName, len(filter.Vulnerabilities)) + } + c.m.RLock() + defer c.m.RUnlock() + if filter.ID != nil { + id64, err := strconv.ParseUint(*filter.ID, 10, 32) + if err != nil { + return nil, gqlerror.Errorf("%v :: invalid ID %s", funcName, err) + } + id := uint32(id64) + link, err := byID[*vulnerabilityEqualLink](id, c) + if err != nil { + // Not found + return nil, nil + } + // If found by id, ignore rest of fields in spec and return as a match + ve, err := c.convVulnEqual(link) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + return []*model.VulnEqual{ve}, nil + } + + var search []uint32 + foundOne := false + for _, v := range filter.Vulnerabilities { + if !foundOne { + exactVuln, err := c.exactVulnerability(v) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + if exactVuln != nil { + search = append(search, exactVuln.vulnEqualLinks...) + foundOne = true + break + } + } + } + + var out []*model.VulnEqual + if foundOne { + for _, id := range search { + link, err := byID[*vulnerabilityEqualLink](id, c) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + out, err = c.addVulnIfMatch(out, filter, link) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + } + } else { + for _, link := range c.vulnerabilityEquals { + var err error + out, err = c.addVulnIfMatch(out, filter, link) + if err != nil { + return nil, gqlerror.Errorf("%v :: %v", funcName, err) + } + } + } + return out, nil +} + +func (c *demoClient) addVulnIfMatch(out []*model.VulnEqual, + filter *model.VulnEqualSpec, link *vulnerabilityEqualLink) ( + []*model.VulnEqual, error) { + + if noMatch(filter.Justification, link.justification) || + noMatch(filter.Origin, link.origin) || + noMatch(filter.Collector, link.collector) { + return out, nil + } + for _, vs := range filter.Vulnerabilities { + if vs == nil { + continue + } + found := false + for _, vid := range link.vulnerabilities { + v, err := c.buildVulnResponse(vid, vs) + if err != nil { + return nil, err + } + if v != nil { + found = true + } + } + if !found { + return out, nil + } + } + ve, err := c.convVulnEqual(link) + if err != nil { + return nil, err + } + return append(out, ve), nil +} diff --git a/pkg/assembler/backends/inmem/vulnEqual_test.go b/pkg/assembler/backends/inmem/vulnEqual_test.go new file mode 100644 index 0000000000..106bdc76f2 --- /dev/null +++ b/pkg/assembler/backends/inmem/vulnEqual_test.go @@ -0,0 +1,562 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inmem_test + +import ( + "context" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/guacsec/guac/internal/testing/ptrfrom" + "github.com/guacsec/guac/pkg/assembler/backends/inmem" + "github.com/guacsec/guac/pkg/assembler/graphql/model" + "golang.org/x/exp/slices" +) + +func TestVulEqual(t *testing.T) { + type call struct { + Vuln *model.VulnerabilityInputSpec + OtherVuln *model.VulnerabilityInputSpec + In *model.VulnEqualInputSpec + } + tests := []struct { + Name string + InVuln []*model.VulnerabilityInputSpec + Calls []call + Query *model.VulnEqualSpec + ExpVulnEqual []*model.VulnEqual + ExpIngestErr bool + ExpQueryErr bool + }{ + { + Name: "HappyPath", + InVuln: []*model.VulnerabilityInputSpec{o1, c1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Justification: ptrfrom.String("test justification"), + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Igest same twice", + InVuln: []*model.VulnerabilityInputSpec{o1, c1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Justification: ptrfrom.String("test justification"), + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query on Justification", + InVuln: []*model.VulnerabilityInputSpec{o1, c1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Justification: ptrfrom.String("test justification"), + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query on OSV", + InVuln: []*model.VulnerabilityInputSpec{o1, o2, c1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o2, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Vulnerabilities: []*model.VulnerabilitySpec{ + { + VulnerabilityID: ptrfrom.String("CVE-2022-26499"), + }, + }, + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o2out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query on GHSA", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, c2, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c2, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Vulnerabilities: []*model.VulnerabilitySpec{ + { + Type: ptrfrom.String("ghsa"), + }, + }, + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query none", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, c2, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c2, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Vulnerabilities: []*model.VulnerabilitySpec{ + { + VulnerabilityID: ptrfrom.String("AEV-2022-26499"), + }, + }, + }, + ExpVulnEqual: nil, + }, + { + Name: "Query multiple", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, c2, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c2, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + Vulnerabilities: []*model.VulnerabilitySpec{ + { + Type: ptrfrom.String("cve"), + }, + }, + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c2out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query ID", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, c2, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c2, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + ID: ptrfrom.String("8"), + }, + ExpVulnEqual: []*model.VulnEqual{ + &model.VulnEqual{ + Vulnerabilities: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out}, + }, + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + Justification: "test justification", + }, + }, + }, + { + Name: "Query ID not found", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, c2, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: c2, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + Query: &model.VulnEqualSpec{ + ID: ptrfrom.String("123456"), + }, + ExpVulnEqual: nil, + }, + { + Name: "Query Error", + Query: &model.VulnEqualSpec{ + Vulnerabilities: []*model.VulnerabilitySpec{ + { + ID: ptrfrom.String("6"), + }, + }, + }, + ExpQueryErr: false, + }, + { + Name: "Query Bad ID", + Query: &model.VulnEqualSpec{ + ID: ptrfrom.String("-123"), + }, + ExpQueryErr: true, + }, + } + ignoreID := cmp.FilterPath(func(p cmp.Path) bool { + return strings.Compare(".ID", p[len(p)-1].String()) == 0 + }, cmp.Ignore()) + ctx := context.Background() + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + for _, g := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *g); err != nil { + t.Fatalf("Could not ingest vulnerability: %a", err) + } + } + for _, o := range test.Calls { + _, err := b.IngestVulnEqual(ctx, *o.Vuln, *o.OtherVuln, *o.In) + if (err != nil) != test.ExpIngestErr { + t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) + } + if err != nil { + return + } + } + got, err := b.VulnEqual(ctx, test.Query) + if (err != nil) != test.ExpQueryErr { + t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) + } + if err != nil { + return + } + if diff := cmp.Diff(test.ExpVulnEqual, got, ignoreID); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + }) + } +} + +func TestVulnerabilityEqualNeighbors(t *testing.T) { + type call struct { + Vuln *model.VulnerabilityInputSpec + OtherVuln *model.VulnerabilityInputSpec + In *model.VulnEqualInputSpec + } + tests := []struct { + Name string + InVuln []*model.VulnerabilityInputSpec + Calls []call + ExpNeighbors map[string][]string + }{ + { + Name: "HappyPath", + InVuln: []*model.VulnerabilityInputSpec{o1, c1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + ExpNeighbors: map[string][]string{ + "2": []string{"1", "5"}, // osv to isVuln + "4": []string{"3", "5"}, // cve to isVuln + "5": []string{"1", "3"}, // isVuln to osv and cve + }, + }, + { + Name: "Two IsVuln", + InVuln: []*model.VulnerabilityInputSpec{o1, c1, g1}, + Calls: []call{ + call{ + Vuln: o1, + OtherVuln: c1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + call{ + Vuln: o1, + OtherVuln: g1, + In: &model.VulnEqualInputSpec{ + Justification: "test justification", + }, + }, + }, + ExpNeighbors: map[string][]string{ + "2": []string{"1", "7", "8"}, // osv to both isVuln + "4": []string{"3", "7"}, + "6": []string{"5", "8"}, + "7": []string{"1", "3"}, + "8": []string{"1", "5"}, + }, + }, + } + ctx := context.Background() + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + for _, g := range test.InVuln { + if _, err := b.IngestVulnerability(ctx, *g); err != nil { + t.Fatalf("Could not ingest vulnerability: %s", err) + } + } + for _, o := range test.Calls { + if _, err := b.IngestVulnEqual(ctx, *o.Vuln, *o.OtherVuln, *o.In); err != nil { + t.Fatalf("Could not ingest vuln Equal: %s", err) + } + } + for q, r := range test.ExpNeighbors { + got, err := b.Neighbors(ctx, q, nil) + if err != nil { + t.Fatalf("Could not query neighbors: %s", err) + } + gotIDs := convNodes(got) + slices.Sort(r) + slices.Sort(gotIDs) + if diff := cmp.Diff(r, gotIDs); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + } + }) + } +} diff --git a/pkg/assembler/backends/inmem/vulnerability.go b/pkg/assembler/backends/inmem/vulnerability.go new file mode 100644 index 0000000000..06a4188128 --- /dev/null +++ b/pkg/assembler/backends/inmem/vulnerability.go @@ -0,0 +1,355 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inmem + +import ( + "context" + "errors" + "fmt" + "strconv" + "strings" + + "github.com/vektah/gqlparser/v2/gqlerror" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// func registerAllCVE(client *demoClient) { +// ctx := context.Background() + +// inputs := []model.CVEInputSpec{{ +// Year: 2019, +// CveID: "CVE-2019-13110", +// }, { +// Year: 2014, +// CveID: "CVE-2014-8139", +// }, { +// Year: 2014, +// CveID: "CVE-2014-8140", +// }, { +// Year: 2022, +// CveID: "CVE-2022-26499", +// }, { +// Year: 2014, +// CveID: "CVE-2014-8140", +// }} +// for _, input := range inputs { +// _, err := client.IngestCve(ctx, &input) +// if err != nil { +// log.Printf("Error in ingesting: %v\n", err) +// } +// } +// } + +// Internal data: Vulnerability +type vulnTypeMap map[string]*vulnTypeStruct +type vulnTypeStruct struct { + id uint32 + typeKey string + vulnIDs vulnIDList +} +type vulnIDList []*vulnIDNode +type vulnIDNode struct { + id uint32 + parent uint32 + vulnID string + certifyVulnLinks []uint32 + vulnEqualLinks []uint32 + vexLinks []uint32 +} + +func (n *vulnTypeStruct) ID() uint32 { return n.id } +func (n *vulnIDNode) ID() uint32 { return n.id } + +func (n *vulnTypeStruct) Neighbors(allowedEdges edgeMap) []uint32 { + out := make([]uint32, 0, len(n.vulnIDs)) + for _, v := range n.vulnIDs { + out = append(out, v.id) + } + return out +} +func (n *vulnIDNode) Neighbors(allowedEdges edgeMap) []uint32 { + out := []uint32{n.parent} + + if allowedEdges[model.EdgeVulnerabilityCertifyVuln] { + out = append(out, n.certifyVulnLinks...) + } + if allowedEdges[model.EdgeVulnerabilityVulnEqual] { + out = append(out, n.vulnEqualLinks...) + } + if allowedEdges[model.EdgeVulnerabilityCertifyVexStatement] { + out = append(out, n.vexLinks...) + } + + return out +} + +func (n *vulnTypeStruct) BuildModelNode(c *demoClient) (model.Node, error) { + return c.buildVulnResponse(n.id, nil) +} +func (n *vulnIDNode) BuildModelNode(c *demoClient) (model.Node, error) { + return c.buildVulnResponse(n.id, nil) +} + +// certifyVulnerability back edges +func (n *vulnIDNode) setVulnerabilityLinks(id uint32) { + n.certifyVulnLinks = append(n.certifyVulnLinks, id) +} + +// equalVulnerability back edges +func (n *vulnIDNode) setVulnEqualLinks(id uint32) { n.vulnEqualLinks = append(n.vulnEqualLinks, id) } + +// certifyVexStatement back edges +func (n *vulnIDNode) setVexLinks(id uint32) { n.vexLinks = append(n.vexLinks, id) } + +// Ingest CVE + +func (c *demoClient) IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) { + var modelVulnerabilities []*model.Vulnerability + for _, vuln := range vulns { + modelVuln, err := c.IngestVulnerability(ctx, *vuln) + if err != nil { + return nil, gqlerror.Errorf("IngestVulnerability failed with err: %v", err) + } + modelVulnerabilities = append(modelVulnerabilities, modelVuln) + } + return modelVulnerabilities, nil +} + +func (c *demoClient) IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) { + return c.ingestVuln(ctx, vuln, true) +} + +func (c *demoClient) ingestVuln(ctx context.Context, input model.VulnerabilityInputSpec, readOnly bool) (*model.Vulnerability, error) { + typeLowerCase := strings.ToLower(input.Type) + vulIDLoweCase := strings.ToLower(input.VulnerabilityID) + c.m.RLock() + typeStruct, hasType := c.vulnerabilities[typeLowerCase] + c.m.RUnlock() + if !hasType { + c.m.Lock() + typeStruct, hasType = c.vulnerabilities[typeLowerCase] + if !hasType { + typeStruct = &vulnTypeStruct{ + id: c.getNextID(), + typeKey: typeLowerCase, + vulnIDs: vulnIDList{}, + } + c.index[typeStruct.id] = typeStruct + c.vulnerabilities[typeLowerCase] = typeStruct + } + c.m.Unlock() + } + + c.m.RLock() + duplicate, collectedVulnID := duplicateVulnID(typeStruct.vulnIDs, input) + c.m.RUnlock() + if !duplicate { + c.m.Lock() + duplicate, collectedVulnID = duplicateVulnID(typeStruct.vulnIDs, input) + if !duplicate { + collectedVulnID = &vulnIDNode{ + id: c.getNextID(), + parent: typeStruct.id, + vulnID: vulIDLoweCase, + } + c.index[collectedVulnID.id] = collectedVulnID + typeStruct.vulnIDs = append(typeStruct.vulnIDs, collectedVulnID) + } + c.m.Unlock() + } + + // build return GraphQL type + c.m.RLock() + defer c.m.RUnlock() + return c.buildVulnResponse(collectedVulnID.id, nil) +} + +func duplicateVulnID(vulnIDs vulnIDList, input model.VulnerabilityInputSpec) (bool, *vulnIDNode) { + for _, vulnID := range vulnIDs { + if vulnID.vulnID != strings.ToLower(input.VulnerabilityID) { + continue + } + return true, vulnID + } + return false, nil +} + +// Query CVE +func (c *demoClient) Vulnerabilities(ctx context.Context, filter *model.VulnerabilitySpec) ([]*model.Vulnerability, error) { + c.m.RLock() + defer c.m.RUnlock() + if filter != nil && filter.ID != nil { + id, err := strconv.ParseUint(*filter.ID, 10, 32) + if err != nil { + return nil, err + } + v, err := c.buildVulnResponse(uint32(id), filter) + if err != nil { + if errors.Is(err, errNotFound) { + // not found + return nil, nil + } + return nil, err + } + return []*model.Vulnerability{v}, nil + } + + out := []*model.Vulnerability{} + if filter != nil && filter.Type != nil { + typeStruct, ok := c.vulnerabilities[strings.ToLower(*filter.Type)] + if ok { + vulnIDs := buildVulnID(typeStruct, filter) + if len(vulnIDs) > 0 { + out = append(out, &model.Vulnerability{ + ID: nodeID(typeStruct.id), + Type: typeStruct.typeKey, + VulnerabilityIDs: vulnIDs, + }) + } + } + } else { + for vulnType, typeStruct := range c.vulnerabilities { + vulnIDs := buildVulnID(typeStruct, filter) + if len(vulnIDs) > 0 { + out = append(out, &model.Vulnerability{ + ID: nodeID(typeStruct.id), + Type: vulnType, + VulnerabilityIDs: vulnIDs, + }) + } + } + } + return out, nil +} + +func buildVulnID(typeStruct *vulnTypeStruct, filter *model.VulnerabilitySpec) []*model.VulnerabilityID { + vunIDs := []*model.VulnerabilityID{} + for _, v := range typeStruct.vulnIDs { + if filter != nil && noMatch(toLower(filter.VulnerabilityID), v.vulnID) { + continue + } + vunIDs = append(vunIDs, &model.VulnerabilityID{ + ID: nodeID(v.id), + VulnerabilityID: v.vulnID, + }) + } + return vunIDs +} + +func (c *demoClient) exactVulnerability(filter *model.VulnerabilitySpec) (*vulnIDNode, error) { + if filter == nil { + return nil, nil + } + if filter.ID != nil { + id64, err := strconv.ParseUint(*filter.ID, 10, 32) + if err != nil { + return nil, err + } + id := uint32(id64) + if node, ok := c.index[id]; ok { + if v, ok := node.(*vulnIDNode); ok { + return v, nil + } + } + } + if filter.Type != nil && filter.VulnerabilityID != nil { + tp, ok := c.vulnerabilities[strings.ToLower(*filter.Type)] + if !ok { + return nil, nil + } + for _, vulnID := range tp.vulnIDs { + if strings.ToLower(*filter.VulnerabilityID) != vulnID.vulnID { + continue + } + return vulnID, nil + } + } + return nil, nil +} + +// Builds a model.Vulnerability to send as GraphQL response, starting from id. +// The optional filter allows restricting output (on selection operations). +func (c *demoClient) buildVulnResponse(id uint32, filter *model.VulnerabilitySpec) (*model.Vulnerability, error) { + if filter != nil && filter.ID != nil { + filteredID, err := strconv.ParseUint(*filter.ID, 10, 32) + if err != nil { + return nil, err + } + if uint32(filteredID) != id { + return nil, nil + } + } + + node, ok := c.index[id] + if !ok { + return nil, fmt.Errorf("%w : ID does not match existing node", errNotFound) + } + + var vl []*model.VulnerabilityID + if vulnNode, ok := node.(*vulnIDNode); ok { + if filter != nil && noMatch(toLower(filter.VulnerabilityID), vulnNode.vulnID) { + return nil, nil + } + vl = append(vl, &model.VulnerabilityID{ + // IDs are generated as string even though we ask for integers + // See https://github.com/99designs/gqlgen/issues/2561 + ID: nodeID(vulnNode.id), + VulnerabilityID: vulnNode.vulnID, + }) + node, ok = c.index[vulnNode.parent] + if !ok { + return nil, fmt.Errorf("internal ID does not match existing node") + } + } + + typeStruct, ok := node.(*vulnTypeStruct) + if !ok { + return nil, fmt.Errorf("%w: ID does not match expected node type for vulnerability", errNotFound) + } + v := model.Vulnerability{ + ID: nodeID(typeStruct.id), + Type: typeStruct.typeKey, + VulnerabilityIDs: vl, + } + if filter != nil && noMatch(toLower(filter.Type), v.Type) { + return nil, nil + } + return &v, nil +} + +func getVulnerabilityIDFromInput(c *demoClient, input model.VulnerabilityInputSpec) (uint32, error) { + typeStruct, vulnTypeFound := c.vulnerabilities[strings.ToLower(input.Type)] + if !vulnTypeFound { + return 0, gqlerror.Errorf("vulnerability type \"%s\" not found", input.Type) + } + found := false + var vulnNodeID uint32 + for _, vulnID := range typeStruct.vulnIDs { + if vulnID.vulnID != strings.ToLower(input.VulnerabilityID) { + continue + } + if found { + return 0, gqlerror.Errorf("more than one vulnerability matches input") + } + vulnNodeID = vulnID.id + found = true + } + if !found { + return 0, gqlerror.Errorf("No vulnerability matches input") + } + return vulnNodeID, nil +} diff --git a/pkg/assembler/backends/inmem/vulnerability_test.go b/pkg/assembler/backends/inmem/vulnerability_test.go new file mode 100644 index 0000000000..cb06353b58 --- /dev/null +++ b/pkg/assembler/backends/inmem/vulnerability_test.go @@ -0,0 +1,349 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package inmem_test + +import ( + "context" + "strings" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/guacsec/guac/internal/testing/ptrfrom" + "github.com/guacsec/guac/pkg/assembler/backends/inmem" + "github.com/guacsec/guac/pkg/assembler/graphql/model" + "golang.org/x/exp/slices" +) + +var c1 = &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2019-13110", +} +var c1out = &model.VulnerabilityID{ + VulnerabilityID: "cve-2019-13110", +} + +var c2 = &model.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "CVE-2014-8139", +} +var c2out = &model.VulnerabilityID{ + VulnerabilityID: "cve-2014-8139", +} + +var c3 = &model.VulnerabilityInputSpec{ + Type: "CVE", + VulnerabilityID: "cVe-2014-8140", +} +var c3out = &model.VulnerabilityID{ + VulnerabilityID: "cve-2014-8140", +} + +var g1 = &model.VulnerabilityInputSpec{ + Type: "GHSA", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", +} +var g1out = &model.VulnerabilityID{ + VulnerabilityID: "ghsa-h45f-rjvw-2rv2", +} + +var g2 = &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-xrw3-wqph-3fxg", +} +var g2out = &model.VulnerabilityID{ + VulnerabilityID: "ghsa-xrw3-wqph-3fxg", +} + +var g3 = &model.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-8v4j-7jgf-5rg9", +} +var g3out = &model.VulnerabilityID{ + VulnerabilityID: "ghsa-8v4j-7jgf-5rg9", +} + +var o1 = &model.VulnerabilityInputSpec{ + Type: "OSV", + VulnerabilityID: "CVE-2014-8140", +} +var o1out = &model.VulnerabilityID{ + VulnerabilityID: "cve-2014-8140", +} + +var o2 = &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "CVE-2022-26499", +} +var o2out = &model.VulnerabilityID{ + VulnerabilityID: "cve-2022-26499", +} + +var o3 = &model.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "GHSA-h45f-rjvw-2rv2", +} +var o3out = &model.VulnerabilityID{ + VulnerabilityID: "ghsa-h45f-rjvw-2rv2", +} + +var noVulnInput = &model.VulnerabilityInputSpec{ + Type: "noVuln", + VulnerabilityID: "", +} +var noVulnOut = &model.VulnerabilityID{ + VulnerabilityID: "", +} + +func lessCve(a, b *model.Vulnerability) bool { + return a.VulnerabilityIDs[0].VulnerabilityID < b.VulnerabilityIDs[0].VulnerabilityID +} + +func TestVulnerability(t *testing.T) { + tests := []struct { + Name string + Ingests []*model.VulnerabilityInputSpec + ExpIngestErr bool + Query *model.VulnerabilitySpec + Exp []*model.Vulnerability + ExpQueryErr bool + }{ + { + Name: "HappyPath", + Ingests: []*model.VulnerabilityInputSpec{c1}, + Query: &model.VulnerabilitySpec{}, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + }, + { + Name: "Multiple", + Ingests: []*model.VulnerabilityInputSpec{c1, c2}, + Query: &model.VulnerabilitySpec{}, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out, c2out}, + }, + }, + }, + { + Name: "Duplicates", + Ingests: []*model.VulnerabilityInputSpec{c1, c1, c1}, + Query: &model.VulnerabilitySpec{}, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + }, + { + Name: "Query by type - cve", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3, g1, o1}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("cve"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out, c2out, c3out}, + }, + }, + }, + { + Name: "Query by type - ghsa", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3, g2, g3, o1}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("ghsa"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "ghsa", + VulnerabilityIDs: []*model.VulnerabilityID{g2out, g3out}, + }, + }, + }, + { + Name: "Query by type - osv", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3, g3, o1, o2, o3}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("osv"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "osv", + VulnerabilityIDs: []*model.VulnerabilityID{o1out, o2out, o3out}, + }, + }, + }, + { + Name: "Query by type - noVuln", + Ingests: []*model.VulnerabilityInputSpec{noVulnInput}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("noVuln"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, + }, + }, + { + Name: "Query by vulnID", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3}, + Query: &model.VulnerabilitySpec{ + VulnerabilityID: ptrfrom.String("CVE-2014-8140"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c3out}, + }, + }, + }, + { + Name: "Query by vulnID - noVuln", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3, noVulnInput}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("noVuln"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "novuln", + VulnerabilityIDs: []*model.VulnerabilityID{noVulnOut}, + }, + }, + }, + { + Name: "Query by ID", + Ingests: []*model.VulnerabilityInputSpec{c1}, + Query: &model.VulnerabilitySpec{ + ID: ptrfrom.String("2"), + }, + Exp: []*model.Vulnerability{ + &model.Vulnerability{ + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + }, + }, + { + Name: "Query none", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3}, + Query: &model.VulnerabilitySpec{ + Type: ptrfrom.String("ghsa"), + }, + Exp: []*model.Vulnerability{}, + }, + { + Name: "Query none ID", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3}, + Query: &model.VulnerabilitySpec{ + ID: ptrfrom.String("12345"), + }, + Exp: nil, + }, + { + Name: "Query invalid ID", + Ingests: []*model.VulnerabilityInputSpec{c1, c2, c3}, + Query: &model.VulnerabilitySpec{ + ID: ptrfrom.String("asdf"), + }, + ExpQueryErr: true, + }, + } + ignoreID := cmp.FilterPath(func(p cmp.Path) bool { + return strings.Compare(".ID", p[len(p)-1].String()) == 0 + }, cmp.Ignore()) + ctx := context.Background() + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + for _, i := range test.Ingests { + _, err := b.IngestVulnerability(ctx, *i) + if (err != nil) != test.ExpIngestErr { + t.Fatalf("did not get expected ingest error, want: %v, got: %v", test.ExpIngestErr, err) + } + if err != nil { + return + } + } + got, err := b.Vulnerabilities(ctx, test.Query) + if (err != nil) != test.ExpQueryErr { + t.Fatalf("did not get expected query error, want: %v, got: %v", test.ExpQueryErr, err) + } + if err != nil { + return + } + slices.SortFunc(got, lessCve) + if diff := cmp.Diff(test.Exp, got, ignoreID); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + }) + } +} + +func TestIngestVulnerabilities(t *testing.T) { + tests := []struct { + name string + ingests []*model.VulnerabilityInputSpec + exp []*model.Vulnerability + }{{ + name: "Multiple", + ingests: []*model.VulnerabilityInputSpec{c1, c2, c3}, + exp: []*model.Vulnerability{ + { + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c1out}, + }, + { + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c2out}, + }, + { + Type: "cve", + VulnerabilityIDs: []*model.VulnerabilityID{c3out}, + }, + }, + }} + ignoreID := cmp.FilterPath(func(p cmp.Path) bool { + return strings.Compare(".ID", p[len(p)-1].String()) == 0 + }, cmp.Ignore()) + ctx := context.Background() + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + b, err := inmem.GetBackend(nil) + if err != nil { + t.Fatalf("Could not instantiate testing backend: %v", err) + } + got, err := b.IngestVulnerabilities(ctx, test.ingests) + if err != nil { + t.Fatalf("ingest error: %v", err) + return + } + if diff := cmp.Diff(test.exp, got, ignoreID); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + }) + } +} diff --git a/pkg/assembler/backends/neo4j/certifyVEXStatement.go b/pkg/assembler/backends/neo4j/certifyVEXStatement.go index 31151434e8..afcf06d44d 100644 --- a/pkg/assembler/backends/neo4j/certifyVEXStatement.go +++ b/pkg/assembler/backends/neo4j/certifyVEXStatement.go @@ -18,631 +18,629 @@ package neo4j import ( "context" "fmt" - "strings" - "time" - "github.com/guacsec/guac/pkg/assembler/backends/helper" "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" - "github.com/neo4j/neo4j-go-driver/v4/neo4j/dbtype" - "github.com/vektah/gqlparser/v2/gqlerror" ) +// TODO (pxp928): fix for new vulnerability func (c *neo4jClient) CertifyVEXStatement(ctx context.Context, certifyVEXStatementSpec *model.CertifyVEXStatementSpec) ([]*model.CertifyVEXStatement, error) { - // TODO: Fix validation - querySubjectAll := true - // querySubjectAll, err := helper.ValidatePackageOrArtifactQueryInput(certifyVEXStatementSpec.Subject) - // if err != nil { - // return nil, err + // // TODO: Fix validation + // querySubjectAll := true + // // querySubjectAll, err := helper.ValidatePackageOrArtifactQueryInput(certifyVEXStatementSpec.Subject) + // // if err != nil { + // // return nil, err + // // } + + // // TODO: Fix validation + // queryVulnAll := true + // // queryVulnAll, err := helper.ValidateCveOrGhsaQueryInput(certifyVEXStatementSpec.Vulnerability) + // // if err != nil { + // // return nil, err + // // } + + // queryAll := false + // if querySubjectAll && queryVulnAll { + // queryAll = true // } - // TODO: Fix validation - queryVulnAll := true - // queryVulnAll, err := helper.ValidateCveOrGhsaQueryInput(certifyVEXStatementSpec.Vulnerability) - // if err != nil { - // return nil, err + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) + // defer session.Close() + + // aggregateCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query CVE + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVEXStatement, cveYear.year, cveID.id" + + // // query with pkgVersion + // query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(cveID:CveID)<-[:CveHasID]" + + // "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { + // setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil { + // setCveMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Cve, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := result.Record().Values[8].(string) + // yearStr := result.Record().Values[7].(int) + // cve := generateModelCve(yearStr, idStr) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, cve, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) // } - queryAll := false - if querySubjectAll && queryVulnAll { - queryAll = true - } - - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - aggregateCertifyVEXStatement := []*model.CertifyVEXStatement{} - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query CVE - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVEXStatement, cveYear.year, cveID.id" - - // query with pkgVersion - query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(cveID:CveID)<-[:CveHasID]" + - "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { - setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil { - setCveMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Cve, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := result.Record().Values[8].(string) - yearStr := result.Record().Values[7].(int) - cve := generateModelCve(yearStr, idStr) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, cve, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVEXStatement, ghsaID.id" - - // query with pkgVersion - query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(ghsaID:GhsaID)<-[:GhsaHasID]" + - "-(rootGhsa:Ghsa)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { - setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil { - setGhsaMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Ghsa, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := result.Record().Values[7].(string) - ghsa := generateModelGhsa(idStr) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, ghsa, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, osvID.id" - - // query with pkgVersion - query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(osvID:OsvID)<-[:OsvHasID]" + - "-(rootOsv:Osv)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { - setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil { - setOSVMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Osv, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - id := result.Record().Values[7].(string) - osv := generateModelOsv(id) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, osv, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query CVE - returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, cveYear.year, cveID.id" - - // query artifact - query := "MATCH (a:Artifact)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(cveID:CveID)<-[:CveHasID]" + - "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { - setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil { - setCveMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Cve, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - algorithm := result.Record().Values[0].(string) - digest := result.Record().Values[1].(string) - artifact := generateModelArtifact(algorithm, digest) - - idStr := result.Record().Values[4].(string) - yearStr := result.Record().Values[3].(int) - cve := generateModelCve(yearStr, idStr) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, cve, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, ghsaID.id" - - // query artifact - query := "MATCH (a:Artifact)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(ghsaID:GhsaID)<-[:GhsaHasID]" + - "-(rootGhsa:Ghsa)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { - setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil { - setGhsaMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Ghsa, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - algorithm := result.Record().Values[0].(string) - digest := result.Record().Values[1].(string) - artifact := generateModelArtifact(algorithm, digest) - - idStr := result.Record().Values[3].(string) - ghsa := generateModelGhsa(idStr) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, ghsa, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) || - (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || - (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && - certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, osvID.id" - - // query artifact - query := "MATCH (a:Artifact)" + - "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(osvID:OsvID)<-[:OsvHasID]" + - "-(rootOsv:Osv)" - sb.WriteString(query) - - if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { - setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) - } - if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil { - setOSVMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Osv, &firstMatch, queryValues) - } - setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} - - for result.Next() { - algorithm := result.Record().Values[0].(string) - digest := result.Record().Values[1].(string) - artifact := generateModelArtifact(algorithm, digest) - - id := result.Record().Values[7].(string) - osv := generateModelOsv(id) - - certifyVEXStatementNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") - } - - certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, osv, certifyVEXStatementNode.Props[status].(string), - certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), - certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), - certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) - - if err != nil { - return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) - } - - collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVEXStatement, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) - } - - return aggregateCertifyVEXStatement, nil -} + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVEXStatement, ghsaID.id" + + // // query with pkgVersion + // query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(ghsaID:GhsaID)<-[:GhsaHasID]" + + // "-(rootGhsa:Ghsa)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { + // setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil { + // setGhsaMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Ghsa, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := result.Record().Values[7].(string) + // ghsa := generateModelGhsa(idStr) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, ghsa, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) + // } -func setCertifyVEXStatementValues(sb *strings.Builder, certifyVEXStatementSpec *model.CertifyVEXStatementSpec, firstMatch *bool, queryValues map[string]any) { - if certifyVEXStatementSpec.KnownSince != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", knownSince, "$"+knownSince) - *firstMatch = false - queryValues[knownSince] = certifyVEXStatementSpec.KnownSince.UTC() - } - if certifyVEXStatementSpec.Status != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", status, "$"+status) - *firstMatch = false - queryValues["status"] = certifyVEXStatementSpec.Status.String() - } - if certifyVEXStatementSpec.Statement != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", statement, "$"+statement) - *firstMatch = false - queryValues["statement"] = certifyVEXStatementSpec.Statement - } - if certifyVEXStatementSpec.StatusNotes != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", statusNotes, "$"+statusNotes) - *firstMatch = false - queryValues["statusNotes"] = certifyVEXStatementSpec.StatusNotes - } - if certifyVEXStatementSpec.VexJustification != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", justification, "$"+justification) - *firstMatch = false - queryValues["justification"] = certifyVEXStatementSpec.VexJustification.String() - } - if certifyVEXStatementSpec.Origin != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", origin, "$"+origin) - *firstMatch = false - queryValues[origin] = certifyVEXStatementSpec.Origin - } - if certifyVEXStatementSpec.Collector != nil { - matchProperties(sb, *firstMatch, "certifyVEXStatement", collector, "$"+collector) - *firstMatch = false - queryValues[collector] = certifyVEXStatementSpec.Collector - } -} + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, osvID.id" + + // // query with pkgVersion + // query := "MATCH (root:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(osvID:OsvID)<-[:OsvHasID]" + + // "-(rootOsv:Osv)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Package != nil { + // setPkgMatchValues(&sb, certifyVEXStatementSpec.Subject.Package, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil { + // setOSVMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Osv, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // id := result.Record().Values[7].(string) + // osv := generateModelOsv(id) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(pkg, osv, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) + // } -func generateModelCertifyVEXStatement(subject model.PackageOrArtifact, vuln model.Vulnerability, status, statement, statusNotes, justification, origin, collector string, knownSince time.Time) (*model.CertifyVEXStatement, error) { - vexStatus, err := convertStatusToEnum(status) - if err != nil { - return nil, fmt.Errorf("convertStatusToEnum failed with error: %w", err) - } - - vexJustification, err := convertJustificationToEnum(justification) - if err != nil { - return nil, fmt.Errorf("convertJustificationToEnum failed with error: %w", err) - } - - certifyVEXStatement := model.CertifyVEXStatement{ - Subject: subject, - Vulnerability: vuln, - Status: vexStatus, - VexJustification: vexJustification, - Statement: statement, - StatusNotes: statusNotes, - KnownSince: knownSince, - Origin: origin, - Collector: collector, - } - return &certifyVEXStatement, nil -} + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query CVE + // returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, cveYear.year, cveID.id" + + // // query artifact + // query := "MATCH (a:Artifact)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(cveID:CveID)<-[:CveHasID]" + + // "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { + // setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Cve != nil { + // setCveMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Cve, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + // algorithm := result.Record().Values[0].(string) + // digest := result.Record().Values[1].(string) + // artifact := generateModelArtifact(algorithm, digest) + + // idStr := result.Record().Values[4].(string) + // yearStr := result.Record().Values[3].(int) + // cve := generateModelCve(yearStr, idStr) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, cve, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) + // } -func convertStatusToEnum(status string) (model.VexStatus, error) { - if status == model.VexStatusNotAffected.String() { - return model.VexStatusAffected, nil - } - if status == model.VexStatusAffected.String() { - return model.VexStatusAffected, nil - } - if status == model.VexStatusFixed.String() { - return model.VexStatusFixed, nil - } - if status == model.VexStatusUnderInvestigation.String() { - return model.VexStatusUnderInvestigation, nil - } - return model.VexStatusAffected, fmt.Errorf("failed to convert status to enum") -} + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, ghsaID.id" + + // // query artifact + // query := "MATCH (a:Artifact)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(ghsaID:GhsaID)<-[:GhsaHasID]" + + // "-(rootGhsa:Ghsa)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { + // setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Ghsa != nil { + // setGhsaMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Ghsa, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + // algorithm := result.Record().Values[0].(string) + // digest := result.Record().Values[1].(string) + // artifact := generateModelArtifact(algorithm, digest) + + // idStr := result.Record().Values[3].(string) + // ghsa := generateModelGhsa(idStr) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, ghsa, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) + // } + + // if queryAll || (querySubjectAll && certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) || + // (queryVulnAll && certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil) || + // (certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil && + // certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN a.algorithm, a.digest, certifyVEXStatement, osvID.id" + + // // query artifact + // query := "MATCH (a:Artifact)" + + // "-[:subject]-(certifyVEXStatement:CertifyVEXStatement)-[:about]-(osvID:OsvID)<-[:OsvHasID]" + + // "-(rootOsv:Osv)" + // sb.WriteString(query) + + // if certifyVEXStatementSpec.Subject != nil && certifyVEXStatementSpec.Subject.Artifact != nil { + // setArtifactMatchValues(&sb, certifyVEXStatementSpec.Subject.Artifact, false, &firstMatch, queryValues) + // } + // if certifyVEXStatementSpec.Vulnerability != nil && certifyVEXStatementSpec.Vulnerability.Osv != nil { + // setOSVMatchValues(&sb, certifyVEXStatementSpec.Vulnerability.Osv, &firstMatch, queryValues) + // } + // setCertifyVEXStatementValues(&sb, certifyVEXStatementSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVEXStatement := []*model.CertifyVEXStatement{} + + // for result.Next() { + // algorithm := result.Record().Values[0].(string) + // digest := result.Record().Values[1].(string) + // artifact := generateModelArtifact(algorithm, digest) + + // id := result.Record().Values[7].(string) + // osv := generateModelOsv(id) + + // certifyVEXStatementNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVEXStatementNode = result.Record().Values[2].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVEXStatement Node not found in neo4j") + // } + + // certifyVEXStatement, err := generateModelCertifyVEXStatement(artifact, osv, certifyVEXStatementNode.Props[status].(string), + // certifyVEXStatementNode.Props[statement].(string), certifyVEXStatementNode.Props[statusNotes].(string), + // certifyVEXStatementNode.Props[justification].(string), certifyVEXStatementNode.Props[origin].(string), + // certifyVEXStatementNode.Props[collector].(string), certifyVEXStatementNode.Props[knownSince].(time.Time)) + + // if err != nil { + // return nil, gqlerror.Errorf("generateModelCertifyVEXStatement failed due to error: %v", err) + // } + + // collectedCertifyVEXStatement = append(collectedCertifyVEXStatement, certifyVEXStatement) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVEXStatement, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVEXStatement = append(aggregateCertifyVEXStatement, result.([]*model.CertifyVEXStatement)...) + // } -func convertJustificationToEnum(justification string) (model.VexJustification, error) { - if justification == model.VexJustificationNotProvided.String() { - return model.VexJustificationNotProvided, nil - } - if justification == model.VexJustificationComponentNotPresent.String() { - return model.VexJustificationComponentNotPresent, nil - } - if justification == model.VexJustificationVulnerableCodeNotPresent.String() { - return model.VexJustificationVulnerableCodeNotPresent, nil - } - if justification == model.VexJustificationVulnerableCodeNotInExecutePath.String() { - return model.VexJustificationVulnerableCodeNotInExecutePath, nil - } - if justification == model.VexJustificationVulnerableCodeCannotBeControlledByAdversary.String() { - return model.VexJustificationVulnerableCodeCannotBeControlledByAdversary, nil - } - if justification == model.VexJustificationInlineMitigationsAlreadyExist.String() { - return model.VexJustificationInlineMitigationsAlreadyExist, nil - } - if justification == model.VexJustificationNotProvided.String() { - return model.VexJustificationNotProvided, nil - } - return model.VexJustificationNotProvided, fmt.Errorf("failed to convert justification to enum") + // return aggregateCertifyVEXStatement, nil + return []*model.CertifyVEXStatement{}, fmt.Errorf("not implemented - CertifyVEXStatement") } -func (c *neo4jClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { - - err := helper.ValidatePackageOrArtifactInput(&subject, "IngestVEXStatement") - if err != nil { - return nil, err - } - err = helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVEXStatement", false) - if err != nil { - return nil, err - } - panic(fmt.Errorf("not implemented: IngestVEXStatement - IngestVEXStatement")) +// func setCertifyVEXStatementValues(sb *strings.Builder, certifyVEXStatementSpec *model.CertifyVEXStatementSpec, firstMatch *bool, queryValues map[string]any) { +// if certifyVEXStatementSpec.KnownSince != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", knownSince, "$"+knownSince) +// *firstMatch = false +// queryValues[knownSince] = certifyVEXStatementSpec.KnownSince.UTC() +// } +// if certifyVEXStatementSpec.Status != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", status, "$"+status) +// *firstMatch = false +// queryValues["status"] = certifyVEXStatementSpec.Status.String() +// } +// if certifyVEXStatementSpec.Statement != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", statement, "$"+statement) +// *firstMatch = false +// queryValues["statement"] = certifyVEXStatementSpec.Statement +// } +// if certifyVEXStatementSpec.StatusNotes != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", statusNotes, "$"+statusNotes) +// *firstMatch = false +// queryValues["statusNotes"] = certifyVEXStatementSpec.StatusNotes +// } +// if certifyVEXStatementSpec.VexJustification != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", justification, "$"+justification) +// *firstMatch = false +// queryValues["justification"] = certifyVEXStatementSpec.VexJustification.String() +// } +// if certifyVEXStatementSpec.Origin != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", origin, "$"+origin) +// *firstMatch = false +// queryValues[origin] = certifyVEXStatementSpec.Origin +// } +// if certifyVEXStatementSpec.Collector != nil { +// matchProperties(sb, *firstMatch, "certifyVEXStatement", collector, "$"+collector) +// *firstMatch = false +// queryValues[collector] = certifyVEXStatementSpec.Collector +// } +// } + +// func generateModelCertifyVEXStatement(subject model.PackageOrArtifact, vuln model.Vulnerability, status, statement, statusNotes, justification, origin, collector string, knownSince time.Time) (*model.CertifyVEXStatement, error) { +// vexStatus, err := convertStatusToEnum(status) +// if err != nil { +// return nil, fmt.Errorf("convertStatusToEnum failed with error: %w", err) +// } + +// vexJustification, err := convertJustificationToEnum(justification) +// if err != nil { +// return nil, fmt.Errorf("convertJustificationToEnum failed with error: %w", err) +// } + +// certifyVEXStatement := model.CertifyVEXStatement{ +// Subject: subject, +// Vulnerability: vuln, +// Status: vexStatus, +// VexJustification: vexJustification, +// Statement: statement, +// StatusNotes: statusNotes, +// KnownSince: knownSince, +// Origin: origin, +// Collector: collector, +// } +// return &certifyVEXStatement, nil +// } + +// func convertStatusToEnum(status string) (model.VexStatus, error) { +// if status == model.VexStatusNotAffected.String() { +// return model.VexStatusAffected, nil +// } +// if status == model.VexStatusAffected.String() { +// return model.VexStatusAffected, nil +// } +// if status == model.VexStatusFixed.String() { +// return model.VexStatusFixed, nil +// } +// if status == model.VexStatusUnderInvestigation.String() { +// return model.VexStatusUnderInvestigation, nil +// } +// return model.VexStatusAffected, fmt.Errorf("failed to convert status to enum") +// } + +// func convertJustificationToEnum(justification string) (model.VexJustification, error) { +// if justification == model.VexJustificationNotProvided.String() { +// return model.VexJustificationNotProvided, nil +// } +// if justification == model.VexJustificationComponentNotPresent.String() { +// return model.VexJustificationComponentNotPresent, nil +// } +// if justification == model.VexJustificationVulnerableCodeNotPresent.String() { +// return model.VexJustificationVulnerableCodeNotPresent, nil +// } +// if justification == model.VexJustificationVulnerableCodeNotInExecutePath.String() { +// return model.VexJustificationVulnerableCodeNotInExecutePath, nil +// } +// if justification == model.VexJustificationVulnerableCodeCannotBeControlledByAdversary.String() { +// return model.VexJustificationVulnerableCodeCannotBeControlledByAdversary, nil +// } +// if justification == model.VexJustificationInlineMitigationsAlreadyExist.String() { +// return model.VexJustificationInlineMitigationsAlreadyExist, nil +// } +// if justification == model.VexJustificationNotProvided.String() { +// return model.VexJustificationNotProvided, nil +// } +// return model.VexJustificationNotProvided, fmt.Errorf("failed to convert justification to enum") +// } + +func (c *neo4jClient) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { + + // err := helper.ValidatePackageOrArtifactInput(&subject, "IngestVEXStatement") + // if err != nil { + // return nil, err + // } + // err = helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVEXStatement", false) + // if err != nil { + // return nil, err + // } + // panic(fmt.Errorf("not implemented: IngestVEXStatement - IngestVEXStatement")) + return nil, fmt.Errorf("not implemented - IngestVEXStatement") + } diff --git a/pkg/assembler/backends/neo4j/certifyVuln.go b/pkg/assembler/backends/neo4j/certifyVuln.go index 76d4e47c2f..5ea37ff630 100644 --- a/pkg/assembler/backends/neo4j/certifyVuln.go +++ b/pkg/assembler/backends/neo4j/certifyVuln.go @@ -17,14 +17,9 @@ package neo4j import ( "context" - "strings" - "time" + "fmt" - "github.com/guacsec/guac/pkg/assembler/backends/helper" "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" - "github.com/neo4j/neo4j-go-driver/v4/neo4j/dbtype" - "github.com/vektah/gqlparser/v2/gqlerror" ) const ( @@ -36,526 +31,529 @@ const ( // Query CertifyVuln +// TODO (pxp928): fix for new vulnerability func (c *neo4jClient) CertifyVuln(ctx context.Context, certifyVulnSpec *model.CertifyVulnSpec) ([]*model.CertifyVuln, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - // TODO: Fix validation - queryAll := true - // queryAll, err := helper.ValidateVulnerabilityQueryInput(certifyVulnSpec.Vulnerability) - // if err != nil { - // return nil, err + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) + // defer session.Close() + + // // TODO: Fix validation + // queryAll := true + // // queryAll, err := helper.ValidateVulnerabilityQueryInput(certifyVulnSpec.Vulnerability) + // // if err != nil { + // // return nil, err + // // } + + // aggregateCertifyVuln := []*model.CertifyVuln{} + + // if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Cve != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query CVE + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, cveYear.year, cveID.id" + + // // query with pkgVersion + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(cveID:CveID)<-[:CveHasID]" + + // "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" + // sb.WriteString(query) + + // setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) + // if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Cve != nil { + // setCveMatchValues(&sb, certifyVulnSpec.Vulnerability.Cve, &firstMatch, queryValues) + // } + // setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVuln := []*model.CertifyVuln{} + + // for result.Next() { + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := result.Record().Values[8].(string) + // yearStr := result.Record().Values[7].(int) + // cve := generateModelCve(yearStr, idStr) + + // certifyVulnNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVulnNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, cve, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) // } - aggregateCertifyVuln := []*model.CertifyVuln{} - - if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Cve != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query CVE - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, cveYear.year, cveID.id" - - // query with pkgVersion - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(cveID:CveID)<-[:CveHasID]" + - "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" - sb.WriteString(query) - - setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) - if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Cve != nil { - setCveMatchValues(&sb, certifyVulnSpec.Vulnerability.Cve, &firstMatch, queryValues) - } - setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVuln := []*model.CertifyVuln{} - - for result.Next() { - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := result.Record().Values[8].(string) - yearStr := result.Record().Values[7].(int) - cve := generateModelCve(yearStr, idStr) - - certifyVulnNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVulnNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, cve, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVuln, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) - } - - if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Ghsa != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, ghsaID.id" - - // query with pkgVersion - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(ghsaID:GhsaID)<-[:GhsaHasID]" + - "-(rootGhsa:Ghsa)" - sb.WriteString(query) - - setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) - if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Ghsa != nil { - setGhsaMatchValues(&sb, certifyVulnSpec.Vulnerability.Ghsa, &firstMatch, queryValues) - } - setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVuln := []*model.CertifyVuln{} - - for result.Next() { - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := result.Record().Values[7].(string) - ghsa := generateModelGhsa(idStr) - - certifyVulnNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVulnNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, ghsa, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVuln, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) - } - - if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Osv != nil) { - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query ghsa - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, osvID.id" - - // query with pkgVersion - //(root:Osv)-[:OsvHasID]->(osvID:OsvID) - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + - "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(osvID:OsvID)<-[:OsvHasID]" + - "-(rootOsv:Osv)" - sb.WriteString(query) - - setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) - if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Osv != nil { - setOSVMatchValues(&sb, certifyVulnSpec.Vulnerability.Osv, &firstMatch, queryValues) - } - setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedCertifyVuln := []*model.CertifyVuln{} - - for result.Next() { - pkgQualifiers := result.Record().Values[5] - subPath := result.Record().Values[4] - version := result.Record().Values[3] - nameString := result.Record().Values[2].(string) - namespaceString := result.Record().Values[1].(string) - typeString := result.Record().Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - id := result.Record().Values[7].(string) - osv := generateModelOsv(id) - - certifyVulnNode := dbtype.Node{} - if result.Record().Values[1] != nil { - certifyVulnNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, osv, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedCertifyVuln, nil - }) - if err != nil { - return nil, err - } - aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) - } - return aggregateCertifyVuln, nil -} + // if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Ghsa != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, ghsaID.id" + + // // query with pkgVersion + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(ghsaID:GhsaID)<-[:GhsaHasID]" + + // "-(rootGhsa:Ghsa)" + // sb.WriteString(query) + + // setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) + // if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Ghsa != nil { + // setGhsaMatchValues(&sb, certifyVulnSpec.Vulnerability.Ghsa, &firstMatch, queryValues) + // } + // setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVuln := []*model.CertifyVuln{} + + // for result.Next() { + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := result.Record().Values[7].(string) + // ghsa := generateModelGhsa(idStr) + + // certifyVulnNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVulnNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, ghsa, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) + // } -func setCertifyVulnValues(sb *strings.Builder, certifyVulnSpec *model.CertifyVulnSpec, firstMatch *bool, queryValues map[string]any) { - if certifyVulnSpec.TimeScanned != nil { - matchProperties(sb, *firstMatch, "certifyVuln", timeScanned, "$"+timeScanned) - *firstMatch = false - queryValues[timeScanned] = certifyVulnSpec.TimeScanned.UTC() - } - if certifyVulnSpec.DbURI != nil { - matchProperties(sb, *firstMatch, "certifyVuln", dbUri, "$"+dbUri) - *firstMatch = false - queryValues[dbUri] = certifyVulnSpec.DbURI - } - if certifyVulnSpec.DbVersion != nil { - matchProperties(sb, *firstMatch, "certifyVuln", dbVersion, "$"+dbVersion) - *firstMatch = false - queryValues[dbVersion] = certifyVulnSpec.DbVersion - } - if certifyVulnSpec.ScannerURI != nil { - matchProperties(sb, *firstMatch, "certifyVuln", scannerUri, "$"+scannerUri) - *firstMatch = false - queryValues[scannerUri] = certifyVulnSpec.ScannerURI - } - if certifyVulnSpec.ScannerVersion != nil { - matchProperties(sb, *firstMatch, "certifyVuln", scannerVersion, "$"+scannerVersion) - *firstMatch = false - queryValues[scannerVersion] = certifyVulnSpec.ScannerVersion - } - if certifyVulnSpec.Origin != nil { - matchProperties(sb, *firstMatch, "certifyVuln", origin, "$"+origin) - *firstMatch = false - queryValues[origin] = certifyVulnSpec.Origin - } - if certifyVulnSpec.Collector != nil { - matchProperties(sb, *firstMatch, "certifyVuln", collector, "$"+collector) - *firstMatch = false - queryValues[collector] = certifyVulnSpec.Collector - } + // if queryAll || (certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Osv != nil) { + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query ghsa + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, osvID.id" + + // // query with pkgVersion + // //(root:Osv)-[:OsvHasID]->(osvID:OsvID) + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // "-[:subject]-(certifyVuln:CertifyVuln)-[:is_vuln_to]-(osvID:OsvID)<-[:OsvHasID]" + + // "-(rootOsv:Osv)" + // sb.WriteString(query) + + // setPkgMatchValues(&sb, certifyVulnSpec.Package, false, &firstMatch, queryValues) + // if certifyVulnSpec.Vulnerability != nil && certifyVulnSpec.Vulnerability.Osv != nil { + // setOSVMatchValues(&sb, certifyVulnSpec.Vulnerability.Osv, &firstMatch, queryValues) + // } + // setCertifyVulnValues(&sb, certifyVulnSpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedCertifyVuln := []*model.CertifyVuln{} + + // for result.Next() { + // pkgQualifiers := result.Record().Values[5] + // subPath := result.Record().Values[4] + // version := result.Record().Values[3] + // nameString := result.Record().Values[2].(string) + // namespaceString := result.Record().Values[1].(string) + // typeString := result.Record().Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // id := result.Record().Values[7].(string) + // osv := generateModelOsv(id) + + // certifyVulnNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // certifyVulnNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, osv, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // collectedCertifyVuln = append(collectedCertifyVuln, certifyVuln) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedCertifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateCertifyVuln = append(aggregateCertifyVuln, result.([]*model.CertifyVuln)...) + // } + // return aggregateCertifyVuln, nil + return []*model.CertifyVuln{}, fmt.Errorf("not implemented - CertifyVuln") } -func generateModelCertifyVuln(pkg *model.Package, vuln model.Vulnerability, timeScanned time.Time, dbUri, dbVersion, scannerUri, - scannerVersion, origin, collector string) *model.CertifyVuln { - - metadata := &model.VulnerabilityMetaData{ - TimeScanned: timeScanned, - DbURI: dbUri, - DbVersion: dbVersion, - ScannerURI: scannerUri, - ScannerVersion: scannerVersion, - Origin: origin, - Collector: collector, - } - - certifyVuln := model.CertifyVuln{ - Package: pkg, - Vulnerability: vuln, - Metadata: metadata, - } - return &certifyVuln -} +// func setCertifyVulnValues(sb *strings.Builder, certifyVulnSpec *model.CertifyVulnSpec, firstMatch *bool, queryValues map[string]any) { +// if certifyVulnSpec.TimeScanned != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", timeScanned, "$"+timeScanned) +// *firstMatch = false +// queryValues[timeScanned] = certifyVulnSpec.TimeScanned.UTC() +// } +// if certifyVulnSpec.DbURI != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", dbUri, "$"+dbUri) +// *firstMatch = false +// queryValues[dbUri] = certifyVulnSpec.DbURI +// } +// if certifyVulnSpec.DbVersion != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", dbVersion, "$"+dbVersion) +// *firstMatch = false +// queryValues[dbVersion] = certifyVulnSpec.DbVersion +// } +// if certifyVulnSpec.ScannerURI != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", scannerUri, "$"+scannerUri) +// *firstMatch = false +// queryValues[scannerUri] = certifyVulnSpec.ScannerURI +// } +// if certifyVulnSpec.ScannerVersion != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", scannerVersion, "$"+scannerVersion) +// *firstMatch = false +// queryValues[scannerVersion] = certifyVulnSpec.ScannerVersion +// } +// if certifyVulnSpec.Origin != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", origin, "$"+origin) +// *firstMatch = false +// queryValues[origin] = certifyVulnSpec.Origin +// } +// if certifyVulnSpec.Collector != nil { +// matchProperties(sb, *firstMatch, "certifyVuln", collector, "$"+collector) +// *firstMatch = false +// queryValues[collector] = certifyVulnSpec.Collector +// } +// } + +// func generateModelCertifyVuln(pkg *model.Package, vuln model.Vulnerability, timeScanned time.Time, dbUri, dbVersion, scannerUri, +// scannerVersion, origin, collector string) *model.CertifyVuln { + +// metadata := &model.VulnerabilityMetaData{ +// TimeScanned: timeScanned, +// DbURI: dbUri, +// DbVersion: dbVersion, +// ScannerURI: scannerUri, +// ScannerVersion: scannerVersion, +// Origin: origin, +// Collector: collector, +// } + +// certifyVuln := model.CertifyVuln{ +// Package: pkg, +// Vulnerability: vuln, +// Metadata: metadata, +// } +// return &certifyVuln +// } // Ingest Vulnerability -func (c *neo4jClient) IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) { - - err := helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVulnerability", true) - if err != nil { - return nil, err - } - - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) - defer session.Close() - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - queryValues[timeScanned] = certifyVuln.TimeScanned.UTC() - queryValues[dbUri] = certifyVuln.DbURI - queryValues[dbVersion] = certifyVuln.DbVersion - queryValues[scannerUri] = certifyVuln.ScannerURI - queryValues[scannerVersion] = certifyVuln.ScannerVersion - queryValues[origin] = certifyVuln.Origin - queryValues[collector] = certifyVuln.Collector - - // TODO: use generics here between PkgInputSpec and PkgSpecs? - selectedPkgSpec := helper.ConvertPkgInputSpecToPkgSpec(&pkg) - - if vulnerability.Osv != nil { - selectedOsvSepc := helper.ConvertOsvInputSpecToOsvSpec(vulnerability.Osv) - - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, osvID.id" - - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" - - sb.WriteString(query) - setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) - - query = "\nMATCH (rootOsv:Osv)-[:OsvHasID]->(osvID:OsvID)" - sb.WriteString(query) - firstMatch = true - setOSVMatchValues(&sb, selectedOsvSepc, &firstMatch, queryValues) - - merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + - "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + - "-[:is_vuln_to]->(osvID)" - sb.WriteString(merge) - sb.WriteString(returnValue) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - pkgQualifiers := record.Values[5] - subPath := record.Values[4] - version := record.Values[3] - nameString := record.Values[2].(string) - namespaceString := record.Values[1].(string) - typeString := record.Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - id := record.Values[7].(string) - osv := generateModelOsv(id) - - certifyVulnNode := dbtype.Node{} - if record.Values[1] != nil { - certifyVulnNode = record.Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, osv, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - return certifyVuln, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.CertifyVuln), nil - } else if vulnerability.Cve != nil { - selectedCveSepc := helper.ConvertCveInputSpecToCveSpec(vulnerability.Cve) - - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, cveYear.year, cveID.id" - - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" - - sb.WriteString(query) - setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) - - query = "\nMATCH (rootCve:Cve)-[:CveIsYear]->(cveYear:CveYear)-[:CveHasID]->(cveID:CveID)" - sb.WriteString(query) - firstMatch = true - setCveMatchValues(&sb, selectedCveSepc, &firstMatch, queryValues) - - merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + - "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + - "-[:is_vuln_to]->(cveID)" - sb.WriteString(merge) - sb.WriteString(returnValue) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - pkgQualifiers := record.Values[5] - subPath := record.Values[4] - version := record.Values[3] - nameString := record.Values[2].(string) - namespaceString := record.Values[1].(string) - typeString := record.Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := record.Values[8].(string) - yearStr := record.Values[7].(int) - cve := generateModelCve(yearStr, idStr) - - certifyVulnNode := dbtype.Node{} - if record.Values[1] != nil { - certifyVulnNode = record.Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, cve, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - return certifyVuln, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.CertifyVuln), nil - } else if vulnerability.Ghsa != nil { - selectedGhsaSepc := helper.ConvertGhsaInputSpecToGhsaSpec(vulnerability.Ghsa) - - returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + - "version.qualifier_list, certifyVuln, ghsaID.id" - - query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + - "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" - - sb.WriteString(query) - setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) - - query = "\nMATCH (rootGhsa:Ghsa)-[:GhsaHasID]->(ghsaID:GhsaID)" - sb.WriteString(query) - firstMatch = true - setGhsaMatchValues(&sb, selectedGhsaSepc, &firstMatch, queryValues) - - merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + - "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + - "-[:is_vuln_to]->(ghsaID)" - sb.WriteString(merge) - sb.WriteString(returnValue) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - pkgQualifiers := record.Values[5] - subPath := record.Values[4] - version := record.Values[3] - nameString := record.Values[2].(string) - namespaceString := record.Values[1].(string) - typeString := record.Values[0].(string) - - pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) - - idStr := record.Values[7].(string) - ghsa := generateModelGhsa(idStr) - - certifyVulnNode := dbtype.Node{} - if record.Values[1] != nil { - certifyVulnNode = record.Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") - } - - certifyVuln := generateModelCertifyVuln(pkg, ghsa, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), - certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), - certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) - - return certifyVuln, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.CertifyVuln), nil - } else { - return nil, gqlerror.Errorf("package or source not specified for IngestOccurrence") - } +func (c *neo4jClient) IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) { + + // err := helper.ValidateVulnerabilityIngestionInput(vulnerability, "IngestVulnerability", true) + // if err != nil { + // return nil, err + // } + + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) + // defer session.Close() + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // queryValues[timeScanned] = certifyVuln.TimeScanned.UTC() + // queryValues[dbUri] = certifyVuln.DbURI + // queryValues[dbVersion] = certifyVuln.DbVersion + // queryValues[scannerUri] = certifyVuln.ScannerURI + // queryValues[scannerVersion] = certifyVuln.ScannerVersion + // queryValues[origin] = certifyVuln.Origin + // queryValues[collector] = certifyVuln.Collector + + // // TODO: use generics here between PkgInputSpec and PkgSpecs? + // selectedPkgSpec := helper.ConvertPkgInputSpecToPkgSpec(&pkg) + + // if vulnerability.Osv != nil { + // selectedOsvSepc := helper.ConvertOsvInputSpecToOsvSpec(vulnerability.Osv) + + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, osvID.id" + + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // sb.WriteString(query) + // setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) + + // query = "\nMATCH (rootOsv:Osv)-[:OsvHasID]->(osvID:OsvID)" + // sb.WriteString(query) + // firstMatch = true + // setOSVMatchValues(&sb, selectedOsvSepc, &firstMatch, queryValues) + + // merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + + // "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + + // "-[:is_vuln_to]->(osvID)" + // sb.WriteString(merge) + // sb.WriteString(returnValue) + + // result, err := session.WriteTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // // query returns a single record + // record, err := result.Single() + // if err != nil { + // return nil, err + // } + + // pkgQualifiers := record.Values[5] + // subPath := record.Values[4] + // version := record.Values[3] + // nameString := record.Values[2].(string) + // namespaceString := record.Values[1].(string) + // typeString := record.Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // id := record.Values[7].(string) + // osv := generateModelOsv(id) + + // certifyVulnNode := dbtype.Node{} + // if record.Values[1] != nil { + // certifyVulnNode = record.Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, osv, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // return certifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + + // return result.(*model.CertifyVuln), nil + // } else if vulnerability.Cve != nil { + // selectedCveSepc := helper.ConvertCveInputSpecToCveSpec(vulnerability.Cve) + + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, cveYear.year, cveID.id" + + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // sb.WriteString(query) + // setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) + + // query = "\nMATCH (rootCve:Cve)-[:CveIsYear]->(cveYear:CveYear)-[:CveHasID]->(cveID:CveID)" + // sb.WriteString(query) + // firstMatch = true + // setCveMatchValues(&sb, selectedCveSepc, &firstMatch, queryValues) + + // merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + + // "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + + // "-[:is_vuln_to]->(cveID)" + // sb.WriteString(merge) + // sb.WriteString(returnValue) + + // result, err := session.WriteTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // // query returns a single record + // record, err := result.Single() + // if err != nil { + // return nil, err + // } + + // pkgQualifiers := record.Values[5] + // subPath := record.Values[4] + // version := record.Values[3] + // nameString := record.Values[2].(string) + // namespaceString := record.Values[1].(string) + // typeString := record.Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := record.Values[8].(string) + // yearStr := record.Values[7].(int) + // cve := generateModelCve(yearStr, idStr) + + // certifyVulnNode := dbtype.Node{} + // if record.Values[1] != nil { + // certifyVulnNode = record.Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, cve, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // return certifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + + // return result.(*model.CertifyVuln), nil + // } else if vulnerability.Ghsa != nil { + // selectedGhsaSepc := helper.ConvertGhsaInputSpecToGhsaSpec(vulnerability.Ghsa) + + // returnValue := " RETURN type.type, namespace.namespace, name.name, version.version, version.subpath, " + + // "version.qualifier_list, certifyVuln, ghsaID.id" + + // query := "MATCH (rootPkg:Pkg)-[:PkgHasType]->(type:PkgType)-[:PkgHasNamespace]->(namespace:PkgNamespace)" + + // "-[:PkgHasName]->(name:PkgName)-[:PkgHasVersion]->(version:PkgVersion)" + + // sb.WriteString(query) + // setPkgMatchValues(&sb, selectedPkgSpec, false, &firstMatch, queryValues) + + // query = "\nMATCH (rootGhsa:Ghsa)-[:GhsaHasID]->(ghsaID:GhsaID)" + // sb.WriteString(query) + // firstMatch = true + // setGhsaMatchValues(&sb, selectedGhsaSepc, &firstMatch, queryValues) + + // merge := "\nMERGE (version)<-[:subject]-(certifyVuln:CertifyVuln{timeScanned:$timeScanned,dbUri:$dbUri," + + // "dbVersion:$dbVersion,scannerUri:$scannerUri,scannerVersion:$scannerVersion,origin:$origin,collector:$collector})" + + // "-[:is_vuln_to]->(ghsaID)" + // sb.WriteString(merge) + // sb.WriteString(returnValue) + + // result, err := session.WriteTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // // query returns a single record + // record, err := result.Single() + // if err != nil { + // return nil, err + // } + + // pkgQualifiers := record.Values[5] + // subPath := record.Values[4] + // version := record.Values[3] + // nameString := record.Values[2].(string) + // namespaceString := record.Values[1].(string) + // typeString := record.Values[0].(string) + + // pkg := generateModelPackage(typeString, namespaceString, nameString, version, subPath, pkgQualifiers) + + // idStr := record.Values[7].(string) + // ghsa := generateModelGhsa(idStr) + + // certifyVulnNode := dbtype.Node{} + // if record.Values[1] != nil { + // certifyVulnNode = record.Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("certifyVuln Node not found in neo4j") + // } + + // certifyVuln := generateModelCertifyVuln(pkg, ghsa, certifyVulnNode.Props[timeScanned].(time.Time), certifyVulnNode.Props[dbUri].(string), + // certifyVulnNode.Props[dbVersion].(string), certifyVulnNode.Props[scannerUri].(string), certifyVulnNode.Props[scannerVersion].(string), + // certifyVulnNode.Props[origin].(string), certifyVulnNode.Props[collector].(string)) + + // return certifyVuln, nil + // }) + // if err != nil { + // return nil, err + // } + + // return result.(*model.CertifyVuln), nil + // } else { + // return nil, gqlerror.Errorf("package or source not specified for IngestOccurrence") + // } + return nil, fmt.Errorf("not implemented - IngestCertifyVuln") } diff --git a/pkg/assembler/backends/neo4j/cve.go b/pkg/assembler/backends/neo4j/cve.go deleted file mode 100644 index f492f2bbac..0000000000 --- a/pkg/assembler/backends/neo4j/cve.go +++ /dev/null @@ -1,204 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package neo4j - -import ( - "context" - "fmt" - "strings" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" -) - -func (c *neo4jClient) Cve(ctx context.Context, cveSpec *model.CVESpec) ([]*model.Cve, error) { - // fields: [year cveId cveId.id] - fields := getPreloads(ctx) - cveIDImplRequired := false - for _, f := range fields { - if f == cvdID { - cveIDImplRequired = true - break - } - } - - if !cveIDImplRequired { - return c.cveYear(ctx, cveSpec) - } - - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - sb.WriteString("MATCH (root:Cve)-[:CveIsYear]->(cveYear:CveYear)-[:CveHasID]->(cveID:CveID)") - - setCveMatchValues(&sb, cveSpec, &firstMatch, queryValues) - - sb.WriteString(" RETURN cveYear.year, cveID.id") - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - // FIXME update to GHSA without root node. - // result, err := tx.Run(sb.String(), queryValues) - // if err != nil { - // return nil, err - // } - - // cvesPerYear := map[int][]*model.CVEId{} - // for result.Next() { - // cveID := &model.CVEId{ - // CveID: result.Record().Values[1].(string), - // } - // cvesPerYear[result.Record().Values[0].(int)] = append(cvesPerYear[result.Record().Values[0].(int)], cveID) - // } - // if err = result.Err(); err != nil { - // return nil, err - // } - - // cves := []*model.Cve{} - // for year := range cvesPerYear { - cve := &model.Cve{ - // Year: year, - // CveIds: cvesPerYear[year], - } - // cves = append(cves, cve) - // } - - return cve, nil - }) - if err != nil { - return nil, err - } - - return result.([]*model.Cve), nil -} - -func (c *neo4jClient) cveYear(ctx context.Context, cveSpec *model.CVESpec) ([]*model.Cve, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - var sb strings.Builder - queryValues := map[string]any{} - - sb.WriteString("MATCH (n:Cve)-[:CveIsYear]->(cveYear:CveYear)") - - if cveSpec.Year != nil { - matchProperties(&sb, true, "cveYear", "year", "$cveYear") - queryValues["cveYear"] = cveSpec.Year - } - - sb.WriteString(" RETURN cveYear.year") - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - // FIXME update to GHSA without root node. - // result, err := tx.Run(sb.String(), queryValues) - // if err != nil { - // return nil, err - // } - - // cves := []*model.Cve{} - // for result.Next() { - cve := &model.Cve{ - // Year: result.Record().Values[0].(int), - // CveIds: []*model.CVEId{}, - } - // cves = append(cves, cve) - // } - // if err = result.Err(); err != nil { - // return nil, err - // } - - return cve, nil - }) - if err != nil { - return nil, err - } - - return result.([]*model.Cve), nil -} - -func setCveMatchValues(sb *strings.Builder, cve *model.CVESpec, firstMatch *bool, queryValues map[string]any) { - if cve != nil { - if cve.Year != nil { - matchProperties(sb, *firstMatch, "cveYear", "year", "$cveYear") - queryValues["cveYear"] = cve.Year - *firstMatch = false - } - - if cve.CveID != nil { - matchProperties(sb, *firstMatch, "cveID", "id", "$cveID") - queryValues["cveID"] = strings.ToLower(*cve.CveID) - *firstMatch = false - } - } -} - -func (c *neo4jClient) IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) { - return []*model.Cve{}, fmt.Errorf("not implemented: IngestCVEs") -} - -func (c *neo4jClient) IngestCve(ctx context.Context, cve *model.CVEInputSpec) (*model.Cve, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) - defer session.Close() - - values := map[string]any{} - values["year"] = cve.Year - values["id"] = strings.ToLower(cve.CveID) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - query := `MERGE (root:Cve) -MERGE (root) -[:CveIsYear]-> (cveYear:CveYear{year:$year}) -MERGE (cveYear) -[:CveHasID]-> (cveID:CveID{id:$id}) -RETURN cveYear.year, cveID.id` - result, err := tx.Run(query, values) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - cveIdStr := record.Values[1].(string) - yearStr := record.Values[0].(int) - cve := generateModelCve(yearStr, cveIdStr) - - return cve, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.Cve), nil -} - -// TODO: update to pass in the ID from neo4j -func generateModelCve(yearStr int, idStr string) *model.Cve { - // FIXME update to GHSA without root node. - // id := &model.CVEId{CveID: idStr} - cve := model.Cve{ - Year: yearStr, - // CveIds: []*model.CVEId{id}, - } - return &cve -} diff --git a/pkg/assembler/backends/neo4j/ghsa.go b/pkg/assembler/backends/neo4j/ghsa.go deleted file mode 100644 index e0dc19ac2b..0000000000 --- a/pkg/assembler/backends/neo4j/ghsa.go +++ /dev/null @@ -1,130 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package neo4j - -import ( - "context" - "fmt" - "strings" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" -) - -func (c *neo4jClient) Ghsa(ctx context.Context, ghsaSpec *model.GHSASpec) ([]*model.Ghsa, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - sb.WriteString("MATCH (root:Ghsa)-[:GhsaHasID]->(ghsaID:GhsaID)") - - setGhsaMatchValues(&sb, ghsaSpec, &firstMatch, queryValues) - - sb.WriteString(" RETURN ghsaID.id") - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - // FIXME update to GHSA without root node. - // result, err := tx.Run(sb.String(), queryValues) - // if err != nil { - // return nil, err - // } - - // ghsaIds := []*model.GHSAId{} - // for result.Next() { - // ghsaId := &model.GHSAId{ - // GhsaID: result.Record().Values[0].(string), - // } - // ghsaIds = append(ghsaIds, ghsaId) - // } - // if err = result.Err(); err != nil { - // return nil, err - // } - - ghsa := &model.Ghsa{ - // GhsaIds: ghsaIds, - } - - return []*model.Ghsa{ghsa}, nil - }) - if err != nil { - return nil, err - } - - return result.([]*model.Ghsa), nil -} - -func setGhsaMatchValues(sb *strings.Builder, ghsa *model.GHSASpec, firstMatch *bool, queryValues map[string]any) { - if ghsa != nil { - if ghsa.GhsaID != nil { - matchProperties(sb, *firstMatch, "ghsaID", "id", "$ghsaID") - queryValues["ghsaID"] = strings.ToLower(*ghsa.GhsaID) - *firstMatch = false - } - } -} - -func (c *neo4jClient) IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) { - return []*model.Ghsa{}, fmt.Errorf("not implemented: IngestGHSAs") -} - -func (c *neo4jClient) IngestGhsa(ctx context.Context, ghsa *model.GHSAInputSpec) (*model.Ghsa, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) - defer session.Close() - - values := map[string]any{} - values["id"] = strings.ToLower(ghsa.GhsaID) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - query := `MERGE (root:Ghsa) -MERGE (root) -[:GhsaHasID]-> (ghsaID:GhsaID{id:$id}) -RETURN ghsaID.id` - result, err := tx.Run(query, values) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - ghsaID := record.Values[0].(string) - ghsa := generateModelGhsa(ghsaID) - - return ghsa, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.Ghsa), nil -} - -// TODO: update to pass in the ID from neo4j -func generateModelGhsa(id string) *model.Ghsa { - // FIXME update to GHSA without root node. - // ghsaID := &model.GHSAId{GhsaID: id} - ghsa := model.Ghsa{ - // GhsaIds: []*model.GHSAId{ghsaID}, - } - return &ghsa -} diff --git a/pkg/assembler/backends/neo4j/isVulnerability.go b/pkg/assembler/backends/neo4j/isVulnerability.go deleted file mode 100644 index 18a4277530..0000000000 --- a/pkg/assembler/backends/neo4j/isVulnerability.go +++ /dev/null @@ -1,204 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package neo4j - -import ( - "context" - "fmt" - "strings" - - "github.com/guacsec/guac/pkg/assembler/backends/helper" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" - "github.com/neo4j/neo4j-go-driver/v4/neo4j/dbtype" - "github.com/vektah/gqlparser/v2/gqlerror" -) - -func (c *neo4jClient) IsVulnerability(ctx context.Context, isVulnerabilitySpec *model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) { - - // TODO: Fix validation - queryAll := true - // queryAll, err := helper.ValidateCveOrGhsaQueryInput(isVulnerabilitySpec.Vulnerability) - // if err != nil { - // return nil, err - // } - - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - aggregateIsVulnerability := []*model.IsVulnerability{} - - if queryAll || isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Cve != nil { - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query CVE - query := "MATCH (root:Osv)-[:OsvHasID]->(osvID:OsvID)" + - "-[:subject]-(isVulnerability:IsVulnerability)-[:alias]-(cveID:CveID)<-[:CveHasID]" + - "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" - sb.WriteString(query) - - returnValue := " RETURN osvID.id, isVulnerability, cveYear.year, cveID.id" - - setOSVMatchValues(&sb, isVulnerabilitySpec.Osv, &firstMatch, queryValues) - if isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Cve != nil { - setCveMatchValues(&sb, isVulnerabilitySpec.Vulnerability.Cve, &firstMatch, queryValues) - } - setIsVulnerabilityValues(&sb, isVulnerabilitySpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedIsVulnerability := []*model.IsVulnerability{} - - for result.Next() { - id := result.Record().Values[0].(string) - osv := generateModelOsv(id) - - idStr := result.Record().Values[3].(string) - yearStr := result.Record().Values[3].(int) - cve := generateModelCve(yearStr, idStr) - - isVulnerabilityNode := dbtype.Node{} - if result.Record().Values[1] != nil { - isVulnerabilityNode = result.Record().Values[6].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("isVulnerability Node not found in neo4j") - } - - isVulnerability := generateModelIsVulnerability(osv, cve, isVulnerabilityNode.Props[justification].(string), - isVulnerabilityNode.Props[origin].(string), isVulnerabilityNode.Props[collector].(string)) - - collectedIsVulnerability = append(collectedIsVulnerability, isVulnerability) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedIsVulnerability, nil - }) - if err != nil { - return nil, err - } - aggregateIsVulnerability = append(aggregateIsVulnerability, result.([]*model.IsVulnerability)...) - } - - if queryAll || isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Ghsa != nil { - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - // query GHSA - query := "MATCH (root:Osv)-[:OsvHasID]->(osvID:OsvID)" + - "-[:subject]-(isVulnerability:IsVulnerability)-[:alias]-(ghsaID:GhsaID)<-[:GhsaHasID]" + - "-(rootGhsa:Ghsa)" - sb.WriteString(query) - - returnValue := " RETURN osvID.id, isVulnerability, ghsaID.id" - - setOSVMatchValues(&sb, isVulnerabilitySpec.Osv, &firstMatch, queryValues) - if isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Ghsa != nil { - setGhsaMatchValues(&sb, isVulnerabilitySpec.Vulnerability.Ghsa, &firstMatch, queryValues) - } - setIsVulnerabilityValues(&sb, isVulnerabilitySpec, &firstMatch, queryValues) - sb.WriteString(returnValue) - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - - result, err := tx.Run(sb.String(), queryValues) - if err != nil { - return nil, err - } - - collectedIsVulnerability := []*model.IsVulnerability{} - - for result.Next() { - id := result.Record().Values[0].(string) - osv := generateModelOsv(id) - - idStr := result.Record().Values[2].(string) - ghsa := generateModelGhsa(idStr) - - isVulnerabilityNode := dbtype.Node{} - if result.Record().Values[6] != nil { - isVulnerabilityNode = result.Record().Values[1].(dbtype.Node) - } else { - return nil, gqlerror.Errorf("isVulnerability Node not found in neo4j") - } - - isVulnerability := generateModelIsVulnerability(osv, ghsa, isVulnerabilityNode.Props[justification].(string), - isVulnerabilityNode.Props[origin].(string), isVulnerabilityNode.Props[collector].(string)) - - collectedIsVulnerability = append(collectedIsVulnerability, isVulnerability) - } - if err = result.Err(); err != nil { - return nil, err - } - - return collectedIsVulnerability, nil - }) - if err != nil { - return nil, err - } - aggregateIsVulnerability = append(aggregateIsVulnerability, result.([]*model.IsVulnerability)...) - } - return aggregateIsVulnerability, nil -} - -func setIsVulnerabilityValues(sb *strings.Builder, isVulnerabilitySpec *model.IsVulnerabilitySpec, firstMatch *bool, queryValues map[string]any) { - if isVulnerabilitySpec.Justification != nil { - matchProperties(sb, *firstMatch, "isVulnerability", justification, "$"+justification) - *firstMatch = false - queryValues["justification"] = isVulnerabilitySpec.Justification - } - if isVulnerabilitySpec.Origin != nil { - matchProperties(sb, *firstMatch, "isVulnerability", origin, "$"+origin) - *firstMatch = false - queryValues[origin] = isVulnerabilitySpec.Origin - } - if isVulnerabilitySpec.Collector != nil { - matchProperties(sb, *firstMatch, "isVulnerability", collector, "$"+collector) - *firstMatch = false - queryValues[collector] = isVulnerabilitySpec.Collector - } -} - -func generateModelIsVulnerability(osv *model.Osv, vuln model.CveOrGhsa, justification, origin, collector string) *model.IsVulnerability { - isVulnerability := model.IsVulnerability{ - Osv: osv, - Vulnerability: vuln, - Justification: justification, - Origin: origin, - Collector: collector, - } - return &isVulnerability -} - -func (c *neo4jClient) IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) { - err := helper.ValidateCveOrGhsaIngestionInput(vulnerability, "IngestIsVulnerability") - if err != nil { - return nil, err - } - panic(fmt.Errorf("not implemented: IngestIsVulnerability - IngestIsVulnerability")) -} diff --git a/pkg/assembler/backends/neo4j/osv.go b/pkg/assembler/backends/neo4j/osv.go deleted file mode 100644 index e95da851c9..0000000000 --- a/pkg/assembler/backends/neo4j/osv.go +++ /dev/null @@ -1,130 +0,0 @@ -// -// Copyright 2023 The GUAC Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package neo4j - -import ( - "context" - "fmt" - "strings" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/neo4j/neo4j-go-driver/v4/neo4j" -) - -func (c *neo4jClient) Osv(ctx context.Context, osvSpec *model.OSVSpec) ([]*model.Osv, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) - defer session.Close() - - var sb strings.Builder - var firstMatch bool = true - queryValues := map[string]any{} - - sb.WriteString("MATCH (root:Osv)-[:OsvHasID]->(osvID:OsvID)") - - setOSVMatchValues(&sb, osvSpec, &firstMatch, queryValues) - - sb.WriteString(" RETURN osvID.id") - - result, err := session.ReadTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - // FIXME update to OSV without root node. - // result, err := tx.Run(sb.String(), queryValues) - // if err != nil { - // return nil, err - // } - - // osvIds := []*model.OSVId{} - // for result.Next() { - // osvId := &model.OSVId{ - // OsvID: result.Record().Values[0].(string), - // } - // osvIds = append(osvIds, osvId) - // } - // if err = result.Err(); err != nil { - // return nil, err - // } - - osv := &model.Osv{ - // OsvIds: osvIds, - } - - return []*model.Osv{osv}, nil - }) - if err != nil { - return nil, err - } - - return result.([]*model.Osv), nil -} - -func setOSVMatchValues(sb *strings.Builder, osv *model.OSVSpec, firstMatch *bool, queryValues map[string]any) { - if osv != nil { - if osv.OsvID != nil { - matchProperties(sb, *firstMatch, "osvID", "id", "$osvID") - queryValues["osvID"] = strings.ToLower(*osv.OsvID) - *firstMatch = false - } - } -} - -func (c *neo4jClient) IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) { - return []*model.Osv{}, fmt.Errorf("not implemented: IngestOSVs") -} - -func (c *neo4jClient) IngestOsv(ctx context.Context, osv *model.OSVInputSpec) (*model.Osv, error) { - session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) - defer session.Close() - - values := map[string]any{} - values["id"] = strings.ToLower(osv.OsvID) - - result, err := session.WriteTransaction( - func(tx neo4j.Transaction) (interface{}, error) { - query := `MERGE (root:Osv) -MERGE (root) -[:OsvHasID]-> (osvID:OsvID{id:$id}) -RETURN osvID.id` - result, err := tx.Run(query, values) - if err != nil { - return nil, err - } - - // query returns a single record - record, err := result.Single() - if err != nil { - return nil, err - } - - osvID := record.Values[0].(string) - osv := generateModelOsv(osvID) - - return osv, nil - }) - if err != nil { - return nil, err - } - - return result.(*model.Osv), nil -} - -// TODO: update to pass in the ID from neo4j -func generateModelOsv(id string) *model.Osv { - // FIXME update to GHSA without root node. - // osvID := &model.OSVId{OsvID: id} - osv := model.Osv{ - // OsvIds: []*model.OSVId{osvID}, - } - return &osv -} diff --git a/pkg/assembler/backends/neo4j/vulnEqual.go b/pkg/assembler/backends/neo4j/vulnEqual.go new file mode 100644 index 0000000000..3edc03bed2 --- /dev/null +++ b/pkg/assembler/backends/neo4j/vulnEqual.go @@ -0,0 +1,197 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package neo4j + +import ( + "context" + "fmt" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// TODO (pxp928): fix for new vulnerability +func (c *neo4jClient) VulnEqual(ctx context.Context, vulnEqualSpec *model.VulnEqualSpec) ([]*model.VulnEqual, error) { + + // // TODO: Fix validation + // queryAll := true + // // queryAll, err := helper.ValidateCveOrGhsaQueryInput(isVulnerabilitySpec.Vulnerability) + // // if err != nil { + // // return nil, err + // // } + + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) + // defer session.Close() + + // aggregateIsVulnerability := []*model.IsVulnerability{} + + // if queryAll || isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Cve != nil { + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query CVE + // query := "MATCH (root:Osv)-[:OsvHasID]->(osvID:OsvID)" + + // "-[:subject]-(isVulnerability:IsVulnerability)-[:alias]-(cveID:CveID)<-[:CveHasID]" + + // "-(cveYear:CveYear)<-[:CveIsYear]-(rootCve:Cve)" + // sb.WriteString(query) + + // returnValue := " RETURN osvID.id, isVulnerability, cveYear.year, cveID.id" + + // setOSVMatchValues(&sb, isVulnerabilitySpec.Osv, &firstMatch, queryValues) + // if isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Cve != nil { + // setCveMatchValues(&sb, isVulnerabilitySpec.Vulnerability.Cve, &firstMatch, queryValues) + // } + // setIsVulnerabilityValues(&sb, isVulnerabilitySpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedIsVulnerability := []*model.IsVulnerability{} + + // for result.Next() { + // id := result.Record().Values[0].(string) + // osv := generateModelOsv(id) + + // idStr := result.Record().Values[3].(string) + // yearStr := result.Record().Values[3].(int) + // cve := generateModelCve(yearStr, idStr) + + // isVulnerabilityNode := dbtype.Node{} + // if result.Record().Values[1] != nil { + // isVulnerabilityNode = result.Record().Values[6].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("isVulnerability Node not found in neo4j") + // } + + // isVulnerability := generateModelIsVulnerability(osv, cve, isVulnerabilityNode.Props[justification].(string), + // isVulnerabilityNode.Props[origin].(string), isVulnerabilityNode.Props[collector].(string)) + + // collectedIsVulnerability = append(collectedIsVulnerability, isVulnerability) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedIsVulnerability, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateIsVulnerability = append(aggregateIsVulnerability, result.([]*model.IsVulnerability)...) + // } + + // if queryAll || isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Ghsa != nil { + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // // query GHSA + // query := "MATCH (root:Osv)-[:OsvHasID]->(osvID:OsvID)" + + // "-[:subject]-(isVulnerability:IsVulnerability)-[:alias]-(ghsaID:GhsaID)<-[:GhsaHasID]" + + // "-(rootGhsa:Ghsa)" + // sb.WriteString(query) + + // returnValue := " RETURN osvID.id, isVulnerability, ghsaID.id" + + // setOSVMatchValues(&sb, isVulnerabilitySpec.Osv, &firstMatch, queryValues) + // if isVulnerabilitySpec.Vulnerability != nil && isVulnerabilitySpec.Vulnerability.Ghsa != nil { + // setGhsaMatchValues(&sb, isVulnerabilitySpec.Vulnerability.Ghsa, &firstMatch, queryValues) + // } + // setIsVulnerabilityValues(&sb, isVulnerabilitySpec, &firstMatch, queryValues) + // sb.WriteString(returnValue) + + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // collectedIsVulnerability := []*model.IsVulnerability{} + + // for result.Next() { + // id := result.Record().Values[0].(string) + // osv := generateModelOsv(id) + + // idStr := result.Record().Values[2].(string) + // ghsa := generateModelGhsa(idStr) + + // isVulnerabilityNode := dbtype.Node{} + // if result.Record().Values[6] != nil { + // isVulnerabilityNode = result.Record().Values[1].(dbtype.Node) + // } else { + // return nil, gqlerror.Errorf("isVulnerability Node not found in neo4j") + // } + + // isVulnerability := generateModelIsVulnerability(osv, ghsa, isVulnerabilityNode.Props[justification].(string), + // isVulnerabilityNode.Props[origin].(string), isVulnerabilityNode.Props[collector].(string)) + + // collectedIsVulnerability = append(collectedIsVulnerability, isVulnerability) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // return collectedIsVulnerability, nil + // }) + // if err != nil { + // return nil, err + // } + // aggregateIsVulnerability = append(aggregateIsVulnerability, result.([]*model.IsVulnerability)...) + // } + // return aggregateIsVulnerability, nil + return []*model.VulnEqual{}, fmt.Errorf("not implemented - VulnEqual") +} + +// func setIsVulnerabilityValues(sb *strings.Builder, isVulnerabilitySpec *model.IsVulnerabilitySpec, firstMatch *bool, queryValues map[string]any) { +// if isVulnerabilitySpec.Justification != nil { +// matchProperties(sb, *firstMatch, "isVulnerability", justification, "$"+justification) +// *firstMatch = false +// queryValues["justification"] = isVulnerabilitySpec.Justification +// } +// if isVulnerabilitySpec.Origin != nil { +// matchProperties(sb, *firstMatch, "isVulnerability", origin, "$"+origin) +// *firstMatch = false +// queryValues[origin] = isVulnerabilitySpec.Origin +// } +// if isVulnerabilitySpec.Collector != nil { +// matchProperties(sb, *firstMatch, "isVulnerability", collector, "$"+collector) +// *firstMatch = false +// queryValues[collector] = isVulnerabilitySpec.Collector +// } +// } + +// func generateModelIsVulnerability(osv *model.Osv, vuln model.CveOrGhsa, justification, origin, collector string) *model.IsVulnerability { +// isVulnerability := model.IsVulnerability{ +// Osv: osv, +// Vulnerability: vuln, +// Justification: justification, +// Origin: origin, +// Collector: collector, +// } +// return &isVulnerability +// } + +func (c *neo4jClient) IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) { + return nil, fmt.Errorf("not implemented - IngestVulnEqual") +} diff --git a/pkg/assembler/backends/neo4j/vulnerability.go b/pkg/assembler/backends/neo4j/vulnerability.go new file mode 100644 index 0000000000..868e119c1a --- /dev/null +++ b/pkg/assembler/backends/neo4j/vulnerability.go @@ -0,0 +1,206 @@ +// +// Copyright 2023 The GUAC Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package neo4j + +import ( + "context" + "fmt" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// TODO (pxp928): fix for new vulnerability +func (c *neo4jClient) Vulnerabilities(ctx context.Context, vulnSpec *model.VulnerabilitySpec) ([]*model.Vulnerability, error) { + // fields: [year cveId cveId.id] + //fields := getPreloads(ctx) + //cveIDImplRequired := false + // for _, f := range fields { + // if f == cvdID { + // cveIDImplRequired = true + // break + // } + // } + + // if !cveIDImplRequired { + // return c.cveYear(ctx, cveSpec) + // } + + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) + // defer session.Close() + + // var sb strings.Builder + // var firstMatch bool = true + // queryValues := map[string]any{} + + // sb.WriteString("MATCH (type:vulnType)->[:VulneHasID]->(vulnID:VulnID)") + + // setCveMatchValues(&sb, vulnSpec, &firstMatch, queryValues) + + // sb.WriteString(" RETURN type.year, vulnID.id") + + // TODO (pxp928): fix for new vulnerability + // result, err := session.ReadTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + + // result, err := tx.Run(sb.String(), queryValues) + // if err != nil { + // return nil, err + // } + + // cvesPerYear := map[int][]*model.CVEId{} + // for result.Next() { + // cveID := &model.CVEId{ + // CveID: result.Record().Values[1].(string), + // } + // cvesPerYear[result.Record().Values[0].(int)] = append(cvesPerYear[result.Record().Values[0].(int)], cveID) + // } + // if err = result.Err(); err != nil { + // return nil, err + // } + + // cves := []*model.Cve{} + // for year := range cvesPerYear { + //cve := &model.Cve{ + // Year: year, + // CveIds: cvesPerYear[year], + //} + // cves = append(cves, cve) + // } + + //return cve, nil + // }) + // if err != nil { + // return nil, err + // } + //return result.(*model.Cve), nil + return []*model.Vulnerability{}, fmt.Errorf("not implemented - Vulnerabilities") +} + +// func (c *neo4jClient) cveYear(ctx context.Context, cveSpec *model.VulnerabilitySpec) ([]*model.Vulnerability, error) { +// session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeRead}) +// defer session.Close() + +// var sb strings.Builder +// queryValues := map[string]any{} + +// sb.WriteString("MATCH (n:Cve)-[:CveIsYear]->(cveYear:CveYear)") + +// if cveSpec.Year != nil { +// matchProperties(&sb, true, "cveYear", "year", "$cveYear") +// queryValues["cveYear"] = cveSpec.Year +// } + +// sb.WriteString(" RETURN cveYear.year") + +// result, err := session.ReadTransaction( +// func(tx neo4j.Transaction) (interface{}, error) { +// // FIXME update to GHSA without root node. +// // result, err := tx.Run(sb.String(), queryValues) +// // if err != nil { +// // return nil, err +// // } + +// // cves := []*model.Cve{} +// // for result.Next() { +// cve := &model.Cve{ +// // Year: result.Record().Values[0].(int), +// // CveIds: []*model.CVEId{}, +// } +// // cves = append(cves, cve) +// // } +// // if err = result.Err(); err != nil { +// // return nil, err +// // } + +// return cve, nil +// }) +// if err != nil { +// return nil, err +// } + +// return result.([]*model.Cve), nil +// } + +// func setCveMatchValues(sb *strings.Builder, cve *model.CVESpec, firstMatch *bool, queryValues map[string]any) { +// if cve != nil { +// if cve.Year != nil { +// matchProperties(sb, *firstMatch, "cveYear", "year", "$cveYear") +// queryValues["cveYear"] = cve.Year +// *firstMatch = false +// } + +// if cve.CveID != nil { +// matchProperties(sb, *firstMatch, "cveID", "id", "$cveID") +// queryValues["cveID"] = strings.ToLower(*cve.CveID) +// *firstMatch = false +// } +// } +// } + +func (c *neo4jClient) IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) { + return []*model.Vulnerability{}, fmt.Errorf("not implemented: IngestVulnerabilities") +} + +// TODO (pxp928): fix for new vulnerability +func (c *neo4jClient) IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) { + // session := c.driver.NewSession(neo4j.SessionConfig{AccessMode: neo4j.AccessModeWrite}) + // defer session.Close() + + // values := map[string]any{} + // values["year"] = cve.Year + // values["id"] = strings.ToLower(cve.CveID) + + // result, err := session.WriteTransaction( + // func(tx neo4j.Transaction) (interface{}, error) { + // query := `MERGE (root:Cve) + // MERGE (root) -[:CveIsYear]-> (cveYear:CveYear{year:$year}) + // MERGE (cveYear) -[:CveHasID]-> (cveID:CveID{id:$id}) + // RETURN cveYear.year, cveID.id` + // result, err := tx.Run(query, values) + // if err != nil { + // return nil, err + // } + + // // query returns a single record + // record, err := result.Single() + // if err != nil { + // return nil, err + // } + + // cveIdStr := record.Values[1].(string) + // yearStr := record.Values[0].(int) + // cve := generateModelCve(yearStr, cveIdStr) + + // return cve, nil + // }) + // if err != nil { + // return nil, err + // } + + // return result.(*model.Cve), nil + return nil, fmt.Errorf("not implemented: IngestVulnerabilities") +} + +// // TODO: update to pass in the ID from neo4j +// func generateModelCve(yearStr int, idStr string) *model.Cve { +// // FIXME update to GHSA without root node. +// // id := &model.CVEId{CveID: idStr} +// cve := model.Cve{ +// Year: yearStr, +// // CveIds: []*model.CVEId{id}, +// } +// return &cve +// } diff --git a/pkg/assembler/clients/generated/operations.go b/pkg/assembler/clients/generated/operations.go index b81214d6f5..d10b679739 100644 --- a/pkg/assembler/clients/generated/operations.go +++ b/pkg/assembler/clients/generated/operations.go @@ -1172,13 +1172,13 @@ func (v *AllCertifyScorecardSource) __premarshalJSON() (*__premarshalAllCertifyS // The GraphQL type's documentation follows. // // CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). +// artifact to clarify the impact of a specific vulnerability. type AllCertifyVEXStatement struct { Id string `json:"id"` // Subject of attestation Subject AllCertifyVEXStatementSubjectPackageOrArtifact `json:"-"` // Attested vulnerability - Vulnerability AllCertifyVEXStatementVulnerability `json:"-"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` // Status of the vulnerabilities with respect to the subject Status VexStatus `json:"status"` // Justification from VEX statement @@ -1237,8 +1237,7 @@ func (v *AllCertifyVEXStatement) UnmarshalJSON(b []byte) error { var firstPass struct { *AllCertifyVEXStatement - Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` + Subject json.RawMessage `json:"subject"` graphql.NoUnmarshalJSON } firstPass.AllCertifyVEXStatement = v @@ -1260,19 +1259,6 @@ func (v *AllCertifyVEXStatement) UnmarshalJSON(b []byte) error { } } } - - { - dst := &v.Vulnerability - src := firstPass.Vulnerability - if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllCertifyVEXStatementVulnerability( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - } return nil } @@ -1281,7 +1267,7 @@ type __premarshalAllCertifyVEXStatement struct { Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` Status VexStatus `json:"status"` @@ -1322,18 +1308,7 @@ func (v *AllCertifyVEXStatement) __premarshalJSON() (*__premarshalAllCertifyVEXS "unable to marshal AllCertifyVEXStatement.Subject: %w", err) } } - { - - dst := &retval.Vulnerability - src := v.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal AllCertifyVEXStatement.Vulnerability: %w", err) - } - } + retval.Vulnerability = v.Vulnerability retval.Status = v.Status retval.VexJustification = v.VexJustification retval.Statement = v.Statement @@ -1599,163 +1574,60 @@ func __marshalAllCertifyVEXStatementSubjectPackageOrArtifact(v *AllCertifyVEXSta } } -// AllCertifyVEXStatementVulnerability includes the requested fields of the GraphQL interface Vulnerability. -// -// AllCertifyVEXStatementVulnerability is implemented by the following types: -// AllCertifyVEXStatementVulnerabilityCVE -// AllCertifyVEXStatementVulnerabilityGHSA -// AllCertifyVEXStatementVulnerabilityNoVuln -// AllCertifyVEXStatementVulnerabilityOSV +// AllCertifyVEXStatementVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// Vulnerability is a union of OSV, CVE, GHSA or the NoVuln node. -type AllCertifyVEXStatementVulnerability interface { - implementsGraphQLInterfaceAllCertifyVEXStatementVulnerability() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string -} - -func (v *AllCertifyVEXStatementVulnerabilityCVE) implementsGraphQLInterfaceAllCertifyVEXStatementVulnerability() { -} -func (v *AllCertifyVEXStatementVulnerabilityGHSA) implementsGraphQLInterfaceAllCertifyVEXStatementVulnerability() { -} -func (v *AllCertifyVEXStatementVulnerabilityNoVuln) implementsGraphQLInterfaceAllCertifyVEXStatementVulnerability() { -} -func (v *AllCertifyVEXStatementVulnerabilityOSV) implementsGraphQLInterfaceAllCertifyVEXStatementVulnerability() { -} - -func __unmarshalAllCertifyVEXStatementVulnerability(b []byte, v *AllCertifyVEXStatementVulnerability) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "CVE": - *v = new(AllCertifyVEXStatementVulnerabilityCVE) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(AllCertifyVEXStatementVulnerabilityGHSA) - return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(AllCertifyVEXStatementVulnerabilityNoVuln) - return json.Unmarshal(b, *v) - case "OSV": - *v = new(AllCertifyVEXStatementVulnerabilityOSV) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing Vulnerability.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for AllCertifyVEXStatementVulnerability: "%v"`, tn.TypeName) - } -} - -func __marshalAllCertifyVEXStatementVulnerability(v *AllCertifyVEXStatementVulnerability) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *AllCertifyVEXStatementVulnerabilityCVE: - typename = "CVE" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllCertifyVEXStatementVulnerabilityCVE - }{typename, premarshaled} - return json.Marshal(result) - case *AllCertifyVEXStatementVulnerabilityGHSA: - typename = "GHSA" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllCertifyVEXStatementVulnerabilityGHSA - }{typename, premarshaled} - return json.Marshal(result) - case *AllCertifyVEXStatementVulnerabilityNoVuln: - typename = "NoVuln" - - result := struct { - TypeName string `json:"__typename"` - *AllCertifyVEXStatementVulnerabilityNoVuln - }{typename, v} - return json.Marshal(result) - case *AllCertifyVEXStatementVulnerabilityOSV: - typename = "OSV" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllCertifyVEXStatementVulnerabilityOSV - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for AllCertifyVEXStatementVulnerability: "%T"`, v) - } -} - -// AllCertifyVEXStatementVulnerabilityCVE includes the requested fields of the GraphQL type CVE. -// The GraphQL type's documentation follows. +// Vulnerability represents the root of the vulnerability trie/tree. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// // -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// Examples: // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ // -// This node can be referred to by other parts of GUAC. -type AllCertifyVEXStatementVulnerabilityCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type AllCertifyVEXStatementVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetTypename returns AllCertifyVEXStatementVulnerabilityCVE.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityCVE) GetTypename() *string { return v.Typename } +// GetId returns AllCertifyVEXStatementVulnerability.Id, and is useful for accessing the field via an interface. +func (v *AllCertifyVEXStatementVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetId returns AllCertifyVEXStatementVulnerabilityCVE.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityCVE) GetId() string { return v.AllCveTree.Id } +// GetType returns AllCertifyVEXStatementVulnerability.Type, and is useful for accessing the field via an interface. +func (v *AllCertifyVEXStatementVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetYear returns AllCertifyVEXStatementVulnerabilityCVE.Year, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityCVE) GetYear() int { return v.AllCveTree.Year } - -// GetCveId returns AllCertifyVEXStatementVulnerabilityCVE.CveId, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetVulnerabilityIDs returns AllCertifyVEXStatementVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *AllCertifyVEXStatementVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs +} -func (v *AllCertifyVEXStatementVulnerabilityCVE) UnmarshalJSON(b []byte) error { +func (v *AllCertifyVEXStatementVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVEXStatementVulnerabilityCVE + *AllCertifyVEXStatementVulnerability graphql.NoUnmarshalJSON } - firstPass.AllCertifyVEXStatementVulnerabilityCVE = v + firstPass.AllCertifyVEXStatementVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -1763,24 +1635,22 @@ func (v *AllCertifyVEXStatementVulnerabilityCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalAllCertifyVEXStatementVulnerabilityCVE struct { - Typename *string `json:"__typename"` - +type __premarshalAllCertifyVEXStatementVulnerability struct { Id string `json:"id"` - Year int `json:"year"` + Type string `json:"type"` - CveId string `json:"cveId"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *AllCertifyVEXStatementVulnerabilityCVE) MarshalJSON() ([]byte, error) { +func (v *AllCertifyVEXStatementVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -1788,49 +1658,132 @@ func (v *AllCertifyVEXStatementVulnerabilityCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVEXStatementVulnerabilityCVE) __premarshalJSON() (*__premarshalAllCertifyVEXStatementVulnerabilityCVE, error) { - var retval __premarshalAllCertifyVEXStatementVulnerabilityCVE +func (v *AllCertifyVEXStatementVulnerability) __premarshalJSON() (*__premarshalAllCertifyVEXStatementVulnerability, error) { + var retval __premarshalAllCertifyVEXStatementVulnerability - retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// AllCertifyVEXStatementVulnerabilityGHSA includes the requested fields of the GraphQL type GHSA. +// AllCertifyVuln includes the GraphQL fields of CertifyVuln requested by the fragment AllCertifyVuln. +// The GraphQL type's documentation follows. +// +// CertifyVuln is an attestation to attach vulnerability information to a package. +// +// This information is obtained via a scanner. If there is no vulnerability +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type AllCertifyVuln struct { + Id string `json:"id"` + // The package that is attested + Package AllCertifyVulnPackage `json:"package"` + // The vulnerability can be an be a specific vulnerability or NoVuln type. + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` + // Metadata attached to the certification + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` +} + +// GetId returns AllCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *AllCertifyVuln) GetId() string { return v.Id } + +// GetPackage returns AllCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *AllCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.Package } + +// GetVulnerability returns AllCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *AllCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { return v.Vulnerability } + +// GetMetadata returns AllCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *AllCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { return v.Metadata } + +// AllCertifyVulnMetadataScanMetadata includes the requested fields of the GraphQL type ScanMetadata. +// The GraphQL type's documentation follows. +// +// ScanMetadata is the metadata attached to vulnerability certification. +// +// It contains metadata about the scanner process that created the certification. +type AllCertifyVulnMetadataScanMetadata struct { + // URI of the vulnerability database used by the scanner + DbUri string `json:"dbUri"` + // Version of the vulnerability database used by the scanner + DbVersion string `json:"dbVersion"` + // URI of the scanner + ScannerUri string `json:"scannerUri"` + // Version of the scanner + ScannerVersion string `json:"scannerVersion"` + // Time of scan (in RFC 3339 format) + TimeScanned time.Time `json:"timeScanned"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` +} + +// GetDbUri returns AllCertifyVulnMetadataScanMetadata.DbUri, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetDbUri() string { return v.DbUri } + +// GetDbVersion returns AllCertifyVulnMetadataScanMetadata.DbVersion, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetDbVersion() string { return v.DbVersion } + +// GetScannerUri returns AllCertifyVulnMetadataScanMetadata.ScannerUri, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetScannerUri() string { return v.ScannerUri } + +// GetScannerVersion returns AllCertifyVulnMetadataScanMetadata.ScannerVersion, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetScannerVersion() string { return v.ScannerVersion } + +// GetTimeScanned returns AllCertifyVulnMetadataScanMetadata.TimeScanned, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetTimeScanned() time.Time { return v.TimeScanned } + +// GetOrigin returns AllCertifyVulnMetadataScanMetadata.Origin, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetOrigin() string { return v.Origin } + +// GetCollector returns AllCertifyVulnMetadataScanMetadata.Collector, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnMetadataScanMetadata) GetCollector() string { return v.Collector } + +// AllCertifyVulnPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// Package represents the root of the package trie/tree. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// This node can be referred to by other parts of GUAC. -type AllCertifyVEXStatementVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type AllCertifyVulnPackage struct { + AllPkgTree `json:"-"` } -// GetTypename returns AllCertifyVEXStatementVulnerabilityGHSA.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityGHSA) GetTypename() *string { return v.Typename } +// GetId returns AllCertifyVulnPackage.Id, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnPackage) GetId() string { return v.AllPkgTree.Id } -// GetId returns AllCertifyVEXStatementVulnerabilityGHSA.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityGHSA) GetId() string { return v.AllGHSATree.Id } +// GetType returns AllCertifyVulnPackage.Type, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnPackage) GetType() string { return v.AllPkgTree.Type } -// GetGhsaId returns AllCertifyVEXStatementVulnerabilityGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetNamespaces returns AllCertifyVulnPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} -func (v *AllCertifyVEXStatementVulnerabilityGHSA) UnmarshalJSON(b []byte) error { +func (v *AllCertifyVulnPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVEXStatementVulnerabilityGHSA + *AllCertifyVulnPackage graphql.NoUnmarshalJSON } - firstPass.AllCertifyVEXStatementVulnerabilityGHSA = v + firstPass.AllCertifyVulnPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -1838,22 +1791,22 @@ func (v *AllCertifyVEXStatementVulnerabilityGHSA) UnmarshalJSON(b []byte) error } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalAllCertifyVEXStatementVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - +type __premarshalAllCertifyVulnPackage struct { Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Type string `json:"type"` + + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllCertifyVEXStatementVulnerabilityGHSA) MarshalJSON() ([]byte, error) { +func (v *AllCertifyVulnPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -1861,65 +1814,69 @@ func (v *AllCertifyVEXStatementVulnerabilityGHSA) MarshalJSON() ([]byte, error) return json.Marshal(premarshaled) } -func (v *AllCertifyVEXStatementVulnerabilityGHSA) __premarshalJSON() (*__premarshalAllCertifyVEXStatementVulnerabilityGHSA, error) { - var retval __premarshalAllCertifyVEXStatementVulnerabilityGHSA +func (v *AllCertifyVulnPackage) __premarshalJSON() (*__premarshalAllCertifyVulnPackage, error) { + var retval __premarshalAllCertifyVulnPackage - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllCertifyVEXStatementVulnerabilityNoVuln includes the requested fields of the GraphQL type NoVuln. +// AllCertifyVulnVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. +// Vulnerability represents the root of the vulnerability trie/tree. // -// Backends guarantee that this is a singleton node. -type AllCertifyVEXStatementVulnerabilityNoVuln struct { - Typename *string `json:"__typename"` -} - -// GetTypename returns AllCertifyVEXStatementVulnerabilityNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityNoVuln) GetTypename() *string { return v.Typename } - -// AllCertifyVEXStatementVulnerabilityOSV includes the requested fields of the GraphQL type OSV. -// The GraphQL type's documentation follows. +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: // -// OSV represents an Open Source Vulnerability. +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ // -// The osvId field is mandatory and canonicalized to be lowercase. +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. // -// This node can be referred to by other parts of GUAC. -type AllCertifyVEXStatementVulnerabilityOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type AllCertifyVulnVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetTypename returns AllCertifyVEXStatementVulnerabilityOSV.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityOSV) GetTypename() *string { return v.Typename } +// GetId returns AllCertifyVulnVulnerability.Id, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetId returns AllCertifyVEXStatementVulnerabilityOSV.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityOSV) GetId() string { return v.AllOSVTree.Id } +// GetType returns AllCertifyVulnVulnerability.Type, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetOsvId returns AllCertifyVEXStatementVulnerabilityOSV.OsvId, and is useful for accessing the field via an interface. -func (v *AllCertifyVEXStatementVulnerabilityOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetVulnerabilityIDs returns AllCertifyVulnVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *AllCertifyVulnVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs +} -func (v *AllCertifyVEXStatementVulnerabilityOSV) UnmarshalJSON(b []byte) error { +func (v *AllCertifyVulnVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVEXStatementVulnerabilityOSV + *AllCertifyVulnVulnerability graphql.NoUnmarshalJSON } - firstPass.AllCertifyVEXStatementVulnerabilityOSV = v + firstPass.AllCertifyVulnVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -1927,22 +1884,22 @@ func (v *AllCertifyVEXStatementVulnerabilityOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalAllCertifyVEXStatementVulnerabilityOSV struct { - Typename *string `json:"__typename"` - +type __premarshalAllCertifyVulnVulnerability struct { Id string `json:"id"` - OsvId string `json:"osvId"` + Type string `json:"type"` + + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *AllCertifyVEXStatementVulnerabilityOSV) MarshalJSON() ([]byte, error) { +func (v *AllCertifyVulnVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -1950,56 +1907,79 @@ func (v *AllCertifyVEXStatementVulnerabilityOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVEXStatementVulnerabilityOSV) __premarshalJSON() (*__premarshalAllCertifyVEXStatementVulnerabilityOSV, error) { - var retval __premarshalAllCertifyVEXStatementVulnerabilityOSV +func (v *AllCertifyVulnVulnerability) __premarshalJSON() (*__premarshalAllCertifyVulnVulnerability, error) { + var retval __premarshalAllCertifyVulnVulnerability - retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// AllCertifyVuln includes the GraphQL fields of CertifyVuln requested by the fragment AllCertifyVuln. +// AllHasMetadata includes the GraphQL fields of HasMetadata requested by the fragment AllHasMetadata. // The GraphQL type's documentation follows. // -// CertifyVuln is an attestation to attach vulnerability information to a package. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type AllCertifyVuln struct { - Id string `json:"id"` - // The package that is attested - Package AllCertifyVulnPackage `json:"package"` - // The vulnerability object. Can be an OSV, CVE, or GHSA or the special NoVuln node. - Vulnerability AllCertifyVulnVulnerability `json:"-"` - // Metadata attached to the certification - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. +// +// Justification indicates how the metadata was determined. +// +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type AllHasMetadata struct { + Id string `json:"id"` + Subject AllHasMetadataSubjectPackageSourceOrArtifact `json:"-"` + Key string `json:"key"` + Value string `json:"value"` + Timestamp time.Time `json:"timestamp"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetId returns AllCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVuln) GetId() string { return v.Id } +// GetId returns AllHasMetadata.Id, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetId() string { return v.Id } -// GetPackage returns AllCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *AllCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.Package } +// GetSubject returns AllHasMetadata.Subject, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { return v.Subject } -// GetVulnerability returns AllCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *AllCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { return v.Vulnerability } +// GetKey returns AllHasMetadata.Key, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetKey() string { return v.Key } -// GetMetadata returns AllCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *AllCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { return v.Metadata } +// GetValue returns AllHasMetadata.Value, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetValue() string { return v.Value } + +// GetTimestamp returns AllHasMetadata.Timestamp, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetTimestamp() time.Time { return v.Timestamp } + +// GetJustification returns AllHasMetadata.Justification, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetJustification() string { return v.Justification } + +// GetOrigin returns AllHasMetadata.Origin, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetOrigin() string { return v.Origin } + +// GetCollector returns AllHasMetadata.Collector, and is useful for accessing the field via an interface. +func (v *AllHasMetadata) GetCollector() string { return v.Collector } -func (v *AllCertifyVuln) UnmarshalJSON(b []byte) error { +func (v *AllHasMetadata) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVuln - Vulnerability json.RawMessage `json:"vulnerability"` + *AllHasMetadata + Subject json.RawMessage `json:"subject"` graphql.NoUnmarshalJSON } - firstPass.AllCertifyVuln = v + firstPass.AllHasMetadata = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -2007,31 +1987,39 @@ func (v *AllCertifyVuln) UnmarshalJSON(b []byte) error { } { - dst := &v.Vulnerability - src := firstPass.Vulnerability + dst := &v.Subject + src := firstPass.Subject if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllCertifyVulnVulnerability( + err = __unmarshalAllHasMetadataSubjectPackageSourceOrArtifact( src, dst) if err != nil { return fmt.Errorf( - "unable to unmarshal AllCertifyVuln.Vulnerability: %w", err) + "unable to unmarshal AllHasMetadata.Subject: %w", err) } } } return nil } -type __premarshalAllCertifyVuln struct { +type __premarshalAllHasMetadata struct { Id string `json:"id"` - Package AllCertifyVulnPackage `json:"package"` + Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` + Key string `json:"key"` + + Value string `json:"value"` + + Timestamp time.Time `json:"timestamp"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Collector string `json:"collector"` } -func (v *AllCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *AllHasMetadata) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2039,76 +2027,112 @@ func (v *AllCertifyVuln) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVuln) __premarshalJSON() (*__premarshalAllCertifyVuln, error) { - var retval __premarshalAllCertifyVuln +func (v *AllHasMetadata) __premarshalJSON() (*__premarshalAllHasMetadata, error) { + var retval __premarshalAllHasMetadata retval.Id = v.Id - retval.Package = v.Package { - dst := &retval.Vulnerability - src := v.Vulnerability + dst := &retval.Subject + src := v.Subject var err error - *dst, err = __marshalAllCertifyVulnVulnerability( + *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal AllCertifyVuln.Vulnerability: %w", err) + "unable to marshal AllHasMetadata.Subject: %w", err) } } - retval.Metadata = v.Metadata + retval.Key = v.Key + retval.Value = v.Value + retval.Timestamp = v.Timestamp + retval.Justification = v.Justification + retval.Origin = v.Origin + retval.Collector = v.Collector return &retval, nil } -// AllCertifyVulnMetadataVulnerabilityMetaData includes the requested fields of the GraphQL type VulnerabilityMetaData. +// AllHasMetadataSubjectArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// VulnerabilityMetaData is the metadata attached to vulnerability certification. +// Artifact represents an artifact identified by a checksum hash. // -// It contains metadata about the scanner process that created the certification. -type AllCertifyVulnMetadataVulnerabilityMetaData struct { - // URI of the vulnerability database used by the scanner - DbUri string `json:"dbUri"` - // Version of the vulnerability database used by the scanner - DbVersion string `json:"dbVersion"` - // URI of the scanner - ScannerUri string `json:"scannerUri"` - // Version of the scanner - ScannerVersion string `json:"scannerVersion"` - // Time of scan (in RFC 3339 format) - TimeScanned time.Time `json:"timeScanned"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. +// +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllHasMetadataSubjectArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` +} + +// GetTypename returns AllHasMetadataSubjectArtifact.Typename, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectArtifact) GetTypename() *string { return v.Typename } + +// GetId returns AllHasMetadataSubjectArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } + +// GetAlgorithm returns AllHasMetadataSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } + +// GetDigest returns AllHasMetadataSubjectArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } + +func (v *AllHasMetadataSubjectArtifact) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *AllHasMetadataSubjectArtifact + graphql.NoUnmarshalJSON + } + firstPass.AllHasMetadataSubjectArtifact = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllArtifactTree) + if err != nil { + return err + } + return nil } -// GetDbUri returns AllCertifyVulnMetadataVulnerabilityMetaData.DbUri, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetDbUri() string { return v.DbUri } +type __premarshalAllHasMetadataSubjectArtifact struct { + Typename *string `json:"__typename"` -// GetDbVersion returns AllCertifyVulnMetadataVulnerabilityMetaData.DbVersion, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetDbVersion() string { return v.DbVersion } + Id string `json:"id"` -// GetScannerUri returns AllCertifyVulnMetadataVulnerabilityMetaData.ScannerUri, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetScannerUri() string { return v.ScannerUri } + Algorithm string `json:"algorithm"` -// GetScannerVersion returns AllCertifyVulnMetadataVulnerabilityMetaData.ScannerVersion, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetScannerVersion() string { - return v.ScannerVersion + Digest string `json:"digest"` } -// GetTimeScanned returns AllCertifyVulnMetadataVulnerabilityMetaData.TimeScanned, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetTimeScanned() time.Time { - return v.TimeScanned +func (v *AllHasMetadataSubjectArtifact) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetOrigin returns AllCertifyVulnMetadataVulnerabilityMetaData.Origin, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetOrigin() string { return v.Origin } +func (v *AllHasMetadataSubjectArtifact) __premarshalJSON() (*__premarshalAllHasMetadataSubjectArtifact, error) { + var retval __premarshalAllHasMetadataSubjectArtifact -// GetCollector returns AllCertifyVulnMetadataVulnerabilityMetaData.Collector, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetCollector() string { return v.Collector } + retval.Typename = v.Typename + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest + return &retval, nil +} -// AllCertifyVulnPackage includes the requested fields of the GraphQL type Package. +// AllHasMetadataSubjectPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -2125,32 +2149,36 @@ func (v *AllCertifyVulnMetadataVulnerabilityMetaData) GetCollector() string { re // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllCertifyVulnPackage struct { +type AllHasMetadataSubjectPackage struct { + Typename *string `json:"__typename"` AllPkgTree `json:"-"` } -// GetId returns AllCertifyVulnPackage.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnPackage) GetId() string { return v.AllPkgTree.Id } +// GetTypename returns AllHasMetadataSubjectPackage.Typename, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectPackage) GetTypename() *string { return v.Typename } -// GetType returns AllCertifyVulnPackage.Type, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnPackage) GetType() string { return v.AllPkgTree.Type } +// GetId returns AllHasMetadataSubjectPackage.Id, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectPackage) GetId() string { return v.AllPkgTree.Id } -// GetNamespaces returns AllCertifyVulnPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { +// GetType returns AllHasMetadataSubjectPackage.Type, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectPackage) GetType() string { return v.AllPkgTree.Type } + +// GetNamespaces returns AllHasMetadataSubjectPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.AllPkgTree.Namespaces } -func (v *AllCertifyVulnPackage) UnmarshalJSON(b []byte) error { +func (v *AllHasMetadataSubjectPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVulnPackage + *AllHasMetadataSubjectPackage graphql.NoUnmarshalJSON } - firstPass.AllCertifyVulnPackage = v + firstPass.AllHasMetadataSubjectPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -2165,7 +2193,9 @@ func (v *AllCertifyVulnPackage) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllCertifyVulnPackage struct { +type __premarshalAllHasMetadataSubjectPackage struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Type string `json:"type"` @@ -2173,7 +2203,7 @@ type __premarshalAllCertifyVulnPackage struct { Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllCertifyVulnPackage) MarshalJSON() ([]byte, error) { +func (v *AllHasMetadataSubjectPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2181,37 +2211,39 @@ func (v *AllCertifyVulnPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVulnPackage) __premarshalJSON() (*__premarshalAllCertifyVulnPackage, error) { - var retval __premarshalAllCertifyVulnPackage +func (v *AllHasMetadataSubjectPackage) __premarshalJSON() (*__premarshalAllHasMetadataSubjectPackage, error) { + var retval __premarshalAllHasMetadataSubjectPackage + retval.Typename = v.Typename retval.Id = v.AllPkgTree.Id retval.Type = v.AllPkgTree.Type retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllCertifyVulnVulnerability includes the requested fields of the GraphQL interface Vulnerability. +// AllHasMetadataSubjectPackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. // -// AllCertifyVulnVulnerability is implemented by the following types: -// AllCertifyVulnVulnerabilityCVE -// AllCertifyVulnVulnerabilityGHSA -// AllCertifyVulnVulnerabilityNoVuln -// AllCertifyVulnVulnerabilityOSV +// AllHasMetadataSubjectPackageSourceOrArtifact is implemented by the following types: +// AllHasMetadataSubjectArtifact +// AllHasMetadataSubjectPackage +// AllHasMetadataSubjectSource // The GraphQL type's documentation follows. // -// Vulnerability is a union of OSV, CVE, GHSA or the NoVuln node. -type AllCertifyVulnVulnerability interface { - implementsGraphQLInterfaceAllCertifyVulnVulnerability() +// PackageSourceOrArtifact is a union of Package, Source, and Artifact. +type AllHasMetadataSubjectPackageSourceOrArtifact interface { + implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). GetTypename() *string } -func (v *AllCertifyVulnVulnerabilityCVE) implementsGraphQLInterfaceAllCertifyVulnVulnerability() {} -func (v *AllCertifyVulnVulnerabilityGHSA) implementsGraphQLInterfaceAllCertifyVulnVulnerability() {} -func (v *AllCertifyVulnVulnerabilityNoVuln) implementsGraphQLInterfaceAllCertifyVulnVulnerability() {} -func (v *AllCertifyVulnVulnerabilityOSV) implementsGraphQLInterfaceAllCertifyVulnVulnerability() {} +func (v *AllHasMetadataSubjectArtifact) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { +} +func (v *AllHasMetadataSubjectPackage) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { +} +func (v *AllHasMetadataSubjectSource) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { +} -func __unmarshalAllCertifyVulnVulnerability(b []byte, v *AllCertifyVulnVulnerability) error { +func __unmarshalAllHasMetadataSubjectPackageSourceOrArtifact(b []byte, v *AllHasMetadataSubjectPackageSourceOrArtifact) error { if string(b) == "null" { return nil } @@ -2225,33 +2257,30 @@ func __unmarshalAllCertifyVulnVulnerability(b []byte, v *AllCertifyVulnVulnerabi } switch tn.TypeName { - case "CVE": - *v = new(AllCertifyVulnVulnerabilityCVE) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(AllCertifyVulnVulnerabilityGHSA) + case "Artifact": + *v = new(AllHasMetadataSubjectArtifact) return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(AllCertifyVulnVulnerabilityNoVuln) + case "Package": + *v = new(AllHasMetadataSubjectPackage) return json.Unmarshal(b, *v) - case "OSV": - *v = new(AllCertifyVulnVulnerabilityOSV) + case "Source": + *v = new(AllHasMetadataSubjectSource) return json.Unmarshal(b, *v) case "": return fmt.Errorf( - "response was missing Vulnerability.__typename") + "response was missing PackageSourceOrArtifact.__typename") default: return fmt.Errorf( - `unexpected concrete type for AllCertifyVulnVulnerability: "%v"`, tn.TypeName) + `unexpected concrete type for AllHasMetadataSubjectPackageSourceOrArtifact: "%v"`, tn.TypeName) } } -func __marshalAllCertifyVulnVulnerability(v *AllCertifyVulnVulnerability) ([]byte, error) { +func __marshalAllHasMetadataSubjectPackageSourceOrArtifact(v *AllHasMetadataSubjectPackageSourceOrArtifact) ([]byte, error) { var typename string switch v := (*v).(type) { - case *AllCertifyVulnVulnerabilityCVE: - typename = "CVE" + case *AllHasMetadataSubjectArtifact: + typename = "Artifact" premarshaled, err := v.__premarshalJSON() if err != nil { @@ -2259,11 +2288,11 @@ func __marshalAllCertifyVulnVulnerability(v *AllCertifyVulnVulnerability) ([]byt } result := struct { TypeName string `json:"__typename"` - *__premarshalAllCertifyVulnVulnerabilityCVE + *__premarshalAllHasMetadataSubjectArtifact }{typename, premarshaled} return json.Marshal(result) - case *AllCertifyVulnVulnerabilityGHSA: - typename = "GHSA" + case *AllHasMetadataSubjectPackage: + typename = "Package" premarshaled, err := v.__premarshalJSON() if err != nil { @@ -2271,19 +2300,11 @@ func __marshalAllCertifyVulnVulnerability(v *AllCertifyVulnVulnerability) ([]byt } result := struct { TypeName string `json:"__typename"` - *__premarshalAllCertifyVulnVulnerabilityGHSA + *__premarshalAllHasMetadataSubjectPackage }{typename, premarshaled} return json.Marshal(result) - case *AllCertifyVulnVulnerabilityNoVuln: - typename = "NoVuln" - - result := struct { - TypeName string `json:"__typename"` - *AllCertifyVulnVulnerabilityNoVuln - }{typename, v} - return json.Marshal(result) - case *AllCertifyVulnVulnerabilityOSV: - typename = "OSV" + case *AllHasMetadataSubjectSource: + typename = "Source" premarshaled, err := v.__premarshalJSON() if err != nil { @@ -2291,58 +2312,61 @@ func __marshalAllCertifyVulnVulnerability(v *AllCertifyVulnVulnerability) ([]byt } result := struct { TypeName string `json:"__typename"` - *__premarshalAllCertifyVulnVulnerabilityOSV + *__premarshalAllHasMetadataSubjectSource }{typename, premarshaled} return json.Marshal(result) case nil: return []byte("null"), nil default: return nil, fmt.Errorf( - `unexpected concrete type for AllCertifyVulnVulnerability: "%T"`, v) + `unexpected concrete type for AllHasMetadataSubjectPackageSourceOrArtifact: "%T"`, v) } } -// AllCertifyVulnVulnerabilityCVE includes the requested fields of the GraphQL type CVE. +// AllHasMetadataSubjectSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. +// Source represents the root of the source trie/tree. // -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. // -// This node can be referred to by other parts of GUAC. -type AllCertifyVulnVulnerabilityCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type AllHasMetadataSubjectSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetTypename returns AllCertifyVulnVulnerabilityCVE.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityCVE) GetTypename() *string { return v.Typename } +// GetTypename returns AllHasMetadataSubjectSource.Typename, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectSource) GetTypename() *string { return v.Typename } -// GetId returns AllCertifyVulnVulnerabilityCVE.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityCVE) GetId() string { return v.AllCveTree.Id } +// GetId returns AllHasMetadataSubjectSource.Id, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectSource) GetId() string { return v.AllSourceTree.Id } -// GetYear returns AllCertifyVulnVulnerabilityCVE.Year, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityCVE) GetYear() int { return v.AllCveTree.Year } +// GetType returns AllHasMetadataSubjectSource.Type, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectSource) GetType() string { return v.AllSourceTree.Type } -// GetCveId returns AllCertifyVulnVulnerabilityCVE.CveId, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetNamespaces returns AllHasMetadataSubjectSource.Namespaces, and is useful for accessing the field via an interface. +func (v *AllHasMetadataSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} -func (v *AllCertifyVulnVulnerabilityCVE) UnmarshalJSON(b []byte) error { +func (v *AllHasMetadataSubjectSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVulnVulnerabilityCVE + *AllHasMetadataSubjectSource graphql.NoUnmarshalJSON } - firstPass.AllCertifyVulnVulnerabilityCVE = v + firstPass.AllHasMetadataSubjectSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -2350,24 +2374,24 @@ func (v *AllCertifyVulnVulnerabilityCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalAllCertifyVulnVulnerabilityCVE struct { +type __premarshalAllHasMetadataSubjectSource struct { Typename *string `json:"__typename"` Id string `json:"id"` - Year int `json:"year"` + Type string `json:"type"` - CveId string `json:"cveId"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *AllCertifyVulnVulnerabilityCVE) MarshalJSON() ([]byte, error) { +func (v *AllHasMetadataSubjectSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2375,72 +2399,111 @@ func (v *AllCertifyVulnVulnerabilityCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVulnVulnerabilityCVE) __premarshalJSON() (*__premarshalAllCertifyVulnVulnerabilityCVE, error) { - var retval __premarshalAllCertifyVulnVulnerabilityCVE +func (v *AllHasMetadataSubjectSource) __premarshalJSON() (*__premarshalAllHasMetadataSubjectSource, error) { + var retval __premarshalAllHasMetadataSubjectSource retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// AllCertifyVulnVulnerabilityGHSA includes the requested fields of the GraphQL type GHSA. -// The GraphQL type's documentation follows. -// -// GHSA represents GitHub security advisories. -// -// The advisory id field is mandatory and canonicalized to be lowercase. -// -// This node can be referred to by other parts of GUAC. -type AllCertifyVulnVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// AllHasSBOMTree includes the GraphQL fields of HasSBOM requested by the fragment AllHasSBOMTree. +type AllHasSBOMTree struct { + Id string `json:"id"` + // SBOM subject + Subject AllHasSBOMTreeSubjectPackageOrArtifact `json:"-"` + // Identifier for the SBOM document + Uri string `json:"uri"` + // Algorithm by which SBOMs digest was computed + Algorithm string `json:"algorithm"` + // Digest of SBOM + Digest string `json:"digest"` + // Location from which the SBOM can be downloaded + DownloadLocation string `json:"downloadLocation"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` } -// GetTypename returns AllCertifyVulnVulnerabilityGHSA.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityGHSA) GetTypename() *string { return v.Typename } +// GetId returns AllHasSBOMTree.Id, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetId() string { return v.Id } + +// GetSubject returns AllHasSBOMTree.Subject, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { return v.Subject } + +// GetUri returns AllHasSBOMTree.Uri, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetUri() string { return v.Uri } + +// GetAlgorithm returns AllHasSBOMTree.Algorithm, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetAlgorithm() string { return v.Algorithm } + +// GetDigest returns AllHasSBOMTree.Digest, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetDigest() string { return v.Digest } + +// GetDownloadLocation returns AllHasSBOMTree.DownloadLocation, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetDownloadLocation() string { return v.DownloadLocation } -// GetId returns AllCertifyVulnVulnerabilityGHSA.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityGHSA) GetId() string { return v.AllGHSATree.Id } +// GetOrigin returns AllHasSBOMTree.Origin, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetOrigin() string { return v.Origin } -// GetGhsaId returns AllCertifyVulnVulnerabilityGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetCollector returns AllHasSBOMTree.Collector, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTree) GetCollector() string { return v.Collector } -func (v *AllCertifyVulnVulnerabilityGHSA) UnmarshalJSON(b []byte) error { +func (v *AllHasSBOMTree) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVulnVulnerabilityGHSA + *AllHasSBOMTree + Subject json.RawMessage `json:"subject"` graphql.NoUnmarshalJSON } - firstPass.AllCertifyVulnVulnerabilityGHSA = v + firstPass.AllHasSBOMTree = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllGHSATree) - if err != nil { - return err + { + dst := &v.Subject + src := firstPass.Subject + if len(src) != 0 && string(src) != "null" { + err = __unmarshalAllHasSBOMTreeSubjectPackageOrArtifact( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal AllHasSBOMTree.Subject: %w", err) + } + } } return nil } -type __premarshalAllCertifyVulnVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - +type __premarshalAllHasSBOMTree struct { Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Subject json.RawMessage `json:"subject"` + + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllCertifyVulnVulnerabilityGHSA) MarshalJSON() ([]byte, error) { +func (v *AllHasSBOMTree) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2448,69 +2511,69 @@ func (v *AllCertifyVulnVulnerabilityGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVulnVulnerabilityGHSA) __premarshalJSON() (*__premarshalAllCertifyVulnVulnerabilityGHSA, error) { - var retval __premarshalAllCertifyVulnVulnerabilityGHSA +func (v *AllHasSBOMTree) __premarshalJSON() (*__premarshalAllHasSBOMTree, error) { + var retval __premarshalAllHasSBOMTree - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil -} + retval.Id = v.Id + { -// AllCertifyVulnVulnerabilityNoVuln includes the requested fields of the GraphQL type NoVuln. -// The GraphQL type's documentation follows. -// -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type AllCertifyVulnVulnerabilityNoVuln struct { - Typename *string `json:"__typename"` - Id string `json:"id"` + dst := &retval.Subject + src := v.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.Uri + retval.Algorithm = v.Algorithm + retval.Digest = v.Digest + retval.DownloadLocation = v.DownloadLocation + retval.Origin = v.Origin + retval.Collector = v.Collector + return &retval, nil } -// GetTypename returns AllCertifyVulnVulnerabilityNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityNoVuln) GetTypename() *string { return v.Typename } - -// GetId returns AllCertifyVulnVulnerabilityNoVuln.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityNoVuln) GetId() string { return v.Id } - -// AllCertifyVulnVulnerabilityOSV includes the requested fields of the GraphQL type OSV. +// AllHasSBOMTreeSubjectArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. +// Artifact represents an artifact identified by a checksum hash. // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// This node can be referred to by other parts of GUAC. -type AllCertifyVulnVulnerabilityOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllHasSBOMTreeSubjectArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` } -// GetTypename returns AllCertifyVulnVulnerabilityOSV.Typename, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityOSV) GetTypename() *string { return v.Typename } +// GetTypename returns AllHasSBOMTreeSubjectArtifact.Typename, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectArtifact) GetTypename() *string { return v.Typename } + +// GetId returns AllHasSBOMTreeSubjectArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetId returns AllCertifyVulnVulnerabilityOSV.Id, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityOSV) GetId() string { return v.AllOSVTree.Id } +// GetAlgorithm returns AllHasSBOMTreeSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetOsvId returns AllCertifyVulnVulnerabilityOSV.OsvId, and is useful for accessing the field via an interface. -func (v *AllCertifyVulnVulnerabilityOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetDigest returns AllHasSBOMTreeSubjectArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *AllCertifyVulnVulnerabilityOSV) UnmarshalJSON(b []byte) error { +func (v *AllHasSBOMTreeSubjectArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllCertifyVulnVulnerabilityOSV + *AllHasSBOMTreeSubjectArtifact graphql.NoUnmarshalJSON } - firstPass.AllCertifyVulnVulnerabilityOSV = v + firstPass.AllHasSBOMTreeSubjectArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -2518,22 +2581,24 @@ func (v *AllCertifyVulnVulnerabilityOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalAllCertifyVulnVulnerabilityOSV struct { +type __premarshalAllHasSBOMTreeSubjectArtifact struct { Typename *string `json:"__typename"` Id string `json:"id"` - OsvId string `json:"osvId"` + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` } -func (v *AllCertifyVulnVulnerabilityOSV) MarshalJSON() ([]byte, error) { +func (v *AllHasSBOMTreeSubjectArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2541,166 +2606,88 @@ func (v *AllCertifyVulnVulnerabilityOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllCertifyVulnVulnerabilityOSV) __premarshalJSON() (*__premarshalAllCertifyVulnVulnerabilityOSV, error) { - var retval __premarshalAllCertifyVulnVulnerabilityOSV +func (v *AllHasSBOMTreeSubjectArtifact) __premarshalJSON() (*__premarshalAllHasSBOMTreeSubjectArtifact, error) { + var retval __premarshalAllHasSBOMTreeSubjectArtifact retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// AllCveTree includes the GraphQL fields of CVE requested by the fragment AllCveTree. +// AllHasSBOMTreeSubjectPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. +// Package represents the root of the package trie/tree. // -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// This node can be referred to by other parts of GUAC. -type AllCveTree struct { - Id string `json:"id"` - Year int `json:"year"` - CveId string `json:"cveId"` +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type AllHasSBOMTreeSubjectPackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetId returns AllCveTree.Id, and is useful for accessing the field via an interface. -func (v *AllCveTree) GetId() string { return v.Id } - -// GetYear returns AllCveTree.Year, and is useful for accessing the field via an interface. -func (v *AllCveTree) GetYear() int { return v.Year } - -// GetCveId returns AllCveTree.CveId, and is useful for accessing the field via an interface. -func (v *AllCveTree) GetCveId() string { return v.CveId } - -// AllGHSATree includes the GraphQL fields of GHSA requested by the fragment AllGHSATree. -// The GraphQL type's documentation follows. -// -// GHSA represents GitHub security advisories. -// -// The advisory id field is mandatory and canonicalized to be lowercase. -// -// This node can be referred to by other parts of GUAC. -type AllGHSATree struct { - Id string `json:"id"` - GhsaId string `json:"ghsaId"` -} +// GetTypename returns AllHasSBOMTreeSubjectPackage.Typename, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectPackage) GetTypename() *string { return v.Typename } -// GetId returns AllGHSATree.Id, and is useful for accessing the field via an interface. -func (v *AllGHSATree) GetId() string { return v.Id } +// GetId returns AllHasSBOMTreeSubjectPackage.Id, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectPackage) GetId() string { return v.AllPkgTree.Id } -// GetGhsaId returns AllGHSATree.GhsaId, and is useful for accessing the field via an interface. -func (v *AllGHSATree) GetGhsaId() string { return v.GhsaId } +// GetType returns AllHasSBOMTreeSubjectPackage.Type, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectPackage) GetType() string { return v.AllPkgTree.Type } -// AllHasMetadata includes the GraphQL fields of HasMetadata requested by the fragment AllHasMetadata. -// The GraphQL type's documentation follows. -// -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". -// -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. -// -// Justification indicates how the metadata was determined. -// -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type AllHasMetadata struct { - Id string `json:"id"` - Subject AllHasMetadataSubjectPackageSourceOrArtifact `json:"-"` - Key string `json:"key"` - Value string `json:"value"` - Timestamp time.Time `json:"timestamp"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// GetNamespaces returns AllHasSBOMTreeSubjectPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllHasSBOMTreeSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -// GetId returns AllHasMetadata.Id, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetId() string { return v.Id } - -// GetSubject returns AllHasMetadata.Subject, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { return v.Subject } - -// GetKey returns AllHasMetadata.Key, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetKey() string { return v.Key } - -// GetValue returns AllHasMetadata.Value, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetValue() string { return v.Value } - -// GetTimestamp returns AllHasMetadata.Timestamp, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetTimestamp() time.Time { return v.Timestamp } - -// GetJustification returns AllHasMetadata.Justification, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetJustification() string { return v.Justification } - -// GetOrigin returns AllHasMetadata.Origin, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetOrigin() string { return v.Origin } - -// GetCollector returns AllHasMetadata.Collector, and is useful for accessing the field via an interface. -func (v *AllHasMetadata) GetCollector() string { return v.Collector } - -func (v *AllHasMetadata) UnmarshalJSON(b []byte) error { +func (v *AllHasSBOMTreeSubjectPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasMetadata - Subject json.RawMessage `json:"subject"` + *AllHasSBOMTreeSubjectPackage graphql.NoUnmarshalJSON } - firstPass.AllHasMetadata = v + firstPass.AllHasSBOMTreeSubjectPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - { - dst := &v.Subject - src := firstPass.Subject - if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllHasMetadataSubjectPackageSourceOrArtifact( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal AllHasMetadata.Subject: %w", err) - } - } + err = json.Unmarshal( + b, &v.AllPkgTree) + if err != nil { + return err } return nil } -type __premarshalAllHasMetadata struct { - Id string `json:"id"` +type __premarshalAllHasSBOMTreeSubjectPackage struct { + Typename *string `json:"__typename"` - Subject json.RawMessage `json:"subject"` + Id string `json:"id"` - Key string `json:"key"` + Type string `json:"type"` - Value string `json:"value"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` +} - Timestamp time.Time `json:"timestamp"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *AllHasMetadata) MarshalJSON() ([]byte, error) { +func (v *AllHasSBOMTreeSubjectPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2708,112 +2695,142 @@ func (v *AllHasMetadata) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasMetadata) __premarshalJSON() (*__premarshalAllHasMetadata, error) { - var retval __premarshalAllHasMetadata - - retval.Id = v.Id - { +func (v *AllHasSBOMTreeSubjectPackage) __premarshalJSON() (*__premarshalAllHasSBOMTreeSubjectPackage, error) { + var retval __premarshalAllHasSBOMTreeSubjectPackage - dst := &retval.Subject - src := v.Subject - var err error - *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal AllHasMetadata.Subject: %w", err) - } - } - retval.Key = v.Key - retval.Value = v.Value - retval.Timestamp = v.Timestamp - retval.Justification = v.Justification - retval.Origin = v.Origin - retval.Collector = v.Collector + retval.Typename = v.Typename + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllHasMetadataSubjectArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. +// AllHasSBOMTreeSubjectPackageOrArtifact includes the requested fields of the GraphQL interface PackageOrArtifact. // -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// AllHasSBOMTreeSubjectPackageOrArtifact is implemented by the following types: +// AllHasSBOMTreeSubjectArtifact +// AllHasSBOMTreeSubjectPackage +// The GraphQL type's documentation follows. // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllHasMetadataSubjectArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` +// PackageOrArtifact is a union of Package and Artifact. +type AllHasSBOMTreeSubjectPackageOrArtifact interface { + implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -// GetTypename returns AllHasMetadataSubjectArtifact.Typename, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectArtifact) GetTypename() *string { return v.Typename } - -// GetId returns AllHasMetadataSubjectArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } - -// GetAlgorithm returns AllHasMetadataSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } - -// GetDigest returns AllHasMetadataSubjectArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - -func (v *AllHasMetadataSubjectArtifact) UnmarshalJSON(b []byte) error { +func (v *AllHasSBOMTreeSubjectArtifact) implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() { +} +func (v *AllHasSBOMTreeSubjectPackage) implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() { +} +func __unmarshalAllHasSBOMTreeSubjectPackageOrArtifact(b []byte, v *AllHasSBOMTreeSubjectPackageOrArtifact) error { if string(b) == "null" { return nil } - var firstPass struct { - *AllHasMetadataSubjectArtifact - graphql.NoUnmarshalJSON + var tn struct { + TypeName string `json:"__typename"` } - firstPass.AllHasMetadataSubjectArtifact = v - - err := json.Unmarshal(b, &firstPass) + err := json.Unmarshal(b, &tn) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllArtifactTree) - if err != nil { - return err + switch tn.TypeName { + case "Artifact": + *v = new(AllHasSBOMTreeSubjectArtifact) + return json.Unmarshal(b, *v) + case "Package": + *v = new(AllHasSBOMTreeSubjectPackage) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing PackageOrArtifact.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for AllHasSBOMTreeSubjectPackageOrArtifact: "%v"`, tn.TypeName) } - return nil } -type __premarshalAllHasMetadataSubjectArtifact struct { - Typename *string `json:"__typename"` +func __marshalAllHasSBOMTreeSubjectPackageOrArtifact(v *AllHasSBOMTreeSubjectPackageOrArtifact) ([]byte, error) { - Id string `json:"id"` + var typename string + switch v := (*v).(type) { + case *AllHasSBOMTreeSubjectArtifact: + typename = "Artifact" - Algorithm string `json:"algorithm"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalAllHasSBOMTreeSubjectArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *AllHasSBOMTreeSubjectPackage: + typename = "Package" - Digest string `json:"digest"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalAllHasSBOMTreeSubjectPackage + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for AllHasSBOMTreeSubjectPackageOrArtifact: "%T"`, v) + } } -func (v *AllHasMetadataSubjectArtifact) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// AllHasSourceAt includes the GraphQL fields of HasSourceAt requested by the fragment AllHasSourceAt. +// The GraphQL type's documentation follows. +// +// HasSourceAt records that a package's repository is a given source. +type AllHasSourceAt struct { + Id string `json:"id"` + // Justification for the attested relationship + Justification string `json:"justification"` + // Timestamp since this link between package and source was certified + KnownSince time.Time `json:"knownSince"` + // The subject of the attestation: can be a PackageName or a PackageVersion + Package AllHasSourceAtPackage `json:"package"` + // Source repository from which the package is built + Source AllHasSourceAtSource `json:"source"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` } -func (v *AllHasMetadataSubjectArtifact) __premarshalJSON() (*__premarshalAllHasMetadataSubjectArtifact, error) { - var retval __premarshalAllHasMetadataSubjectArtifact +// GetId returns AllHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetId() string { return v.Id } - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil -} +// GetJustification returns AllHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetJustification() string { return v.Justification } -// AllHasMetadataSubjectPackage includes the requested fields of the GraphQL type Package. +// GetKnownSince returns AllHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetKnownSince() time.Time { return v.KnownSince } + +// GetPackage returns AllHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.Package } + +// GetSource returns AllHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetSource() AllHasSourceAtSource { return v.Source } + +// GetOrigin returns AllHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetOrigin() string { return v.Origin } + +// GetCollector returns AllHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *AllHasSourceAt) GetCollector() string { return v.Collector } + +// AllHasSourceAtPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -2830,36 +2847,32 @@ func (v *AllHasMetadataSubjectArtifact) __premarshalJSON() (*__premarshalAllHasM // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllHasMetadataSubjectPackage struct { - Typename *string `json:"__typename"` +type AllHasSourceAtPackage struct { AllPkgTree `json:"-"` } -// GetTypename returns AllHasMetadataSubjectPackage.Typename, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectPackage) GetTypename() *string { return v.Typename } - -// GetId returns AllHasMetadataSubjectPackage.Id, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllHasSourceAtPackage.Id, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtPackage) GetId() string { return v.AllPkgTree.Id } -// GetType returns AllHasMetadataSubjectPackage.Type, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectPackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllHasSourceAtPackage.Type, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtPackage) GetType() string { return v.AllPkgTree.Type } -// GetNamespaces returns AllHasMetadataSubjectPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { +// GetNamespaces returns AllHasSourceAtPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.AllPkgTree.Namespaces } -func (v *AllHasMetadataSubjectPackage) UnmarshalJSON(b []byte) error { +func (v *AllHasSourceAtPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasMetadataSubjectPackage + *AllHasSourceAtPackage graphql.NoUnmarshalJSON } - firstPass.AllHasMetadataSubjectPackage = v + firstPass.AllHasSourceAtPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -2874,9 +2887,7 @@ func (v *AllHasMetadataSubjectPackage) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllHasMetadataSubjectPackage struct { - Typename *string `json:"__typename"` - +type __premarshalAllHasSourceAtPackage struct { Id string `json:"id"` Type string `json:"type"` @@ -2884,7 +2895,7 @@ type __premarshalAllHasMetadataSubjectPackage struct { Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllHasMetadataSubjectPackage) MarshalJSON() ([]byte, error) { +func (v *AllHasSourceAtPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -2892,162 +2903,55 @@ func (v *AllHasMetadataSubjectPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasMetadataSubjectPackage) __premarshalJSON() (*__premarshalAllHasMetadataSubjectPackage, error) { - var retval __premarshalAllHasMetadataSubjectPackage +func (v *AllHasSourceAtPackage) __premarshalJSON() (*__premarshalAllHasSourceAtPackage, error) { + var retval __premarshalAllHasSourceAtPackage - retval.Typename = v.Typename retval.Id = v.AllPkgTree.Id retval.Type = v.AllPkgTree.Type retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllHasMetadataSubjectPackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. -// -// AllHasMetadataSubjectPackageSourceOrArtifact is implemented by the following types: -// AllHasMetadataSubjectArtifact -// AllHasMetadataSubjectPackage -// AllHasMetadataSubjectSource +// AllHasSourceAtSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// PackageSourceOrArtifact is a union of Package, Source, and Artifact. -type AllHasMetadataSubjectPackageSourceOrArtifact interface { - implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type AllHasSourceAtSource struct { + AllSourceTree `json:"-"` } -func (v *AllHasMetadataSubjectArtifact) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { -} -func (v *AllHasMetadataSubjectPackage) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { -} -func (v *AllHasMetadataSubjectSource) implementsGraphQLInterfaceAllHasMetadataSubjectPackageSourceOrArtifact() { -} - -func __unmarshalAllHasMetadataSubjectPackageSourceOrArtifact(b []byte, v *AllHasMetadataSubjectPackageSourceOrArtifact) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(AllHasMetadataSubjectArtifact) - return json.Unmarshal(b, *v) - case "Package": - *v = new(AllHasMetadataSubjectPackage) - return json.Unmarshal(b, *v) - case "Source": - *v = new(AllHasMetadataSubjectSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing PackageSourceOrArtifact.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for AllHasMetadataSubjectPackageSourceOrArtifact: "%v"`, tn.TypeName) - } -} - -func __marshalAllHasMetadataSubjectPackageSourceOrArtifact(v *AllHasMetadataSubjectPackageSourceOrArtifact) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *AllHasMetadataSubjectArtifact: - typename = "Artifact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllHasMetadataSubjectArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *AllHasMetadataSubjectPackage: - typename = "Package" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllHasMetadataSubjectPackage - }{typename, premarshaled} - return json.Marshal(result) - case *AllHasMetadataSubjectSource: - typename = "Source" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllHasMetadataSubjectSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for AllHasMetadataSubjectPackageSourceOrArtifact: "%T"`, v) - } -} - -// AllHasMetadataSubjectSource includes the requested fields of the GraphQL type Source. -// The GraphQL type's documentation follows. -// -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. -// -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type AllHasMetadataSubjectSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` -} - -// GetTypename returns AllHasMetadataSubjectSource.Typename, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectSource) GetTypename() *string { return v.Typename } - -// GetId returns AllHasMetadataSubjectSource.Id, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns AllHasSourceAtSource.Id, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtSource) GetId() string { return v.AllSourceTree.Id } -// GetType returns AllHasMetadataSubjectSource.Type, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectSource) GetType() string { return v.AllSourceTree.Type } +// GetType returns AllHasSourceAtSource.Type, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtSource) GetType() string { return v.AllSourceTree.Type } -// GetNamespaces returns AllHasMetadataSubjectSource.Namespaces, and is useful for accessing the field via an interface. -func (v *AllHasMetadataSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { +// GetNamespaces returns AllHasSourceAtSource.Namespaces, and is useful for accessing the field via an interface. +func (v *AllHasSourceAtSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { return v.AllSourceTree.Namespaces } -func (v *AllHasMetadataSubjectSource) UnmarshalJSON(b []byte) error { +func (v *AllHasSourceAtSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasMetadataSubjectSource + *AllHasSourceAtSource graphql.NoUnmarshalJSON } - firstPass.AllHasMetadataSubjectSource = v + firstPass.AllHasSourceAtSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3062,9 +2966,7 @@ func (v *AllHasMetadataSubjectSource) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllHasMetadataSubjectSource struct { - Typename *string `json:"__typename"` - +type __premarshalAllHasSourceAtSource struct { Id string `json:"id"` Type string `json:"type"` @@ -3072,7 +2974,7 @@ type __premarshalAllHasMetadataSubjectSource struct { Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *AllHasMetadataSubjectSource) MarshalJSON() ([]byte, error) { +func (v *AllHasSourceAtSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3080,111 +2982,103 @@ func (v *AllHasMetadataSubjectSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasMetadataSubjectSource) __premarshalJSON() (*__premarshalAllHasMetadataSubjectSource, error) { - var retval __premarshalAllHasMetadataSubjectSource +func (v *AllHasSourceAtSource) __premarshalJSON() (*__premarshalAllHasSourceAtSource, error) { + var retval __premarshalAllHasSourceAtSource - retval.Typename = v.Typename retval.Id = v.AllSourceTree.Id retval.Type = v.AllSourceTree.Type retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// AllHasSBOMTree includes the GraphQL fields of HasSBOM requested by the fragment AllHasSBOMTree. -type AllHasSBOMTree struct { +// AllHashEqualTree includes the GraphQL fields of HashEqual requested by the fragment AllHashEqualTree. +// The GraphQL type's documentation follows. +// +// HashEqual is an attestation that a set of artifacts are identical. +type AllHashEqualTree struct { Id string `json:"id"` - // SBOM subject - Subject AllHasSBOMTreeSubjectPackageOrArtifact `json:"-"` - // Identifier for the SBOM document - Uri string `json:"uri"` - // Algorithm by which SBOMs digest was computed - Algorithm string `json:"algorithm"` - // Digest of SBOM - Digest string `json:"digest"` - // Location from which the SBOM can be downloaded - DownloadLocation string `json:"downloadLocation"` + // Justification for the claim that the artifacts are similar + Justification string `json:"justification"` + // Collection of artifacts that are similar + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` } -// GetId returns AllHasSBOMTree.Id, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetId() string { return v.Id } +// GetId returns AllHashEqualTree.Id, and is useful for accessing the field via an interface. +func (v *AllHashEqualTree) GetId() string { return v.Id } -// GetSubject returns AllHasSBOMTree.Subject, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { return v.Subject } +// GetJustification returns AllHashEqualTree.Justification, and is useful for accessing the field via an interface. +func (v *AllHashEqualTree) GetJustification() string { return v.Justification } -// GetUri returns AllHasSBOMTree.Uri, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetUri() string { return v.Uri } +// GetArtifacts returns AllHashEqualTree.Artifacts, and is useful for accessing the field via an interface. +func (v *AllHashEqualTree) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { return v.Artifacts } -// GetAlgorithm returns AllHasSBOMTree.Algorithm, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetAlgorithm() string { return v.Algorithm } +// GetOrigin returns AllHashEqualTree.Origin, and is useful for accessing the field via an interface. +func (v *AllHashEqualTree) GetOrigin() string { return v.Origin } -// GetDigest returns AllHasSBOMTree.Digest, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetDigest() string { return v.Digest } +// GetCollector returns AllHashEqualTree.Collector, and is useful for accessing the field via an interface. +func (v *AllHashEqualTree) GetCollector() string { return v.Collector } -// GetDownloadLocation returns AllHasSBOMTree.DownloadLocation, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetDownloadLocation() string { return v.DownloadLocation } +// AllHashEqualTreeArtifactsArtifact includes the requested fields of the GraphQL type Artifact. +// The GraphQL type's documentation follows. +// +// Artifact represents an artifact identified by a checksum hash. +// +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. +// +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllHashEqualTreeArtifactsArtifact struct { + AllArtifactTree `json:"-"` +} -// GetOrigin returns AllHasSBOMTree.Origin, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetOrigin() string { return v.Origin } +// GetId returns AllHashEqualTreeArtifactsArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllHashEqualTreeArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetCollector returns AllHasSBOMTree.Collector, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTree) GetCollector() string { return v.Collector } +// GetAlgorithm returns AllHashEqualTreeArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllHashEqualTreeArtifactsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -func (v *AllHasSBOMTree) UnmarshalJSON(b []byte) error { +// GetDigest returns AllHashEqualTreeArtifactsArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllHashEqualTreeArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } + +func (v *AllHashEqualTreeArtifactsArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasSBOMTree - Subject json.RawMessage `json:"subject"` + *AllHashEqualTreeArtifactsArtifact graphql.NoUnmarshalJSON } - firstPass.AllHasSBOMTree = v + firstPass.AllHashEqualTreeArtifactsArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - { - dst := &v.Subject - src := firstPass.Subject - if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllHasSBOMTreeSubjectPackageOrArtifact( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal AllHasSBOMTree.Subject: %w", err) - } - } + err = json.Unmarshal( + b, &v.AllArtifactTree) + if err != nil { + return err } return nil } -type __premarshalAllHasSBOMTree struct { +type __premarshalAllHashEqualTreeArtifactsArtifact struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - Algorithm string `json:"algorithm"` Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` } -func (v *AllHasSBOMTree) MarshalJSON() ([]byte, error) { +func (v *AllHashEqualTreeArtifactsArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3192,69 +3086,106 @@ func (v *AllHasSBOMTree) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasSBOMTree) __premarshalJSON() (*__premarshalAllHasSBOMTree, error) { - var retval __premarshalAllHasSBOMTree +func (v *AllHashEqualTreeArtifactsArtifact) __premarshalJSON() (*__premarshalAllHashEqualTreeArtifactsArtifact, error) { + var retval __premarshalAllHashEqualTreeArtifactsArtifact - retval.Id = v.Id - { + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest + return &retval, nil +} - dst := &retval.Subject - src := v.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.Uri - retval.Algorithm = v.Algorithm - retval.Digest = v.Digest - retval.DownloadLocation = v.DownloadLocation - retval.Origin = v.Origin - retval.Collector = v.Collector - return &retval, nil +// AllIsDependencyTree includes the GraphQL fields of IsDependency requested by the fragment AllIsDependencyTree. +// The GraphQL type's documentation follows. +// +// IsDependency is an attestation to record that a package depends on another. +type AllIsDependencyTree struct { + Id string `json:"id"` + // Justification for the attested relationship + Justification string `json:"justification"` + // Package that has the dependency + Package AllIsDependencyTreePackage `json:"package"` + // Package for the dependency; MUST BE PackageName, not PackageVersion + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + // Type of dependency + DependencyType DependencyType `json:"dependencyType"` + // Version range for the dependency link + VersionRange string `json:"versionRange"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` } -// AllHasSBOMTreeSubjectArtifact includes the requested fields of the GraphQL type Artifact. +// GetId returns AllIsDependencyTree.Id, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetId() string { return v.Id } + +// GetJustification returns AllIsDependencyTree.Justification, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetJustification() string { return v.Justification } + +// GetPackage returns AllIsDependencyTree.Package, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetPackage() AllIsDependencyTreePackage { return v.Package } + +// GetDependentPackage returns AllIsDependencyTree.DependentPackage, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.DependentPackage +} + +// GetDependencyType returns AllIsDependencyTree.DependencyType, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetDependencyType() DependencyType { return v.DependencyType } + +// GetVersionRange returns AllIsDependencyTree.VersionRange, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetVersionRange() string { return v.VersionRange } + +// GetOrigin returns AllIsDependencyTree.Origin, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetOrigin() string { return v.Origin } + +// GetCollector returns AllIsDependencyTree.Collector, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTree) GetCollector() string { return v.Collector } + +// AllIsDependencyTreeDependentPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. +// Package represents the root of the package trie/tree. // -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllHasSBOMTreeSubjectArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type AllIsDependencyTreeDependentPackage struct { + AllPkgTree `json:"-"` } -// GetTypename returns AllHasSBOMTreeSubjectArtifact.Typename, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectArtifact) GetTypename() *string { return v.Typename } - -// GetId returns AllHasSBOMTreeSubjectArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetId returns AllIsDependencyTreeDependentPackage.Id, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreeDependentPackage) GetId() string { return v.AllPkgTree.Id } -// GetAlgorithm returns AllHasSBOMTreeSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetType returns AllIsDependencyTreeDependentPackage.Type, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreeDependentPackage) GetType() string { return v.AllPkgTree.Type } -// GetDigest returns AllHasSBOMTreeSubjectArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetNamespaces returns AllIsDependencyTreeDependentPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreeDependentPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} -func (v *AllHasSBOMTreeSubjectArtifact) UnmarshalJSON(b []byte) error { +func (v *AllIsDependencyTreeDependentPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasSBOMTreeSubjectArtifact + *AllIsDependencyTreeDependentPackage graphql.NoUnmarshalJSON } - firstPass.AllHasSBOMTreeSubjectArtifact = v + firstPass.AllIsDependencyTreeDependentPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3262,24 +3193,22 @@ func (v *AllHasSBOMTreeSubjectArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalAllHasSBOMTreeSubjectArtifact struct { - Typename *string `json:"__typename"` - +type __premarshalAllIsDependencyTreeDependentPackage struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Type string `json:"type"` - Digest string `json:"digest"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllHasSBOMTreeSubjectArtifact) MarshalJSON() ([]byte, error) { +func (v *AllIsDependencyTreeDependentPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3287,17 +3216,16 @@ func (v *AllHasSBOMTreeSubjectArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasSBOMTreeSubjectArtifact) __premarshalJSON() (*__premarshalAllHasSBOMTreeSubjectArtifact, error) { - var retval __premarshalAllHasSBOMTreeSubjectArtifact +func (v *AllIsDependencyTreeDependentPackage) __premarshalJSON() (*__premarshalAllIsDependencyTreeDependentPackage, error) { + var retval __premarshalAllIsDependencyTreeDependentPackage - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllHasSBOMTreeSubjectPackage includes the requested fields of the GraphQL type Package. +// AllIsDependencyTreePackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -3314,36 +3242,32 @@ func (v *AllHasSBOMTreeSubjectArtifact) __premarshalJSON() (*__premarshalAllHasS // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllHasSBOMTreeSubjectPackage struct { - Typename *string `json:"__typename"` +type AllIsDependencyTreePackage struct { AllPkgTree `json:"-"` } -// GetTypename returns AllHasSBOMTreeSubjectPackage.Typename, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectPackage) GetTypename() *string { return v.Typename } - -// GetId returns AllHasSBOMTreeSubjectPackage.Id, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllIsDependencyTreePackage.Id, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreePackage) GetId() string { return v.AllPkgTree.Id } -// GetType returns AllHasSBOMTreeSubjectPackage.Type, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectPackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllIsDependencyTreePackage.Type, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreePackage) GetType() string { return v.AllPkgTree.Type } -// GetNamespaces returns AllHasSBOMTreeSubjectPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllHasSBOMTreeSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { +// GetNamespaces returns AllIsDependencyTreePackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllIsDependencyTreePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.AllPkgTree.Namespaces } -func (v *AllHasSBOMTreeSubjectPackage) UnmarshalJSON(b []byte) error { +func (v *AllIsDependencyTreePackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasSBOMTreeSubjectPackage + *AllIsDependencyTreePackage graphql.NoUnmarshalJSON } - firstPass.AllHasSBOMTreeSubjectPackage = v + firstPass.AllIsDependencyTreePackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3358,9 +3282,7 @@ func (v *AllHasSBOMTreeSubjectPackage) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllHasSBOMTreeSubjectPackage struct { - Typename *string `json:"__typename"` - +type __premarshalAllIsDependencyTreePackage struct { Id string `json:"id"` Type string `json:"type"` @@ -3368,7 +3290,7 @@ type __premarshalAllHasSBOMTreeSubjectPackage struct { Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllHasSBOMTreeSubjectPackage) MarshalJSON() ([]byte, error) { +func (v *AllIsDependencyTreePackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3376,184 +3298,167 @@ func (v *AllHasSBOMTreeSubjectPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasSBOMTreeSubjectPackage) __premarshalJSON() (*__premarshalAllHasSBOMTreeSubjectPackage, error) { - var retval __premarshalAllHasSBOMTreeSubjectPackage +func (v *AllIsDependencyTreePackage) __premarshalJSON() (*__premarshalAllIsDependencyTreePackage, error) { + var retval __premarshalAllIsDependencyTreePackage - retval.Typename = v.Typename retval.Id = v.AllPkgTree.Id retval.Type = v.AllPkgTree.Type retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllHasSBOMTreeSubjectPackageOrArtifact includes the requested fields of the GraphQL interface PackageOrArtifact. -// -// AllHasSBOMTreeSubjectPackageOrArtifact is implemented by the following types: -// AllHasSBOMTreeSubjectArtifact -// AllHasSBOMTreeSubjectPackage +// AllIsOccurrencesTree includes the GraphQL fields of IsOccurrence requested by the fragment AllIsOccurrencesTree. // The GraphQL type's documentation follows. // -// PackageOrArtifact is a union of Package and Artifact. -type AllHasSBOMTreeSubjectPackageOrArtifact interface { - implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string +// IsOccurrence is an attestation to link an artifact to a package or source. +// +// Attestation must occur at the PackageVersion or at the SourceName. +type AllIsOccurrencesTree struct { + Id string `json:"id"` + // Package or source from which the artifact originates + Subject AllIsOccurrencesTreeSubjectPackageOrSource `json:"-"` + // The artifact in the relationship + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + // Justification for the attested relationship + Justification string `json:"justification"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` } -func (v *AllHasSBOMTreeSubjectArtifact) implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() { -} -func (v *AllHasSBOMTreeSubjectPackage) implementsGraphQLInterfaceAllHasSBOMTreeSubjectPackageOrArtifact() { +// GetId returns AllIsOccurrencesTree.Id, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetId() string { return v.Id } + +// GetSubject returns AllIsOccurrencesTree.Subject, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.Subject } -func __unmarshalAllHasSBOMTreeSubjectPackageOrArtifact(b []byte, v *AllHasSBOMTreeSubjectPackageOrArtifact) error { +// GetArtifact returns AllIsOccurrencesTree.Artifact, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetArtifact() AllIsOccurrencesTreeArtifact { return v.Artifact } + +// GetJustification returns AllIsOccurrencesTree.Justification, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetJustification() string { return v.Justification } + +// GetOrigin returns AllIsOccurrencesTree.Origin, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetOrigin() string { return v.Origin } + +// GetCollector returns AllIsOccurrencesTree.Collector, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTree) GetCollector() string { return v.Collector } + +func (v *AllIsOccurrencesTree) UnmarshalJSON(b []byte) error { + if string(b) == "null" { return nil } - var tn struct { - TypeName string `json:"__typename"` + var firstPass struct { + *AllIsOccurrencesTree + Subject json.RawMessage `json:"subject"` + graphql.NoUnmarshalJSON } - err := json.Unmarshal(b, &tn) + firstPass.AllIsOccurrencesTree = v + + err := json.Unmarshal(b, &firstPass) if err != nil { return err } - switch tn.TypeName { - case "Artifact": - *v = new(AllHasSBOMTreeSubjectArtifact) - return json.Unmarshal(b, *v) - case "Package": - *v = new(AllHasSBOMTreeSubjectPackage) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing PackageOrArtifact.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for AllHasSBOMTreeSubjectPackageOrArtifact: "%v"`, tn.TypeName) + { + dst := &v.Subject + src := firstPass.Subject + if len(src) != 0 && string(src) != "null" { + err = __unmarshalAllIsOccurrencesTreeSubjectPackageOrSource( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal AllIsOccurrencesTree.Subject: %w", err) + } + } } + return nil } -func __marshalAllHasSBOMTreeSubjectPackageOrArtifact(v *AllHasSBOMTreeSubjectPackageOrArtifact) ([]byte, error) { +type __premarshalAllIsOccurrencesTree struct { + Id string `json:"id"` - var typename string - switch v := (*v).(type) { - case *AllHasSBOMTreeSubjectArtifact: - typename = "Artifact" + Subject json.RawMessage `json:"subject"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllHasSBOMTreeSubjectArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *AllHasSBOMTreeSubjectPackage: - typename = "Package" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllHasSBOMTreeSubjectPackage - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for AllHasSBOMTreeSubjectPackageOrArtifact: "%T"`, v) - } -} + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` -// AllHasSourceAt includes the GraphQL fields of HasSourceAt requested by the fragment AllHasSourceAt. -// The GraphQL type's documentation follows. -// -// HasSourceAt records that a package's repository is a given source. -type AllHasSourceAt struct { - Id string `json:"id"` - // Justification for the attested relationship Justification string `json:"justification"` - // Timestamp since this link between package and source was certified - KnownSince time.Time `json:"knownSince"` - // The subject of the attestation: can be a PackageName or a PackageVersion - Package AllHasSourceAtPackage `json:"package"` - // Source repository from which the package is built - Source AllHasSourceAtSource `json:"source"` - // Document from which this attestation is generated from + Origin string `json:"origin"` - // GUAC collector for the document + Collector string `json:"collector"` } -// GetId returns AllHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetId() string { return v.Id } - -// GetJustification returns AllHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetJustification() string { return v.Justification } - -// GetKnownSince returns AllHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetKnownSince() time.Time { return v.KnownSince } - -// GetPackage returns AllHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.Package } +func (v *AllIsOccurrencesTree) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetSource returns AllHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetSource() AllHasSourceAtSource { return v.Source } +func (v *AllIsOccurrencesTree) __premarshalJSON() (*__premarshalAllIsOccurrencesTree, error) { + var retval __premarshalAllIsOccurrencesTree -// GetOrigin returns AllHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetOrigin() string { return v.Origin } + retval.Id = v.Id + { -// GetCollector returns AllHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *AllHasSourceAt) GetCollector() string { return v.Collector } + dst := &retval.Subject + src := v.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.Artifact + retval.Justification = v.Justification + retval.Origin = v.Origin + retval.Collector = v.Collector + return &retval, nil +} -// AllHasSourceAtPackage includes the requested fields of the GraphQL type Package. +// AllIsOccurrencesTreeArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// Artifact represents an artifact identified by a checksum hash. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type AllHasSourceAtPackage struct { - AllPkgTree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllIsOccurrencesTreeArtifact struct { + AllArtifactTree `json:"-"` } -// GetId returns AllHasSourceAtPackage.Id, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllIsOccurrencesTreeArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetType returns AllHasSourceAtPackage.Type, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtPackage) GetType() string { return v.AllPkgTree.Type } +// GetAlgorithm returns AllIsOccurrencesTreeArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetNamespaces returns AllHasSourceAtPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces -} +// GetDigest returns AllIsOccurrencesTreeArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *AllHasSourceAtPackage) UnmarshalJSON(b []byte) error { +func (v *AllIsOccurrencesTreeArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasSourceAtPackage + *AllIsOccurrencesTreeArtifact graphql.NoUnmarshalJSON } - firstPass.AllHasSourceAtPackage = v + firstPass.AllIsOccurrencesTreeArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3561,22 +3466,22 @@ func (v *AllHasSourceAtPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalAllHasSourceAtPackage struct { +type __premarshalAllIsOccurrencesTreeArtifact struct { Id string `json:"id"` - Type string `json:"type"` + Algorithm string `json:"algorithm"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Digest string `json:"digest"` } -func (v *AllHasSourceAtPackage) MarshalJSON() ([]byte, error) { +func (v *AllIsOccurrencesTreeArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3584,55 +3489,62 @@ func (v *AllHasSourceAtPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasSourceAtPackage) __premarshalJSON() (*__premarshalAllHasSourceAtPackage, error) { - var retval __premarshalAllHasSourceAtPackage +func (v *AllIsOccurrencesTreeArtifact) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeArtifact, error) { + var retval __premarshalAllIsOccurrencesTreeArtifact - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// AllHasSourceAtSource includes the requested fields of the GraphQL type Source. +// AllIsOccurrencesTreeSubjectPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. +// Package represents the root of the package trie/tree. // -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type AllHasSourceAtSource struct { - AllSourceTree `json:"-"` +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type AllIsOccurrencesTreeSubjectPackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetId returns AllHasSourceAtSource.Id, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtSource) GetId() string { return v.AllSourceTree.Id } +// GetTypename returns AllIsOccurrencesTreeSubjectPackage.Typename, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectPackage) GetTypename() *string { return v.Typename } -// GetType returns AllHasSourceAtSource.Type, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtSource) GetType() string { return v.AllSourceTree.Type } +// GetId returns AllIsOccurrencesTreeSubjectPackage.Id, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectPackage) GetId() string { return v.AllPkgTree.Id } -// GetNamespaces returns AllHasSourceAtSource.Namespaces, and is useful for accessing the field via an interface. -func (v *AllHasSourceAtSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetType returns AllIsOccurrencesTreeSubjectPackage.Type, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectPackage) GetType() string { return v.AllPkgTree.Type } + +// GetNamespaces returns AllIsOccurrencesTreeSubjectPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -func (v *AllHasSourceAtSource) UnmarshalJSON(b []byte) error { +func (v *AllIsOccurrencesTreeSubjectPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHasSourceAtSource + *AllIsOccurrencesTreeSubjectPackage graphql.NoUnmarshalJSON } - firstPass.AllHasSourceAtSource = v + firstPass.AllIsOccurrencesTreeSubjectPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3640,22 +3552,24 @@ func (v *AllHasSourceAtSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalAllHasSourceAtSource struct { +type __premarshalAllIsOccurrencesTreeSubjectPackage struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Type string `json:"type"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllHasSourceAtSource) MarshalJSON() ([]byte, error) { +func (v *AllIsOccurrencesTreeSubjectPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3663,80 +3577,144 @@ func (v *AllHasSourceAtSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHasSourceAtSource) __premarshalJSON() (*__premarshalAllHasSourceAtSource, error) { - var retval __premarshalAllHasSourceAtSource +func (v *AllIsOccurrencesTreeSubjectPackage) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeSubjectPackage, error) { + var retval __premarshalAllIsOccurrencesTreeSubjectPackage - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// AllHashEqualTree includes the GraphQL fields of HashEqual requested by the fragment AllHashEqualTree. +// AllIsOccurrencesTreeSubjectPackageOrSource includes the requested fields of the GraphQL interface PackageOrSource. +// +// AllIsOccurrencesTreeSubjectPackageOrSource is implemented by the following types: +// AllIsOccurrencesTreeSubjectPackage +// AllIsOccurrencesTreeSubjectSource // The GraphQL type's documentation follows. // -// HashEqual is an attestation that a set of artifacts are identical. -type AllHashEqualTree struct { - Id string `json:"id"` - // Justification for the claim that the artifacts are similar - Justification string `json:"justification"` - // Collection of artifacts that are similar - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` +// PackageOrSource is a union of Package and Source. +type AllIsOccurrencesTreeSubjectPackageOrSource interface { + implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -// GetId returns AllHashEqualTree.Id, and is useful for accessing the field via an interface. -func (v *AllHashEqualTree) GetId() string { return v.Id } - -// GetJustification returns AllHashEqualTree.Justification, and is useful for accessing the field via an interface. -func (v *AllHashEqualTree) GetJustification() string { return v.Justification } +func (v *AllIsOccurrencesTreeSubjectPackage) implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() { +} +func (v *AllIsOccurrencesTreeSubjectSource) implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() { +} -// GetArtifacts returns AllHashEqualTree.Artifacts, and is useful for accessing the field via an interface. -func (v *AllHashEqualTree) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { return v.Artifacts } +func __unmarshalAllIsOccurrencesTreeSubjectPackageOrSource(b []byte, v *AllIsOccurrencesTreeSubjectPackageOrSource) error { + if string(b) == "null" { + return nil + } -// GetOrigin returns AllHashEqualTree.Origin, and is useful for accessing the field via an interface. -func (v *AllHashEqualTree) GetOrigin() string { return v.Origin } + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } -// GetCollector returns AllHashEqualTree.Collector, and is useful for accessing the field via an interface. -func (v *AllHashEqualTree) GetCollector() string { return v.Collector } + switch tn.TypeName { + case "Package": + *v = new(AllIsOccurrencesTreeSubjectPackage) + return json.Unmarshal(b, *v) + case "Source": + *v = new(AllIsOccurrencesTreeSubjectSource) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing PackageOrSource.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for AllIsOccurrencesTreeSubjectPackageOrSource: "%v"`, tn.TypeName) + } +} -// AllHashEqualTreeArtifactsArtifact includes the requested fields of the GraphQL type Artifact. +func __marshalAllIsOccurrencesTreeSubjectPackageOrSource(v *AllIsOccurrencesTreeSubjectPackageOrSource) ([]byte, error) { + + var typename string + switch v := (*v).(type) { + case *AllIsOccurrencesTreeSubjectPackage: + typename = "Package" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalAllIsOccurrencesTreeSubjectPackage + }{typename, premarshaled} + return json.Marshal(result) + case *AllIsOccurrencesTreeSubjectSource: + typename = "Source" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalAllIsOccurrencesTreeSubjectSource + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for AllIsOccurrencesTreeSubjectPackageOrSource: "%T"`, v) + } +} + +// AllIsOccurrencesTreeSubjectSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. +// Source represents the root of the source trie/tree. // -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllHashEqualTreeArtifactsArtifact struct { - AllArtifactTree `json:"-"` +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type AllIsOccurrencesTreeSubjectSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetId returns AllHashEqualTreeArtifactsArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllHashEqualTreeArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetTypename returns AllIsOccurrencesTreeSubjectSource.Typename, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectSource) GetTypename() *string { return v.Typename } -// GetAlgorithm returns AllHashEqualTreeArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllHashEqualTreeArtifactsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetId returns AllIsOccurrencesTreeSubjectSource.Id, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectSource) GetId() string { return v.AllSourceTree.Id } -// GetDigest returns AllHashEqualTreeArtifactsArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllHashEqualTreeArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetType returns AllIsOccurrencesTreeSubjectSource.Type, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectSource) GetType() string { return v.AllSourceTree.Type } -func (v *AllHashEqualTreeArtifactsArtifact) UnmarshalJSON(b []byte) error { +// GetNamespaces returns AllIsOccurrencesTreeSubjectSource.Namespaces, and is useful for accessing the field via an interface. +func (v *AllIsOccurrencesTreeSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} + +func (v *AllIsOccurrencesTreeSubjectSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllHashEqualTreeArtifactsArtifact + *AllIsOccurrencesTreeSubjectSource graphql.NoUnmarshalJSON } - firstPass.AllHashEqualTreeArtifactsArtifact = v + firstPass.AllIsOccurrencesTreeSubjectSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3744,22 +3722,24 @@ func (v *AllHashEqualTreeArtifactsArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalAllHashEqualTreeArtifactsArtifact struct { +type __premarshalAllIsOccurrencesTreeSubjectSource struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Algorithm string `json:"algorithm"` + Type string `json:"type"` - Digest string `json:"digest"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *AllHashEqualTreeArtifactsArtifact) MarshalJSON() ([]byte, error) { +func (v *AllIsOccurrencesTreeSubjectSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3767,64 +3747,48 @@ func (v *AllHashEqualTreeArtifactsArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllHashEqualTreeArtifactsArtifact) __premarshalJSON() (*__premarshalAllHashEqualTreeArtifactsArtifact, error) { - var retval __premarshalAllHashEqualTreeArtifactsArtifact +func (v *AllIsOccurrencesTreeSubjectSource) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeSubjectSource, error) { + var retval __premarshalAllIsOccurrencesTreeSubjectSource - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Typename = v.Typename + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// AllIsDependencyTree includes the GraphQL fields of IsDependency requested by the fragment AllIsDependencyTree. +// AllPkgEqual includes the GraphQL fields of PkgEqual requested by the fragment AllPkgEqual. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type AllIsDependencyTree struct { +// PkgEqual is an attestation that a set of packages are similar. +type AllPkgEqual struct { Id string `json:"id"` - // Justification for the attested relationship + // Justification for the claim that the packages are similar Justification string `json:"justification"` - // Package that has the dependency - Package AllIsDependencyTreePackage `json:"package"` - // Package for the dependency; MUST BE PackageName, not PackageVersion - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - // Type of dependency - DependencyType DependencyType `json:"dependencyType"` - // Version range for the dependency link - VersionRange string `json:"versionRange"` + // Collection of packages that are similar + Packages []AllPkgEqualPackagesPackage `json:"packages"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` } -// GetId returns AllIsDependencyTree.Id, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetId() string { return v.Id } - -// GetJustification returns AllIsDependencyTree.Justification, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetJustification() string { return v.Justification } - -// GetPackage returns AllIsDependencyTree.Package, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetPackage() AllIsDependencyTreePackage { return v.Package } - -// GetDependentPackage returns AllIsDependencyTree.DependentPackage, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.DependentPackage -} +// GetId returns AllPkgEqual.Id, and is useful for accessing the field via an interface. +func (v *AllPkgEqual) GetId() string { return v.Id } -// GetDependencyType returns AllIsDependencyTree.DependencyType, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetDependencyType() DependencyType { return v.DependencyType } +// GetJustification returns AllPkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *AllPkgEqual) GetJustification() string { return v.Justification } -// GetVersionRange returns AllIsDependencyTree.VersionRange, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetVersionRange() string { return v.VersionRange } +// GetPackages returns AllPkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *AllPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.Packages } -// GetOrigin returns AllIsDependencyTree.Origin, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetOrigin() string { return v.Origin } +// GetOrigin returns AllPkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *AllPkgEqual) GetOrigin() string { return v.Origin } -// GetCollector returns AllIsDependencyTree.Collector, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTree) GetCollector() string { return v.Collector } +// GetCollector returns AllPkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *AllPkgEqual) GetCollector() string { return v.Collector } -// AllIsDependencyTreeDependentPackage includes the requested fields of the GraphQL type Package. +// AllPkgEqualPackagesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -3841,32 +3805,32 @@ func (v *AllIsDependencyTree) GetCollector() string { return v.Collector } // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllIsDependencyTreeDependentPackage struct { +type AllPkgEqualPackagesPackage struct { AllPkgTree `json:"-"` } -// GetId returns AllIsDependencyTreeDependentPackage.Id, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreeDependentPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllPkgEqualPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *AllPkgEqualPackagesPackage) GetId() string { return v.AllPkgTree.Id } -// GetType returns AllIsDependencyTreeDependentPackage.Type, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreeDependentPackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllPkgEqualPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *AllPkgEqualPackagesPackage) GetType() string { return v.AllPkgTree.Type } -// GetNamespaces returns AllIsDependencyTreeDependentPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreeDependentPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { +// GetNamespaces returns AllPkgEqualPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllPkgEqualPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.AllPkgTree.Namespaces } -func (v *AllIsDependencyTreeDependentPackage) UnmarshalJSON(b []byte) error { +func (v *AllPkgEqualPackagesPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsDependencyTreeDependentPackage + *AllPkgEqualPackagesPackage graphql.NoUnmarshalJSON } - firstPass.AllIsDependencyTreeDependentPackage = v + firstPass.AllPkgEqualPackagesPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -3881,7 +3845,7 @@ func (v *AllIsDependencyTreeDependentPackage) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllIsDependencyTreeDependentPackage struct { +type __premarshalAllPkgEqualPackagesPackage struct { Id string `json:"id"` Type string `json:"type"` @@ -3889,7 +3853,7 @@ type __premarshalAllIsDependencyTreeDependentPackage struct { Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllIsDependencyTreeDependentPackage) MarshalJSON() ([]byte, error) { +func (v *AllPkgEqualPackagesPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -3897,8 +3861,8 @@ func (v *AllIsDependencyTreeDependentPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsDependencyTreeDependentPackage) __premarshalJSON() (*__premarshalAllIsDependencyTreeDependentPackage, error) { - var retval __premarshalAllIsDependencyTreeDependentPackage +func (v *AllPkgEqualPackagesPackage) __premarshalJSON() (*__premarshalAllPkgEqualPackagesPackage, error) { + var retval __premarshalAllPkgEqualPackagesPackage retval.Id = v.AllPkgTree.Id retval.Type = v.AllPkgTree.Type @@ -3906,7 +3870,7 @@ func (v *AllIsDependencyTreeDependentPackage) __premarshalJSON() (*__premarshalA return &retval, nil } -// AllIsDependencyTreePackage includes the requested fields of the GraphQL type Package. +// AllPkgTree includes the GraphQL fields of Package requested by the fragment AllPkgTree. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -3923,123 +3887,226 @@ func (v *AllIsDependencyTreeDependentPackage) __premarshalJSON() (*__premarshalA // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllIsDependencyTreePackage struct { - AllPkgTree `json:"-"` +type AllPkgTree struct { + Id string `json:"id"` + Type string `json:"type"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -// GetId returns AllIsDependencyTreePackage.Id, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreePackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllPkgTree.Id, and is useful for accessing the field via an interface. +func (v *AllPkgTree) GetId() string { return v.Id } -// GetType returns AllIsDependencyTreePackage.Type, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreePackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllPkgTree.Type, and is useful for accessing the field via an interface. +func (v *AllPkgTree) GetType() string { return v.Type } -// GetNamespaces returns AllIsDependencyTreePackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllIsDependencyTreePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetNamespaces returns AllPkgTree.Namespaces, and is useful for accessing the field via an interface. +func (v *AllPkgTree) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.Namespaces } + +// AllPkgTreeNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. +// The GraphQL type's documentation follows. +// +// PackageNamespace is a namespace for packages. +// +// In the pURL representation, each PackageNamespace matches the +// pkg:// partial pURL. +// +// Namespaces are optional and type specific. Because they are optional, we use +// empty string to denote missing namespaces. +type AllPkgTreeNamespacesPackageNamespace struct { + Id string `json:"id"` + Namespace string `json:"namespace"` + Names []AllPkgTreeNamespacesPackageNamespaceNamesPackageName `json:"names"` } -func (v *AllIsDependencyTreePackage) UnmarshalJSON(b []byte) error { +// GetId returns AllPkgTreeNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespace) GetId() string { return v.Id } - if string(b) == "null" { - return nil - } +// GetNamespace returns AllPkgTreeNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespace) GetNamespace() string { return v.Namespace } - var firstPass struct { - *AllIsDependencyTreePackage - graphql.NoUnmarshalJSON - } - firstPass.AllIsDependencyTreePackage = v +// GetNames returns AllPkgTreeNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespace) GetNames() []AllPkgTreeNamespacesPackageNamespaceNamesPackageName { + return v.Names +} - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// AllPkgTreeNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. +// The GraphQL type's documentation follows. +// +// PackageName is a name for packages. +// +// In the pURL representation, each PackageName matches the +// pkg:// pURL. +// +// Names are always mandatory. +// +// This is the first node in the trie that can be referred to by other parts of +// GUAC. +type AllPkgTreeNamespacesPackageNamespaceNamesPackageName struct { + Id string `json:"id"` + Name string `json:"name"` + Versions []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion `json:"versions"` +} - err = json.Unmarshal( - b, &v.AllPkgTree) - if err != nil { - return err - } - return nil +// GetId returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetId() string { return v.Id } + +// GetName returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetName() string { return v.Name } + +// GetVersions returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Versions, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetVersions() []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion { + return v.Versions } -type __premarshalAllIsDependencyTreePackage struct { - Id string `json:"id"` +// AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion includes the requested fields of the GraphQL type PackageVersion. +// The GraphQL type's documentation follows. +// +// PackageVersion is a package version. +// +// In the pURL representation, each PackageName matches the +// pkg://@ pURL. +// +// Versions are optional and each Package type defines own rules for handling +// them. For this level of GUAC, these are just opaque strings. +// +// NOTE: The handling of versions might change before this schema becomes stable. +// +// This node can be referred to by other parts of GUAC. +// +// Subpath and qualifiers are optional. Lack of qualifiers is represented by an +// empty list and lack of subpath by empty string (to be consistent with +// optionality of namespace and version). Two nodes that have different qualifiers +// and/or subpath but the same version mean two different packages in the trie +// (they are different). Two nodes that have same version but qualifiers of one +// are a subset of the qualifier of the other also mean two different packages in +// the trie. +type AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion struct { + Id string `json:"id"` + Version string `json:"version"` + Qualifiers []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier `json:"qualifiers"` + Subpath string `json:"subpath"` +} - Type string `json:"type"` +// GetId returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Id, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetId() string { + return v.Id +} - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` +// GetVersion returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Version, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetVersion() string { + return v.Version } -func (v *AllIsDependencyTreePackage) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// GetQualifiers returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Qualifiers, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetQualifiers() []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier { + return v.Qualifiers } -func (v *AllIsDependencyTreePackage) __premarshalJSON() (*__premarshalAllIsDependencyTreePackage, error) { - var retval __premarshalAllIsDependencyTreePackage +// GetSubpath returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Subpath, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetSubpath() string { + return v.Subpath +} - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces - return &retval, nil +// AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier includes the requested fields of the GraphQL type PackageQualifier. +// The GraphQL type's documentation follows. +// +// PackageQualifier is a qualifier for a package, a key-value pair. +// +// In the pURL representation, it is a part of the part of the +// pkg://@? pURL. +// +// Qualifiers are optional, each Package type defines own rules for handling them, +// and multiple qualifiers could be attached to the same package. +// +// This node cannot be directly referred by other parts of GUAC. +type AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier struct { + Key string `json:"key"` + Value string `json:"value"` } -// AllIsOccurrencesTree includes the GraphQL fields of IsOccurrence requested by the fragment AllIsOccurrencesTree. +// GetKey returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Key, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetKey() string { + return v.Key +} + +// GetValue returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Value, and is useful for accessing the field via an interface. +func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetValue() string { + return v.Value +} + +// AllPointOfContact includes the GraphQL fields of PointOfContact requested by the fragment AllPointOfContact. // The GraphQL type's documentation follows. // -// IsOccurrence is an attestation to link an artifact to a package or source. +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. // -// Attestation must occur at the PackageVersion or at the SourceName. -type AllIsOccurrencesTree struct { - Id string `json:"id"` - // Package or source from which the artifact originates - Subject AllIsOccurrencesTreeSubjectPackageOrSource `json:"-"` - // The artifact in the relationship - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - // Justification for the attested relationship - Justification string `json:"justification"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type AllPointOfContact struct { + Id string `json:"id"` + Subject AllPointOfContactSubjectPackageSourceOrArtifact `json:"-"` + Email string `json:"email"` + Info string `json:"info"` + Since time.Time `json:"since"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetId returns AllIsOccurrencesTree.Id, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetId() string { return v.Id } +// GetId returns AllPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetId() string { return v.Id } -// GetSubject returns AllIsOccurrencesTree.Subject, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { +// GetSubject returns AllPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { return v.Subject } -// GetArtifact returns AllIsOccurrencesTree.Artifact, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetArtifact() AllIsOccurrencesTreeArtifact { return v.Artifact } +// GetEmail returns AllPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetEmail() string { return v.Email } -// GetJustification returns AllIsOccurrencesTree.Justification, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetJustification() string { return v.Justification } +// GetInfo returns AllPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetInfo() string { return v.Info } -// GetOrigin returns AllIsOccurrencesTree.Origin, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetOrigin() string { return v.Origin } +// GetSince returns AllPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetSince() time.Time { return v.Since } -// GetCollector returns AllIsOccurrencesTree.Collector, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTree) GetCollector() string { return v.Collector } +// GetJustification returns AllPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetJustification() string { return v.Justification } -func (v *AllIsOccurrencesTree) UnmarshalJSON(b []byte) error { +// GetOrigin returns AllPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetOrigin() string { return v.Origin } + +// GetCollector returns AllPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *AllPointOfContact) GetCollector() string { return v.Collector } + +func (v *AllPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsOccurrencesTree + *AllPointOfContact Subject json.RawMessage `json:"subject"` graphql.NoUnmarshalJSON } - firstPass.AllIsOccurrencesTree = v + firstPass.AllPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4050,23 +4117,27 @@ func (v *AllIsOccurrencesTree) UnmarshalJSON(b []byte) error { dst := &v.Subject src := firstPass.Subject if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllIsOccurrencesTreeSubjectPackageOrSource( + err = __unmarshalAllPointOfContactSubjectPackageSourceOrArtifact( src, dst) if err != nil { return fmt.Errorf( - "unable to unmarshal AllIsOccurrencesTree.Subject: %w", err) + "unable to unmarshal AllPointOfContact.Subject: %w", err) } } } return nil } -type __premarshalAllIsOccurrencesTree struct { +type __premarshalAllPointOfContact struct { Id string `json:"id"` Subject json.RawMessage `json:"subject"` - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + Email string `json:"email"` + + Info string `json:"info"` + + Since time.Time `json:"since"` Justification string `json:"justification"` @@ -4075,7 +4146,7 @@ type __premarshalAllIsOccurrencesTree struct { Collector string `json:"collector"` } -func (v *AllIsOccurrencesTree) MarshalJSON() ([]byte, error) { +func (v *AllPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4083,8 +4154,8 @@ func (v *AllIsOccurrencesTree) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsOccurrencesTree) __premarshalJSON() (*__premarshalAllIsOccurrencesTree, error) { - var retval __premarshalAllIsOccurrencesTree +func (v *AllPointOfContact) __premarshalJSON() (*__premarshalAllPointOfContact, error) { + var retval __premarshalAllPointOfContact retval.Id = v.Id { @@ -4092,21 +4163,23 @@ func (v *AllIsOccurrencesTree) __premarshalJSON() (*__premarshalAllIsOccurrences dst := &retval.Subject src := v.Subject var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal AllIsOccurrencesTree.Subject: %w", err) + "unable to marshal AllPointOfContact.Subject: %w", err) } } - retval.Artifact = v.Artifact + retval.Email = v.Email + retval.Info = v.Info + retval.Since = v.Since retval.Justification = v.Justification retval.Origin = v.Origin retval.Collector = v.Collector return &retval, nil } -// AllIsOccurrencesTreeArtifact includes the requested fields of the GraphQL type Artifact. +// AllPointOfContactSubjectArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // // Artifact represents an artifact identified by a checksum hash. @@ -4116,30 +4189,34 @@ func (v *AllIsOccurrencesTree) __premarshalJSON() (*__premarshalAllIsOccurrences // // If having a checksum Go object, algorithm can be // strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllIsOccurrencesTreeArtifact struct { +type AllPointOfContactSubjectArtifact struct { + Typename *string `json:"__typename"` AllArtifactTree `json:"-"` } -// GetId returns AllIsOccurrencesTreeArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetTypename returns AllPointOfContactSubjectArtifact.Typename, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectArtifact) GetTypename() *string { return v.Typename } -// GetAlgorithm returns AllIsOccurrencesTreeArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetId returns AllPointOfContactSubjectArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetDigest returns AllIsOccurrencesTreeArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetAlgorithm returns AllPointOfContactSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -func (v *AllIsOccurrencesTreeArtifact) UnmarshalJSON(b []byte) error { +// GetDigest returns AllPointOfContactSubjectArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - if string(b) == "null" { +func (v *AllPointOfContactSubjectArtifact) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { return nil } var firstPass struct { - *AllIsOccurrencesTreeArtifact + *AllPointOfContactSubjectArtifact graphql.NoUnmarshalJSON } - firstPass.AllIsOccurrencesTreeArtifact = v + firstPass.AllPointOfContactSubjectArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4154,7 +4231,9 @@ func (v *AllIsOccurrencesTreeArtifact) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllIsOccurrencesTreeArtifact struct { +type __premarshalAllPointOfContactSubjectArtifact struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Algorithm string `json:"algorithm"` @@ -4162,7 +4241,7 @@ type __premarshalAllIsOccurrencesTreeArtifact struct { Digest string `json:"digest"` } -func (v *AllIsOccurrencesTreeArtifact) MarshalJSON() ([]byte, error) { +func (v *AllPointOfContactSubjectArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4170,16 +4249,17 @@ func (v *AllIsOccurrencesTreeArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsOccurrencesTreeArtifact) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeArtifact, error) { - var retval __premarshalAllIsOccurrencesTreeArtifact +func (v *AllPointOfContactSubjectArtifact) __premarshalJSON() (*__premarshalAllPointOfContactSubjectArtifact, error) { + var retval __premarshalAllPointOfContactSubjectArtifact + retval.Typename = v.Typename retval.Id = v.AllArtifactTree.Id retval.Algorithm = v.AllArtifactTree.Algorithm retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// AllIsOccurrencesTreeSubjectPackage includes the requested fields of the GraphQL type Package. +// AllPointOfContactSubjectPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // // Package represents the root of the package trie/tree. @@ -4196,36 +4276,36 @@ func (v *AllIsOccurrencesTreeArtifact) __premarshalJSON() (*__premarshalAllIsOcc // // Since this node is at the root of the package trie, it is named Package, not // PackageType. -type AllIsOccurrencesTreeSubjectPackage struct { +type AllPointOfContactSubjectPackage struct { Typename *string `json:"__typename"` AllPkgTree `json:"-"` } -// GetTypename returns AllIsOccurrencesTreeSubjectPackage.Typename, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectPackage) GetTypename() *string { return v.Typename } +// GetTypename returns AllPointOfContactSubjectPackage.Typename, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectPackage) GetTypename() *string { return v.Typename } -// GetId returns AllIsOccurrencesTreeSubjectPackage.Id, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllPointOfContactSubjectPackage.Id, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectPackage) GetId() string { return v.AllPkgTree.Id } -// GetType returns AllIsOccurrencesTreeSubjectPackage.Type, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectPackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllPointOfContactSubjectPackage.Type, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectPackage) GetType() string { return v.AllPkgTree.Type } -// GetNamespaces returns AllIsOccurrencesTreeSubjectPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { +// GetNamespaces returns AllPointOfContactSubjectPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.AllPkgTree.Namespaces } -func (v *AllIsOccurrencesTreeSubjectPackage) UnmarshalJSON(b []byte) error { +func (v *AllPointOfContactSubjectPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsOccurrencesTreeSubjectPackage + *AllPointOfContactSubjectPackage graphql.NoUnmarshalJSON } - firstPass.AllIsOccurrencesTreeSubjectPackage = v + firstPass.AllPointOfContactSubjectPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4240,7 +4320,7 @@ func (v *AllIsOccurrencesTreeSubjectPackage) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllIsOccurrencesTreeSubjectPackage struct { +type __premarshalAllPointOfContactSubjectPackage struct { Typename *string `json:"__typename"` Id string `json:"id"` @@ -4250,7 +4330,7 @@ type __premarshalAllIsOccurrencesTreeSubjectPackage struct { Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *AllIsOccurrencesTreeSubjectPackage) MarshalJSON() ([]byte, error) { +func (v *AllPointOfContactSubjectPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4258,8 +4338,8 @@ func (v *AllIsOccurrencesTreeSubjectPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsOccurrencesTreeSubjectPackage) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeSubjectPackage, error) { - var retval __premarshalAllIsOccurrencesTreeSubjectPackage +func (v *AllPointOfContactSubjectPackage) __premarshalJSON() (*__premarshalAllPointOfContactSubjectPackage, error) { + var retval __premarshalAllPointOfContactSubjectPackage retval.Typename = v.Typename retval.Id = v.AllPkgTree.Id @@ -4268,26 +4348,29 @@ func (v *AllIsOccurrencesTreeSubjectPackage) __premarshalJSON() (*__premarshalAl return &retval, nil } -// AllIsOccurrencesTreeSubjectPackageOrSource includes the requested fields of the GraphQL interface PackageOrSource. +// AllPointOfContactSubjectPackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. // -// AllIsOccurrencesTreeSubjectPackageOrSource is implemented by the following types: -// AllIsOccurrencesTreeSubjectPackage -// AllIsOccurrencesTreeSubjectSource +// AllPointOfContactSubjectPackageSourceOrArtifact is implemented by the following types: +// AllPointOfContactSubjectArtifact +// AllPointOfContactSubjectPackage +// AllPointOfContactSubjectSource // The GraphQL type's documentation follows. // -// PackageOrSource is a union of Package and Source. -type AllIsOccurrencesTreeSubjectPackageOrSource interface { - implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() +// PackageSourceOrArtifact is a union of Package, Source, and Artifact. +type AllPointOfContactSubjectPackageSourceOrArtifact interface { + implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). GetTypename() *string } -func (v *AllIsOccurrencesTreeSubjectPackage) implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() { +func (v *AllPointOfContactSubjectArtifact) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { } -func (v *AllIsOccurrencesTreeSubjectSource) implementsGraphQLInterfaceAllIsOccurrencesTreeSubjectPackageOrSource() { +func (v *AllPointOfContactSubjectPackage) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { +} +func (v *AllPointOfContactSubjectSource) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { } -func __unmarshalAllIsOccurrencesTreeSubjectPackageOrSource(b []byte, v *AllIsOccurrencesTreeSubjectPackageOrSource) error { +func __unmarshalAllPointOfContactSubjectPackageSourceOrArtifact(b []byte, v *AllPointOfContactSubjectPackageSourceOrArtifact) error { if string(b) == "null" { return nil } @@ -4301,26 +4384,41 @@ func __unmarshalAllIsOccurrencesTreeSubjectPackageOrSource(b []byte, v *AllIsOcc } switch tn.TypeName { + case "Artifact": + *v = new(AllPointOfContactSubjectArtifact) + return json.Unmarshal(b, *v) case "Package": - *v = new(AllIsOccurrencesTreeSubjectPackage) + *v = new(AllPointOfContactSubjectPackage) return json.Unmarshal(b, *v) case "Source": - *v = new(AllIsOccurrencesTreeSubjectSource) + *v = new(AllPointOfContactSubjectSource) return json.Unmarshal(b, *v) case "": return fmt.Errorf( - "response was missing PackageOrSource.__typename") + "response was missing PackageSourceOrArtifact.__typename") default: return fmt.Errorf( - `unexpected concrete type for AllIsOccurrencesTreeSubjectPackageOrSource: "%v"`, tn.TypeName) + `unexpected concrete type for AllPointOfContactSubjectPackageSourceOrArtifact: "%v"`, tn.TypeName) } } -func __marshalAllIsOccurrencesTreeSubjectPackageOrSource(v *AllIsOccurrencesTreeSubjectPackageOrSource) ([]byte, error) { +func __marshalAllPointOfContactSubjectPackageSourceOrArtifact(v *AllPointOfContactSubjectPackageSourceOrArtifact) ([]byte, error) { var typename string switch v := (*v).(type) { - case *AllIsOccurrencesTreeSubjectPackage: + case *AllPointOfContactSubjectArtifact: + typename = "Artifact" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalAllPointOfContactSubjectArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *AllPointOfContactSubjectPackage: typename = "Package" premarshaled, err := v.__premarshalJSON() @@ -4329,10 +4427,10 @@ func __marshalAllIsOccurrencesTreeSubjectPackageOrSource(v *AllIsOccurrencesTree } result := struct { TypeName string `json:"__typename"` - *__premarshalAllIsOccurrencesTreeSubjectPackage + *__premarshalAllPointOfContactSubjectPackage }{typename, premarshaled} return json.Marshal(result) - case *AllIsOccurrencesTreeSubjectSource: + case *AllPointOfContactSubjectSource: typename = "Source" premarshaled, err := v.__premarshalJSON() @@ -4341,18 +4439,18 @@ func __marshalAllIsOccurrencesTreeSubjectPackageOrSource(v *AllIsOccurrencesTree } result := struct { TypeName string `json:"__typename"` - *__premarshalAllIsOccurrencesTreeSubjectSource + *__premarshalAllPointOfContactSubjectSource }{typename, premarshaled} return json.Marshal(result) case nil: return []byte("null"), nil default: return nil, fmt.Errorf( - `unexpected concrete type for AllIsOccurrencesTreeSubjectPackageOrSource: "%T"`, v) + `unexpected concrete type for AllPointOfContactSubjectPackageSourceOrArtifact: "%T"`, v) } } -// AllIsOccurrencesTreeSubjectSource includes the requested fields of the GraphQL type Source. +// AllPointOfContactSubjectSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // // Source represents the root of the source trie/tree. @@ -4366,36 +4464,36 @@ func __marshalAllIsOccurrencesTreeSubjectPackageOrSource(v *AllIsOccurrencesTree // // Since this node is at the root of the source trie, it is named Source, not // SourceType. -type AllIsOccurrencesTreeSubjectSource struct { +type AllPointOfContactSubjectSource struct { Typename *string `json:"__typename"` AllSourceTree `json:"-"` } -// GetTypename returns AllIsOccurrencesTreeSubjectSource.Typename, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectSource) GetTypename() *string { return v.Typename } +// GetTypename returns AllPointOfContactSubjectSource.Typename, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectSource) GetTypename() *string { return v.Typename } -// GetId returns AllIsOccurrencesTreeSubjectSource.Id, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns AllPointOfContactSubjectSource.Id, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectSource) GetId() string { return v.AllSourceTree.Id } -// GetType returns AllIsOccurrencesTreeSubjectSource.Type, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectSource) GetType() string { return v.AllSourceTree.Type } +// GetType returns AllPointOfContactSubjectSource.Type, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectSource) GetType() string { return v.AllSourceTree.Type } -// GetNamespaces returns AllIsOccurrencesTreeSubjectSource.Namespaces, and is useful for accessing the field via an interface. -func (v *AllIsOccurrencesTreeSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { +// GetNamespaces returns AllPointOfContactSubjectSource.Namespaces, and is useful for accessing the field via an interface. +func (v *AllPointOfContactSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { return v.AllSourceTree.Namespaces } -func (v *AllIsOccurrencesTreeSubjectSource) UnmarshalJSON(b []byte) error { +func (v *AllPointOfContactSubjectSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsOccurrencesTreeSubjectSource + *AllPointOfContactSubjectSource graphql.NoUnmarshalJSON } - firstPass.AllIsOccurrencesTreeSubjectSource = v + firstPass.AllPointOfContactSubjectSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4410,7 +4508,7 @@ func (v *AllIsOccurrencesTreeSubjectSource) UnmarshalJSON(b []byte) error { return nil } -type __premarshalAllIsOccurrencesTreeSubjectSource struct { +type __premarshalAllPointOfContactSubjectSource struct { Typename *string `json:"__typename"` Id string `json:"id"` @@ -4420,7 +4518,7 @@ type __premarshalAllIsOccurrencesTreeSubjectSource struct { Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *AllIsOccurrencesTreeSubjectSource) MarshalJSON() ([]byte, error) { +func (v *AllPointOfContactSubjectSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4428,8 +4526,8 @@ func (v *AllIsOccurrencesTreeSubjectSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsOccurrencesTreeSubjectSource) __premarshalJSON() (*__premarshalAllIsOccurrencesTreeSubjectSource, error) { - var retval __premarshalAllIsOccurrencesTreeSubjectSource +func (v *AllPointOfContactSubjectSource) __premarshalJSON() (*__premarshalAllPointOfContactSubjectSource, error) { + var retval __premarshalAllPointOfContactSubjectSource retval.Typename = v.Typename retval.Id = v.AllSourceTree.Id @@ -4438,154 +4536,143 @@ func (v *AllIsOccurrencesTreeSubjectSource) __premarshalJSON() (*__premarshalAll return &retval, nil } -// AllIsVulnerability includes the GraphQL fields of IsVulnerability requested by the fragment AllIsVulnerability. +// AllSLSATree includes the GraphQL fields of HasSLSA requested by the fragment AllSLSATree. // The GraphQL type's documentation follows. // -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type AllIsVulnerability struct { +// HasSLSA records that a subject node has a SLSA attestation. +type AllSLSATree struct { Id string `json:"id"` - // The OSV that encapsulates the vulnerability - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - // The upstream vulnerability information - Vulnerability AllIsVulnerabilityVulnerabilityCveOrGhsa `json:"-"` - // Justification for the attested relationship - Justification string `json:"justification"` + // The subject of SLSA attestation + Subject AllSLSATreeSubjectArtifact `json:"subject"` + // The SLSA attestation + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` +} + +// GetId returns AllSLSATree.Id, and is useful for accessing the field via an interface. +func (v *AllSLSATree) GetId() string { return v.Id } + +// GetSubject returns AllSLSATree.Subject, and is useful for accessing the field via an interface. +func (v *AllSLSATree) GetSubject() AllSLSATreeSubjectArtifact { return v.Subject } + +// GetSlsa returns AllSLSATree.Slsa, and is useful for accessing the field via an interface. +func (v *AllSLSATree) GetSlsa() AllSLSATreeSlsaSLSA { return v.Slsa } + +// AllSLSATreeSlsaSLSA includes the requested fields of the GraphQL type SLSA. +// The GraphQL type's documentation follows. +// +// SLSA contains all of the fields present in a SLSA attestation. +// +// The materials and builders are objects of the HasSLSA predicate, everything +// else are properties extracted from the attestation. +// +// We also include fields to specify under what conditions the check was performed +// (time of scan, version of scanners, etc.) as well as how this information got +// included into GUAC (origin document and the collector for that document). +type AllSLSATreeSlsaSLSA struct { + // Materials of the build resulting in subject + BuiltFrom []AllSLSATreeSlsaSLSABuiltFromArtifact `json:"builtFrom"` + // Builder performing the build + BuiltBy AllSLSATreeSlsaSLSABuiltByBuilder `json:"builtBy"` + // Type of the builder + BuildType string `json:"buildType"` + // Individual predicates found in the attestation + SlsaPredicate []AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate `json:"slsaPredicate"` + // Version of the SLSA predicate + SlsaVersion string `json:"slsaVersion"` + // Timestamp (RFC3339Nano format) of build start time + StartedOn *time.Time `json:"startedOn"` + // Timestamp (RFC3339Nano format) of build end time + FinishedOn *time.Time `json:"finishedOn"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` } -// GetId returns AllIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetId() string { return v.Id } - -// GetOsv returns AllIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { return v.Osv } - -// GetVulnerability returns AllIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.Vulnerability +// GetBuiltFrom returns AllSLSATreeSlsaSLSA.BuiltFrom, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetBuiltFrom() []AllSLSATreeSlsaSLSABuiltFromArtifact { + return v.BuiltFrom } -// GetJustification returns AllIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetJustification() string { return v.Justification } - -// GetOrigin returns AllIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetOrigin() string { return v.Origin } - -// GetCollector returns AllIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *AllIsVulnerability) GetCollector() string { return v.Collector } - -func (v *AllIsVulnerability) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *AllIsVulnerability - Vulnerability json.RawMessage `json:"vulnerability"` - graphql.NoUnmarshalJSON - } - firstPass.AllIsVulnerability = v +// GetBuiltBy returns AllSLSATreeSlsaSLSA.BuiltBy, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetBuiltBy() AllSLSATreeSlsaSLSABuiltByBuilder { return v.BuiltBy } - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// GetBuildType returns AllSLSATreeSlsaSLSA.BuildType, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetBuildType() string { return v.BuildType } - { - dst := &v.Vulnerability - src := firstPass.Vulnerability - if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal AllIsVulnerability.Vulnerability: %w", err) - } - } - } - return nil +// GetSlsaPredicate returns AllSLSATreeSlsaSLSA.SlsaPredicate, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetSlsaPredicate() []AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate { + return v.SlsaPredicate } -type __premarshalAllIsVulnerability struct { - Id string `json:"id"` +// GetSlsaVersion returns AllSLSATreeSlsaSLSA.SlsaVersion, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetSlsaVersion() string { return v.SlsaVersion } - Osv AllIsVulnerabilityOsvOSV `json:"osv"` +// GetStartedOn returns AllSLSATreeSlsaSLSA.StartedOn, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetStartedOn() *time.Time { return v.StartedOn } - Vulnerability json.RawMessage `json:"vulnerability"` +// GetFinishedOn returns AllSLSATreeSlsaSLSA.FinishedOn, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetFinishedOn() *time.Time { return v.FinishedOn } - Justification string `json:"justification"` +// GetOrigin returns AllSLSATreeSlsaSLSA.Origin, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetOrigin() string { return v.Origin } - Origin string `json:"origin"` +// GetCollector returns AllSLSATreeSlsaSLSA.Collector, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSA) GetCollector() string { return v.Collector } - Collector string `json:"collector"` +// AllSLSATreeSlsaSLSABuiltByBuilder includes the requested fields of the GraphQL type Builder. +// The GraphQL type's documentation follows. +// +// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// +// Currently builders are identified by the uri field. +type AllSLSATreeSlsaSLSABuiltByBuilder struct { + Id string `json:"id"` + Uri string `json:"uri"` } -func (v *AllIsVulnerability) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *AllIsVulnerability) __premarshalJSON() (*__premarshalAllIsVulnerability, error) { - var retval __premarshalAllIsVulnerability - - retval.Id = v.Id - retval.Osv = v.Osv - { +// GetId returns AllSLSATreeSlsaSLSABuiltByBuilder.Id, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSABuiltByBuilder) GetId() string { return v.Id } - dst := &retval.Vulnerability - src := v.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.Justification - retval.Origin = v.Origin - retval.Collector = v.Collector - return &retval, nil -} +// GetUri returns AllSLSATreeSlsaSLSABuiltByBuilder.Uri, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSABuiltByBuilder) GetUri() string { return v.Uri } -// AllIsVulnerabilityOsvOSV includes the requested fields of the GraphQL type OSV. +// AllSLSATreeSlsaSLSABuiltFromArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. +// Artifact represents an artifact identified by a checksum hash. // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// This node can be referred to by other parts of GUAC. -type AllIsVulnerabilityOsvOSV struct { - AllOSVTree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllSLSATreeSlsaSLSABuiltFromArtifact struct { + AllArtifactTree `json:"-"` } -// GetId returns AllIsVulnerabilityOsvOSV.Id, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityOsvOSV) GetId() string { return v.AllOSVTree.Id } +// GetId returns AllSLSATreeSlsaSLSABuiltFromArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetId() string { return v.AllArtifactTree.Id } + +// GetAlgorithm returns AllSLSATreeSlsaSLSABuiltFromArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetAlgorithm() string { + return v.AllArtifactTree.Algorithm +} -// GetOsvId returns AllIsVulnerabilityOsvOSV.OsvId, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityOsvOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetDigest returns AllSLSATreeSlsaSLSABuiltFromArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *AllIsVulnerabilityOsvOSV) UnmarshalJSON(b []byte) error { +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsVulnerabilityOsvOSV + *AllSLSATreeSlsaSLSABuiltFromArtifact graphql.NoUnmarshalJSON } - firstPass.AllIsVulnerabilityOsvOSV = v + firstPass.AllSLSATreeSlsaSLSABuiltFromArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4593,20 +4680,22 @@ func (v *AllIsVulnerabilityOsvOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalAllIsVulnerabilityOsvOSV struct { +type __premarshalAllSLSATreeSlsaSLSABuiltFromArtifact struct { Id string `json:"id"` - OsvId string `json:"osvId"` + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` } -func (v *AllIsVulnerabilityOsvOSV) MarshalJSON() ([]byte, error) { +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4614,55 +4703,88 @@ func (v *AllIsVulnerabilityOsvOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsVulnerabilityOsvOSV) __premarshalJSON() (*__premarshalAllIsVulnerabilityOsvOSV, error) { - var retval __premarshalAllIsVulnerabilityOsvOSV +func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) __premarshalJSON() (*__premarshalAllSLSATreeSlsaSLSABuiltFromArtifact, error) { + var retval __premarshalAllSLSATreeSlsaSLSABuiltFromArtifact - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// AllIsVulnerabilityVulnerabilityCVE includes the requested fields of the GraphQL type CVE. +// AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate includes the requested fields of the GraphQL type SLSAPredicate. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. +// SLSAPredicate are the values from the SLSA predicate in key-value pair form. +// +// # For example, given the following predicate +// +// ``` +// "predicate": { +// "buildDefinition": { +// "externalParameters": { +// "repository": "https://github.com/octocat/hello-world", +// ... +// }, +// ... +// }, +// ... +// } +// ``` // -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// we have // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// ``` +// key = "buildDefinition.externalParameters.repository" +// value = "https://github.com/octocat/hello-world" +// ``` // -// This node can be referred to by other parts of GUAC. -type AllIsVulnerabilityVulnerabilityCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` +// This node cannot be directly referred by other parts of GUAC. +type AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate struct { + Key string `json:"key"` + Value string `json:"value"` } -// GetTypename returns AllIsVulnerabilityVulnerabilityCVE.Typename, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityCVE) GetTypename() *string { return v.Typename } +// GetKey returns AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate.Key, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate) GetKey() string { return v.Key } + +// GetValue returns AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate.Value, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate) GetValue() string { return v.Value } + +// AllSLSATreeSubjectArtifact includes the requested fields of the GraphQL type Artifact. +// The GraphQL type's documentation follows. +// +// Artifact represents an artifact identified by a checksum hash. +// +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. +// +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type AllSLSATreeSubjectArtifact struct { + AllArtifactTree `json:"-"` +} -// GetId returns AllIsVulnerabilityVulnerabilityCVE.Id, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityCVE) GetId() string { return v.AllCveTree.Id } +// GetId returns AllSLSATreeSubjectArtifact.Id, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetYear returns AllIsVulnerabilityVulnerabilityCVE.Year, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityCVE) GetYear() int { return v.AllCveTree.Year } +// GetAlgorithm returns AllSLSATreeSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetCveId returns AllIsVulnerabilityVulnerabilityCVE.CveId, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetDigest returns AllSLSATreeSubjectArtifact.Digest, and is useful for accessing the field via an interface. +func (v *AllSLSATreeSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *AllIsVulnerabilityVulnerabilityCVE) UnmarshalJSON(b []byte) error { +func (v *AllSLSATreeSubjectArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllIsVulnerabilityVulnerabilityCVE + *AllSLSATreeSubjectArtifact graphql.NoUnmarshalJSON } - firstPass.AllIsVulnerabilityVulnerabilityCVE = v + firstPass.AllSLSATreeSubjectArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4670,24 +4792,22 @@ func (v *AllIsVulnerabilityVulnerabilityCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalAllIsVulnerabilityVulnerabilityCVE struct { - Typename *string `json:"__typename"` - +type __premarshalAllSLSATreeSubjectArtifact struct { Id string `json:"id"` - Year int `json:"year"` + Algorithm string `json:"algorithm"` - CveId string `json:"cveId"` + Digest string `json:"digest"` } -func (v *AllIsVulnerabilityVulnerabilityCVE) MarshalJSON() ([]byte, error) { +func (v *AllSLSATreeSubjectArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4695,268 +4815,188 @@ func (v *AllIsVulnerabilityVulnerabilityCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllIsVulnerabilityVulnerabilityCVE) __premarshalJSON() (*__premarshalAllIsVulnerabilityVulnerabilityCVE, error) { - var retval __premarshalAllIsVulnerabilityVulnerabilityCVE +func (v *AllSLSATreeSubjectArtifact) __premarshalJSON() (*__premarshalAllSLSATreeSubjectArtifact, error) { + var retval __premarshalAllSLSATreeSubjectArtifact - retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// AllIsVulnerabilityVulnerabilityCveOrGhsa includes the requested fields of the GraphQL interface CveOrGhsa. -// -// AllIsVulnerabilityVulnerabilityCveOrGhsa is implemented by the following types: -// AllIsVulnerabilityVulnerabilityCVE -// AllIsVulnerabilityVulnerabilityGHSA +// AllSourceTree includes the GraphQL fields of Source requested by the fragment AllSourceTree. // The GraphQL type's documentation follows. // -// CveOrGhsa is a union of CVE and GHSA. -type AllIsVulnerabilityVulnerabilityCveOrGhsa interface { - implementsGraphQLInterfaceAllIsVulnerabilityVulnerabilityCveOrGhsa() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type AllSourceTree struct { + Id string `json:"id"` + Type string `json:"type"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *AllIsVulnerabilityVulnerabilityCVE) implementsGraphQLInterfaceAllIsVulnerabilityVulnerabilityCveOrGhsa() { -} -func (v *AllIsVulnerabilityVulnerabilityGHSA) implementsGraphQLInterfaceAllIsVulnerabilityVulnerabilityCveOrGhsa() { -} +// GetId returns AllSourceTree.Id, and is useful for accessing the field via an interface. +func (v *AllSourceTree) GetId() string { return v.Id } -func __unmarshalAllIsVulnerabilityVulnerabilityCveOrGhsa(b []byte, v *AllIsVulnerabilityVulnerabilityCveOrGhsa) error { - if string(b) == "null" { - return nil - } +// GetType returns AllSourceTree.Type, and is useful for accessing the field via an interface. +func (v *AllSourceTree) GetType() string { return v.Type } - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } +// GetNamespaces returns AllSourceTree.Namespaces, and is useful for accessing the field via an interface. +func (v *AllSourceTree) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { return v.Namespaces } - switch tn.TypeName { - case "CVE": - *v = new(AllIsVulnerabilityVulnerabilityCVE) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(AllIsVulnerabilityVulnerabilityGHSA) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing CveOrGhsa.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for AllIsVulnerabilityVulnerabilityCveOrGhsa: "%v"`, tn.TypeName) - } +// AllSourceTreeNamespacesSourceNamespace includes the requested fields of the GraphQL type SourceNamespace. +// The GraphQL type's documentation follows. +// +// SourceNamespace is a namespace for sources. +// +// This is the location of the repository (such as github/gitlab/bitbucket). +// +// The namespace field is mandatory. +type AllSourceTreeNamespacesSourceNamespace struct { + Id string `json:"id"` + Namespace string `json:"namespace"` + Names []AllSourceTreeNamespacesSourceNamespaceNamesSourceName `json:"names"` } -func __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa(v *AllIsVulnerabilityVulnerabilityCveOrGhsa) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *AllIsVulnerabilityVulnerabilityCVE: - typename = "CVE" +// GetId returns AllSourceTreeNamespacesSourceNamespace.Id, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespace) GetId() string { return v.Id } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllIsVulnerabilityVulnerabilityCVE - }{typename, premarshaled} - return json.Marshal(result) - case *AllIsVulnerabilityVulnerabilityGHSA: - typename = "GHSA" +// GetNamespace returns AllSourceTreeNamespacesSourceNamespace.Namespace, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespace) GetNamespace() string { return v.Namespace } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllIsVulnerabilityVulnerabilityGHSA - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for AllIsVulnerabilityVulnerabilityCveOrGhsa: "%T"`, v) - } +// GetNames returns AllSourceTreeNamespacesSourceNamespace.Names, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespace) GetNames() []AllSourceTreeNamespacesSourceNamespaceNamesSourceName { + return v.Names } -// AllIsVulnerabilityVulnerabilityGHSA includes the requested fields of the GraphQL type GHSA. +// AllSourceTreeNamespacesSourceNamespaceNamesSourceName includes the requested fields of the GraphQL type SourceName. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// SourceName represents the url of the repository. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// The name field is mandatory. The tag and commit fields are optional, but it is +// an error to specify both. // -// This node can be referred to by other parts of GUAC. -type AllIsVulnerabilityVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// This is the only source trie node that can be referenced by other parts of GUAC. +type AllSourceTreeNamespacesSourceNamespaceNamesSourceName struct { + Id string `json:"id"` + Name string `json:"name"` + Tag *string `json:"tag"` + Commit *string `json:"commit"` } -// GetTypename returns AllIsVulnerabilityVulnerabilityGHSA.Typename, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityGHSA) GetTypename() *string { return v.Typename } - -// GetId returns AllIsVulnerabilityVulnerabilityGHSA.Id, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityGHSA) GetId() string { return v.AllGHSATree.Id } +// GetId returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Id, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetId() string { return v.Id } -// GetGhsaId returns AllIsVulnerabilityVulnerabilityGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *AllIsVulnerabilityVulnerabilityGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetName returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Name, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetName() string { return v.Name } -func (v *AllIsVulnerabilityVulnerabilityGHSA) UnmarshalJSON(b []byte) error { +// GetTag returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Tag, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetTag() *string { return v.Tag } - if string(b) == "null" { - return nil - } +// GetCommit returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Commit, and is useful for accessing the field via an interface. +func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetCommit() *string { return v.Commit } - var firstPass struct { - *AllIsVulnerabilityVulnerabilityGHSA - graphql.NoUnmarshalJSON - } - firstPass.AllIsVulnerabilityVulnerabilityGHSA = v +// AllVulnEqual includes the GraphQL fields of VulnEqual requested by the fragment AllVulnEqual. +// The GraphQL type's documentation follows. +// +// VulnEqual is an attestation to link two vulnerabilities together as being equal" +// +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type AllVulnEqual struct { + Id string `json:"id"` + // Collection of vulnerabilities that are similar + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` + // Justification for the attested relationship + Justification string `json:"justification"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` +} - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// GetId returns AllVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *AllVulnEqual) GetId() string { return v.Id } - err = json.Unmarshal( - b, &v.AllGHSATree) - if err != nil { - return err - } - return nil +// GetVulnerabilities returns AllVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *AllVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.Vulnerabilities } -type __premarshalAllIsVulnerabilityVulnerabilityGHSA struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - GhsaId string `json:"ghsaId"` -} - -func (v *AllIsVulnerabilityVulnerabilityGHSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} +// GetJustification returns AllVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *AllVulnEqual) GetJustification() string { return v.Justification } -func (v *AllIsVulnerabilityVulnerabilityGHSA) __premarshalJSON() (*__premarshalAllIsVulnerabilityVulnerabilityGHSA, error) { - var retval __premarshalAllIsVulnerabilityVulnerabilityGHSA +// GetOrigin returns AllVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *AllVulnEqual) GetOrigin() string { return v.Origin } - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil -} +// GetCollector returns AllVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *AllVulnEqual) GetCollector() string { return v.Collector } -// AllOSVTree includes the GraphQL fields of OSV requested by the fragment AllOSVTree. +// AllVulnEqualVulnerabilitiesVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. +// Vulnerability represents the root of the vulnerability trie/tree. // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// // -// This node can be referred to by other parts of GUAC. -type AllOSVTree struct { - Id string `json:"id"` - OsvId string `json:"osvId"` -} - -// GetId returns AllOSVTree.Id, and is useful for accessing the field via an interface. -func (v *AllOSVTree) GetId() string { return v.Id } - -// GetOsvId returns AllOSVTree.OsvId, and is useful for accessing the field via an interface. -func (v *AllOSVTree) GetOsvId() string { return v.OsvId } - -// AllPkgEqual includes the GraphQL fields of PkgEqual requested by the fragment AllPkgEqual. -// The GraphQL type's documentation follows. +// Examples: // -// PkgEqual is an attestation that a set of packages are similar. -type AllPkgEqual struct { - Id string `json:"id"` - // Justification for the claim that the packages are similar - Justification string `json:"justification"` - // Collection of packages that are similar - Packages []AllPkgEqualPackagesPackage `json:"packages"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` -} - -// GetId returns AllPkgEqual.Id, and is useful for accessing the field via an interface. -func (v *AllPkgEqual) GetId() string { return v.Id } - -// GetJustification returns AllPkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *AllPkgEqual) GetJustification() string { return v.Justification } - -// GetPackages returns AllPkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *AllPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.Packages } - -// GetOrigin returns AllPkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *AllPkgEqual) GetOrigin() string { return v.Origin } - -// GetCollector returns AllPkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *AllPkgEqual) GetCollector() string { return v.Collector } - -// AllPkgEqualPackagesPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ // -// Package represents the root of the package trie/tree. +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific // -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type AllPkgEqualPackagesPackage struct { - AllPkgTree `json:"-"` +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type AllVulnEqualVulnerabilitiesVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetId returns AllPkgEqualPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *AllPkgEqualPackagesPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns AllVulnEqualVulnerabilitiesVulnerability.Id, and is useful for accessing the field via an interface. +func (v *AllVulnEqualVulnerabilitiesVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetType returns AllPkgEqualPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *AllPkgEqualPackagesPackage) GetType() string { return v.AllPkgTree.Type } +// GetType returns AllVulnEqualVulnerabilitiesVulnerability.Type, and is useful for accessing the field via an interface. +func (v *AllVulnEqualVulnerabilitiesVulnerability) GetType() string { + return v.AllVulnerabilityTree.Type +} -// GetNamespaces returns AllPkgEqualPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllPkgEqualPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetVulnerabilityIDs returns AllVulnEqualVulnerabilitiesVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *AllVulnEqualVulnerabilitiesVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -func (v *AllPkgEqualPackagesPackage) UnmarshalJSON(b []byte) error { +func (v *AllVulnEqualVulnerabilitiesVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllPkgEqualPackagesPackage + *AllVulnEqualVulnerabilitiesVulnerability graphql.NoUnmarshalJSON } - firstPass.AllPkgEqualPackagesPackage = v + firstPass.AllVulnEqualVulnerabilitiesVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -4964,22 +5004,22 @@ func (v *AllPkgEqualPackagesPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalAllPkgEqualPackagesPackage struct { +type __premarshalAllVulnEqualVulnerabilitiesVulnerability struct { Id string `json:"id"` Type string `json:"type"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *AllPkgEqualPackagesPackage) MarshalJSON() ([]byte, error) { +func (v *AllVulnEqualVulnerabilitiesVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -4987,292 +5027,278 @@ func (v *AllPkgEqualPackagesPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllPkgEqualPackagesPackage) __premarshalJSON() (*__premarshalAllPkgEqualPackagesPackage, error) { - var retval __premarshalAllPkgEqualPackagesPackage +func (v *AllVulnEqualVulnerabilitiesVulnerability) __premarshalJSON() (*__premarshalAllVulnEqualVulnerabilitiesVulnerability, error) { + var retval __premarshalAllVulnEqualVulnerabilitiesVulnerability - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// AllPkgTree includes the GraphQL fields of Package requested by the fragment AllPkgTree. +// AllVulnerabilityTree includes the GraphQL fields of Vulnerability requested by the fragment AllVulnerabilityTree. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. +// Vulnerability represents the root of the vulnerability trie/tree. // -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// Examples: // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type AllPkgTree struct { - Id string `json:"id"` - Type string `json:"type"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` -} - -// GetId returns AllPkgTree.Id, and is useful for accessing the field via an interface. -func (v *AllPkgTree) GetId() string { return v.Id } - -// GetType returns AllPkgTree.Type, and is useful for accessing the field via an interface. -func (v *AllPkgTree) GetType() string { return v.Type } - -// GetNamespaces returns AllPkgTree.Namespaces, and is useful for accessing the field via an interface. -func (v *AllPkgTree) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { return v.Namespaces } - -// AllPkgTreeNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. -// The GraphQL type's documentation follows. +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ // -// PackageNamespace is a namespace for packages. +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific // -// In the pURL representation, each PackageNamespace matches the -// pkg:// partial pURL. +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. // -// Namespaces are optional and type specific. Because they are optional, we use -// empty string to denote missing namespaces. -type AllPkgTreeNamespacesPackageNamespace struct { - Id string `json:"id"` - Namespace string `json:"namespace"` - Names []AllPkgTreeNamespacesPackageNamespaceNamesPackageName `json:"names"` +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type AllVulnerabilityTree struct { + Id string `json:"id"` + Type string `json:"type"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -// GetId returns AllPkgTreeNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespace) GetId() string { return v.Id } +// GetId returns AllVulnerabilityTree.Id, and is useful for accessing the field via an interface. +func (v *AllVulnerabilityTree) GetId() string { return v.Id } -// GetNamespace returns AllPkgTreeNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespace) GetNamespace() string { return v.Namespace } +// GetType returns AllVulnerabilityTree.Type, and is useful for accessing the field via an interface. +func (v *AllVulnerabilityTree) GetType() string { return v.Type } -// GetNames returns AllPkgTreeNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespace) GetNames() []AllPkgTreeNamespacesPackageNamespaceNamesPackageName { - return v.Names +// GetVulnerabilityIDs returns AllVulnerabilityTree.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *AllVulnerabilityTree) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.VulnerabilityIDs } -// AllPkgTreeNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. +// AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID includes the requested fields of the GraphQL type VulnerabilityID. // The GraphQL type's documentation follows. // -// PackageName is a name for packages. -// -// In the pURL representation, each PackageName matches the -// pkg:// pURL. +// VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability. // -// Names are always mandatory. +// This will be enforced to be all lowercase. // -// This is the first node in the trie that can be referred to by other parts of -// GUAC. -type AllPkgTreeNamespacesPackageNamespaceNamesPackageName struct { - Id string `json:"id"` - Name string `json:"name"` - Versions []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion `json:"versions"` +// The namespace field is mandatory. +type AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID struct { + Id string `json:"id"` + VulnerabilityID string `json:"vulnerabilityID"` } -// GetId returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetId() string { return v.Id } - -// GetName returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetName() string { return v.Name } +// GetId returns AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID.Id, and is useful for accessing the field via an interface. +func (v *AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID) GetId() string { return v.Id } -// GetVersions returns AllPkgTreeNamespacesPackageNamespaceNamesPackageName.Versions, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageName) GetVersions() []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion { - return v.Versions +// GetVulnerabilityID returns AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID.VulnerabilityID, and is useful for accessing the field via an interface. +func (v *AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID) GetVulnerabilityID() string { + return v.VulnerabilityID } -// AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion includes the requested fields of the GraphQL type PackageVersion. -// The GraphQL type's documentation follows. -// -// PackageVersion is a package version. -// -// In the pURL representation, each PackageName matches the -// pkg://@ pURL. -// -// Versions are optional and each Package type defines own rules for handling -// them. For this level of GUAC, these are just opaque strings. -// -// NOTE: The handling of versions might change before this schema becomes stable. -// -// This node can be referred to by other parts of GUAC. +// ArtifactInputSpec specifies an artifact for mutations. // -// Subpath and qualifiers are optional. Lack of qualifiers is represented by an -// empty list and lack of subpath by empty string (to be consistent with -// optionality of namespace and version). Two nodes that have different qualifiers -// and/or subpath but the same version mean two different packages in the trie -// (they are different). Two nodes that have same version but qualifiers of one -// are a subset of the qualifier of the other also mean two different packages in -// the trie. -type AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion struct { - Id string `json:"id"` - Version string `json:"version"` - Qualifiers []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier `json:"qualifiers"` - Subpath string `json:"subpath"` +// The checksum fields are canonicalized to be lowercase. +type ArtifactInputSpec struct { + Algorithm string `json:"algorithm"` + Digest string `json:"digest"` } -// GetId returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Id, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetId() string { - return v.Id -} +// GetAlgorithm returns ArtifactInputSpec.Algorithm, and is useful for accessing the field via an interface. +func (v *ArtifactInputSpec) GetAlgorithm() string { return v.Algorithm } -// GetVersion returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Version, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetVersion() string { - return v.Version -} +// GetDigest returns ArtifactInputSpec.Digest, and is useful for accessing the field via an interface. +func (v *ArtifactInputSpec) GetDigest() string { return v.Digest } -// GetQualifiers returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Qualifiers, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetQualifiers() []AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier { - return v.Qualifiers +// ArtifactSpec allows filtering the list of artifacts to return in a query. +// +// The checksum fields are canonicalized to be lowercase. +type ArtifactSpec struct { + Id *string `json:"id"` + Algorithm *string `json:"algorithm"` + Digest *string `json:"digest"` } -// GetSubpath returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Subpath, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetSubpath() string { - return v.Subpath -} +// GetId returns ArtifactSpec.Id, and is useful for accessing the field via an interface. +func (v *ArtifactSpec) GetId() *string { return v.Id } -// AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier includes the requested fields of the GraphQL type PackageQualifier. +// GetAlgorithm returns ArtifactSpec.Algorithm, and is useful for accessing the field via an interface. +func (v *ArtifactSpec) GetAlgorithm() *string { return v.Algorithm } + +// GetDigest returns ArtifactSpec.Digest, and is useful for accessing the field via an interface. +func (v *ArtifactSpec) GetDigest() *string { return v.Digest } + +// ArtifactsArtifactsArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// PackageQualifier is a qualifier for a package, a key-value pair. -// -// In the pURL representation, it is a part of the part of the -// pkg://@? pURL. +// Artifact represents an artifact identified by a checksum hash. // -// Qualifiers are optional, each Package type defines own rules for handling them, -// and multiple qualifiers could be attached to the same package. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// This node cannot be directly referred by other parts of GUAC. -type AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier struct { - Key string `json:"key"` - Value string `json:"value"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type ArtifactsArtifactsArtifact struct { + AllArtifactTree `json:"-"` } -// GetKey returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Key, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetKey() string { - return v.Key -} +// GetId returns ArtifactsArtifactsArtifact.Id, and is useful for accessing the field via an interface. +func (v *ArtifactsArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetValue returns AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Value, and is useful for accessing the field via an interface. -func (v *AllPkgTreeNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetValue() string { - return v.Value -} +// GetAlgorithm returns ArtifactsArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *ArtifactsArtifactsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// AllPointOfContact includes the GraphQL fields of PointOfContact requested by the fragment AllPointOfContact. -// The GraphQL type's documentation follows. -// -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. +// GetDigest returns ArtifactsArtifactsArtifact.Digest, and is useful for accessing the field via an interface. +func (v *ArtifactsArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } + +func (v *ArtifactsArtifactsArtifact) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *ArtifactsArtifactsArtifact + graphql.NoUnmarshalJSON + } + firstPass.ArtifactsArtifactsArtifact = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllArtifactTree) + if err != nil { + return err + } + return nil +} + +type __premarshalArtifactsArtifactsArtifact struct { + Id string `json:"id"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` +} + +func (v *ArtifactsArtifactsArtifact) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *ArtifactsArtifactsArtifact) __premarshalJSON() (*__premarshalArtifactsArtifactsArtifact, error) { + var retval __premarshalArtifactsArtifactsArtifact + + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest + return &retval, nil +} + +// ArtifactsResponse is returned by Artifacts on success. +type ArtifactsResponse struct { + // Returns all artifacts matching a filter. + Artifacts []ArtifactsArtifactsArtifact `json:"artifacts"` +} + +// GetArtifacts returns ArtifactsResponse.Artifacts, and is useful for accessing the field via an interface. +func (v *ArtifactsResponse) GetArtifacts() []ArtifactsArtifactsArtifact { return v.Artifacts } + +// BuilderInputSpec specifies a builder for mutations. +type BuilderInputSpec struct { + Uri string `json:"uri"` +} + +// GetUri returns BuilderInputSpec.Uri, and is useful for accessing the field via an interface. +func (v *BuilderInputSpec) GetUri() string { return v.Uri } + +// CertifyBadArtifactIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// The GraphQL type's documentation follows. +// +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector // that collected the document (collector). // -// The attestation applies to a subject which is a package, source, or artifact. +// The certification applies to a subject which is a package, source, or artifact. // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type AllPointOfContact struct { - Id string `json:"id"` - Subject AllPointOfContactSubjectPackageSourceOrArtifact `json:"-"` - Email string `json:"email"` - Info string `json:"info"` - Since time.Time `json:"since"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +type CertifyBadArtifactIngestCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetId returns AllPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetId() string { return v.Id } +// GetId returns CertifyBadArtifactIngestCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetSubject returns AllPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.Subject +// GetJustification returns CertifyBadArtifactIngestCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactIngestCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification } -// GetEmail returns AllPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetEmail() string { return v.Email } - -// GetInfo returns AllPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetInfo() string { return v.Info } - -// GetSince returns AllPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetSince() time.Time { return v.Since } - -// GetJustification returns AllPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetJustification() string { return v.Justification } +// GetSubject returns CertifyBadArtifactIngestCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject +} -// GetOrigin returns AllPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetOrigin() string { return v.Origin } +// GetOrigin returns CertifyBadArtifactIngestCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } -// GetCollector returns AllPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *AllPointOfContact) GetCollector() string { return v.Collector } +// GetCollector returns CertifyBadArtifactIngestCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } -func (v *AllPointOfContact) UnmarshalJSON(b []byte) error { +func (v *CertifyBadArtifactIngestCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllPointOfContact - Subject json.RawMessage `json:"subject"` + *CertifyBadArtifactIngestCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllPointOfContact = v + firstPass.CertifyBadArtifactIngestCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - { - dst := &v.Subject - src := firstPass.Subject - if len(src) != 0 && string(src) != "null" { - err = __unmarshalAllPointOfContactSubjectPackageSourceOrArtifact( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal AllPointOfContact.Subject: %w", err) - } - } + err = json.Unmarshal( + b, &v.AllCertifyBad) + if err != nil { + return err } return nil } -type __premarshalAllPointOfContact struct { +type __premarshalCertifyBadArtifactIngestCertifyBad struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` - - Info string `json:"info"` - - Since time.Time `json:"since"` - Justification string `json:"justification"` + Subject json.RawMessage `json:"subject"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *AllPointOfContact) MarshalJSON() ([]byte, error) { +func (v *CertifyBadArtifactIngestCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5280,69 +5306,91 @@ func (v *AllPointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllPointOfContact) __premarshalJSON() (*__premarshalAllPointOfContact, error) { - var retval __premarshalAllPointOfContact +func (v *CertifyBadArtifactIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadArtifactIngestCertifyBad, error) { + var retval __premarshalCertifyBadArtifactIngestCertifyBad - retval.Id = v.Id + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification { dst := &retval.Subject - src := v.Subject + src := v.AllCertifyBad.Subject var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal AllPointOfContact.Subject: %w", err) + "unable to marshal CertifyBadArtifactIngestCertifyBad.AllCertifyBad.Subject: %w", err) } } - retval.Email = v.Email - retval.Info = v.Info - retval.Since = v.Since - retval.Justification = v.Justification - retval.Origin = v.Origin - retval.Collector = v.Collector + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// AllPointOfContactSubjectArtifact includes the requested fields of the GraphQL type Artifact. +// CertifyBadArtifactResponse is returned by CertifyBadArtifact on success. +type CertifyBadArtifactResponse struct { + // Adds a certification that a package, source or artifact is considered bad. + IngestCertifyBad CertifyBadArtifactIngestCertifyBad `json:"ingestCertifyBad"` +} + +// GetIngestCertifyBad returns CertifyBadArtifactResponse.IngestCertifyBad, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactResponse) GetIngestCertifyBad() CertifyBadArtifactIngestCertifyBad { + return v.IngestCertifyBad +} + +// CertifyBadArtifactsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllPointOfContactSubjectArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadArtifactsIngestCertifyBadsCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetTypename returns AllPointOfContactSubjectArtifact.Typename, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectArtifact) GetTypename() *string { return v.Typename } +// GetId returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetId returns AllPointOfContactSubjectArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetJustification returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification +} -// GetAlgorithm returns AllPointOfContactSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetSubject returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject +} -// GetDigest returns AllPointOfContactSubjectArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetOrigin returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetOrigin() string { + return v.AllCertifyBad.Origin +} -func (v *AllPointOfContactSubjectArtifact) UnmarshalJSON(b []byte) error { +// GetCollector returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetCollector() string { + return v.AllCertifyBad.Collector +} + +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllPointOfContactSubjectArtifact + *CertifyBadArtifactsIngestCertifyBadsCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllPointOfContactSubjectArtifact = v + firstPass.CertifyBadArtifactsIngestCertifyBadsCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -5350,24 +5398,26 @@ func (v *AllPointOfContactSubjectArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalAllPointOfContactSubjectArtifact struct { - Typename *string `json:"__typename"` - +type __premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Justification string `json:"justification"` - Digest string `json:"digest"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllPointOfContactSubjectArtifact) MarshalJSON() ([]byte, error) { +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5375,63 +5425,104 @@ func (v *AllPointOfContactSubjectArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllPointOfContactSubjectArtifact) __premarshalJSON() (*__premarshalAllPointOfContactSubjectArtifact, error) { - var retval __premarshalAllPointOfContactSubjectArtifact +func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad, error) { + var retval __premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyBadArtifactsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// AllPointOfContactSubjectPackage includes the requested fields of the GraphQL type Package. +// CertifyBadArtifactsResponse is returned by CertifyBadArtifacts on success. +type CertifyBadArtifactsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered bad. + IngestCertifyBads []CertifyBadArtifactsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` +} + +// GetIngestCertifyBads returns CertifyBadArtifactsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. +func (v *CertifyBadArtifactsResponse) GetIngestCertifyBads() []CertifyBadArtifactsIngestCertifyBadsCertifyBad { + return v.IngestCertifyBads +} + +// CertifyBadInputSpec represents the mutation input to ingest a CertifyBad +// evidence. +type CertifyBadInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` +} + +// GetJustification returns CertifyBadInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadInputSpec) GetJustification() string { return v.Justification } + +// GetOrigin returns CertifyBadInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns CertifyBadInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadInputSpec) GetCollector() string { return v.Collector } + +// CertifyBadPkgIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type AllPointOfContactSubjectPackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadPkgIngestCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetTypename returns AllPointOfContactSubjectPackage.Typename, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectPackage) GetTypename() *string { return v.Typename } - -// GetId returns AllPointOfContactSubjectPackage.Id, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns CertifyBadPkgIngestCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetType returns AllPointOfContactSubjectPackage.Type, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectPackage) GetType() string { return v.AllPkgTree.Type } +// GetJustification returns CertifyBadPkgIngestCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgIngestCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification +} -// GetNamespaces returns AllPointOfContactSubjectPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetSubject returns CertifyBadPkgIngestCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -func (v *AllPointOfContactSubjectPackage) UnmarshalJSON(b []byte) error { +// GetOrigin returns CertifyBadPkgIngestCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } + +// GetCollector returns CertifyBadPkgIngestCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } + +func (v *CertifyBadPkgIngestCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllPointOfContactSubjectPackage + *CertifyBadPkgIngestCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllPointOfContactSubjectPackage = v + firstPass.CertifyBadPkgIngestCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -5439,24 +5530,26 @@ func (v *AllPointOfContactSubjectPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalAllPointOfContactSubjectPackage struct { - Typename *string `json:"__typename"` - +type __premarshalCertifyBadPkgIngestCertifyBad struct { Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllPointOfContactSubjectPackage) MarshalJSON() ([]byte, error) { +func (v *CertifyBadPkgIngestCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5464,162 +5557,236 @@ func (v *AllPointOfContactSubjectPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllPointOfContactSubjectPackage) __premarshalJSON() (*__premarshalAllPointOfContactSubjectPackage, error) { - var retval __premarshalAllPointOfContactSubjectPackage +func (v *CertifyBadPkgIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadPkgIngestCertifyBad, error) { + var retval __premarshalCertifyBadPkgIngestCertifyBad - retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyBadPkgIngestCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// AllPointOfContactSubjectPackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. -// -// AllPointOfContactSubjectPackageSourceOrArtifact is implemented by the following types: -// AllPointOfContactSubjectArtifact -// AllPointOfContactSubjectPackage -// AllPointOfContactSubjectSource +// CertifyBadPkgResponse is returned by CertifyBadPkg on success. +type CertifyBadPkgResponse struct { + // Adds a certification that a package, source or artifact is considered bad. + IngestCertifyBad CertifyBadPkgIngestCertifyBad `json:"ingestCertifyBad"` +} + +// GetIngestCertifyBad returns CertifyBadPkgResponse.IngestCertifyBad, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgResponse) GetIngestCertifyBad() CertifyBadPkgIngestCertifyBad { + return v.IngestCertifyBad +} + +// CertifyBadPkgsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// PackageSourceOrArtifact is a union of Package, Source, and Artifact. -type AllPointOfContactSubjectPackageSourceOrArtifact interface { - implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadPkgsIngestCertifyBadsCertifyBad struct { + AllCertifyBad `json:"-"` } -func (v *AllPointOfContactSubjectArtifact) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { +// GetId returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } + +// GetJustification returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification } -func (v *AllPointOfContactSubjectPackage) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { + +// GetSubject returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -func (v *AllPointOfContactSubjectSource) implementsGraphQLInterfaceAllPointOfContactSubjectPackageSourceOrArtifact() { + +// GetOrigin returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } + +// GetCollector returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetCollector() string { + return v.AllCertifyBad.Collector } -func __unmarshalAllPointOfContactSubjectPackageSourceOrArtifact(b []byte, v *AllPointOfContactSubjectPackageSourceOrArtifact) error { +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { + if string(b) == "null" { return nil } - var tn struct { - TypeName string `json:"__typename"` + var firstPass struct { + *CertifyBadPkgsIngestCertifyBadsCertifyBad + graphql.NoUnmarshalJSON } - err := json.Unmarshal(b, &tn) + firstPass.CertifyBadPkgsIngestCertifyBadsCertifyBad = v + + err := json.Unmarshal(b, &firstPass) if err != nil { return err } - switch tn.TypeName { - case "Artifact": - *v = new(AllPointOfContactSubjectArtifact) - return json.Unmarshal(b, *v) - case "Package": - *v = new(AllPointOfContactSubjectPackage) - return json.Unmarshal(b, *v) - case "Source": - *v = new(AllPointOfContactSubjectSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing PackageSourceOrArtifact.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for AllPointOfContactSubjectPackageSourceOrArtifact: "%v"`, tn.TypeName) + err = json.Unmarshal( + b, &v.AllCertifyBad) + if err != nil { + return err } + return nil } -func __marshalAllPointOfContactSubjectPackageSourceOrArtifact(v *AllPointOfContactSubjectPackageSourceOrArtifact) ([]byte, error) { +type __premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad struct { + Id string `json:"id"` - var typename string - switch v := (*v).(type) { - case *AllPointOfContactSubjectArtifact: - typename = "Artifact" + Justification string `json:"justification"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllPointOfContactSubjectArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *AllPointOfContactSubjectPackage: - typename = "Package" + Subject json.RawMessage `json:"subject"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllPointOfContactSubjectPackage - }{typename, premarshaled} - return json.Marshal(result) - case *AllPointOfContactSubjectSource: - typename = "Source" + Origin string `json:"origin"` - premarshaled, err := v.__premarshalJSON() + Collector string `json:"collector"` +} + +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad, error) { + var retval __premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad + + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) if err != nil { - return nil, err + return nil, fmt.Errorf( + "unable to marshal CertifyBadPkgsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) } - result := struct { - TypeName string `json:"__typename"` - *__premarshalAllPointOfContactSubjectSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for AllPointOfContactSubjectPackageSourceOrArtifact: "%T"`, v) } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector + return &retval, nil } -// AllPointOfContactSubjectSource includes the requested fields of the GraphQL type Source. -// The GraphQL type's documentation follows. +// CertifyBadPkgsResponse is returned by CertifyBadPkgs on success. +type CertifyBadPkgsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered bad. + IngestCertifyBads []CertifyBadPkgsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` +} + +// GetIngestCertifyBads returns CertifyBadPkgsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. +func (v *CertifyBadPkgsResponse) GetIngestCertifyBads() []CertifyBadPkgsIngestCertifyBadsCertifyBad { + return v.IngestCertifyBads +} + +// CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a +// query. // -// Source represents the root of the source trie/tree. +// If a package is specified in the subject filter, then it must be specified up +// to PackageName or PackageVersion. That is, user must specify package name, or +// name and one of version, qualifiers, or subpath. // -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. +// If a source is specified in the subject filter, then it must specify a name, +// and optionally a tag and a commit. +type CertifyBadSpec struct { + Id *string `json:"id"` + Subject *PackageSourceOrArtifactSpec `json:"subject"` + Justification *string `json:"justification"` + Origin *string `json:"origin"` + Collector *string `json:"collector"` +} + +// GetId returns CertifyBadSpec.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadSpec) GetId() *string { return v.Id } + +// GetSubject returns CertifyBadSpec.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadSpec) GetSubject() *PackageSourceOrArtifactSpec { return v.Subject } + +// GetJustification returns CertifyBadSpec.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadSpec) GetJustification() *string { return v.Justification } + +// GetOrigin returns CertifyBadSpec.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadSpec) GetOrigin() *string { return v.Origin } + +// GetCollector returns CertifyBadSpec.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadSpec) GetCollector() *string { return v.Collector } + +// CertifyBadSrcIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// The GraphQL type's documentation follows. // -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type AllPointOfContactSubjectSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadSrcIngestCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetTypename returns AllPointOfContactSubjectSource.Typename, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectSource) GetTypename() *string { return v.Typename } - -// GetId returns AllPointOfContactSubjectSource.Id, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns CertifyBadSrcIngestCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetType returns AllPointOfContactSubjectSource.Type, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectSource) GetType() string { return v.AllSourceTree.Type } +// GetJustification returns CertifyBadSrcIngestCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcIngestCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification +} -// GetNamespaces returns AllPointOfContactSubjectSource.Namespaces, and is useful for accessing the field via an interface. -func (v *AllPointOfContactSubjectSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetSubject returns CertifyBadSrcIngestCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -func (v *AllPointOfContactSubjectSource) UnmarshalJSON(b []byte) error { +// GetOrigin returns CertifyBadSrcIngestCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } + +// GetCollector returns CertifyBadSrcIngestCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } + +func (v *CertifyBadSrcIngestCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllPointOfContactSubjectSource + *CertifyBadSrcIngestCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllPointOfContactSubjectSource = v + firstPass.CertifyBadSrcIngestCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -5627,24 +5794,26 @@ func (v *AllPointOfContactSubjectSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalAllPointOfContactSubjectSource struct { - Typename *string `json:"__typename"` - +type __premarshalCertifyBadSrcIngestCertifyBad struct { Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllPointOfContactSubjectSource) MarshalJSON() ([]byte, error) { +func (v *CertifyBadSrcIngestCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5652,153 +5821,89 @@ func (v *AllPointOfContactSubjectSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllPointOfContactSubjectSource) __premarshalJSON() (*__premarshalAllPointOfContactSubjectSource, error) { - var retval __premarshalAllPointOfContactSubjectSource +func (v *CertifyBadSrcIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadSrcIngestCertifyBad, error) { + var retval __premarshalCertifyBadSrcIngestCertifyBad - retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyBadSrcIngestCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// AllSLSATree includes the GraphQL fields of HasSLSA requested by the fragment AllSLSATree. -// The GraphQL type's documentation follows. -// -// HasSLSA records that a subject node has a SLSA attestation. -type AllSLSATree struct { - Id string `json:"id"` - // The subject of SLSA attestation - Subject AllSLSATreeSubjectArtifact `json:"subject"` - // The SLSA attestation - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` +// CertifyBadSrcResponse is returned by CertifyBadSrc on success. +type CertifyBadSrcResponse struct { + // Adds a certification that a package, source or artifact is considered bad. + IngestCertifyBad CertifyBadSrcIngestCertifyBad `json:"ingestCertifyBad"` } -// GetId returns AllSLSATree.Id, and is useful for accessing the field via an interface. -func (v *AllSLSATree) GetId() string { return v.Id } - -// GetSubject returns AllSLSATree.Subject, and is useful for accessing the field via an interface. -func (v *AllSLSATree) GetSubject() AllSLSATreeSubjectArtifact { return v.Subject } - -// GetSlsa returns AllSLSATree.Slsa, and is useful for accessing the field via an interface. -func (v *AllSLSATree) GetSlsa() AllSLSATreeSlsaSLSA { return v.Slsa } +// GetIngestCertifyBad returns CertifyBadSrcResponse.IngestCertifyBad, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcResponse) GetIngestCertifyBad() CertifyBadSrcIngestCertifyBad { + return v.IngestCertifyBad +} -// AllSLSATreeSlsaSLSA includes the requested fields of the GraphQL type SLSA. +// CertifyBadSrcsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// SLSA contains all of the fields present in a SLSA attestation. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// The materials and builders are objects of the HasSLSA predicate, everything -// else are properties extracted from the attestation. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// We also include fields to specify under what conditions the check was performed -// (time of scan, version of scanners, etc.) as well as how this information got -// included into GUAC (origin document and the collector for that document). -type AllSLSATreeSlsaSLSA struct { - // Materials of the build resulting in subject - BuiltFrom []AllSLSATreeSlsaSLSABuiltFromArtifact `json:"builtFrom"` - // Builder performing the build - BuiltBy AllSLSATreeSlsaSLSABuiltByBuilder `json:"builtBy"` - // Type of the builder - BuildType string `json:"buildType"` - // Individual predicates found in the attestation - SlsaPredicate []AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate `json:"slsaPredicate"` - // Version of the SLSA predicate - SlsaVersion string `json:"slsaVersion"` - // Timestamp (RFC3339Nano format) of build start time - StartedOn *time.Time `json:"startedOn"` - // Timestamp (RFC3339Nano format) of build end time - FinishedOn *time.Time `json:"finishedOn"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` -} - -// GetBuiltFrom returns AllSLSATreeSlsaSLSA.BuiltFrom, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetBuiltFrom() []AllSLSATreeSlsaSLSABuiltFromArtifact { - return v.BuiltFrom -} - -// GetBuiltBy returns AllSLSATreeSlsaSLSA.BuiltBy, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetBuiltBy() AllSLSATreeSlsaSLSABuiltByBuilder { return v.BuiltBy } - -// GetBuildType returns AllSLSATreeSlsaSLSA.BuildType, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetBuildType() string { return v.BuildType } - -// GetSlsaPredicate returns AllSLSATreeSlsaSLSA.SlsaPredicate, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetSlsaPredicate() []AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate { - return v.SlsaPredicate +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadSrcsIngestCertifyBadsCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetSlsaVersion returns AllSLSATreeSlsaSLSA.SlsaVersion, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetSlsaVersion() string { return v.SlsaVersion } - -// GetStartedOn returns AllSLSATreeSlsaSLSA.StartedOn, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetStartedOn() *time.Time { return v.StartedOn } - -// GetFinishedOn returns AllSLSATreeSlsaSLSA.FinishedOn, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetFinishedOn() *time.Time { return v.FinishedOn } - -// GetOrigin returns AllSLSATreeSlsaSLSA.Origin, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetOrigin() string { return v.Origin } - -// GetCollector returns AllSLSATreeSlsaSLSA.Collector, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSA) GetCollector() string { return v.Collector } +// GetId returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// AllSLSATreeSlsaSLSABuiltByBuilder includes the requested fields of the GraphQL type Builder. -// The GraphQL type's documentation follows. -// -// Builder represents the builder (e.g., FRSCA or GitHub Actions). -// -// Currently builders are identified by the uri field. -type AllSLSATreeSlsaSLSABuiltByBuilder struct { - Id string `json:"id"` - Uri string `json:"uri"` +// GetJustification returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification } -// GetId returns AllSLSATreeSlsaSLSABuiltByBuilder.Id, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSABuiltByBuilder) GetId() string { return v.Id } - -// GetUri returns AllSLSATreeSlsaSLSABuiltByBuilder.Uri, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSABuiltByBuilder) GetUri() string { return v.Uri } - -// AllSLSATreeSlsaSLSABuiltFromArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllSLSATreeSlsaSLSABuiltFromArtifact struct { - AllArtifactTree `json:"-"` +// GetSubject returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -// GetId returns AllSLSATreeSlsaSLSABuiltFromArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetOrigin returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } -// GetAlgorithm returns AllSLSATreeSlsaSLSABuiltFromArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetAlgorithm() string { - return v.AllArtifactTree.Algorithm +// GetCollector returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetCollector() string { + return v.AllCertifyBad.Collector } -// GetDigest returns AllSLSATreeSlsaSLSABuiltFromArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) UnmarshalJSON(b []byte) error { +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllSLSATreeSlsaSLSABuiltFromArtifact + *CertifyBadSrcsIngestCertifyBadsCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllSLSATreeSlsaSLSABuiltFromArtifact = v + firstPass.CertifyBadSrcsIngestCertifyBadsCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -5806,22 +5911,26 @@ func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalAllSLSATreeSlsaSLSABuiltFromArtifact struct { +type __premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Justification string `json:"justification"` - Digest string `json:"digest"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) MarshalJSON() ([]byte, error) { +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5829,88 +5938,85 @@ func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllSLSATreeSlsaSLSABuiltFromArtifact) __premarshalJSON() (*__premarshalAllSLSATreeSlsaSLSABuiltFromArtifact, error) { - var retval __premarshalAllSLSATreeSlsaSLSABuiltFromArtifact +func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad, error) { + var retval __premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyBadSrcsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate includes the requested fields of the GraphQL type SLSAPredicate. -// The GraphQL type's documentation follows. -// -// SLSAPredicate are the values from the SLSA predicate in key-value pair form. -// -// # For example, given the following predicate -// -// ``` -// "predicate": { -// "buildDefinition": { -// "externalParameters": { -// "repository": "https://github.com/octocat/hello-world", -// ... -// }, -// ... -// }, -// ... -// } -// ``` -// -// we have -// -// ``` -// key = "buildDefinition.externalParameters.repository" -// value = "https://github.com/octocat/hello-world" -// ``` -// -// This node cannot be directly referred by other parts of GUAC. -type AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate struct { - Key string `json:"key"` - Value string `json:"value"` +// CertifyBadSrcsResponse is returned by CertifyBadSrcs on success. +type CertifyBadSrcsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered bad. + IngestCertifyBads []CertifyBadSrcsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` } -// GetKey returns AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate.Key, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate) GetKey() string { return v.Key } - -// GetValue returns AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate.Value, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSlsaSLSASlsaPredicateSLSAPredicate) GetValue() string { return v.Value } +// GetIngestCertifyBads returns CertifyBadSrcsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. +func (v *CertifyBadSrcsResponse) GetIngestCertifyBads() []CertifyBadSrcsIngestCertifyBadsCertifyBad { + return v.IngestCertifyBads +} -// AllSLSATreeSubjectArtifact includes the requested fields of the GraphQL type Artifact. +// CertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type AllSLSATreeSubjectArtifact struct { - AllArtifactTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyBadsCertifyBad struct { + AllCertifyBad `json:"-"` } -// GetId returns AllSLSATreeSubjectArtifact.Id, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSubjectArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetId returns CertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *CertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetAlgorithm returns AllSLSATreeSubjectArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSubjectArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetJustification returns CertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *CertifyBadsCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } -// GetDigest returns AllSLSATreeSubjectArtifact.Digest, and is useful for accessing the field via an interface. -func (v *AllSLSATreeSubjectArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetSubject returns CertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *CertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject +} -func (v *AllSLSATreeSubjectArtifact) UnmarshalJSON(b []byte) error { +// GetOrigin returns CertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *CertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } + +// GetCollector returns CertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *CertifyBadsCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } + +func (v *CertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *AllSLSATreeSubjectArtifact + *CertifyBadsCertifyBad graphql.NoUnmarshalJSON } - firstPass.AllSLSATreeSubjectArtifact = v + firstPass.CertifyBadsCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -5918,22 +6024,26 @@ func (v *AllSLSATreeSubjectArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalAllSLSATreeSubjectArtifact struct { +type __premarshalCertifyBadsCertifyBad struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Justification string `json:"justification"` - Digest string `json:"digest"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *AllSLSATreeSubjectArtifact) MarshalJSON() ([]byte, error) { +func (v *CertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -5941,163 +6051,87 @@ func (v *AllSLSATreeSubjectArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *AllSLSATreeSubjectArtifact) __premarshalJSON() (*__premarshalAllSLSATreeSubjectArtifact, error) { - var retval __premarshalAllSLSATreeSubjectArtifact +func (v *CertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadsCertifyBad, error) { + var retval __premarshalCertifyBadsCertifyBad - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil -} + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { -// AllSourceTree includes the GraphQL fields of Source requested by the fragment AllSourceTree. -// The GraphQL type's documentation follows. -// -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. -// -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type AllSourceTree struct { - Id string `json:"id"` - Type string `json:"type"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector + return &retval, nil } -// GetId returns AllSourceTree.Id, and is useful for accessing the field via an interface. -func (v *AllSourceTree) GetId() string { return v.Id } - -// GetType returns AllSourceTree.Type, and is useful for accessing the field via an interface. -func (v *AllSourceTree) GetType() string { return v.Type } - -// GetNamespaces returns AllSourceTree.Namespaces, and is useful for accessing the field via an interface. -func (v *AllSourceTree) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { return v.Namespaces } - -// AllSourceTreeNamespacesSourceNamespace includes the requested fields of the GraphQL type SourceNamespace. -// The GraphQL type's documentation follows. -// -// SourceNamespace is a namespace for sources. -// -// This is the location of the repository (such as github/gitlab/bitbucket). -// -// The namespace field is mandatory. -type AllSourceTreeNamespacesSourceNamespace struct { - Id string `json:"id"` - Namespace string `json:"namespace"` - Names []AllSourceTreeNamespacesSourceNamespaceNamesSourceName `json:"names"` +// CertifyBadsResponse is returned by CertifyBads on success. +type CertifyBadsResponse struct { + // Returns all CertifyBad attestations matching a filter. + CertifyBad []CertifyBadsCertifyBad `json:"CertifyBad"` } -// GetId returns AllSourceTreeNamespacesSourceNamespace.Id, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespace) GetId() string { return v.Id } - -// GetNamespace returns AllSourceTreeNamespacesSourceNamespace.Namespace, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespace) GetNamespace() string { return v.Namespace } - -// GetNames returns AllSourceTreeNamespacesSourceNamespace.Names, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespace) GetNames() []AllSourceTreeNamespacesSourceNamespaceNamesSourceName { - return v.Names -} +// GetCertifyBad returns CertifyBadsResponse.CertifyBad, and is useful for accessing the field via an interface. +func (v *CertifyBadsResponse) GetCertifyBad() []CertifyBadsCertifyBad { return v.CertifyBad } -// AllSourceTreeNamespacesSourceNamespaceNamesSourceName includes the requested fields of the GraphQL type SourceName. +// CertifyGoodArtifactIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// SourceName represents the url of the repository. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// The name field is mandatory. The tag and commit fields are optional, but it is -// an error to specify both. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// This is the only source trie node that can be referenced by other parts of GUAC. -type AllSourceTreeNamespacesSourceNamespaceNamesSourceName struct { - Id string `json:"id"` - Name string `json:"name"` - Tag *string `json:"tag"` - Commit *string `json:"commit"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyGoodArtifactIngestCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Id, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetId() string { return v.Id } - -// GetName returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Name, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetName() string { return v.Name } - -// GetTag returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Tag, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetTag() *string { return v.Tag } - -// GetCommit returns AllSourceTreeNamespacesSourceNamespaceNamesSourceName.Commit, and is useful for accessing the field via an interface. -func (v *AllSourceTreeNamespacesSourceNamespaceNamesSourceName) GetCommit() *string { return v.Commit } +// GetId returns CertifyGoodArtifactIngestCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// ArtifactInputSpec specifies an artifact for mutations. -// -// The checksum fields are canonicalized to be lowercase. -type ArtifactInputSpec struct { - Algorithm string `json:"algorithm"` - Digest string `json:"digest"` +// GetJustification returns CertifyGoodArtifactIngestCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactIngestCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetAlgorithm returns ArtifactInputSpec.Algorithm, and is useful for accessing the field via an interface. -func (v *ArtifactInputSpec) GetAlgorithm() string { return v.Algorithm } - -// GetDigest returns ArtifactInputSpec.Digest, and is useful for accessing the field via an interface. -func (v *ArtifactInputSpec) GetDigest() string { return v.Digest } - -// ArtifactSpec allows filtering the list of artifacts to return in a query. -// -// The checksum fields are canonicalized to be lowercase. -type ArtifactSpec struct { - Id *string `json:"id"` - Algorithm *string `json:"algorithm"` - Digest *string `json:"digest"` +// GetSubject returns CertifyGoodArtifactIngestCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetId returns ArtifactSpec.Id, and is useful for accessing the field via an interface. -func (v *ArtifactSpec) GetId() *string { return v.Id } - -// GetAlgorithm returns ArtifactSpec.Algorithm, and is useful for accessing the field via an interface. -func (v *ArtifactSpec) GetAlgorithm() *string { return v.Algorithm } - -// GetDigest returns ArtifactSpec.Digest, and is useful for accessing the field via an interface. -func (v *ArtifactSpec) GetDigest() *string { return v.Digest } +// GetOrigin returns CertifyGoodArtifactIngestCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } -// ArtifactsArtifactsArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type ArtifactsArtifactsArtifact struct { - AllArtifactTree `json:"-"` +// GetCollector returns CertifyGoodArtifactIngestCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactIngestCertifyGood) GetCollector() string { + return v.AllCertifyGood.Collector } -// GetId returns ArtifactsArtifactsArtifact.Id, and is useful for accessing the field via an interface. -func (v *ArtifactsArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } - -// GetAlgorithm returns ArtifactsArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *ArtifactsArtifactsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } - -// GetDigest returns ArtifactsArtifactsArtifact.Digest, and is useful for accessing the field via an interface. -func (v *ArtifactsArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - -func (v *ArtifactsArtifactsArtifact) UnmarshalJSON(b []byte) error { +func (v *CertifyGoodArtifactIngestCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *ArtifactsArtifactsArtifact + *CertifyGoodArtifactIngestCertifyGood graphql.NoUnmarshalJSON } - firstPass.ArtifactsArtifactsArtifact = v + firstPass.CertifyGoodArtifactIngestCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6105,22 +6139,26 @@ func (v *ArtifactsArtifactsArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalArtifactsArtifactsArtifact struct { +type __premarshalCertifyGoodArtifactIngestCertifyGood struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Justification string `json:"justification"` - Digest string `json:"digest"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *ArtifactsArtifactsArtifact) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodArtifactIngestCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6128,97 +6166,93 @@ func (v *ArtifactsArtifactsArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *ArtifactsArtifactsArtifact) __premarshalJSON() (*__premarshalArtifactsArtifactsArtifact, error) { - var retval __premarshalArtifactsArtifactsArtifact - - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil -} - -// ArtifactsResponse is returned by Artifacts on success. -type ArtifactsResponse struct { - // Returns all artifacts matching a filter. - Artifacts []ArtifactsArtifactsArtifact `json:"artifacts"` -} +func (v *CertifyGoodArtifactIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodArtifactIngestCertifyGood, error) { + var retval __premarshalCertifyGoodArtifactIngestCertifyGood -// GetArtifacts returns ArtifactsResponse.Artifacts, and is useful for accessing the field via an interface. -func (v *ArtifactsResponse) GetArtifacts() []ArtifactsArtifactsArtifact { return v.Artifacts } + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification + { -// BuilderInputSpec specifies a builder for mutations. -type BuilderInputSpec struct { - Uri string `json:"uri"` + dst := &retval.Subject + src := v.AllCertifyGood.Subject + var err error + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyGoodArtifactIngestCertifyGood.AllCertifyGood.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector + return &retval, nil } -// GetUri returns BuilderInputSpec.Uri, and is useful for accessing the field via an interface. -func (v *BuilderInputSpec) GetUri() string { return v.Uri } - -// CVEInputSpec specifies a CVE vulnerability for mutations. -type CVEInputSpec struct { - Year int `json:"year"` - CveId string `json:"cveId"` +// CertifyGoodArtifactResponse is returned by CertifyGoodArtifact on success. +type CertifyGoodArtifactResponse struct { + // Adds a certification that a package, source or artifact is considered good. + IngestCertifyGood CertifyGoodArtifactIngestCertifyGood `json:"ingestCertifyGood"` } -// GetYear returns CVEInputSpec.Year, and is useful for accessing the field via an interface. -func (v *CVEInputSpec) GetYear() int { return v.Year } - -// GetCveId returns CVEInputSpec.CveId, and is useful for accessing the field via an interface. -func (v *CVEInputSpec) GetCveId() string { return v.CveId } - -// CVESpec allows filtering the list of advisories to return in a query. -type CVESpec struct { - Id *string `json:"id"` - Year *int `json:"year"` - CveId *string `json:"cveId"` +// GetIngestCertifyGood returns CertifyGoodArtifactResponse.IngestCertifyGood, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactResponse) GetIngestCertifyGood() CertifyGoodArtifactIngestCertifyGood { + return v.IngestCertifyGood } -// GetId returns CVESpec.Id, and is useful for accessing the field via an interface. -func (v *CVESpec) GetId() *string { return v.Id } - -// GetYear returns CVESpec.Year, and is useful for accessing the field via an interface. -func (v *CVESpec) GetYear() *int { return v.Year } - -// GetCveId returns CVESpec.CveId, and is useful for accessing the field via an interface. -func (v *CVESpec) GetCveId() *string { return v.CveId } - -// CVEsCveCVE includes the requested fields of the GraphQL type CVE. +// CertifyGoodArtifactsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// This node can be referred to by other parts of GUAC. -type CVEsCveCVE struct { - AllCveTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type CertifyGoodArtifactsIngestCertifyGoodsCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns CVEsCveCVE.Id, and is useful for accessing the field via an interface. -func (v *CVEsCveCVE) GetId() string { return v.AllCveTree.Id } - -// GetYear returns CVEsCveCVE.Year, and is useful for accessing the field via an interface. -func (v *CVEsCveCVE) GetYear() int { return v.AllCveTree.Year } +// GetId returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetId() string { + return v.AllCertifyGood.Id +} -// GetCveId returns CVEsCveCVE.CveId, and is useful for accessing the field via an interface. -func (v *CVEsCveCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetJustification returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification +} -func (v *CVEsCveCVE) UnmarshalJSON(b []byte) error { +// GetSubject returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject +} + +// GetOrigin returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetOrigin() string { + return v.AllCertifyGood.Origin +} + +// GetCollector returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetCollector() string { + return v.AllCertifyGood.Collector +} + +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CVEsCveCVE + *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood graphql.NoUnmarshalJSON } - firstPass.CVEsCveCVE = v + firstPass.CertifyGoodArtifactsIngestCertifyGoodsCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6226,22 +6260,26 @@ func (v *CVEsCveCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalCVEsCveCVE struct { +type __premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood struct { Id string `json:"id"` - Year int `json:"year"` + Justification string `json:"justification"` + + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` - CveId string `json:"cveId"` + Collector string `json:"collector"` } -func (v *CVEsCveCVE) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6249,29 +6287,60 @@ func (v *CVEsCveCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CVEsCveCVE) __premarshalJSON() (*__premarshalCVEsCveCVE, error) { - var retval __premarshalCVEsCveCVE +func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood, error) { + var retval __premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood + + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification + { - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + dst := &retval.Subject + src := v.AllCertifyGood.Subject + var err error + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CVEsResponse is returned by CVEs on success. -type CVEsResponse struct { - // Returns all CVEs matching a filter. - Cve []CVEsCveCVE `json:"cve"` +// CertifyGoodArtifactsResponse is returned by CertifyGoodArtifacts on success. +type CertifyGoodArtifactsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered good. + IngestCertifyGoods []CertifyGoodArtifactsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` +} + +// GetIngestCertifyGoods returns CertifyGoodArtifactsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. +func (v *CertifyGoodArtifactsResponse) GetIngestCertifyGoods() []CertifyGoodArtifactsIngestCertifyGoodsCertifyGood { + return v.IngestCertifyGoods +} + +// CertifyGoodInputSpec represents the mutation input to ingest a CertifyGood evidence. +type CertifyGoodInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetCve returns CVEsResponse.Cve, and is useful for accessing the field via an interface. -func (v *CVEsResponse) GetCve() []CVEsCveCVE { return v.Cve } +// GetJustification returns CertifyGoodInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodInputSpec) GetJustification() string { return v.Justification } -// CertifyBadArtifactIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// GetOrigin returns CertifyGoodInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns CertifyGoodInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodInputSpec) GetCollector() string { return v.Collector } + +// CertifyGoodPkgIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector @@ -6281,40 +6350,40 @@ func (v *CVEsResponse) GetCve() []CVEsCveCVE { return v.Cve } // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyBadArtifactIngestCertifyBad struct { - AllCertifyBad `json:"-"` +type CertifyGoodPkgIngestCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns CertifyBadArtifactIngestCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns CertifyGoodPkgIngestCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetJustification returns CertifyBadArtifactIngestCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactIngestCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetJustification returns CertifyGoodPkgIngestCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgIngestCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetSubject returns CertifyBadArtifactIngestCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSubject returns CertifyGoodPkgIngestCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetOrigin returns CertifyBadArtifactIngestCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetOrigin returns CertifyGoodPkgIngestCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } -// GetCollector returns CertifyBadArtifactIngestCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetCollector returns CertifyGoodPkgIngestCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgIngestCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } -func (v *CertifyBadArtifactIngestCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyGoodPkgIngestCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadArtifactIngestCertifyBad + *CertifyGoodPkgIngestCertifyGood graphql.NoUnmarshalJSON } - firstPass.CertifyBadArtifactIngestCertifyBad = v + firstPass.CertifyGoodPkgIngestCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6322,14 +6391,14 @@ func (v *CertifyBadArtifactIngestCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalCertifyBadArtifactIngestCertifyBad struct { +type __premarshalCertifyGoodPkgIngestCertifyGood struct { Id string `json:"id"` Justification string `json:"justification"` @@ -6341,7 +6410,7 @@ type __premarshalCertifyBadArtifactIngestCertifyBad struct { Collector string `json:"collector"` } -func (v *CertifyBadArtifactIngestCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodPkgIngestCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6349,44 +6418,44 @@ func (v *CertifyBadArtifactIngestCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyBadArtifactIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadArtifactIngestCertifyBad, error) { - var retval __premarshalCertifyBadArtifactIngestCertifyBad +func (v *CertifyGoodPkgIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodPkgIngestCertifyGood, error) { + var retval __premarshalCertifyGoodPkgIngestCertifyGood - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllCertifyGood.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyBadArtifactIngestCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal CertifyGoodPkgIngestCertifyGood.AllCertifyGood.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CertifyBadArtifactResponse is returned by CertifyBadArtifact on success. -type CertifyBadArtifactResponse struct { - // Adds a certification that a package, source or artifact is considered bad. - IngestCertifyBad CertifyBadArtifactIngestCertifyBad `json:"ingestCertifyBad"` +// CertifyGoodPkgResponse is returned by CertifyGoodPkg on success. +type CertifyGoodPkgResponse struct { + // Adds a certification that a package, source or artifact is considered good. + IngestCertifyGood CertifyGoodPkgIngestCertifyGood `json:"ingestCertifyGood"` } -// GetIngestCertifyBad returns CertifyBadArtifactResponse.IngestCertifyBad, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactResponse) GetIngestCertifyBad() CertifyBadArtifactIngestCertifyBad { - return v.IngestCertifyBad +// GetIngestCertifyGood returns CertifyGoodPkgResponse.IngestCertifyGood, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgResponse) GetIngestCertifyGood() CertifyGoodPkgIngestCertifyGood { + return v.IngestCertifyGood } -// CertifyBadArtifactsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyGoodPkgsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector @@ -6396,44 +6465,44 @@ func (v *CertifyBadArtifactResponse) GetIngestCertifyBad() CertifyBadArtifactIng // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyBadArtifactsIngestCertifyBadsCertifyBad struct { - AllCertifyBad `json:"-"` +type CertifyGoodPkgsIngestCertifyGoodsCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetJustification returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetJustification returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetSubject returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSubject returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetOrigin returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetOrigin() string { - return v.AllCertifyBad.Origin +// GetOrigin returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetOrigin() string { + return v.AllCertifyGood.Origin } -// GetCollector returns CertifyBadArtifactsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) GetCollector() string { - return v.AllCertifyBad.Collector +// GetCollector returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetCollector() string { + return v.AllCertifyGood.Collector } -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadArtifactsIngestCertifyBadsCertifyBad + *CertifyGoodPkgsIngestCertifyGoodsCertifyGood graphql.NoUnmarshalJSON } - firstPass.CertifyBadArtifactsIngestCertifyBadsCertifyBad = v + firstPass.CertifyGoodPkgsIngestCertifyGoodsCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6441,14 +6510,14 @@ func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad struct { +type __premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood struct { Id string `json:"id"` Justification string `json:"justification"` @@ -6460,7 +6529,7 @@ type __premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad struct { Collector string `json:"collector"` } -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6468,61 +6537,44 @@ func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, return json.Marshal(premarshaled) } -func (v *CertifyBadArtifactsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad, error) { - var retval __premarshalCertifyBadArtifactsIngestCertifyBadsCertifyBad +func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood, error) { + var retval __premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllCertifyGood.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyBadArtifactsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal CertifyGoodPkgsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CertifyBadArtifactsResponse is returned by CertifyBadArtifacts on success. -type CertifyBadArtifactsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered bad. - IngestCertifyBads []CertifyBadArtifactsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` -} - -// GetIngestCertifyBads returns CertifyBadArtifactsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. -func (v *CertifyBadArtifactsResponse) GetIngestCertifyBads() []CertifyBadArtifactsIngestCertifyBadsCertifyBad { - return v.IngestCertifyBads +// CertifyGoodPkgsResponse is returned by CertifyGoodPkgs on success. +type CertifyGoodPkgsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered good. + IngestCertifyGoods []CertifyGoodPkgsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` } -// CertifyBadInputSpec represents the mutation input to ingest a CertifyBad -// evidence. -type CertifyBadInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// GetIngestCertifyGoods returns CertifyGoodPkgsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. +func (v *CertifyGoodPkgsResponse) GetIngestCertifyGoods() []CertifyGoodPkgsIngestCertifyGoodsCertifyGood { + return v.IngestCertifyGoods } -// GetJustification returns CertifyBadInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadInputSpec) GetJustification() string { return v.Justification } - -// GetOrigin returns CertifyBadInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns CertifyBadInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadInputSpec) GetCollector() string { return v.Collector } - -// CertifyBadPkgIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyGoodSrcIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector @@ -6532,40 +6584,40 @@ func (v *CertifyBadInputSpec) GetCollector() string { return v.Collector } // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyBadPkgIngestCertifyBad struct { - AllCertifyBad `json:"-"` +type CertifyGoodSrcIngestCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns CertifyBadPkgIngestCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns CertifyGoodSrcIngestCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetJustification returns CertifyBadPkgIngestCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgIngestCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetJustification returns CertifyGoodSrcIngestCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcIngestCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetSubject returns CertifyBadPkgIngestCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSubject returns CertifyGoodSrcIngestCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetOrigin returns CertifyBadPkgIngestCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetOrigin returns CertifyGoodSrcIngestCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } -// GetCollector returns CertifyBadPkgIngestCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetCollector returns CertifyGoodSrcIngestCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcIngestCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } -func (v *CertifyBadPkgIngestCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyGoodSrcIngestCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadPkgIngestCertifyBad + *CertifyGoodSrcIngestCertifyGood graphql.NoUnmarshalJSON } - firstPass.CertifyBadPkgIngestCertifyBad = v + firstPass.CertifyGoodSrcIngestCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6573,14 +6625,14 @@ func (v *CertifyBadPkgIngestCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalCertifyBadPkgIngestCertifyBad struct { +type __premarshalCertifyGoodSrcIngestCertifyGood struct { Id string `json:"id"` Justification string `json:"justification"` @@ -6592,7 +6644,7 @@ type __premarshalCertifyBadPkgIngestCertifyBad struct { Collector string `json:"collector"` } -func (v *CertifyBadPkgIngestCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodSrcIngestCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6600,44 +6652,44 @@ func (v *CertifyBadPkgIngestCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyBadPkgIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadPkgIngestCertifyBad, error) { - var retval __premarshalCertifyBadPkgIngestCertifyBad +func (v *CertifyGoodSrcIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodSrcIngestCertifyGood, error) { + var retval __premarshalCertifyGoodSrcIngestCertifyGood - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllCertifyGood.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyBadPkgIngestCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal CertifyGoodSrcIngestCertifyGood.AllCertifyGood.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CertifyBadPkgResponse is returned by CertifyBadPkg on success. -type CertifyBadPkgResponse struct { - // Adds a certification that a package, source or artifact is considered bad. - IngestCertifyBad CertifyBadPkgIngestCertifyBad `json:"ingestCertifyBad"` +// CertifyGoodSrcResponse is returned by CertifyGoodSrc on success. +type CertifyGoodSrcResponse struct { + // Adds a certification that a package, source or artifact is considered good. + IngestCertifyGood CertifyGoodSrcIngestCertifyGood `json:"ingestCertifyGood"` } -// GetIngestCertifyBad returns CertifyBadPkgResponse.IngestCertifyBad, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgResponse) GetIngestCertifyBad() CertifyBadPkgIngestCertifyBad { - return v.IngestCertifyBad +// GetIngestCertifyGood returns CertifyGoodSrcResponse.IngestCertifyGood, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcResponse) GetIngestCertifyGood() CertifyGoodSrcIngestCertifyGood { + return v.IngestCertifyGood } -// CertifyBadPkgsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyGoodSrcsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector @@ -6647,42 +6699,44 @@ func (v *CertifyBadPkgResponse) GetIngestCertifyBad() CertifyBadPkgIngestCertify // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyBadPkgsIngestCertifyBadsCertifyBad struct { - AllCertifyBad `json:"-"` +type CertifyGoodSrcsIngestCertifyGoodsCertifyGood struct { + AllCertifyGood `json:"-"` } -// GetId returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetJustification returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetJustification returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetSubject returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSubject returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetOrigin returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetOrigin returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetOrigin() string { + return v.AllCertifyGood.Origin +} -// GetCollector returns CertifyBadPkgsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) GetCollector() string { - return v.AllCertifyBad.Collector +// GetCollector returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetCollector() string { + return v.AllCertifyGood.Collector } -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadPkgsIngestCertifyBadsCertifyBad + *CertifyGoodSrcsIngestCertifyGoodsCertifyGood graphql.NoUnmarshalJSON } - firstPass.CertifyBadPkgsIngestCertifyBadsCertifyBad = v + firstPass.CertifyGoodSrcsIngestCertifyGoodsCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6690,14 +6744,14 @@ func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) erro } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad struct { +type __premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood struct { Id string `json:"id"` Justification string `json:"justification"` @@ -6709,7 +6763,7 @@ type __premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad struct { Collector string `json:"collector"` } -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6717,119 +6771,74 @@ func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error return json.Marshal(premarshaled) } -func (v *CertifyBadPkgsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad, error) { - var retval __premarshalCertifyBadPkgsIngestCertifyBadsCertifyBad +func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood, error) { + var retval __premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllCertifyGood.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyBadPkgsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal CertifyGoodSrcsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CertifyBadPkgsResponse is returned by CertifyBadPkgs on success. -type CertifyBadPkgsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered bad. - IngestCertifyBads []CertifyBadPkgsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` -} - -// GetIngestCertifyBads returns CertifyBadPkgsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. -func (v *CertifyBadPkgsResponse) GetIngestCertifyBads() []CertifyBadPkgsIngestCertifyBadsCertifyBad { - return v.IngestCertifyBads +// CertifyGoodSrcsResponse is returned by CertifyGoodSrcs on success. +type CertifyGoodSrcsResponse struct { + // Adds bulk certifications that a package, source or artifact is considered good. + IngestCertifyGoods []CertifyGoodSrcsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` } -// CertifyBadSpec allows filtering the list of CertifyBad evidence to return in a -// query. -// -// If a package is specified in the subject filter, then it must be specified up -// to PackageName or PackageVersion. That is, user must specify package name, or -// name and one of version, qualifiers, or subpath. -// -// If a source is specified in the subject filter, then it must specify a name, -// and optionally a tag and a commit. -type CertifyBadSpec struct { - Id *string `json:"id"` - Subject *PackageSourceOrArtifactSpec `json:"subject"` - Justification *string `json:"justification"` - Origin *string `json:"origin"` - Collector *string `json:"collector"` +// GetIngestCertifyGoods returns CertifyGoodSrcsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. +func (v *CertifyGoodSrcsResponse) GetIngestCertifyGoods() []CertifyGoodSrcsIngestCertifyGoodsCertifyGood { + return v.IngestCertifyGoods } -// GetId returns CertifyBadSpec.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadSpec) GetId() *string { return v.Id } - -// GetSubject returns CertifyBadSpec.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadSpec) GetSubject() *PackageSourceOrArtifactSpec { return v.Subject } - -// GetJustification returns CertifyBadSpec.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadSpec) GetJustification() *string { return v.Justification } - -// GetOrigin returns CertifyBadSpec.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadSpec) GetOrigin() *string { return v.Origin } - -// GetCollector returns CertifyBadSpec.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadSpec) GetCollector() *string { return v.Collector } - -// CertifyBadSrcIngestCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyScorecardIngestScorecardCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyBadSrcIngestCertifyBad struct { - AllCertifyBad `json:"-"` +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type CertifyScorecardIngestScorecardCertifyScorecard struct { + AllCertifyScorecard `json:"-"` } -// GetId returns CertifyBadSrcIngestCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcIngestCertifyBad) GetId() string { return v.AllCertifyBad.Id } - -// GetJustification returns CertifyBadSrcIngestCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcIngestCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetId returns CertifyScorecardIngestScorecardCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetId() string { + return v.AllCertifyScorecard.Id } -// GetSubject returns CertifyBadSrcIngestCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcIngestCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSource returns CertifyScorecardIngestScorecardCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source } -// GetOrigin returns CertifyBadSrcIngestCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcIngestCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } - -// GetCollector returns CertifyBadSrcIngestCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcIngestCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetScorecard returns CertifyScorecardIngestScorecardCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard +} -func (v *CertifyBadSrcIngestCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyScorecardIngestScorecardCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadSrcIngestCertifyBad + *CertifyScorecardIngestScorecardCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.CertifyBadSrcIngestCertifyBad = v + firstPass.CertifyScorecardIngestScorecardCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6837,26 +6846,22 @@ func (v *CertifyBadSrcIngestCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyScorecard) if err != nil { return err } return nil } -type __premarshalCertifyBadSrcIngestCertifyBad struct { +type __premarshalCertifyScorecardIngestScorecardCertifyScorecard struct { Id string `json:"id"` - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` + Source AllCertifyScorecardSource `json:"source"` - Collector string `json:"collector"` + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *CertifyBadSrcIngestCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyScorecardIngestScorecardCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6864,89 +6869,61 @@ func (v *CertifyBadSrcIngestCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyBadSrcIngestCertifyBad) __premarshalJSON() (*__premarshalCertifyBadSrcIngestCertifyBad, error) { - var retval __premarshalCertifyBadSrcIngestCertifyBad - - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification - { +func (v *CertifyScorecardIngestScorecardCertifyScorecard) __premarshalJSON() (*__premarshalCertifyScorecardIngestScorecardCertifyScorecard, error) { + var retval __premarshalCertifyScorecardIngestScorecardCertifyScorecard - dst := &retval.Subject - src := v.AllCertifyBad.Subject - var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyBadSrcIngestCertifyBad.AllCertifyBad.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// CertifyBadSrcResponse is returned by CertifyBadSrc on success. -type CertifyBadSrcResponse struct { - // Adds a certification that a package, source or artifact is considered bad. - IngestCertifyBad CertifyBadSrcIngestCertifyBad `json:"ingestCertifyBad"` +// CertifyScorecardResponse is returned by CertifyScorecard on success. +type CertifyScorecardResponse struct { + // Adds a certification that a source repository has a Scorecard. + IngestScorecard CertifyScorecardIngestScorecardCertifyScorecard `json:"ingestScorecard"` } -// GetIngestCertifyBad returns CertifyBadSrcResponse.IngestCertifyBad, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcResponse) GetIngestCertifyBad() CertifyBadSrcIngestCertifyBad { - return v.IngestCertifyBad +// GetIngestScorecard returns CertifyScorecardResponse.IngestScorecard, and is useful for accessing the field via an interface. +func (v *CertifyScorecardResponse) GetIngestScorecard() CertifyScorecardIngestScorecardCertifyScorecard { + return v.IngestScorecard } -// CertifyBadSrcsIngestCertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyScorecardsIngestScorecardsCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyBadSrcsIngestCertifyBadsCertifyBad struct { - AllCertifyBad `json:"-"` +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type CertifyScorecardsIngestScorecardsCertifyScorecard struct { + AllCertifyScorecard `json:"-"` } -// GetId returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } - -// GetJustification returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification +// GetId returns CertifyScorecardsIngestScorecardsCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetId() string { + return v.AllCertifyScorecard.Id } -// GetSubject returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetSource returns CertifyScorecardsIngestScorecardsCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source } -// GetOrigin returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } - -// GetCollector returns CertifyBadSrcsIngestCertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) GetCollector() string { - return v.AllCertifyBad.Collector +// GetScorecard returns CertifyScorecardsIngestScorecardsCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard } -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadSrcsIngestCertifyBadsCertifyBad + *CertifyScorecardsIngestScorecardsCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.CertifyBadSrcsIngestCertifyBadsCertifyBad = v + firstPass.CertifyScorecardsIngestScorecardsCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -6954,26 +6931,22 @@ func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) UnmarshalJSON(b []byte) erro } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyScorecard) if err != nil { return err } return nil } -type __premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad struct { +type __premarshalCertifyScorecardsIngestScorecardsCertifyScorecard struct { Id string `json:"id"` - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` + Source AllCertifyScorecardSource `json:"source"` - Collector string `json:"collector"` + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -6981,85 +6954,96 @@ func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) MarshalJSON() ([]byte, error return json.Marshal(premarshaled) } -func (v *CertifyBadSrcsIngestCertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad, error) { - var retval __premarshalCertifyBadSrcsIngestCertifyBadsCertifyBad - - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification - { +func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) __premarshalJSON() (*__premarshalCertifyScorecardsIngestScorecardsCertifyScorecard, error) { + var retval __premarshalCertifyScorecardsIngestScorecardsCertifyScorecard - dst := &retval.Subject - src := v.AllCertifyBad.Subject - var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyBadSrcsIngestCertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// CertifyBadSrcsResponse is returned by CertifyBadSrcs on success. -type CertifyBadSrcsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered bad. - IngestCertifyBads []CertifyBadSrcsIngestCertifyBadsCertifyBad `json:"ingestCertifyBads"` +// CertifyScorecardsResponse is returned by CertifyScorecards on success. +type CertifyScorecardsResponse struct { + // Adds bulk certifications that a source repository has a Scorecard. + IngestScorecards []CertifyScorecardsIngestScorecardsCertifyScorecard `json:"ingestScorecards"` } -// GetIngestCertifyBads returns CertifyBadSrcsResponse.IngestCertifyBads, and is useful for accessing the field via an interface. -func (v *CertifyBadSrcsResponse) GetIngestCertifyBads() []CertifyBadSrcsIngestCertifyBadsCertifyBad { - return v.IngestCertifyBads +// GetIngestScorecards returns CertifyScorecardsResponse.IngestScorecards, and is useful for accessing the field via an interface. +func (v *CertifyScorecardsResponse) GetIngestScorecards() []CertifyScorecardsIngestScorecardsCertifyScorecard { + return v.IngestScorecards } -// CertifyBadsCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// CertifyVexArtifactIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyBadsCertifyBad struct { - AllCertifyBad `json:"-"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type CertifyVexArtifactIngestVEXStatementCertifyVEXStatement struct { + AllCertifyVEXStatement `json:"-"` } -// GetId returns CertifyBadsCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *CertifyBadsCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetId() string { + return v.AllCertifyVEXStatement.Id +} -// GetJustification returns CertifyBadsCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *CertifyBadsCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } +// GetSubject returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject +} -// GetSubject returns CertifyBadsCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *CertifyBadsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetVulnerability returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability } -// GetOrigin returns CertifyBadsCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *CertifyBadsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetStatus returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { + return v.AllCertifyVEXStatement.Status +} -// GetCollector returns CertifyBadsCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *CertifyBadsCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetVexJustification returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification +} -func (v *CertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { +// GetStatement returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement +} + +// GetStatusNotes returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes +} + +// GetKnownSince returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince +} + +// GetOrigin returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetOrigin() string { + return v.AllCertifyVEXStatement.Origin +} + +// GetCollector returns CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector +} + +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyBadsCertifyBad + *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement graphql.NoUnmarshalJSON } - firstPass.CertifyBadsCertifyBad = v + firstPass.CertifyVexArtifactIngestVEXStatementCertifyVEXStatement = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7067,26 +7051,36 @@ func (v *CertifyBadsCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllCertifyVEXStatement) if err != nil { return err } return nil } -type __premarshalCertifyBadsCertifyBad struct { +type __premarshalCertifyVexArtifactIngestVEXStatementCertifyVEXStatement struct { Id string `json:"id"` - Justification string `json:"justification"` - Subject json.RawMessage `json:"subject"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` + + Status VexStatus `json:"status"` + + VexJustification VexJustification `json:"vexJustification"` + + Statement string `json:"statement"` + + StatusNotes string `json:"statusNotes"` + + KnownSince time.Time `json:"knownSince"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *CertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7094,102 +7088,151 @@ func (v *CertifyBadsCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyBadsCertifyBad) __premarshalJSON() (*__premarshalCertifyBadsCertifyBad, error) { - var retval __premarshalCertifyBadsCertifyBad +func (v *CertifyVexArtifactIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalCertifyVexArtifactIngestVEXStatementCertifyVEXStatement, error) { + var retval __premarshalCertifyVexArtifactIngestVEXStatementCertifyVEXStatement - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllCertifyVEXStatement.Id { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllCertifyVEXStatement.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyBadsCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal CertifyVexArtifactIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector return &retval, nil } -// CertifyBadsResponse is returned by CertifyBads on success. -type CertifyBadsResponse struct { - // Returns all CertifyBad attestations matching a filter. - CertifyBad []CertifyBadsCertifyBad `json:"CertifyBad"` +// CertifyVexArtifactResponse is returned by CertifyVexArtifact on success. +type CertifyVexArtifactResponse struct { + // Adds a VEX certification for a package. + IngestVEXStatement CertifyVexArtifactIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` } -// GetCertifyBad returns CertifyBadsResponse.CertifyBad, and is useful for accessing the field via an interface. -func (v *CertifyBadsResponse) GetCertifyBad() []CertifyBadsCertifyBad { return v.CertifyBad } +// GetIngestVEXStatement returns CertifyVexArtifactResponse.IngestVEXStatement, and is useful for accessing the field via an interface. +func (v *CertifyVexArtifactResponse) GetIngestVEXStatement() CertifyVexArtifactIngestVEXStatementCertifyVEXStatement { + return v.IngestVEXStatement +} -// CertifyCVEIngestVulnerabilityCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. +// CertifyVexPkgIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// CertifyVuln is an attestation to attach vulnerability information to a package. -// -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type CertifyCVEIngestVulnerabilityCertifyVuln struct { - AllCertifyVuln `json:"-"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type CertifyVexPkgIngestVEXStatementCertifyVEXStatement struct { + AllCertifyVEXStatement `json:"-"` } -// GetId returns CertifyCVEIngestVulnerabilityCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } - -// GetPackage returns CertifyCVEIngestVulnerabilityCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) GetPackage() AllCertifyVulnPackage { - return v.AllCertifyVuln.Package +// GetId returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetId() string { + return v.AllCertifyVEXStatement.Id } -// GetVulnerability returns CertifyCVEIngestVulnerabilityCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability +// GetSubject returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject } -// GetMetadata returns CertifyCVEIngestVulnerabilityCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata +// GetVulnerability returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability } -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) error { +// GetStatus returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { + return v.AllCertifyVEXStatement.Status +} - if string(b) == "null" { - return nil - } +// GetVexJustification returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification +} - var firstPass struct { - *CertifyCVEIngestVulnerabilityCertifyVuln - graphql.NoUnmarshalJSON - } - firstPass.CertifyCVEIngestVulnerabilityCertifyVuln = v +// GetStatement returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement +} - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// GetStatusNotes returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes +} + +// GetKnownSince returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince +} + +// GetOrigin returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetOrigin() string { + return v.AllCertifyVEXStatement.Origin +} + +// GetCollector returns CertifyVexPkgIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector +} + +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *CertifyVexPkgIngestVEXStatementCertifyVEXStatement + graphql.NoUnmarshalJSON + } + firstPass.CertifyVexPkgIngestVEXStatementCertifyVEXStatement = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } err = json.Unmarshal( - b, &v.AllCertifyVuln) + b, &v.AllCertifyVEXStatement) if err != nil { return err } return nil } -type __premarshalCertifyCVEIngestVulnerabilityCertifyVuln struct { +type __premarshalCertifyVexPkgIngestVEXStatementCertifyVEXStatement struct { Id string `json:"id"` - Package AllCertifyVulnPackage `json:"package"` + Subject json.RawMessage `json:"subject"` + + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` + + Status VexStatus `json:"status"` + + VexJustification VexJustification `json:"vexJustification"` - Vulnerability json.RawMessage `json:"vulnerability"` + Statement string `json:"statement"` + + StatusNotes string `json:"statusNotes"` + + KnownSince time.Time `json:"knownSince"` + + Origin string `json:"origin"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Collector string `json:"collector"` } -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7197,78 +7240,85 @@ func (v *CertifyCVEIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) return json.Marshal(premarshaled) } -func (v *CertifyCVEIngestVulnerabilityCertifyVuln) __premarshalJSON() (*__premarshalCertifyCVEIngestVulnerabilityCertifyVuln, error) { - var retval __premarshalCertifyCVEIngestVulnerabilityCertifyVuln +func (v *CertifyVexPkgIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalCertifyVexPkgIngestVEXStatementCertifyVEXStatement, error) { + var retval __premarshalCertifyVexPkgIngestVEXStatementCertifyVEXStatement - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package + retval.Id = v.AllCertifyVEXStatement.Id { - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability + dst := &retval.Subject + src := v.AllCertifyVEXStatement.Subject var err error - *dst, err = __marshalAllCertifyVulnVulnerability( + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyCVEIngestVulnerabilityCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) + "unable to marshal CertifyVexPkgIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) } } - retval.Metadata = v.AllCertifyVuln.Metadata + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector return &retval, nil } -// CertifyCVEResponse is returned by CertifyCVE on success. -type CertifyCVEResponse struct { - // Adds a certification that a package has been scanned for vulnerabilities. - IngestVulnerability CertifyCVEIngestVulnerabilityCertifyVuln `json:"ingestVulnerability"` +// CertifyVexPkgResponse is returned by CertifyVexPkg on success. +type CertifyVexPkgResponse struct { + // Adds a VEX certification for a package. + IngestVEXStatement CertifyVexPkgIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` } -// GetIngestVulnerability returns CertifyCVEResponse.IngestVulnerability, and is useful for accessing the field via an interface. -func (v *CertifyCVEResponse) GetIngestVulnerability() CertifyCVEIngestVulnerabilityCertifyVuln { - return v.IngestVulnerability +// GetIngestVEXStatement returns CertifyVexPkgResponse.IngestVEXStatement, and is useful for accessing the field via an interface. +func (v *CertifyVexPkgResponse) GetIngestVEXStatement() CertifyVexPkgIngestVEXStatementCertifyVEXStatement { + return v.IngestVEXStatement } -// CertifyGHSAIngestVulnerabilityCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. +// CertifyVulnPkgIngestCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. // The GraphQL type's documentation follows. // // CertifyVuln is an attestation to attach vulnerability information to a package. // // This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type CertifyGHSAIngestVulnerabilityCertifyVuln struct { +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type CertifyVulnPkgIngestCertifyVuln struct { AllCertifyVuln `json:"-"` } -// GetId returns CertifyGHSAIngestVulnerabilityCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } +// GetId returns CertifyVulnPkgIngestCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *CertifyVulnPkgIngestCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } -// GetPackage returns CertifyGHSAIngestVulnerabilityCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) GetPackage() AllCertifyVulnPackage { +// GetPackage returns CertifyVulnPkgIngestCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *CertifyVulnPkgIngestCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } -// GetVulnerability returns CertifyGHSAIngestVulnerabilityCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { +// GetVulnerability returns CertifyVulnPkgIngestCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *CertifyVulnPkgIngestCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { return v.AllCertifyVuln.Vulnerability } -// GetMetadata returns CertifyGHSAIngestVulnerabilityCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { +// GetMetadata returns CertifyVulnPkgIngestCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *CertifyVulnPkgIngestCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { return v.AllCertifyVuln.Metadata } -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) error { +func (v *CertifyVulnPkgIngestCertifyVuln) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGHSAIngestVulnerabilityCertifyVuln + *CertifyVulnPkgIngestCertifyVuln graphql.NoUnmarshalJSON } - firstPass.CertifyGHSAIngestVulnerabilityCertifyVuln = v + firstPass.CertifyVulnPkgIngestCertifyVuln = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7283,17 +7333,17 @@ func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) erro return nil } -type __premarshalCertifyGHSAIngestVulnerabilityCertifyVuln struct { +type __premarshalCertifyVulnPkgIngestCertifyVuln struct { Id string `json:"id"` Package AllCertifyVulnPackage `json:"package"` - Vulnerability json.RawMessage `json:"vulnerability"` + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` } -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *CertifyVulnPkgIngestCertifyVuln) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7301,88 +7351,155 @@ func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error return json.Marshal(premarshaled) } -func (v *CertifyGHSAIngestVulnerabilityCertifyVuln) __premarshalJSON() (*__premarshalCertifyGHSAIngestVulnerabilityCertifyVuln, error) { - var retval __premarshalCertifyGHSAIngestVulnerabilityCertifyVuln +func (v *CertifyVulnPkgIngestCertifyVuln) __premarshalJSON() (*__premarshalCertifyVulnPkgIngestCertifyVuln, error) { + var retval __premarshalCertifyVulnPkgIngestCertifyVuln retval.Id = v.AllCertifyVuln.Id retval.Package = v.AllCertifyVuln.Package - { - - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability - var err error - *dst, err = __marshalAllCertifyVulnVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyGHSAIngestVulnerabilityCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) - } - } + retval.Vulnerability = v.AllCertifyVuln.Vulnerability retval.Metadata = v.AllCertifyVuln.Metadata return &retval, nil } -// CertifyGHSAResponse is returned by CertifyGHSA on success. -type CertifyGHSAResponse struct { +// CertifyVulnPkgResponse is returned by CertifyVulnPkg on success. +type CertifyVulnPkgResponse struct { // Adds a certification that a package has been scanned for vulnerabilities. - IngestVulnerability CertifyGHSAIngestVulnerabilityCertifyVuln `json:"ingestVulnerability"` + IngestCertifyVuln CertifyVulnPkgIngestCertifyVuln `json:"ingestCertifyVuln"` } -// GetIngestVulnerability returns CertifyGHSAResponse.IngestVulnerability, and is useful for accessing the field via an interface. -func (v *CertifyGHSAResponse) GetIngestVulnerability() CertifyGHSAIngestVulnerabilityCertifyVuln { - return v.IngestVulnerability +// GetIngestCertifyVuln returns CertifyVulnPkgResponse.IngestCertifyVuln, and is useful for accessing the field via an interface. +func (v *CertifyVulnPkgResponse) GetIngestCertifyVuln() CertifyVulnPkgIngestCertifyVuln { + return v.IngestCertifyVuln } -// CertifyGoodArtifactIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// DependencyType determines the type of the dependency. +type DependencyType string + +const ( + // direct dependency + DependencyTypeDirect DependencyType = "DIRECT" + // indirect dependency + DependencyTypeIndirect DependencyType = "INDIRECT" + // type not known/not specified + DependencyTypeUnknown DependencyType = "UNKNOWN" +) + +// Edge allows filtering path/neighbors output to only contain a subset of all +// possible GUAC links. +// +// Each member of the enum is formed by merging two Node names with _. Each name +// is converted from CamelCase to CAPITALS_WITH_UNDERSCORES. Only valid edges +// (pairs from Node to Node) are included. +// +// The only exception to the above rule is for links out of HasSLSA. The names are +// HAS_SLSA_SUBJECT, HAS_SLSA_BUILT_BY, and HAS_SLSA_MATERIALS. This is because +// ARTIFACT_HAS_SLSA is only from subject Artifact to HasSLSA. +type Edge string + +const ( + EdgeArtifactCertifyBad Edge = "ARTIFACT_CERTIFY_BAD" + EdgeArtifactCertifyGood Edge = "ARTIFACT_CERTIFY_GOOD" + EdgeArtifactCertifyVexStatement Edge = "ARTIFACT_CERTIFY_VEX_STATEMENT" + EdgeArtifactHashEqual Edge = "ARTIFACT_HASH_EQUAL" + EdgeArtifactHasSbom Edge = "ARTIFACT_HAS_SBOM" + EdgeArtifactHasSlsa Edge = "ARTIFACT_HAS_SLSA" + EdgeArtifactIsOccurrence Edge = "ARTIFACT_IS_OCCURRENCE" + EdgeArtifactHasMetadata Edge = "ARTIFACT_HAS_METADATA" + EdgeArtifactPointOfContact Edge = "ARTIFACT_POINT_OF_CONTACT" + EdgeBuilderHasSlsa Edge = "BUILDER_HAS_SLSA" + EdgeVulnerabilityCertifyVexStatement Edge = "VULNERABILITY_CERTIFY_VEX_STATEMENT" + EdgeVulnerabilityCertifyVuln Edge = "VULNERABILITY_CERTIFY_VULN" + EdgeVulnerabilityVulnEqual Edge = "VULNERABILITY_VULN_EQUAL" + EdgePackageCertifyBad Edge = "PACKAGE_CERTIFY_BAD" + EdgePackageCertifyGood Edge = "PACKAGE_CERTIFY_GOOD" + EdgePackageCertifyVexStatement Edge = "PACKAGE_CERTIFY_VEX_STATEMENT" + EdgePackageCertifyVuln Edge = "PACKAGE_CERTIFY_VULN" + EdgePackageHasSbom Edge = "PACKAGE_HAS_SBOM" + EdgePackageHasSourceAt Edge = "PACKAGE_HAS_SOURCE_AT" + EdgePackageIsDependency Edge = "PACKAGE_IS_DEPENDENCY" + EdgePackageIsOccurrence Edge = "PACKAGE_IS_OCCURRENCE" + EdgePackagePkgEqual Edge = "PACKAGE_PKG_EQUAL" + EdgePackageHasMetadata Edge = "PACKAGE_HAS_METADATA" + EdgePackagePointOfContact Edge = "PACKAGE_POINT_OF_CONTACT" + EdgeSourceCertifyBad Edge = "SOURCE_CERTIFY_BAD" + EdgeSourceCertifyGood Edge = "SOURCE_CERTIFY_GOOD" + EdgeSourceCertifyScorecard Edge = "SOURCE_CERTIFY_SCORECARD" + EdgeSourceHasSourceAt Edge = "SOURCE_HAS_SOURCE_AT" + EdgeSourceIsOccurrence Edge = "SOURCE_IS_OCCURRENCE" + EdgeSourceHasMetadata Edge = "SOURCE_HAS_METADATA" + EdgeSourcePointOfContact Edge = "SOURCE_POINT_OF_CONTACT" + EdgeCertifyBadArtifact Edge = "CERTIFY_BAD_ARTIFACT" + EdgeCertifyBadPackage Edge = "CERTIFY_BAD_PACKAGE" + EdgeCertifyBadSource Edge = "CERTIFY_BAD_SOURCE" + EdgeCertifyGoodArtifact Edge = "CERTIFY_GOOD_ARTIFACT" + EdgeCertifyGoodPackage Edge = "CERTIFY_GOOD_PACKAGE" + EdgeCertifyGoodSource Edge = "CERTIFY_GOOD_SOURCE" + EdgeCertifyScorecardSource Edge = "CERTIFY_SCORECARD_SOURCE" + EdgeCertifyVexStatementArtifact Edge = "CERTIFY_VEX_STATEMENT_ARTIFACT" + EdgeCertifyVexStatementVulnerability Edge = "CERTIFY_VEX_STATEMENT_VULNERABILITY" + EdgeCertifyVexStatementPackage Edge = "CERTIFY_VEX_STATEMENT_PACKAGE" + EdgeCertifyVulnVulnerability Edge = "CERTIFY_VULN_VULNERABILITY" + EdgeCertifyVulnPackage Edge = "CERTIFY_VULN_PACKAGE" + EdgeHashEqualArtifact Edge = "HASH_EQUAL_ARTIFACT" + EdgeHasSbomArtifact Edge = "HAS_SBOM_ARTIFACT" + EdgeHasSbomPackage Edge = "HAS_SBOM_PACKAGE" + EdgeHasSlsaBuiltBy Edge = "HAS_SLSA_BUILT_BY" + EdgeHasSlsaMaterials Edge = "HAS_SLSA_MATERIALS" + EdgeHasSlsaSubject Edge = "HAS_SLSA_SUBJECT" + EdgeHasSourceAtPackage Edge = "HAS_SOURCE_AT_PACKAGE" + EdgeHasSourceAtSource Edge = "HAS_SOURCE_AT_SOURCE" + EdgeIsDependencyPackage Edge = "IS_DEPENDENCY_PACKAGE" + EdgeIsOccurrenceArtifact Edge = "IS_OCCURRENCE_ARTIFACT" + EdgeIsOccurrencePackage Edge = "IS_OCCURRENCE_PACKAGE" + EdgeIsOccurrenceSource Edge = "IS_OCCURRENCE_SOURCE" + EdgeVulnEqualVulnerability Edge = "VULN_EQUAL_VULNERABILITY" + EdgePkgEqualPackage Edge = "PKG_EQUAL_PACKAGE" + EdgeHasMetadataPackage Edge = "HAS_METADATA_PACKAGE" + EdgeHasMetadataArtifact Edge = "HAS_METADATA_ARTIFACT" + EdgeHasMetadataSource Edge = "HAS_METADATA_SOURCE" + EdgePointOfContactPackage Edge = "POINT_OF_CONTACT_PACKAGE" + EdgePointOfContactArtifact Edge = "POINT_OF_CONTACT_ARTIFACT" + EdgePointOfContactSource Edge = "POINT_OF_CONTACT_SOURCE" +) + +// FindSoftwareFindSoftwareArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// Artifact represents an artifact identified by a checksum hash. // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyGoodArtifactIngestCertifyGood struct { - AllCertifyGood `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type FindSoftwareFindSoftwareArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` } -// GetId returns CertifyGoodArtifactIngestCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns CertifyGoodArtifactIngestCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactIngestCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification -} +// GetTypename returns FindSoftwareFindSoftwareArtifact.Typename, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareArtifact) GetTypename() *string { return v.Typename } -// GetSubject returns CertifyGoodArtifactIngestCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetId returns FindSoftwareFindSoftwareArtifact.Id, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetOrigin returns CertifyGoodArtifactIngestCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } +// GetAlgorithm returns FindSoftwareFindSoftwareArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetCollector returns CertifyGoodArtifactIngestCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactIngestCertifyGood) GetCollector() string { - return v.AllCertifyGood.Collector -} +// GetDigest returns FindSoftwareFindSoftwareArtifact.Digest, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *CertifyGoodArtifactIngestCertifyGood) UnmarshalJSON(b []byte) error { +func (v *FindSoftwareFindSoftwareArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodArtifactIngestCertifyGood + *FindSoftwareFindSoftwareArtifact graphql.NoUnmarshalJSON } - firstPass.CertifyGoodArtifactIngestCertifyGood = v + firstPass.FindSoftwareFindSoftwareArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7390,26 +7507,24 @@ func (v *CertifyGoodArtifactIngestCertifyGood) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalCertifyGoodArtifactIngestCertifyGood struct { - Id string `json:"id"` - - Justification string `json:"justification"` +type __premarshalFindSoftwareFindSoftwareArtifact struct { + Typename *string `json:"__typename"` - Subject json.RawMessage `json:"subject"` + Id string `json:"id"` - Origin string `json:"origin"` + Algorithm string `json:"algorithm"` - Collector string `json:"collector"` + Digest string `json:"digest"` } -func (v *CertifyGoodArtifactIngestCertifyGood) MarshalJSON() ([]byte, error) { +func (v *FindSoftwareFindSoftwareArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7417,93 +7532,63 @@ func (v *CertifyGoodArtifactIngestCertifyGood) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyGoodArtifactIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodArtifactIngestCertifyGood, error) { - var retval __premarshalCertifyGoodArtifactIngestCertifyGood - - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { +func (v *FindSoftwareFindSoftwareArtifact) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwareArtifact, error) { + var retval __premarshalFindSoftwareFindSoftwareArtifact - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyGoodArtifactIngestCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Typename = v.Typename + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// CertifyGoodArtifactResponse is returned by CertifyGoodArtifact on success. -type CertifyGoodArtifactResponse struct { - // Adds a certification that a package, source or artifact is considered good. - IngestCertifyGood CertifyGoodArtifactIngestCertifyGood `json:"ingestCertifyGood"` -} - -// GetIngestCertifyGood returns CertifyGoodArtifactResponse.IngestCertifyGood, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactResponse) GetIngestCertifyGood() CertifyGoodArtifactIngestCertifyGood { - return v.IngestCertifyGood -} - -// CertifyGoodArtifactsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// FindSoftwareFindSoftwarePackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// Package represents the root of the package trie/tree. // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyGoodArtifactsIngestCertifyGoodsCertifyGood struct { - AllCertifyGood `json:"-"` -} - -// GetId returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetId() string { - return v.AllCertifyGood.Id +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type FindSoftwareFindSoftwarePackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetJustification returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification -} +// GetTypename returns FindSoftwareFindSoftwarePackage.Typename, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwarePackage) GetTypename() *string { return v.Typename } -// GetSubject returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetId returns FindSoftwareFindSoftwarePackage.Id, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwarePackage) GetId() string { return v.AllPkgTree.Id } -// GetOrigin returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetOrigin() string { - return v.AllCertifyGood.Origin -} +// GetType returns FindSoftwareFindSoftwarePackage.Type, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwarePackage) GetType() string { return v.AllPkgTree.Type } -// GetCollector returns CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) GetCollector() string { - return v.AllCertifyGood.Collector +// GetNamespaces returns FindSoftwareFindSoftwarePackage.Namespaces, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwarePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { +func (v *FindSoftwareFindSoftwarePackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood + *FindSoftwareFindSoftwarePackage graphql.NoUnmarshalJSON } - firstPass.CertifyGoodArtifactsIngestCertifyGoodsCertifyGood = v + firstPass.FindSoftwareFindSoftwarePackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7511,26 +7596,24 @@ func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []by } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood struct { - Id string `json:"id"` - - Justification string `json:"justification"` +type __premarshalFindSoftwareFindSoftwarePackage struct { + Typename *string `json:"__typename"` - Subject json.RawMessage `json:"subject"` + Id string `json:"id"` - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { +func (v *FindSoftwareFindSoftwarePackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7538,103 +7621,162 @@ func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byt return json.Marshal(premarshaled) } -func (v *CertifyGoodArtifactsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood, error) { - var retval __premarshalCertifyGoodArtifactsIngestCertifyGoodsCertifyGood - - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { +func (v *FindSoftwareFindSoftwarePackage) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwarePackage, error) { + var retval __premarshalFindSoftwareFindSoftwarePackage - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyGoodArtifactsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Typename = v.Typename + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// CertifyGoodArtifactsResponse is returned by CertifyGoodArtifacts on success. -type CertifyGoodArtifactsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered good. - IngestCertifyGoods []CertifyGoodArtifactsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` +// FindSoftwareFindSoftwarePackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. +// +// FindSoftwareFindSoftwarePackageSourceOrArtifact is implemented by the following types: +// FindSoftwareFindSoftwareArtifact +// FindSoftwareFindSoftwarePackage +// FindSoftwareFindSoftwareSource +// The GraphQL type's documentation follows. +// +// PackageSourceOrArtifact is a union of Package, Source, and Artifact. +type FindSoftwareFindSoftwarePackageSourceOrArtifact interface { + implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -// GetIngestCertifyGoods returns CertifyGoodArtifactsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. -func (v *CertifyGoodArtifactsResponse) GetIngestCertifyGoods() []CertifyGoodArtifactsIngestCertifyGoodsCertifyGood { - return v.IngestCertifyGoods +func (v *FindSoftwareFindSoftwareArtifact) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { +} +func (v *FindSoftwareFindSoftwarePackage) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { +} +func (v *FindSoftwareFindSoftwareSource) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { } -// CertifyGoodInputSpec represents the mutation input to ingest a CertifyGood evidence. -type CertifyGoodInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +func __unmarshalFindSoftwareFindSoftwarePackageSourceOrArtifact(b []byte, v *FindSoftwareFindSoftwarePackageSourceOrArtifact) error { + if string(b) == "null" { + return nil + } + + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } + + switch tn.TypeName { + case "Artifact": + *v = new(FindSoftwareFindSoftwareArtifact) + return json.Unmarshal(b, *v) + case "Package": + *v = new(FindSoftwareFindSoftwarePackage) + return json.Unmarshal(b, *v) + case "Source": + *v = new(FindSoftwareFindSoftwareSource) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing PackageSourceOrArtifact.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for FindSoftwareFindSoftwarePackageSourceOrArtifact: "%v"`, tn.TypeName) + } } -// GetJustification returns CertifyGoodInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodInputSpec) GetJustification() string { return v.Justification } +func __marshalFindSoftwareFindSoftwarePackageSourceOrArtifact(v *FindSoftwareFindSoftwarePackageSourceOrArtifact) ([]byte, error) { -// GetOrigin returns CertifyGoodInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodInputSpec) GetOrigin() string { return v.Origin } + var typename string + switch v := (*v).(type) { + case *FindSoftwareFindSoftwareArtifact: + typename = "Artifact" -// GetCollector returns CertifyGoodInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodInputSpec) GetCollector() string { return v.Collector } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalFindSoftwareFindSoftwareArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *FindSoftwareFindSoftwarePackage: + typename = "Package" -// CertifyGoodPkgIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalFindSoftwareFindSoftwarePackage + }{typename, premarshaled} + return json.Marshal(result) + case *FindSoftwareFindSoftwareSource: + typename = "Source" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalFindSoftwareFindSoftwareSource + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for FindSoftwareFindSoftwarePackageSourceOrArtifact: "%T"`, v) + } +} + +// FindSoftwareFindSoftwareSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// Source represents the root of the source trie/tree. // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. // -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyGoodPkgIngestCertifyGood struct { - AllCertifyGood `json:"-"` +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type FindSoftwareFindSoftwareSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetId returns CertifyGoodPkgIngestCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns CertifyGoodPkgIngestCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgIngestCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification -} +// GetTypename returns FindSoftwareFindSoftwareSource.Typename, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareSource) GetTypename() *string { return v.Typename } -// GetSubject returns CertifyGoodPkgIngestCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetId returns FindSoftwareFindSoftwareSource.Id, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareSource) GetId() string { return v.AllSourceTree.Id } -// GetOrigin returns CertifyGoodPkgIngestCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } +// GetType returns FindSoftwareFindSoftwareSource.Type, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareSource) GetType() string { return v.AllSourceTree.Type } -// GetCollector returns CertifyGoodPkgIngestCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgIngestCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } +// GetNamespaces returns FindSoftwareFindSoftwareSource.Namespaces, and is useful for accessing the field via an interface. +func (v *FindSoftwareFindSoftwareSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} -func (v *CertifyGoodPkgIngestCertifyGood) UnmarshalJSON(b []byte) error { +func (v *FindSoftwareFindSoftwareSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodPkgIngestCertifyGood + *FindSoftwareFindSoftwareSource graphql.NoUnmarshalJSON } - firstPass.CertifyGoodPkgIngestCertifyGood = v + firstPass.FindSoftwareFindSoftwareSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7642,26 +7784,24 @@ func (v *CertifyGoodPkgIngestCertifyGood) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalCertifyGoodPkgIngestCertifyGood struct { - Id string `json:"id"` - - Justification string `json:"justification"` +type __premarshalFindSoftwareFindSoftwareSource struct { + Typename *string `json:"__typename"` - Subject json.RawMessage `json:"subject"` + Id string `json:"id"` - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *CertifyGoodPkgIngestCertifyGood) MarshalJSON() ([]byte, error) { +func (v *FindSoftwareFindSoftwareSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7669,118 +7809,87 @@ func (v *CertifyGoodPkgIngestCertifyGood) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyGoodPkgIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodPkgIngestCertifyGood, error) { - var retval __premarshalCertifyGoodPkgIngestCertifyGood - - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { +func (v *FindSoftwareFindSoftwareSource) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwareSource, error) { + var retval __premarshalFindSoftwareFindSoftwareSource - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyGoodPkgIngestCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Typename = v.Typename + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// CertifyGoodPkgResponse is returned by CertifyGoodPkg on success. -type CertifyGoodPkgResponse struct { - // Adds a certification that a package, source or artifact is considered good. - IngestCertifyGood CertifyGoodPkgIngestCertifyGood `json:"ingestCertifyGood"` -} - -// GetIngestCertifyGood returns CertifyGoodPkgResponse.IngestCertifyGood, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgResponse) GetIngestCertifyGood() CertifyGoodPkgIngestCertifyGood { - return v.IngestCertifyGood -} - -// CertifyGoodPkgsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. -// The GraphQL type's documentation follows. -// -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type CertifyGoodPkgsIngestCertifyGoodsCertifyGood struct { - AllCertifyGood `json:"-"` -} - -// GetId returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification -} - -// GetSubject returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} - -// GetOrigin returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetOrigin() string { - return v.AllCertifyGood.Origin +// FindSoftwareResponse is returned by FindSoftware on success. +type FindSoftwareResponse struct { + // findSoftware takes in a searchText string and looks for software + // that may be relevant for the input text. This can be seen as fuzzy search + // function for Packages, Sources and Artifacts. findSoftware returns a list + // of Packages, Sources and Artifacts that it determines to be relevant to + // the input searchText. + // + // Due to the nature of full text search being implemented differently on + // different db platforms, the behavior of findSoftware is not guaranteed + // to be the same. In addition, their statistical nature may result in + // results being different per call and not reproducible. + // + // All that is asked in the implementation of this API is that it follows + // the spirit of helping to retrieve the right nodes with best effort. + // + // Warning: This is an EXPERIMENTAL feature. This is subject to change. + // Warning: This is an OPTIONAL feature. Backends are not required to + // implement this API. + FindSoftware []FindSoftwareFindSoftwarePackageSourceOrArtifact `json:"-"` } -// GetCollector returns CertifyGoodPkgsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) GetCollector() string { - return v.AllCertifyGood.Collector +// GetFindSoftware returns FindSoftwareResponse.FindSoftware, and is useful for accessing the field via an interface. +func (v *FindSoftwareResponse) GetFindSoftware() []FindSoftwareFindSoftwarePackageSourceOrArtifact { + return v.FindSoftware } -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { +func (v *FindSoftwareResponse) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodPkgsIngestCertifyGoodsCertifyGood + *FindSoftwareResponse + FindSoftware []json.RawMessage `json:"findSoftware"` graphql.NoUnmarshalJSON } - firstPass.CertifyGoodPkgsIngestCertifyGoodsCertifyGood = v + firstPass.FindSoftwareResponse = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllCertifyGood) - if err != nil { - return err + { + dst := &v.FindSoftware + src := firstPass.FindSoftware + *dst = make( + []FindSoftwareFindSoftwarePackageSourceOrArtifact, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + if len(src) != 0 && string(src) != "null" { + err = __unmarshalFindSoftwareFindSoftwarePackageSourceOrArtifact( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal FindSoftwareResponse.FindSoftware: %w", err) + } + } + } } return nil } -type __premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood struct { - Id string `json:"id"` - - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` +type __premarshalFindSoftwareResponse struct { + FindSoftware []json.RawMessage `json:"findSoftware"` } -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { +func (v *FindSoftwareResponse) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7788,87 +7897,94 @@ func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, er return json.Marshal(premarshaled) } -func (v *CertifyGoodPkgsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood, error) { - var retval __premarshalCertifyGoodPkgsIngestCertifyGoodsCertifyGood +func (v *FindSoftwareResponse) __premarshalJSON() (*__premarshalFindSoftwareResponse, error) { + var retval __premarshalFindSoftwareResponse - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification { - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal CertifyGoodPkgsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) + dst := &retval.FindSoftware + src := v.FindSoftware + *dst = make( + []json.RawMessage, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + var err error + *dst, err = __marshalFindSoftwareFindSoftwarePackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal FindSoftwareResponse.FindSoftware: %w", err) + } } } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// CertifyGoodPkgsResponse is returned by CertifyGoodPkgs on success. -type CertifyGoodPkgsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered good. - IngestCertifyGoods []CertifyGoodPkgsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` -} - -// GetIngestCertifyGoods returns CertifyGoodPkgsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. -func (v *CertifyGoodPkgsResponse) GetIngestCertifyGoods() []CertifyGoodPkgsIngestCertifyGoodsCertifyGood { - return v.IngestCertifyGoods -} - -// CertifyGoodSrcIngestCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// HasMetadataArtifactIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// The certification applies to a subject which is a package, source, or artifact. +// Justification indicates how the metadata was determined. +// +// The metadata applies to a subject which is a package, source, or artifact. // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyGoodSrcIngestCertifyGood struct { - AllCertifyGood `json:"-"` +type HasMetadataArtifactIngestHasMetadata struct { + AllHasMetadata `json:"-"` } -// GetId returns CertifyGoodSrcIngestCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcIngestCertifyGood) GetId() string { return v.AllCertifyGood.Id } +// GetId returns HasMetadataArtifactIngestHasMetadata.Id, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } -// GetJustification returns CertifyGoodSrcIngestCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcIngestCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification +// GetSubject returns HasMetadataArtifactIngestHasMetadata.Subject, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { + return v.AllHasMetadata.Subject } -// GetSubject returns CertifyGoodSrcIngestCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcIngestCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject +// GetKey returns HasMetadataArtifactIngestHasMetadata.Key, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } + +// GetValue returns HasMetadataArtifactIngestHasMetadata.Value, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } + +// GetTimestamp returns HasMetadataArtifactIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetTimestamp() time.Time { + return v.AllHasMetadata.Timestamp } -// GetOrigin returns CertifyGoodSrcIngestCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcIngestCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } +// GetJustification returns HasMetadataArtifactIngestHasMetadata.Justification, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetJustification() string { + return v.AllHasMetadata.Justification +} -// GetCollector returns CertifyGoodSrcIngestCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcIngestCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } +// GetOrigin returns HasMetadataArtifactIngestHasMetadata.Origin, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } -func (v *CertifyGoodSrcIngestCertifyGood) UnmarshalJSON(b []byte) error { +// GetCollector returns HasMetadataArtifactIngestHasMetadata.Collector, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactIngestHasMetadata) GetCollector() string { + return v.AllHasMetadata.Collector +} + +func (v *HasMetadataArtifactIngestHasMetadata) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodSrcIngestCertifyGood + *HasMetadataArtifactIngestHasMetadata graphql.NoUnmarshalJSON } - firstPass.CertifyGoodSrcIngestCertifyGood = v + firstPass.HasMetadataArtifactIngestHasMetadata = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7876,26 +7992,32 @@ func (v *CertifyGoodSrcIngestCertifyGood) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllHasMetadata) if err != nil { return err } return nil } -type __premarshalCertifyGoodSrcIngestCertifyGood struct { +type __premarshalHasMetadataArtifactIngestHasMetadata struct { Id string `json:"id"` - Justification string `json:"justification"` - Subject json.RawMessage `json:"subject"` + Key string `json:"key"` + + Value string `json:"value"` + + Timestamp time.Time `json:"timestamp"` + + Justification string `json:"justification"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *CertifyGoodSrcIngestCertifyGood) MarshalJSON() ([]byte, error) { +func (v *HasMetadataArtifactIngestHasMetadata) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -7903,91 +8025,130 @@ func (v *CertifyGoodSrcIngestCertifyGood) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *CertifyGoodSrcIngestCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodSrcIngestCertifyGood, error) { - var retval __premarshalCertifyGoodSrcIngestCertifyGood +func (v *HasMetadataArtifactIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataArtifactIngestHasMetadata, error) { + var retval __premarshalHasMetadataArtifactIngestHasMetadata - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification + retval.Id = v.AllHasMetadata.Id { dst := &retval.Subject - src := v.AllCertifyGood.Subject + src := v.AllHasMetadata.Subject var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyGoodSrcIngestCertifyGood.AllCertifyGood.Subject: %w", err) + "unable to marshal HasMetadataArtifactIngestHasMetadata.AllHasMetadata.Subject: %w", err) } } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Key = v.AllHasMetadata.Key + retval.Value = v.AllHasMetadata.Value + retval.Timestamp = v.AllHasMetadata.Timestamp + retval.Justification = v.AllHasMetadata.Justification + retval.Origin = v.AllHasMetadata.Origin + retval.Collector = v.AllHasMetadata.Collector return &retval, nil } -// CertifyGoodSrcResponse is returned by CertifyGoodSrc on success. -type CertifyGoodSrcResponse struct { - // Adds a certification that a package, source or artifact is considered good. - IngestCertifyGood CertifyGoodSrcIngestCertifyGood `json:"ingestCertifyGood"` -} - -// GetIngestCertifyGood returns CertifyGoodSrcResponse.IngestCertifyGood, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcResponse) GetIngestCertifyGood() CertifyGoodSrcIngestCertifyGood { - return v.IngestCertifyGood +// HasMetadataArtifactResponse is returned by HasMetadataArtifact on success. +type HasMetadataArtifactResponse struct { + // Adds metadata about a package, source or artifact. + IngestHasMetadata HasMetadataArtifactIngestHasMetadata `json:"ingestHasMetadata"` } -// CertifyGoodSrcsIngestCertifyGoodsCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// GetIngestHasMetadata returns HasMetadataArtifactResponse.IngestHasMetadata, and is useful for accessing the field via an interface. +func (v *HasMetadataArtifactResponse) GetIngestHasMetadata() HasMetadataArtifactIngestHasMetadata { + return v.IngestHasMetadata +} + +// HasMetadataInputSpec represents the mutation input to ingest a CertifyGood evidence. +type HasMetadataInputSpec struct { + Key string `json:"key"` + Value string `json:"value"` + Timestamp time.Time `json:"timestamp"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` +} + +// GetKey returns HasMetadataInputSpec.Key, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetKey() string { return v.Key } + +// GetValue returns HasMetadataInputSpec.Value, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetValue() string { return v.Value } + +// GetTimestamp returns HasMetadataInputSpec.Timestamp, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetTimestamp() time.Time { return v.Timestamp } + +// GetJustification returns HasMetadataInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetJustification() string { return v.Justification } + +// GetOrigin returns HasMetadataInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns HasMetadataInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *HasMetadataInputSpec) GetCollector() string { return v.Collector } + +// HasMetadataPkgIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// The certification applies to a subject which is a package, source, or artifact. +// Justification indicates how the metadata was determined. +// +// The metadata applies to a subject which is a package, source, or artifact. // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type CertifyGoodSrcsIngestCertifyGoodsCertifyGood struct { - AllCertifyGood `json:"-"` +type HasMetadataPkgIngestHasMetadata struct { + AllHasMetadata `json:"-"` } -// GetId returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetId() string { return v.AllCertifyGood.Id } +// GetId returns HasMetadataPkgIngestHasMetadata.Id, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } -// GetJustification returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification +// GetSubject returns HasMetadataPkgIngestHasMetadata.Subject, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { + return v.AllHasMetadata.Subject } -// GetSubject returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetKey returns HasMetadataPkgIngestHasMetadata.Key, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } -// GetOrigin returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetOrigin() string { - return v.AllCertifyGood.Origin -} +// GetValue returns HasMetadataPkgIngestHasMetadata.Value, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } -// GetCollector returns CertifyGoodSrcsIngestCertifyGoodsCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) GetCollector() string { - return v.AllCertifyGood.Collector +// GetTimestamp returns HasMetadataPkgIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetTimestamp() time.Time { return v.AllHasMetadata.Timestamp } + +// GetJustification returns HasMetadataPkgIngestHasMetadata.Justification, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetJustification() string { + return v.AllHasMetadata.Justification } -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) error { +// GetOrigin returns HasMetadataPkgIngestHasMetadata.Origin, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } + +// GetCollector returns HasMetadataPkgIngestHasMetadata.Collector, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgIngestHasMetadata) GetCollector() string { return v.AllHasMetadata.Collector } + +func (v *HasMetadataPkgIngestHasMetadata) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyGoodSrcsIngestCertifyGoodsCertifyGood + *HasMetadataPkgIngestHasMetadata graphql.NoUnmarshalJSON } - firstPass.CertifyGoodSrcsIngestCertifyGoodsCertifyGood = v + firstPass.HasMetadataPkgIngestHasMetadata = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -7995,26 +8156,32 @@ func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) UnmarshalJSON(b []byte) e } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllHasMetadata) if err != nil { return err } return nil } -type __premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood struct { +type __premarshalHasMetadataPkgIngestHasMetadata struct { Id string `json:"id"` - Justification string `json:"justification"` - Subject json.RawMessage `json:"subject"` + Key string `json:"key"` + + Value string `json:"value"` + + Timestamp time.Time `json:"timestamp"` + + Justification string `json:"justification"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, error) { +func (v *HasMetadataPkgIngestHasMetadata) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8022,79 +8189,102 @@ func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) MarshalJSON() ([]byte, er return json.Marshal(premarshaled) } -func (v *CertifyGoodSrcsIngestCertifyGoodsCertifyGood) __premarshalJSON() (*__premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood, error) { - var retval __premarshalCertifyGoodSrcsIngestCertifyGoodsCertifyGood +func (v *HasMetadataPkgIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataPkgIngestHasMetadata, error) { + var retval __premarshalHasMetadataPkgIngestHasMetadata - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification + retval.Id = v.AllHasMetadata.Id { dst := &retval.Subject - src := v.AllCertifyGood.Subject + src := v.AllHasMetadata.Subject var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyGoodSrcsIngestCertifyGoodsCertifyGood.AllCertifyGood.Subject: %w", err) + "unable to marshal HasMetadataPkgIngestHasMetadata.AllHasMetadata.Subject: %w", err) } } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Key = v.AllHasMetadata.Key + retval.Value = v.AllHasMetadata.Value + retval.Timestamp = v.AllHasMetadata.Timestamp + retval.Justification = v.AllHasMetadata.Justification + retval.Origin = v.AllHasMetadata.Origin + retval.Collector = v.AllHasMetadata.Collector return &retval, nil } -// CertifyGoodSrcsResponse is returned by CertifyGoodSrcs on success. -type CertifyGoodSrcsResponse struct { - // Adds bulk certifications that a package, source or artifact is considered good. - IngestCertifyGoods []CertifyGoodSrcsIngestCertifyGoodsCertifyGood `json:"ingestCertifyGoods"` +// HasMetadataPkgResponse is returned by HasMetadataPkg on success. +type HasMetadataPkgResponse struct { + // Adds metadata about a package, source or artifact. + IngestHasMetadata HasMetadataPkgIngestHasMetadata `json:"ingestHasMetadata"` } -// GetIngestCertifyGoods returns CertifyGoodSrcsResponse.IngestCertifyGoods, and is useful for accessing the field via an interface. -func (v *CertifyGoodSrcsResponse) GetIngestCertifyGoods() []CertifyGoodSrcsIngestCertifyGoodsCertifyGood { - return v.IngestCertifyGoods +// GetIngestHasMetadata returns HasMetadataPkgResponse.IngestHasMetadata, and is useful for accessing the field via an interface. +func (v *HasMetadataPkgResponse) GetIngestHasMetadata() HasMetadataPkgIngestHasMetadata { + return v.IngestHasMetadata } -// CertifyNoKnownVulnIngestVulnerabilityCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. +// HasMetadataSrcIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// CertifyVuln is an attestation to attach vulnerability information to a package. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type CertifyNoKnownVulnIngestVulnerabilityCertifyVuln struct { - AllCertifyVuln `json:"-"` +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. +// +// Justification indicates how the metadata was determined. +// +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type HasMetadataSrcIngestHasMetadata struct { + AllHasMetadata `json:"-"` } -// GetId returns CertifyNoKnownVulnIngestVulnerabilityCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } +// GetId returns HasMetadataSrcIngestHasMetadata.Id, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } -// GetPackage returns CertifyNoKnownVulnIngestVulnerabilityCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) GetPackage() AllCertifyVulnPackage { - return v.AllCertifyVuln.Package +// GetSubject returns HasMetadataSrcIngestHasMetadata.Subject, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { + return v.AllHasMetadata.Subject } -// GetVulnerability returns CertifyNoKnownVulnIngestVulnerabilityCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability -} +// GetKey returns HasMetadataSrcIngestHasMetadata.Key, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } -// GetMetadata returns CertifyNoKnownVulnIngestVulnerabilityCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata +// GetValue returns HasMetadataSrcIngestHasMetadata.Value, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } + +// GetTimestamp returns HasMetadataSrcIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetTimestamp() time.Time { return v.AllHasMetadata.Timestamp } + +// GetJustification returns HasMetadataSrcIngestHasMetadata.Justification, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetJustification() string { + return v.AllHasMetadata.Justification } -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) error { +// GetOrigin returns HasMetadataSrcIngestHasMetadata.Origin, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } + +// GetCollector returns HasMetadataSrcIngestHasMetadata.Collector, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcIngestHasMetadata) GetCollector() string { return v.AllHasMetadata.Collector } + +func (v *HasMetadataSrcIngestHasMetadata) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln + *HasMetadataSrcIngestHasMetadata graphql.NoUnmarshalJSON } - firstPass.CertifyNoKnownVulnIngestVulnerabilityCertifyVuln = v + firstPass.HasMetadataSrcIngestHasMetadata = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8102,24 +8292,32 @@ func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byt } err = json.Unmarshal( - b, &v.AllCertifyVuln) + b, &v.AllHasMetadata) if err != nil { return err } return nil } -type __premarshalCertifyNoKnownVulnIngestVulnerabilityCertifyVuln struct { +type __premarshalHasMetadataSrcIngestHasMetadata struct { Id string `json:"id"` - Package AllCertifyVulnPackage `json:"package"` + Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` + Key string `json:"key"` + + Value string `json:"value"` + + Timestamp time.Time `json:"timestamp"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Collector string `json:"collector"` } -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *HasMetadataSrcIngestHasMetadata) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8127,78 +8325,86 @@ func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte return json.Marshal(premarshaled) } -func (v *CertifyNoKnownVulnIngestVulnerabilityCertifyVuln) __premarshalJSON() (*__premarshalCertifyNoKnownVulnIngestVulnerabilityCertifyVuln, error) { - var retval __premarshalCertifyNoKnownVulnIngestVulnerabilityCertifyVuln +func (v *HasMetadataSrcIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataSrcIngestHasMetadata, error) { + var retval __premarshalHasMetadataSrcIngestHasMetadata - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package + retval.Id = v.AllHasMetadata.Id { - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability + dst := &retval.Subject + src := v.AllHasMetadata.Subject var err error - *dst, err = __marshalAllCertifyVulnVulnerability( + *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyNoKnownVulnIngestVulnerabilityCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) + "unable to marshal HasMetadataSrcIngestHasMetadata.AllHasMetadata.Subject: %w", err) } } - retval.Metadata = v.AllCertifyVuln.Metadata + retval.Key = v.AllHasMetadata.Key + retval.Value = v.AllHasMetadata.Value + retval.Timestamp = v.AllHasMetadata.Timestamp + retval.Justification = v.AllHasMetadata.Justification + retval.Origin = v.AllHasMetadata.Origin + retval.Collector = v.AllHasMetadata.Collector return &retval, nil } -// CertifyNoKnownVulnResponse is returned by CertifyNoKnownVuln on success. -type CertifyNoKnownVulnResponse struct { - // Adds a certification that a package has been scanned for vulnerabilities. - IngestVulnerability CertifyNoKnownVulnIngestVulnerabilityCertifyVuln `json:"ingestVulnerability"` +// HasMetadataSrcResponse is returned by HasMetadataSrc on success. +type HasMetadataSrcResponse struct { + // Adds metadata about a package, source or artifact. + IngestHasMetadata HasMetadataSrcIngestHasMetadata `json:"ingestHasMetadata"` } -// GetIngestVulnerability returns CertifyNoKnownVulnResponse.IngestVulnerability, and is useful for accessing the field via an interface. -func (v *CertifyNoKnownVulnResponse) GetIngestVulnerability() CertifyNoKnownVulnIngestVulnerabilityCertifyVuln { - return v.IngestVulnerability +// GetIngestHasMetadata returns HasMetadataSrcResponse.IngestHasMetadata, and is useful for accessing the field via an interface. +func (v *HasMetadataSrcResponse) GetIngestHasMetadata() HasMetadataSrcIngestHasMetadata { + return v.IngestHasMetadata } -// CertifyOSVIngestVulnerabilityCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. -// The GraphQL type's documentation follows. -// -// CertifyVuln is an attestation to attach vulnerability information to a package. -// -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type CertifyOSVIngestVulnerabilityCertifyVuln struct { - AllCertifyVuln `json:"-"` +// HasSBOMArtifactIngestHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type HasSBOMArtifactIngestHasSBOM struct { + AllHasSBOMTree `json:"-"` } -// GetId returns CertifyOSVIngestVulnerabilityCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } +// GetId returns HasSBOMArtifactIngestHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } -// GetPackage returns CertifyOSVIngestVulnerabilityCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) GetPackage() AllCertifyVulnPackage { - return v.AllCertifyVuln.Package +// GetSubject returns HasSBOMArtifactIngestHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -// GetVulnerability returns CertifyOSVIngestVulnerabilityCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability -} +// GetUri returns HasSBOMArtifactIngestHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } -// GetMetadata returns CertifyOSVIngestVulnerabilityCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata +// GetAlgorithm returns HasSBOMArtifactIngestHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns HasSBOMArtifactIngestHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns HasSBOMArtifactIngestHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetDownloadLocation() string { + return v.AllHasSBOMTree.DownloadLocation } -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) error { +// GetOrigin returns HasSBOMArtifactIngestHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } + +// GetCollector returns HasSBOMArtifactIngestHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactIngestHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } + +func (v *HasSBOMArtifactIngestHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyOSVIngestVulnerabilityCertifyVuln + *HasSBOMArtifactIngestHasSBOM graphql.NoUnmarshalJSON } - firstPass.CertifyOSVIngestVulnerabilityCertifyVuln = v + firstPass.HasSBOMArtifactIngestHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8206,24 +8412,32 @@ func (v *CertifyOSVIngestVulnerabilityCertifyVuln) UnmarshalJSON(b []byte) error } err = json.Unmarshal( - b, &v.AllCertifyVuln) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalCertifyOSVIngestVulnerabilityCertifyVuln struct { +type __premarshalHasSBOMArtifactIngestHasSBOM struct { Id string `json:"id"` - Package AllCertifyVulnPackage `json:"package"` + Subject json.RawMessage `json:"subject"` + + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` - Vulnerability json.RawMessage `json:"vulnerability"` + Origin string `json:"origin"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Collector string `json:"collector"` } -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *HasSBOMArtifactIngestHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8231,73 +8445,90 @@ func (v *CertifyOSVIngestVulnerabilityCertifyVuln) MarshalJSON() ([]byte, error) return json.Marshal(premarshaled) } -func (v *CertifyOSVIngestVulnerabilityCertifyVuln) __premarshalJSON() (*__premarshalCertifyOSVIngestVulnerabilityCertifyVuln, error) { - var retval __premarshalCertifyOSVIngestVulnerabilityCertifyVuln +func (v *HasSBOMArtifactIngestHasSBOM) __premarshalJSON() (*__premarshalHasSBOMArtifactIngestHasSBOM, error) { + var retval __premarshalHasSBOMArtifactIngestHasSBOM - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package + retval.Id = v.AllHasSBOMTree.Id { - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject var err error - *dst, err = __marshalAllCertifyVulnVulnerability( + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal CertifyOSVIngestVulnerabilityCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) + "unable to marshal HasSBOMArtifactIngestHasSBOM.AllHasSBOMTree.Subject: %w", err) } } - retval.Metadata = v.AllCertifyVuln.Metadata + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// CertifyOSVResponse is returned by CertifyOSV on success. -type CertifyOSVResponse struct { - // Adds a certification that a package has been scanned for vulnerabilities. - IngestVulnerability CertifyOSVIngestVulnerabilityCertifyVuln `json:"ingestVulnerability"` +// HasSBOMArtifactResponse is returned by HasSBOMArtifact on success. +type HasSBOMArtifactResponse struct { + // Certifies that a package or artifact has an SBOM. + IngestHasSBOM HasSBOMArtifactIngestHasSBOM `json:"ingestHasSBOM"` } -// GetIngestVulnerability returns CertifyOSVResponse.IngestVulnerability, and is useful for accessing the field via an interface. -func (v *CertifyOSVResponse) GetIngestVulnerability() CertifyOSVIngestVulnerabilityCertifyVuln { - return v.IngestVulnerability +// GetIngestHasSBOM returns HasSBOMArtifactResponse.IngestHasSBOM, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactResponse) GetIngestHasSBOM() HasSBOMArtifactIngestHasSBOM { + return v.IngestHasSBOM } -// CertifyScorecardIngestScorecardCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. -// The GraphQL type's documentation follows. -// -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type CertifyScorecardIngestScorecardCertifyScorecard struct { - AllCertifyScorecard `json:"-"` +// HasSBOMArtifactsIngestHasSBOMsHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type HasSBOMArtifactsIngestHasSBOMsHasSBOM struct { + AllHasSBOMTree `json:"-"` } -// GetId returns CertifyScorecardIngestScorecardCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetId() string { - return v.AllCertifyScorecard.Id +// GetId returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -// GetSource returns CertifyScorecardIngestScorecardCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source +// GetUri returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetAlgorithm() string { + return v.AllHasSBOMTree.Algorithm } -// GetScorecard returns CertifyScorecardIngestScorecardCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *CertifyScorecardIngestScorecardCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard +// GetDigest returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetDownloadLocation() string { + return v.AllHasSBOMTree.DownloadLocation } -func (v *CertifyScorecardIngestScorecardCertifyScorecard) UnmarshalJSON(b []byte) error { +// GetOrigin returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } + +// GetCollector returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetCollector() string { + return v.AllHasSBOMTree.Collector +} + +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyScorecardIngestScorecardCertifyScorecard + *HasSBOMArtifactsIngestHasSBOMsHasSBOM graphql.NoUnmarshalJSON } - firstPass.CertifyScorecardIngestScorecardCertifyScorecard = v + firstPass.HasSBOMArtifactsIngestHasSBOMsHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8305,22 +8536,32 @@ func (v *CertifyScorecardIngestScorecardCertifyScorecard) UnmarshalJSON(b []byte } err = json.Unmarshal( - b, &v.AllCertifyScorecard) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalCertifyScorecardIngestScorecardCertifyScorecard struct { +type __premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM struct { Id string `json:"id"` - Source AllCertifyScorecardSource `json:"source"` + Subject json.RawMessage `json:"subject"` - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *CertifyScorecardIngestScorecardCertifyScorecard) MarshalJSON() ([]byte, error) { +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8328,61 +8569,114 @@ func (v *CertifyScorecardIngestScorecardCertifyScorecard) MarshalJSON() ([]byte, return json.Marshal(premarshaled) } -func (v *CertifyScorecardIngestScorecardCertifyScorecard) __premarshalJSON() (*__premarshalCertifyScorecardIngestScorecardCertifyScorecard, error) { - var retval __premarshalCertifyScorecardIngestScorecardCertifyScorecard +func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) __premarshalJSON() (*__premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM, error) { + var retval __premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard + retval.Id = v.AllHasSBOMTree.Id + { + + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal HasSBOMArtifactsIngestHasSBOMsHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// CertifyScorecardResponse is returned by CertifyScorecard on success. -type CertifyScorecardResponse struct { - // Adds a certification that a source repository has a Scorecard. - IngestScorecard CertifyScorecardIngestScorecardCertifyScorecard `json:"ingestScorecard"` +// HasSBOMArtifactsResponse is returned by HasSBOMArtifacts on success. +type HasSBOMArtifactsResponse struct { + // Bulk ingest that package or artifact has an SBOM. + IngestHasSBOMs []HasSBOMArtifactsIngestHasSBOMsHasSBOM `json:"ingestHasSBOMs"` } -// GetIngestScorecard returns CertifyScorecardResponse.IngestScorecard, and is useful for accessing the field via an interface. -func (v *CertifyScorecardResponse) GetIngestScorecard() CertifyScorecardIngestScorecardCertifyScorecard { - return v.IngestScorecard +// GetIngestHasSBOMs returns HasSBOMArtifactsResponse.IngestHasSBOMs, and is useful for accessing the field via an interface. +func (v *HasSBOMArtifactsResponse) GetIngestHasSBOMs() []HasSBOMArtifactsIngestHasSBOMsHasSBOM { + return v.IngestHasSBOMs } -// CertifyScorecardsIngestScorecardsCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. -// The GraphQL type's documentation follows. -// -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type CertifyScorecardsIngestScorecardsCertifyScorecard struct { - AllCertifyScorecard `json:"-"` +// HasSBOMInputSpec is the same as HasSBOM but for mutation input. +type HasSBOMInputSpec struct { + Uri string `json:"uri"` + Algorithm string `json:"algorithm"` + Digest string `json:"digest"` + DownloadLocation string `json:"downloadLocation"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetId returns CertifyScorecardsIngestScorecardsCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetId() string { - return v.AllCertifyScorecard.Id +// GetUri returns HasSBOMInputSpec.Uri, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetUri() string { return v.Uri } + +// GetAlgorithm returns HasSBOMInputSpec.Algorithm, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetAlgorithm() string { return v.Algorithm } + +// GetDigest returns HasSBOMInputSpec.Digest, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetDigest() string { return v.Digest } + +// GetDownloadLocation returns HasSBOMInputSpec.DownloadLocation, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetDownloadLocation() string { return v.DownloadLocation } + +// GetOrigin returns HasSBOMInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns HasSBOMInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *HasSBOMInputSpec) GetCollector() string { return v.Collector } + +// HasSBOMPkgIngestHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type HasSBOMPkgIngestHasSBOM struct { + AllHasSBOMTree `json:"-"` } -// GetSource returns CertifyScorecardsIngestScorecardsCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source +// GetId returns HasSBOMPkgIngestHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns HasSBOMPkgIngestHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -// GetScorecard returns CertifyScorecardsIngestScorecardsCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard +// GetUri returns HasSBOMPkgIngestHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns HasSBOMPkgIngestHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns HasSBOMPkgIngestHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns HasSBOMPkgIngestHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetDownloadLocation() string { + return v.AllHasSBOMTree.DownloadLocation } -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) UnmarshalJSON(b []byte) error { +// GetOrigin returns HasSBOMPkgIngestHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } + +// GetCollector returns HasSBOMPkgIngestHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgIngestHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } + +func (v *HasSBOMPkgIngestHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *CertifyScorecardsIngestScorecardsCertifyScorecard + *HasSBOMPkgIngestHasSBOM graphql.NoUnmarshalJSON } - firstPass.CertifyScorecardsIngestScorecardsCertifyScorecard = v + firstPass.HasSBOMPkgIngestHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8390,22 +8684,32 @@ func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) UnmarshalJSON(b []by } err = json.Unmarshal( - b, &v.AllCertifyScorecard) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalCertifyScorecardsIngestScorecardsCertifyScorecard struct { +type __premarshalHasSBOMPkgIngestHasSBOM struct { Id string `json:"id"` - Source AllCertifyScorecardSource `json:"source"` + Subject json.RawMessage `json:"subject"` - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) MarshalJSON() ([]byte, error) { +func (v *HasSBOMPkgIngestHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8413,168 +8717,84 @@ func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) MarshalJSON() ([]byt return json.Marshal(premarshaled) } -func (v *CertifyScorecardsIngestScorecardsCertifyScorecard) __premarshalJSON() (*__premarshalCertifyScorecardsIngestScorecardsCertifyScorecard, error) { - var retval __premarshalCertifyScorecardsIngestScorecardsCertifyScorecard +func (v *HasSBOMPkgIngestHasSBOM) __premarshalJSON() (*__premarshalHasSBOMPkgIngestHasSBOM, error) { + var retval __premarshalHasSBOMPkgIngestHasSBOM - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard + retval.Id = v.AllHasSBOMTree.Id + { + + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal HasSBOMPkgIngestHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// CertifyScorecardsResponse is returned by CertifyScorecards on success. -type CertifyScorecardsResponse struct { - // Adds bulk certifications that a source repository has a Scorecard. - IngestScorecards []CertifyScorecardsIngestScorecardsCertifyScorecard `json:"ingestScorecards"` +// HasSBOMPkgResponse is returned by HasSBOMPkg on success. +type HasSBOMPkgResponse struct { + // Certifies that a package or artifact has an SBOM. + IngestHasSBOM HasSBOMPkgIngestHasSBOM `json:"ingestHasSBOM"` } -// GetIngestScorecards returns CertifyScorecardsResponse.IngestScorecards, and is useful for accessing the field via an interface. -func (v *CertifyScorecardsResponse) GetIngestScorecards() []CertifyScorecardsIngestScorecardsCertifyScorecard { - return v.IngestScorecards -} +// GetIngestHasSBOM returns HasSBOMPkgResponse.IngestHasSBOM, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgResponse) GetIngestHasSBOM() HasSBOMPkgIngestHasSBOM { return v.IngestHasSBOM } -// DependencyType determines the type of the dependency. -type DependencyType string +// HasSBOMPkgsIngestHasSBOMsHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type HasSBOMPkgsIngestHasSBOMsHasSBOM struct { + AllHasSBOMTree `json:"-"` +} -const ( - // direct dependency - DependencyTypeDirect DependencyType = "DIRECT" - // indirect dependency - DependencyTypeIndirect DependencyType = "INDIRECT" - // type not known/not specified - DependencyTypeUnknown DependencyType = "UNKNOWN" -) +// GetId returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } -// Edge allows filtering path/neighbors output to only contain a subset of all -// possible GUAC links. -// -// Each member of the enum is formed by merging two Node names with _. Each name -// is converted from CamelCase to CAPITALS_WITH_UNDERSCORES. Only valid edges -// (pairs from Node to Node) are included. -// -// The only exception to the above rule is for links out of HasSLSA. The names are -// HAS_SLSA_SUBJECT, HAS_SLSA_BUILT_BY, and HAS_SLSA_MATERIALS. This is because -// ARTIFACT_HAS_SLSA is only from subject Artifact to HasSLSA. -type Edge string +// GetSubject returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject +} -const ( - EdgeArtifactCertifyBad Edge = "ARTIFACT_CERTIFY_BAD" - EdgeArtifactCertifyGood Edge = "ARTIFACT_CERTIFY_GOOD" - EdgeArtifactCertifyVexStatement Edge = "ARTIFACT_CERTIFY_VEX_STATEMENT" - EdgeArtifactHashEqual Edge = "ARTIFACT_HASH_EQUAL" - EdgeArtifactHasSbom Edge = "ARTIFACT_HAS_SBOM" - EdgeArtifactHasSlsa Edge = "ARTIFACT_HAS_SLSA" - EdgeArtifactIsOccurrence Edge = "ARTIFACT_IS_OCCURRENCE" - EdgeArtifactHasMetadata Edge = "ARTIFACT_HAS_METADATA" - EdgeArtifactPointOfContact Edge = "ARTIFACT_POINT_OF_CONTACT" - EdgeBuilderHasSlsa Edge = "BUILDER_HAS_SLSA" - EdgeCveCertifyVexStatement Edge = "CVE_CERTIFY_VEX_STATEMENT" - EdgeCveCertifyVuln Edge = "CVE_CERTIFY_VULN" - EdgeCveIsVulnerability Edge = "CVE_IS_VULNERABILITY" - EdgeGhsaCertifyVexStatement Edge = "GHSA_CERTIFY_VEX_STATEMENT" - EdgeGhsaCertifyVuln Edge = "GHSA_CERTIFY_VULN" - EdgeGhsaIsVulnerability Edge = "GHSA_IS_VULNERABILITY" - EdgeNoVulnCertifyVuln Edge = "NO_VULN_CERTIFY_VULN" - EdgeOsvCertifyVexStatement Edge = "OSV_CERTIFY_VEX_STATEMENT" - EdgeOsvCertifyVuln Edge = "OSV_CERTIFY_VULN" - EdgeOsvIsVulnerability Edge = "OSV_IS_VULNERABILITY" - EdgePackageCertifyBad Edge = "PACKAGE_CERTIFY_BAD" - EdgePackageCertifyGood Edge = "PACKAGE_CERTIFY_GOOD" - EdgePackageCertifyVexStatement Edge = "PACKAGE_CERTIFY_VEX_STATEMENT" - EdgePackageCertifyVuln Edge = "PACKAGE_CERTIFY_VULN" - EdgePackageHasSbom Edge = "PACKAGE_HAS_SBOM" - EdgePackageHasSourceAt Edge = "PACKAGE_HAS_SOURCE_AT" - EdgePackageIsDependency Edge = "PACKAGE_IS_DEPENDENCY" - EdgePackageIsOccurrence Edge = "PACKAGE_IS_OCCURRENCE" - EdgePackagePkgEqual Edge = "PACKAGE_PKG_EQUAL" - EdgePackageHasMetadata Edge = "PACKAGE_HAS_METADATA" - EdgePackagePointOfContact Edge = "PACKAGE_POINT_OF_CONTACT" - EdgeSourceCertifyBad Edge = "SOURCE_CERTIFY_BAD" - EdgeSourceCertifyGood Edge = "SOURCE_CERTIFY_GOOD" - EdgeSourceCertifyScorecard Edge = "SOURCE_CERTIFY_SCORECARD" - EdgeSourceHasSourceAt Edge = "SOURCE_HAS_SOURCE_AT" - EdgeSourceIsOccurrence Edge = "SOURCE_IS_OCCURRENCE" - EdgeSourceHasMetadata Edge = "SOURCE_HAS_METADATA" - EdgeSourcePointOfContact Edge = "SOURCE_POINT_OF_CONTACT" - EdgeCertifyBadArtifact Edge = "CERTIFY_BAD_ARTIFACT" - EdgeCertifyBadPackage Edge = "CERTIFY_BAD_PACKAGE" - EdgeCertifyBadSource Edge = "CERTIFY_BAD_SOURCE" - EdgeCertifyGoodArtifact Edge = "CERTIFY_GOOD_ARTIFACT" - EdgeCertifyGoodPackage Edge = "CERTIFY_GOOD_PACKAGE" - EdgeCertifyGoodSource Edge = "CERTIFY_GOOD_SOURCE" - EdgeCertifyScorecardSource Edge = "CERTIFY_SCORECARD_SOURCE" - EdgeCertifyVexStatementArtifact Edge = "CERTIFY_VEX_STATEMENT_ARTIFACT" - EdgeCertifyVexStatementCve Edge = "CERTIFY_VEX_STATEMENT_CVE" - EdgeCertifyVexStatementGhsa Edge = "CERTIFY_VEX_STATEMENT_GHSA" - EdgeCertifyVexStatementOsv Edge = "CERTIFY_VEX_STATEMENT_OSV" - EdgeCertifyVexStatementPackage Edge = "CERTIFY_VEX_STATEMENT_PACKAGE" - EdgeCertifyVulnCve Edge = "CERTIFY_VULN_CVE" - EdgeCertifyVulnGhsa Edge = "CERTIFY_VULN_GHSA" - EdgeCertifyVulnNoVuln Edge = "CERTIFY_VULN_NO_VULN" - EdgeCertifyVulnOsv Edge = "CERTIFY_VULN_OSV" - EdgeCertifyVulnPackage Edge = "CERTIFY_VULN_PACKAGE" - EdgeHashEqualArtifact Edge = "HASH_EQUAL_ARTIFACT" - EdgeHasSbomArtifact Edge = "HAS_SBOM_ARTIFACT" - EdgeHasSbomPackage Edge = "HAS_SBOM_PACKAGE" - EdgeHasSlsaBuiltBy Edge = "HAS_SLSA_BUILT_BY" - EdgeHasSlsaMaterials Edge = "HAS_SLSA_MATERIALS" - EdgeHasSlsaSubject Edge = "HAS_SLSA_SUBJECT" - EdgeHasSourceAtPackage Edge = "HAS_SOURCE_AT_PACKAGE" - EdgeHasSourceAtSource Edge = "HAS_SOURCE_AT_SOURCE" - EdgeIsDependencyPackage Edge = "IS_DEPENDENCY_PACKAGE" - EdgeIsOccurrenceArtifact Edge = "IS_OCCURRENCE_ARTIFACT" - EdgeIsOccurrencePackage Edge = "IS_OCCURRENCE_PACKAGE" - EdgeIsOccurrenceSource Edge = "IS_OCCURRENCE_SOURCE" - EdgeIsVulnerabilityCve Edge = "IS_VULNERABILITY_CVE" - EdgeIsVulnerabilityGhsa Edge = "IS_VULNERABILITY_GHSA" - EdgeIsVulnerabilityOsv Edge = "IS_VULNERABILITY_OSV" - EdgePkgEqualPackage Edge = "PKG_EQUAL_PACKAGE" - EdgeHasMetadataPackage Edge = "HAS_METADATA_PACKAGE" - EdgeHasMetadataArtifact Edge = "HAS_METADATA_ARTIFACT" - EdgeHasMetadataSource Edge = "HAS_METADATA_SOURCE" - EdgePointOfContactPackage Edge = "POINT_OF_CONTACT_PACKAGE" - EdgePointOfContactArtifact Edge = "POINT_OF_CONTACT_ARTIFACT" - EdgePointOfContactSource Edge = "POINT_OF_CONTACT_SOURCE" -) +// GetUri returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } -// FindSoftwareFindSoftwareArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type FindSoftwareFindSoftwareArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` -} +// GetAlgorithm returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } -// GetTypename returns FindSoftwareFindSoftwareArtifact.Typename, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareArtifact) GetTypename() *string { return v.Typename } +// GetDigest returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } -// GetId returns FindSoftwareFindSoftwareArtifact.Id, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetDownloadLocation returns HasSBOMPkgsIngestHasSBOMsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetDownloadLocation() string { + return v.AllHasSBOMTree.DownloadLocation +} -// GetAlgorithm returns FindSoftwareFindSoftwareArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetOrigin returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } -// GetDigest returns FindSoftwareFindSoftwareArtifact.Digest, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetCollector returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } -func (v *FindSoftwareFindSoftwareArtifact) UnmarshalJSON(b []byte) error { +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *FindSoftwareFindSoftwareArtifact + *HasSBOMPkgsIngestHasSBOMsHasSBOM graphql.NoUnmarshalJSON } - firstPass.FindSoftwareFindSoftwareArtifact = v + firstPass.HasSBOMPkgsIngestHasSBOMsHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8582,24 +8802,32 @@ func (v *FindSoftwareFindSoftwareArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalFindSoftwareFindSoftwareArtifact struct { - Typename *string `json:"__typename"` - +type __premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM struct { Id string `json:"id"` + Subject json.RawMessage `json:"subject"` + + Uri string `json:"uri"` + Algorithm string `json:"algorithm"` Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *FindSoftwareFindSoftwareArtifact) MarshalJSON() ([]byte, error) { +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8607,63 +8835,88 @@ func (v *FindSoftwareFindSoftwareArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *FindSoftwareFindSoftwareArtifact) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwareArtifact, error) { - var retval __premarshalFindSoftwareFindSoftwareArtifact +func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) __premarshalJSON() (*__premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM, error) { + var retval __premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllHasSBOMTree.Id + { + + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal HasSBOMPkgsIngestHasSBOMsHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// FindSoftwareFindSoftwarePackage includes the requested fields of the GraphQL type Package. +// HasSBOMPkgsResponse is returned by HasSBOMPkgs on success. +type HasSBOMPkgsResponse struct { + // Bulk ingest that package or artifact has an SBOM. + IngestHasSBOMs []HasSBOMPkgsIngestHasSBOMsHasSBOM `json:"ingestHasSBOMs"` +} + +// GetIngestHasSBOMs returns HasSBOMPkgsResponse.IngestHasSBOMs, and is useful for accessing the field via an interface. +func (v *HasSBOMPkgsResponse) GetIngestHasSBOMs() []HasSBOMPkgsIngestHasSBOMsHasSBOM { + return v.IngestHasSBOMs +} + +// HasSourceAtIngestHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type FindSoftwareFindSoftwarePackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` +// HasSourceAt records that a package's repository is a given source. +type HasSourceAtIngestHasSourceAt struct { + AllHasSourceAt `json:"-"` } -// GetTypename returns FindSoftwareFindSoftwarePackage.Typename, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwarePackage) GetTypename() *string { return v.Typename } +// GetId returns HasSourceAtIngestHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } -// GetId returns FindSoftwareFindSoftwarePackage.Id, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwarePackage) GetId() string { return v.AllPkgTree.Id } +// GetJustification returns HasSourceAtIngestHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetJustification() string { + return v.AllHasSourceAt.Justification +} -// GetType returns FindSoftwareFindSoftwarePackage.Type, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwarePackage) GetType() string { return v.AllPkgTree.Type } +// GetKnownSince returns HasSourceAtIngestHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } -// GetNamespaces returns FindSoftwareFindSoftwarePackage.Namespaces, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwarePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetPackage returns HasSourceAtIngestHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetPackage() AllHasSourceAtPackage { + return v.AllHasSourceAt.Package } -func (v *FindSoftwareFindSoftwarePackage) UnmarshalJSON(b []byte) error { +// GetSource returns HasSourceAtIngestHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetSource() AllHasSourceAtSource { + return v.AllHasSourceAt.Source +} + +// GetOrigin returns HasSourceAtIngestHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } + +// GetCollector returns HasSourceAtIngestHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *HasSourceAtIngestHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } + +func (v *HasSourceAtIngestHasSourceAt) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *FindSoftwareFindSoftwarePackage + *HasSourceAtIngestHasSourceAt graphql.NoUnmarshalJSON } - firstPass.FindSoftwareFindSoftwarePackage = v + firstPass.HasSourceAtIngestHasSourceAt = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8671,24 +8924,30 @@ func (v *FindSoftwareFindSoftwarePackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllHasSourceAt) if err != nil { return err } return nil } -type __premarshalFindSoftwareFindSoftwarePackage struct { - Typename *string `json:"__typename"` - +type __premarshalHasSourceAtIngestHasSourceAt struct { Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + KnownSince time.Time `json:"knownSince"` + + Package AllHasSourceAtPackage `json:"package"` + + Source AllHasSourceAtSource `json:"source"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *FindSoftwareFindSoftwarePackage) MarshalJSON() ([]byte, error) { +func (v *HasSourceAtIngestHasSourceAt) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8696,162 +8955,86 @@ func (v *FindSoftwareFindSoftwarePackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *FindSoftwareFindSoftwarePackage) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwarePackage, error) { - var retval __premarshalFindSoftwareFindSoftwarePackage +func (v *HasSourceAtIngestHasSourceAt) __premarshalJSON() (*__premarshalHasSourceAtIngestHasSourceAt, error) { + var retval __premarshalHasSourceAtIngestHasSourceAt - retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllHasSourceAt.Id + retval.Justification = v.AllHasSourceAt.Justification + retval.KnownSince = v.AllHasSourceAt.KnownSince + retval.Package = v.AllHasSourceAt.Package + retval.Source = v.AllHasSourceAt.Source + retval.Origin = v.AllHasSourceAt.Origin + retval.Collector = v.AllHasSourceAt.Collector return &retval, nil } -// FindSoftwareFindSoftwarePackageSourceOrArtifact includes the requested fields of the GraphQL interface PackageSourceOrArtifact. -// -// FindSoftwareFindSoftwarePackageSourceOrArtifact is implemented by the following types: -// FindSoftwareFindSoftwareArtifact -// FindSoftwareFindSoftwarePackage -// FindSoftwareFindSoftwareSource -// The GraphQL type's documentation follows. -// -// PackageSourceOrArtifact is a union of Package, Source, and Artifact. -type FindSoftwareFindSoftwarePackageSourceOrArtifact interface { - implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string -} - -func (v *FindSoftwareFindSoftwareArtifact) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { -} -func (v *FindSoftwareFindSoftwarePackage) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { -} -func (v *FindSoftwareFindSoftwareSource) implementsGraphQLInterfaceFindSoftwareFindSoftwarePackageSourceOrArtifact() { +// HasSourceAtInputSpec is the same as HasSourceAt but for mutation input. +type HasSourceAtInputSpec struct { + KnownSince time.Time `json:"knownSince"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -func __unmarshalFindSoftwareFindSoftwarePackageSourceOrArtifact(b []byte, v *FindSoftwareFindSoftwarePackageSourceOrArtifact) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(FindSoftwareFindSoftwareArtifact) - return json.Unmarshal(b, *v) - case "Package": - *v = new(FindSoftwareFindSoftwarePackage) - return json.Unmarshal(b, *v) - case "Source": - *v = new(FindSoftwareFindSoftwareSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing PackageSourceOrArtifact.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for FindSoftwareFindSoftwarePackageSourceOrArtifact: "%v"`, tn.TypeName) - } -} +// GetKnownSince returns HasSourceAtInputSpec.KnownSince, and is useful for accessing the field via an interface. +func (v *HasSourceAtInputSpec) GetKnownSince() time.Time { return v.KnownSince } -func __marshalFindSoftwareFindSoftwarePackageSourceOrArtifact(v *FindSoftwareFindSoftwarePackageSourceOrArtifact) ([]byte, error) { +// GetJustification returns HasSourceAtInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *HasSourceAtInputSpec) GetJustification() string { return v.Justification } - var typename string - switch v := (*v).(type) { - case *FindSoftwareFindSoftwareArtifact: - typename = "Artifact" +// GetOrigin returns HasSourceAtInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *HasSourceAtInputSpec) GetOrigin() string { return v.Origin } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalFindSoftwareFindSoftwareArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *FindSoftwareFindSoftwarePackage: - typename = "Package" +// GetCollector returns HasSourceAtInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *HasSourceAtInputSpec) GetCollector() string { return v.Collector } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalFindSoftwareFindSoftwarePackage - }{typename, premarshaled} - return json.Marshal(result) - case *FindSoftwareFindSoftwareSource: - typename = "Source" +// HasSourceAtResponse is returned by HasSourceAt on success. +type HasSourceAtResponse struct { + // Adds a certification that a package (PackageName or PackageVersion) is built from the source. + IngestHasSourceAt HasSourceAtIngestHasSourceAt `json:"ingestHasSourceAt"` +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalFindSoftwareFindSoftwareSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for FindSoftwareFindSoftwarePackageSourceOrArtifact: "%T"`, v) - } +// GetIngestHasSourceAt returns HasSourceAtResponse.IngestHasSourceAt, and is useful for accessing the field via an interface. +func (v *HasSourceAtResponse) GetIngestHasSourceAt() HasSourceAtIngestHasSourceAt { + return v.IngestHasSourceAt } -// FindSoftwareFindSoftwareSource includes the requested fields of the GraphQL type Source. +// HashEqualIngestHashEqual includes the requested fields of the GraphQL type HashEqual. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. -// -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type FindSoftwareFindSoftwareSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` +// HashEqual is an attestation that a set of artifacts are identical. +type HashEqualIngestHashEqual struct { + AllHashEqualTree `json:"-"` } -// GetTypename returns FindSoftwareFindSoftwareSource.Typename, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareSource) GetTypename() *string { return v.Typename } - -// GetId returns FindSoftwareFindSoftwareSource.Id, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns HashEqualIngestHashEqual.Id, and is useful for accessing the field via an interface. +func (v *HashEqualIngestHashEqual) GetId() string { return v.AllHashEqualTree.Id } -// GetType returns FindSoftwareFindSoftwareSource.Type, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareSource) GetType() string { return v.AllSourceTree.Type } +// GetJustification returns HashEqualIngestHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *HashEqualIngestHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } -// GetNamespaces returns FindSoftwareFindSoftwareSource.Namespaces, and is useful for accessing the field via an interface. -func (v *FindSoftwareFindSoftwareSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetArtifacts returns HashEqualIngestHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *HashEqualIngestHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts } -func (v *FindSoftwareFindSoftwareSource) UnmarshalJSON(b []byte) error { +// GetOrigin returns HashEqualIngestHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *HashEqualIngestHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } + +// GetCollector returns HashEqualIngestHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *HashEqualIngestHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } + +func (v *HashEqualIngestHashEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *FindSoftwareFindSoftwareSource + *HashEqualIngestHashEqual graphql.NoUnmarshalJSON } - firstPass.FindSoftwareFindSoftwareSource = v + firstPass.HashEqualIngestHashEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -8859,24 +9042,26 @@ func (v *FindSoftwareFindSoftwareSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllHashEqualTree) if err != nil { return err } return nil } -type __premarshalFindSoftwareFindSoftwareSource struct { - Typename *string `json:"__typename"` - +type __premarshalHashEqualIngestHashEqual struct { Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *FindSoftwareFindSoftwareSource) MarshalJSON() ([]byte, error) { +func (v *HashEqualIngestHashEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8884,87 +9069,109 @@ func (v *FindSoftwareFindSoftwareSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *FindSoftwareFindSoftwareSource) __premarshalJSON() (*__premarshalFindSoftwareFindSoftwareSource, error) { - var retval __premarshalFindSoftwareFindSoftwareSource +func (v *HashEqualIngestHashEqual) __premarshalJSON() (*__premarshalHashEqualIngestHashEqual, error) { + var retval __premarshalHashEqualIngestHashEqual - retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector return &retval, nil } -// FindSoftwareResponse is returned by FindSoftware on success. -type FindSoftwareResponse struct { - // findSoftware takes in a searchText string and looks for software - // that may be relevant for the input text. This can be seen as fuzzy search - // function for Packages, Sources and Artifacts. findSoftware returns a list - // of Packages, Sources and Artifacts that it determines to be relevant to - // the input searchText. - // - // Due to the nature of full text search being implemented differently on - // different db platforms, the behavior of findSoftware is not guaranteed - // to be the same. In addition, their statistical nature may result in - // results being different per call and not reproducible. - // - // All that is asked in the implementation of this API is that it follows - // the spirit of helping to retrieve the right nodes with best effort. - // - // Warning: This is an EXPERIMENTAL feature. This is subject to change. - // Warning: This is an OPTIONAL feature. Backends are not required to - // implement this API. - FindSoftware []FindSoftwareFindSoftwarePackageSourceOrArtifact `json:"-"` -} - -// GetFindSoftware returns FindSoftwareResponse.FindSoftware, and is useful for accessing the field via an interface. -func (v *FindSoftwareResponse) GetFindSoftware() []FindSoftwareFindSoftwarePackageSourceOrArtifact { - return v.FindSoftware +// HashEqualInputSpec represents the input to certify that packages are similar. +type HashEqualInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -func (v *FindSoftwareResponse) UnmarshalJSON(b []byte) error { +// GetJustification returns HashEqualInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *HashEqualInputSpec) GetJustification() string { return v.Justification } - if string(b) == "null" { - return nil - } +// GetOrigin returns HashEqualInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *HashEqualInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns HashEqualInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *HashEqualInputSpec) GetCollector() string { return v.Collector } + +// HashEqualResponse is returned by HashEqual on success. +type HashEqualResponse struct { + // Adds a certification that two artifacts are equal. + IngestHashEqual HashEqualIngestHashEqual `json:"ingestHashEqual"` +} + +// GetIngestHashEqual returns HashEqualResponse.IngestHashEqual, and is useful for accessing the field via an interface. +func (v *HashEqualResponse) GetIngestHashEqual() HashEqualIngestHashEqual { return v.IngestHashEqual } + +// HashEqualsIngestHashEqualsHashEqual includes the requested fields of the GraphQL type HashEqual. +// The GraphQL type's documentation follows. +// +// HashEqual is an attestation that a set of artifacts are identical. +type HashEqualsIngestHashEqualsHashEqual struct { + AllHashEqualTree `json:"-"` +} + +// GetId returns HashEqualsIngestHashEqualsHashEqual.Id, and is useful for accessing the field via an interface. +func (v *HashEqualsIngestHashEqualsHashEqual) GetId() string { return v.AllHashEqualTree.Id } + +// GetJustification returns HashEqualsIngestHashEqualsHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *HashEqualsIngestHashEqualsHashEqual) GetJustification() string { + return v.AllHashEqualTree.Justification +} + +// GetArtifacts returns HashEqualsIngestHashEqualsHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *HashEqualsIngestHashEqualsHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts +} + +// GetOrigin returns HashEqualsIngestHashEqualsHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *HashEqualsIngestHashEqualsHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } + +// GetCollector returns HashEqualsIngestHashEqualsHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *HashEqualsIngestHashEqualsHashEqual) GetCollector() string { + return v.AllHashEqualTree.Collector +} + +func (v *HashEqualsIngestHashEqualsHashEqual) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } var firstPass struct { - *FindSoftwareResponse - FindSoftware []json.RawMessage `json:"findSoftware"` + *HashEqualsIngestHashEqualsHashEqual graphql.NoUnmarshalJSON } - firstPass.FindSoftwareResponse = v + firstPass.HashEqualsIngestHashEqualsHashEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - { - dst := &v.FindSoftware - src := firstPass.FindSoftware - *dst = make( - []FindSoftwareFindSoftwarePackageSourceOrArtifact, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - if len(src) != 0 && string(src) != "null" { - err = __unmarshalFindSoftwareFindSoftwarePackageSourceOrArtifact( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal FindSoftwareResponse.FindSoftware: %w", err) - } - } - } + err = json.Unmarshal( + b, &v.AllHashEqualTree) + if err != nil { + return err } return nil } -type __premarshalFindSoftwareResponse struct { - FindSoftware []json.RawMessage `json:"findSoftware"` +type __premarshalHashEqualsIngestHashEqualsHashEqual struct { + Id string `json:"id"` + + Justification string `json:"justification"` + + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *FindSoftwareResponse) MarshalJSON() ([]byte, error) { +func (v *HashEqualsIngestHashEqualsHashEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -8972,79 +9179,62 @@ func (v *FindSoftwareResponse) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *FindSoftwareResponse) __premarshalJSON() (*__premarshalFindSoftwareResponse, error) { - var retval __premarshalFindSoftwareResponse - - { +func (v *HashEqualsIngestHashEqualsHashEqual) __premarshalJSON() (*__premarshalHashEqualsIngestHashEqualsHashEqual, error) { + var retval __premarshalHashEqualsIngestHashEqualsHashEqual - dst := &retval.FindSoftware - src := v.FindSoftware - *dst = make( - []json.RawMessage, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - var err error - *dst, err = __marshalFindSoftwareFindSoftwarePackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal FindSoftwareResponse.FindSoftware: %w", err) - } - } - } + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector return &retval, nil } -// GHSAInputSpec specifies a GitHub Security Advisory for mutations. -type GHSAInputSpec struct { - GhsaId string `json:"ghsaId"` +// HashEqualsResponse is returned by HashEquals on success. +type HashEqualsResponse struct { + // Bulk ingest certifications that two artifacts are equal. + IngestHashEquals []HashEqualsIngestHashEqualsHashEqual `json:"ingestHashEquals"` } -// GetGhsaId returns GHSAInputSpec.GhsaId, and is useful for accessing the field via an interface. -func (v *GHSAInputSpec) GetGhsaId() string { return v.GhsaId } - -// GHSASpec allows filtering the list of advisories to return in a query. -type GHSASpec struct { - Id *string `json:"id"` - GhsaId *string `json:"ghsaId"` +// GetIngestHashEquals returns HashEqualsResponse.IngestHashEquals, and is useful for accessing the field via an interface. +func (v *HashEqualsResponse) GetIngestHashEquals() []HashEqualsIngestHashEqualsHashEqual { + return v.IngestHashEquals } -// GetId returns GHSASpec.Id, and is useful for accessing the field via an interface. -func (v *GHSASpec) GetId() *string { return v.Id } - -// GetGhsaId returns GHSASpec.GhsaId, and is useful for accessing the field via an interface. -func (v *GHSASpec) GetGhsaId() *string { return v.GhsaId } - -// GHSAsGhsaGHSA includes the requested fields of the GraphQL type GHSA. +// IngestArtifactIngestArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// Artifact represents an artifact identified by a checksum hash. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// This node can be referred to by other parts of GUAC. -type GHSAsGhsaGHSA struct { - AllGHSATree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type IngestArtifactIngestArtifact struct { + AllArtifactTree `json:"-"` } -// GetId returns GHSAsGhsaGHSA.Id, and is useful for accessing the field via an interface. -func (v *GHSAsGhsaGHSA) GetId() string { return v.AllGHSATree.Id } +// GetId returns IngestArtifactIngestArtifact.Id, and is useful for accessing the field via an interface. +func (v *IngestArtifactIngestArtifact) GetId() string { return v.AllArtifactTree.Id } + +// GetAlgorithm returns IngestArtifactIngestArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *IngestArtifactIngestArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetGhsaId returns GHSAsGhsaGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *GHSAsGhsaGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetDigest returns IngestArtifactIngestArtifact.Digest, and is useful for accessing the field via an interface. +func (v *IngestArtifactIngestArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *GHSAsGhsaGHSA) UnmarshalJSON(b []byte) error { +func (v *IngestArtifactIngestArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *GHSAsGhsaGHSA + *IngestArtifactIngestArtifact graphql.NoUnmarshalJSON } - firstPass.GHSAsGhsaGHSA = v + firstPass.IngestArtifactIngestArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9052,20 +9242,22 @@ func (v *GHSAsGhsaGHSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalGHSAsGhsaGHSA struct { +type __premarshalIngestArtifactIngestArtifact struct { Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` } -func (v *GHSAsGhsaGHSA) MarshalJSON() ([]byte, error) { +func (v *IngestArtifactIngestArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9073,87 +9265,62 @@ func (v *GHSAsGhsaGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *GHSAsGhsaGHSA) __premarshalJSON() (*__premarshalGHSAsGhsaGHSA, error) { - var retval __premarshalGHSAsGhsaGHSA +func (v *IngestArtifactIngestArtifact) __premarshalJSON() (*__premarshalIngestArtifactIngestArtifact, error) { + var retval __premarshalIngestArtifactIngestArtifact - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// GHSAsResponse is returned by GHSAs on success. -type GHSAsResponse struct { - // Returns all GitHub Security Advisories matching a filter. - Ghsa []GHSAsGhsaGHSA `json:"ghsa"` +// IngestArtifactResponse is returned by IngestArtifact on success. +type IngestArtifactResponse struct { + // Ingests a new artifact and returns it. + IngestArtifact IngestArtifactIngestArtifact `json:"ingestArtifact"` } -// GetGhsa returns GHSAsResponse.Ghsa, and is useful for accessing the field via an interface. -func (v *GHSAsResponse) GetGhsa() []GHSAsGhsaGHSA { return v.Ghsa } +// GetIngestArtifact returns IngestArtifactResponse.IngestArtifact, and is useful for accessing the field via an interface. +func (v *IngestArtifactResponse) GetIngestArtifact() IngestArtifactIngestArtifact { + return v.IngestArtifact +} -// HasMetadataArtifactIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. +// IngestArtifactsIngestArtifactsArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". -// -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. +// Artifact represents an artifact identified by a checksum hash. // -// Justification indicates how the metadata was determined. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type HasMetadataArtifactIngestHasMetadata struct { - AllHasMetadata `json:"-"` -} - -// GetId returns HasMetadataArtifactIngestHasMetadata.Id, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } - -// GetSubject returns HasMetadataArtifactIngestHasMetadata.Subject, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { - return v.AllHasMetadata.Subject +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type IngestArtifactsIngestArtifactsArtifact struct { + AllArtifactTree `json:"-"` } -// GetKey returns HasMetadataArtifactIngestHasMetadata.Key, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } - -// GetValue returns HasMetadataArtifactIngestHasMetadata.Value, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } - -// GetTimestamp returns HasMetadataArtifactIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetTimestamp() time.Time { - return v.AllHasMetadata.Timestamp -} +// GetId returns IngestArtifactsIngestArtifactsArtifact.Id, and is useful for accessing the field via an interface. +func (v *IngestArtifactsIngestArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetJustification returns HasMetadataArtifactIngestHasMetadata.Justification, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetJustification() string { - return v.AllHasMetadata.Justification +// GetAlgorithm returns IngestArtifactsIngestArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *IngestArtifactsIngestArtifactsArtifact) GetAlgorithm() string { + return v.AllArtifactTree.Algorithm } -// GetOrigin returns HasMetadataArtifactIngestHasMetadata.Origin, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } - -// GetCollector returns HasMetadataArtifactIngestHasMetadata.Collector, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactIngestHasMetadata) GetCollector() string { - return v.AllHasMetadata.Collector -} +// GetDigest returns IngestArtifactsIngestArtifactsArtifact.Digest, and is useful for accessing the field via an interface. +func (v *IngestArtifactsIngestArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *HasMetadataArtifactIngestHasMetadata) UnmarshalJSON(b []byte) error { +func (v *IngestArtifactsIngestArtifactsArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasMetadataArtifactIngestHasMetadata + *IngestArtifactsIngestArtifactsArtifact graphql.NoUnmarshalJSON } - firstPass.HasMetadataArtifactIngestHasMetadata = v + firstPass.IngestArtifactsIngestArtifactsArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9161,32 +9328,22 @@ func (v *HasMetadataArtifactIngestHasMetadata) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasMetadata) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalHasMetadataArtifactIngestHasMetadata struct { +type __premarshalIngestArtifactsIngestArtifactsArtifact struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Key string `json:"key"` - - Value string `json:"value"` - - Timestamp time.Time `json:"timestamp"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` + Algorithm string `json:"algorithm"` - Collector string `json:"collector"` + Digest string `json:"digest"` } -func (v *HasMetadataArtifactIngestHasMetadata) MarshalJSON() ([]byte, error) { +func (v *IngestArtifactsIngestArtifactsArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9194,130 +9351,115 @@ func (v *HasMetadataArtifactIngestHasMetadata) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasMetadataArtifactIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataArtifactIngestHasMetadata, error) { - var retval __premarshalHasMetadataArtifactIngestHasMetadata - - retval.Id = v.AllHasMetadata.Id - { +func (v *IngestArtifactsIngestArtifactsArtifact) __premarshalJSON() (*__premarshalIngestArtifactsIngestArtifactsArtifact, error) { + var retval __premarshalIngestArtifactsIngestArtifactsArtifact - dst := &retval.Subject - src := v.AllHasMetadata.Subject - var err error - *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasMetadataArtifactIngestHasMetadata.AllHasMetadata.Subject: %w", err) - } - } - retval.Key = v.AllHasMetadata.Key - retval.Value = v.AllHasMetadata.Value - retval.Timestamp = v.AllHasMetadata.Timestamp - retval.Justification = v.AllHasMetadata.Justification - retval.Origin = v.AllHasMetadata.Origin - retval.Collector = v.AllHasMetadata.Collector + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// HasMetadataArtifactResponse is returned by HasMetadataArtifact on success. -type HasMetadataArtifactResponse struct { - // Adds metadata about a package, source or artifact. - IngestHasMetadata HasMetadataArtifactIngestHasMetadata `json:"ingestHasMetadata"` +// IngestArtifactsResponse is returned by IngestArtifacts on success. +type IngestArtifactsResponse struct { + // Bulk ingests new artifacts and returns a list of them. + IngestArtifacts []IngestArtifactsIngestArtifactsArtifact `json:"ingestArtifacts"` } -// GetIngestHasMetadata returns HasMetadataArtifactResponse.IngestHasMetadata, and is useful for accessing the field via an interface. -func (v *HasMetadataArtifactResponse) GetIngestHasMetadata() HasMetadataArtifactIngestHasMetadata { - return v.IngestHasMetadata +// GetIngestArtifacts returns IngestArtifactsResponse.IngestArtifacts, and is useful for accessing the field via an interface. +func (v *IngestArtifactsResponse) GetIngestArtifacts() []IngestArtifactsIngestArtifactsArtifact { + return v.IngestArtifacts } -// HasMetadataInputSpec represents the mutation input to ingest a CertifyGood evidence. -type HasMetadataInputSpec struct { - Key string `json:"key"` - Value string `json:"value"` - Timestamp time.Time `json:"timestamp"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// IngestBuilderIngestBuilder includes the requested fields of the GraphQL type Builder. +// The GraphQL type's documentation follows. +// +// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// +// Currently builders are identified by the uri field. +type IngestBuilderIngestBuilder struct { + Uri string `json:"uri"` } -// GetKey returns HasMetadataInputSpec.Key, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetKey() string { return v.Key } +// GetUri returns IngestBuilderIngestBuilder.Uri, and is useful for accessing the field via an interface. +func (v *IngestBuilderIngestBuilder) GetUri() string { return v.Uri } -// GetValue returns HasMetadataInputSpec.Value, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetValue() string { return v.Value } +// IngestBuilderResponse is returned by IngestBuilder on success. +type IngestBuilderResponse struct { + // Ingests a new builder and returns it. + IngestBuilder IngestBuilderIngestBuilder `json:"ingestBuilder"` +} -// GetTimestamp returns HasMetadataInputSpec.Timestamp, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetTimestamp() time.Time { return v.Timestamp } +// GetIngestBuilder returns IngestBuilderResponse.IngestBuilder, and is useful for accessing the field via an interface. +func (v *IngestBuilderResponse) GetIngestBuilder() IngestBuilderIngestBuilder { return v.IngestBuilder } -// GetJustification returns HasMetadataInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetJustification() string { return v.Justification } +// IngestBuildersIngestBuildersBuilder includes the requested fields of the GraphQL type Builder. +// The GraphQL type's documentation follows. +// +// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// +// Currently builders are identified by the uri field. +type IngestBuildersIngestBuildersBuilder struct { + Uri string `json:"uri"` +} -// GetOrigin returns HasMetadataInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetOrigin() string { return v.Origin } +// GetUri returns IngestBuildersIngestBuildersBuilder.Uri, and is useful for accessing the field via an interface. +func (v *IngestBuildersIngestBuildersBuilder) GetUri() string { return v.Uri } -// GetCollector returns HasMetadataInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *HasMetadataInputSpec) GetCollector() string { return v.Collector } +// IngestBuildersResponse is returned by IngestBuilders on success. +type IngestBuildersResponse struct { + // Bulk ingests new builders and returns a list of them. + IngestBuilders []IngestBuildersIngestBuildersBuilder `json:"ingestBuilders"` +} -// HasMetadataPkgIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. +// GetIngestBuilders returns IngestBuildersResponse.IngestBuilders, and is useful for accessing the field via an interface. +func (v *IngestBuildersResponse) GetIngestBuilders() []IngestBuildersIngestBuildersBuilder { + return v.IngestBuilders +} + +// IngestPackageIngestPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". +// Package represents the root of the package trie/tree. // -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// Justification indicates how the metadata was determined. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type HasMetadataPkgIngestHasMetadata struct { - AllHasMetadata `json:"-"` -} - -// GetId returns HasMetadataPkgIngestHasMetadata.Id, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } - -// GetSubject returns HasMetadataPkgIngestHasMetadata.Subject, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { - return v.AllHasMetadata.Subject +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type IngestPackageIngestPackage struct { + AllPkgTree `json:"-"` } -// GetKey returns HasMetadataPkgIngestHasMetadata.Key, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } - -// GetValue returns HasMetadataPkgIngestHasMetadata.Value, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } +// GetId returns IngestPackageIngestPackage.Id, and is useful for accessing the field via an interface. +func (v *IngestPackageIngestPackage) GetId() string { return v.AllPkgTree.Id } -// GetTimestamp returns HasMetadataPkgIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetTimestamp() time.Time { return v.AllHasMetadata.Timestamp } +// GetType returns IngestPackageIngestPackage.Type, and is useful for accessing the field via an interface. +func (v *IngestPackageIngestPackage) GetType() string { return v.AllPkgTree.Type } -// GetJustification returns HasMetadataPkgIngestHasMetadata.Justification, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetJustification() string { - return v.AllHasMetadata.Justification +// GetNamespaces returns IngestPackageIngestPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *IngestPackageIngestPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -// GetOrigin returns HasMetadataPkgIngestHasMetadata.Origin, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } - -// GetCollector returns HasMetadataPkgIngestHasMetadata.Collector, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgIngestHasMetadata) GetCollector() string { return v.AllHasMetadata.Collector } - -func (v *HasMetadataPkgIngestHasMetadata) UnmarshalJSON(b []byte) error { +func (v *IngestPackageIngestPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasMetadataPkgIngestHasMetadata + *IngestPackageIngestPackage graphql.NoUnmarshalJSON } - firstPass.HasMetadataPkgIngestHasMetadata = v + firstPass.IngestPackageIngestPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9325,32 +9467,22 @@ func (v *HasMetadataPkgIngestHasMetadata) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasMetadata) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalHasMetadataPkgIngestHasMetadata struct { +type __premarshalIngestPackageIngestPackage struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Key string `json:"key"` - - Value string `json:"value"` - - Timestamp time.Time `json:"timestamp"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *HasMetadataPkgIngestHasMetadata) MarshalJSON() ([]byte, error) { +func (v *IngestPackageIngestPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9358,102 +9490,67 @@ func (v *HasMetadataPkgIngestHasMetadata) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasMetadataPkgIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataPkgIngestHasMetadata, error) { - var retval __premarshalHasMetadataPkgIngestHasMetadata - - retval.Id = v.AllHasMetadata.Id - { +func (v *IngestPackageIngestPackage) __premarshalJSON() (*__premarshalIngestPackageIngestPackage, error) { + var retval __premarshalIngestPackageIngestPackage - dst := &retval.Subject - src := v.AllHasMetadata.Subject - var err error - *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasMetadataPkgIngestHasMetadata.AllHasMetadata.Subject: %w", err) - } - } - retval.Key = v.AllHasMetadata.Key - retval.Value = v.AllHasMetadata.Value - retval.Timestamp = v.AllHasMetadata.Timestamp - retval.Justification = v.AllHasMetadata.Justification - retval.Origin = v.AllHasMetadata.Origin - retval.Collector = v.AllHasMetadata.Collector + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// HasMetadataPkgResponse is returned by HasMetadataPkg on success. -type HasMetadataPkgResponse struct { - // Adds metadata about a package, source or artifact. - IngestHasMetadata HasMetadataPkgIngestHasMetadata `json:"ingestHasMetadata"` +// IngestPackageResponse is returned by IngestPackage on success. +type IngestPackageResponse struct { + // Ingests a new package and returns the corresponding package trie path. + IngestPackage IngestPackageIngestPackage `json:"ingestPackage"` } -// GetIngestHasMetadata returns HasMetadataPkgResponse.IngestHasMetadata, and is useful for accessing the field via an interface. -func (v *HasMetadataPkgResponse) GetIngestHasMetadata() HasMetadataPkgIngestHasMetadata { - return v.IngestHasMetadata -} +// GetIngestPackage returns IngestPackageResponse.IngestPackage, and is useful for accessing the field via an interface. +func (v *IngestPackageResponse) GetIngestPackage() IngestPackageIngestPackage { return v.IngestPackage } -// HasMetadataSrcIngestHasMetadata includes the requested fields of the GraphQL type HasMetadata. +// IngestPackagesIngestPackagesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". +// Package represents the root of the package trie/tree. // -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// Justification indicates how the metadata was determined. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type HasMetadataSrcIngestHasMetadata struct { - AllHasMetadata `json:"-"` +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type IngestPackagesIngestPackagesPackage struct { + AllPkgTree `json:"-"` } -// GetId returns HasMetadataSrcIngestHasMetadata.Id, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetId() string { return v.AllHasMetadata.Id } +// GetId returns IngestPackagesIngestPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *IngestPackagesIngestPackagesPackage) GetId() string { return v.AllPkgTree.Id } -// GetSubject returns HasMetadataSrcIngestHasMetadata.Subject, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetSubject() AllHasMetadataSubjectPackageSourceOrArtifact { - return v.AllHasMetadata.Subject +// GetType returns IngestPackagesIngestPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *IngestPackagesIngestPackagesPackage) GetType() string { return v.AllPkgTree.Type } + +// GetNamespaces returns IngestPackagesIngestPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *IngestPackagesIngestPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -// GetKey returns HasMetadataSrcIngestHasMetadata.Key, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetKey() string { return v.AllHasMetadata.Key } - -// GetValue returns HasMetadataSrcIngestHasMetadata.Value, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetValue() string { return v.AllHasMetadata.Value } - -// GetTimestamp returns HasMetadataSrcIngestHasMetadata.Timestamp, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetTimestamp() time.Time { return v.AllHasMetadata.Timestamp } - -// GetJustification returns HasMetadataSrcIngestHasMetadata.Justification, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetJustification() string { - return v.AllHasMetadata.Justification -} - -// GetOrigin returns HasMetadataSrcIngestHasMetadata.Origin, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetOrigin() string { return v.AllHasMetadata.Origin } - -// GetCollector returns HasMetadataSrcIngestHasMetadata.Collector, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcIngestHasMetadata) GetCollector() string { return v.AllHasMetadata.Collector } - -func (v *HasMetadataSrcIngestHasMetadata) UnmarshalJSON(b []byte) error { +func (v *IngestPackagesIngestPackagesPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasMetadataSrcIngestHasMetadata + *IngestPackagesIngestPackagesPackage graphql.NoUnmarshalJSON } - firstPass.HasMetadataSrcIngestHasMetadata = v + firstPass.IngestPackagesIngestPackagesPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9461,32 +9558,22 @@ func (v *HasMetadataSrcIngestHasMetadata) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasMetadata) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalHasMetadataSrcIngestHasMetadata struct { +type __premarshalIngestPackagesIngestPackagesPackage struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Key string `json:"key"` - - Value string `json:"value"` - - Timestamp time.Time `json:"timestamp"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *HasMetadataSrcIngestHasMetadata) MarshalJSON() ([]byte, error) { +func (v *IngestPackagesIngestPackagesPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9494,86 +9581,66 @@ func (v *HasMetadataSrcIngestHasMetadata) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasMetadataSrcIngestHasMetadata) __premarshalJSON() (*__premarshalHasMetadataSrcIngestHasMetadata, error) { - var retval __premarshalHasMetadataSrcIngestHasMetadata - - retval.Id = v.AllHasMetadata.Id - { +func (v *IngestPackagesIngestPackagesPackage) __premarshalJSON() (*__premarshalIngestPackagesIngestPackagesPackage, error) { + var retval __premarshalIngestPackagesIngestPackagesPackage - dst := &retval.Subject - src := v.AllHasMetadata.Subject - var err error - *dst, err = __marshalAllHasMetadataSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasMetadataSrcIngestHasMetadata.AllHasMetadata.Subject: %w", err) - } - } - retval.Key = v.AllHasMetadata.Key - retval.Value = v.AllHasMetadata.Value - retval.Timestamp = v.AllHasMetadata.Timestamp - retval.Justification = v.AllHasMetadata.Justification - retval.Origin = v.AllHasMetadata.Origin - retval.Collector = v.AllHasMetadata.Collector + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// HasMetadataSrcResponse is returned by HasMetadataSrc on success. -type HasMetadataSrcResponse struct { - // Adds metadata about a package, source or artifact. - IngestHasMetadata HasMetadataSrcIngestHasMetadata `json:"ingestHasMetadata"` -} - -// GetIngestHasMetadata returns HasMetadataSrcResponse.IngestHasMetadata, and is useful for accessing the field via an interface. -func (v *HasMetadataSrcResponse) GetIngestHasMetadata() HasMetadataSrcIngestHasMetadata { - return v.IngestHasMetadata +// IngestPackagesResponse is returned by IngestPackages on success. +type IngestPackagesResponse struct { + // Bulk ingests packages and returns the list of corresponding package trie path. + IngestPackages []IngestPackagesIngestPackagesPackage `json:"ingestPackages"` } -// HasSBOMArtifactIngestHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type HasSBOMArtifactIngestHasSBOM struct { - AllHasSBOMTree `json:"-"` +// GetIngestPackages returns IngestPackagesResponse.IngestPackages, and is useful for accessing the field via an interface. +func (v *IngestPackagesResponse) GetIngestPackages() []IngestPackagesIngestPackagesPackage { + return v.IngestPackages } -// GetId returns HasSBOMArtifactIngestHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns HasSBOMArtifactIngestHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// IngestSourceIngestSource includes the requested fields of the GraphQL type Source. +// The GraphQL type's documentation follows. +// +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type IngestSourceIngestSource struct { + AllSourceTree `json:"-"` } -// GetUri returns HasSBOMArtifactIngestHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns HasSBOMArtifactIngestHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } +// GetId returns IngestSourceIngestSource.Id, and is useful for accessing the field via an interface. +func (v *IngestSourceIngestSource) GetId() string { return v.AllSourceTree.Id } -// GetDigest returns HasSBOMArtifactIngestHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } +// GetType returns IngestSourceIngestSource.Type, and is useful for accessing the field via an interface. +func (v *IngestSourceIngestSource) GetType() string { return v.AllSourceTree.Type } -// GetDownloadLocation returns HasSBOMArtifactIngestHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetDownloadLocation() string { - return v.AllHasSBOMTree.DownloadLocation +// GetNamespaces returns IngestSourceIngestSource.Namespaces, and is useful for accessing the field via an interface. +func (v *IngestSourceIngestSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces } -// GetOrigin returns HasSBOMArtifactIngestHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } - -// GetCollector returns HasSBOMArtifactIngestHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactIngestHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } - -func (v *HasSBOMArtifactIngestHasSBOM) UnmarshalJSON(b []byte) error { +func (v *IngestSourceIngestSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasSBOMArtifactIngestHasSBOM + *IngestSourceIngestSource graphql.NoUnmarshalJSON } - firstPass.HasSBOMArtifactIngestHasSBOM = v + firstPass.IngestSourceIngestSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9581,32 +9648,22 @@ func (v *HasSBOMArtifactIngestHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalHasSBOMArtifactIngestHasSBOM struct { +type __premarshalIngestSourceIngestSource struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *HasSBOMArtifactIngestHasSBOM) MarshalJSON() ([]byte, error) { +func (v *IngestSourceIngestSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9614,90 +9671,64 @@ func (v *HasSBOMArtifactIngestHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasSBOMArtifactIngestHasSBOM) __premarshalJSON() (*__premarshalHasSBOMArtifactIngestHasSBOM, error) { - var retval __premarshalHasSBOMArtifactIngestHasSBOM - - retval.Id = v.AllHasSBOMTree.Id - { +func (v *IngestSourceIngestSource) __premarshalJSON() (*__premarshalIngestSourceIngestSource, error) { + var retval __premarshalIngestSourceIngestSource - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasSBOMArtifactIngestHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// HasSBOMArtifactResponse is returned by HasSBOMArtifact on success. -type HasSBOMArtifactResponse struct { - // Certifies that a package or artifact has an SBOM. - IngestHasSBOM HasSBOMArtifactIngestHasSBOM `json:"ingestHasSBOM"` -} - -// GetIngestHasSBOM returns HasSBOMArtifactResponse.IngestHasSBOM, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactResponse) GetIngestHasSBOM() HasSBOMArtifactIngestHasSBOM { - return v.IngestHasSBOM -} - -// HasSBOMArtifactsIngestHasSBOMsHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type HasSBOMArtifactsIngestHasSBOMsHasSBOM struct { - AllHasSBOMTree `json:"-"` -} - -// GetId returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// IngestSourceResponse is returned by IngestSource on success. +type IngestSourceResponse struct { + // Ingests a new source and returns the corresponding source trie path. + IngestSource IngestSourceIngestSource `json:"ingestSource"` } -// GetUri returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } +// GetIngestSource returns IngestSourceResponse.IngestSource, and is useful for accessing the field via an interface. +func (v *IngestSourceResponse) GetIngestSource() IngestSourceIngestSource { return v.IngestSource } -// GetAlgorithm returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetAlgorithm() string { - return v.AllHasSBOMTree.Algorithm +// IngestSourcesIngestSourcesSource includes the requested fields of the GraphQL type Source. +// The GraphQL type's documentation follows. +// +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type IngestSourcesIngestSourcesSource struct { + AllSourceTree `json:"-"` } -// GetDigest returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } - -// GetDownloadLocation returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetDownloadLocation() string { - return v.AllHasSBOMTree.DownloadLocation -} +// GetId returns IngestSourcesIngestSourcesSource.Id, and is useful for accessing the field via an interface. +func (v *IngestSourcesIngestSourcesSource) GetId() string { return v.AllSourceTree.Id } -// GetOrigin returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } +// GetType returns IngestSourcesIngestSourcesSource.Type, and is useful for accessing the field via an interface. +func (v *IngestSourcesIngestSourcesSource) GetType() string { return v.AllSourceTree.Type } -// GetCollector returns HasSBOMArtifactsIngestHasSBOMsHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) GetCollector() string { - return v.AllHasSBOMTree.Collector +// GetNamespaces returns IngestSourcesIngestSourcesSource.Namespaces, and is useful for accessing the field via an interface. +func (v *IngestSourcesIngestSourcesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces } -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { +func (v *IngestSourcesIngestSourcesSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasSBOMArtifactsIngestHasSBOMsHasSBOM + *IngestSourcesIngestSourcesSource graphql.NoUnmarshalJSON } - firstPass.HasSBOMArtifactsIngestHasSBOMsHasSBOM = v + firstPass.IngestSourcesIngestSourcesSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9705,32 +9736,22 @@ func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM struct { +type __premarshalIngestSourcesIngestSourcesSource struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { +func (v *IngestSourcesIngestSourcesSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9738,114 +9759,84 @@ func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasSBOMArtifactsIngestHasSBOMsHasSBOM) __premarshalJSON() (*__premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM, error) { - var retval __premarshalHasSBOMArtifactsIngestHasSBOMsHasSBOM - - retval.Id = v.AllHasSBOMTree.Id - { +func (v *IngestSourcesIngestSourcesSource) __premarshalJSON() (*__premarshalIngestSourcesIngestSourcesSource, error) { + var retval __premarshalIngestSourcesIngestSourcesSource - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasSBOMArtifactsIngestHasSBOMsHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// HasSBOMArtifactsResponse is returned by HasSBOMArtifacts on success. -type HasSBOMArtifactsResponse struct { - // Bulk ingest that package or artifact has an SBOM. - IngestHasSBOMs []HasSBOMArtifactsIngestHasSBOMsHasSBOM `json:"ingestHasSBOMs"` +// IngestSourcesResponse is returned by IngestSources on success. +type IngestSourcesResponse struct { + // Bulk ingests sources and returns the list of corresponding source trie path. + IngestSources []IngestSourcesIngestSourcesSource `json:"ingestSources"` } -// GetIngestHasSBOMs returns HasSBOMArtifactsResponse.IngestHasSBOMs, and is useful for accessing the field via an interface. -func (v *HasSBOMArtifactsResponse) GetIngestHasSBOMs() []HasSBOMArtifactsIngestHasSBOMsHasSBOM { - return v.IngestHasSBOMs +// GetIngestSources returns IngestSourcesResponse.IngestSources, and is useful for accessing the field via an interface. +func (v *IngestSourcesResponse) GetIngestSources() []IngestSourcesIngestSourcesSource { + return v.IngestSources } -// HasSBOMInputSpec is the same as HasSBOM but for mutation input. -type HasSBOMInputSpec struct { - Uri string `json:"uri"` - Algorithm string `json:"algorithm"` - Digest string `json:"digest"` - DownloadLocation string `json:"downloadLocation"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// IngestVulnerabilitiesIngestVulnerabilitiesVulnerability includes the requested fields of the GraphQL type Vulnerability. +// The GraphQL type's documentation follows. +// +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type IngestVulnerabilitiesIngestVulnerabilitiesVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetUri returns HasSBOMInputSpec.Uri, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetUri() string { return v.Uri } - -// GetAlgorithm returns HasSBOMInputSpec.Algorithm, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetAlgorithm() string { return v.Algorithm } - -// GetDigest returns HasSBOMInputSpec.Digest, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetDigest() string { return v.Digest } - -// GetDownloadLocation returns HasSBOMInputSpec.DownloadLocation, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetDownloadLocation() string { return v.DownloadLocation } - -// GetOrigin returns HasSBOMInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns HasSBOMInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *HasSBOMInputSpec) GetCollector() string { return v.Collector } - -// HasSBOMPkgIngestHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type HasSBOMPkgIngestHasSBOM struct { - AllHasSBOMTree `json:"-"` +// GetId returns IngestVulnerabilitiesIngestVulnerabilitiesVulnerability.Id, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) GetId() string { + return v.AllVulnerabilityTree.Id } -// GetId returns HasSBOMPkgIngestHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns HasSBOMPkgIngestHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// GetType returns IngestVulnerabilitiesIngestVulnerabilitiesVulnerability.Type, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) GetType() string { + return v.AllVulnerabilityTree.Type } -// GetUri returns HasSBOMPkgIngestHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns HasSBOMPkgIngestHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } - -// GetDigest returns HasSBOMPkgIngestHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } - -// GetDownloadLocation returns HasSBOMPkgIngestHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetDownloadLocation() string { - return v.AllHasSBOMTree.DownloadLocation +// GetVulnerabilityIDs returns IngestVulnerabilitiesIngestVulnerabilitiesVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetOrigin returns HasSBOMPkgIngestHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } - -// GetCollector returns HasSBOMPkgIngestHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgIngestHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } - -func (v *HasSBOMPkgIngestHasSBOM) UnmarshalJSON(b []byte) error { +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasSBOMPkgIngestHasSBOM + *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability graphql.NoUnmarshalJSON } - firstPass.HasSBOMPkgIngestHasSBOM = v + firstPass.IngestVulnerabilitiesIngestVulnerabilitiesVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9853,32 +9844,22 @@ func (v *HasSBOMPkgIngestHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalHasSBOMPkgIngestHasSBOM struct { +type __premarshalIngestVulnerabilitiesIngestVulnerabilitiesVulnerability struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *HasSBOMPkgIngestHasSBOM) MarshalJSON() ([]byte, error) { +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -9886,84 +9867,80 @@ func (v *HasSBOMPkgIngestHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasSBOMPkgIngestHasSBOM) __premarshalJSON() (*__premarshalHasSBOMPkgIngestHasSBOM, error) { - var retval __premarshalHasSBOMPkgIngestHasSBOM - - retval.Id = v.AllHasSBOMTree.Id - { +func (v *IngestVulnerabilitiesIngestVulnerabilitiesVulnerability) __premarshalJSON() (*__premarshalIngestVulnerabilitiesIngestVulnerabilitiesVulnerability, error) { + var retval __premarshalIngestVulnerabilitiesIngestVulnerabilitiesVulnerability - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasSBOMPkgIngestHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// HasSBOMPkgResponse is returned by HasSBOMPkg on success. -type HasSBOMPkgResponse struct { - // Certifies that a package or artifact has an SBOM. - IngestHasSBOM HasSBOMPkgIngestHasSBOM `json:"ingestHasSBOM"` +// IngestVulnerabilitiesResponse is returned by IngestVulnerabilities on success. +type IngestVulnerabilitiesResponse struct { + // Bulk ingests vulnerabilities and returns the list of corresponding vulnerability trie path. + IngestVulnerabilities []IngestVulnerabilitiesIngestVulnerabilitiesVulnerability `json:"ingestVulnerabilities"` } -// GetIngestHasSBOM returns HasSBOMPkgResponse.IngestHasSBOM, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgResponse) GetIngestHasSBOM() HasSBOMPkgIngestHasSBOM { return v.IngestHasSBOM } - -// HasSBOMPkgsIngestHasSBOMsHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type HasSBOMPkgsIngestHasSBOMsHasSBOM struct { - AllHasSBOMTree `json:"-"` +// GetIngestVulnerabilities returns IngestVulnerabilitiesResponse.IngestVulnerabilities, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilitiesResponse) GetIngestVulnerabilities() []IngestVulnerabilitiesIngestVulnerabilitiesVulnerability { + return v.IngestVulnerabilities } -// GetId returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// IngestVulnerabilityIngestVulnerability includes the requested fields of the GraphQL type Vulnerability. +// The GraphQL type's documentation follows. +// +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type IngestVulnerabilityIngestVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetUri returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } +// GetId returns IngestVulnerabilityIngestVulnerability.Id, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilityIngestVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetDigest returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } +// GetType returns IngestVulnerabilityIngestVulnerability.Type, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilityIngestVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetDownloadLocation returns HasSBOMPkgsIngestHasSBOMsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetDownloadLocation() string { - return v.AllHasSBOMTree.DownloadLocation +// GetVulnerabilityIDs returns IngestVulnerabilityIngestVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilityIngestVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetOrigin returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } - -// GetCollector returns HasSBOMPkgsIngestHasSBOMsHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } - -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { +func (v *IngestVulnerabilityIngestVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasSBOMPkgsIngestHasSBOMsHasSBOM + *IngestVulnerabilityIngestVulnerability graphql.NoUnmarshalJSON } - firstPass.HasSBOMPkgsIngestHasSBOMsHasSBOM = v + firstPass.IngestVulnerabilityIngestVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -9971,32 +9948,22 @@ func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM struct { +type __premarshalIngestVulnerabilityIngestVulnerability struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { +func (v *IngestVulnerabilityIngestVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10004,88 +9971,85 @@ func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasSBOMPkgsIngestHasSBOMsHasSBOM) __premarshalJSON() (*__premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM, error) { - var retval __premarshalHasSBOMPkgsIngestHasSBOMsHasSBOM - - retval.Id = v.AllHasSBOMTree.Id - { +func (v *IngestVulnerabilityIngestVulnerability) __premarshalJSON() (*__premarshalIngestVulnerabilityIngestVulnerability, error) { + var retval __premarshalIngestVulnerabilityIngestVulnerability - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal HasSBOMPkgsIngestHasSBOMsHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// HasSBOMPkgsResponse is returned by HasSBOMPkgs on success. -type HasSBOMPkgsResponse struct { - // Bulk ingest that package or artifact has an SBOM. - IngestHasSBOMs []HasSBOMPkgsIngestHasSBOMsHasSBOM `json:"ingestHasSBOMs"` +// IngestVulnerabilityResponse is returned by IngestVulnerability on success. +type IngestVulnerabilityResponse struct { + // Ingests a new vulnerability and returns the corresponding vulnerability trie path. + IngestVulnerability IngestVulnerabilityIngestVulnerability `json:"ingestVulnerability"` } -// GetIngestHasSBOMs returns HasSBOMPkgsResponse.IngestHasSBOMs, and is useful for accessing the field via an interface. -func (v *HasSBOMPkgsResponse) GetIngestHasSBOMs() []HasSBOMPkgsIngestHasSBOMsHasSBOM { - return v.IngestHasSBOMs +// GetIngestVulnerability returns IngestVulnerabilityResponse.IngestVulnerability, and is useful for accessing the field via an interface. +func (v *IngestVulnerabilityResponse) GetIngestVulnerability() IngestVulnerabilityIngestVulnerability { + return v.IngestVulnerability } -// HasSourceAtIngestHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. +// IsDependenciesIngestDependenciesIsDependency includes the requested fields of the GraphQL type IsDependency. // The GraphQL type's documentation follows. // -// HasSourceAt records that a package's repository is a given source. -type HasSourceAtIngestHasSourceAt struct { - AllHasSourceAt `json:"-"` +// IsDependency is an attestation to record that a package depends on another. +type IsDependenciesIngestDependenciesIsDependency struct { + AllIsDependencyTree `json:"-"` } -// GetId returns HasSourceAtIngestHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } +// GetId returns IsDependenciesIngestDependenciesIsDependency.Id, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetId() string { + return v.AllIsDependencyTree.Id +} -// GetJustification returns HasSourceAtIngestHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetJustification() string { - return v.AllHasSourceAt.Justification +// GetJustification returns IsDependenciesIngestDependenciesIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetJustification() string { + return v.AllIsDependencyTree.Justification } -// GetKnownSince returns HasSourceAtIngestHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } +// GetPackage returns IsDependenciesIngestDependenciesIsDependency.Package, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package +} -// GetPackage returns HasSourceAtIngestHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetPackage() AllHasSourceAtPackage { - return v.AllHasSourceAt.Package +// GetDependentPackage returns IsDependenciesIngestDependenciesIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage } -// GetSource returns HasSourceAtIngestHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetSource() AllHasSourceAtSource { - return v.AllHasSourceAt.Source +// GetDependencyType returns IsDependenciesIngestDependenciesIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType } -// GetOrigin returns HasSourceAtIngestHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } +// GetVersionRange returns IsDependenciesIngestDependenciesIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetVersionRange() string { + return v.AllIsDependencyTree.VersionRange +} -// GetCollector returns HasSourceAtIngestHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *HasSourceAtIngestHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } +// GetOrigin returns IsDependenciesIngestDependenciesIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetOrigin() string { + return v.AllIsDependencyTree.Origin +} -func (v *HasSourceAtIngestHasSourceAt) UnmarshalJSON(b []byte) error { +// GetCollector returns IsDependenciesIngestDependenciesIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *IsDependenciesIngestDependenciesIsDependency) GetCollector() string { + return v.AllIsDependencyTree.Collector +} + +func (v *IsDependenciesIngestDependenciesIsDependency) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HasSourceAtIngestHasSourceAt + *IsDependenciesIngestDependenciesIsDependency graphql.NoUnmarshalJSON } - firstPass.HasSourceAtIngestHasSourceAt = v + firstPass.IsDependenciesIngestDependenciesIsDependency = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10093,30 +10057,32 @@ func (v *HasSourceAtIngestHasSourceAt) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSourceAt) + b, &v.AllIsDependencyTree) if err != nil { return err } return nil } -type __premarshalHasSourceAtIngestHasSourceAt struct { +type __premarshalIsDependenciesIngestDependenciesIsDependency struct { Id string `json:"id"` Justification string `json:"justification"` - KnownSince time.Time `json:"knownSince"` + Package AllIsDependencyTreePackage `json:"package"` - Package AllHasSourceAtPackage `json:"package"` + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - Source AllHasSourceAtSource `json:"source"` + DependencyType DependencyType `json:"dependencyType"` + + VersionRange string `json:"versionRange"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *HasSourceAtIngestHasSourceAt) MarshalJSON() ([]byte, error) { +func (v *IsDependenciesIngestDependenciesIsDependency) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10124,86 +10090,88 @@ func (v *HasSourceAtIngestHasSourceAt) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HasSourceAtIngestHasSourceAt) __premarshalJSON() (*__premarshalHasSourceAtIngestHasSourceAt, error) { - var retval __premarshalHasSourceAtIngestHasSourceAt +func (v *IsDependenciesIngestDependenciesIsDependency) __premarshalJSON() (*__premarshalIsDependenciesIngestDependenciesIsDependency, error) { + var retval __premarshalIsDependenciesIngestDependenciesIsDependency - retval.Id = v.AllHasSourceAt.Id - retval.Justification = v.AllHasSourceAt.Justification - retval.KnownSince = v.AllHasSourceAt.KnownSince - retval.Package = v.AllHasSourceAt.Package - retval.Source = v.AllHasSourceAt.Source - retval.Origin = v.AllHasSourceAt.Origin - retval.Collector = v.AllHasSourceAt.Collector + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil } -// HasSourceAtInputSpec is the same as HasSourceAt but for mutation input. -type HasSourceAtInputSpec struct { - KnownSince time.Time `json:"knownSince"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// IsDependenciesResponse is returned by IsDependencies on success. +type IsDependenciesResponse struct { + // Bulk adds a dependency between two packages + IngestDependencies []IsDependenciesIngestDependenciesIsDependency `json:"ingestDependencies"` } -// GetKnownSince returns HasSourceAtInputSpec.KnownSince, and is useful for accessing the field via an interface. -func (v *HasSourceAtInputSpec) GetKnownSince() time.Time { return v.KnownSince } - -// GetJustification returns HasSourceAtInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *HasSourceAtInputSpec) GetJustification() string { return v.Justification } +// GetIngestDependencies returns IsDependenciesResponse.IngestDependencies, and is useful for accessing the field via an interface. +func (v *IsDependenciesResponse) GetIngestDependencies() []IsDependenciesIngestDependenciesIsDependency { + return v.IngestDependencies +} -// GetOrigin returns HasSourceAtInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *HasSourceAtInputSpec) GetOrigin() string { return v.Origin } +// IsDependencyIngestDependencyIsDependency includes the requested fields of the GraphQL type IsDependency. +// The GraphQL type's documentation follows. +// +// IsDependency is an attestation to record that a package depends on another. +type IsDependencyIngestDependencyIsDependency struct { + AllIsDependencyTree `json:"-"` +} -// GetCollector returns HasSourceAtInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *HasSourceAtInputSpec) GetCollector() string { return v.Collector } +// GetId returns IsDependencyIngestDependencyIsDependency.Id, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetId() string { return v.AllIsDependencyTree.Id } -// HasSourceAtResponse is returned by HasSourceAt on success. -type HasSourceAtResponse struct { - // Adds a certification that a package (PackageName or PackageVersion) is built from the source. - IngestHasSourceAt HasSourceAtIngestHasSourceAt `json:"ingestHasSourceAt"` +// GetJustification returns IsDependencyIngestDependencyIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetJustification() string { + return v.AllIsDependencyTree.Justification } -// GetIngestHasSourceAt returns HasSourceAtResponse.IngestHasSourceAt, and is useful for accessing the field via an interface. -func (v *HasSourceAtResponse) GetIngestHasSourceAt() HasSourceAtIngestHasSourceAt { - return v.IngestHasSourceAt +// GetPackage returns IsDependencyIngestDependencyIsDependency.Package, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package } -// HashEqualIngestHashEqual includes the requested fields of the GraphQL type HashEqual. -// The GraphQL type's documentation follows. -// -// HashEqual is an attestation that a set of artifacts are identical. -type HashEqualIngestHashEqual struct { - AllHashEqualTree `json:"-"` +// GetDependentPackage returns IsDependencyIngestDependencyIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage } -// GetId returns HashEqualIngestHashEqual.Id, and is useful for accessing the field via an interface. -func (v *HashEqualIngestHashEqual) GetId() string { return v.AllHashEqualTree.Id } - -// GetJustification returns HashEqualIngestHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *HashEqualIngestHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } +// GetDependencyType returns IsDependencyIngestDependencyIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType +} -// GetArtifacts returns HashEqualIngestHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *HashEqualIngestHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts +// GetVersionRange returns IsDependencyIngestDependencyIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetVersionRange() string { + return v.AllIsDependencyTree.VersionRange } -// GetOrigin returns HashEqualIngestHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *HashEqualIngestHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } +// GetOrigin returns IsDependencyIngestDependencyIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetOrigin() string { + return v.AllIsDependencyTree.Origin +} -// GetCollector returns HashEqualIngestHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *HashEqualIngestHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } +// GetCollector returns IsDependencyIngestDependencyIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *IsDependencyIngestDependencyIsDependency) GetCollector() string { + return v.AllIsDependencyTree.Collector +} -func (v *HashEqualIngestHashEqual) UnmarshalJSON(b []byte) error { +func (v *IsDependencyIngestDependencyIsDependency) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HashEqualIngestHashEqual + *IsDependencyIngestDependencyIsDependency graphql.NoUnmarshalJSON } - firstPass.HashEqualIngestHashEqual = v + firstPass.IsDependencyIngestDependencyIsDependency = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10211,26 +10179,32 @@ func (v *HashEqualIngestHashEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHashEqualTree) + b, &v.AllIsDependencyTree) if err != nil { return err } return nil } -type __premarshalHashEqualIngestHashEqual struct { +type __premarshalIsDependencyIngestDependencyIsDependency struct { Id string `json:"id"` Justification string `json:"justification"` - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + Package AllIsDependencyTreePackage `json:"package"` + + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + + DependencyType DependencyType `json:"dependencyType"` + + VersionRange string `json:"versionRange"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *HashEqualIngestHashEqual) MarshalJSON() ([]byte, error) { +func (v *IsDependencyIngestDependencyIsDependency) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10238,82 +10212,122 @@ func (v *HashEqualIngestHashEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HashEqualIngestHashEqual) __premarshalJSON() (*__premarshalHashEqualIngestHashEqual, error) { - var retval __premarshalHashEqualIngestHashEqual +func (v *IsDependencyIngestDependencyIsDependency) __premarshalJSON() (*__premarshalIsDependencyIngestDependencyIsDependency, error) { + var retval __premarshalIsDependencyIngestDependencyIsDependency - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil } -// HashEqualInputSpec represents the input to certify that packages are similar. -type HashEqualInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// IsDependencyInputSpec is the input to record a new dependency. +type IsDependencyInputSpec struct { + VersionRange string `json:"versionRange"` + DependencyType DependencyType `json:"dependencyType"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetJustification returns HashEqualInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *HashEqualInputSpec) GetJustification() string { return v.Justification } +// GetVersionRange returns IsDependencyInputSpec.VersionRange, and is useful for accessing the field via an interface. +func (v *IsDependencyInputSpec) GetVersionRange() string { return v.VersionRange } -// GetOrigin returns HashEqualInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *HashEqualInputSpec) GetOrigin() string { return v.Origin } +// GetDependencyType returns IsDependencyInputSpec.DependencyType, and is useful for accessing the field via an interface. +func (v *IsDependencyInputSpec) GetDependencyType() DependencyType { return v.DependencyType } -// GetCollector returns HashEqualInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *HashEqualInputSpec) GetCollector() string { return v.Collector } +// GetJustification returns IsDependencyInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *IsDependencyInputSpec) GetJustification() string { return v.Justification } -// HashEqualResponse is returned by HashEqual on success. -type HashEqualResponse struct { - // Adds a certification that two artifacts are equal. - IngestHashEqual HashEqualIngestHashEqual `json:"ingestHashEqual"` -} +// GetOrigin returns IsDependencyInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *IsDependencyInputSpec) GetOrigin() string { return v.Origin } -// GetIngestHashEqual returns HashEqualResponse.IngestHashEqual, and is useful for accessing the field via an interface. -func (v *HashEqualResponse) GetIngestHashEqual() HashEqualIngestHashEqual { return v.IngestHashEqual } +// GetCollector returns IsDependencyInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *IsDependencyInputSpec) GetCollector() string { return v.Collector } -// HashEqualsIngestHashEqualsHashEqual includes the requested fields of the GraphQL type HashEqual. -// The GraphQL type's documentation follows. -// -// HashEqual is an attestation that a set of artifacts are identical. -type HashEqualsIngestHashEqualsHashEqual struct { - AllHashEqualTree `json:"-"` +// IsDependencyResponse is returned by IsDependency on success. +type IsDependencyResponse struct { + // Adds a dependency between two packages + IngestDependency IsDependencyIngestDependencyIsDependency `json:"ingestDependency"` } -// GetId returns HashEqualsIngestHashEqualsHashEqual.Id, and is useful for accessing the field via an interface. -func (v *HashEqualsIngestHashEqualsHashEqual) GetId() string { return v.AllHashEqualTree.Id } +// GetIngestDependency returns IsDependencyResponse.IngestDependency, and is useful for accessing the field via an interface. +func (v *IsDependencyResponse) GetIngestDependency() IsDependencyIngestDependencyIsDependency { + return v.IngestDependency +} -// GetJustification returns HashEqualsIngestHashEqualsHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *HashEqualsIngestHashEqualsHashEqual) GetJustification() string { - return v.AllHashEqualTree.Justification +// IsOccurrenceInputSpec represents the input to record an artifact's origin. +type IsOccurrenceInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetArtifacts returns HashEqualsIngestHashEqualsHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *HashEqualsIngestHashEqualsHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts +// GetJustification returns IsOccurrenceInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *IsOccurrenceInputSpec) GetJustification() string { return v.Justification } + +// GetOrigin returns IsOccurrenceInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *IsOccurrenceInputSpec) GetOrigin() string { return v.Origin } + +// GetCollector returns IsOccurrenceInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *IsOccurrenceInputSpec) GetCollector() string { return v.Collector } + +// IsOccurrencePkgIngestOccurrenceIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// The GraphQL type's documentation follows. +// +// IsOccurrence is an attestation to link an artifact to a package or source. +// +// Attestation must occur at the PackageVersion or at the SourceName. +type IsOccurrencePkgIngestOccurrenceIsOccurrence struct { + AllIsOccurrencesTree `json:"-"` } -// GetOrigin returns HashEqualsIngestHashEqualsHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *HashEqualsIngestHashEqualsHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } +// GetId returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetId() string { + return v.AllIsOccurrencesTree.Id +} -// GetCollector returns HashEqualsIngestHashEqualsHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *HashEqualsIngestHashEqualsHashEqual) GetCollector() string { - return v.AllHashEqualTree.Collector +// GetSubject returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject } -func (v *HashEqualsIngestHashEqualsHashEqual) UnmarshalJSON(b []byte) error { +// GetArtifact returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact +} + +// GetJustification returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetJustification() string { + return v.AllIsOccurrencesTree.Justification +} + +// GetOrigin returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetOrigin() string { + return v.AllIsOccurrencesTree.Origin +} + +// GetCollector returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetCollector() string { + return v.AllIsOccurrencesTree.Collector +} + +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *HashEqualsIngestHashEqualsHashEqual + *IsOccurrencePkgIngestOccurrenceIsOccurrence graphql.NoUnmarshalJSON } - firstPass.HashEqualsIngestHashEqualsHashEqual = v + firstPass.IsOccurrencePkgIngestOccurrenceIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10321,26 +10335,28 @@ func (v *HashEqualsIngestHashEqualsHashEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHashEqualTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalHashEqualsIngestHashEqualsHashEqual struct { +type __premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence struct { Id string `json:"id"` - Justification string `json:"justification"` + Subject json.RawMessage `json:"subject"` - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *HashEqualsIngestHashEqualsHashEqual) MarshalJSON() ([]byte, error) { +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10348,62 +10364,91 @@ func (v *HashEqualsIngestHashEqualsHashEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *HashEqualsIngestHashEqualsHashEqual) __premarshalJSON() (*__premarshalHashEqualsIngestHashEqualsHashEqual, error) { - var retval __premarshalHashEqualsIngestHashEqualsHashEqual +func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence, error) { + var retval __premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector + retval.Id = v.AllIsOccurrencesTree.Id + { + + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal IsOccurrencePkgIngestOccurrenceIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// HashEqualsResponse is returned by HashEquals on success. -type HashEqualsResponse struct { - // Bulk ingest certifications that two artifacts are equal. - IngestHashEquals []HashEqualsIngestHashEqualsHashEqual `json:"ingestHashEquals"` +// IsOccurrencePkgResponse is returned by IsOccurrencePkg on success. +type IsOccurrencePkgResponse struct { + // Ingest that an artifact is produced from a package or source. + IngestOccurrence IsOccurrencePkgIngestOccurrenceIsOccurrence `json:"ingestOccurrence"` } -// GetIngestHashEquals returns HashEqualsResponse.IngestHashEquals, and is useful for accessing the field via an interface. -func (v *HashEqualsResponse) GetIngestHashEquals() []HashEqualsIngestHashEqualsHashEqual { - return v.IngestHashEquals +// GetIngestOccurrence returns IsOccurrencePkgResponse.IngestOccurrence, and is useful for accessing the field via an interface. +func (v *IsOccurrencePkgResponse) GetIngestOccurrence() IsOccurrencePkgIngestOccurrenceIsOccurrence { + return v.IngestOccurrence } -// IngestArtifactIngestArtifact includes the requested fields of the GraphQL type Artifact. +// IsOccurrenceSrcIngestOccurrenceIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// IsOccurrence is an attestation to link an artifact to a package or source. // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type IngestArtifactIngestArtifact struct { - AllArtifactTree `json:"-"` +// Attestation must occur at the PackageVersion or at the SourceName. +type IsOccurrenceSrcIngestOccurrenceIsOccurrence struct { + AllIsOccurrencesTree `json:"-"` } -// GetId returns IngestArtifactIngestArtifact.Id, and is useful for accessing the field via an interface. -func (v *IngestArtifactIngestArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetId returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetId() string { + return v.AllIsOccurrencesTree.Id +} -// GetAlgorithm returns IngestArtifactIngestArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *IngestArtifactIngestArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetSubject returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject +} -// GetDigest returns IngestArtifactIngestArtifact.Digest, and is useful for accessing the field via an interface. -func (v *IngestArtifactIngestArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetArtifact returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact +} -func (v *IngestArtifactIngestArtifact) UnmarshalJSON(b []byte) error { +// GetJustification returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetJustification() string { + return v.AllIsOccurrencesTree.Justification +} + +// GetOrigin returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetOrigin() string { + return v.AllIsOccurrencesTree.Origin +} + +// GetCollector returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetCollector() string { + return v.AllIsOccurrencesTree.Collector +} + +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestArtifactIngestArtifact + *IsOccurrenceSrcIngestOccurrenceIsOccurrence graphql.NoUnmarshalJSON } - firstPass.IngestArtifactIngestArtifact = v + firstPass.IsOccurrenceSrcIngestOccurrenceIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10411,22 +10456,28 @@ func (v *IngestArtifactIngestArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalIngestArtifactIngestArtifact struct { +type __premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Subject json.RawMessage `json:"subject"` - Digest string `json:"digest"` + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestArtifactIngestArtifact) MarshalJSON() ([]byte, error) { +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10434,62 +10485,91 @@ func (v *IngestArtifactIngestArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestArtifactIngestArtifact) __premarshalJSON() (*__premarshalIngestArtifactIngestArtifact, error) { - var retval __premarshalIngestArtifactIngestArtifact +func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence, error) { + var retval __premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllIsOccurrencesTree.Id + { + + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal IsOccurrenceSrcIngestOccurrenceIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// IngestArtifactResponse is returned by IngestArtifact on success. -type IngestArtifactResponse struct { - // Ingests a new artifact and returns it. - IngestArtifact IngestArtifactIngestArtifact `json:"ingestArtifact"` +// IsOccurrenceSrcResponse is returned by IsOccurrenceSrc on success. +type IsOccurrenceSrcResponse struct { + // Ingest that an artifact is produced from a package or source. + IngestOccurrence IsOccurrenceSrcIngestOccurrenceIsOccurrence `json:"ingestOccurrence"` } -// GetIngestArtifact returns IngestArtifactResponse.IngestArtifact, and is useful for accessing the field via an interface. -func (v *IngestArtifactResponse) GetIngestArtifact() IngestArtifactIngestArtifact { - return v.IngestArtifact +// GetIngestOccurrence returns IsOccurrenceSrcResponse.IngestOccurrence, and is useful for accessing the field via an interface. +func (v *IsOccurrenceSrcResponse) GetIngestOccurrence() IsOccurrenceSrcIngestOccurrenceIsOccurrence { + return v.IngestOccurrence } -// IngestArtifactsIngestArtifactsArtifact includes the requested fields of the GraphQL type Artifact. +// IsOccurrencesPkgIngestOccurrencesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. +// IsOccurrence is an attestation to link an artifact to a package or source. // -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type IngestArtifactsIngestArtifactsArtifact struct { - AllArtifactTree `json:"-"` +// Attestation must occur at the PackageVersion or at the SourceName. +type IsOccurrencesPkgIngestOccurrencesIsOccurrence struct { + AllIsOccurrencesTree `json:"-"` } -// GetId returns IngestArtifactsIngestArtifactsArtifact.Id, and is useful for accessing the field via an interface. -func (v *IngestArtifactsIngestArtifactsArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetId returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetId() string { + return v.AllIsOccurrencesTree.Id +} -// GetAlgorithm returns IngestArtifactsIngestArtifactsArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *IngestArtifactsIngestArtifactsArtifact) GetAlgorithm() string { - return v.AllArtifactTree.Algorithm +// GetSubject returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject } -// GetDigest returns IngestArtifactsIngestArtifactsArtifact.Digest, and is useful for accessing the field via an interface. -func (v *IngestArtifactsIngestArtifactsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetArtifact returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact +} -func (v *IngestArtifactsIngestArtifactsArtifact) UnmarshalJSON(b []byte) error { +// GetJustification returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetJustification() string { + return v.AllIsOccurrencesTree.Justification +} + +// GetOrigin returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetOrigin() string { + return v.AllIsOccurrencesTree.Origin +} + +// GetCollector returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetCollector() string { + return v.AllIsOccurrencesTree.Collector +} + +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestArtifactsIngestArtifactsArtifact + *IsOccurrencesPkgIngestOccurrencesIsOccurrence graphql.NoUnmarshalJSON } - firstPass.IngestArtifactsIngestArtifactsArtifact = v + firstPass.IsOccurrencesPkgIngestOccurrencesIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10497,22 +10577,28 @@ func (v *IngestArtifactsIngestArtifactsArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalIngestArtifactsIngestArtifactsArtifact struct { +type __premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence struct { Id string `json:"id"` - Algorithm string `json:"algorithm"` + Subject json.RawMessage `json:"subject"` - Digest string `json:"digest"` + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestArtifactsIngestArtifactsArtifact) MarshalJSON() ([]byte, error) { +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10520,109 +10606,91 @@ func (v *IngestArtifactsIngestArtifactsArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestArtifactsIngestArtifactsArtifact) __premarshalJSON() (*__premarshalIngestArtifactsIngestArtifactsArtifact, error) { - var retval __premarshalIngestArtifactsIngestArtifactsArtifact +func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence, error) { + var retval __premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllIsOccurrencesTree.Id + { + + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal IsOccurrencesPkgIngestOccurrencesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// IngestArtifactsResponse is returned by IngestArtifacts on success. -type IngestArtifactsResponse struct { - // Bulk ingests new artifacts and returns a list of them. - IngestArtifacts []IngestArtifactsIngestArtifactsArtifact `json:"ingestArtifacts"` +// IsOccurrencesPkgResponse is returned by IsOccurrencesPkg on success. +type IsOccurrencesPkgResponse struct { + // Bulk ingest that an artifact is produced from a package or source. + IngestOccurrences []IsOccurrencesPkgIngestOccurrencesIsOccurrence `json:"ingestOccurrences"` } -// GetIngestArtifacts returns IngestArtifactsResponse.IngestArtifacts, and is useful for accessing the field via an interface. -func (v *IngestArtifactsResponse) GetIngestArtifacts() []IngestArtifactsIngestArtifactsArtifact { - return v.IngestArtifacts +// GetIngestOccurrences returns IsOccurrencesPkgResponse.IngestOccurrences, and is useful for accessing the field via an interface. +func (v *IsOccurrencesPkgResponse) GetIngestOccurrences() []IsOccurrencesPkgIngestOccurrencesIsOccurrence { + return v.IngestOccurrences } -// IngestBuilderIngestBuilder includes the requested fields of the GraphQL type Builder. +// IsOccurrencesSrcIngestOccurrencesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // -// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// IsOccurrence is an attestation to link an artifact to a package or source. // -// Currently builders are identified by the uri field. -type IngestBuilderIngestBuilder struct { - Uri string `json:"uri"` +// Attestation must occur at the PackageVersion or at the SourceName. +type IsOccurrencesSrcIngestOccurrencesIsOccurrence struct { + AllIsOccurrencesTree `json:"-"` } -// GetUri returns IngestBuilderIngestBuilder.Uri, and is useful for accessing the field via an interface. -func (v *IngestBuilderIngestBuilder) GetUri() string { return v.Uri } - -// IngestBuilderResponse is returned by IngestBuilder on success. -type IngestBuilderResponse struct { - // Ingests a new builder and returns it. - IngestBuilder IngestBuilderIngestBuilder `json:"ingestBuilder"` +// GetId returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetId() string { + return v.AllIsOccurrencesTree.Id } -// GetIngestBuilder returns IngestBuilderResponse.IngestBuilder, and is useful for accessing the field via an interface. -func (v *IngestBuilderResponse) GetIngestBuilder() IngestBuilderIngestBuilder { return v.IngestBuilder } - -// IngestBuildersIngestBuildersBuilder includes the requested fields of the GraphQL type Builder. -// The GraphQL type's documentation follows. -// -// Builder represents the builder (e.g., FRSCA or GitHub Actions). -// -// Currently builders are identified by the uri field. -type IngestBuildersIngestBuildersBuilder struct { - Uri string `json:"uri"` +// GetSubject returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject } -// GetUri returns IngestBuildersIngestBuildersBuilder.Uri, and is useful for accessing the field via an interface. -func (v *IngestBuildersIngestBuildersBuilder) GetUri() string { return v.Uri } - -// IngestBuildersResponse is returned by IngestBuilders on success. -type IngestBuildersResponse struct { - // Bulk ingests new builders and returns a list of them. - IngestBuilders []IngestBuildersIngestBuildersBuilder `json:"ingestBuilders"` +// GetArtifact returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact } -// GetIngestBuilders returns IngestBuildersResponse.IngestBuilders, and is useful for accessing the field via an interface. -func (v *IngestBuildersResponse) GetIngestBuilders() []IngestBuildersIngestBuildersBuilder { - return v.IngestBuilders +// GetJustification returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetJustification() string { + return v.AllIsOccurrencesTree.Justification } -// IngestCVEIngestCVE includes the requested fields of the GraphQL type CVE. -// The GraphQL type's documentation follows. -// -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. -// -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. -// -// This node can be referred to by other parts of GUAC. -type IngestCVEIngestCVE struct { - AllCveTree `json:"-"` +// GetOrigin returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetOrigin() string { + return v.AllIsOccurrencesTree.Origin } -// GetId returns IngestCVEIngestCVE.Id, and is useful for accessing the field via an interface. -func (v *IngestCVEIngestCVE) GetId() string { return v.AllCveTree.Id } - -// GetYear returns IngestCVEIngestCVE.Year, and is useful for accessing the field via an interface. -func (v *IngestCVEIngestCVE) GetYear() int { return v.AllCveTree.Year } - -// GetCveId returns IngestCVEIngestCVE.CveId, and is useful for accessing the field via an interface. -func (v *IngestCVEIngestCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetCollector returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetCollector() string { + return v.AllIsOccurrencesTree.Collector +} -func (v *IngestCVEIngestCVE) UnmarshalJSON(b []byte) error { +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestCVEIngestCVE + *IsOccurrencesSrcIngestOccurrencesIsOccurrence graphql.NoUnmarshalJSON } - firstPass.IngestCVEIngestCVE = v + firstPass.IsOccurrencesSrcIngestOccurrencesIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10630,22 +10698,28 @@ func (v *IngestCVEIngestCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalIngestCVEIngestCVE struct { +type __premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence struct { Id string `json:"id"` - Year int `json:"year"` + Subject json.RawMessage `json:"subject"` + + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` - CveId string `json:"cveId"` + Collector string `json:"collector"` } -func (v *IngestCVEIngestCVE) MarshalJSON() ([]byte, error) { +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10653,61 +10727,86 @@ func (v *IngestCVEIngestCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestCVEIngestCVE) __premarshalJSON() (*__premarshalIngestCVEIngestCVE, error) { - var retval __premarshalIngestCVEIngestCVE +func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence, error) { + var retval __premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence + + retval.Id = v.AllIsOccurrencesTree.Id + { - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal IsOccurrencesSrcIngestOccurrencesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// IngestCVEResponse is returned by IngestCVE on success. -type IngestCVEResponse struct { - // Ingests new CVE and returns it. - IngestCVE IngestCVEIngestCVE `json:"ingestCVE"` +// IsOccurrencesSrcResponse is returned by IsOccurrencesSrc on success. +type IsOccurrencesSrcResponse struct { + // Bulk ingest that an artifact is produced from a package or source. + IngestOccurrences []IsOccurrencesSrcIngestOccurrencesIsOccurrence `json:"ingestOccurrences"` +} + +// GetIngestOccurrences returns IsOccurrencesSrcResponse.IngestOccurrences, and is useful for accessing the field via an interface. +func (v *IsOccurrencesSrcResponse) GetIngestOccurrences() []IsOccurrencesSrcIngestOccurrencesIsOccurrence { + return v.IngestOccurrences +} + +// MatchFlags is used to input the PkgMatchType enum. +type MatchFlags struct { + Pkg PkgMatchType `json:"pkg"` } -// GetIngestCVE returns IngestCVEResponse.IngestCVE, and is useful for accessing the field via an interface. -func (v *IngestCVEResponse) GetIngestCVE() IngestCVEIngestCVE { return v.IngestCVE } +// GetPkg returns MatchFlags.Pkg, and is useful for accessing the field via an interface. +func (v *MatchFlags) GetPkg() PkgMatchType { return v.Pkg } -// IngestCVEsIngestCVEsCVE includes the requested fields of the GraphQL type CVE. +// NeighborsNeighborsArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// Artifact represents an artifact identified by a checksum hash. // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// This node can be referred to by other parts of GUAC. -type IngestCVEsIngestCVEsCVE struct { - AllCveTree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type NeighborsNeighborsArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` } -// GetId returns IngestCVEsIngestCVEsCVE.Id, and is useful for accessing the field via an interface. -func (v *IngestCVEsIngestCVEsCVE) GetId() string { return v.AllCveTree.Id } +// GetTypename returns NeighborsNeighborsArtifact.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsArtifact) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsArtifact.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetYear returns IngestCVEsIngestCVEsCVE.Year, and is useful for accessing the field via an interface. -func (v *IngestCVEsIngestCVEsCVE) GetYear() int { return v.AllCveTree.Year } +// GetAlgorithm returns NeighborsNeighborsArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetCveId returns IngestCVEsIngestCVEsCVE.CveId, and is useful for accessing the field via an interface. -func (v *IngestCVEsIngestCVEsCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetDigest returns NeighborsNeighborsArtifact.Digest, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *IngestCVEsIngestCVEsCVE) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestCVEsIngestCVEsCVE + *NeighborsNeighborsArtifact graphql.NoUnmarshalJSON } - firstPass.IngestCVEsIngestCVEsCVE = v + firstPass.NeighborsNeighborsArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10715,22 +10814,24 @@ func (v *IngestCVEsIngestCVEsCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalIngestCVEsIngestCVEsCVE struct { +type __premarshalNeighborsNeighborsArtifact struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Year int `json:"year"` + Algorithm string `json:"algorithm"` - CveId string `json:"cveId"` + Digest string `json:"digest"` } -func (v *IngestCVEsIngestCVEsCVE) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10738,53 +10839,47 @@ func (v *IngestCVEsIngestCVEsCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestCVEsIngestCVEsCVE) __premarshalJSON() (*__premarshalIngestCVEsIngestCVEsCVE, error) { - var retval __premarshalIngestCVEsIngestCVEsCVE +func (v *NeighborsNeighborsArtifact) __premarshalJSON() (*__premarshalNeighborsNeighborsArtifact, error) { + var retval __premarshalNeighborsNeighborsArtifact - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Typename = v.Typename + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// IngestCVEsResponse is returned by IngestCVEs on success. -type IngestCVEsResponse struct { - // Bulk ingests new CVEs and returns a list of them. - IngestCVEs []IngestCVEsIngestCVEsCVE `json:"ingestCVEs"` -} - -// GetIngestCVEs returns IngestCVEsResponse.IngestCVEs, and is useful for accessing the field via an interface. -func (v *IngestCVEsResponse) GetIngestCVEs() []IngestCVEsIngestCVEsCVE { return v.IngestCVEs } - -// IngestGHSAIngestGHSA includes the requested fields of the GraphQL type GHSA. +// NeighborsNeighborsBuilder includes the requested fields of the GraphQL type Builder. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. -// -// The advisory id field is mandatory and canonicalized to be lowercase. +// Builder represents the builder (e.g., FRSCA or GitHub Actions). // -// This node can be referred to by other parts of GUAC. -type IngestGHSAIngestGHSA struct { - AllGHSATree `json:"-"` +// Currently builders are identified by the uri field. +type NeighborsNeighborsBuilder struct { + Typename *string `json:"__typename"` + AllBuilderTree `json:"-"` } -// GetId returns IngestGHSAIngestGHSA.Id, and is useful for accessing the field via an interface. -func (v *IngestGHSAIngestGHSA) GetId() string { return v.AllGHSATree.Id } +// GetTypename returns NeighborsNeighborsBuilder.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsBuilder) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsBuilder.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsBuilder) GetId() string { return v.AllBuilderTree.Id } -// GetGhsaId returns IngestGHSAIngestGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *IngestGHSAIngestGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetUri returns NeighborsNeighborsBuilder.Uri, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsBuilder) GetUri() string { return v.AllBuilderTree.Uri } -func (v *IngestGHSAIngestGHSA) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsBuilder) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestGHSAIngestGHSA + *NeighborsNeighborsBuilder graphql.NoUnmarshalJSON } - firstPass.IngestGHSAIngestGHSA = v + firstPass.NeighborsNeighborsBuilder = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10792,20 +10887,22 @@ func (v *IngestGHSAIngestGHSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllBuilderTree) if err != nil { return err } return nil } -type __premarshalIngestGHSAIngestGHSA struct { +type __premarshalNeighborsNeighborsBuilder struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Uri string `json:"uri"` } -func (v *IngestGHSAIngestGHSA) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsBuilder) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10813,52 +10910,67 @@ func (v *IngestGHSAIngestGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestGHSAIngestGHSA) __premarshalJSON() (*__premarshalIngestGHSAIngestGHSA, error) { - var retval __premarshalIngestGHSAIngestGHSA +func (v *NeighborsNeighborsBuilder) __premarshalJSON() (*__premarshalNeighborsNeighborsBuilder, error) { + var retval __premarshalNeighborsNeighborsBuilder - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId + retval.Typename = v.Typename + retval.Id = v.AllBuilderTree.Id + retval.Uri = v.AllBuilderTree.Uri return &retval, nil } -// IngestGHSAResponse is returned by IngestGHSA on success. -type IngestGHSAResponse struct { - // Ingests a new GitHub Security Advisory and returns it. - IngestGHSA IngestGHSAIngestGHSA `json:"ingestGHSA"` -} - -// GetIngestGHSA returns IngestGHSAResponse.IngestGHSA, and is useful for accessing the field via an interface. -func (v *IngestGHSAResponse) GetIngestGHSA() IngestGHSAIngestGHSA { return v.IngestGHSA } - -// IngestGHSAsIngestGHSAsGHSA includes the requested fields of the GraphQL type GHSA. +// NeighborsNeighborsCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// This node can be referred to by other parts of GUAC. -type IngestGHSAsIngestGHSAsGHSA struct { - AllGHSATree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NeighborsNeighborsCertifyBad struct { + Typename *string `json:"__typename"` + AllCertifyBad `json:"-"` +} + +// GetTypename returns NeighborsNeighborsCertifyBad.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetId() string { return v.AllCertifyBad.Id } + +// GetJustification returns NeighborsNeighborsCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetJustification() string { + return v.AllCertifyBad.Justification } -// GetId returns IngestGHSAsIngestGHSAsGHSA.Id, and is useful for accessing the field via an interface. -func (v *IngestGHSAsIngestGHSAsGHSA) GetId() string { return v.AllGHSATree.Id } +// GetSubject returns NeighborsNeighborsCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject +} -// GetGhsaId returns IngestGHSAsIngestGHSAsGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *IngestGHSAsIngestGHSAsGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetOrigin returns NeighborsNeighborsCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } + +// GetCollector returns NeighborsNeighborsCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } -func (v *IngestGHSAsIngestGHSAsGHSA) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestGHSAsIngestGHSAsGHSA + *NeighborsNeighborsCertifyBad graphql.NoUnmarshalJSON } - firstPass.IngestGHSAsIngestGHSAsGHSA = v + firstPass.NeighborsNeighborsCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10866,20 +10978,28 @@ func (v *IngestGHSAsIngestGHSAsGHSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalIngestGHSAsIngestGHSAsGHSA struct { +type __premarshalNeighborsNeighborsCertifyBad struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Justification string `json:"justification"` + + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestGHSAsIngestGHSAsGHSA) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10887,55 +11007,81 @@ func (v *IngestGHSAsIngestGHSAsGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestGHSAsIngestGHSAsGHSA) __premarshalJSON() (*__premarshalIngestGHSAsIngestGHSAsGHSA, error) { - var retval __premarshalIngestGHSAsIngestGHSAsGHSA +func (v *NeighborsNeighborsCertifyBad) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyBad, error) { + var retval __premarshalNeighborsNeighborsCertifyBad - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil -} + retval.Typename = v.Typename + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { -// IngestGHSAsResponse is returned by IngestGHSAs on success. -type IngestGHSAsResponse struct { - // Bulk ingests new GHSAs and returns a list of them. - IngestGHSAs []IngestGHSAsIngestGHSAsGHSA `json:"ingestGHSAs"` + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsNeighborsCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector + return &retval, nil } -// GetIngestGHSAs returns IngestGHSAsResponse.IngestGHSAs, and is useful for accessing the field via an interface. -func (v *IngestGHSAsResponse) GetIngestGHSAs() []IngestGHSAsIngestGHSAsGHSA { return v.IngestGHSAs } - -// IngestOSVIngestOSV includes the requested fields of the GraphQL type OSV. +// NeighborsNeighborsCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// This node can be referred to by other parts of GUAC. -type IngestOSVIngestOSV struct { - AllOSVTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NeighborsNeighborsCertifyGood struct { + Typename *string `json:"__typename"` + AllCertifyGood `json:"-"` +} + +// GetTypename returns NeighborsNeighborsCertifyGood.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetId() string { return v.AllCertifyGood.Id } + +// GetJustification returns NeighborsNeighborsCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetJustification() string { + return v.AllCertifyGood.Justification } -// GetId returns IngestOSVIngestOSV.Id, and is useful for accessing the field via an interface. -func (v *IngestOSVIngestOSV) GetId() string { return v.AllOSVTree.Id } +// GetSubject returns NeighborsNeighborsCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject +} -// GetOsvId returns IngestOSVIngestOSV.OsvId, and is useful for accessing the field via an interface. -func (v *IngestOSVIngestOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetOrigin returns NeighborsNeighborsCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } + +// GetCollector returns NeighborsNeighborsCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } -func (v *IngestOSVIngestOSV) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestOSVIngestOSV + *NeighborsNeighborsCertifyGood graphql.NoUnmarshalJSON } - firstPass.IngestOSVIngestOSV = v + firstPass.NeighborsNeighborsCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -10943,20 +11089,28 @@ func (v *IngestOSVIngestOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalIngestOSVIngestOSV struct { +type __premarshalNeighborsNeighborsCertifyGood struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - OsvId string `json:"osvId"` + Justification string `json:"justification"` + + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestOSVIngestOSV) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -10964,55 +11118,66 @@ func (v *IngestOSVIngestOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestOSVIngestOSV) __premarshalJSON() (*__premarshalIngestOSVIngestOSV, error) { - var retval __premarshalIngestOSVIngestOSV +func (v *NeighborsNeighborsCertifyGood) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyGood, error) { + var retval __premarshalNeighborsNeighborsCertifyGood - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId - return &retval, nil -} + retval.Typename = v.Typename + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification + { -// IngestOSVResponse is returned by IngestOSV on success. -type IngestOSVResponse struct { - // Ingests a new OSV vulnerability and returns it. - IngestOSV IngestOSVIngestOSV `json:"ingestOSV"` + dst := &retval.Subject + src := v.AllCertifyGood.Subject + var err error + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsNeighborsCertifyGood.AllCertifyGood.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector + return &retval, nil } -// GetIngestOSV returns IngestOSVResponse.IngestOSV, and is useful for accessing the field via an interface. -func (v *IngestOSVResponse) GetIngestOSV() IngestOSVIngestOSV { return v.IngestOSV } - -// IngestOSVsIngestOSVsOSV includes the requested fields of the GraphQL type OSV. +// NeighborsNeighborsCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). -// -// This node can be referred to by other parts of GUAC. -type IngestOSVsIngestOSVsOSV struct { - AllOSVTree `json:"-"` +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type NeighborsNeighborsCertifyScorecard struct { + Typename *string `json:"__typename"` + AllCertifyScorecard `json:"-"` } -// GetId returns IngestOSVsIngestOSVsOSV.Id, and is useful for accessing the field via an interface. -func (v *IngestOSVsIngestOSVsOSV) GetId() string { return v.AllOSVTree.Id } +// GetTypename returns NeighborsNeighborsCertifyScorecard.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyScorecard) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } + +// GetSource returns NeighborsNeighborsCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source +} -// GetOsvId returns IngestOSVsIngestOSVsOSV.OsvId, and is useful for accessing the field via an interface. -func (v *IngestOSVsIngestOSVsOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetScorecard returns NeighborsNeighborsCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard +} -func (v *IngestOSVsIngestOSVsOSV) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestOSVsIngestOSVsOSV + *NeighborsNeighborsCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.IngestOSVsIngestOSVsOSV = v + firstPass.NeighborsNeighborsCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11020,20 +11185,24 @@ func (v *IngestOSVsIngestOSVsOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllCertifyScorecard) if err != nil { return err } return nil } -type __premarshalIngestOSVsIngestOSVsOSV struct { +type __premarshalNeighborsNeighborsCertifyScorecard struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - OsvId string `json:"osvId"` + Source AllCertifyScorecardSource `json:"source"` + + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *IngestOSVsIngestOSVsOSV) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11041,157 +11210,88 @@ func (v *IngestOSVsIngestOSVsOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestOSVsIngestOSVsOSV) __premarshalJSON() (*__premarshalIngestOSVsIngestOSVsOSV, error) { - var retval __premarshalIngestOSVsIngestOSVsOSV +func (v *NeighborsNeighborsCertifyScorecard) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyScorecard, error) { + var retval __premarshalNeighborsNeighborsCertifyScorecard - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Typename = v.Typename + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// IngestOSVsResponse is returned by IngestOSVs on success. -type IngestOSVsResponse struct { - // Bulk ingests new OSVs and returns a list of them. - IngestOSVs []IngestOSVsIngestOSVsOSV `json:"ingestOSVs"` -} - -// GetIngestOSVs returns IngestOSVsResponse.IngestOSVs, and is useful for accessing the field via an interface. -func (v *IngestOSVsResponse) GetIngestOSVs() []IngestOSVsIngestOSVsOSV { return v.IngestOSVs } - -// IngestPackageIngestPackage includes the requested fields of the GraphQL type Package. +// NeighborsNeighborsCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type IngestPackageIngestPackage struct { - AllPkgTree `json:"-"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type NeighborsNeighborsCertifyVEXStatement struct { + Typename *string `json:"__typename"` + AllCertifyVEXStatement `json:"-"` } -// GetId returns IngestPackageIngestPackage.Id, and is useful for accessing the field via an interface. -func (v *IngestPackageIngestPackage) GetId() string { return v.AllPkgTree.Id } +// GetTypename returns NeighborsNeighborsCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetTypename() *string { return v.Typename } -// GetType returns IngestPackageIngestPackage.Type, and is useful for accessing the field via an interface. -func (v *IngestPackageIngestPackage) GetType() string { return v.AllPkgTree.Type } +// GetId returns NeighborsNeighborsCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } -// GetNamespaces returns IngestPackageIngestPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *IngestPackageIngestPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetSubject returns NeighborsNeighborsCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject } -func (v *IngestPackageIngestPackage) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } +// GetVulnerability returns NeighborsNeighborsCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability +} - var firstPass struct { - *IngestPackageIngestPackage - graphql.NoUnmarshalJSON - } - firstPass.IngestPackageIngestPackage = v +// GetStatus returns NeighborsNeighborsCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetStatus() VexStatus { + return v.AllCertifyVEXStatement.Status +} - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllPkgTree) - if err != nil { - return err - } - return nil -} - -type __premarshalIngestPackageIngestPackage struct { - Id string `json:"id"` - - Type string `json:"type"` - - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` +// GetVexJustification returns NeighborsNeighborsCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification } -func (v *IngestPackageIngestPackage) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// GetStatement returns NeighborsNeighborsCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement } -func (v *IngestPackageIngestPackage) __premarshalJSON() (*__premarshalIngestPackageIngestPackage, error) { - var retval __premarshalIngestPackageIngestPackage - - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces - return &retval, nil +// GetStatusNotes returns NeighborsNeighborsCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes } -// IngestPackageResponse is returned by IngestPackage on success. -type IngestPackageResponse struct { - // Ingests a new package and returns the corresponding package trie path. - IngestPackage IngestPackageIngestPackage `json:"ingestPackage"` +// GetKnownSince returns NeighborsNeighborsCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince } -// GetIngestPackage returns IngestPackageResponse.IngestPackage, and is useful for accessing the field via an interface. -func (v *IngestPackageResponse) GetIngestPackage() IngestPackageIngestPackage { return v.IngestPackage } - -// IngestPackagesIngestPackagesPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type IngestPackagesIngestPackagesPackage struct { - AllPkgTree `json:"-"` +// GetOrigin returns NeighborsNeighborsCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetOrigin() string { + return v.AllCertifyVEXStatement.Origin } -// GetId returns IngestPackagesIngestPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *IngestPackagesIngestPackagesPackage) GetId() string { return v.AllPkgTree.Id } - -// GetType returns IngestPackagesIngestPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *IngestPackagesIngestPackagesPackage) GetType() string { return v.AllPkgTree.Type } - -// GetNamespaces returns IngestPackagesIngestPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *IngestPackagesIngestPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetCollector returns NeighborsNeighborsCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector } -func (v *IngestPackagesIngestPackagesPackage) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsCertifyVEXStatement) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestPackagesIngestPackagesPackage + *NeighborsNeighborsCertifyVEXStatement graphql.NoUnmarshalJSON } - firstPass.IngestPackagesIngestPackagesPackage = v + firstPass.NeighborsNeighborsCertifyVEXStatement = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11199,22 +11299,38 @@ func (v *IngestPackagesIngestPackagesPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllCertifyVEXStatement) if err != nil { return err } return nil } -type __premarshalIngestPackagesIngestPackagesPackage struct { +type __premarshalNeighborsNeighborsCertifyVEXStatement struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Type string `json:"type"` + Subject json.RawMessage `json:"subject"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` + + Status VexStatus `json:"status"` + + VexJustification VexJustification `json:"vexJustification"` + + Statement string `json:"statement"` + + StatusNotes string `json:"statusNotes"` + + KnownSince time.Time `json:"knownSince"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestPackagesIngestPackagesPackage) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsCertifyVEXStatement) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11222,66 +11338,79 @@ func (v *IngestPackagesIngestPackagesPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestPackagesIngestPackagesPackage) __premarshalJSON() (*__premarshalIngestPackagesIngestPackagesPackage, error) { - var retval __premarshalIngestPackagesIngestPackagesPackage - - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces - return &retval, nil -} +func (v *NeighborsNeighborsCertifyVEXStatement) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyVEXStatement, error) { + var retval __premarshalNeighborsNeighborsCertifyVEXStatement -// IngestPackagesResponse is returned by IngestPackages on success. -type IngestPackagesResponse struct { - // Bulk ingests packages and returns the list of corresponding package trie path. - IngestPackages []IngestPackagesIngestPackagesPackage `json:"ingestPackages"` -} + retval.Typename = v.Typename + retval.Id = v.AllCertifyVEXStatement.Id + { -// GetIngestPackages returns IngestPackagesResponse.IngestPackages, and is useful for accessing the field via an interface. -func (v *IngestPackagesResponse) GetIngestPackages() []IngestPackagesIngestPackagesPackage { - return v.IngestPackages + dst := &retval.Subject + src := v.AllCertifyVEXStatement.Subject + var err error + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsNeighborsCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) + } + } + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector + return &retval, nil } -// IngestSourceIngestSource includes the requested fields of the GraphQL type Source. +// NeighborsNeighborsCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// CertifyVuln is an attestation to attach vulnerability information to a package. // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type IngestSourceIngestSource struct { - AllSourceTree `json:"-"` +// This information is obtained via a scanner. If there is no vulnerability +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type NeighborsNeighborsCertifyVuln struct { + Typename *string `json:"__typename"` + AllCertifyVuln `json:"-"` } -// GetId returns IngestSourceIngestSource.Id, and is useful for accessing the field via an interface. -func (v *IngestSourceIngestSource) GetId() string { return v.AllSourceTree.Id } +// GetTypename returns NeighborsNeighborsCertifyVuln.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVuln) GetTypename() *string { return v.Typename } -// GetType returns IngestSourceIngestSource.Type, and is useful for accessing the field via an interface. -func (v *IngestSourceIngestSource) GetType() string { return v.AllSourceTree.Type } +// GetId returns NeighborsNeighborsCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } -// GetNamespaces returns IngestSourceIngestSource.Namespaces, and is useful for accessing the field via an interface. -func (v *IngestSourceIngestSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetPackage returns NeighborsNeighborsCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVuln) GetPackage() AllCertifyVulnPackage { + return v.AllCertifyVuln.Package } -func (v *IngestSourceIngestSource) UnmarshalJSON(b []byte) error { +// GetVulnerability returns NeighborsNeighborsCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { + return v.AllCertifyVuln.Vulnerability +} + +// GetMetadata returns NeighborsNeighborsCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { + return v.AllCertifyVuln.Metadata +} + +func (v *NeighborsNeighborsCertifyVuln) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestSourceIngestSource + *NeighborsNeighborsCertifyVuln graphql.NoUnmarshalJSON } - firstPass.IngestSourceIngestSource = v + firstPass.NeighborsNeighborsCertifyVuln = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11289,22 +11418,26 @@ func (v *IngestSourceIngestSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllCertifyVuln) if err != nil { return err } return nil } -type __premarshalIngestSourceIngestSource struct { +type __premarshalNeighborsNeighborsCertifyVuln struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Type string `json:"type"` + Package AllCertifyVulnPackage `json:"package"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` + + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` } -func (v *IngestSourceIngestSource) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsCertifyVuln) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11312,64 +11445,89 @@ func (v *IngestSourceIngestSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestSourceIngestSource) __premarshalJSON() (*__premarshalIngestSourceIngestSource, error) { - var retval __premarshalIngestSourceIngestSource +func (v *NeighborsNeighborsCertifyVuln) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyVuln, error) { + var retval __premarshalNeighborsNeighborsCertifyVuln - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllCertifyVuln.Id + retval.Package = v.AllCertifyVuln.Package + retval.Vulnerability = v.AllCertifyVuln.Vulnerability + retval.Metadata = v.AllCertifyVuln.Metadata return &retval, nil } -// IngestSourceResponse is returned by IngestSource on success. -type IngestSourceResponse struct { - // Ingests a new source and returns the corresponding source trie path. - IngestSource IngestSourceIngestSource `json:"ingestSource"` -} - -// GetIngestSource returns IngestSourceResponse.IngestSource, and is useful for accessing the field via an interface. -func (v *IngestSourceResponse) GetIngestSource() IngestSourceIngestSource { return v.IngestSource } - -// IngestSourcesIngestSourcesSource includes the requested fields of the GraphQL type Source. +// NeighborsNeighborsHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// Justification indicates how the metadata was determined. // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type IngestSourcesIngestSourcesSource struct { - AllSourceTree `json:"-"` -} - -// GetId returns IngestSourcesIngestSourcesSource.Id, and is useful for accessing the field via an interface. -func (v *IngestSourcesIngestSourcesSource) GetId() string { return v.AllSourceTree.Id } +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NeighborsNeighborsHasMetadata struct { + Typename *string `json:"__typename"` +} -// GetType returns IngestSourcesIngestSourcesSource.Type, and is useful for accessing the field via an interface. -func (v *IngestSourcesIngestSourcesSource) GetType() string { return v.AllSourceTree.Type } +// GetTypename returns NeighborsNeighborsHasMetadata.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasMetadata) GetTypename() *string { return v.Typename } -// GetNamespaces returns IngestSourcesIngestSourcesSource.Namespaces, and is useful for accessing the field via an interface. -func (v *IngestSourcesIngestSourcesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// NeighborsNeighborsHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type NeighborsNeighborsHasSBOM struct { + Typename *string `json:"__typename"` + AllHasSBOMTree `json:"-"` } -func (v *IngestSourcesIngestSourcesSource) UnmarshalJSON(b []byte) error { +// GetTypename returns NeighborsNeighborsHasSBOM.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns NeighborsNeighborsHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject +} + +// GetUri returns NeighborsNeighborsHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns NeighborsNeighborsHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns NeighborsNeighborsHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns NeighborsNeighborsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetDownloadLocation() string { + return v.AllHasSBOMTree.DownloadLocation +} + +// GetOrigin returns NeighborsNeighborsHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } + +// GetCollector returns NeighborsNeighborsHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } + +func (v *NeighborsNeighborsHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IngestSourcesIngestSourcesSource + *NeighborsNeighborsHasSBOM graphql.NoUnmarshalJSON } - firstPass.IngestSourcesIngestSourcesSource = v + firstPass.NeighborsNeighborsHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11377,22 +11535,34 @@ func (v *IngestSourcesIngestSourcesSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalIngestSourcesIngestSourcesSource struct { +type __premarshalNeighborsNeighborsHasSBOM struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Type string `json:"type"` + Subject json.RawMessage `json:"subject"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *IngestSourcesIngestSourcesSource) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11400,85 +11570,66 @@ func (v *IngestSourcesIngestSourcesSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *IngestSourcesIngestSourcesSource) __premarshalJSON() (*__premarshalIngestSourcesIngestSourcesSource, error) { - var retval __premarshalIngestSourcesIngestSourcesSource - - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces - return &retval, nil -} +func (v *NeighborsNeighborsHasSBOM) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSBOM, error) { + var retval __premarshalNeighborsNeighborsHasSBOM -// IngestSourcesResponse is returned by IngestSources on success. -type IngestSourcesResponse struct { - // Bulk ingests sources and returns the list of corresponding source trie path. - IngestSources []IngestSourcesIngestSourcesSource `json:"ingestSources"` -} + retval.Typename = v.Typename + retval.Id = v.AllHasSBOMTree.Id + { -// GetIngestSources returns IngestSourcesResponse.IngestSources, and is useful for accessing the field via an interface. -func (v *IngestSourcesResponse) GetIngestSources() []IngestSourcesIngestSourcesSource { - return v.IngestSources + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsNeighborsHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector + return &retval, nil } -// IsDependenciesIngestDependenciesIsDependency includes the requested fields of the GraphQL type IsDependency. +// NeighborsNeighborsHasSLSA includes the requested fields of the GraphQL type HasSLSA. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type IsDependenciesIngestDependenciesIsDependency struct { - AllIsDependencyTree `json:"-"` -} - -// GetId returns IsDependenciesIngestDependenciesIsDependency.Id, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetId() string { - return v.AllIsDependencyTree.Id -} - -// GetJustification returns IsDependenciesIngestDependenciesIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetJustification() string { - return v.AllIsDependencyTree.Justification -} - -// GetPackage returns IsDependenciesIngestDependenciesIsDependency.Package, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package -} - -// GetDependentPackage returns IsDependenciesIngestDependenciesIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage +// HasSLSA records that a subject node has a SLSA attestation. +type NeighborsNeighborsHasSLSA struct { + Typename *string `json:"__typename"` + AllSLSATree `json:"-"` } -// GetDependencyType returns IsDependenciesIngestDependenciesIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType -} +// GetTypename returns NeighborsNeighborsHasSLSA.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSLSA) GetTypename() *string { return v.Typename } -// GetVersionRange returns IsDependenciesIngestDependenciesIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} +// GetId returns NeighborsNeighborsHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSLSA) GetId() string { return v.AllSLSATree.Id } -// GetOrigin returns IsDependenciesIngestDependenciesIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetOrigin() string { - return v.AllIsDependencyTree.Origin +// GetSubject returns NeighborsNeighborsHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { + return v.AllSLSATree.Subject } -// GetCollector returns IsDependenciesIngestDependenciesIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *IsDependenciesIngestDependenciesIsDependency) GetCollector() string { - return v.AllIsDependencyTree.Collector -} +// GetSlsa returns NeighborsNeighborsHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -func (v *IsDependenciesIngestDependenciesIsDependency) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsHasSLSA) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IsDependenciesIngestDependenciesIsDependency + *NeighborsNeighborsHasSLSA graphql.NoUnmarshalJSON } - firstPass.IsDependenciesIngestDependenciesIsDependency = v + firstPass.NeighborsNeighborsHasSLSA = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11486,32 +11637,24 @@ func (v *IsDependenciesIngestDependenciesIsDependency) UnmarshalJSON(b []byte) e } err = json.Unmarshal( - b, &v.AllIsDependencyTree) + b, &v.AllSLSATree) if err != nil { return err } return nil } -type __premarshalIsDependenciesIngestDependenciesIsDependency struct { - Id string `json:"id"` - - Justification string `json:"justification"` - - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - - DependencyType DependencyType `json:"dependencyType"` +type __premarshalNeighborsNeighborsHasSLSA struct { + Typename *string `json:"__typename"` - VersionRange string `json:"versionRange"` + Id string `json:"id"` - Origin string `json:"origin"` + Subject AllSLSATreeSubjectArtifact `json:"subject"` - Collector string `json:"collector"` + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` } -func (v *IsDependenciesIngestDependenciesIsDependency) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsHasSLSA) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11519,88 +11662,66 @@ func (v *IsDependenciesIngestDependenciesIsDependency) MarshalJSON() ([]byte, er return json.Marshal(premarshaled) } -func (v *IsDependenciesIngestDependenciesIsDependency) __premarshalJSON() (*__premarshalIsDependenciesIngestDependenciesIsDependency, error) { - var retval __premarshalIsDependenciesIngestDependenciesIsDependency +func (v *NeighborsNeighborsHasSLSA) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSLSA, error) { + var retval __premarshalNeighborsNeighborsHasSLSA - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector + retval.Typename = v.Typename + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa return &retval, nil } -// IsDependenciesResponse is returned by IsDependencies on success. -type IsDependenciesResponse struct { - // Bulk adds a dependency between two packages - IngestDependencies []IsDependenciesIngestDependenciesIsDependency `json:"ingestDependencies"` -} - -// GetIngestDependencies returns IsDependenciesResponse.IngestDependencies, and is useful for accessing the field via an interface. -func (v *IsDependenciesResponse) GetIngestDependencies() []IsDependenciesIngestDependenciesIsDependency { - return v.IngestDependencies -} - -// IsDependencyIngestDependencyIsDependency includes the requested fields of the GraphQL type IsDependency. +// NeighborsNeighborsHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type IsDependencyIngestDependencyIsDependency struct { - AllIsDependencyTree `json:"-"` +// HasSourceAt records that a package's repository is a given source. +type NeighborsNeighborsHasSourceAt struct { + Typename *string `json:"__typename"` + AllHasSourceAt `json:"-"` } -// GetId returns IsDependencyIngestDependencyIsDependency.Id, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetId() string { return v.AllIsDependencyTree.Id } +// GetTypename returns NeighborsNeighborsHasSourceAt.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetTypename() *string { return v.Typename } -// GetJustification returns IsDependencyIngestDependencyIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetJustification() string { - return v.AllIsDependencyTree.Justification -} +// GetId returns NeighborsNeighborsHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } -// GetPackage returns IsDependencyIngestDependencyIsDependency.Package, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package +// GetJustification returns NeighborsNeighborsHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetJustification() string { + return v.AllHasSourceAt.Justification } -// GetDependentPackage returns IsDependencyIngestDependencyIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage -} +// GetKnownSince returns NeighborsNeighborsHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } -// GetDependencyType returns IsDependencyIngestDependencyIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType +// GetPackage returns NeighborsNeighborsHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetPackage() AllHasSourceAtPackage { + return v.AllHasSourceAt.Package } -// GetVersionRange returns IsDependencyIngestDependencyIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange +// GetSource returns NeighborsNeighborsHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetSource() AllHasSourceAtSource { + return v.AllHasSourceAt.Source } -// GetOrigin returns IsDependencyIngestDependencyIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetOrigin() string { - return v.AllIsDependencyTree.Origin -} +// GetOrigin returns NeighborsNeighborsHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } -// GetCollector returns IsDependencyIngestDependencyIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *IsDependencyIngestDependencyIsDependency) GetCollector() string { - return v.AllIsDependencyTree.Collector -} +// GetCollector returns NeighborsNeighborsHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } -func (v *IsDependencyIngestDependencyIsDependency) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsHasSourceAt) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IsDependencyIngestDependencyIsDependency + *NeighborsNeighborsHasSourceAt graphql.NoUnmarshalJSON } - firstPass.IsDependencyIngestDependencyIsDependency = v + firstPass.NeighborsNeighborsHasSourceAt = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11608,32 +11729,32 @@ func (v *IsDependencyIngestDependencyIsDependency) UnmarshalJSON(b []byte) error } err = json.Unmarshal( - b, &v.AllIsDependencyTree) + b, &v.AllHasSourceAt) if err != nil { return err } return nil } -type __premarshalIsDependencyIngestDependencyIsDependency struct { +type __premarshalNeighborsNeighborsHasSourceAt struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Justification string `json:"justification"` - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + KnownSince time.Time `json:"knownSince"` - DependencyType DependencyType `json:"dependencyType"` + Package AllHasSourceAtPackage `json:"package"` - VersionRange string `json:"versionRange"` + Source AllHasSourceAtSource `json:"source"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *IsDependencyIngestDependencyIsDependency) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsHasSourceAt) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11641,122 +11762,169 @@ func (v *IsDependencyIngestDependencyIsDependency) MarshalJSON() ([]byte, error) return json.Marshal(premarshaled) } -func (v *IsDependencyIngestDependencyIsDependency) __premarshalJSON() (*__premarshalIsDependencyIngestDependencyIsDependency, error) { - var retval __premarshalIsDependencyIngestDependencyIsDependency +func (v *NeighborsNeighborsHasSourceAt) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSourceAt, error) { + var retval __premarshalNeighborsNeighborsHasSourceAt - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector + retval.Typename = v.Typename + retval.Id = v.AllHasSourceAt.Id + retval.Justification = v.AllHasSourceAt.Justification + retval.KnownSince = v.AllHasSourceAt.KnownSince + retval.Package = v.AllHasSourceAt.Package + retval.Source = v.AllHasSourceAt.Source + retval.Origin = v.AllHasSourceAt.Origin + retval.Collector = v.AllHasSourceAt.Collector return &retval, nil } -// IsDependencyInputSpec is the input to record a new dependency. -type IsDependencyInputSpec struct { - VersionRange string `json:"versionRange"` - DependencyType DependencyType `json:"dependencyType"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// NeighborsNeighborsHashEqual includes the requested fields of the GraphQL type HashEqual. +// The GraphQL type's documentation follows. +// +// HashEqual is an attestation that a set of artifacts are identical. +type NeighborsNeighborsHashEqual struct { + Typename *string `json:"__typename"` + AllHashEqualTree `json:"-"` } -// GetVersionRange returns IsDependencyInputSpec.VersionRange, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetVersionRange() string { return v.VersionRange } +// GetTypename returns NeighborsNeighborsHashEqual.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetTypename() *string { return v.Typename } -// GetDependencyType returns IsDependencyInputSpec.DependencyType, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetDependencyType() DependencyType { return v.DependencyType } +// GetId returns NeighborsNeighborsHashEqual.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetId() string { return v.AllHashEqualTree.Id } -// GetJustification returns IsDependencyInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetJustification() string { return v.Justification } +// GetJustification returns NeighborsNeighborsHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetJustification() string { + return v.AllHashEqualTree.Justification +} -// GetOrigin returns IsDependencyInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetOrigin() string { return v.Origin } +// GetArtifacts returns NeighborsNeighborsHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts +} -// GetCollector returns IsDependencyInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *IsDependencyInputSpec) GetCollector() string { return v.Collector } +// GetOrigin returns NeighborsNeighborsHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } -// IsDependencyResponse is returned by IsDependency on success. -type IsDependencyResponse struct { - // Adds a dependency between two packages - IngestDependency IsDependencyIngestDependencyIsDependency `json:"ingestDependency"` -} +// GetCollector returns NeighborsNeighborsHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } -// GetIngestDependency returns IsDependencyResponse.IngestDependency, and is useful for accessing the field via an interface. -func (v *IsDependencyResponse) GetIngestDependency() IsDependencyIngestDependencyIsDependency { - return v.IngestDependency +func (v *NeighborsNeighborsHashEqual) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *NeighborsNeighborsHashEqual + graphql.NoUnmarshalJSON + } + firstPass.NeighborsNeighborsHashEqual = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllHashEqualTree) + if err != nil { + return err + } + return nil } -// IsOccurrenceInputSpec represents the input to record an artifact's origin. -type IsOccurrenceInputSpec struct { +type __premarshalNeighborsNeighborsHashEqual struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` + + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -// GetJustification returns IsOccurrenceInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *IsOccurrenceInputSpec) GetJustification() string { return v.Justification } +func (v *NeighborsNeighborsHashEqual) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetOrigin returns IsOccurrenceInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *IsOccurrenceInputSpec) GetOrigin() string { return v.Origin } +func (v *NeighborsNeighborsHashEqual) __premarshalJSON() (*__premarshalNeighborsNeighborsHashEqual, error) { + var retval __premarshalNeighborsNeighborsHashEqual -// GetCollector returns IsOccurrenceInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *IsOccurrenceInputSpec) GetCollector() string { return v.Collector } + retval.Typename = v.Typename + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector + return &retval, nil +} -// IsOccurrencePkgIngestOccurrenceIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// NeighborsNeighborsIsDependency includes the requested fields of the GraphQL type IsDependency. // The GraphQL type's documentation follows. // -// IsOccurrence is an attestation to link an artifact to a package or source. -// -// Attestation must occur at the PackageVersion or at the SourceName. -type IsOccurrencePkgIngestOccurrenceIsOccurrence struct { - AllIsOccurrencesTree `json:"-"` +// IsDependency is an attestation to record that a package depends on another. +type NeighborsNeighborsIsDependency struct { + Typename *string `json:"__typename"` + AllIsDependencyTree `json:"-"` } -// GetId returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetId() string { - return v.AllIsOccurrencesTree.Id +// GetTypename returns NeighborsNeighborsIsDependency.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsIsDependency.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetId() string { return v.AllIsDependencyTree.Id } + +// GetJustification returns NeighborsNeighborsIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetJustification() string { + return v.AllIsDependencyTree.Justification } -// GetSubject returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject +// GetPackage returns NeighborsNeighborsIsDependency.Package, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package } -// GetArtifact returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact +// GetDependentPackage returns NeighborsNeighborsIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage } -// GetJustification returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetJustification() string { - return v.AllIsOccurrencesTree.Justification +// GetDependencyType returns NeighborsNeighborsIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType } -// GetOrigin returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetOrigin() string { - return v.AllIsOccurrencesTree.Origin +// GetVersionRange returns NeighborsNeighborsIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetVersionRange() string { + return v.AllIsDependencyTree.VersionRange } -// GetCollector returns IsOccurrencePkgIngestOccurrenceIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) GetCollector() string { - return v.AllIsOccurrencesTree.Collector +// GetOrigin returns NeighborsNeighborsIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } + +// GetCollector returns NeighborsNeighborsIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsDependency) GetCollector() string { + return v.AllIsDependencyTree.Collector } -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsIsDependency) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IsOccurrencePkgIngestOccurrenceIsOccurrence + *NeighborsNeighborsIsDependency graphql.NoUnmarshalJSON } - firstPass.IsOccurrencePkgIngestOccurrenceIsOccurrence = v + firstPass.NeighborsNeighborsIsDependency = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11764,28 +11932,34 @@ func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) er } err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) + b, &v.AllIsDependencyTree) if err != nil { return err } return nil } -type __premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence struct { +type __premarshalNeighborsNeighborsIsDependency struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Subject json.RawMessage `json:"subject"` + Justification string `json:"justification"` - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + Package AllIsDependencyTreePackage `json:"package"` - Justification string `json:"justification"` + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + + DependencyType DependencyType `json:"dependencyType"` + + VersionRange string `json:"versionRange"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsIsDependency) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11793,91 +11967,72 @@ func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, err return json.Marshal(premarshaled) } -func (v *IsOccurrencePkgIngestOccurrenceIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence, error) { - var retval __premarshalIsOccurrencePkgIngestOccurrenceIsOccurrence - - retval.Id = v.AllIsOccurrencesTree.Id - { +func (v *NeighborsNeighborsIsDependency) __premarshalJSON() (*__premarshalNeighborsNeighborsIsDependency, error) { + var retval __premarshalNeighborsNeighborsIsDependency - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject - var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal IsOccurrencePkgIngestOccurrenceIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) - } - } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector + retval.Typename = v.Typename + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil } -// IsOccurrencePkgResponse is returned by IsOccurrencePkg on success. -type IsOccurrencePkgResponse struct { - // Ingest that an artifact is produced from a package or source. - IngestOccurrence IsOccurrencePkgIngestOccurrenceIsOccurrence `json:"ingestOccurrence"` -} - -// GetIngestOccurrence returns IsOccurrencePkgResponse.IngestOccurrence, and is useful for accessing the field via an interface. -func (v *IsOccurrencePkgResponse) GetIngestOccurrence() IsOccurrencePkgIngestOccurrenceIsOccurrence { - return v.IngestOccurrence -} - -// IsOccurrenceSrcIngestOccurrenceIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// NeighborsNeighborsIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // // IsOccurrence is an attestation to link an artifact to a package or source. // // Attestation must occur at the PackageVersion or at the SourceName. -type IsOccurrenceSrcIngestOccurrenceIsOccurrence struct { +type NeighborsNeighborsIsOccurrence struct { + Typename *string `json:"__typename"` AllIsOccurrencesTree `json:"-"` } -// GetId returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetId() string { - return v.AllIsOccurrencesTree.Id -} +// GetTypename returns NeighborsNeighborsIsOccurrence.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetTypename() *string { return v.Typename } -// GetSubject returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { +// GetId returns NeighborsNeighborsIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } + +// GetSubject returns NeighborsNeighborsIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { return v.AllIsOccurrencesTree.Subject } -// GetArtifact returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { +// GetArtifact returns NeighborsNeighborsIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { return v.AllIsOccurrencesTree.Artifact } -// GetJustification returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetJustification() string { +// GetJustification returns NeighborsNeighborsIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetJustification() string { return v.AllIsOccurrencesTree.Justification } -// GetOrigin returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetOrigin() string { - return v.AllIsOccurrencesTree.Origin -} +// GetOrigin returns NeighborsNeighborsIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } -// GetCollector returns IsOccurrenceSrcIngestOccurrenceIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) GetCollector() string { +// GetCollector returns NeighborsNeighborsIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *IsOccurrenceSrcIngestOccurrenceIsOccurrence + *NeighborsNeighborsIsOccurrence graphql.NoUnmarshalJSON } - firstPass.IsOccurrenceSrcIngestOccurrenceIsOccurrence = v + firstPass.NeighborsNeighborsIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -11892,7 +12047,9 @@ func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) UnmarshalJSON(b []byte) er return nil } -type __premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence struct { +type __premarshalNeighborsNeighborsIsOccurrence struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Subject json.RawMessage `json:"subject"` @@ -11906,7 +12063,7 @@ type __premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence struct { Collector string `json:"collector"` } -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -11914,9 +12071,10 @@ func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) MarshalJSON() ([]byte, err return json.Marshal(premarshaled) } -func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence, error) { - var retval __premarshalIsOccurrenceSrcIngestOccurrenceIsOccurrence +func (v *NeighborsNeighborsIsOccurrence) __premarshalJSON() (*__premarshalNeighborsNeighborsIsOccurrence, error) { + var retval __premarshalNeighborsNeighborsIsOccurrence + retval.Typename = v.Typename retval.Id = v.AllIsOccurrencesTree.Id { @@ -11927,7 +12085,7 @@ func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) __premarshalJSON() (*__pre &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal IsOccurrenceSrcIngestOccurrenceIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + "unable to marshal NeighborsNeighborsIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) } } retval.Artifact = v.AllIsOccurrencesTree.Artifact @@ -11937,4400 +12095,441 @@ func (v *IsOccurrenceSrcIngestOccurrenceIsOccurrence) __premarshalJSON() (*__pre return &retval, nil } -// IsOccurrenceSrcResponse is returned by IsOccurrenceSrc on success. -type IsOccurrenceSrcResponse struct { - // Ingest that an artifact is produced from a package or source. - IngestOccurrence IsOccurrenceSrcIngestOccurrenceIsOccurrence `json:"ingestOccurrence"` -} - -// GetIngestOccurrence returns IsOccurrenceSrcResponse.IngestOccurrence, and is useful for accessing the field via an interface. -func (v *IsOccurrenceSrcResponse) GetIngestOccurrence() IsOccurrenceSrcIngestOccurrenceIsOccurrence { - return v.IngestOccurrence -} - -// IsOccurrencesPkgIngestOccurrencesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// NeighborsNeighborsNode includes the requested fields of the GraphQL interface Node. +// +// NeighborsNeighborsNode is implemented by the following types: +// NeighborsNeighborsArtifact +// NeighborsNeighborsBuilder +// NeighborsNeighborsCertifyBad +// NeighborsNeighborsCertifyGood +// NeighborsNeighborsCertifyScorecard +// NeighborsNeighborsCertifyVEXStatement +// NeighborsNeighborsCertifyVuln +// NeighborsNeighborsHasMetadata +// NeighborsNeighborsHasSBOM +// NeighborsNeighborsHasSLSA +// NeighborsNeighborsHasSourceAt +// NeighborsNeighborsHashEqual +// NeighborsNeighborsIsDependency +// NeighborsNeighborsIsOccurrence +// NeighborsNeighborsPackage +// NeighborsNeighborsPkgEqual +// NeighborsNeighborsPointOfContact +// NeighborsNeighborsSource +// NeighborsNeighborsVulnEqual +// NeighborsNeighborsVulnerability // The GraphQL type's documentation follows. // -// IsOccurrence is an attestation to link an artifact to a package or source. +// Node is a union type of all the possible nodes. // -// Attestation must occur at the PackageVersion or at the SourceName. -type IsOccurrencesPkgIngestOccurrencesIsOccurrence struct { - AllIsOccurrencesTree `json:"-"` -} - -// GetId returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetId() string { - return v.AllIsOccurrencesTree.Id -} - -// GetSubject returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} - -// GetArtifact returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact -} - -// GetJustification returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetJustification() string { - return v.AllIsOccurrencesTree.Justification -} - -// GetOrigin returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetOrigin() string { - return v.AllIsOccurrencesTree.Origin -} - -// GetCollector returns IsOccurrencesPkgIngestOccurrencesIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) GetCollector() string { - return v.AllIsOccurrencesTree.Collector +// It encapsulates the software tree nodes along with the evidence nodes. In a +// path query, all connecting evidence nodes along with their intermediate subject +// nodes need to be returned in order to create a complete graph. +type NeighborsNeighborsNode interface { + implementsGraphQLInterfaceNeighborsNeighborsNode() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsArtifact) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsBuilder) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsCertifyBad) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsCertifyGood) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsCertifyScorecard) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsCertifyVEXStatement) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsCertifyVuln) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsHasMetadata) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsHasSBOM) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsHasSLSA) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsHasSourceAt) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsHashEqual) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsIsDependency) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsIsOccurrence) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsPackage) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsPkgEqual) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsPointOfContact) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsSource) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsVulnEqual) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func (v *NeighborsNeighborsVulnerability) implementsGraphQLInterfaceNeighborsNeighborsNode() {} +func __unmarshalNeighborsNeighborsNode(b []byte, v *NeighborsNeighborsNode) error { if string(b) == "null" { return nil } - var firstPass struct { - *IsOccurrencesPkgIngestOccurrencesIsOccurrence - graphql.NoUnmarshalJSON - } - firstPass.IsOccurrencesPkgIngestOccurrencesIsOccurrence = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err + var tn struct { + TypeName string `json:"__typename"` } - - err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) + err := json.Unmarshal(b, &tn) if err != nil { return err } - return nil -} - -type __premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence struct { - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *IsOccurrencesPkgIngestOccurrencesIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence, error) { - var retval __premarshalIsOccurrencesPkgIngestOccurrencesIsOccurrence - - retval.Id = v.AllIsOccurrencesTree.Id - { - - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject - var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal IsOccurrencesPkgIngestOccurrencesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) - } - } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector - return &retval, nil -} -// IsOccurrencesPkgResponse is returned by IsOccurrencesPkg on success. -type IsOccurrencesPkgResponse struct { - // Bulk ingest that an artifact is produced from a package or source. - IngestOccurrences []IsOccurrencesPkgIngestOccurrencesIsOccurrence `json:"ingestOccurrences"` -} - -// GetIngestOccurrences returns IsOccurrencesPkgResponse.IngestOccurrences, and is useful for accessing the field via an interface. -func (v *IsOccurrencesPkgResponse) GetIngestOccurrences() []IsOccurrencesPkgIngestOccurrencesIsOccurrence { - return v.IngestOccurrences -} - -// IsOccurrencesSrcIngestOccurrencesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. -// The GraphQL type's documentation follows. -// -// IsOccurrence is an attestation to link an artifact to a package or source. -// -// Attestation must occur at the PackageVersion or at the SourceName. -type IsOccurrencesSrcIngestOccurrencesIsOccurrence struct { - AllIsOccurrencesTree `json:"-"` -} - -// GetId returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetId() string { - return v.AllIsOccurrencesTree.Id -} - -// GetSubject returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} - -// GetArtifact returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact -} - -// GetJustification returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetJustification() string { - return v.AllIsOccurrencesTree.Justification -} - -// GetOrigin returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetOrigin() string { - return v.AllIsOccurrencesTree.Origin -} - -// GetCollector returns IsOccurrencesSrcIngestOccurrencesIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) GetCollector() string { - return v.AllIsOccurrencesTree.Collector -} - -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *IsOccurrencesSrcIngestOccurrencesIsOccurrence - graphql.NoUnmarshalJSON - } - firstPass.IsOccurrencesSrcIngestOccurrencesIsOccurrence = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) - if err != nil { - return err - } - return nil -} - -type __premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence struct { - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *IsOccurrencesSrcIngestOccurrencesIsOccurrence) __premarshalJSON() (*__premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence, error) { - var retval __premarshalIsOccurrencesSrcIngestOccurrencesIsOccurrence - - retval.Id = v.AllIsOccurrencesTree.Id - { - - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject - var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal IsOccurrencesSrcIngestOccurrencesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) - } - } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector - return &retval, nil -} - -// IsOccurrencesSrcResponse is returned by IsOccurrencesSrc on success. -type IsOccurrencesSrcResponse struct { - // Bulk ingest that an artifact is produced from a package or source. - IngestOccurrences []IsOccurrencesSrcIngestOccurrencesIsOccurrence `json:"ingestOccurrences"` -} - -// GetIngestOccurrences returns IsOccurrencesSrcResponse.IngestOccurrences, and is useful for accessing the field via an interface. -func (v *IsOccurrencesSrcResponse) GetIngestOccurrences() []IsOccurrencesSrcIngestOccurrencesIsOccurrence { - return v.IngestOccurrences -} - -// IsVulnerabilityCVEIngestIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. -// The GraphQL type's documentation follows. -// -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type IsVulnerabilityCVEIngestIsVulnerability struct { - AllIsVulnerability `json:"-"` -} - -// GetId returns IsVulnerabilityCVEIngestIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns IsVulnerabilityCVEIngestIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { - return v.AllIsVulnerability.Osv -} - -// GetVulnerability returns IsVulnerabilityCVEIngestIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} - -// GetJustification returns IsVulnerabilityCVEIngestIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification -} - -// GetOrigin returns IsVulnerabilityCVEIngestIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetOrigin() string { - return v.AllIsVulnerability.Origin -} - -// GetCollector returns IsVulnerabilityCVEIngestIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEIngestIsVulnerability) GetCollector() string { - return v.AllIsVulnerability.Collector -} - -func (v *IsVulnerabilityCVEIngestIsVulnerability) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *IsVulnerabilityCVEIngestIsVulnerability - graphql.NoUnmarshalJSON - } - firstPass.IsVulnerabilityCVEIngestIsVulnerability = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsVulnerability) - if err != nil { - return err - } - return nil -} - -type __premarshalIsVulnerabilityCVEIngestIsVulnerability struct { - Id string `json:"id"` - - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *IsVulnerabilityCVEIngestIsVulnerability) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *IsVulnerabilityCVEIngestIsVulnerability) __premarshalJSON() (*__premarshalIsVulnerabilityCVEIngestIsVulnerability, error) { - var retval __premarshalIsVulnerabilityCVEIngestIsVulnerability - - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { - - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal IsVulnerabilityCVEIngestIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector - return &retval, nil -} - -// IsVulnerabilityCVEResponse is returned by IsVulnerabilityCVE on success. -type IsVulnerabilityCVEResponse struct { - // Ingest a mapping between an OSV entry and a CVE/GHSA vulnerability. - IngestIsVulnerability IsVulnerabilityCVEIngestIsVulnerability `json:"ingestIsVulnerability"` -} - -// GetIngestIsVulnerability returns IsVulnerabilityCVEResponse.IngestIsVulnerability, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityCVEResponse) GetIngestIsVulnerability() IsVulnerabilityCVEIngestIsVulnerability { - return v.IngestIsVulnerability -} - -// IsVulnerabilityGHSAIngestIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. -// The GraphQL type's documentation follows. -// -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type IsVulnerabilityGHSAIngestIsVulnerability struct { - AllIsVulnerability `json:"-"` -} - -// GetId returns IsVulnerabilityGHSAIngestIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns IsVulnerabilityGHSAIngestIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { - return v.AllIsVulnerability.Osv -} - -// GetVulnerability returns IsVulnerabilityGHSAIngestIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} - -// GetJustification returns IsVulnerabilityGHSAIngestIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification -} - -// GetOrigin returns IsVulnerabilityGHSAIngestIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetOrigin() string { - return v.AllIsVulnerability.Origin -} - -// GetCollector returns IsVulnerabilityGHSAIngestIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAIngestIsVulnerability) GetCollector() string { - return v.AllIsVulnerability.Collector -} - -func (v *IsVulnerabilityGHSAIngestIsVulnerability) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *IsVulnerabilityGHSAIngestIsVulnerability - graphql.NoUnmarshalJSON - } - firstPass.IsVulnerabilityGHSAIngestIsVulnerability = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsVulnerability) - if err != nil { - return err - } - return nil -} - -type __premarshalIsVulnerabilityGHSAIngestIsVulnerability struct { - Id string `json:"id"` - - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *IsVulnerabilityGHSAIngestIsVulnerability) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *IsVulnerabilityGHSAIngestIsVulnerability) __premarshalJSON() (*__premarshalIsVulnerabilityGHSAIngestIsVulnerability, error) { - var retval __premarshalIsVulnerabilityGHSAIngestIsVulnerability - - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { - - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal IsVulnerabilityGHSAIngestIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector - return &retval, nil -} - -// IsVulnerabilityGHSAResponse is returned by IsVulnerabilityGHSA on success. -type IsVulnerabilityGHSAResponse struct { - // Ingest a mapping between an OSV entry and a CVE/GHSA vulnerability. - IngestIsVulnerability IsVulnerabilityGHSAIngestIsVulnerability `json:"ingestIsVulnerability"` -} - -// GetIngestIsVulnerability returns IsVulnerabilityGHSAResponse.IngestIsVulnerability, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityGHSAResponse) GetIngestIsVulnerability() IsVulnerabilityGHSAIngestIsVulnerability { - return v.IngestIsVulnerability -} - -// IsVulnerabilityInputSpec represents the input to link CVE/GHSA with OSV data. -type IsVulnerabilityInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// GetJustification returns IsVulnerabilityInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityInputSpec) GetJustification() string { return v.Justification } - -// GetOrigin returns IsVulnerabilityInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns IsVulnerabilityInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *IsVulnerabilityInputSpec) GetCollector() string { return v.Collector } - -// MatchFlags is used to input the PkgMatchType enum. -type MatchFlags struct { - Pkg PkgMatchType `json:"pkg"` -} - -// GetPkg returns MatchFlags.Pkg, and is useful for accessing the field via an interface. -func (v *MatchFlags) GetPkg() PkgMatchType { return v.Pkg } - -// NeighborsNeighborsArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type NeighborsNeighborsArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsArtifact.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsArtifact) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsArtifact.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsArtifact) GetId() string { return v.AllArtifactTree.Id } - -// GetAlgorithm returns NeighborsNeighborsArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } - -// GetDigest returns NeighborsNeighborsArtifact.Digest, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - -func (v *NeighborsNeighborsArtifact) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsArtifact - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsArtifact = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllArtifactTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsArtifact struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` -} - -func (v *NeighborsNeighborsArtifact) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsArtifact) __premarshalJSON() (*__premarshalNeighborsNeighborsArtifact, error) { - var retval __premarshalNeighborsNeighborsArtifact - - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil -} - -// NeighborsNeighborsBuilder includes the requested fields of the GraphQL type Builder. -// The GraphQL type's documentation follows. -// -// Builder represents the builder (e.g., FRSCA or GitHub Actions). -// -// Currently builders are identified by the uri field. -type NeighborsNeighborsBuilder struct { - Typename *string `json:"__typename"` - AllBuilderTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsBuilder.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsBuilder) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsBuilder.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsBuilder) GetId() string { return v.AllBuilderTree.Id } - -// GetUri returns NeighborsNeighborsBuilder.Uri, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsBuilder) GetUri() string { return v.AllBuilderTree.Uri } - -func (v *NeighborsNeighborsBuilder) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsBuilder - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsBuilder = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllBuilderTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsBuilder struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Uri string `json:"uri"` -} - -func (v *NeighborsNeighborsBuilder) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsBuilder) __premarshalJSON() (*__premarshalNeighborsNeighborsBuilder, error) { - var retval __premarshalNeighborsNeighborsBuilder - - retval.Typename = v.Typename - retval.Id = v.AllBuilderTree.Id - retval.Uri = v.AllBuilderTree.Uri - return &retval, nil -} - -// NeighborsNeighborsCVE includes the requested fields of the GraphQL type CVE. -// The GraphQL type's documentation follows. -// -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. -// -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. -// -// This node can be referred to by other parts of GUAC. -type NeighborsNeighborsCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCVE.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCVE) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCVE.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCVE) GetId() string { return v.AllCveTree.Id } - -// GetYear returns NeighborsNeighborsCVE.Year, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCVE) GetYear() int { return v.AllCveTree.Year } - -// GetCveId returns NeighborsNeighborsCVE.CveId, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCVE) GetCveId() string { return v.AllCveTree.CveId } - -func (v *NeighborsNeighborsCVE) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCVE - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCVE = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCveTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCVE struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Year int `json:"year"` - - CveId string `json:"cveId"` -} - -func (v *NeighborsNeighborsCVE) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCVE) __premarshalJSON() (*__premarshalNeighborsNeighborsCVE, error) { - var retval __premarshalNeighborsNeighborsCVE - - retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId - return &retval, nil -} - -// NeighborsNeighborsCertifyBad includes the requested fields of the GraphQL type CertifyBad. -// The GraphQL type's documentation follows. -// -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NeighborsNeighborsCertifyBad struct { - Typename *string `json:"__typename"` - AllCertifyBad `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCertifyBad.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetId() string { return v.AllCertifyBad.Id } - -// GetJustification returns NeighborsNeighborsCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetJustification() string { - return v.AllCertifyBad.Justification -} - -// GetSubject returns NeighborsNeighborsCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject -} - -// GetOrigin returns NeighborsNeighborsCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } - -// GetCollector returns NeighborsNeighborsCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } - -func (v *NeighborsNeighborsCertifyBad) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCertifyBad - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCertifyBad = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyBad) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCertifyBad struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsCertifyBad) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCertifyBad) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyBad, error) { - var retval __premarshalNeighborsNeighborsCertifyBad - - retval.Typename = v.Typename - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification - { - - dst := &retval.Subject - src := v.AllCertifyBad.Subject - var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsCertifyBad.AllCertifyBad.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector - return &retval, nil -} - -// NeighborsNeighborsCertifyGood includes the requested fields of the GraphQL type CertifyGood. -// The GraphQL type's documentation follows. -// -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NeighborsNeighborsCertifyGood struct { - Typename *string `json:"__typename"` - AllCertifyGood `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCertifyGood.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns NeighborsNeighborsCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetJustification() string { - return v.AllCertifyGood.Justification -} - -// GetSubject returns NeighborsNeighborsCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} - -// GetOrigin returns NeighborsNeighborsCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } - -// GetCollector returns NeighborsNeighborsCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } - -func (v *NeighborsNeighborsCertifyGood) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCertifyGood - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCertifyGood = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyGood) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCertifyGood struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsCertifyGood) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCertifyGood) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyGood, error) { - var retval __premarshalNeighborsNeighborsCertifyGood - - retval.Typename = v.Typename - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { - - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector - return &retval, nil -} - -// NeighborsNeighborsCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. -// The GraphQL type's documentation follows. -// -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type NeighborsNeighborsCertifyScorecard struct { - Typename *string `json:"__typename"` - AllCertifyScorecard `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCertifyScorecard.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyScorecard) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } - -// GetSource returns NeighborsNeighborsCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source -} - -// GetScorecard returns NeighborsNeighborsCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard -} - -func (v *NeighborsNeighborsCertifyScorecard) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCertifyScorecard - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCertifyScorecard = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyScorecard) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCertifyScorecard struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Source AllCertifyScorecardSource `json:"source"` - - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` -} - -func (v *NeighborsNeighborsCertifyScorecard) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCertifyScorecard) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyScorecard, error) { - var retval __premarshalNeighborsNeighborsCertifyScorecard - - retval.Typename = v.Typename - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard - return &retval, nil -} - -// NeighborsNeighborsCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. -// -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type NeighborsNeighborsCertifyVEXStatement struct { - Typename *string `json:"__typename"` - AllCertifyVEXStatement `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } - -// GetSubject returns NeighborsNeighborsCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns NeighborsNeighborsCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} - -// GetStatus returns NeighborsNeighborsCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} - -// GetVexJustification returns NeighborsNeighborsCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} - -// GetStatement returns NeighborsNeighborsCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} - -// GetStatusNotes returns NeighborsNeighborsCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes -} - -// GetKnownSince returns NeighborsNeighborsCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince -} - -// GetOrigin returns NeighborsNeighborsCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin -} - -// GetCollector returns NeighborsNeighborsCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector -} - -func (v *NeighborsNeighborsCertifyVEXStatement) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCertifyVEXStatement - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCertifyVEXStatement = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCertifyVEXStatement struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` - - Statement string `json:"statement"` - - StatusNotes string `json:"statusNotes"` - - KnownSince time.Time `json:"knownSince"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsCertifyVEXStatement) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCertifyVEXStatement) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyVEXStatement, error) { - var retval __premarshalNeighborsNeighborsCertifyVEXStatement - - retval.Typename = v.Typename - retval.Id = v.AllCertifyVEXStatement.Id - { - - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector - return &retval, nil -} - -// NeighborsNeighborsCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. -// The GraphQL type's documentation follows. -// -// CertifyVuln is an attestation to attach vulnerability information to a package. -// -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type NeighborsNeighborsCertifyVuln struct { - Typename *string `json:"__typename"` - AllCertifyVuln `json:"-"` -} - -// GetTypename returns NeighborsNeighborsCertifyVuln.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVuln) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } - -// GetPackage returns NeighborsNeighborsCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVuln) GetPackage() AllCertifyVulnPackage { - return v.AllCertifyVuln.Package -} - -// GetVulnerability returns NeighborsNeighborsCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability -} - -// GetMetadata returns NeighborsNeighborsCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata -} - -func (v *NeighborsNeighborsCertifyVuln) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsCertifyVuln - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsCertifyVuln = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyVuln) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsCertifyVuln struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Package AllCertifyVulnPackage `json:"package"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` -} - -func (v *NeighborsNeighborsCertifyVuln) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsCertifyVuln) __premarshalJSON() (*__premarshalNeighborsNeighborsCertifyVuln, error) { - var retval __premarshalNeighborsNeighborsCertifyVuln - - retval.Typename = v.Typename - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package - { - - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability - var err error - *dst, err = __marshalAllCertifyVulnVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) - } - } - retval.Metadata = v.AllCertifyVuln.Metadata - return &retval, nil -} - -// NeighborsNeighborsGHSA includes the requested fields of the GraphQL type GHSA. -// The GraphQL type's documentation follows. -// -// GHSA represents GitHub security advisories. -// -// The advisory id field is mandatory and canonicalized to be lowercase. -// -// This node can be referred to by other parts of GUAC. -type NeighborsNeighborsGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsGHSA.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsGHSA) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsGHSA.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsGHSA) GetId() string { return v.AllGHSATree.Id } - -// GetGhsaId returns NeighborsNeighborsGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } - -func (v *NeighborsNeighborsGHSA) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsGHSA - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsGHSA = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllGHSATree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsGHSA struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - GhsaId string `json:"ghsaId"` -} - -func (v *NeighborsNeighborsGHSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsGHSA) __premarshalJSON() (*__premarshalNeighborsNeighborsGHSA, error) { - var retval __premarshalNeighborsNeighborsGHSA - - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil -} - -// NeighborsNeighborsHasMetadata includes the requested fields of the GraphQL type HasMetadata. -// The GraphQL type's documentation follows. -// -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". -// -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. -// -// Justification indicates how the metadata was determined. -// -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NeighborsNeighborsHasMetadata struct { - Typename *string `json:"__typename"` -} - -// GetTypename returns NeighborsNeighborsHasMetadata.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasMetadata) GetTypename() *string { return v.Typename } - -// NeighborsNeighborsHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type NeighborsNeighborsHasSBOM struct { - Typename *string `json:"__typename"` - AllHasSBOMTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsHasSBOM.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns NeighborsNeighborsHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject -} - -// GetUri returns NeighborsNeighborsHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns NeighborsNeighborsHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } - -// GetDigest returns NeighborsNeighborsHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } - -// GetDownloadLocation returns NeighborsNeighborsHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetDownloadLocation() string { - return v.AllHasSBOMTree.DownloadLocation -} - -// GetOrigin returns NeighborsNeighborsHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } - -// GetCollector returns NeighborsNeighborsHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } - -func (v *NeighborsNeighborsHasSBOM) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsHasSBOM - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsHasSBOM = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllHasSBOMTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsHasSBOM struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` - - DownloadLocation string `json:"downloadLocation"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsHasSBOM) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsHasSBOM) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSBOM, error) { - var retval __premarshalNeighborsNeighborsHasSBOM - - retval.Typename = v.Typename - retval.Id = v.AllHasSBOMTree.Id - { - - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector - return &retval, nil -} - -// NeighborsNeighborsHasSLSA includes the requested fields of the GraphQL type HasSLSA. -// The GraphQL type's documentation follows. -// -// HasSLSA records that a subject node has a SLSA attestation. -type NeighborsNeighborsHasSLSA struct { - Typename *string `json:"__typename"` - AllSLSATree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsHasSLSA.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSLSA) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSLSA) GetId() string { return v.AllSLSATree.Id } - -// GetSubject returns NeighborsNeighborsHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { - return v.AllSLSATree.Subject -} - -// GetSlsa returns NeighborsNeighborsHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } - -func (v *NeighborsNeighborsHasSLSA) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsHasSLSA - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsHasSLSA = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllSLSATree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsHasSLSA struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject AllSLSATreeSubjectArtifact `json:"subject"` - - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` -} - -func (v *NeighborsNeighborsHasSLSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsHasSLSA) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSLSA, error) { - var retval __premarshalNeighborsNeighborsHasSLSA - - retval.Typename = v.Typename - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa - return &retval, nil -} - -// NeighborsNeighborsHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. -// The GraphQL type's documentation follows. -// -// HasSourceAt records that a package's repository is a given source. -type NeighborsNeighborsHasSourceAt struct { - Typename *string `json:"__typename"` - AllHasSourceAt `json:"-"` -} - -// GetTypename returns NeighborsNeighborsHasSourceAt.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } - -// GetJustification returns NeighborsNeighborsHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetJustification() string { - return v.AllHasSourceAt.Justification -} - -// GetKnownSince returns NeighborsNeighborsHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } - -// GetPackage returns NeighborsNeighborsHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetPackage() AllHasSourceAtPackage { - return v.AllHasSourceAt.Package -} - -// GetSource returns NeighborsNeighborsHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetSource() AllHasSourceAtSource { - return v.AllHasSourceAt.Source -} - -// GetOrigin returns NeighborsNeighborsHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } - -// GetCollector returns NeighborsNeighborsHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } - -func (v *NeighborsNeighborsHasSourceAt) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsHasSourceAt - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsHasSourceAt = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllHasSourceAt) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsHasSourceAt struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - KnownSince time.Time `json:"knownSince"` - - Package AllHasSourceAtPackage `json:"package"` - - Source AllHasSourceAtSource `json:"source"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsHasSourceAt) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsHasSourceAt) __premarshalJSON() (*__premarshalNeighborsNeighborsHasSourceAt, error) { - var retval __premarshalNeighborsNeighborsHasSourceAt - - retval.Typename = v.Typename - retval.Id = v.AllHasSourceAt.Id - retval.Justification = v.AllHasSourceAt.Justification - retval.KnownSince = v.AllHasSourceAt.KnownSince - retval.Package = v.AllHasSourceAt.Package - retval.Source = v.AllHasSourceAt.Source - retval.Origin = v.AllHasSourceAt.Origin - retval.Collector = v.AllHasSourceAt.Collector - return &retval, nil -} - -// NeighborsNeighborsHashEqual includes the requested fields of the GraphQL type HashEqual. -// The GraphQL type's documentation follows. -// -// HashEqual is an attestation that a set of artifacts are identical. -type NeighborsNeighborsHashEqual struct { - Typename *string `json:"__typename"` - AllHashEqualTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsHashEqual.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsHashEqual.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetId() string { return v.AllHashEqualTree.Id } - -// GetJustification returns NeighborsNeighborsHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetJustification() string { - return v.AllHashEqualTree.Justification -} - -// GetArtifacts returns NeighborsNeighborsHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts -} - -// GetOrigin returns NeighborsNeighborsHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } - -// GetCollector returns NeighborsNeighborsHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } - -func (v *NeighborsNeighborsHashEqual) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsHashEqual - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsHashEqual = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllHashEqualTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsHashEqual struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsHashEqual) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsHashEqual) __premarshalJSON() (*__premarshalNeighborsNeighborsHashEqual, error) { - var retval __premarshalNeighborsNeighborsHashEqual - - retval.Typename = v.Typename - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector - return &retval, nil -} - -// NeighborsNeighborsIsDependency includes the requested fields of the GraphQL type IsDependency. -// The GraphQL type's documentation follows. -// -// IsDependency is an attestation to record that a package depends on another. -type NeighborsNeighborsIsDependency struct { - Typename *string `json:"__typename"` - AllIsDependencyTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsIsDependency.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsIsDependency.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetId() string { return v.AllIsDependencyTree.Id } - -// GetJustification returns NeighborsNeighborsIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetJustification() string { - return v.AllIsDependencyTree.Justification -} - -// GetPackage returns NeighborsNeighborsIsDependency.Package, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package -} - -// GetDependentPackage returns NeighborsNeighborsIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage -} - -// GetDependencyType returns NeighborsNeighborsIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType -} - -// GetVersionRange returns NeighborsNeighborsIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetVersionRange() string { - return v.AllIsDependencyTree.VersionRange -} - -// GetOrigin returns NeighborsNeighborsIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } - -// GetCollector returns NeighborsNeighborsIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsDependency) GetCollector() string { - return v.AllIsDependencyTree.Collector -} - -func (v *NeighborsNeighborsIsDependency) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsIsDependency - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsIsDependency = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsDependencyTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsIsDependency struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - - DependencyType DependencyType `json:"dependencyType"` - - VersionRange string `json:"versionRange"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsIsDependency) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsIsDependency) __premarshalJSON() (*__premarshalNeighborsNeighborsIsDependency, error) { - var retval __premarshalNeighborsNeighborsIsDependency - - retval.Typename = v.Typename - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector - return &retval, nil -} - -// NeighborsNeighborsIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. -// The GraphQL type's documentation follows. -// -// IsOccurrence is an attestation to link an artifact to a package or source. -// -// Attestation must occur at the PackageVersion or at the SourceName. -type NeighborsNeighborsIsOccurrence struct { - Typename *string `json:"__typename"` - AllIsOccurrencesTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsIsOccurrence.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } - -// GetSubject returns NeighborsNeighborsIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} - -// GetArtifact returns NeighborsNeighborsIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact -} - -// GetJustification returns NeighborsNeighborsIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetJustification() string { - return v.AllIsOccurrencesTree.Justification -} - -// GetOrigin returns NeighborsNeighborsIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } - -// GetCollector returns NeighborsNeighborsIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsOccurrence) GetCollector() string { - return v.AllIsOccurrencesTree.Collector -} - -func (v *NeighborsNeighborsIsOccurrence) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsIsOccurrence - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsIsOccurrence = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsIsOccurrence struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsIsOccurrence) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsIsOccurrence) __premarshalJSON() (*__premarshalNeighborsNeighborsIsOccurrence, error) { - var retval __premarshalNeighborsNeighborsIsOccurrence - - retval.Typename = v.Typename - retval.Id = v.AllIsOccurrencesTree.Id - { - - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject - var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) - } - } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector - return &retval, nil -} - -// NeighborsNeighborsIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. -// The GraphQL type's documentation follows. -// -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type NeighborsNeighborsIsVulnerability struct { - Typename *string `json:"__typename"` - AllIsVulnerability `json:"-"` -} - -// GetTypename returns NeighborsNeighborsIsVulnerability.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns NeighborsNeighborsIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { - return v.AllIsVulnerability.Osv -} - -// GetVulnerability returns NeighborsNeighborsIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} - -// GetJustification returns NeighborsNeighborsIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification -} - -// GetOrigin returns NeighborsNeighborsIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetOrigin() string { return v.AllIsVulnerability.Origin } - -// GetCollector returns NeighborsNeighborsIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsIsVulnerability) GetCollector() string { - return v.AllIsVulnerability.Collector -} - -func (v *NeighborsNeighborsIsVulnerability) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsIsVulnerability - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsIsVulnerability = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllIsVulnerability) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsIsVulnerability struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsIsVulnerability) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsIsVulnerability) __premarshalJSON() (*__premarshalNeighborsNeighborsIsVulnerability, error) { - var retval __premarshalNeighborsNeighborsIsVulnerability - - retval.Typename = v.Typename - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { - - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector - return &retval, nil -} - -// NeighborsNeighborsNoVuln includes the requested fields of the GraphQL type NoVuln. -// The GraphQL type's documentation follows. -// -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type NeighborsNeighborsNoVuln struct { - Typename *string `json:"__typename"` - Id string `json:"id"` -} - -// GetTypename returns NeighborsNeighborsNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsNoVuln) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsNoVuln.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsNoVuln) GetId() string { return v.Id } - -// NeighborsNeighborsNode includes the requested fields of the GraphQL interface Node. -// -// NeighborsNeighborsNode is implemented by the following types: -// NeighborsNeighborsArtifact -// NeighborsNeighborsBuilder -// NeighborsNeighborsCVE -// NeighborsNeighborsCertifyBad -// NeighborsNeighborsCertifyGood -// NeighborsNeighborsCertifyScorecard -// NeighborsNeighborsCertifyVEXStatement -// NeighborsNeighborsCertifyVuln -// NeighborsNeighborsGHSA -// NeighborsNeighborsHasMetadata -// NeighborsNeighborsHasSBOM -// NeighborsNeighborsHasSLSA -// NeighborsNeighborsHasSourceAt -// NeighborsNeighborsHashEqual -// NeighborsNeighborsIsDependency -// NeighborsNeighborsIsOccurrence -// NeighborsNeighborsIsVulnerability -// NeighborsNeighborsNoVuln -// NeighborsNeighborsOSV -// NeighborsNeighborsPackage -// NeighborsNeighborsPkgEqual -// NeighborsNeighborsPointOfContact -// NeighborsNeighborsSource -// The GraphQL type's documentation follows. -// -// Node is a union type of all the possible nodes. -// -// It encapsulates the software tree nodes along with the evidence nodes. In a -// path query, all connecting evidence nodes along with their intermediate subject -// nodes need to be returned in order to create a complete graph. -type NeighborsNeighborsNode interface { - implementsGraphQLInterfaceNeighborsNeighborsNode() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string -} - -func (v *NeighborsNeighborsArtifact) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsBuilder) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCVE) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCertifyBad) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCertifyGood) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCertifyScorecard) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCertifyVEXStatement) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsCertifyVuln) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsGHSA) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsHasMetadata) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsHasSBOM) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsHasSLSA) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsHasSourceAt) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsHashEqual) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsIsDependency) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsIsOccurrence) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsIsVulnerability) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsNoVuln) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsOSV) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsPackage) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsPkgEqual) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsPointOfContact) implementsGraphQLInterfaceNeighborsNeighborsNode() {} -func (v *NeighborsNeighborsSource) implementsGraphQLInterfaceNeighborsNeighborsNode() {} - -func __unmarshalNeighborsNeighborsNode(b []byte, v *NeighborsNeighborsNode) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(NeighborsNeighborsArtifact) - return json.Unmarshal(b, *v) - case "Builder": - *v = new(NeighborsNeighborsBuilder) - return json.Unmarshal(b, *v) - case "CVE": - *v = new(NeighborsNeighborsCVE) - return json.Unmarshal(b, *v) - case "CertifyBad": - *v = new(NeighborsNeighborsCertifyBad) - return json.Unmarshal(b, *v) - case "CertifyGood": - *v = new(NeighborsNeighborsCertifyGood) - return json.Unmarshal(b, *v) - case "CertifyScorecard": - *v = new(NeighborsNeighborsCertifyScorecard) - return json.Unmarshal(b, *v) - case "CertifyVEXStatement": - *v = new(NeighborsNeighborsCertifyVEXStatement) - return json.Unmarshal(b, *v) - case "CertifyVuln": - *v = new(NeighborsNeighborsCertifyVuln) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(NeighborsNeighborsGHSA) - return json.Unmarshal(b, *v) - case "HasMetadata": - *v = new(NeighborsNeighborsHasMetadata) - return json.Unmarshal(b, *v) - case "HasSBOM": - *v = new(NeighborsNeighborsHasSBOM) - return json.Unmarshal(b, *v) - case "HasSLSA": - *v = new(NeighborsNeighborsHasSLSA) - return json.Unmarshal(b, *v) - case "HasSourceAt": - *v = new(NeighborsNeighborsHasSourceAt) - return json.Unmarshal(b, *v) - case "HashEqual": - *v = new(NeighborsNeighborsHashEqual) - return json.Unmarshal(b, *v) - case "IsDependency": - *v = new(NeighborsNeighborsIsDependency) - return json.Unmarshal(b, *v) - case "IsOccurrence": - *v = new(NeighborsNeighborsIsOccurrence) - return json.Unmarshal(b, *v) - case "IsVulnerability": - *v = new(NeighborsNeighborsIsVulnerability) - return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(NeighborsNeighborsNoVuln) - return json.Unmarshal(b, *v) - case "OSV": - *v = new(NeighborsNeighborsOSV) - return json.Unmarshal(b, *v) - case "Package": - *v = new(NeighborsNeighborsPackage) - return json.Unmarshal(b, *v) - case "PkgEqual": - *v = new(NeighborsNeighborsPkgEqual) - return json.Unmarshal(b, *v) - case "PointOfContact": - *v = new(NeighborsNeighborsPointOfContact) - return json.Unmarshal(b, *v) - case "Source": - *v = new(NeighborsNeighborsSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing Node.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for NeighborsNeighborsNode: "%v"`, tn.TypeName) - } -} - -func __marshalNeighborsNeighborsNode(v *NeighborsNeighborsNode) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *NeighborsNeighborsArtifact: - typename = "Artifact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsBuilder: - typename = "Builder" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsBuilder - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCVE: - typename = "CVE" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCVE - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCertifyBad: - typename = "CertifyBad" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCertifyBad - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCertifyGood: - typename = "CertifyGood" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCertifyGood - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCertifyScorecard: - typename = "CertifyScorecard" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCertifyScorecard - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCertifyVEXStatement: - typename = "CertifyVEXStatement" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCertifyVEXStatement - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsCertifyVuln: - typename = "CertifyVuln" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsCertifyVuln - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsGHSA: - typename = "GHSA" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsGHSA - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsHasMetadata: - typename = "HasMetadata" - - result := struct { - TypeName string `json:"__typename"` - *NeighborsNeighborsHasMetadata - }{typename, v} - return json.Marshal(result) - case *NeighborsNeighborsHasSBOM: - typename = "HasSBOM" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsHasSBOM - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsHasSLSA: - typename = "HasSLSA" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsHasSLSA - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsHasSourceAt: - typename = "HasSourceAt" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsHasSourceAt - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsHashEqual: - typename = "HashEqual" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsHashEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsIsDependency: - typename = "IsDependency" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsIsDependency - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsIsOccurrence: - typename = "IsOccurrence" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsIsOccurrence - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsIsVulnerability: - typename = "IsVulnerability" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsIsVulnerability - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsNoVuln: - typename = "NoVuln" - - result := struct { - TypeName string `json:"__typename"` - *NeighborsNeighborsNoVuln - }{typename, v} - return json.Marshal(result) - case *NeighborsNeighborsOSV: - typename = "OSV" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsOSV - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsPackage: - typename = "Package" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsPackage - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsPkgEqual: - typename = "PkgEqual" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsPkgEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsPointOfContact: - typename = "PointOfContact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsPointOfContact - }{typename, premarshaled} - return json.Marshal(result) - case *NeighborsNeighborsSource: - typename = "Source" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNeighborsNeighborsSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for NeighborsNeighborsNode: "%T"`, v) - } -} - -// NeighborsNeighborsOSV includes the requested fields of the GraphQL type OSV. -// The GraphQL type's documentation follows. -// -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). -// -// This node can be referred to by other parts of GUAC. -type NeighborsNeighborsOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsOSV.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsOSV) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsOSV.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsOSV) GetId() string { return v.AllOSVTree.Id } - -// GetOsvId returns NeighborsNeighborsOSV.OsvId, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsOSV) GetOsvId() string { return v.AllOSVTree.OsvId } - -func (v *NeighborsNeighborsOSV) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsOSV - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsOSV = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllOSVTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsOSV struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - OsvId string `json:"osvId"` -} - -func (v *NeighborsNeighborsOSV) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsOSV) __premarshalJSON() (*__premarshalNeighborsNeighborsOSV, error) { - var retval __premarshalNeighborsNeighborsOSV - - retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId - return &retval, nil -} - -// NeighborsNeighborsPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type NeighborsNeighborsPackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsPackage.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPackage) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsPackage.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPackage) GetId() string { return v.AllPkgTree.Id } - -// GetType returns NeighborsNeighborsPackage.Type, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPackage) GetType() string { return v.AllPkgTree.Type } - -// GetNamespaces returns NeighborsNeighborsPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces -} - -func (v *NeighborsNeighborsPackage) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsPackage - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsPackage = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllPkgTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsPackage struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Type string `json:"type"` - - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` -} - -func (v *NeighborsNeighborsPackage) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsPackage) __premarshalJSON() (*__premarshalNeighborsNeighborsPackage, error) { - var retval __premarshalNeighborsNeighborsPackage - - retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces - return &retval, nil -} - -// NeighborsNeighborsPkgEqual includes the requested fields of the GraphQL type PkgEqual. -// The GraphQL type's documentation follows. -// -// PkgEqual is an attestation that a set of packages are similar. -type NeighborsNeighborsPkgEqual struct { - Typename *string `json:"__typename"` - AllPkgEqual `json:"-"` -} - -// GetTypename returns NeighborsNeighborsPkgEqual.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsPkgEqual.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetId() string { return v.AllPkgEqual.Id } - -// GetJustification returns NeighborsNeighborsPkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } - -// GetPackages returns NeighborsNeighborsPkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { - return v.AllPkgEqual.Packages -} - -// GetOrigin returns NeighborsNeighborsPkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } - -// GetCollector returns NeighborsNeighborsPkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } - -func (v *NeighborsNeighborsPkgEqual) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsPkgEqual - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsPkgEqual = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllPkgEqual) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsPkgEqual struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Packages []AllPkgEqualPackagesPackage `json:"packages"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsPkgEqual) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsPkgEqual) __premarshalJSON() (*__premarshalNeighborsNeighborsPkgEqual, error) { - var retval __premarshalNeighborsNeighborsPkgEqual - - retval.Typename = v.Typename - retval.Id = v.AllPkgEqual.Id - retval.Justification = v.AllPkgEqual.Justification - retval.Packages = v.AllPkgEqual.Packages - retval.Origin = v.AllPkgEqual.Origin - retval.Collector = v.AllPkgEqual.Collector - return &retval, nil -} - -// NeighborsNeighborsPointOfContact includes the requested fields of the GraphQL type PointOfContact. -// The GraphQL type's documentation follows. -// -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The attestation applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type NeighborsNeighborsPointOfContact struct { - Typename *string `json:"__typename"` - AllPointOfContact `json:"-"` -} - -// GetTypename returns NeighborsNeighborsPointOfContact.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetId() string { return v.AllPointOfContact.Id } - -// GetSubject returns NeighborsNeighborsPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject -} - -// GetEmail returns NeighborsNeighborsPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } - -// GetInfo returns NeighborsNeighborsPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } - -// GetSince returns NeighborsNeighborsPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } - -// GetJustification returns NeighborsNeighborsPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetJustification() string { - return v.AllPointOfContact.Justification -} - -// GetOrigin returns NeighborsNeighborsPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } - -// GetCollector returns NeighborsNeighborsPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsPointOfContact) GetCollector() string { - return v.AllPointOfContact.Collector -} - -func (v *NeighborsNeighborsPointOfContact) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsPointOfContact - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsPointOfContact = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllPointOfContact) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsPointOfContact struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` - - Info string `json:"info"` - - Since time.Time `json:"since"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NeighborsNeighborsPointOfContact) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsPointOfContact) __premarshalJSON() (*__premarshalNeighborsNeighborsPointOfContact, error) { - var retval __premarshalNeighborsNeighborsPointOfContact - - retval.Typename = v.Typename - retval.Id = v.AllPointOfContact.Id - { - - dst := &retval.Subject - src := v.AllPointOfContact.Subject - var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsNeighborsPointOfContact.AllPointOfContact.Subject: %w", err) - } - } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector - return &retval, nil -} - -// NeighborsNeighborsSource includes the requested fields of the GraphQL type Source. -// The GraphQL type's documentation follows. -// -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. -// -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type NeighborsNeighborsSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` -} - -// GetTypename returns NeighborsNeighborsSource.Typename, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsSource) GetTypename() *string { return v.Typename } - -// GetId returns NeighborsNeighborsSource.Id, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsSource) GetId() string { return v.AllSourceTree.Id } - -// GetType returns NeighborsNeighborsSource.Type, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsSource) GetType() string { return v.AllSourceTree.Type } - -// GetNamespaces returns NeighborsNeighborsSource.Namespaces, and is useful for accessing the field via an interface. -func (v *NeighborsNeighborsSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces -} - -func (v *NeighborsNeighborsSource) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsNeighborsSource - graphql.NoUnmarshalJSON - } - firstPass.NeighborsNeighborsSource = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllSourceTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNeighborsNeighborsSource struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Type string `json:"type"` - - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` -} - -func (v *NeighborsNeighborsSource) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsNeighborsSource) __premarshalJSON() (*__premarshalNeighborsNeighborsSource, error) { - var retval __premarshalNeighborsNeighborsSource - - retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces - return &retval, nil -} - -// NeighborsResponse is returned by Neighbors on success. -type NeighborsResponse struct { - // neighbors returns all the direct neighbors of a node. - // - // Similarly, the input is only specified by its ID. - // - // Specifying any Edge value in `usingOnly` will make the neighbors list only - // contain the corresponding GUAC evidence trees (GUAC verbs). - Neighbors []NeighborsNeighborsNode `json:"-"` -} - -// GetNeighbors returns NeighborsResponse.Neighbors, and is useful for accessing the field via an interface. -func (v *NeighborsResponse) GetNeighbors() []NeighborsNeighborsNode { return v.Neighbors } - -func (v *NeighborsResponse) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NeighborsResponse - Neighbors []json.RawMessage `json:"neighbors"` - graphql.NoUnmarshalJSON - } - firstPass.NeighborsResponse = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - { - dst := &v.Neighbors - src := firstPass.Neighbors - *dst = make( - []NeighborsNeighborsNode, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - if len(src) != 0 && string(src) != "null" { - err = __unmarshalNeighborsNeighborsNode( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal NeighborsResponse.Neighbors: %w", err) - } - } - } - } - return nil -} - -type __premarshalNeighborsResponse struct { - Neighbors []json.RawMessage `json:"neighbors"` -} - -func (v *NeighborsResponse) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NeighborsResponse) __premarshalJSON() (*__premarshalNeighborsResponse, error) { - var retval __premarshalNeighborsResponse - - { - - dst := &retval.Neighbors - src := v.Neighbors - *dst = make( - []json.RawMessage, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - var err error - *dst, err = __marshalNeighborsNeighborsNode( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NeighborsResponse.Neighbors: %w", err) - } - } - } - return &retval, nil -} - -// NodeNode includes the requested fields of the GraphQL interface Node. -// -// NodeNode is implemented by the following types: -// NodeNodeArtifact -// NodeNodeBuilder -// NodeNodeCVE -// NodeNodeCertifyBad -// NodeNodeCertifyGood -// NodeNodeCertifyScorecard -// NodeNodeCertifyVEXStatement -// NodeNodeCertifyVuln -// NodeNodeGHSA -// NodeNodeHasMetadata -// NodeNodeHasSBOM -// NodeNodeHasSLSA -// NodeNodeHasSourceAt -// NodeNodeHashEqual -// NodeNodeIsDependency -// NodeNodeIsOccurrence -// NodeNodeIsVulnerability -// NodeNodeNoVuln -// NodeNodeOSV -// NodeNodePackage -// NodeNodePkgEqual -// NodeNodePointOfContact -// NodeNodeSource -// The GraphQL type's documentation follows. -// -// Node is a union type of all the possible nodes. -// -// It encapsulates the software tree nodes along with the evidence nodes. In a -// path query, all connecting evidence nodes along with their intermediate subject -// nodes need to be returned in order to create a complete graph. -type NodeNode interface { - implementsGraphQLInterfaceNodeNode() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string -} - -func (v *NodeNodeArtifact) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeBuilder) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCVE) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCertifyBad) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCertifyGood) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCertifyScorecard) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCertifyVEXStatement) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeCertifyVuln) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeGHSA) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeHasMetadata) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeHasSBOM) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeHasSLSA) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeHasSourceAt) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeHashEqual) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeIsDependency) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeIsOccurrence) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeIsVulnerability) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeNoVuln) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeOSV) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodePackage) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodePkgEqual) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodePointOfContact) implementsGraphQLInterfaceNodeNode() {} -func (v *NodeNodeSource) implementsGraphQLInterfaceNodeNode() {} - -func __unmarshalNodeNode(b []byte, v *NodeNode) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(NodeNodeArtifact) - return json.Unmarshal(b, *v) - case "Builder": - *v = new(NodeNodeBuilder) - return json.Unmarshal(b, *v) - case "CVE": - *v = new(NodeNodeCVE) - return json.Unmarshal(b, *v) - case "CertifyBad": - *v = new(NodeNodeCertifyBad) - return json.Unmarshal(b, *v) - case "CertifyGood": - *v = new(NodeNodeCertifyGood) - return json.Unmarshal(b, *v) - case "CertifyScorecard": - *v = new(NodeNodeCertifyScorecard) - return json.Unmarshal(b, *v) - case "CertifyVEXStatement": - *v = new(NodeNodeCertifyVEXStatement) - return json.Unmarshal(b, *v) - case "CertifyVuln": - *v = new(NodeNodeCertifyVuln) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(NodeNodeGHSA) - return json.Unmarshal(b, *v) - case "HasMetadata": - *v = new(NodeNodeHasMetadata) - return json.Unmarshal(b, *v) - case "HasSBOM": - *v = new(NodeNodeHasSBOM) - return json.Unmarshal(b, *v) - case "HasSLSA": - *v = new(NodeNodeHasSLSA) - return json.Unmarshal(b, *v) - case "HasSourceAt": - *v = new(NodeNodeHasSourceAt) - return json.Unmarshal(b, *v) - case "HashEqual": - *v = new(NodeNodeHashEqual) - return json.Unmarshal(b, *v) - case "IsDependency": - *v = new(NodeNodeIsDependency) - return json.Unmarshal(b, *v) - case "IsOccurrence": - *v = new(NodeNodeIsOccurrence) - return json.Unmarshal(b, *v) - case "IsVulnerability": - *v = new(NodeNodeIsVulnerability) - return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(NodeNodeNoVuln) - return json.Unmarshal(b, *v) - case "OSV": - *v = new(NodeNodeOSV) - return json.Unmarshal(b, *v) - case "Package": - *v = new(NodeNodePackage) - return json.Unmarshal(b, *v) - case "PkgEqual": - *v = new(NodeNodePkgEqual) - return json.Unmarshal(b, *v) - case "PointOfContact": - *v = new(NodeNodePointOfContact) - return json.Unmarshal(b, *v) - case "Source": - *v = new(NodeNodeSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing Node.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for NodeNode: "%v"`, tn.TypeName) - } -} - -func __marshalNodeNode(v *NodeNode) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *NodeNodeArtifact: - typename = "Artifact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeBuilder: - typename = "Builder" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeBuilder - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCVE: - typename = "CVE" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCVE - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCertifyBad: - typename = "CertifyBad" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCertifyBad - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCertifyGood: - typename = "CertifyGood" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCertifyGood - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCertifyScorecard: - typename = "CertifyScorecard" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCertifyScorecard - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCertifyVEXStatement: - typename = "CertifyVEXStatement" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCertifyVEXStatement - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeCertifyVuln: - typename = "CertifyVuln" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeCertifyVuln - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeGHSA: - typename = "GHSA" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeGHSA - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeHasMetadata: - typename = "HasMetadata" - - result := struct { - TypeName string `json:"__typename"` - *NodeNodeHasMetadata - }{typename, v} - return json.Marshal(result) - case *NodeNodeHasSBOM: - typename = "HasSBOM" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeHasSBOM - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeHasSLSA: - typename = "HasSLSA" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeHasSLSA - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeHasSourceAt: - typename = "HasSourceAt" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeHasSourceAt - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeHashEqual: - typename = "HashEqual" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeHashEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeIsDependency: - typename = "IsDependency" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeIsDependency - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeIsOccurrence: - typename = "IsOccurrence" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeIsOccurrence - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeIsVulnerability: - typename = "IsVulnerability" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeIsVulnerability - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeNoVuln: - typename = "NoVuln" - - result := struct { - TypeName string `json:"__typename"` - *NodeNodeNoVuln - }{typename, v} - return json.Marshal(result) - case *NodeNodeOSV: - typename = "OSV" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeOSV - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodePackage: - typename = "Package" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodePackage - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodePkgEqual: - typename = "PkgEqual" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodePkgEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodePointOfContact: - typename = "PointOfContact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodePointOfContact - }{typename, premarshaled} - return json.Marshal(result) - case *NodeNodeSource: - typename = "Source" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodeNodeSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for NodeNode: "%T"`, v) - } -} - -// NodeNodeArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type NodeNodeArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` -} - -// GetTypename returns NodeNodeArtifact.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeArtifact) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeArtifact.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeArtifact) GetId() string { return v.AllArtifactTree.Id } - -// GetAlgorithm returns NodeNodeArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *NodeNodeArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } - -// GetDigest returns NodeNodeArtifact.Digest, and is useful for accessing the field via an interface. -func (v *NodeNodeArtifact) GetDigest() string { return v.AllArtifactTree.Digest } - -func (v *NodeNodeArtifact) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeArtifact - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeArtifact = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllArtifactTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeArtifact struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` -} - -func (v *NodeNodeArtifact) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeArtifact) __premarshalJSON() (*__premarshalNodeNodeArtifact, error) { - var retval __premarshalNodeNodeArtifact - - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil -} - -// NodeNodeBuilder includes the requested fields of the GraphQL type Builder. -// The GraphQL type's documentation follows. -// -// Builder represents the builder (e.g., FRSCA or GitHub Actions). -// -// Currently builders are identified by the uri field. -type NodeNodeBuilder struct { - Typename *string `json:"__typename"` - AllBuilderTree `json:"-"` -} - -// GetTypename returns NodeNodeBuilder.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeBuilder) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeBuilder.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeBuilder) GetId() string { return v.AllBuilderTree.Id } - -// GetUri returns NodeNodeBuilder.Uri, and is useful for accessing the field via an interface. -func (v *NodeNodeBuilder) GetUri() string { return v.AllBuilderTree.Uri } - -func (v *NodeNodeBuilder) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeBuilder - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeBuilder = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllBuilderTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeBuilder struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Uri string `json:"uri"` -} - -func (v *NodeNodeBuilder) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeBuilder) __premarshalJSON() (*__premarshalNodeNodeBuilder, error) { - var retval __premarshalNodeNodeBuilder - - retval.Typename = v.Typename - retval.Id = v.AllBuilderTree.Id - retval.Uri = v.AllBuilderTree.Uri - return &retval, nil -} - -// NodeNodeCVE includes the requested fields of the GraphQL type CVE. -// The GraphQL type's documentation follows. -// -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. -// -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. -// -// This node can be referred to by other parts of GUAC. -type NodeNodeCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` -} - -// GetTypename returns NodeNodeCVE.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCVE) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeCVE.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCVE) GetId() string { return v.AllCveTree.Id } - -// GetYear returns NodeNodeCVE.Year, and is useful for accessing the field via an interface. -func (v *NodeNodeCVE) GetYear() int { return v.AllCveTree.Year } - -// GetCveId returns NodeNodeCVE.CveId, and is useful for accessing the field via an interface. -func (v *NodeNodeCVE) GetCveId() string { return v.AllCveTree.CveId } - -func (v *NodeNodeCVE) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeCVE - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCVE = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCveTree) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeCVE struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Year int `json:"year"` - - CveId string `json:"cveId"` -} - -func (v *NodeNodeCVE) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeCVE) __premarshalJSON() (*__premarshalNodeNodeCVE, error) { - var retval __premarshalNodeNodeCVE - - retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId - return &retval, nil -} - -// NodeNodeCertifyBad includes the requested fields of the GraphQL type CertifyBad. -// The GraphQL type's documentation follows. -// -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodeNodeCertifyBad struct { - Typename *string `json:"__typename"` - AllCertifyBad `json:"-"` -} - -// GetTypename returns NodeNodeCertifyBad.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetId() string { return v.AllCertifyBad.Id } - -// GetJustification returns NodeNodeCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } - -// GetSubject returns NodeNodeCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject -} - -// GetOrigin returns NodeNodeCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } - -// GetCollector returns NodeNodeCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } - -func (v *NodeNodeCertifyBad) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeCertifyBad - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCertifyBad = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyBad) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeCertifyBad struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NodeNodeCertifyBad) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeCertifyBad) __premarshalJSON() (*__premarshalNodeNodeCertifyBad, error) { - var retval __premarshalNodeNodeCertifyBad - - retval.Typename = v.Typename - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification - { - - dst := &retval.Subject - src := v.AllCertifyBad.Subject - var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeCertifyBad.AllCertifyBad.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector - return &retval, nil -} - -// NodeNodeCertifyGood includes the requested fields of the GraphQL type CertifyGood. -// The GraphQL type's documentation follows. -// -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodeNodeCertifyGood struct { - Typename *string `json:"__typename"` - AllCertifyGood `json:"-"` -} - -// GetTypename returns NodeNodeCertifyGood.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns NodeNodeCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } - -// GetSubject returns NodeNodeCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} - -// GetOrigin returns NodeNodeCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } - -// GetCollector returns NodeNodeCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } - -func (v *NodeNodeCertifyGood) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeCertifyGood - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCertifyGood = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyGood) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeCertifyGood struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NodeNodeCertifyGood) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeCertifyGood) __premarshalJSON() (*__premarshalNodeNodeCertifyGood, error) { - var retval __premarshalNodeNodeCertifyGood - - retval.Typename = v.Typename - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { - - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector - return &retval, nil -} - -// NodeNodeCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. -// The GraphQL type's documentation follows. -// -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type NodeNodeCertifyScorecard struct { - Typename *string `json:"__typename"` - AllCertifyScorecard `json:"-"` -} - -// GetTypename returns NodeNodeCertifyScorecard.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyScorecard) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } - -// GetSource returns NodeNodeCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source -} - -// GetScorecard returns NodeNodeCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard -} - -func (v *NodeNodeCertifyScorecard) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeCertifyScorecard - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCertifyScorecard = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyScorecard) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeCertifyScorecard struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Source AllCertifyScorecardSource `json:"source"` - - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` -} - -func (v *NodeNodeCertifyScorecard) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeCertifyScorecard) __premarshalJSON() (*__premarshalNodeNodeCertifyScorecard, error) { - var retval __premarshalNodeNodeCertifyScorecard - - retval.Typename = v.Typename - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard - return &retval, nil -} - -// NodeNodeCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. -// -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type NodeNodeCertifyVEXStatement struct { - Typename *string `json:"__typename"` - AllCertifyVEXStatement `json:"-"` -} - -// GetTypename returns NodeNodeCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } - -// GetSubject returns NodeNodeCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns NodeNodeCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} - -// GetStatus returns NodeNodeCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } - -// GetVexJustification returns NodeNodeCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} - -// GetStatement returns NodeNodeCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} - -// GetStatusNotes returns NodeNodeCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes -} - -// GetKnownSince returns NodeNodeCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince -} - -// GetOrigin returns NodeNodeCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } - -// GetCollector returns NodeNodeCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector -} - -func (v *NodeNodeCertifyVEXStatement) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodeNodeCertifyVEXStatement - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCertifyVEXStatement = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) - if err != nil { - return err - } - return nil -} - -type __premarshalNodeNodeCertifyVEXStatement struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` - - Statement string `json:"statement"` - - StatusNotes string `json:"statusNotes"` - - KnownSince time.Time `json:"knownSince"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` -} - -func (v *NodeNodeCertifyVEXStatement) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err + switch tn.TypeName { + case "Artifact": + *v = new(NeighborsNeighborsArtifact) + return json.Unmarshal(b, *v) + case "Builder": + *v = new(NeighborsNeighborsBuilder) + return json.Unmarshal(b, *v) + case "CertifyBad": + *v = new(NeighborsNeighborsCertifyBad) + return json.Unmarshal(b, *v) + case "CertifyGood": + *v = new(NeighborsNeighborsCertifyGood) + return json.Unmarshal(b, *v) + case "CertifyScorecard": + *v = new(NeighborsNeighborsCertifyScorecard) + return json.Unmarshal(b, *v) + case "CertifyVEXStatement": + *v = new(NeighborsNeighborsCertifyVEXStatement) + return json.Unmarshal(b, *v) + case "CertifyVuln": + *v = new(NeighborsNeighborsCertifyVuln) + return json.Unmarshal(b, *v) + case "HasMetadata": + *v = new(NeighborsNeighborsHasMetadata) + return json.Unmarshal(b, *v) + case "HasSBOM": + *v = new(NeighborsNeighborsHasSBOM) + return json.Unmarshal(b, *v) + case "HasSLSA": + *v = new(NeighborsNeighborsHasSLSA) + return json.Unmarshal(b, *v) + case "HasSourceAt": + *v = new(NeighborsNeighborsHasSourceAt) + return json.Unmarshal(b, *v) + case "HashEqual": + *v = new(NeighborsNeighborsHashEqual) + return json.Unmarshal(b, *v) + case "IsDependency": + *v = new(NeighborsNeighborsIsDependency) + return json.Unmarshal(b, *v) + case "IsOccurrence": + *v = new(NeighborsNeighborsIsOccurrence) + return json.Unmarshal(b, *v) + case "Package": + *v = new(NeighborsNeighborsPackage) + return json.Unmarshal(b, *v) + case "PkgEqual": + *v = new(NeighborsNeighborsPkgEqual) + return json.Unmarshal(b, *v) + case "PointOfContact": + *v = new(NeighborsNeighborsPointOfContact) + return json.Unmarshal(b, *v) + case "Source": + *v = new(NeighborsNeighborsSource) + return json.Unmarshal(b, *v) + case "VulnEqual": + *v = new(NeighborsNeighborsVulnEqual) + return json.Unmarshal(b, *v) + case "Vulnerability": + *v = new(NeighborsNeighborsVulnerability) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing Node.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for NeighborsNeighborsNode: "%v"`, tn.TypeName) } - return json.Marshal(premarshaled) } -func (v *NodeNodeCertifyVEXStatement) __premarshalJSON() (*__premarshalNodeNodeCertifyVEXStatement, error) { - var retval __premarshalNodeNodeCertifyVEXStatement +func __marshalNeighborsNeighborsNode(v *NeighborsNeighborsNode) ([]byte, error) { - retval.Typename = v.Typename - retval.Id = v.AllCertifyVEXStatement.Id - { + var typename string + switch v := (*v).(type) { + case *NeighborsNeighborsArtifact: + typename = "Artifact" - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) + premarshaled, err := v.__premarshalJSON() if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) + return nil, err } - } - { + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsBuilder: + typename = "Builder" - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) + premarshaled, err := v.__premarshalJSON() if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) + return nil, err } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector - return &retval, nil -} - -// NodeNodeCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. -// The GraphQL type's documentation follows. -// -// CertifyVuln is an attestation to attach vulnerability information to a package. -// -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type NodeNodeCertifyVuln struct { - Typename *string `json:"__typename"` - AllCertifyVuln `json:"-"` -} - -// GetTypename returns NodeNodeCertifyVuln.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVuln) GetTypename() *string { return v.Typename } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsBuilder + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsCertifyBad: + typename = "CertifyBad" -// GetId returns NodeNodeCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsCertifyBad + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsCertifyGood: + typename = "CertifyGood" -// GetPackage returns NodeNodeCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsCertifyGood + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsCertifyScorecard: + typename = "CertifyScorecard" -// GetVulnerability returns NodeNodeCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsCertifyScorecard + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsCertifyVEXStatement: + typename = "CertifyVEXStatement" -// GetMetadata returns NodeNodeCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *NodeNodeCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsCertifyVEXStatement + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsCertifyVuln: + typename = "CertifyVuln" -func (v *NodeNodeCertifyVuln) UnmarshalJSON(b []byte) error { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsCertifyVuln + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsHasMetadata: + typename = "HasMetadata" - if string(b) == "null" { - return nil - } + result := struct { + TypeName string `json:"__typename"` + *NeighborsNeighborsHasMetadata + }{typename, v} + return json.Marshal(result) + case *NeighborsNeighborsHasSBOM: + typename = "HasSBOM" - var firstPass struct { - *NodeNodeCertifyVuln - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeCertifyVuln = v + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsHasSBOM + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsHasSLSA: + typename = "HasSLSA" - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsHasSLSA + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsHasSourceAt: + typename = "HasSourceAt" - err = json.Unmarshal( - b, &v.AllCertifyVuln) - if err != nil { - return err - } - return nil -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsHasSourceAt + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsHashEqual: + typename = "HashEqual" -type __premarshalNodeNodeCertifyVuln struct { - Typename *string `json:"__typename"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsHashEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsIsDependency: + typename = "IsDependency" - Id string `json:"id"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsIsDependency + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsIsOccurrence: + typename = "IsOccurrence" - Package AllCertifyVulnPackage `json:"package"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsIsOccurrence + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsPackage: + typename = "Package" - Vulnerability json.RawMessage `json:"vulnerability"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsPackage + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsPkgEqual: + typename = "PkgEqual" - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsPkgEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsPointOfContact: + typename = "PointOfContact" -func (v *NodeNodeCertifyVuln) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsPointOfContact + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsSource: + typename = "Source" -func (v *NodeNodeCertifyVuln) __premarshalJSON() (*__premarshalNodeNodeCertifyVuln, error) { - var retval __premarshalNodeNodeCertifyVuln + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsSource + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsVulnEqual: + typename = "VulnEqual" - retval.Typename = v.Typename - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package - { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsVulnEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NeighborsNeighborsVulnerability: + typename = "Vulnerability" - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability - var err error - *dst, err = __marshalAllCertifyVulnVulnerability( - &src) + premarshaled, err := v.__premarshalJSON() if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) + return nil, err } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNeighborsNeighborsVulnerability + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for NeighborsNeighborsNode: "%T"`, v) } - retval.Metadata = v.AllCertifyVuln.Metadata - return &retval, nil } -// NodeNodeGHSA includes the requested fields of the GraphQL type GHSA. +// NeighborsNeighborsPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// This node can be referred to by other parts of GUAC. -type NodeNodeGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type NeighborsNeighborsPackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetTypename returns NodeNodeGHSA.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeGHSA) GetTypename() *string { return v.Typename } +// GetTypename returns NeighborsNeighborsPackage.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPackage) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsPackage.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPackage) GetId() string { return v.AllPkgTree.Id } -// GetId returns NodeNodeGHSA.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeGHSA) GetId() string { return v.AllGHSATree.Id } +// GetType returns NeighborsNeighborsPackage.Type, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPackage) GetType() string { return v.AllPkgTree.Type } -// GetGhsaId returns NodeNodeGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *NodeNodeGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetNamespaces returns NeighborsNeighborsPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} -func (v *NodeNodeGHSA) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeGHSA + *NeighborsNeighborsPackage graphql.NoUnmarshalJSON } - firstPass.NodeNodeGHSA = v + firstPass.NeighborsNeighborsPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16338,22 +12537,24 @@ func (v *NodeNodeGHSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalNodeNodeGHSA struct { +type __premarshalNeighborsNeighborsPackage struct { Typename *string `json:"__typename"` Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Type string `json:"type"` + + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *NodeNodeGHSA) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16361,85 +12562,56 @@ func (v *NodeNodeGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeGHSA) __premarshalJSON() (*__premarshalNodeNodeGHSA, error) { - var retval __premarshalNodeNodeGHSA +func (v *NeighborsNeighborsPackage) __premarshalJSON() (*__premarshalNeighborsNeighborsPackage, error) { + var retval __premarshalNeighborsNeighborsPackage retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// NodeNodeHasMetadata includes the requested fields of the GraphQL type HasMetadata. +// NeighborsNeighborsPkgEqual includes the requested fields of the GraphQL type PkgEqual. // The GraphQL type's documentation follows. // -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". -// -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. -// -// Justification indicates how the metadata was determined. -// -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodeNodeHasMetadata struct { - Typename *string `json:"__typename"` +// PkgEqual is an attestation that a set of packages are similar. +type NeighborsNeighborsPkgEqual struct { + Typename *string `json:"__typename"` + AllPkgEqual `json:"-"` } -// GetTypename returns NodeNodeHasMetadata.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeHasMetadata) GetTypename() *string { return v.Typename } - -// NodeNodeHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type NodeNodeHasSBOM struct { - Typename *string `json:"__typename"` - AllHasSBOMTree `json:"-"` -} +// GetTypename returns NeighborsNeighborsPkgEqual.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetTypename() *string { return v.Typename } -// GetTypename returns NodeNodeHasSBOM.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetTypename() *string { return v.Typename } +// GetId returns NeighborsNeighborsPkgEqual.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetId() string { return v.AllPkgEqual.Id } -// GetId returns NodeNodeHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } +// GetJustification returns NeighborsNeighborsPkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } -// GetSubject returns NodeNodeHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// GetPackages returns NeighborsNeighborsPkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { + return v.AllPkgEqual.Packages } -// GetUri returns NodeNodeHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns NodeNodeHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } - -// GetDigest returns NodeNodeHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } - -// GetDownloadLocation returns NodeNodeHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } - -// GetOrigin returns NodeNodeHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } +// GetOrigin returns NeighborsNeighborsPkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } -// GetCollector returns NodeNodeHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } +// GetCollector returns NeighborsNeighborsPkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } -func (v *NodeNodeHasSBOM) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsPkgEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeHasSBOM + *NeighborsNeighborsPkgEqual graphql.NoUnmarshalJSON } - firstPass.NodeNodeHasSBOM = v + firstPass.NeighborsNeighborsPkgEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16447,34 +12619,28 @@ func (v *NodeNodeHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllPkgEqual) if err != nil { return err } return nil } -type __premarshalNodeNodeHasSBOM struct { +type __premarshalNeighborsNeighborsPkgEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` + Justification string `json:"justification"` - DownloadLocation string `json:"downloadLocation"` + Packages []AllPkgEqualPackagesPackage `json:"packages"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodeNodeHasSBOM) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsPkgEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16482,64 +12648,91 @@ func (v *NodeNodeHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeHasSBOM) __premarshalJSON() (*__premarshalNodeNodeHasSBOM, error) { - var retval __premarshalNodeNodeHasSBOM +func (v *NeighborsNeighborsPkgEqual) __premarshalJSON() (*__premarshalNeighborsNeighborsPkgEqual, error) { + var retval __premarshalNeighborsNeighborsPkgEqual retval.Typename = v.Typename - retval.Id = v.AllHasSBOMTree.Id - { - - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllPkgEqual.Id + retval.Justification = v.AllPkgEqual.Justification + retval.Packages = v.AllPkgEqual.Packages + retval.Origin = v.AllPkgEqual.Origin + retval.Collector = v.AllPkgEqual.Collector return &retval, nil } -// NodeNodeHasSLSA includes the requested fields of the GraphQL type HasSLSA. -// The GraphQL type's documentation follows. -// -// HasSLSA records that a subject node has a SLSA attestation. -type NodeNodeHasSLSA struct { - Typename *string `json:"__typename"` - AllSLSATree `json:"-"` +// NeighborsNeighborsPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// The GraphQL type's documentation follows. +// +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type NeighborsNeighborsPointOfContact struct { + Typename *string `json:"__typename"` + AllPointOfContact `json:"-"` +} + +// GetTypename returns NeighborsNeighborsPointOfContact.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetTypename() *string { return v.Typename } + +// GetId returns NeighborsNeighborsPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetId() string { return v.AllPointOfContact.Id } + +// GetSubject returns NeighborsNeighborsPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject } -// GetTypename returns NodeNodeHasSLSA.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSLSA) GetTypename() *string { return v.Typename } +// GetEmail returns NeighborsNeighborsPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } -// GetId returns NodeNodeHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSLSA) GetId() string { return v.AllSLSATree.Id } +// GetInfo returns NeighborsNeighborsPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } -// GetSubject returns NodeNodeHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } +// GetSince returns NeighborsNeighborsPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } -// GetSlsa returns NodeNodeHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } +// GetJustification returns NeighborsNeighborsPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetJustification() string { + return v.AllPointOfContact.Justification +} -func (v *NodeNodeHasSLSA) UnmarshalJSON(b []byte) error { +// GetOrigin returns NeighborsNeighborsPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } + +// GetCollector returns NeighborsNeighborsPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsPointOfContact) GetCollector() string { + return v.AllPointOfContact.Collector +} + +func (v *NeighborsNeighborsPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeHasSLSA + *NeighborsNeighborsPointOfContact graphql.NoUnmarshalJSON } - firstPass.NodeNodeHasSLSA = v + firstPass.NeighborsNeighborsPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16547,24 +12740,34 @@ func (v *NodeNodeHasSLSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSLSATree) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalNodeNodeHasSLSA struct { +type __premarshalNeighborsNeighborsPointOfContact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject AllSLSATreeSubjectArtifact `json:"subject"` + Subject json.RawMessage `json:"subject"` - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` + Email string `json:"email"` + + Info string `json:"info"` + + Since time.Time `json:"since"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodeNodeHasSLSA) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16572,60 +12775,76 @@ func (v *NodeNodeHasSLSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeHasSLSA) __premarshalJSON() (*__premarshalNodeNodeHasSLSA, error) { - var retval __premarshalNodeNodeHasSLSA +func (v *NeighborsNeighborsPointOfContact) __premarshalJSON() (*__premarshalNeighborsNeighborsPointOfContact, error) { + var retval __premarshalNeighborsNeighborsPointOfContact retval.Typename = v.Typename - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa + retval.Id = v.AllPointOfContact.Id + { + + dst := &retval.Subject + src := v.AllPointOfContact.Subject + var err error + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsNeighborsPointOfContact.AllPointOfContact.Subject: %w", err) + } + } + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// NodeNodeHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. +// NeighborsNeighborsSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// HasSourceAt records that a package's repository is a given source. -type NodeNodeHasSourceAt struct { - Typename *string `json:"__typename"` - AllHasSourceAt `json:"-"` +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type NeighborsNeighborsSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetTypename returns NodeNodeHasSourceAt.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } - -// GetJustification returns NodeNodeHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } - -// GetKnownSince returns NodeNodeHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } - -// GetPackage returns NodeNodeHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } +// GetTypename returns NeighborsNeighborsSource.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsSource) GetTypename() *string { return v.Typename } -// GetSource returns NodeNodeHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } +// GetId returns NeighborsNeighborsSource.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsSource) GetId() string { return v.AllSourceTree.Id } -// GetOrigin returns NodeNodeHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } +// GetType returns NeighborsNeighborsSource.Type, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsSource) GetType() string { return v.AllSourceTree.Type } -// GetCollector returns NodeNodeHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } +// GetNamespaces returns NeighborsNeighborsSource.Namespaces, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} -func (v *NodeNodeHasSourceAt) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeHasSourceAt + *NeighborsNeighborsSource graphql.NoUnmarshalJSON } - firstPass.NodeNodeHasSourceAt = v + firstPass.NeighborsNeighborsSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16633,32 +12852,24 @@ func (v *NodeNodeHasSourceAt) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSourceAt) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalNodeNodeHasSourceAt struct { +type __premarshalNeighborsNeighborsSource struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - KnownSince time.Time `json:"knownSince"` - - Package AllHasSourceAtPackage `json:"package"` - - Source AllHasSourceAtSource `json:"source"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *NodeNodeHasSourceAt) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16666,60 +12877,58 @@ func (v *NodeNodeHasSourceAt) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeHasSourceAt) __premarshalJSON() (*__premarshalNodeNodeHasSourceAt, error) { - var retval __premarshalNodeNodeHasSourceAt +func (v *NeighborsNeighborsSource) __premarshalJSON() (*__premarshalNeighborsNeighborsSource, error) { + var retval __premarshalNeighborsNeighborsSource retval.Typename = v.Typename - retval.Id = v.AllHasSourceAt.Id - retval.Justification = v.AllHasSourceAt.Justification - retval.KnownSince = v.AllHasSourceAt.KnownSince - retval.Package = v.AllHasSourceAt.Package - retval.Source = v.AllHasSourceAt.Source - retval.Origin = v.AllHasSourceAt.Origin - retval.Collector = v.AllHasSourceAt.Collector + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// NodeNodeHashEqual includes the requested fields of the GraphQL type HashEqual. +// NeighborsNeighborsVulnEqual includes the requested fields of the GraphQL type VulnEqual. // The GraphQL type's documentation follows. // -// HashEqual is an attestation that a set of artifacts are identical. -type NodeNodeHashEqual struct { - Typename *string `json:"__typename"` - AllHashEqualTree `json:"-"` +// VulnEqual is an attestation to link two vulnerabilities together as being equal" +// +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type NeighborsNeighborsVulnEqual struct { + Typename *string `json:"__typename"` + AllVulnEqual `json:"-"` } -// GetTypename returns NodeNodeHashEqual.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeHashEqual.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetId() string { return v.AllHashEqualTree.Id } +// GetTypename returns NeighborsNeighborsVulnEqual.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetTypename() *string { return v.Typename } -// GetJustification returns NodeNodeHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } +// GetId returns NeighborsNeighborsVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetId() string { return v.AllVulnEqual.Id } -// GetArtifacts returns NodeNodeHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts +// GetVulnerabilities returns NeighborsNeighborsVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.AllVulnEqual.Vulnerabilities } -// GetOrigin returns NodeNodeHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } +// GetJustification returns NeighborsNeighborsVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetJustification() string { return v.AllVulnEqual.Justification } -// GetCollector returns NodeNodeHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } +// GetOrigin returns NeighborsNeighborsVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetOrigin() string { return v.AllVulnEqual.Origin } -func (v *NodeNodeHashEqual) UnmarshalJSON(b []byte) error { +// GetCollector returns NeighborsNeighborsVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnEqual) GetCollector() string { return v.AllVulnEqual.Collector } + +func (v *NeighborsNeighborsVulnEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeHashEqual + *NeighborsNeighborsVulnEqual graphql.NoUnmarshalJSON } - firstPass.NodeNodeHashEqual = v + firstPass.NeighborsNeighborsVulnEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16727,28 +12936,28 @@ func (v *NodeNodeHashEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHashEqualTree) + b, &v.AllVulnEqual) if err != nil { return err } return nil } -type __premarshalNodeNodeHashEqual struct { +type __premarshalNeighborsNeighborsVulnEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodeNodeHashEqual) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsVulnEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16756,71 +12965,76 @@ func (v *NodeNodeHashEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeHashEqual) __premarshalJSON() (*__premarshalNodeNodeHashEqual, error) { - var retval __premarshalNodeNodeHashEqual +func (v *NeighborsNeighborsVulnEqual) __premarshalJSON() (*__premarshalNeighborsNeighborsVulnEqual, error) { + var retval __premarshalNeighborsNeighborsVulnEqual retval.Typename = v.Typename - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector + retval.Id = v.AllVulnEqual.Id + retval.Vulnerabilities = v.AllVulnEqual.Vulnerabilities + retval.Justification = v.AllVulnEqual.Justification + retval.Origin = v.AllVulnEqual.Origin + retval.Collector = v.AllVulnEqual.Collector return &retval, nil } -// NodeNodeIsDependency includes the requested fields of the GraphQL type IsDependency. +// NeighborsNeighborsVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type NodeNodeIsDependency struct { - Typename *string `json:"__typename"` - AllIsDependencyTree `json:"-"` -} - -// GetTypename returns NodeNodeIsDependency.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeIsDependency.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetId() string { return v.AllIsDependencyTree.Id } - -// GetJustification returns NodeNodeIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetJustification() string { return v.AllIsDependencyTree.Justification } - -// GetPackage returns NodeNodeIsDependency.Package, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package -} - -// GetDependentPackage returns NodeNodeIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type NeighborsNeighborsVulnerability struct { + Typename *string `json:"__typename"` + AllVulnerabilityTree `json:"-"` } -// GetDependencyType returns NodeNodeIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType -} +// GetTypename returns NeighborsNeighborsVulnerability.Typename, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnerability) GetTypename() *string { return v.Typename } -// GetVersionRange returns NodeNodeIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } +// GetId returns NeighborsNeighborsVulnerability.Id, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetOrigin returns NodeNodeIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } +// GetType returns NeighborsNeighborsVulnerability.Type, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetCollector returns NodeNodeIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } +// GetVulnerabilityIDs returns NeighborsNeighborsVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *NeighborsNeighborsVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs +} -func (v *NodeNodeIsDependency) UnmarshalJSON(b []byte) error { +func (v *NeighborsNeighborsVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeIsDependency + *NeighborsNeighborsVulnerability graphql.NoUnmarshalJSON } - firstPass.NodeNodeIsDependency = v + firstPass.NeighborsNeighborsVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -16828,34 +13042,24 @@ func (v *NodeNodeIsDependency) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsDependencyTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalNodeNodeIsDependency struct { +type __premarshalNeighborsNeighborsVulnerability struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - - DependencyType DependencyType `json:"dependencyType"` - - VersionRange string `json:"versionRange"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *NodeNodeIsDependency) MarshalJSON() ([]byte, error) { +func (v *NeighborsNeighborsVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16863,99 +13067,74 @@ func (v *NodeNodeIsDependency) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeIsDependency) __premarshalJSON() (*__premarshalNodeNodeIsDependency, error) { - var retval __premarshalNodeNodeIsDependency +func (v *NeighborsNeighborsVulnerability) __premarshalJSON() (*__premarshalNeighborsNeighborsVulnerability, error) { + var retval __premarshalNeighborsNeighborsVulnerability retval.Typename = v.Typename - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// NodeNodeIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. -// The GraphQL type's documentation follows. -// -// IsOccurrence is an attestation to link an artifact to a package or source. -// -// Attestation must occur at the PackageVersion or at the SourceName. -type NodeNodeIsOccurrence struct { - Typename *string `json:"__typename"` - AllIsOccurrencesTree `json:"-"` -} - -// GetTypename returns NodeNodeIsOccurrence.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } - -// GetSubject returns NodeNodeIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} - -// GetArtifact returns NodeNodeIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact +// NeighborsResponse is returned by Neighbors on success. +type NeighborsResponse struct { + // neighbors returns all the direct neighbors of a node. + // + // Similarly, the input is only specified by its ID. + // + // Specifying any Edge value in `usingOnly` will make the neighbors list only + // contain the corresponding GUAC evidence trees (GUAC verbs). + Neighbors []NeighborsNeighborsNode `json:"-"` } -// GetJustification returns NodeNodeIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetJustification() string { return v.AllIsOccurrencesTree.Justification } - -// GetOrigin returns NodeNodeIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } - -// GetCollector returns NodeNodeIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } +// GetNeighbors returns NeighborsResponse.Neighbors, and is useful for accessing the field via an interface. +func (v *NeighborsResponse) GetNeighbors() []NeighborsNeighborsNode { return v.Neighbors } -func (v *NodeNodeIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *NeighborsResponse) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeIsOccurrence + *NeighborsResponse + Neighbors []json.RawMessage `json:"neighbors"` graphql.NoUnmarshalJSON } - firstPass.NodeNodeIsOccurrence = v + firstPass.NeighborsResponse = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) - if err != nil { - return err + { + dst := &v.Neighbors + src := firstPass.Neighbors + *dst = make( + []NeighborsNeighborsNode, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + if len(src) != 0 && string(src) != "null" { + err = __unmarshalNeighborsNeighborsNode( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal NeighborsResponse.Neighbors: %w", err) + } + } + } } return nil } -type __premarshalNodeNodeIsOccurrence struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` +type __premarshalNeighborsResponse struct { + Neighbors []json.RawMessage `json:"neighbors"` } -func (v *NodeNodeIsOccurrence) MarshalJSON() ([]byte, error) { +func (v *NeighborsResponse) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -16963,277 +13142,456 @@ func (v *NodeNodeIsOccurrence) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeIsOccurrence) __premarshalJSON() (*__premarshalNodeNodeIsOccurrence, error) { - var retval __premarshalNodeNodeIsOccurrence +func (v *NeighborsResponse) __premarshalJSON() (*__premarshalNeighborsResponse, error) { + var retval __premarshalNeighborsResponse - retval.Typename = v.Typename - retval.Id = v.AllIsOccurrencesTree.Id { - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject - var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + dst := &retval.Neighbors + src := v.Neighbors + *dst = make( + []json.RawMessage, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + var err error + *dst, err = __marshalNeighborsNeighborsNode( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NeighborsResponse.Neighbors: %w", err) + } } } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// NodeNodeIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. +// NodeNode includes the requested fields of the GraphQL interface Node. +// +// NodeNode is implemented by the following types: +// NodeNodeArtifact +// NodeNodeBuilder +// NodeNodeCertifyBad +// NodeNodeCertifyGood +// NodeNodeCertifyScorecard +// NodeNodeCertifyVEXStatement +// NodeNodeCertifyVuln +// NodeNodeHasMetadata +// NodeNodeHasSBOM +// NodeNodeHasSLSA +// NodeNodeHasSourceAt +// NodeNodeHashEqual +// NodeNodeIsDependency +// NodeNodeIsOccurrence +// NodeNodePackage +// NodeNodePkgEqual +// NodeNodePointOfContact +// NodeNodeSource +// NodeNodeVulnEqual +// NodeNodeVulnerability // The GraphQL type's documentation follows. // -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type NodeNodeIsVulnerability struct { - Typename *string `json:"__typename"` - AllIsVulnerability `json:"-"` -} - -// GetTypename returns NodeNodeIsVulnerability.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodeIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns NodeNodeIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { return v.AllIsVulnerability.Osv } - -// GetVulnerability returns NodeNodeIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} - -// GetJustification returns NodeNodeIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification +// Node is a union type of all the possible nodes. +// +// It encapsulates the software tree nodes along with the evidence nodes. In a +// path query, all connecting evidence nodes along with their intermediate subject +// nodes need to be returned in order to create a complete graph. +type NodeNode interface { + implementsGraphQLInterfaceNodeNode() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -// GetOrigin returns NodeNodeIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetOrigin() string { return v.AllIsVulnerability.Origin } - -// GetCollector returns NodeNodeIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodeIsVulnerability) GetCollector() string { return v.AllIsVulnerability.Collector } - -func (v *NodeNodeIsVulnerability) UnmarshalJSON(b []byte) error { +func (v *NodeNodeArtifact) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeBuilder) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeCertifyBad) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeCertifyGood) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeCertifyScorecard) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeCertifyVEXStatement) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeCertifyVuln) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeHasMetadata) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeHasSBOM) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeHasSLSA) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeHasSourceAt) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeHashEqual) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeIsDependency) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeIsOccurrence) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodePackage) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodePkgEqual) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodePointOfContact) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeSource) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeVulnEqual) implementsGraphQLInterfaceNodeNode() {} +func (v *NodeNodeVulnerability) implementsGraphQLInterfaceNodeNode() {} +func __unmarshalNodeNode(b []byte, v *NodeNode) error { if string(b) == "null" { return nil } - var firstPass struct { - *NodeNodeIsVulnerability - graphql.NoUnmarshalJSON + var tn struct { + TypeName string `json:"__typename"` } - firstPass.NodeNodeIsVulnerability = v - - err := json.Unmarshal(b, &firstPass) + err := json.Unmarshal(b, &tn) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllIsVulnerability) - if err != nil { - return err + switch tn.TypeName { + case "Artifact": + *v = new(NodeNodeArtifact) + return json.Unmarshal(b, *v) + case "Builder": + *v = new(NodeNodeBuilder) + return json.Unmarshal(b, *v) + case "CertifyBad": + *v = new(NodeNodeCertifyBad) + return json.Unmarshal(b, *v) + case "CertifyGood": + *v = new(NodeNodeCertifyGood) + return json.Unmarshal(b, *v) + case "CertifyScorecard": + *v = new(NodeNodeCertifyScorecard) + return json.Unmarshal(b, *v) + case "CertifyVEXStatement": + *v = new(NodeNodeCertifyVEXStatement) + return json.Unmarshal(b, *v) + case "CertifyVuln": + *v = new(NodeNodeCertifyVuln) + return json.Unmarshal(b, *v) + case "HasMetadata": + *v = new(NodeNodeHasMetadata) + return json.Unmarshal(b, *v) + case "HasSBOM": + *v = new(NodeNodeHasSBOM) + return json.Unmarshal(b, *v) + case "HasSLSA": + *v = new(NodeNodeHasSLSA) + return json.Unmarshal(b, *v) + case "HasSourceAt": + *v = new(NodeNodeHasSourceAt) + return json.Unmarshal(b, *v) + case "HashEqual": + *v = new(NodeNodeHashEqual) + return json.Unmarshal(b, *v) + case "IsDependency": + *v = new(NodeNodeIsDependency) + return json.Unmarshal(b, *v) + case "IsOccurrence": + *v = new(NodeNodeIsOccurrence) + return json.Unmarshal(b, *v) + case "Package": + *v = new(NodeNodePackage) + return json.Unmarshal(b, *v) + case "PkgEqual": + *v = new(NodeNodePkgEqual) + return json.Unmarshal(b, *v) + case "PointOfContact": + *v = new(NodeNodePointOfContact) + return json.Unmarshal(b, *v) + case "Source": + *v = new(NodeNodeSource) + return json.Unmarshal(b, *v) + case "VulnEqual": + *v = new(NodeNodeVulnEqual) + return json.Unmarshal(b, *v) + case "Vulnerability": + *v = new(NodeNodeVulnerability) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing Node.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for NodeNode: "%v"`, tn.TypeName) } - return nil } -type __premarshalNodeNodeIsVulnerability struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` +func __marshalNodeNode(v *NodeNode) ([]byte, error) { - Collector string `json:"collector"` -} + var typename string + switch v := (*v).(type) { + case *NodeNodeArtifact: + typename = "Artifact" -func (v *NodeNodeIsVulnerability) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeBuilder: + typename = "Builder" -func (v *NodeNodeIsVulnerability) __premarshalJSON() (*__premarshalNodeNodeIsVulnerability, error) { - var retval __premarshalNodeNodeIsVulnerability + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeBuilder + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeCertifyBad: + typename = "CertifyBad" - retval.Typename = v.Typename - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeCertifyBad + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeCertifyGood: + typename = "CertifyGood" - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) + premarshaled, err := v.__premarshalJSON() if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeNodeIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) + return nil, err } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector - return &retval, nil -} + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeCertifyGood + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeCertifyScorecard: + typename = "CertifyScorecard" -// NodeNodeNoVuln includes the requested fields of the GraphQL type NoVuln. -// The GraphQL type's documentation follows. -// -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type NodeNodeNoVuln struct { - Typename *string `json:"__typename"` - Id string `json:"id"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeCertifyScorecard + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeCertifyVEXStatement: + typename = "CertifyVEXStatement" -// GetTypename returns NodeNodeNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeNoVuln) GetTypename() *string { return v.Typename } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeCertifyVEXStatement + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeCertifyVuln: + typename = "CertifyVuln" -// GetId returns NodeNodeNoVuln.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeNoVuln) GetId() string { return v.Id } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeCertifyVuln + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeHasMetadata: + typename = "HasMetadata" -// NodeNodeOSV includes the requested fields of the GraphQL type OSV. -// The GraphQL type's documentation follows. -// -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). -// -// This node can be referred to by other parts of GUAC. -type NodeNodeOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` -} + result := struct { + TypeName string `json:"__typename"` + *NodeNodeHasMetadata + }{typename, v} + return json.Marshal(result) + case *NodeNodeHasSBOM: + typename = "HasSBOM" -// GetTypename returns NodeNodeOSV.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeOSV) GetTypename() *string { return v.Typename } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeHasSBOM + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeHasSLSA: + typename = "HasSLSA" -// GetId returns NodeNodeOSV.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeOSV) GetId() string { return v.AllOSVTree.Id } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeHasSLSA + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeHasSourceAt: + typename = "HasSourceAt" -// GetOsvId returns NodeNodeOSV.OsvId, and is useful for accessing the field via an interface. -func (v *NodeNodeOSV) GetOsvId() string { return v.AllOSVTree.OsvId } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeHasSourceAt + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeHashEqual: + typename = "HashEqual" -func (v *NodeNodeOSV) UnmarshalJSON(b []byte) error { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeHashEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeIsDependency: + typename = "IsDependency" - if string(b) == "null" { - return nil - } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeIsDependency + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeIsOccurrence: + typename = "IsOccurrence" - var firstPass struct { - *NodeNodeOSV - graphql.NoUnmarshalJSON - } - firstPass.NodeNodeOSV = v + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeIsOccurrence + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodePackage: + typename = "Package" - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodePackage + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodePkgEqual: + typename = "PkgEqual" - err = json.Unmarshal( - b, &v.AllOSVTree) - if err != nil { - return err - } - return nil -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodePkgEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodePointOfContact: + typename = "PointOfContact" -type __premarshalNodeNodeOSV struct { - Typename *string `json:"__typename"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodePointOfContact + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeSource: + typename = "Source" - Id string `json:"id"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeSource + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeVulnEqual: + typename = "VulnEqual" - OsvId string `json:"osvId"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeVulnEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodeNodeVulnerability: + typename = "Vulnerability" -func (v *NodeNodeOSV) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodeNodeVulnerability + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for NodeNode: "%T"`, v) } - return json.Marshal(premarshaled) -} - -func (v *NodeNodeOSV) __premarshalJSON() (*__premarshalNodeNodeOSV, error) { - var retval __premarshalNodeNodeOSV - - retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId - return &retval, nil } -// NodeNodePackage includes the requested fields of the GraphQL type Package. +// NodeNodeArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// Artifact represents an artifact identified by a checksum hash. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type NodeNodePackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type NodeNodeArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` } -// GetTypename returns NodeNodePackage.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodePackage) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodeArtifact.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeArtifact) GetTypename() *string { return v.Typename } -// GetId returns NodeNodePackage.Id, and is useful for accessing the field via an interface. -func (v *NodeNodePackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns NodeNodeArtifact.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetType returns NodeNodePackage.Type, and is useful for accessing the field via an interface. -func (v *NodeNodePackage) GetType() string { return v.AllPkgTree.Type } +// GetAlgorithm returns NodeNodeArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *NodeNodeArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetNamespaces returns NodeNodePackage.Namespaces, and is useful for accessing the field via an interface. -func (v *NodeNodePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces -} +// GetDigest returns NodeNodeArtifact.Digest, and is useful for accessing the field via an interface. +func (v *NodeNodeArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *NodeNodePackage) UnmarshalJSON(b []byte) error { +func (v *NodeNodeArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodePackage + *NodeNodeArtifact graphql.NoUnmarshalJSON } - firstPass.NodeNodePackage = v + firstPass.NodeNodeArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17241,24 +13599,24 @@ func (v *NodeNodePackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalNodeNodePackage struct { +type __premarshalNodeNodeArtifact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Type string `json:"type"` + Algorithm string `json:"algorithm"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Digest string `json:"digest"` } -func (v *NodeNodePackage) MarshalJSON() ([]byte, error) { +func (v *NodeNodeArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17266,54 +13624,47 @@ func (v *NodeNodePackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodePackage) __premarshalJSON() (*__premarshalNodeNodePackage, error) { - var retval __premarshalNodeNodePackage +func (v *NodeNodeArtifact) __premarshalJSON() (*__premarshalNodeNodeArtifact, error) { + var retval __premarshalNodeNodeArtifact retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// NodeNodePkgEqual includes the requested fields of the GraphQL type PkgEqual. +// NodeNodeBuilder includes the requested fields of the GraphQL type Builder. // The GraphQL type's documentation follows. // -// PkgEqual is an attestation that a set of packages are similar. -type NodeNodePkgEqual struct { - Typename *string `json:"__typename"` - AllPkgEqual `json:"-"` +// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// +// Currently builders are identified by the uri field. +type NodeNodeBuilder struct { + Typename *string `json:"__typename"` + AllBuilderTree `json:"-"` } -// GetTypename returns NodeNodePkgEqual.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodePkgEqual.Id, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetId() string { return v.AllPkgEqual.Id } - -// GetJustification returns NodeNodePkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } - -// GetPackages returns NodeNodePkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.AllPkgEqual.Packages } +// GetTypename returns NodeNodeBuilder.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeBuilder) GetTypename() *string { return v.Typename } -// GetOrigin returns NodeNodePkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } +// GetId returns NodeNodeBuilder.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeBuilder) GetId() string { return v.AllBuilderTree.Id } -// GetCollector returns NodeNodePkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodePkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } +// GetUri returns NodeNodeBuilder.Uri, and is useful for accessing the field via an interface. +func (v *NodeNodeBuilder) GetUri() string { return v.AllBuilderTree.Uri } -func (v *NodeNodePkgEqual) UnmarshalJSON(b []byte) error { +func (v *NodeNodeBuilder) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodePkgEqual + *NodeNodeBuilder graphql.NoUnmarshalJSON } - firstPass.NodeNodePkgEqual = v + firstPass.NodeNodeBuilder = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17321,28 +13672,22 @@ func (v *NodeNodePkgEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgEqual) + b, &v.AllBuilderTree) if err != nil { return err } return nil } -type __premarshalNodeNodePkgEqual struct { +type __premarshalNodeNodeBuilder struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Packages []AllPkgEqualPackagesPackage `json:"packages"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` + Uri string `json:"uri"` } -func (v *NodeNodePkgEqual) MarshalJSON() ([]byte, error) { +func (v *NodeNodeBuilder) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17350,87 +13695,65 @@ func (v *NodeNodePkgEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodePkgEqual) __premarshalJSON() (*__premarshalNodeNodePkgEqual, error) { - var retval __premarshalNodeNodePkgEqual +func (v *NodeNodeBuilder) __premarshalJSON() (*__premarshalNodeNodeBuilder, error) { + var retval __premarshalNodeNodeBuilder retval.Typename = v.Typename - retval.Id = v.AllPkgEqual.Id - retval.Justification = v.AllPkgEqual.Justification - retval.Packages = v.AllPkgEqual.Packages - retval.Origin = v.AllPkgEqual.Origin - retval.Collector = v.AllPkgEqual.Collector + retval.Id = v.AllBuilderTree.Id + retval.Uri = v.AllBuilderTree.Uri return &retval, nil } -// NodeNodePointOfContact includes the requested fields of the GraphQL type PointOfContact. +// NodeNodeCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector // that collected the document (collector). // -// The attestation applies to a subject which is a package, source, or artifact. +// The certification applies to a subject which is a package, source, or artifact. // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type NodeNodePointOfContact struct { - Typename *string `json:"__typename"` - AllPointOfContact `json:"-"` -} - -// GetTypename returns NodeNodePointOfContact.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetTypename() *string { return v.Typename } - -// GetId returns NodeNodePointOfContact.Id, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetId() string { return v.AllPointOfContact.Id } - -// GetSubject returns NodeNodePointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject +type NodeNodeCertifyBad struct { + Typename *string `json:"__typename"` + AllCertifyBad `json:"-"` } -// GetEmail returns NodeNodePointOfContact.Email, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetEmail() string { return v.AllPointOfContact.Email } +// GetTypename returns NodeNodeCertifyBad.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetTypename() *string { return v.Typename } -// GetInfo returns NodeNodePointOfContact.Info, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetInfo() string { return v.AllPointOfContact.Info } +// GetId returns NodeNodeCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetSince returns NodeNodePointOfContact.Since, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } +// GetJustification returns NodeNodeCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } -// GetJustification returns NodeNodePointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetJustification() string { return v.AllPointOfContact.Justification } +// GetSubject returns NodeNodeCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject +} -// GetOrigin returns NodeNodePointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } +// GetOrigin returns NodeNodeCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } -// GetCollector returns NodeNodePointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *NodeNodePointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } +// GetCollector returns NodeNodeCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } -func (v *NodeNodePointOfContact) UnmarshalJSON(b []byte) error { +func (v *NodeNodeCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodePointOfContact + *NodeNodeCertifyBad graphql.NoUnmarshalJSON } - firstPass.NodeNodePointOfContact = v + firstPass.NodeNodeCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17438,34 +13761,28 @@ func (v *NodeNodePointOfContact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPointOfContact) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalNodeNodePointOfContact struct { +type __premarshalNodeNodeCertifyBad struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` - - Info string `json:"info"` - - Since time.Time `json:"since"` - Justification string `json:"justification"` + Subject json.RawMessage `json:"subject"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodeNodePointOfContact) MarshalJSON() ([]byte, error) { +func (v *NodeNodeCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17473,76 +13790,79 @@ func (v *NodeNodePointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodePointOfContact) __premarshalJSON() (*__premarshalNodeNodePointOfContact, error) { - var retval __premarshalNodeNodePointOfContact +func (v *NodeNodeCertifyBad) __premarshalJSON() (*__premarshalNodeNodeCertifyBad, error) { + var retval __premarshalNodeNodeCertifyBad retval.Typename = v.Typename - retval.Id = v.AllPointOfContact.Id + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification { dst := &retval.Subject - src := v.AllPointOfContact.Subject + src := v.AllCertifyBad.Subject var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal NodeNodePointOfContact.AllPointOfContact.Subject: %w", err) + "unable to marshal NodeNodeCertifyBad.AllCertifyBad.Subject: %w", err) } } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// NodeNodeSource includes the requested fields of the GraphQL type Source. +// NodeNodeCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type NodeNodeSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NodeNodeCertifyGood struct { + Typename *string `json:"__typename"` + AllCertifyGood `json:"-"` } -// GetTypename returns NodeNodeSource.Typename, and is useful for accessing the field via an interface. -func (v *NodeNodeSource) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodeCertifyGood.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetTypename() *string { return v.Typename } -// GetId returns NodeNodeSource.Id, and is useful for accessing the field via an interface. -func (v *NodeNodeSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns NodeNodeCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetType returns NodeNodeSource.Type, and is useful for accessing the field via an interface. -func (v *NodeNodeSource) GetType() string { return v.AllSourceTree.Type } +// GetJustification returns NodeNodeCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } -// GetNamespaces returns NodeNodeSource.Namespaces, and is useful for accessing the field via an interface. -func (v *NodeNodeSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetSubject returns NodeNodeCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -func (v *NodeNodeSource) UnmarshalJSON(b []byte) error { +// GetOrigin returns NodeNodeCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } + +// GetCollector returns NodeNodeCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } + +func (v *NodeNodeCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeNodeSource + *NodeNodeCertifyGood graphql.NoUnmarshalJSON } - firstPass.NodeNodeSource = v + firstPass.NodeNodeCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17550,24 +13870,28 @@ func (v *NodeNodeSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalNodeNodeSource struct { +type __premarshalNodeNodeCertifyGood struct { Typename *string `json:"__typename"` Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodeNodeSource) MarshalJSON() ([]byte, error) { +func (v *NodeNodeCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17575,65 +13899,91 @@ func (v *NodeNodeSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeNodeSource) __premarshalJSON() (*__premarshalNodeNodeSource, error) { - var retval __premarshalNodeNodeSource +func (v *NodeNodeCertifyGood) __premarshalJSON() (*__premarshalNodeNodeCertifyGood, error) { + var retval __premarshalNodeNodeCertifyGood retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification + { + + dst := &retval.Subject + src := v.AllCertifyGood.Subject + var err error + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodeNodeCertifyGood.AllCertifyGood.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// NodeResponse is returned by Node on success. -type NodeResponse struct { - // node returns a single node, regardless of type. - // - // The input is only specified by its ID. - Node NodeNode `json:"-"` +// NodeNodeCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. +// The GraphQL type's documentation follows. +// +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type NodeNodeCertifyScorecard struct { + Typename *string `json:"__typename"` + AllCertifyScorecard `json:"-"` } -// GetNode returns NodeResponse.Node, and is useful for accessing the field via an interface. -func (v *NodeResponse) GetNode() NodeNode { return v.Node } +// GetTypename returns NodeNodeCertifyScorecard.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyScorecard) GetTypename() *string { return v.Typename } -func (v *NodeResponse) UnmarshalJSON(b []byte) error { +// GetId returns NodeNodeCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } + +// GetSource returns NodeNodeCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source +} + +// GetScorecard returns NodeNodeCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard +} + +func (v *NodeNodeCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodeResponse - Node json.RawMessage `json:"node"` + *NodeNodeCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.NodeResponse = v + firstPass.NodeNodeCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - { - dst := &v.Node - src := firstPass.Node - if len(src) != 0 && string(src) != "null" { - err = __unmarshalNodeNode( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal NodeResponse.Node: %w", err) - } - } + err = json.Unmarshal( + b, &v.AllCertifyScorecard) + if err != nil { + return err } return nil } -type __premarshalNodeResponse struct { - Node json.RawMessage `json:"node"` +type __premarshalNodeNodeCertifyScorecard struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + + Source AllCertifyScorecardSource `json:"source"` + + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *NodeResponse) MarshalJSON() ([]byte, error) { +func (v *NodeNodeCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17641,62 +13991,84 @@ func (v *NodeResponse) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodeResponse) __premarshalJSON() (*__premarshalNodeResponse, error) { - var retval __premarshalNodeResponse - - { +func (v *NodeNodeCertifyScorecard) __premarshalJSON() (*__premarshalNodeNodeCertifyScorecard, error) { + var retval __premarshalNodeNodeCertifyScorecard - dst := &retval.Node - src := v.Node - var err error - *dst, err = __marshalNodeNode( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodeResponse.Node: %w", err) - } - } + retval.Typename = v.Typename + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// NodesNodesArtifact includes the requested fields of the GraphQL type Artifact. +// NodeNodeCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type NodesNodesArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type NodeNodeCertifyVEXStatement struct { + Typename *string `json:"__typename"` + AllCertifyVEXStatement `json:"-"` +} + +// GetTypename returns NodeNodeCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetTypename() *string { return v.Typename } + +// GetId returns NodeNodeCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } + +// GetSubject returns NodeNodeCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject +} + +// GetVulnerability returns NodeNodeCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability +} + +// GetStatus returns NodeNodeCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } + +// GetVexJustification returns NodeNodeCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification } -// GetTypename returns NodesNodesArtifact.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesArtifact) GetTypename() *string { return v.Typename } +// GetStatement returns NodeNodeCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement +} -// GetId returns NodesNodesArtifact.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesArtifact) GetId() string { return v.AllArtifactTree.Id } +// GetStatusNotes returns NodeNodeCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes +} -// GetAlgorithm returns NodesNodesArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *NodesNodesArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } +// GetKnownSince returns NodeNodeCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince +} -// GetDigest returns NodesNodesArtifact.Digest, and is useful for accessing the field via an interface. -func (v *NodesNodesArtifact) GetDigest() string { return v.AllArtifactTree.Digest } +// GetOrigin returns NodeNodeCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } -func (v *NodesNodesArtifact) UnmarshalJSON(b []byte) error { +// GetCollector returns NodeNodeCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector +} + +func (v *NodeNodeCertifyVEXStatement) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesArtifact + *NodeNodeCertifyVEXStatement graphql.NoUnmarshalJSON } - firstPass.NodesNodesArtifact = v + firstPass.NodeNodeCertifyVEXStatement = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17704,24 +14076,38 @@ func (v *NodesNodesArtifact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllArtifactTree) + b, &v.AllCertifyVEXStatement) if err != nil { return err } return nil } -type __premarshalNodesNodesArtifact struct { +type __premarshalNodeNodeCertifyVEXStatement struct { Typename *string `json:"__typename"` Id string `json:"id"` - Algorithm string `json:"algorithm"` + Subject json.RawMessage `json:"subject"` - Digest string `json:"digest"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` + + Status VexStatus `json:"status"` + + VexJustification VexJustification `json:"vexJustification"` + + Statement string `json:"statement"` + + StatusNotes string `json:"statusNotes"` + + KnownSince time.Time `json:"knownSince"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodesNodesArtifact) MarshalJSON() ([]byte, error) { +func (v *NodeNodeCertifyVEXStatement) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17729,47 +14115,77 @@ func (v *NodesNodesArtifact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesArtifact) __premarshalJSON() (*__premarshalNodesNodesArtifact, error) { - var retval __premarshalNodesNodesArtifact +func (v *NodeNodeCertifyVEXStatement) __premarshalJSON() (*__premarshalNodeNodeCertifyVEXStatement, error) { + var retval __premarshalNodeNodeCertifyVEXStatement retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest + retval.Id = v.AllCertifyVEXStatement.Id + { + + dst := &retval.Subject + src := v.AllCertifyVEXStatement.Subject + var err error + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodeNodeCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) + } + } + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector return &retval, nil } -// NodesNodesBuilder includes the requested fields of the GraphQL type Builder. +// NodeNodeCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. // The GraphQL type's documentation follows. // -// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// CertifyVuln is an attestation to attach vulnerability information to a package. // -// Currently builders are identified by the uri field. -type NodesNodesBuilder struct { +// This information is obtained via a scanner. If there is no vulnerability +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type NodeNodeCertifyVuln struct { Typename *string `json:"__typename"` - AllBuilderTree `json:"-"` + AllCertifyVuln `json:"-"` } -// GetTypename returns NodesNodesBuilder.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesBuilder) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodeCertifyVuln.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVuln) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesBuilder.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesBuilder) GetId() string { return v.AllBuilderTree.Id } +// GetId returns NodeNodeCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } -// GetUri returns NodesNodesBuilder.Uri, and is useful for accessing the field via an interface. -func (v *NodesNodesBuilder) GetUri() string { return v.AllBuilderTree.Uri } +// GetPackage returns NodeNodeCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } -func (v *NodesNodesBuilder) UnmarshalJSON(b []byte) error { +// GetVulnerability returns NodeNodeCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { + return v.AllCertifyVuln.Vulnerability +} + +// GetMetadata returns NodeNodeCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *NodeNodeCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { + return v.AllCertifyVuln.Metadata +} + +func (v *NodeNodeCertifyVuln) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesBuilder + *NodeNodeCertifyVuln graphql.NoUnmarshalJSON } - firstPass.NodesNodesBuilder = v + firstPass.NodeNodeCertifyVuln = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17777,22 +14193,26 @@ func (v *NodesNodesBuilder) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllBuilderTree) + b, &v.AllCertifyVuln) if err != nil { return err } return nil } -type __premarshalNodesNodesBuilder struct { +type __premarshalNodeNodeCertifyVuln struct { Typename *string `json:"__typename"` Id string `json:"id"` - Uri string `json:"uri"` + Package AllCertifyVulnPackage `json:"package"` + + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` + + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` } -func (v *NodesNodesBuilder) MarshalJSON() ([]byte, error) { +func (v *NodeNodeCertifyVuln) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17800,56 +14220,87 @@ func (v *NodesNodesBuilder) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesBuilder) __premarshalJSON() (*__premarshalNodesNodesBuilder, error) { - var retval __premarshalNodesNodesBuilder +func (v *NodeNodeCertifyVuln) __premarshalJSON() (*__premarshalNodeNodeCertifyVuln, error) { + var retval __premarshalNodeNodeCertifyVuln retval.Typename = v.Typename - retval.Id = v.AllBuilderTree.Id - retval.Uri = v.AllBuilderTree.Uri + retval.Id = v.AllCertifyVuln.Id + retval.Package = v.AllCertifyVuln.Package + retval.Vulnerability = v.AllCertifyVuln.Vulnerability + retval.Metadata = v.AllCertifyVuln.Metadata return &retval, nil } -// NodesNodesCVE includes the requested fields of the GraphQL type CVE. +// NodeNodeHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. +// Justification indicates how the metadata was determined. // -// This node can be referred to by other parts of GUAC. -type NodesNodesCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NodeNodeHasMetadata struct { + Typename *string `json:"__typename"` +} + +// GetTypename returns NodeNodeHasMetadata.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeHasMetadata) GetTypename() *string { return v.Typename } + +// NodeNodeHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type NodeNodeHasSBOM struct { + Typename *string `json:"__typename"` + AllHasSBOMTree `json:"-"` +} + +// GetTypename returns NodeNodeHasSBOM.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetTypename() *string { return v.Typename } + +// GetId returns NodeNodeHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns NodeNodeHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -// GetTypename returns NodesNodesCVE.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCVE) GetTypename() *string { return v.Typename } +// GetUri returns NodeNodeHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns NodeNodeHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns NodeNodeHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } -// GetId returns NodesNodesCVE.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCVE) GetId() string { return v.AllCveTree.Id } +// GetDownloadLocation returns NodeNodeHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } -// GetYear returns NodesNodesCVE.Year, and is useful for accessing the field via an interface. -func (v *NodesNodesCVE) GetYear() int { return v.AllCveTree.Year } +// GetOrigin returns NodeNodeHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } -// GetCveId returns NodesNodesCVE.CveId, and is useful for accessing the field via an interface. -func (v *NodesNodesCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetCollector returns NodeNodeHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } -func (v *NodesNodesCVE) UnmarshalJSON(b []byte) error { +func (v *NodeNodeHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCVE + *NodeNodeHasSBOM graphql.NoUnmarshalJSON } - firstPass.NodesNodesCVE = v + firstPass.NodeNodeHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17857,24 +14308,34 @@ func (v *NodesNodesCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalNodesNodesCVE struct { +type __premarshalNodeNodeHasSBOM struct { Typename *string `json:"__typename"` Id string `json:"id"` - Year int `json:"year"` + Subject json.RawMessage `json:"subject"` + + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` - CveId string `json:"cveId"` + Collector string `json:"collector"` } -func (v *NodesNodesCVE) MarshalJSON() ([]byte, error) { +func (v *NodeNodeHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17882,66 +14343,64 @@ func (v *NodesNodesCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCVE) __premarshalJSON() (*__premarshalNodesNodesCVE, error) { - var retval __premarshalNodesNodesCVE +func (v *NodeNodeHasSBOM) __premarshalJSON() (*__premarshalNodeNodeHasSBOM, error) { + var retval __premarshalNodeNodeHasSBOM retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Id = v.AllHasSBOMTree.Id + { + + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodeNodeHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// NodesNodesCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// NodeNodeHasSLSA includes the requested fields of the GraphQL type HasSLSA. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodesNodesCertifyBad struct { - Typename *string `json:"__typename"` - AllCertifyBad `json:"-"` +// HasSLSA records that a subject node has a SLSA attestation. +type NodeNodeHasSLSA struct { + Typename *string `json:"__typename"` + AllSLSATree `json:"-"` } -// GetTypename returns NodesNodesCertifyBad.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetId() string { return v.AllCertifyBad.Id } - -// GetJustification returns NodesNodesCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } +// GetTypename returns NodeNodeHasSLSA.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSLSA) GetTypename() *string { return v.Typename } -// GetSubject returns NodesNodesCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject -} +// GetId returns NodeNodeHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSLSA) GetId() string { return v.AllSLSATree.Id } -// GetOrigin returns NodesNodesCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetSubject returns NodeNodeHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } -// GetCollector returns NodesNodesCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetSlsa returns NodeNodeHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -func (v *NodesNodesCertifyBad) UnmarshalJSON(b []byte) error { +func (v *NodeNodeHasSLSA) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCertifyBad + *NodeNodeHasSLSA graphql.NoUnmarshalJSON } - firstPass.NodesNodesCertifyBad = v + firstPass.NodeNodeHasSLSA = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -17949,28 +14408,24 @@ func (v *NodesNodesCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllSLSATree) if err != nil { return err } return nil } -type __premarshalNodesNodesCertifyBad struct { +type __premarshalNodeNodeHasSLSA struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` + Subject AllSLSATreeSubjectArtifact `json:"subject"` - Collector string `json:"collector"` + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` } -func (v *NodesNodesCertifyBad) MarshalJSON() ([]byte, error) { +func (v *NodeNodeHasSLSA) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -17978,79 +14433,60 @@ func (v *NodesNodesCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCertifyBad) __premarshalJSON() (*__premarshalNodesNodesCertifyBad, error) { - var retval __premarshalNodesNodesCertifyBad +func (v *NodeNodeHasSLSA) __premarshalJSON() (*__premarshalNodeNodeHasSLSA, error) { + var retval __premarshalNodeNodeHasSLSA retval.Typename = v.Typename - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification - { - - dst := &retval.Subject - src := v.AllCertifyBad.Subject - var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesCertifyBad.AllCertifyBad.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa return &retval, nil } -// NodesNodesCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// NodeNodeHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodesNodesCertifyGood struct { +// HasSourceAt records that a package's repository is a given source. +type NodeNodeHasSourceAt struct { Typename *string `json:"__typename"` - AllCertifyGood `json:"-"` + AllHasSourceAt `json:"-"` } -// GetTypename returns NodesNodesCertifyGood.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodeHasSourceAt.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetId() string { return v.AllCertifyGood.Id } +// GetId returns NodeNodeHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } -// GetJustification returns NodesNodesCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } +// GetJustification returns NodeNodeHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } -// GetSubject returns NodesNodesCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetKnownSince returns NodeNodeHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } -// GetOrigin returns NodesNodesCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } +// GetPackage returns NodeNodeHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } -// GetCollector returns NodesNodesCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } +// GetSource returns NodeNodeHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } -func (v *NodesNodesCertifyGood) UnmarshalJSON(b []byte) error { +// GetOrigin returns NodeNodeHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } + +// GetCollector returns NodeNodeHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } + +func (v *NodeNodeHasSourceAt) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCertifyGood + *NodeNodeHasSourceAt graphql.NoUnmarshalJSON } - firstPass.NodesNodesCertifyGood = v + firstPass.NodeNodeHasSourceAt = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18058,28 +14494,32 @@ func (v *NodesNodesCertifyGood) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllHasSourceAt) if err != nil { return err } return nil } -type __premarshalNodesNodesCertifyGood struct { +type __premarshalNodeNodeHasSourceAt struct { Typename *string `json:"__typename"` Id string `json:"id"` Justification string `json:"justification"` - Subject json.RawMessage `json:"subject"` + KnownSince time.Time `json:"knownSince"` + + Package AllHasSourceAtPackage `json:"package"` + + Source AllHasSourceAtSource `json:"source"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodesNodesCertifyGood) MarshalJSON() ([]byte, error) { +func (v *NodeNodeHasSourceAt) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18087,66 +14527,60 @@ func (v *NodesNodesCertifyGood) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCertifyGood) __premarshalJSON() (*__premarshalNodesNodesCertifyGood, error) { - var retval __premarshalNodesNodesCertifyGood +func (v *NodeNodeHasSourceAt) __premarshalJSON() (*__premarshalNodeNodeHasSourceAt, error) { + var retval __premarshalNodeNodeHasSourceAt retval.Typename = v.Typename - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { - - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Id = v.AllHasSourceAt.Id + retval.Justification = v.AllHasSourceAt.Justification + retval.KnownSince = v.AllHasSourceAt.KnownSince + retval.Package = v.AllHasSourceAt.Package + retval.Source = v.AllHasSourceAt.Source + retval.Origin = v.AllHasSourceAt.Origin + retval.Collector = v.AllHasSourceAt.Collector return &retval, nil } -// NodesNodesCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. +// NodeNodeHashEqual includes the requested fields of the GraphQL type HashEqual. // The GraphQL type's documentation follows. // -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type NodesNodesCertifyScorecard struct { - Typename *string `json:"__typename"` - AllCertifyScorecard `json:"-"` +// HashEqual is an attestation that a set of artifacts are identical. +type NodeNodeHashEqual struct { + Typename *string `json:"__typename"` + AllHashEqualTree `json:"-"` } -// GetTypename returns NodesNodesCertifyScorecard.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyScorecard) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodeHashEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } +// GetId returns NodeNodeHashEqual.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetId() string { return v.AllHashEqualTree.Id } -// GetSource returns NodesNodesCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source -} +// GetJustification returns NodeNodeHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } -// GetScorecard returns NodesNodesCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard +// GetArtifacts returns NodeNodeHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts } -func (v *NodesNodesCertifyScorecard) UnmarshalJSON(b []byte) error { +// GetOrigin returns NodeNodeHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } + +// GetCollector returns NodeNodeHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } + +func (v *NodeNodeHashEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCertifyScorecard + *NodeNodeHashEqual graphql.NoUnmarshalJSON } - firstPass.NodesNodesCertifyScorecard = v + firstPass.NodeNodeHashEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18154,24 +14588,28 @@ func (v *NodesNodesCertifyScorecard) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyScorecard) + b, &v.AllHashEqualTree) if err != nil { return err } return nil } -type __premarshalNodesNodesCertifyScorecard struct { +type __premarshalNodeNodeHashEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Source AllCertifyScorecardSource `json:"source"` + Justification string `json:"justification"` - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodesNodesCertifyScorecard) MarshalJSON() ([]byte, error) { +func (v *NodeNodeHashEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18179,84 +14617,71 @@ func (v *NodesNodesCertifyScorecard) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCertifyScorecard) __premarshalJSON() (*__premarshalNodesNodesCertifyScorecard, error) { - var retval __premarshalNodesNodesCertifyScorecard +func (v *NodeNodeHashEqual) __premarshalJSON() (*__premarshalNodeNodeHashEqual, error) { + var retval __premarshalNodeNodeHashEqual retval.Typename = v.Typename - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector return &retval, nil } -// NodesNodesCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. +// NodeNodeIsDependency includes the requested fields of the GraphQL type IsDependency. // The GraphQL type's documentation follows. // -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type NodesNodesCertifyVEXStatement struct { - Typename *string `json:"__typename"` - AllCertifyVEXStatement `json:"-"` -} - -// GetTypename returns NodesNodesCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } - -// GetSubject returns NodesNodesCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject +// IsDependency is an attestation to record that a package depends on another. +type NodeNodeIsDependency struct { + Typename *string `json:"__typename"` + AllIsDependencyTree `json:"-"` } -// GetVulnerability returns NodesNodesCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} +// GetTypename returns NodeNodeIsDependency.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetTypename() *string { return v.Typename } -// GetStatus returns NodesNodesCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } +// GetId returns NodeNodeIsDependency.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetId() string { return v.AllIsDependencyTree.Id } -// GetVexJustification returns NodesNodesCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} +// GetJustification returns NodeNodeIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetJustification() string { return v.AllIsDependencyTree.Justification } -// GetStatement returns NodesNodesCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement +// GetPackage returns NodeNodeIsDependency.Package, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package } -// GetStatusNotes returns NodesNodesCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes +// GetDependentPackage returns NodeNodeIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage } -// GetKnownSince returns NodesNodesCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +// GetDependencyType returns NodeNodeIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType } -// GetOrigin returns NodesNodesCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } +// GetVersionRange returns NodeNodeIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } -// GetCollector returns NodesNodesCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector -} +// GetOrigin returns NodeNodeIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } -func (v *NodesNodesCertifyVEXStatement) UnmarshalJSON(b []byte) error { +// GetCollector returns NodeNodeIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } + +func (v *NodeNodeIsDependency) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCertifyVEXStatement + *NodeNodeIsDependency graphql.NoUnmarshalJSON } - firstPass.NodesNodesCertifyVEXStatement = v + firstPass.NodeNodeIsDependency = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18264,38 +14689,34 @@ func (v *NodesNodesCertifyVEXStatement) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllIsDependencyTree) if err != nil { return err } return nil } -type __premarshalNodesNodesCertifyVEXStatement struct { +type __premarshalNodeNodeIsDependency struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` + Justification string `json:"justification"` - VexJustification VexJustification `json:"vexJustification"` + Package AllIsDependencyTreePackage `json:"package"` - Statement string `json:"statement"` + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - StatusNotes string `json:"statusNotes"` + DependencyType DependencyType `json:"dependencyType"` - KnownSince time.Time `json:"knownSince"` + VersionRange string `json:"versionRange"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodesNodesCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *NodeNodeIsDependency) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18303,87 +14724,68 @@ func (v *NodesNodesCertifyVEXStatement) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCertifyVEXStatement) __premarshalJSON() (*__premarshalNodesNodesCertifyVEXStatement, error) { - var retval __premarshalNodesNodesCertifyVEXStatement +func (v *NodeNodeIsDependency) __premarshalJSON() (*__premarshalNodeNodeIsDependency, error) { + var retval __premarshalNodeNodeIsDependency retval.Typename = v.Typename - retval.Id = v.AllCertifyVEXStatement.Id - { - - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil } -// NodesNodesCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. +// NodeNodeIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // -// CertifyVuln is an attestation to attach vulnerability information to a package. +// IsOccurrence is an attestation to link an artifact to a package or source. // -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type NodesNodesCertifyVuln struct { - Typename *string `json:"__typename"` - AllCertifyVuln `json:"-"` +// Attestation must occur at the PackageVersion or at the SourceName. +type NodeNodeIsOccurrence struct { + Typename *string `json:"__typename"` + AllIsOccurrencesTree `json:"-"` } -// GetTypename returns NodesNodesCertifyVuln.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVuln) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } +// GetTypename returns NodeNodeIsOccurrence.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetTypename() *string { return v.Typename } -// GetPackage returns NodesNodesCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } +// GetId returns NodeNodeIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } -// GetVulnerability returns NodesNodesCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability +// GetSubject returns NodeNodeIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject } -// GetMetadata returns NodesNodesCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *NodesNodesCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata +// GetArtifact returns NodeNodeIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact } -func (v *NodesNodesCertifyVuln) UnmarshalJSON(b []byte) error { +// GetJustification returns NodeNodeIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetJustification() string { return v.AllIsOccurrencesTree.Justification } + +// GetOrigin returns NodeNodeIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } + +// GetCollector returns NodeNodeIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } + +func (v *NodeNodeIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesCertifyVuln + *NodeNodeIsOccurrence graphql.NoUnmarshalJSON } - firstPass.NodesNodesCertifyVuln = v + firstPass.NodeNodeIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18391,26 +14793,30 @@ func (v *NodesNodesCertifyVuln) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyVuln) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalNodesNodesCertifyVuln struct { +type __premarshalNodeNodeIsOccurrence struct { Typename *string `json:"__typename"` Id string `json:"id"` - Package AllCertifyVulnPackage `json:"package"` + Subject json.RawMessage `json:"subject"` + + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` - Vulnerability json.RawMessage `json:"vulnerability"` + Origin string `json:"origin"` - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` + Collector string `json:"collector"` } -func (v *NodesNodesCertifyVuln) MarshalJSON() ([]byte, error) { +func (v *NodeNodeIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18418,61 +14824,77 @@ func (v *NodesNodesCertifyVuln) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesCertifyVuln) __premarshalJSON() (*__premarshalNodesNodesCertifyVuln, error) { - var retval __premarshalNodesNodesCertifyVuln +func (v *NodeNodeIsOccurrence) __premarshalJSON() (*__premarshalNodeNodeIsOccurrence, error) { + var retval __premarshalNodeNodeIsOccurrence retval.Typename = v.Typename - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package + retval.Id = v.AllIsOccurrencesTree.Id { - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject var err error - *dst, err = __marshalAllCertifyVulnVulnerability( + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal NodesNodesCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) + "unable to marshal NodeNodeIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) } } - retval.Metadata = v.AllCertifyVuln.Metadata + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// NodesNodesGHSA includes the requested fields of the GraphQL type GHSA. +// NodeNodePackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// Package represents the root of the package trie/tree. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// This node can be referred to by other parts of GUAC. -type NodesNodesGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type NodeNodePackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetTypename returns NodesNodesGHSA.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesGHSA) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodePackage.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodePackage) GetTypename() *string { return v.Typename } + +// GetId returns NodeNodePackage.Id, and is useful for accessing the field via an interface. +func (v *NodeNodePackage) GetId() string { return v.AllPkgTree.Id } -// GetId returns NodesNodesGHSA.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesGHSA) GetId() string { return v.AllGHSATree.Id } +// GetType returns NodeNodePackage.Type, and is useful for accessing the field via an interface. +func (v *NodeNodePackage) GetType() string { return v.AllPkgTree.Type } -// GetGhsaId returns NodesNodesGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *NodesNodesGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } +// GetNamespaces returns NodeNodePackage.Namespaces, and is useful for accessing the field via an interface. +func (v *NodeNodePackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} -func (v *NodesNodesGHSA) UnmarshalJSON(b []byte) error { +func (v *NodeNodePackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesGHSA + *NodeNodePackage graphql.NoUnmarshalJSON } - firstPass.NodesNodesGHSA = v + firstPass.NodeNodePackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18480,22 +14902,24 @@ func (v *NodesNodesGHSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllGHSATree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalNodesNodesGHSA struct { +type __premarshalNodeNodePackage struct { Typename *string `json:"__typename"` Id string `json:"id"` - GhsaId string `json:"ghsaId"` + Type string `json:"type"` + + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *NodesNodesGHSA) MarshalJSON() ([]byte, error) { +func (v *NodeNodePackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18503,85 +14927,54 @@ func (v *NodesNodesGHSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesGHSA) __premarshalJSON() (*__premarshalNodesNodesGHSA, error) { - var retval __premarshalNodesNodesGHSA - - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil -} - -// NodesNodesHasMetadata includes the requested fields of the GraphQL type HasMetadata. -// The GraphQL type's documentation follows. -// -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". -// -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. -// -// Justification indicates how the metadata was determined. -// -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type NodesNodesHasMetadata struct { - Typename *string `json:"__typename"` -} - -// GetTypename returns NodesNodesHasMetadata.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesHasMetadata) GetTypename() *string { return v.Typename } - -// NodesNodesHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type NodesNodesHasSBOM struct { - Typename *string `json:"__typename"` - AllHasSBOMTree `json:"-"` -} - -// GetTypename returns NodesNodesHasSBOM.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetTypename() *string { return v.Typename } +func (v *NodeNodePackage) __premarshalJSON() (*__premarshalNodeNodePackage, error) { + var retval __premarshalNodeNodePackage -// GetId returns NodesNodesHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + retval.Typename = v.Typename + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces + return &retval, nil +} -// GetSubject returns NodesNodesHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// NodeNodePkgEqual includes the requested fields of the GraphQL type PkgEqual. +// The GraphQL type's documentation follows. +// +// PkgEqual is an attestation that a set of packages are similar. +type NodeNodePkgEqual struct { + Typename *string `json:"__typename"` + AllPkgEqual `json:"-"` } -// GetUri returns NodesNodesHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } +// GetTypename returns NodeNodePkgEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetTypename() *string { return v.Typename } -// GetAlgorithm returns NodesNodesHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } +// GetId returns NodeNodePkgEqual.Id, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetId() string { return v.AllPkgEqual.Id } -// GetDigest returns NodesNodesHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } +// GetJustification returns NodeNodePkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } -// GetDownloadLocation returns NodesNodesHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } +// GetPackages returns NodeNodePkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.AllPkgEqual.Packages } -// GetOrigin returns NodesNodesHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } +// GetOrigin returns NodeNodePkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } -// GetCollector returns NodesNodesHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } +// GetCollector returns NodeNodePkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodePkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } -func (v *NodesNodesHasSBOM) UnmarshalJSON(b []byte) error { +func (v *NodeNodePkgEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesHasSBOM + *NodeNodePkgEqual graphql.NoUnmarshalJSON } - firstPass.NodesNodesHasSBOM = v + firstPass.NodeNodePkgEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18589,34 +14982,28 @@ func (v *NodesNodesHasSBOM) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSBOMTree) + b, &v.AllPkgEqual) if err != nil { return err } return nil } -type __premarshalNodesNodesHasSBOM struct { +type __premarshalNodeNodePkgEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` - - Digest string `json:"digest"` + Justification string `json:"justification"` - DownloadLocation string `json:"downloadLocation"` + Packages []AllPkgEqualPackagesPackage `json:"packages"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodesNodesHasSBOM) MarshalJSON() ([]byte, error) { +func (v *NodeNodePkgEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18624,64 +15011,87 @@ func (v *NodesNodesHasSBOM) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesHasSBOM) __premarshalJSON() (*__premarshalNodesNodesHasSBOM, error) { - var retval __premarshalNodesNodesHasSBOM +func (v *NodeNodePkgEqual) __premarshalJSON() (*__premarshalNodeNodePkgEqual, error) { + var retval __premarshalNodeNodePkgEqual retval.Typename = v.Typename - retval.Id = v.AllHasSBOMTree.Id - { - - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector + retval.Id = v.AllPkgEqual.Id + retval.Justification = v.AllPkgEqual.Justification + retval.Packages = v.AllPkgEqual.Packages + retval.Origin = v.AllPkgEqual.Origin + retval.Collector = v.AllPkgEqual.Collector return &retval, nil } -// NodesNodesHasSLSA includes the requested fields of the GraphQL type HasSLSA. +// NodeNodePointOfContact includes the requested fields of the GraphQL type PointOfContact. // The GraphQL type's documentation follows. // -// HasSLSA records that a subject node has a SLSA attestation. -type NodesNodesHasSLSA struct { - Typename *string `json:"__typename"` - AllSLSATree `json:"-"` +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type NodeNodePointOfContact struct { + Typename *string `json:"__typename"` + AllPointOfContact `json:"-"` } -// GetTypename returns NodesNodesHasSLSA.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSLSA) GetTypename() *string { return v.Typename } +// GetTypename returns NodeNodePointOfContact.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSLSA) GetId() string { return v.AllSLSATree.Id } +// GetId returns NodeNodePointOfContact.Id, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetId() string { return v.AllPointOfContact.Id } -// GetSubject returns NodesNodesHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } +// GetSubject returns NodeNodePointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject +} -// GetSlsa returns NodesNodesHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } +// GetEmail returns NodeNodePointOfContact.Email, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetEmail() string { return v.AllPointOfContact.Email } -func (v *NodesNodesHasSLSA) UnmarshalJSON(b []byte) error { +// GetInfo returns NodeNodePointOfContact.Info, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetInfo() string { return v.AllPointOfContact.Info } + +// GetSince returns NodeNodePointOfContact.Since, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } + +// GetJustification returns NodeNodePointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetJustification() string { return v.AllPointOfContact.Justification } + +// GetOrigin returns NodeNodePointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } + +// GetCollector returns NodeNodePointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodePointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } + +func (v *NodeNodePointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesHasSLSA + *NodeNodePointOfContact graphql.NoUnmarshalJSON } - firstPass.NodesNodesHasSLSA = v + firstPass.NodeNodePointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18689,24 +15099,34 @@ func (v *NodesNodesHasSLSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSLSATree) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalNodesNodesHasSLSA struct { +type __premarshalNodeNodePointOfContact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject AllSLSATreeSubjectArtifact `json:"subject"` + Subject json.RawMessage `json:"subject"` - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` + Email string `json:"email"` + + Info string `json:"info"` + + Since time.Time `json:"since"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodesNodesHasSLSA) MarshalJSON() ([]byte, error) { +func (v *NodeNodePointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18714,60 +15134,76 @@ func (v *NodesNodesHasSLSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesHasSLSA) __premarshalJSON() (*__premarshalNodesNodesHasSLSA, error) { - var retval __premarshalNodesNodesHasSLSA +func (v *NodeNodePointOfContact) __premarshalJSON() (*__premarshalNodeNodePointOfContact, error) { + var retval __premarshalNodeNodePointOfContact retval.Typename = v.Typename - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa + retval.Id = v.AllPointOfContact.Id + { + + dst := &retval.Subject + src := v.AllPointOfContact.Subject + var err error + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodeNodePointOfContact.AllPointOfContact.Subject: %w", err) + } + } + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// NodesNodesHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. +// NodeNodeSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// HasSourceAt records that a package's repository is a given source. -type NodesNodesHasSourceAt struct { - Typename *string `json:"__typename"` - AllHasSourceAt `json:"-"` +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type NodeNodeSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetTypename returns NodesNodesHasSourceAt.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } - -// GetJustification returns NodesNodesHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } - -// GetKnownSince returns NodesNodesHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } - -// GetPackage returns NodesNodesHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } +// GetTypename returns NodeNodeSource.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeSource) GetTypename() *string { return v.Typename } -// GetSource returns NodesNodesHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } +// GetId returns NodeNodeSource.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeSource) GetId() string { return v.AllSourceTree.Id } -// GetOrigin returns NodesNodesHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } +// GetType returns NodeNodeSource.Type, and is useful for accessing the field via an interface. +func (v *NodeNodeSource) GetType() string { return v.AllSourceTree.Type } -// GetCollector returns NodesNodesHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } +// GetNamespaces returns NodeNodeSource.Namespaces, and is useful for accessing the field via an interface. +func (v *NodeNodeSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} -func (v *NodesNodesHasSourceAt) UnmarshalJSON(b []byte) error { +func (v *NodeNodeSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesHasSourceAt + *NodeNodeSource graphql.NoUnmarshalJSON } - firstPass.NodesNodesHasSourceAt = v + firstPass.NodeNodeSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18775,32 +15211,24 @@ func (v *NodesNodesHasSourceAt) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSourceAt) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalNodesNodesHasSourceAt struct { +type __premarshalNodeNodeSource struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - KnownSince time.Time `json:"knownSince"` - - Package AllHasSourceAtPackage `json:"package"` - - Source AllHasSourceAtSource `json:"source"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *NodesNodesHasSourceAt) MarshalJSON() ([]byte, error) { +func (v *NodeNodeSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18808,60 +15236,58 @@ func (v *NodesNodesHasSourceAt) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesHasSourceAt) __premarshalJSON() (*__premarshalNodesNodesHasSourceAt, error) { - var retval __premarshalNodesNodesHasSourceAt +func (v *NodeNodeSource) __premarshalJSON() (*__premarshalNodeNodeSource, error) { + var retval __premarshalNodeNodeSource retval.Typename = v.Typename - retval.Id = v.AllHasSourceAt.Id - retval.Justification = v.AllHasSourceAt.Justification - retval.KnownSince = v.AllHasSourceAt.KnownSince - retval.Package = v.AllHasSourceAt.Package - retval.Source = v.AllHasSourceAt.Source - retval.Origin = v.AllHasSourceAt.Origin - retval.Collector = v.AllHasSourceAt.Collector + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// NodesNodesHashEqual includes the requested fields of the GraphQL type HashEqual. +// NodeNodeVulnEqual includes the requested fields of the GraphQL type VulnEqual. // The GraphQL type's documentation follows. // -// HashEqual is an attestation that a set of artifacts are identical. -type NodesNodesHashEqual struct { - Typename *string `json:"__typename"` - AllHashEqualTree `json:"-"` +// VulnEqual is an attestation to link two vulnerabilities together as being equal" +// +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type NodeNodeVulnEqual struct { + Typename *string `json:"__typename"` + AllVulnEqual `json:"-"` } -// GetTypename returns NodesNodesHashEqual.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesHashEqual.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetId() string { return v.AllHashEqualTree.Id } +// GetTypename returns NodeNodeVulnEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetTypename() *string { return v.Typename } -// GetJustification returns NodesNodesHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } +// GetId returns NodeNodeVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetId() string { return v.AllVulnEqual.Id } -// GetArtifacts returns NodesNodesHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts +// GetVulnerabilities returns NodeNodeVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.AllVulnEqual.Vulnerabilities } -// GetOrigin returns NodesNodesHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } +// GetJustification returns NodeNodeVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetJustification() string { return v.AllVulnEqual.Justification } -// GetCollector returns NodesNodesHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } +// GetOrigin returns NodeNodeVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetOrigin() string { return v.AllVulnEqual.Origin } -func (v *NodesNodesHashEqual) UnmarshalJSON(b []byte) error { +// GetCollector returns NodeNodeVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnEqual) GetCollector() string { return v.AllVulnEqual.Collector } + +func (v *NodeNodeVulnEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesHashEqual + *NodeNodeVulnEqual graphql.NoUnmarshalJSON } - firstPass.NodesNodesHashEqual = v + firstPass.NodeNodeVulnEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18869,28 +15295,28 @@ func (v *NodesNodesHashEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHashEqualTree) + b, &v.AllVulnEqual) if err != nil { return err } return nil } -type __premarshalNodesNodesHashEqual struct { +type __premarshalNodeNodeVulnEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodesNodesHashEqual) MarshalJSON() ([]byte, error) { +func (v *NodeNodeVulnEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -18898,73 +15324,76 @@ func (v *NodesNodesHashEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesHashEqual) __premarshalJSON() (*__premarshalNodesNodesHashEqual, error) { - var retval __premarshalNodesNodesHashEqual +func (v *NodeNodeVulnEqual) __premarshalJSON() (*__premarshalNodeNodeVulnEqual, error) { + var retval __premarshalNodeNodeVulnEqual retval.Typename = v.Typename - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector + retval.Id = v.AllVulnEqual.Id + retval.Vulnerabilities = v.AllVulnEqual.Vulnerabilities + retval.Justification = v.AllVulnEqual.Justification + retval.Origin = v.AllVulnEqual.Origin + retval.Collector = v.AllVulnEqual.Collector return &retval, nil } -// NodesNodesIsDependency includes the requested fields of the GraphQL type IsDependency. +// NodeNodeVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type NodesNodesIsDependency struct { - Typename *string `json:"__typename"` - AllIsDependencyTree `json:"-"` +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type NodeNodeVulnerability struct { + Typename *string `json:"__typename"` + AllVulnerabilityTree `json:"-"` } -// GetTypename returns NodesNodesIsDependency.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesIsDependency.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetId() string { return v.AllIsDependencyTree.Id } - -// GetJustification returns NodesNodesIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetJustification() string { - return v.AllIsDependencyTree.Justification -} +// GetTypename returns NodeNodeVulnerability.Typename, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnerability) GetTypename() *string { return v.Typename } -// GetPackage returns NodesNodesIsDependency.Package, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package -} +// GetId returns NodeNodeVulnerability.Id, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetDependentPackage returns NodesNodesIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage -} +// GetType returns NodeNodeVulnerability.Type, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetDependencyType returns NodesNodesIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType +// GetVulnerabilityIDs returns NodeNodeVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *NodeNodeVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetVersionRange returns NodesNodesIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } - -// GetOrigin returns NodesNodesIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } - -// GetCollector returns NodesNodesIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } - -func (v *NodesNodesIsDependency) UnmarshalJSON(b []byte) error { +func (v *NodeNodeVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesIsDependency + *NodeNodeVulnerability graphql.NoUnmarshalJSON } - firstPass.NodesNodesIsDependency = v + firstPass.NodeNodeVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -18972,34 +15401,24 @@ func (v *NodesNodesIsDependency) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsDependencyTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalNodesNodesIsDependency struct { +type __premarshalNodeNodeVulnerability struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - - DependencyType DependencyType `json:"dependencyType"` - - VersionRange string `json:"versionRange"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *NodesNodesIsDependency) MarshalJSON() ([]byte, error) { +func (v *NodeNodeVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19007,101 +15426,65 @@ func (v *NodesNodesIsDependency) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesIsDependency) __premarshalJSON() (*__premarshalNodesNodesIsDependency, error) { - var retval __premarshalNodesNodesIsDependency +func (v *NodeNodeVulnerability) __premarshalJSON() (*__premarshalNodeNodeVulnerability, error) { + var retval __premarshalNodeNodeVulnerability retval.Typename = v.Typename - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs return &retval, nil } -// NodesNodesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. -// The GraphQL type's documentation follows. -// -// IsOccurrence is an attestation to link an artifact to a package or source. -// -// Attestation must occur at the PackageVersion or at the SourceName. -type NodesNodesIsOccurrence struct { - Typename *string `json:"__typename"` - AllIsOccurrencesTree `json:"-"` -} - -// GetTypename returns NodesNodesIsOccurrence.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } - -// GetSubject returns NodesNodesIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} - -// GetArtifact returns NodesNodesIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact -} - -// GetJustification returns NodesNodesIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetJustification() string { - return v.AllIsOccurrencesTree.Justification +// NodeResponse is returned by Node on success. +type NodeResponse struct { + // node returns a single node, regardless of type. + // + // The input is only specified by its ID. + Node NodeNode `json:"-"` } -// GetOrigin returns NodesNodesIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } - -// GetCollector returns NodesNodesIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } +// GetNode returns NodeResponse.Node, and is useful for accessing the field via an interface. +func (v *NodeResponse) GetNode() NodeNode { return v.Node } -func (v *NodesNodesIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *NodeResponse) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesIsOccurrence + *NodeResponse + Node json.RawMessage `json:"node"` graphql.NoUnmarshalJSON } - firstPass.NodesNodesIsOccurrence = v + firstPass.NodeResponse = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) - if err != nil { - return err + { + dst := &v.Node + src := firstPass.Node + if len(src) != 0 && string(src) != "null" { + err = __unmarshalNodeNode( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal NodeResponse.Node: %w", err) + } + } } return nil } -type __premarshalNodesNodesIsOccurrence struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` +type __premarshalNodeResponse struct { + Node json.RawMessage `json:"node"` } -func (v *NodesNodesIsOccurrence) MarshalJSON() ([]byte, error) { +func (v *NodeResponse) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19109,77 +15492,62 @@ func (v *NodesNodesIsOccurrence) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesIsOccurrence) __premarshalJSON() (*__premarshalNodesNodesIsOccurrence, error) { - var retval __premarshalNodesNodesIsOccurrence +func (v *NodeResponse) __premarshalJSON() (*__premarshalNodeResponse, error) { + var retval __premarshalNodeResponse - retval.Typename = v.Typename - retval.Id = v.AllIsOccurrencesTree.Id { - dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject + dst := &retval.Node + src := v.Node var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + *dst, err = __marshalNodeNode( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal NodesNodesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + "unable to marshal NodeResponse.Node: %w", err) } } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// NodesNodesIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. +// NodesNodesArtifact includes the requested fields of the GraphQL type Artifact. // The GraphQL type's documentation follows. // -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type NodesNodesIsVulnerability struct { - Typename *string `json:"__typename"` - AllIsVulnerability `json:"-"` -} - -// GetTypename returns NodesNodesIsVulnerability.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns NodesNodesIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { - return v.AllIsVulnerability.Osv +// Artifact represents an artifact identified by a checksum hash. +// +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. +// +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type NodesNodesArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` } -// GetVulnerability returns NodesNodesIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} +// GetTypename returns NodesNodesArtifact.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesArtifact) GetTypename() *string { return v.Typename } -// GetJustification returns NodesNodesIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification -} +// GetId returns NodesNodesArtifact.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetOrigin returns NodesNodesIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetOrigin() string { return v.AllIsVulnerability.Origin } +// GetAlgorithm returns NodesNodesArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *NodesNodesArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetCollector returns NodesNodesIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesIsVulnerability) GetCollector() string { return v.AllIsVulnerability.Collector } +// GetDigest returns NodesNodesArtifact.Digest, and is useful for accessing the field via an interface. +func (v *NodesNodesArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *NodesNodesIsVulnerability) UnmarshalJSON(b []byte) error { +func (v *NodesNodesArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesIsVulnerability + *NodesNodesArtifact graphql.NoUnmarshalJSON } - firstPass.NodesNodesIsVulnerability = v + firstPass.NodesNodesArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -19187,30 +15555,24 @@ func (v *NodesNodesIsVulnerability) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsVulnerability) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalNodesNodesIsVulnerability struct { +type __premarshalNodesNodesArtifact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` + Algorithm string `json:"algorithm"` - Collector string `json:"collector"` + Digest string `json:"digest"` } -func (v *NodesNodesIsVulnerability) MarshalJSON() ([]byte, error) { +func (v *NodesNodesArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19218,519 +15580,136 @@ func (v *NodesNodesIsVulnerability) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesIsVulnerability) __premarshalJSON() (*__premarshalNodesNodesIsVulnerability, error) { - var retval __premarshalNodesNodesIsVulnerability +func (v *NodesNodesArtifact) __premarshalJSON() (*__premarshalNodesNodesArtifact, error) { + var retval __premarshalNodesNodesArtifact retval.Typename = v.Typename - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { - - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesNodesIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// NodesNodesNoVuln includes the requested fields of the GraphQL type NoVuln. -// The GraphQL type's documentation follows. -// -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type NodesNodesNoVuln struct { - Typename *string `json:"__typename"` - Id string `json:"id"` -} - -// GetTypename returns NodesNodesNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesNoVuln) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesNoVuln.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesNoVuln) GetId() string { return v.Id } - -// NodesNodesNode includes the requested fields of the GraphQL interface Node. -// -// NodesNodesNode is implemented by the following types: -// NodesNodesArtifact -// NodesNodesBuilder -// NodesNodesCVE -// NodesNodesCertifyBad -// NodesNodesCertifyGood -// NodesNodesCertifyScorecard -// NodesNodesCertifyVEXStatement -// NodesNodesCertifyVuln -// NodesNodesGHSA -// NodesNodesHasMetadata -// NodesNodesHasSBOM -// NodesNodesHasSLSA -// NodesNodesHasSourceAt -// NodesNodesHashEqual -// NodesNodesIsDependency -// NodesNodesIsOccurrence -// NodesNodesIsVulnerability -// NodesNodesNoVuln -// NodesNodesOSV -// NodesNodesPackage -// NodesNodesPkgEqual -// NodesNodesPointOfContact -// NodesNodesSource +// NodesNodesBuilder includes the requested fields of the GraphQL type Builder. // The GraphQL type's documentation follows. // -// Node is a union type of all the possible nodes. +// Builder represents the builder (e.g., FRSCA or GitHub Actions). // -// It encapsulates the software tree nodes along with the evidence nodes. In a -// path query, all connecting evidence nodes along with their intermediate subject -// nodes need to be returned in order to create a complete graph. -type NodesNodesNode interface { - implementsGraphQLInterfaceNodesNodesNode() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string -} - -func (v *NodesNodesArtifact) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesBuilder) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCVE) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCertifyBad) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCertifyGood) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCertifyScorecard) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCertifyVEXStatement) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesCertifyVuln) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesGHSA) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesHasMetadata) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesHasSBOM) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesHasSLSA) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesHasSourceAt) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesHashEqual) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesIsDependency) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesIsOccurrence) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesIsVulnerability) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesNoVuln) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesOSV) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesPackage) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesPkgEqual) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesPointOfContact) implementsGraphQLInterfaceNodesNodesNode() {} -func (v *NodesNodesSource) implementsGraphQLInterfaceNodesNodesNode() {} - -func __unmarshalNodesNodesNode(b []byte, v *NodesNodesNode) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(NodesNodesArtifact) - return json.Unmarshal(b, *v) - case "Builder": - *v = new(NodesNodesBuilder) - return json.Unmarshal(b, *v) - case "CVE": - *v = new(NodesNodesCVE) - return json.Unmarshal(b, *v) - case "CertifyBad": - *v = new(NodesNodesCertifyBad) - return json.Unmarshal(b, *v) - case "CertifyGood": - *v = new(NodesNodesCertifyGood) - return json.Unmarshal(b, *v) - case "CertifyScorecard": - *v = new(NodesNodesCertifyScorecard) - return json.Unmarshal(b, *v) - case "CertifyVEXStatement": - *v = new(NodesNodesCertifyVEXStatement) - return json.Unmarshal(b, *v) - case "CertifyVuln": - *v = new(NodesNodesCertifyVuln) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(NodesNodesGHSA) - return json.Unmarshal(b, *v) - case "HasMetadata": - *v = new(NodesNodesHasMetadata) - return json.Unmarshal(b, *v) - case "HasSBOM": - *v = new(NodesNodesHasSBOM) - return json.Unmarshal(b, *v) - case "HasSLSA": - *v = new(NodesNodesHasSLSA) - return json.Unmarshal(b, *v) - case "HasSourceAt": - *v = new(NodesNodesHasSourceAt) - return json.Unmarshal(b, *v) - case "HashEqual": - *v = new(NodesNodesHashEqual) - return json.Unmarshal(b, *v) - case "IsDependency": - *v = new(NodesNodesIsDependency) - return json.Unmarshal(b, *v) - case "IsOccurrence": - *v = new(NodesNodesIsOccurrence) - return json.Unmarshal(b, *v) - case "IsVulnerability": - *v = new(NodesNodesIsVulnerability) - return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(NodesNodesNoVuln) - return json.Unmarshal(b, *v) - case "OSV": - *v = new(NodesNodesOSV) - return json.Unmarshal(b, *v) - case "Package": - *v = new(NodesNodesPackage) - return json.Unmarshal(b, *v) - case "PkgEqual": - *v = new(NodesNodesPkgEqual) - return json.Unmarshal(b, *v) - case "PointOfContact": - *v = new(NodesNodesPointOfContact) - return json.Unmarshal(b, *v) - case "Source": - *v = new(NodesNodesSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing Node.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for NodesNodesNode: "%v"`, tn.TypeName) - } -} - -func __marshalNodesNodesNode(v *NodesNodesNode) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *NodesNodesArtifact: - typename = "Artifact" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesBuilder: - typename = "Builder" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesBuilder - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCVE: - typename = "CVE" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCVE - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCertifyBad: - typename = "CertifyBad" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCertifyBad - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCertifyGood: - typename = "CertifyGood" - - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCertifyGood - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCertifyScorecard: - typename = "CertifyScorecard" +// Currently builders are identified by the uri field. +type NodesNodesBuilder struct { + Typename *string `json:"__typename"` + AllBuilderTree `json:"-"` +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCertifyScorecard - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCertifyVEXStatement: - typename = "CertifyVEXStatement" +// GetTypename returns NodesNodesBuilder.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesBuilder) GetTypename() *string { return v.Typename } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCertifyVEXStatement - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesCertifyVuln: - typename = "CertifyVuln" +// GetId returns NodesNodesBuilder.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesBuilder) GetId() string { return v.AllBuilderTree.Id } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesCertifyVuln - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesGHSA: - typename = "GHSA" +// GetUri returns NodesNodesBuilder.Uri, and is useful for accessing the field via an interface. +func (v *NodesNodesBuilder) GetUri() string { return v.AllBuilderTree.Uri } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesGHSA - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesHasMetadata: - typename = "HasMetadata" +func (v *NodesNodesBuilder) UnmarshalJSON(b []byte) error { - result := struct { - TypeName string `json:"__typename"` - *NodesNodesHasMetadata - }{typename, v} - return json.Marshal(result) - case *NodesNodesHasSBOM: - typename = "HasSBOM" + if string(b) == "null" { + return nil + } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesHasSBOM - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesHasSLSA: - typename = "HasSLSA" + var firstPass struct { + *NodesNodesBuilder + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesBuilder = v - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesHasSLSA - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesHasSourceAt: - typename = "HasSourceAt" + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesHasSourceAt - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesHashEqual: - typename = "HashEqual" + err = json.Unmarshal( + b, &v.AllBuilderTree) + if err != nil { + return err + } + return nil +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesHashEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesIsDependency: - typename = "IsDependency" +type __premarshalNodesNodesBuilder struct { + Typename *string `json:"__typename"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesIsDependency - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesIsOccurrence: - typename = "IsOccurrence" + Id string `json:"id"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesIsOccurrence - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesIsVulnerability: - typename = "IsVulnerability" + Uri string `json:"uri"` +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesIsVulnerability - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesNoVuln: - typename = "NoVuln" +func (v *NodesNodesBuilder) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} - result := struct { - TypeName string `json:"__typename"` - *NodesNodesNoVuln - }{typename, v} - return json.Marshal(result) - case *NodesNodesOSV: - typename = "OSV" +func (v *NodesNodesBuilder) __premarshalJSON() (*__premarshalNodesNodesBuilder, error) { + var retval __premarshalNodesNodesBuilder - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesOSV - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesPackage: - typename = "Package" + retval.Typename = v.Typename + retval.Id = v.AllBuilderTree.Id + retval.Uri = v.AllBuilderTree.Uri + return &retval, nil +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesPackage - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesPkgEqual: - typename = "PkgEqual" +// NodesNodesCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// The GraphQL type's documentation follows. +// +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NodesNodesCertifyBad struct { + Typename *string `json:"__typename"` + AllCertifyBad `json:"-"` +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesPkgEqual - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesPointOfContact: - typename = "PointOfContact" +// GetTypename returns NodesNodesCertifyBad.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetTypename() *string { return v.Typename } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesPointOfContact - }{typename, premarshaled} - return json.Marshal(result) - case *NodesNodesSource: - typename = "Source" +// GetId returns NodesNodesCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetId() string { return v.AllCertifyBad.Id } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalNodesNodesSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for NodesNodesNode: "%T"`, v) - } -} +// GetJustification returns NodesNodesCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } -// NodesNodesOSV includes the requested fields of the GraphQL type OSV. -// The GraphQL type's documentation follows. -// -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). -// -// This node can be referred to by other parts of GUAC. -type NodesNodesOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` +// GetSubject returns NodesNodesCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -// GetTypename returns NodesNodesOSV.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesOSV) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesOSV.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesOSV) GetId() string { return v.AllOSVTree.Id } +// GetOrigin returns NodesNodesCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } -// GetOsvId returns NodesNodesOSV.OsvId, and is useful for accessing the field via an interface. -func (v *NodesNodesOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetCollector returns NodesNodesCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } -func (v *NodesNodesOSV) UnmarshalJSON(b []byte) error { +func (v *NodesNodesCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesOSV + *NodesNodesCertifyBad graphql.NoUnmarshalJSON } - firstPass.NodesNodesOSV = v + firstPass.NodesNodesCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -19738,22 +15717,28 @@ func (v *NodesNodesOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalNodesNodesOSV struct { +type __premarshalNodesNodesCertifyBad struct { Typename *string `json:"__typename"` Id string `json:"id"` - OsvId string `json:"osvId"` + Justification string `json:"justification"` + + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodesNodesOSV) MarshalJSON() ([]byte, error) { +func (v *NodesNodesCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19761,62 +15746,79 @@ func (v *NodesNodesOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesOSV) __premarshalJSON() (*__premarshalNodesNodesOSV, error) { - var retval __premarshalNodesNodesOSV +func (v *NodesNodesCertifyBad) __premarshalJSON() (*__premarshalNodesNodesCertifyBad, error) { + var retval __premarshalNodesNodesCertifyBad retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodesNodesCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// NodesNodesPackage includes the requested fields of the GraphQL type Package. +// NodesNodesCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type NodesNodesPackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NodesNodesCertifyGood struct { + Typename *string `json:"__typename"` + AllCertifyGood `json:"-"` } -// GetTypename returns NodesNodesPackage.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesPackage) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesCertifyGood.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesPackage.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesPackage) GetId() string { return v.AllPkgTree.Id } +// GetId returns NodesNodesCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetType returns NodesNodesPackage.Type, and is useful for accessing the field via an interface. -func (v *NodesNodesPackage) GetType() string { return v.AllPkgTree.Type } +// GetJustification returns NodesNodesCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } -// GetNamespaces returns NodesNodesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *NodesNodesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetSubject returns NodesNodesCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -func (v *NodesNodesPackage) UnmarshalJSON(b []byte) error { +// GetOrigin returns NodesNodesCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } + +// GetCollector returns NodesNodesCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } + +func (v *NodesNodesCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesPackage + *NodesNodesCertifyGood graphql.NoUnmarshalJSON } - firstPass.NodesNodesPackage = v + firstPass.NodesNodesCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -19824,24 +15826,28 @@ func (v *NodesNodesPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalNodesNodesPackage struct { +type __premarshalNodesNodesCertifyGood struct { Typename *string `json:"__typename"` Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Subject json.RawMessage `json:"subject"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *NodesNodesPackage) MarshalJSON() ([]byte, error) { +func (v *NodesNodesCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19849,56 +15855,66 @@ func (v *NodesNodesPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesPackage) __premarshalJSON() (*__premarshalNodesNodesPackage, error) { - var retval __premarshalNodesNodesPackage +func (v *NodesNodesCertifyGood) __premarshalJSON() (*__premarshalNodesNodesCertifyGood, error) { + var retval __premarshalNodesNodesCertifyGood retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification + { + + dst := &retval.Subject + src := v.AllCertifyGood.Subject + var err error + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodesNodesCertifyGood.AllCertifyGood.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// NodesNodesPkgEqual includes the requested fields of the GraphQL type PkgEqual. +// NodesNodesCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. // The GraphQL type's documentation follows. // -// PkgEqual is an attestation that a set of packages are similar. -type NodesNodesPkgEqual struct { - Typename *string `json:"__typename"` - AllPkgEqual `json:"-"` +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type NodesNodesCertifyScorecard struct { + Typename *string `json:"__typename"` + AllCertifyScorecard `json:"-"` } -// GetTypename returns NodesNodesPkgEqual.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesPkgEqual.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetId() string { return v.AllPkgEqual.Id } +// GetTypename returns NodesNodesCertifyScorecard.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyScorecard) GetTypename() *string { return v.Typename } -// GetJustification returns NodesNodesPkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } +// GetId returns NodesNodesCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } -// GetPackages returns NodesNodesPkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { - return v.AllPkgEqual.Packages +// GetSource returns NodesNodesCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source } -// GetOrigin returns NodesNodesPkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } - -// GetCollector returns NodesNodesPkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } +// GetScorecard returns NodesNodesCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard +} -func (v *NodesNodesPkgEqual) UnmarshalJSON(b []byte) error { +func (v *NodesNodesCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesPkgEqual + *NodesNodesCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.NodesNodesPkgEqual = v + firstPass.NodesNodesCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -19906,28 +15922,24 @@ func (v *NodesNodesPkgEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgEqual) + b, &v.AllCertifyScorecard) if err != nil { return err } return nil } -type __premarshalNodesNodesPkgEqual struct { +type __premarshalNodesNodesCertifyScorecard struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Packages []AllPkgEqualPackagesPackage `json:"packages"` - - Origin string `json:"origin"` + Source AllCertifyScorecardSource `json:"source"` - Collector string `json:"collector"` + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *NodesNodesPkgEqual) MarshalJSON() ([]byte, error) { +func (v *NodesNodesCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -19935,89 +15947,84 @@ func (v *NodesNodesPkgEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesPkgEqual) __premarshalJSON() (*__premarshalNodesNodesPkgEqual, error) { - var retval __premarshalNodesNodesPkgEqual +func (v *NodesNodesCertifyScorecard) __premarshalJSON() (*__premarshalNodesNodesCertifyScorecard, error) { + var retval __premarshalNodesNodesCertifyScorecard retval.Typename = v.Typename - retval.Id = v.AllPkgEqual.Id - retval.Justification = v.AllPkgEqual.Justification - retval.Packages = v.AllPkgEqual.Packages - retval.Origin = v.AllPkgEqual.Origin - retval.Collector = v.AllPkgEqual.Collector + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// NodesNodesPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// NodesNodesCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The attestation applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type NodesNodesPointOfContact struct { - Typename *string `json:"__typename"` - AllPointOfContact `json:"-"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type NodesNodesCertifyVEXStatement struct { + Typename *string `json:"__typename"` + AllCertifyVEXStatement `json:"-"` +} + +// GetTypename returns NodesNodesCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetTypename() *string { return v.Typename } + +// GetId returns NodesNodesCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } + +// GetSubject returns NodesNodesCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject +} + +// GetVulnerability returns NodesNodesCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability } -// GetTypename returns NodesNodesPointOfContact.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetTypename() *string { return v.Typename } - -// GetId returns NodesNodesPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetId() string { return v.AllPointOfContact.Id } +// GetStatus returns NodesNodesCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } -// GetSubject returns NodesNodesPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject +// GetVexJustification returns NodesNodesCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification } -// GetEmail returns NodesNodesPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } - -// GetInfo returns NodesNodesPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } +// GetStatement returns NodesNodesCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement +} -// GetSince returns NodesNodesPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } +// GetStatusNotes returns NodesNodesCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes +} -// GetJustification returns NodesNodesPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetJustification() string { - return v.AllPointOfContact.Justification +// GetKnownSince returns NodesNodesCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince } -// GetOrigin returns NodesNodesPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } +// GetOrigin returns NodesNodesCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } -// GetCollector returns NodesNodesPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *NodesNodesPointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } +// GetCollector returns NodesNodesCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector +} -func (v *NodesNodesPointOfContact) UnmarshalJSON(b []byte) error { +func (v *NodesNodesCertifyVEXStatement) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesPointOfContact + *NodesNodesCertifyVEXStatement graphql.NoUnmarshalJSON } - firstPass.NodesNodesPointOfContact = v + firstPass.NodesNodesCertifyVEXStatement = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -20025,34 +16032,38 @@ func (v *NodesNodesPointOfContact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPointOfContact) + b, &v.AllCertifyVEXStatement) if err != nil { return err } return nil } -type __premarshalNodesNodesPointOfContact struct { +type __premarshalNodesNodesCertifyVEXStatement struct { Typename *string `json:"__typename"` Id string `json:"id"` Subject json.RawMessage `json:"subject"` - Email string `json:"email"` + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` - Info string `json:"info"` + Status VexStatus `json:"status"` - Since time.Time `json:"since"` + VexJustification VexJustification `json:"vexJustification"` - Justification string `json:"justification"` + Statement string `json:"statement"` + + StatusNotes string `json:"statusNotes"` + + KnownSince time.Time `json:"knownSince"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *NodesNodesPointOfContact) MarshalJSON() ([]byte, error) { +func (v *NodesNodesCertifyVEXStatement) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -20060,76 +16071,77 @@ func (v *NodesNodesPointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *NodesNodesPointOfContact) __premarshalJSON() (*__premarshalNodesNodesPointOfContact, error) { - var retval __premarshalNodesNodesPointOfContact +func (v *NodesNodesCertifyVEXStatement) __premarshalJSON() (*__premarshalNodesNodesCertifyVEXStatement, error) { + var retval __premarshalNodesNodesCertifyVEXStatement retval.Typename = v.Typename - retval.Id = v.AllPointOfContact.Id + retval.Id = v.AllCertifyVEXStatement.Id { dst := &retval.Subject - src := v.AllPointOfContact.Subject + src := v.AllCertifyVEXStatement.Subject var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal NodesNodesPointOfContact.AllPointOfContact.Subject: %w", err) + "unable to marshal NodesNodesCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) } } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector return &retval, nil } -// NodesNodesSource includes the requested fields of the GraphQL type Source. +// NodesNodesCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// CertifyVuln is an attestation to attach vulnerability information to a package. // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type NodesNodesSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` +// This information is obtained via a scanner. If there is no vulnerability +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type NodesNodesCertifyVuln struct { + Typename *string `json:"__typename"` + AllCertifyVuln `json:"-"` } -// GetTypename returns NodesNodesSource.Typename, and is useful for accessing the field via an interface. -func (v *NodesNodesSource) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesCertifyVuln.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVuln) GetTypename() *string { return v.Typename } -// GetId returns NodesNodesSource.Id, and is useful for accessing the field via an interface. -func (v *NodesNodesSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns NodesNodesCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } -// GetType returns NodesNodesSource.Type, and is useful for accessing the field via an interface. -func (v *NodesNodesSource) GetType() string { return v.AllSourceTree.Type } +// GetPackage returns NodesNodesCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } -// GetNamespaces returns NodesNodesSource.Namespaces, and is useful for accessing the field via an interface. -func (v *NodesNodesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetVulnerability returns NodesNodesCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { + return v.AllCertifyVuln.Vulnerability } -func (v *NodesNodesSource) UnmarshalJSON(b []byte) error { +// GetMetadata returns NodesNodesCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *NodesNodesCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { + return v.AllCertifyVuln.Metadata +} + +func (v *NodesNodesCertifyVuln) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *NodesNodesSource + *NodesNodesCertifyVuln graphql.NoUnmarshalJSON } - firstPass.NodesNodesSource = v + firstPass.NodesNodesCertifyVuln = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -20137,179 +16149,114 @@ func (v *NodesNodesSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllCertifyVuln) if err != nil { return err } return nil } -type __premarshalNodesNodesSource struct { +type __premarshalNodesNodesCertifyVuln struct { Typename *string `json:"__typename"` - Id string `json:"id"` - - Type string `json:"type"` - - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` -} - -func (v *NodesNodesSource) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodesNodesSource) __premarshalJSON() (*__premarshalNodesNodesSource, error) { - var retval __premarshalNodesNodesSource - - retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces - return &retval, nil -} - -// NodesResponse is returned by Nodes on success. -type NodesResponse struct { - // nodes returns an array of nodes, regardless of type. - // - // The input is an array of IDs to retrieve. - Nodes []NodesNodesNode `json:"-"` -} - -// GetNodes returns NodesResponse.Nodes, and is useful for accessing the field via an interface. -func (v *NodesResponse) GetNodes() []NodesNodesNode { return v.Nodes } - -func (v *NodesResponse) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *NodesResponse - Nodes []json.RawMessage `json:"nodes"` - graphql.NoUnmarshalJSON - } - firstPass.NodesResponse = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - { - dst := &v.Nodes - src := firstPass.Nodes - *dst = make( - []NodesNodesNode, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - if len(src) != 0 && string(src) != "null" { - err = __unmarshalNodesNodesNode( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal NodesResponse.Nodes: %w", err) - } - } - } - } - return nil -} - -type __premarshalNodesResponse struct { - Nodes []json.RawMessage `json:"nodes"` -} - -func (v *NodesResponse) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *NodesResponse) __premarshalJSON() (*__premarshalNodesResponse, error) { - var retval __premarshalNodesResponse - - { - - dst := &retval.Nodes - src := v.Nodes - *dst = make( - []json.RawMessage, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - var err error - *dst, err = __marshalNodesNodesNode( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal NodesResponse.Nodes: %w", err) - } - } - } - return &retval, nil -} - -// OSVInputSpec specifies a OSV vulnerability for mutations. -type OSVInputSpec struct { - OsvId string `json:"osvId"` -} + Id string `json:"id"` + + Package AllCertifyVulnPackage `json:"package"` -// GetOsvId returns OSVInputSpec.OsvId, and is useful for accessing the field via an interface. -func (v *OSVInputSpec) GetOsvId() string { return v.OsvId } + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` -// OSVSpec allows filtering the list of advisories to return in a query. -type OSVSpec struct { - Id *string `json:"id"` - OsvId *string `json:"osvId"` + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` +} + +func (v *NodesNodesCertifyVuln) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetId returns OSVSpec.Id, and is useful for accessing the field via an interface. -func (v *OSVSpec) GetId() *string { return v.Id } +func (v *NodesNodesCertifyVuln) __premarshalJSON() (*__premarshalNodesNodesCertifyVuln, error) { + var retval __premarshalNodesNodesCertifyVuln -// GetOsvId returns OSVSpec.OsvId, and is useful for accessing the field via an interface. -func (v *OSVSpec) GetOsvId() *string { return v.OsvId } + retval.Typename = v.Typename + retval.Id = v.AllCertifyVuln.Id + retval.Package = v.AllCertifyVuln.Package + retval.Vulnerability = v.AllCertifyVuln.Vulnerability + retval.Metadata = v.AllCertifyVuln.Metadata + return &retval, nil +} -// OSVsOsvOSV includes the requested fields of the GraphQL type OSV. +// NodesNodesHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// The osvId field is mandatory and canonicalized to be lowercase. +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// Justification indicates how the metadata was determined. // -// This node can be referred to by other parts of GUAC. -type OSVsOsvOSV struct { - AllOSVTree `json:"-"` +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type NodesNodesHasMetadata struct { + Typename *string `json:"__typename"` +} + +// GetTypename returns NodesNodesHasMetadata.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesHasMetadata) GetTypename() *string { return v.Typename } + +// NodesNodesHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type NodesNodesHasSBOM struct { + Typename *string `json:"__typename"` + AllHasSBOMTree `json:"-"` +} + +// GetTypename returns NodesNodesHasSBOM.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetTypename() *string { return v.Typename } + +// GetId returns NodesNodesHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns NodesNodesHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -// GetId returns OSVsOsvOSV.Id, and is useful for accessing the field via an interface. -func (v *OSVsOsvOSV) GetId() string { return v.AllOSVTree.Id } +// GetUri returns NodesNodesHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns NodesNodesHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns NodesNodesHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns NodesNodesHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } + +// GetOrigin returns NodesNodesHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } -// GetOsvId returns OSVsOsvOSV.OsvId, and is useful for accessing the field via an interface. -func (v *OSVsOsvOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetCollector returns NodesNodesHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } -func (v *OSVsOsvOSV) UnmarshalJSON(b []byte) error { +func (v *NodesNodesHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *OSVsOsvOSV + *NodesNodesHasSBOM graphql.NoUnmarshalJSON } - firstPass.OSVsOsvOSV = v + firstPass.NodesNodesHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -20317,20 +16264,34 @@ func (v *OSVsOsvOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalOSVsOsvOSV struct { +type __premarshalNodesNodesHasSBOM struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - OsvId string `json:"osvId"` + Subject json.RawMessage `json:"subject"` + + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *OSVsOsvOSV) MarshalJSON() ([]byte, error) { +func (v *NodesNodesHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -20338,500 +16299,453 @@ func (v *OSVsOsvOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *OSVsOsvOSV) __premarshalJSON() (*__premarshalOSVsOsvOSV, error) { - var retval __premarshalOSVsOsvOSV +func (v *NodesNodesHasSBOM) __premarshalJSON() (*__premarshalNodesNodesHasSBOM, error) { + var retval __premarshalNodesNodesHasSBOM - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId - return &retval, nil -} + retval.Typename = v.Typename + retval.Id = v.AllHasSBOMTree.Id + { -// OSVsResponse is returned by OSVs on success. -type OSVsResponse struct { - // Returns all OSV vulnerabilities matching a filter. - Osv []OSVsOsvOSV `json:"osv"` + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodesNodesHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector + return &retval, nil } -// GetOsv returns OSVsResponse.Osv, and is useful for accessing the field via an interface. -func (v *OSVsResponse) GetOsv() []OSVsOsvOSV { return v.Osv } - -// PackageNamesPackagesPackage includes the requested fields of the GraphQL type Package. +// NodesNodesHasSLSA includes the requested fields of the GraphQL type HasSLSA. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PackageNamesPackagesPackage struct { - Id string `json:"id"` - Type string `json:"type"` - Namespaces []PackageNamesPackagesPackageNamespacesPackageNamespace `json:"namespaces"` +// HasSLSA records that a subject node has a SLSA attestation. +type NodesNodesHasSLSA struct { + Typename *string `json:"__typename"` + AllSLSATree `json:"-"` } -// GetId returns PackageNamesPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackage) GetId() string { return v.Id } +// GetTypename returns NodesNodesHasSLSA.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSLSA) GetTypename() *string { return v.Typename } -// GetType returns PackageNamesPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackage) GetType() string { return v.Type } +// GetId returns NodesNodesHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSLSA) GetId() string { return v.AllSLSATree.Id } -// GetNamespaces returns PackageNamesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackage) GetNamespaces() []PackageNamesPackagesPackageNamespacesPackageNamespace { - return v.Namespaces -} +// GetSubject returns NodesNodesHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } -// PackageNamesPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. -// The GraphQL type's documentation follows. -// -// PackageNamespace is a namespace for packages. -// -// In the pURL representation, each PackageNamespace matches the -// pkg:// partial pURL. -// -// Namespaces are optional and type specific. Because they are optional, we use -// empty string to denote missing namespaces. -type PackageNamesPackagesPackageNamespacesPackageNamespace struct { - Id string `json:"id"` - Namespace string `json:"namespace"` - Names []PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName `json:"names"` -} +// GetSlsa returns NodesNodesHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -// GetId returns PackageNamesPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } +func (v *NodesNodesHasSLSA) UnmarshalJSON(b []byte) error { -// GetNamespace returns PackageNamesPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetNamespace() string { - return v.Namespace -} + if string(b) == "null" { + return nil + } -// GetNames returns PackageNamesPackagesPackageNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetNames() []PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName { - return v.Names -} + var firstPass struct { + *NodesNodesHasSLSA + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesHasSLSA = v -// PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. -// The GraphQL type's documentation follows. -// -// PackageName is a name for packages. -// -// In the pURL representation, each PackageName matches the -// pkg:// pURL. -// -// Names are always mandatory. -// -// This is the first node in the trie that can be referred to by other parts of -// GUAC. -type PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName struct { - Id string `json:"id"` - Name string `json:"name"` -} + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// GetId returns PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetId() string { - return v.Id + err = json.Unmarshal( + b, &v.AllSLSATree) + if err != nil { + return err + } + return nil } -// GetName returns PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. -func (v *PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetName() string { - return v.Name -} +type __premarshalNodesNodesHasSLSA struct { + Typename *string `json:"__typename"` -// PackageNamesResponse is returned by PackageNames on success. -type PackageNamesResponse struct { - // Returns all packages matching a filter. - Packages []PackageNamesPackagesPackage `json:"packages"` -} + Id string `json:"id"` -// GetPackages returns PackageNamesResponse.Packages, and is useful for accessing the field via an interface. -func (v *PackageNamesResponse) GetPackages() []PackageNamesPackagesPackage { return v.Packages } + Subject AllSLSATreeSubjectArtifact `json:"subject"` -// PackageNamespacesPackagesPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PackageNamespacesPackagesPackage struct { - Id string `json:"id"` - Type string `json:"type"` - Namespaces []PackageNamespacesPackagesPackageNamespacesPackageNamespace `json:"namespaces"` + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` } -// GetId returns PackageNamespacesPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *PackageNamespacesPackagesPackage) GetId() string { return v.Id } +func (v *NodesNodesHasSLSA) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetType returns PackageNamespacesPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *PackageNamespacesPackagesPackage) GetType() string { return v.Type } +func (v *NodesNodesHasSLSA) __premarshalJSON() (*__premarshalNodesNodesHasSLSA, error) { + var retval __premarshalNodesNodesHasSLSA -// GetNamespaces returns PackageNamespacesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PackageNamespacesPackagesPackage) GetNamespaces() []PackageNamespacesPackagesPackageNamespacesPackageNamespace { - return v.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa + return &retval, nil } -// PackageNamespacesPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. +// NodesNodesHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. // The GraphQL type's documentation follows. // -// PackageNamespace is a namespace for packages. -// -// In the pURL representation, each PackageNamespace matches the -// pkg:// partial pURL. -// -// Namespaces are optional and type specific. Because they are optional, we use -// empty string to denote missing namespaces. -type PackageNamespacesPackagesPackageNamespacesPackageNamespace struct { - Id string `json:"id"` - Namespace string `json:"namespace"` +// HasSourceAt records that a package's repository is a given source. +type NodesNodesHasSourceAt struct { + Typename *string `json:"__typename"` + AllHasSourceAt `json:"-"` } -// GetId returns PackageNamespacesPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. -func (v *PackageNamespacesPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } +// GetTypename returns NodesNodesHasSourceAt.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetTypename() *string { return v.Typename } -// GetNamespace returns PackageNamespacesPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. -func (v *PackageNamespacesPackagesPackageNamespacesPackageNamespace) GetNamespace() string { - return v.Namespace -} +// GetId returns NodesNodesHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } -// PackageNamespacesResponse is returned by PackageNamespaces on success. -type PackageNamespacesResponse struct { - // Returns all packages matching a filter. - Packages []PackageNamespacesPackagesPackage `json:"packages"` -} +// GetJustification returns NodesNodesHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } -// GetPackages returns PackageNamespacesResponse.Packages, and is useful for accessing the field via an interface. -func (v *PackageNamespacesResponse) GetPackages() []PackageNamespacesPackagesPackage { - return v.Packages -} +// GetKnownSince returns NodesNodesHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } -// PackageQualifierInputSpec allows specifying package qualifiers in mutations. -type PackageQualifierInputSpec struct { - Key string `json:"key"` - Value string `json:"value"` -} +// GetPackage returns NodesNodesHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } -// GetKey returns PackageQualifierInputSpec.Key, and is useful for accessing the field via an interface. -func (v *PackageQualifierInputSpec) GetKey() string { return v.Key } +// GetSource returns NodesNodesHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } -// GetValue returns PackageQualifierInputSpec.Value, and is useful for accessing the field via an interface. -func (v *PackageQualifierInputSpec) GetValue() string { return v.Value } +// GetOrigin returns NodesNodesHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } -// PackageQualifierSpec allows filtering package qualifiers in a query. -// -// Keys are mandatory, but values could also be null if we want to match all -// values for a specific key. -// -// NOTE: Before the schema becomes stable, we might change the nulability -// requirements of these fields. -type PackageQualifierSpec struct { - Key string `json:"key"` - Value *string `json:"value"` +// GetCollector returns NodesNodesHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } + +func (v *NodesNodesHasSourceAt) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *NodesNodesHasSourceAt + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesHasSourceAt = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllHasSourceAt) + if err != nil { + return err + } + return nil } -// GetKey returns PackageQualifierSpec.Key, and is useful for accessing the field via an interface. -func (v *PackageQualifierSpec) GetKey() string { return v.Key } +type __premarshalNodesNodesHasSourceAt struct { + Typename *string `json:"__typename"` -// GetValue returns PackageQualifierSpec.Value, and is useful for accessing the field via an interface. -func (v *PackageQualifierSpec) GetValue() *string { return v.Value } + Id string `json:"id"` -// PackageSourceOrArtifactSpec allows using PackageSourceOrArtifact union as -// input type to be used in read queries. -// -// Exactly one of the value must be set to non-nil. -type PackageSourceOrArtifactSpec struct { - Package *PkgSpec `json:"package"` - Source *SourceSpec `json:"source"` - Artifact *ArtifactSpec `json:"artifact"` + Justification string `json:"justification"` + + KnownSince time.Time `json:"knownSince"` + + Package AllHasSourceAtPackage `json:"package"` + + Source AllHasSourceAtSource `json:"source"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -// GetPackage returns PackageSourceOrArtifactSpec.Package, and is useful for accessing the field via an interface. -func (v *PackageSourceOrArtifactSpec) GetPackage() *PkgSpec { return v.Package } +func (v *NodesNodesHasSourceAt) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetSource returns PackageSourceOrArtifactSpec.Source, and is useful for accessing the field via an interface. -func (v *PackageSourceOrArtifactSpec) GetSource() *SourceSpec { return v.Source } +func (v *NodesNodesHasSourceAt) __premarshalJSON() (*__premarshalNodesNodesHasSourceAt, error) { + var retval __premarshalNodesNodesHasSourceAt -// GetArtifact returns PackageSourceOrArtifactSpec.Artifact, and is useful for accessing the field via an interface. -func (v *PackageSourceOrArtifactSpec) GetArtifact() *ArtifactSpec { return v.Artifact } + retval.Typename = v.Typename + retval.Id = v.AllHasSourceAt.Id + retval.Justification = v.AllHasSourceAt.Justification + retval.KnownSince = v.AllHasSourceAt.KnownSince + retval.Package = v.AllHasSourceAt.Package + retval.Source = v.AllHasSourceAt.Source + retval.Origin = v.AllHasSourceAt.Origin + retval.Collector = v.AllHasSourceAt.Collector + return &retval, nil +} -// PackageTypesPackagesPackage includes the requested fields of the GraphQL type Package. +// NodesNodesHashEqual includes the requested fields of the GraphQL type HashEqual. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PackageTypesPackagesPackage struct { - Id string `json:"id"` - Type string `json:"type"` +// HashEqual is an attestation that a set of artifacts are identical. +type NodesNodesHashEqual struct { + Typename *string `json:"__typename"` + AllHashEqualTree `json:"-"` } -// GetId returns PackageTypesPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *PackageTypesPackagesPackage) GetId() string { return v.Id } +// GetTypename returns NodesNodesHashEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetTypename() *string { return v.Typename } -// GetType returns PackageTypesPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *PackageTypesPackagesPackage) GetType() string { return v.Type } +// GetId returns NodesNodesHashEqual.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetId() string { return v.AllHashEqualTree.Id } -// PackageTypesResponse is returned by PackageTypes on success. -type PackageTypesResponse struct { - // Returns all packages matching a filter. - Packages []PackageTypesPackagesPackage `json:"packages"` +// GetJustification returns NodesNodesHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } + +// GetArtifacts returns NodesNodesHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts } -// GetPackages returns PackageTypesResponse.Packages, and is useful for accessing the field via an interface. -func (v *PackageTypesResponse) GetPackages() []PackageTypesPackagesPackage { return v.Packages } +// GetOrigin returns NodesNodesHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } -// PackageVersionsPackagesPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PackageVersionsPackagesPackage struct { - Id string `json:"id"` - Type string `json:"type"` - Namespaces []PackageVersionsPackagesPackageNamespacesPackageNamespace `json:"namespaces"` +// GetCollector returns NodesNodesHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } + +func (v *NodesNodesHashEqual) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *NodesNodesHashEqual + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesHashEqual = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllHashEqualTree) + if err != nil { + return err + } + return nil } -// GetId returns PackageVersionsPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackage) GetId() string { return v.Id } +type __premarshalNodesNodesHashEqual struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` -// GetType returns PackageVersionsPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackage) GetType() string { return v.Type } + Justification string `json:"justification"` -// GetNamespaces returns PackageVersionsPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackage) GetNamespaces() []PackageVersionsPackagesPackageNamespacesPackageNamespace { - return v.Namespaces -} + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` -// PackageVersionsPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. -// The GraphQL type's documentation follows. -// -// PackageNamespace is a namespace for packages. -// -// In the pURL representation, each PackageNamespace matches the -// pkg:// partial pURL. -// -// Namespaces are optional and type specific. Because they are optional, we use -// empty string to denote missing namespaces. -type PackageVersionsPackagesPackageNamespacesPackageNamespace struct { - Id string `json:"id"` - Namespace string `json:"namespace"` - Names []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName `json:"names"` -} + Origin string `json:"origin"` -// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } + Collector string `json:"collector"` +} -// GetNamespace returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetNamespace() string { - return v.Namespace +func (v *NodesNodesHashEqual) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetNames returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetNames() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName { - return v.Names +func (v *NodesNodesHashEqual) __premarshalJSON() (*__premarshalNodesNodesHashEqual, error) { + var retval __premarshalNodesNodesHashEqual + + retval.Typename = v.Typename + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector + return &retval, nil } -// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. +// NodesNodesIsDependency includes the requested fields of the GraphQL type IsDependency. // The GraphQL type's documentation follows. // -// PackageName is a name for packages. -// -// In the pURL representation, each PackageName matches the -// pkg:// pURL. -// -// Names are always mandatory. -// -// This is the first node in the trie that can be referred to by other parts of -// GUAC. -type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName struct { - Id string `json:"id"` - Name string `json:"name"` - Versions []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion `json:"versions"` +// IsDependency is an attestation to record that a package depends on another. +type NodesNodesIsDependency struct { + Typename *string `json:"__typename"` + AllIsDependencyTree `json:"-"` } -// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetId() string { - return v.Id -} +// GetTypename returns NodesNodesIsDependency.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetTypename() *string { return v.Typename } -// GetName returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetName() string { - return v.Name -} +// GetId returns NodesNodesIsDependency.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetId() string { return v.AllIsDependencyTree.Id } -// GetVersions returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Versions, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetVersions() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion { - return v.Versions +// GetJustification returns NodesNodesIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetJustification() string { + return v.AllIsDependencyTree.Justification } -// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion includes the requested fields of the GraphQL type PackageVersion. -// The GraphQL type's documentation follows. -// -// PackageVersion is a package version. -// -// In the pURL representation, each PackageName matches the -// pkg://@ pURL. -// -// Versions are optional and each Package type defines own rules for handling -// them. For this level of GUAC, these are just opaque strings. -// -// NOTE: The handling of versions might change before this schema becomes stable. -// -// This node can be referred to by other parts of GUAC. -// -// Subpath and qualifiers are optional. Lack of qualifiers is represented by an -// empty list and lack of subpath by empty string (to be consistent with -// optionality of namespace and version). Two nodes that have different qualifiers -// and/or subpath but the same version mean two different packages in the trie -// (they are different). Two nodes that have same version but qualifiers of one -// are a subset of the qualifier of the other also mean two different packages in -// the trie. -type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion struct { - Id string `json:"id"` - Version string `json:"version"` - Qualifiers []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier `json:"qualifiers"` - Subpath string `json:"subpath"` +// GetPackage returns NodesNodesIsDependency.Package, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package } -// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Id, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetId() string { - return v.Id +// GetDependentPackage returns NodesNodesIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage } -// GetVersion returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Version, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetVersion() string { - return v.Version +// GetDependencyType returns NodesNodesIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType } -// GetQualifiers returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Qualifiers, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetQualifiers() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier { - return v.Qualifiers -} +// GetVersionRange returns NodesNodesIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } -// GetSubpath returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Subpath, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetSubpath() string { - return v.Subpath -} +// GetOrigin returns NodesNodesIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } -// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier includes the requested fields of the GraphQL type PackageQualifier. -// The GraphQL type's documentation follows. -// -// PackageQualifier is a qualifier for a package, a key-value pair. -// -// In the pURL representation, it is a part of the part of the -// pkg://@? pURL. -// -// Qualifiers are optional, each Package type defines own rules for handling them, -// and multiple qualifiers could be attached to the same package. -// -// This node cannot be directly referred by other parts of GUAC. -type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier struct { - Key string `json:"key"` - Value string `json:"value"` -} +// GetCollector returns NodesNodesIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } -// GetKey returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Key, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetKey() string { - return v.Key +func (v *NodesNodesIsDependency) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *NodesNodesIsDependency + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesIsDependency = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllIsDependencyTree) + if err != nil { + return err + } + return nil } -// GetValue returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Value, and is useful for accessing the field via an interface. -func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetValue() string { - return v.Value +type __premarshalNodesNodesIsDependency struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + + Justification string `json:"justification"` + + Package AllIsDependencyTreePackage `json:"package"` + + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + + DependencyType DependencyType `json:"dependencyType"` + + VersionRange string `json:"versionRange"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -// PackageVersionsResponse is returned by PackageVersions on success. -type PackageVersionsResponse struct { - // Returns all packages matching a filter. - Packages []PackageVersionsPackagesPackage `json:"packages"` +func (v *NodesNodesIsDependency) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetPackages returns PackageVersionsResponse.Packages, and is useful for accessing the field via an interface. -func (v *PackageVersionsResponse) GetPackages() []PackageVersionsPackagesPackage { return v.Packages } +func (v *NodesNodesIsDependency) __premarshalJSON() (*__premarshalNodesNodesIsDependency, error) { + var retval __premarshalNodesNodesIsDependency -// PackagesPackagesPackage includes the requested fields of the GraphQL type Package. + retval.Typename = v.Typename + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector + return &retval, nil +} + +// NodesNodesIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// IsOccurrence is an attestation to link an artifact to a package or source. // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PackagesPackagesPackage struct { - AllPkgTree `json:"-"` +// Attestation must occur at the PackageVersion or at the SourceName. +type NodesNodesIsOccurrence struct { + Typename *string `json:"__typename"` + AllIsOccurrencesTree `json:"-"` } -// GetId returns PackagesPackagesPackage.Id, and is useful for accessing the field via an interface. -func (v *PackagesPackagesPackage) GetId() string { return v.AllPkgTree.Id } +// GetTypename returns NodesNodesIsOccurrence.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetTypename() *string { return v.Typename } -// GetType returns PackagesPackagesPackage.Type, and is useful for accessing the field via an interface. -func (v *PackagesPackagesPackage) GetType() string { return v.AllPkgTree.Type } +// GetId returns NodesNodesIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } -// GetNamespaces returns PackagesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PackagesPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetSubject returns NodesNodesIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject } -func (v *PackagesPackagesPackage) UnmarshalJSON(b []byte) error { +// GetArtifact returns NodesNodesIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact +} + +// GetJustification returns NodesNodesIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetJustification() string { + return v.AllIsOccurrencesTree.Justification +} + +// GetOrigin returns NodesNodesIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } + +// GetCollector returns NodesNodesIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } + +func (v *NodesNodesIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PackagesPackagesPackage + *NodesNodesIsOccurrence graphql.NoUnmarshalJSON } - firstPass.PackagesPackagesPackage = v + firstPass.NodesNodesIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -20839,22 +16753,30 @@ func (v *PackagesPackagesPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalPackagesPackagesPackage struct { +type __premarshalNodesNodesIsOccurrence struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Type string `json:"type"` + Subject json.RawMessage `json:"subject"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *PackagesPackagesPackage) MarshalJSON() ([]byte, error) { +func (v *NodesNodesIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -20862,135 +16784,465 @@ func (v *PackagesPackagesPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PackagesPackagesPackage) __premarshalJSON() (*__premarshalPackagesPackagesPackage, error) { - var retval __premarshalPackagesPackagesPackage +func (v *NodesNodesIsOccurrence) __premarshalJSON() (*__premarshalNodesNodesIsOccurrence, error) { + var retval __premarshalNodesNodesIsOccurrence - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllIsOccurrencesTree.Id + { + + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodesNodesIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// PackagesResponse is returned by Packages on success. -type PackagesResponse struct { - // Returns all packages matching a filter. - Packages []PackagesPackagesPackage `json:"packages"` +// NodesNodesNode includes the requested fields of the GraphQL interface Node. +// +// NodesNodesNode is implemented by the following types: +// NodesNodesArtifact +// NodesNodesBuilder +// NodesNodesCertifyBad +// NodesNodesCertifyGood +// NodesNodesCertifyScorecard +// NodesNodesCertifyVEXStatement +// NodesNodesCertifyVuln +// NodesNodesHasMetadata +// NodesNodesHasSBOM +// NodesNodesHasSLSA +// NodesNodesHasSourceAt +// NodesNodesHashEqual +// NodesNodesIsDependency +// NodesNodesIsOccurrence +// NodesNodesPackage +// NodesNodesPkgEqual +// NodesNodesPointOfContact +// NodesNodesSource +// NodesNodesVulnEqual +// NodesNodesVulnerability +// The GraphQL type's documentation follows. +// +// Node is a union type of all the possible nodes. +// +// It encapsulates the software tree nodes along with the evidence nodes. In a +// path query, all connecting evidence nodes along with their intermediate subject +// nodes need to be returned in order to create a complete graph. +type NodesNodesNode interface { + implementsGraphQLInterfaceNodesNodesNode() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -// GetPackages returns PackagesResponse.Packages, and is useful for accessing the field via an interface. -func (v *PackagesResponse) GetPackages() []PackagesPackagesPackage { return v.Packages } +func (v *NodesNodesArtifact) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesBuilder) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesCertifyBad) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesCertifyGood) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesCertifyScorecard) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesCertifyVEXStatement) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesCertifyVuln) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesHasMetadata) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesHasSBOM) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesHasSLSA) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesHasSourceAt) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesHashEqual) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesIsDependency) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesIsOccurrence) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesPackage) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesPkgEqual) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesPointOfContact) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesSource) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesVulnEqual) implementsGraphQLInterfaceNodesNodesNode() {} +func (v *NodesNodesVulnerability) implementsGraphQLInterfaceNodesNodesNode() {} + +func __unmarshalNodesNodesNode(b []byte, v *NodesNodesNode) error { + if string(b) == "null" { + return nil + } + + var tn struct { + TypeName string `json:"__typename"` + } + err := json.Unmarshal(b, &tn) + if err != nil { + return err + } + + switch tn.TypeName { + case "Artifact": + *v = new(NodesNodesArtifact) + return json.Unmarshal(b, *v) + case "Builder": + *v = new(NodesNodesBuilder) + return json.Unmarshal(b, *v) + case "CertifyBad": + *v = new(NodesNodesCertifyBad) + return json.Unmarshal(b, *v) + case "CertifyGood": + *v = new(NodesNodesCertifyGood) + return json.Unmarshal(b, *v) + case "CertifyScorecard": + *v = new(NodesNodesCertifyScorecard) + return json.Unmarshal(b, *v) + case "CertifyVEXStatement": + *v = new(NodesNodesCertifyVEXStatement) + return json.Unmarshal(b, *v) + case "CertifyVuln": + *v = new(NodesNodesCertifyVuln) + return json.Unmarshal(b, *v) + case "HasMetadata": + *v = new(NodesNodesHasMetadata) + return json.Unmarshal(b, *v) + case "HasSBOM": + *v = new(NodesNodesHasSBOM) + return json.Unmarshal(b, *v) + case "HasSLSA": + *v = new(NodesNodesHasSLSA) + return json.Unmarshal(b, *v) + case "HasSourceAt": + *v = new(NodesNodesHasSourceAt) + return json.Unmarshal(b, *v) + case "HashEqual": + *v = new(NodesNodesHashEqual) + return json.Unmarshal(b, *v) + case "IsDependency": + *v = new(NodesNodesIsDependency) + return json.Unmarshal(b, *v) + case "IsOccurrence": + *v = new(NodesNodesIsOccurrence) + return json.Unmarshal(b, *v) + case "Package": + *v = new(NodesNodesPackage) + return json.Unmarshal(b, *v) + case "PkgEqual": + *v = new(NodesNodesPkgEqual) + return json.Unmarshal(b, *v) + case "PointOfContact": + *v = new(NodesNodesPointOfContact) + return json.Unmarshal(b, *v) + case "Source": + *v = new(NodesNodesSource) + return json.Unmarshal(b, *v) + case "VulnEqual": + *v = new(NodesNodesVulnEqual) + return json.Unmarshal(b, *v) + case "Vulnerability": + *v = new(NodesNodesVulnerability) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing Node.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for NodesNodesNode: "%v"`, tn.TypeName) + } +} + +func __marshalNodesNodesNode(v *NodesNodesNode) ([]byte, error) { + + var typename string + switch v := (*v).(type) { + case *NodesNodesArtifact: + typename = "Artifact" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesBuilder: + typename = "Builder" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesBuilder + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesCertifyBad: + typename = "CertifyBad" + + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesCertifyBad + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesCertifyGood: + typename = "CertifyGood" -// PathPathArtifact includes the requested fields of the GraphQL type Artifact. -// The GraphQL type's documentation follows. -// -// Artifact represents an artifact identified by a checksum hash. -// -// The checksum is split into the digest value and the algorithm used to generate -// it. Both fields are mandatory and canonicalized to be lowercase. -// -// If having a checksum Go object, algorithm can be -// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. -type PathPathArtifact struct { - Typename *string `json:"__typename"` - AllArtifactTree `json:"-"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesCertifyGood + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesCertifyScorecard: + typename = "CertifyScorecard" -// GetTypename returns PathPathArtifact.Typename, and is useful for accessing the field via an interface. -func (v *PathPathArtifact) GetTypename() *string { return v.Typename } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesCertifyScorecard + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesCertifyVEXStatement: + typename = "CertifyVEXStatement" -// GetId returns PathPathArtifact.Id, and is useful for accessing the field via an interface. -func (v *PathPathArtifact) GetId() string { return v.AllArtifactTree.Id } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesCertifyVEXStatement + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesCertifyVuln: + typename = "CertifyVuln" -// GetAlgorithm returns PathPathArtifact.Algorithm, and is useful for accessing the field via an interface. -func (v *PathPathArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesCertifyVuln + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesHasMetadata: + typename = "HasMetadata" -// GetDigest returns PathPathArtifact.Digest, and is useful for accessing the field via an interface. -func (v *PathPathArtifact) GetDigest() string { return v.AllArtifactTree.Digest } + result := struct { + TypeName string `json:"__typename"` + *NodesNodesHasMetadata + }{typename, v} + return json.Marshal(result) + case *NodesNodesHasSBOM: + typename = "HasSBOM" -func (v *PathPathArtifact) UnmarshalJSON(b []byte) error { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesHasSBOM + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesHasSLSA: + typename = "HasSLSA" - if string(b) == "null" { - return nil - } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesHasSLSA + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesHasSourceAt: + typename = "HasSourceAt" - var firstPass struct { - *PathPathArtifact - graphql.NoUnmarshalJSON - } - firstPass.PathPathArtifact = v + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesHasSourceAt + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesHashEqual: + typename = "HashEqual" - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesHashEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesIsDependency: + typename = "IsDependency" - err = json.Unmarshal( - b, &v.AllArtifactTree) - if err != nil { - return err - } - return nil -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesIsDependency + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesIsOccurrence: + typename = "IsOccurrence" -type __premarshalPathPathArtifact struct { - Typename *string `json:"__typename"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesIsOccurrence + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesPackage: + typename = "Package" - Id string `json:"id"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesPackage + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesPkgEqual: + typename = "PkgEqual" - Algorithm string `json:"algorithm"` + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesPkgEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesPointOfContact: + typename = "PointOfContact" - Digest string `json:"digest"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesPointOfContact + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesSource: + typename = "Source" -func (v *PathPathArtifact) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesSource + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesVulnEqual: + typename = "VulnEqual" -func (v *PathPathArtifact) __premarshalJSON() (*__premarshalPathPathArtifact, error) { - var retval __premarshalPathPathArtifact + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesVulnEqual + }{typename, premarshaled} + return json.Marshal(result) + case *NodesNodesVulnerability: + typename = "Vulnerability" - retval.Typename = v.Typename - retval.Id = v.AllArtifactTree.Id - retval.Algorithm = v.AllArtifactTree.Algorithm - retval.Digest = v.AllArtifactTree.Digest - return &retval, nil + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalNodesNodesVulnerability + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for NodesNodesNode: "%T"`, v) + } } -// PathPathBuilder includes the requested fields of the GraphQL type Builder. +// NodesNodesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// Currently builders are identified by the uri field. -type PathPathBuilder struct { - Typename *string `json:"__typename"` - AllBuilderTree `json:"-"` +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type NodesNodesPackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetTypename returns PathPathBuilder.Typename, and is useful for accessing the field via an interface. -func (v *PathPathBuilder) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesPackage.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesPackage) GetTypename() *string { return v.Typename } -// GetId returns PathPathBuilder.Id, and is useful for accessing the field via an interface. -func (v *PathPathBuilder) GetId() string { return v.AllBuilderTree.Id } +// GetId returns NodesNodesPackage.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesPackage) GetId() string { return v.AllPkgTree.Id } -// GetUri returns PathPathBuilder.Uri, and is useful for accessing the field via an interface. -func (v *PathPathBuilder) GetUri() string { return v.AllBuilderTree.Uri } +// GetType returns NodesNodesPackage.Type, and is useful for accessing the field via an interface. +func (v *NodesNodesPackage) GetType() string { return v.AllPkgTree.Type } -func (v *PathPathBuilder) UnmarshalJSON(b []byte) error { +// GetNamespaces returns NodesNodesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *NodesNodesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} + +func (v *NodesNodesPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathBuilder + *NodesNodesPackage graphql.NoUnmarshalJSON } - firstPass.PathPathBuilder = v + firstPass.NodesNodesPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -20998,22 +17250,24 @@ func (v *PathPathBuilder) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllBuilderTree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalPathPathBuilder struct { +type __premarshalNodesNodesPackage struct { Typename *string `json:"__typename"` Id string `json:"id"` - Uri string `json:"uri"` + Type string `json:"type"` + + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *PathPathBuilder) MarshalJSON() ([]byte, error) { +func (v *NodesNodesPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21021,56 +17275,56 @@ func (v *PathPathBuilder) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathBuilder) __premarshalJSON() (*__premarshalPathPathBuilder, error) { - var retval __premarshalPathPathBuilder +func (v *NodesNodesPackage) __premarshalJSON() (*__premarshalNodesNodesPackage, error) { + var retval __premarshalNodesNodesPackage retval.Typename = v.Typename - retval.Id = v.AllBuilderTree.Id - retval.Uri = v.AllBuilderTree.Uri + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// PathPathCVE includes the requested fields of the GraphQL type CVE. +// NodesNodesPkgEqual includes the requested fields of the GraphQL type PkgEqual. // The GraphQL type's documentation follows. // -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. -// -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. -// -// This node can be referred to by other parts of GUAC. -type PathPathCVE struct { - Typename *string `json:"__typename"` - AllCveTree `json:"-"` +// PkgEqual is an attestation that a set of packages are similar. +type NodesNodesPkgEqual struct { + Typename *string `json:"__typename"` + AllPkgEqual `json:"-"` } -// GetTypename returns PathPathCVE.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCVE) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesPkgEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetTypename() *string { return v.Typename } + +// GetId returns NodesNodesPkgEqual.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetId() string { return v.AllPkgEqual.Id } + +// GetJustification returns NodesNodesPkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } -// GetId returns PathPathCVE.Id, and is useful for accessing the field via an interface. -func (v *PathPathCVE) GetId() string { return v.AllCveTree.Id } +// GetPackages returns NodesNodesPkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { + return v.AllPkgEqual.Packages +} -// GetYear returns PathPathCVE.Year, and is useful for accessing the field via an interface. -func (v *PathPathCVE) GetYear() int { return v.AllCveTree.Year } +// GetOrigin returns NodesNodesPkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } -// GetCveId returns PathPathCVE.CveId, and is useful for accessing the field via an interface. -func (v *PathPathCVE) GetCveId() string { return v.AllCveTree.CveId } +// GetCollector returns NodesNodesPkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } -func (v *PathPathCVE) UnmarshalJSON(b []byte) error { +func (v *NodesNodesPkgEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathCVE + *NodesNodesPkgEqual graphql.NoUnmarshalJSON } - firstPass.PathPathCVE = v + firstPass.NodesNodesPkgEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21078,24 +17332,28 @@ func (v *PathPathCVE) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCveTree) + b, &v.AllPkgEqual) if err != nil { return err } return nil } -type __premarshalPathPathCVE struct { +type __premarshalNodesNodesPkgEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Year int `json:"year"` + Justification string `json:"justification"` + + Packages []AllPkgEqualPackagesPackage `json:"packages"` + + Origin string `json:"origin"` - CveId string `json:"cveId"` + Collector string `json:"collector"` } -func (v *PathPathCVE) MarshalJSON() ([]byte, error) { +func (v *NodesNodesPkgEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21103,66 +17361,89 @@ func (v *PathPathCVE) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathCVE) __premarshalJSON() (*__premarshalPathPathCVE, error) { - var retval __premarshalPathPathCVE +func (v *NodesNodesPkgEqual) __premarshalJSON() (*__premarshalNodesNodesPkgEqual, error) { + var retval __premarshalNodesNodesPkgEqual retval.Typename = v.Typename - retval.Id = v.AllCveTree.Id - retval.Year = v.AllCveTree.Year - retval.CveId = v.AllCveTree.CveId + retval.Id = v.AllPkgEqual.Id + retval.Justification = v.AllPkgEqual.Justification + retval.Packages = v.AllPkgEqual.Packages + retval.Origin = v.AllPkgEqual.Origin + retval.Collector = v.AllPkgEqual.Collector return &retval, nil } -// PathPathCertifyBad includes the requested fields of the GraphQL type CertifyBad. +// NodesNodesPointOfContact includes the requested fields of the GraphQL type PointOfContact. // The GraphQL type's documentation follows. // -// CertifyBad is an attestation that a package, source, or artifact is considered -// bad. +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. // // All evidence trees record a justification for the property they represent as // well as the document that contains the attestation (origin) and the collector // that collected the document (collector). // -// The certification applies to a subject which is a package, source, or artifact. +// The attestation applies to a subject which is a package, source, or artifact. // If the attestation targets a package, it must target a PackageName or a // PackageVersion. If the attestation targets a source, it must target a // SourceName. -type PathPathCertifyBad struct { - Typename *string `json:"__typename"` - AllCertifyBad `json:"-"` +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type NodesNodesPointOfContact struct { + Typename *string `json:"__typename"` + AllPointOfContact `json:"-"` } -// GetTypename returns PathPathCertifyBad.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesPointOfContact.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetTypename() *string { return v.Typename } -// GetId returns PathPathCertifyBad.Id, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetId() string { return v.AllCertifyBad.Id } +// GetId returns NodesNodesPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetId() string { return v.AllPointOfContact.Id } -// GetJustification returns PathPathCertifyBad.Justification, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } +// GetSubject returns NodesNodesPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject +} -// GetSubject returns PathPathCertifyBad.Subject, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { - return v.AllCertifyBad.Subject +// GetEmail returns NodesNodesPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } + +// GetInfo returns NodesNodesPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } + +// GetSince returns NodesNodesPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } + +// GetJustification returns NodesNodesPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetJustification() string { + return v.AllPointOfContact.Justification } -// GetOrigin returns PathPathCertifyBad.Origin, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } +// GetOrigin returns NodesNodesPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } -// GetCollector returns PathPathCertifyBad.Collector, and is useful for accessing the field via an interface. -func (v *PathPathCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } +// GetCollector returns NodesNodesPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesPointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } -func (v *PathPathCertifyBad) UnmarshalJSON(b []byte) error { +func (v *NodesNodesPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathCertifyBad + *NodesNodesPointOfContact graphql.NoUnmarshalJSON } - firstPass.PathPathCertifyBad = v + firstPass.NodesNodesPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21170,28 +17451,34 @@ func (v *PathPathCertifyBad) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyBad) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalPathPathCertifyBad struct { +type __premarshalNodesNodesPointOfContact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - Subject json.RawMessage `json:"subject"` + Email string `json:"email"` + + Info string `json:"info"` + + Since time.Time `json:"since"` + + Justification string `json:"justification"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PathPathCertifyBad) MarshalJSON() ([]byte, error) { +func (v *NodesNodesPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21199,79 +17486,76 @@ func (v *PathPathCertifyBad) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathCertifyBad) __premarshalJSON() (*__premarshalPathPathCertifyBad, error) { - var retval __premarshalPathPathCertifyBad +func (v *NodesNodesPointOfContact) __premarshalJSON() (*__premarshalNodesNodesPointOfContact, error) { + var retval __premarshalNodesNodesPointOfContact retval.Typename = v.Typename - retval.Id = v.AllCertifyBad.Id - retval.Justification = v.AllCertifyBad.Justification + retval.Id = v.AllPointOfContact.Id { dst := &retval.Subject - src := v.AllCertifyBad.Subject + src := v.AllPointOfContact.Subject var err error - *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal PathPathCertifyBad.AllCertifyBad.Subject: %w", err) + "unable to marshal NodesNodesPointOfContact.AllPointOfContact.Subject: %w", err) } } - retval.Origin = v.AllCertifyBad.Origin - retval.Collector = v.AllCertifyBad.Collector + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// PathPathCertifyGood includes the requested fields of the GraphQL type CertifyGood. +// NodesNodesSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// CertifyGood is an attestation that a package, source, or artifact is considered -// good. +// Source represents the root of the source trie/tree. // -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. // -// The certification applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type PathPathCertifyGood struct { - Typename *string `json:"__typename"` - AllCertifyGood `json:"-"` +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type NodesNodesSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetTypename returns PathPathCertifyGood.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetTypename() *string { return v.Typename } - -// GetId returns PathPathCertifyGood.Id, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetId() string { return v.AllCertifyGood.Id } - -// GetJustification returns PathPathCertifyGood.Justification, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } +// GetTypename returns NodesNodesSource.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesSource) GetTypename() *string { return v.Typename } -// GetSubject returns PathPathCertifyGood.Subject, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { - return v.AllCertifyGood.Subject -} +// GetId returns NodesNodesSource.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesSource) GetId() string { return v.AllSourceTree.Id } -// GetOrigin returns PathPathCertifyGood.Origin, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } +// GetType returns NodesNodesSource.Type, and is useful for accessing the field via an interface. +func (v *NodesNodesSource) GetType() string { return v.AllSourceTree.Type } -// GetCollector returns PathPathCertifyGood.Collector, and is useful for accessing the field via an interface. -func (v *PathPathCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } +// GetNamespaces returns NodesNodesSource.Namespaces, and is useful for accessing the field via an interface. +func (v *NodesNodesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces +} -func (v *PathPathCertifyGood) UnmarshalJSON(b []byte) error { +func (v *NodesNodesSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathCertifyGood + *NodesNodesSource graphql.NoUnmarshalJSON } - firstPass.PathPathCertifyGood = v + firstPass.NodesNodesSource = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21279,28 +17563,24 @@ func (v *PathPathCertifyGood) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyGood) + b, &v.AllSourceTree) if err != nil { return err } return nil } -type __premarshalPathPathCertifyGood struct { +type __premarshalNodesNodesSource struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Subject json.RawMessage `json:"subject"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -func (v *PathPathCertifyGood) MarshalJSON() ([]byte, error) { +func (v *NodesNodesSource) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21308,66 +17588,58 @@ func (v *PathPathCertifyGood) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathCertifyGood) __premarshalJSON() (*__premarshalPathPathCertifyGood, error) { - var retval __premarshalPathPathCertifyGood +func (v *NodesNodesSource) __premarshalJSON() (*__premarshalNodesNodesSource, error) { + var retval __premarshalNodesNodesSource retval.Typename = v.Typename - retval.Id = v.AllCertifyGood.Id - retval.Justification = v.AllCertifyGood.Justification - { - - dst := &retval.Subject - src := v.AllCertifyGood.Subject - var err error - *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathCertifyGood.AllCertifyGood.Subject: %w", err) - } - } - retval.Origin = v.AllCertifyGood.Origin - retval.Collector = v.AllCertifyGood.Collector + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces return &retval, nil } -// PathPathCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. +// NodesNodesVulnEqual includes the requested fields of the GraphQL type VulnEqual. // The GraphQL type's documentation follows. // -// CertifyScorecard is an attestation to attach a Scorecard analysis to a -// particular source repository. -type PathPathCertifyScorecard struct { - Typename *string `json:"__typename"` - AllCertifyScorecard `json:"-"` +// VulnEqual is an attestation to link two vulnerabilities together as being equal" +// +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type NodesNodesVulnEqual struct { + Typename *string `json:"__typename"` + AllVulnEqual `json:"-"` } -// GetTypename returns PathPathCertifyScorecard.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCertifyScorecard) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesVulnEqual.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetTypename() *string { return v.Typename } -// GetId returns PathPathCertifyScorecard.Id, and is useful for accessing the field via an interface. -func (v *PathPathCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } +// GetId returns NodesNodesVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetId() string { return v.AllVulnEqual.Id } -// GetSource returns PathPathCertifyScorecard.Source, and is useful for accessing the field via an interface. -func (v *PathPathCertifyScorecard) GetSource() AllCertifyScorecardSource { - return v.AllCertifyScorecard.Source +// GetVulnerabilities returns NodesNodesVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.AllVulnEqual.Vulnerabilities } -// GetScorecard returns PathPathCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. -func (v *PathPathCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { - return v.AllCertifyScorecard.Scorecard -} +// GetJustification returns NodesNodesVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetJustification() string { return v.AllVulnEqual.Justification } -func (v *PathPathCertifyScorecard) UnmarshalJSON(b []byte) error { +// GetOrigin returns NodesNodesVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetOrigin() string { return v.AllVulnEqual.Origin } + +// GetCollector returns NodesNodesVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnEqual) GetCollector() string { return v.AllVulnEqual.Collector } + +func (v *NodesNodesVulnEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathCertifyScorecard + *NodesNodesVulnEqual graphql.NoUnmarshalJSON } - firstPass.PathPathCertifyScorecard = v + firstPass.NodesNodesVulnEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21375,24 +17647,28 @@ func (v *PathPathCertifyScorecard) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllCertifyScorecard) + b, &v.AllVulnEqual) if err != nil { return err } return nil } -type __premarshalPathPathCertifyScorecard struct { +type __premarshalNodesNodesVulnEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Source AllCertifyScorecardSource `json:"source"` + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` - Scorecard AllCertifyScorecardScorecard `json:"scorecard"` + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *PathPathCertifyScorecard) MarshalJSON() ([]byte, error) { +func (v *NodesNodesVulnEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21400,509 +17676,681 @@ func (v *PathPathCertifyScorecard) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathCertifyScorecard) __premarshalJSON() (*__premarshalPathPathCertifyScorecard, error) { - var retval __premarshalPathPathCertifyScorecard +func (v *NodesNodesVulnEqual) __premarshalJSON() (*__premarshalNodesNodesVulnEqual, error) { + var retval __premarshalNodesNodesVulnEqual retval.Typename = v.Typename - retval.Id = v.AllCertifyScorecard.Id - retval.Source = v.AllCertifyScorecard.Source - retval.Scorecard = v.AllCertifyScorecard.Scorecard + retval.Id = v.AllVulnEqual.Id + retval.Vulnerabilities = v.AllVulnEqual.Vulnerabilities + retval.Justification = v.AllVulnEqual.Justification + retval.Origin = v.AllVulnEqual.Origin + retval.Collector = v.AllVulnEqual.Collector return &retval, nil } -// PathPathCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. +// NodesNodesVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type PathPathCertifyVEXStatement struct { - Typename *string `json:"__typename"` - AllCertifyVEXStatement `json:"-"` +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type NodesNodesVulnerability struct { + Typename *string `json:"__typename"` + AllVulnerabilityTree `json:"-"` } -// GetTypename returns PathPathCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetTypename() *string { return v.Typename } +// GetTypename returns NodesNodesVulnerability.Typename, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnerability) GetTypename() *string { return v.Typename } -// GetId returns PathPathCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } +// GetId returns NodesNodesVulnerability.Id, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetSubject returns PathPathCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} +// GetType returns NodesNodesVulnerability.Type, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// GetVulnerability returns PathPathCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability +// GetVulnerabilityIDs returns NodesNodesVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *NodesNodesVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetStatus returns PathPathCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } +func (v *NodesNodesVulnerability) UnmarshalJSON(b []byte) error { -// GetVexJustification returns PathPathCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} + if string(b) == "null" { + return nil + } -// GetStatement returns PathPathCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement + var firstPass struct { + *NodesNodesVulnerability + graphql.NoUnmarshalJSON + } + firstPass.NodesNodesVulnerability = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllVulnerabilityTree) + if err != nil { + return err + } + return nil } -// GetStatusNotes returns PathPathCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes +type __premarshalNodesNodesVulnerability struct { + Typename *string `json:"__typename"` + + Id string `json:"id"` + + Type string `json:"type"` + + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -// GetKnownSince returns PathPathCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +func (v *NodesNodesVulnerability) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetOrigin returns PathPathCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } +func (v *NodesNodesVulnerability) __premarshalJSON() (*__premarshalNodesNodesVulnerability, error) { + var retval __premarshalNodesNodesVulnerability -// GetCollector returns PathPathCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector + retval.Typename = v.Typename + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs + return &retval, nil } -func (v *PathPathCertifyVEXStatement) UnmarshalJSON(b []byte) error { +// NodesResponse is returned by Nodes on success. +type NodesResponse struct { + // nodes returns an array of nodes, regardless of type. + // + // The input is an array of IDs to retrieve. + Nodes []NodesNodesNode `json:"-"` +} + +// GetNodes returns NodesResponse.Nodes, and is useful for accessing the field via an interface. +func (v *NodesResponse) GetNodes() []NodesNodesNode { return v.Nodes } + +func (v *NodesResponse) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathCertifyVEXStatement + *NodesResponse + Nodes []json.RawMessage `json:"nodes"` graphql.NoUnmarshalJSON } - firstPass.PathPathCertifyVEXStatement = v + firstPass.NodesResponse = v err := json.Unmarshal(b, &firstPass) if err != nil { return err } - err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) - if err != nil { - return err + { + dst := &v.Nodes + src := firstPass.Nodes + *dst = make( + []NodesNodesNode, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + if len(src) != 0 && string(src) != "null" { + err = __unmarshalNodesNodesNode( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal NodesResponse.Nodes: %w", err) + } + } + } } return nil } -type __premarshalPathPathCertifyVEXStatement struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` +type __premarshalNodesResponse struct { + Nodes []json.RawMessage `json:"nodes"` +} + +func (v *NodesResponse) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *NodesResponse) __premarshalJSON() (*__premarshalNodesResponse, error) { + var retval __premarshalNodesResponse + + { + + dst := &retval.Nodes + src := v.Nodes + *dst = make( + []json.RawMessage, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + var err error + *dst, err = __marshalNodesNodesNode( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal NodesResponse.Nodes: %w", err) + } + } + } + return &retval, nil +} + +// PackageNamesPackagesPackage includes the requested fields of the GraphQL type Package. +// The GraphQL type's documentation follows. +// +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PackageNamesPackagesPackage struct { + Id string `json:"id"` + Type string `json:"type"` + Namespaces []PackageNamesPackagesPackageNamespacesPackageNamespace `json:"namespaces"` +} + +// GetId returns PackageNamesPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackage) GetId() string { return v.Id } - Statement string `json:"statement"` +// GetType returns PackageNamesPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackage) GetType() string { return v.Type } - StatusNotes string `json:"statusNotes"` +// GetNamespaces returns PackageNamesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackage) GetNamespaces() []PackageNamesPackagesPackageNamespacesPackageNamespace { + return v.Namespaces +} - KnownSince time.Time `json:"knownSince"` +// PackageNamesPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. +// The GraphQL type's documentation follows. +// +// PackageNamespace is a namespace for packages. +// +// In the pURL representation, each PackageNamespace matches the +// pkg:// partial pURL. +// +// Namespaces are optional and type specific. Because they are optional, we use +// empty string to denote missing namespaces. +type PackageNamesPackagesPackageNamespacesPackageNamespace struct { + Id string `json:"id"` + Namespace string `json:"namespace"` + Names []PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName `json:"names"` +} - Origin string `json:"origin"` +// GetId returns PackageNamesPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } - Collector string `json:"collector"` +// GetNamespace returns PackageNamesPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetNamespace() string { + return v.Namespace } -func (v *PathPathCertifyVEXStatement) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// GetNames returns PackageNamesPackagesPackageNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackageNamespacesPackageNamespace) GetNames() []PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName { + return v.Names } -func (v *PathPathCertifyVEXStatement) __premarshalJSON() (*__premarshalPathPathCertifyVEXStatement, error) { - var retval __premarshalPathPathCertifyVEXStatement +// PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. +// The GraphQL type's documentation follows. +// +// PackageName is a name for packages. +// +// In the pURL representation, each PackageName matches the +// pkg:// pURL. +// +// Names are always mandatory. +// +// This is the first node in the trie that can be referred to by other parts of +// GUAC. +type PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName struct { + Id string `json:"id"` + Name string `json:"name"` +} - retval.Typename = v.Typename - retval.Id = v.AllCertifyVEXStatement.Id - { +// GetId returns PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetId() string { + return v.Id +} - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { +// GetName returns PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. +func (v *PackageNamesPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetName() string { + return v.Name +} - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector - return &retval, nil +// PackageNamesResponse is returned by PackageNames on success. +type PackageNamesResponse struct { + // Returns all packages matching a filter. + Packages []PackageNamesPackagesPackage `json:"packages"` } -// PathPathCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. +// GetPackages returns PackageNamesResponse.Packages, and is useful for accessing the field via an interface. +func (v *PackageNamesResponse) GetPackages() []PackageNamesPackagesPackage { return v.Packages } + +// PackageNamespacesPackagesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// CertifyVuln is an attestation to attach vulnerability information to a package. +// Package represents the root of the package trie/tree. // -// This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. -type PathPathCertifyVuln struct { - Typename *string `json:"__typename"` - AllCertifyVuln `json:"-"` +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PackageNamespacesPackagesPackage struct { + Id string `json:"id"` + Type string `json:"type"` + Namespaces []PackageNamespacesPackagesPackageNamespacesPackageNamespace `json:"namespaces"` } -// GetTypename returns PathPathCertifyVuln.Typename, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVuln) GetTypename() *string { return v.Typename } - -// GetId returns PathPathCertifyVuln.Id, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } +// GetId returns PackageNamespacesPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *PackageNamespacesPackagesPackage) GetId() string { return v.Id } -// GetPackage returns PathPathCertifyVuln.Package, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } +// GetType returns PackageNamespacesPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *PackageNamespacesPackagesPackage) GetType() string { return v.Type } -// GetVulnerability returns PathPathCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { - return v.AllCertifyVuln.Vulnerability +// GetNamespaces returns PackageNamespacesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PackageNamespacesPackagesPackage) GetNamespaces() []PackageNamespacesPackagesPackageNamespacesPackageNamespace { + return v.Namespaces } -// GetMetadata returns PathPathCertifyVuln.Metadata, and is useful for accessing the field via an interface. -func (v *PathPathCertifyVuln) GetMetadata() AllCertifyVulnMetadataVulnerabilityMetaData { - return v.AllCertifyVuln.Metadata +// PackageNamespacesPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. +// The GraphQL type's documentation follows. +// +// PackageNamespace is a namespace for packages. +// +// In the pURL representation, each PackageNamespace matches the +// pkg:// partial pURL. +// +// Namespaces are optional and type specific. Because they are optional, we use +// empty string to denote missing namespaces. +type PackageNamespacesPackagesPackageNamespacesPackageNamespace struct { + Id string `json:"id"` + Namespace string `json:"namespace"` } -func (v *PathPathCertifyVuln) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *PathPathCertifyVuln - graphql.NoUnmarshalJSON - } - firstPass.PathPathCertifyVuln = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// GetId returns PackageNamespacesPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. +func (v *PackageNamespacesPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } - err = json.Unmarshal( - b, &v.AllCertifyVuln) - if err != nil { - return err - } - return nil +// GetNamespace returns PackageNamespacesPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. +func (v *PackageNamespacesPackagesPackageNamespacesPackageNamespace) GetNamespace() string { + return v.Namespace } -type __premarshalPathPathCertifyVuln struct { - Typename *string `json:"__typename"` +// PackageNamespacesResponse is returned by PackageNamespaces on success. +type PackageNamespacesResponse struct { + // Returns all packages matching a filter. + Packages []PackageNamespacesPackagesPackage `json:"packages"` +} - Id string `json:"id"` +// GetPackages returns PackageNamespacesResponse.Packages, and is useful for accessing the field via an interface. +func (v *PackageNamespacesResponse) GetPackages() []PackageNamespacesPackagesPackage { + return v.Packages +} - Package AllCertifyVulnPackage `json:"package"` +// PackageQualifierInputSpec allows specifying package qualifiers in mutations. +type PackageQualifierInputSpec struct { + Key string `json:"key"` + Value string `json:"value"` +} - Vulnerability json.RawMessage `json:"vulnerability"` +// GetKey returns PackageQualifierInputSpec.Key, and is useful for accessing the field via an interface. +func (v *PackageQualifierInputSpec) GetKey() string { return v.Key } - Metadata AllCertifyVulnMetadataVulnerabilityMetaData `json:"metadata"` -} +// GetValue returns PackageQualifierInputSpec.Value, and is useful for accessing the field via an interface. +func (v *PackageQualifierInputSpec) GetValue() string { return v.Value } -func (v *PathPathCertifyVuln) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// PackageQualifierSpec allows filtering package qualifiers in a query. +// +// Keys are mandatory, but values could also be null if we want to match all +// values for a specific key. +// +// NOTE: Before the schema becomes stable, we might change the nulability +// requirements of these fields. +type PackageQualifierSpec struct { + Key string `json:"key"` + Value *string `json:"value"` } -func (v *PathPathCertifyVuln) __premarshalJSON() (*__premarshalPathPathCertifyVuln, error) { - var retval __premarshalPathPathCertifyVuln +// GetKey returns PackageQualifierSpec.Key, and is useful for accessing the field via an interface. +func (v *PackageQualifierSpec) GetKey() string { return v.Key } - retval.Typename = v.Typename - retval.Id = v.AllCertifyVuln.Id - retval.Package = v.AllCertifyVuln.Package - { +// GetValue returns PackageQualifierSpec.Value, and is useful for accessing the field via an interface. +func (v *PackageQualifierSpec) GetValue() *string { return v.Value } - dst := &retval.Vulnerability - src := v.AllCertifyVuln.Vulnerability - var err error - *dst, err = __marshalAllCertifyVulnVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathCertifyVuln.AllCertifyVuln.Vulnerability: %w", err) - } - } - retval.Metadata = v.AllCertifyVuln.Metadata - return &retval, nil +// PackageSourceOrArtifactSpec allows using PackageSourceOrArtifact union as +// input type to be used in read queries. +// +// Exactly one of the value must be set to non-nil. +type PackageSourceOrArtifactSpec struct { + Package *PkgSpec `json:"package"` + Source *SourceSpec `json:"source"` + Artifact *ArtifactSpec `json:"artifact"` } -// PathPathGHSA includes the requested fields of the GraphQL type GHSA. +// GetPackage returns PackageSourceOrArtifactSpec.Package, and is useful for accessing the field via an interface. +func (v *PackageSourceOrArtifactSpec) GetPackage() *PkgSpec { return v.Package } + +// GetSource returns PackageSourceOrArtifactSpec.Source, and is useful for accessing the field via an interface. +func (v *PackageSourceOrArtifactSpec) GetSource() *SourceSpec { return v.Source } + +// GetArtifact returns PackageSourceOrArtifactSpec.Artifact, and is useful for accessing the field via an interface. +func (v *PackageSourceOrArtifactSpec) GetArtifact() *ArtifactSpec { return v.Artifact } + +// PackageTypesPackagesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// GHSA represents GitHub security advisories. +// Package represents the root of the package trie/tree. // -// The advisory id field is mandatory and canonicalized to be lowercase. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// This node can be referred to by other parts of GUAC. -type PathPathGHSA struct { - Typename *string `json:"__typename"` - AllGHSATree `json:"-"` +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PackageTypesPackagesPackage struct { + Id string `json:"id"` + Type string `json:"type"` } -// GetTypename returns PathPathGHSA.Typename, and is useful for accessing the field via an interface. -func (v *PathPathGHSA) GetTypename() *string { return v.Typename } - -// GetId returns PathPathGHSA.Id, and is useful for accessing the field via an interface. -func (v *PathPathGHSA) GetId() string { return v.AllGHSATree.Id } - -// GetGhsaId returns PathPathGHSA.GhsaId, and is useful for accessing the field via an interface. -func (v *PathPathGHSA) GetGhsaId() string { return v.AllGHSATree.GhsaId } - -func (v *PathPathGHSA) UnmarshalJSON(b []byte) error { +// GetId returns PackageTypesPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *PackageTypesPackagesPackage) GetId() string { return v.Id } - if string(b) == "null" { - return nil - } +// GetType returns PackageTypesPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *PackageTypesPackagesPackage) GetType() string { return v.Type } - var firstPass struct { - *PathPathGHSA - graphql.NoUnmarshalJSON - } - firstPass.PathPathGHSA = v +// PackageTypesResponse is returned by PackageTypes on success. +type PackageTypesResponse struct { + // Returns all packages matching a filter. + Packages []PackageTypesPackagesPackage `json:"packages"` +} - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } +// GetPackages returns PackageTypesResponse.Packages, and is useful for accessing the field via an interface. +func (v *PackageTypesResponse) GetPackages() []PackageTypesPackagesPackage { return v.Packages } - err = json.Unmarshal( - b, &v.AllGHSATree) - if err != nil { - return err - } - return nil +// PackageVersionsPackagesPackage includes the requested fields of the GraphQL type Package. +// The GraphQL type's documentation follows. +// +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PackageVersionsPackagesPackage struct { + Id string `json:"id"` + Type string `json:"type"` + Namespaces []PackageVersionsPackagesPackageNamespacesPackageNamespace `json:"namespaces"` } -type __premarshalPathPathGHSA struct { - Typename *string `json:"__typename"` +// GetId returns PackageVersionsPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackage) GetId() string { return v.Id } - Id string `json:"id"` +// GetType returns PackageVersionsPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackage) GetType() string { return v.Type } - GhsaId string `json:"ghsaId"` +// GetNamespaces returns PackageVersionsPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackage) GetNamespaces() []PackageVersionsPackagesPackageNamespacesPackageNamespace { + return v.Namespaces } -func (v *PathPathGHSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// PackageVersionsPackagesPackageNamespacesPackageNamespace includes the requested fields of the GraphQL type PackageNamespace. +// The GraphQL type's documentation follows. +// +// PackageNamespace is a namespace for packages. +// +// In the pURL representation, each PackageNamespace matches the +// pkg:// partial pURL. +// +// Namespaces are optional and type specific. Because they are optional, we use +// empty string to denote missing namespaces. +type PackageVersionsPackagesPackageNamespacesPackageNamespace struct { + Id string `json:"id"` + Namespace string `json:"namespace"` + Names []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName `json:"names"` } -func (v *PathPathGHSA) __premarshalJSON() (*__premarshalPathPathGHSA, error) { - var retval __premarshalPathPathGHSA +// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Id, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetId() string { return v.Id } + +// GetNamespace returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Namespace, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetNamespace() string { + return v.Namespace +} - retval.Typename = v.Typename - retval.Id = v.AllGHSATree.Id - retval.GhsaId = v.AllGHSATree.GhsaId - return &retval, nil +// GetNames returns PackageVersionsPackagesPackageNamespacesPackageNamespace.Names, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespace) GetNames() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName { + return v.Names } -// PathPathHasMetadata includes the requested fields of the GraphQL type HasMetadata. +// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName includes the requested fields of the GraphQL type PackageName. // The GraphQL type's documentation follows. // -// HasMetadata is an attestation that a package, source, or artifact has a certain -// attested property (key) with value (value). For example, a source may have -// metadata "SourceRepo2FAEnabled=true". +// PackageName is a name for packages. // -// The intent of this evidence tree predicate is to allow extensibility of metadata -// expressible within the GUAC ontology. Metadata that is commonly used will then -// be promoted to a predicate on its own. +// In the pURL representation, each PackageName matches the +// pkg:// pURL. // -// Justification indicates how the metadata was determined. +// Names are always mandatory. // -// The metadata applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -type PathPathHasMetadata struct { - Typename *string `json:"__typename"` +// This is the first node in the trie that can be referred to by other parts of +// GUAC. +type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName struct { + Id string `json:"id"` + Name string `json:"name"` + Versions []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion `json:"versions"` } -// GetTypename returns PathPathHasMetadata.Typename, and is useful for accessing the field via an interface. -func (v *PathPathHasMetadata) GetTypename() *string { return v.Typename } - -// PathPathHasSBOM includes the requested fields of the GraphQL type HasSBOM. -type PathPathHasSBOM struct { - Typename *string `json:"__typename"` - AllHasSBOMTree `json:"-"` +// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Id, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetId() string { + return v.Id } -// GetTypename returns PathPathHasSBOM.Typename, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetTypename() *string { return v.Typename } - -// GetId returns PathPathHasSBOM.Id, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } - -// GetSubject returns PathPathHasSBOM.Subject, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { - return v.AllHasSBOMTree.Subject +// GetName returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Name, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetName() string { + return v.Name } -// GetUri returns PathPathHasSBOM.Uri, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } - -// GetAlgorithm returns PathPathHasSBOM.Algorithm, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } - -// GetDigest returns PathPathHasSBOM.Digest, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } - -// GetDownloadLocation returns PathPathHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } - -// GetOrigin returns PathPathHasSBOM.Origin, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } - -// GetCollector returns PathPathHasSBOM.Collector, and is useful for accessing the field via an interface. -func (v *PathPathHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } - -func (v *PathPathHasSBOM) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *PathPathHasSBOM - graphql.NoUnmarshalJSON - } - firstPass.PathPathHasSBOM = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllHasSBOMTree) - if err != nil { - return err - } - return nil +// GetVersions returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName.Versions, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageName) GetVersions() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion { + return v.Versions } -type __premarshalPathPathHasSBOM struct { - Typename *string `json:"__typename"` - - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Uri string `json:"uri"` - - Algorithm string `json:"algorithm"` +// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion includes the requested fields of the GraphQL type PackageVersion. +// The GraphQL type's documentation follows. +// +// PackageVersion is a package version. +// +// In the pURL representation, each PackageName matches the +// pkg://@ pURL. +// +// Versions are optional and each Package type defines own rules for handling +// them. For this level of GUAC, these are just opaque strings. +// +// NOTE: The handling of versions might change before this schema becomes stable. +// +// This node can be referred to by other parts of GUAC. +// +// Subpath and qualifiers are optional. Lack of qualifiers is represented by an +// empty list and lack of subpath by empty string (to be consistent with +// optionality of namespace and version). Two nodes that have different qualifiers +// and/or subpath but the same version mean two different packages in the trie +// (they are different). Two nodes that have same version but qualifiers of one +// are a subset of the qualifier of the other also mean two different packages in +// the trie. +type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion struct { + Id string `json:"id"` + Version string `json:"version"` + Qualifiers []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier `json:"qualifiers"` + Subpath string `json:"subpath"` +} - Digest string `json:"digest"` +// GetId returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Id, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetId() string { + return v.Id +} - DownloadLocation string `json:"downloadLocation"` +// GetVersion returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Version, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetVersion() string { + return v.Version +} - Origin string `json:"origin"` +// GetQualifiers returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Qualifiers, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetQualifiers() []PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier { + return v.Qualifiers +} - Collector string `json:"collector"` +// GetSubpath returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion.Subpath, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersion) GetSubpath() string { + return v.Subpath } -func (v *PathPathHasSBOM) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier includes the requested fields of the GraphQL type PackageQualifier. +// The GraphQL type's documentation follows. +// +// PackageQualifier is a qualifier for a package, a key-value pair. +// +// In the pURL representation, it is a part of the part of the +// pkg://@? pURL. +// +// Qualifiers are optional, each Package type defines own rules for handling them, +// and multiple qualifiers could be attached to the same package. +// +// This node cannot be directly referred by other parts of GUAC. +type PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier struct { + Key string `json:"key"` + Value string `json:"value"` } -func (v *PathPathHasSBOM) __premarshalJSON() (*__premarshalPathPathHasSBOM, error) { - var retval __premarshalPathPathHasSBOM +// GetKey returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Key, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetKey() string { + return v.Key +} - retval.Typename = v.Typename - retval.Id = v.AllHasSBOMTree.Id - { +// GetValue returns PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier.Value, and is useful for accessing the field via an interface. +func (v *PackageVersionsPackagesPackageNamespacesPackageNamespaceNamesPackageNameVersionsPackageVersionQualifiersPackageQualifier) GetValue() string { + return v.Value +} - dst := &retval.Subject - src := v.AllHasSBOMTree.Subject - var err error - *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathHasSBOM.AllHasSBOMTree.Subject: %w", err) - } - } - retval.Uri = v.AllHasSBOMTree.Uri - retval.Algorithm = v.AllHasSBOMTree.Algorithm - retval.Digest = v.AllHasSBOMTree.Digest - retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation - retval.Origin = v.AllHasSBOMTree.Origin - retval.Collector = v.AllHasSBOMTree.Collector - return &retval, nil +// PackageVersionsResponse is returned by PackageVersions on success. +type PackageVersionsResponse struct { + // Returns all packages matching a filter. + Packages []PackageVersionsPackagesPackage `json:"packages"` } -// PathPathHasSLSA includes the requested fields of the GraphQL type HasSLSA. +// GetPackages returns PackageVersionsResponse.Packages, and is useful for accessing the field via an interface. +func (v *PackageVersionsResponse) GetPackages() []PackageVersionsPackagesPackage { return v.Packages } + +// PackagesPackagesPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// HasSLSA records that a subject node has a SLSA attestation. -type PathPathHasSLSA struct { - Typename *string `json:"__typename"` - AllSLSATree `json:"-"` +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PackagesPackagesPackage struct { + AllPkgTree `json:"-"` } -// GetTypename returns PathPathHasSLSA.Typename, and is useful for accessing the field via an interface. -func (v *PathPathHasSLSA) GetTypename() *string { return v.Typename } - -// GetId returns PathPathHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *PathPathHasSLSA) GetId() string { return v.AllSLSATree.Id } +// GetId returns PackagesPackagesPackage.Id, and is useful for accessing the field via an interface. +func (v *PackagesPackagesPackage) GetId() string { return v.AllPkgTree.Id } -// GetSubject returns PathPathHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *PathPathHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } +// GetType returns PackagesPackagesPackage.Type, and is useful for accessing the field via an interface. +func (v *PackagesPackagesPackage) GetType() string { return v.AllPkgTree.Type } -// GetSlsa returns PathPathHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *PathPathHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } +// GetNamespaces returns PackagesPackagesPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PackagesPackagesPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces +} -func (v *PathPathHasSLSA) UnmarshalJSON(b []byte) error { +func (v *PackagesPackagesPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathHasSLSA + *PackagesPackagesPackage graphql.NoUnmarshalJSON } - firstPass.PathPathHasSLSA = v + firstPass.PackagesPackagesPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21910,24 +18358,22 @@ func (v *PathPathHasSLSA) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSLSATree) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalPathPathHasSLSA struct { - Typename *string `json:"__typename"` - +type __premarshalPackagesPackagesPackage struct { Id string `json:"id"` - Subject AllSLSATreeSubjectArtifact `json:"subject"` + Type string `json:"type"` - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *PathPathHasSLSA) MarshalJSON() ([]byte, error) { +func (v *PackagesPackagesPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -21935,60 +18381,62 @@ func (v *PathPathHasSLSA) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathHasSLSA) __premarshalJSON() (*__premarshalPathPathHasSLSA, error) { - var retval __premarshalPathPathHasSLSA +func (v *PackagesPackagesPackage) __premarshalJSON() (*__premarshalPackagesPackagesPackage, error) { + var retval __premarshalPackagesPackagesPackage - retval.Typename = v.Typename - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// PathPathHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. -// The GraphQL type's documentation follows. -// -// HasSourceAt records that a package's repository is a given source. -type PathPathHasSourceAt struct { - Typename *string `json:"__typename"` - AllHasSourceAt `json:"-"` +// PackagesResponse is returned by Packages on success. +type PackagesResponse struct { + // Returns all packages matching a filter. + Packages []PackagesPackagesPackage `json:"packages"` } -// GetTypename returns PathPathHasSourceAt.Typename, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetTypename() *string { return v.Typename } - -// GetId returns PathPathHasSourceAt.Id, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } - -// GetJustification returns PathPathHasSourceAt.Justification, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } +// GetPackages returns PackagesResponse.Packages, and is useful for accessing the field via an interface. +func (v *PackagesResponse) GetPackages() []PackagesPackagesPackage { return v.Packages } -// GetKnownSince returns PathPathHasSourceAt.KnownSince, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } +// PathPathArtifact includes the requested fields of the GraphQL type Artifact. +// The GraphQL type's documentation follows. +// +// Artifact represents an artifact identified by a checksum hash. +// +// The checksum is split into the digest value and the algorithm used to generate +// it. Both fields are mandatory and canonicalized to be lowercase. +// +// If having a checksum Go object, algorithm can be +// strings.ToLower(string(checksum.Algorithm)) and digest can be checksum.Value. +type PathPathArtifact struct { + Typename *string `json:"__typename"` + AllArtifactTree `json:"-"` +} -// GetPackage returns PathPathHasSourceAt.Package, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } +// GetTypename returns PathPathArtifact.Typename, and is useful for accessing the field via an interface. +func (v *PathPathArtifact) GetTypename() *string { return v.Typename } -// GetSource returns PathPathHasSourceAt.Source, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } +// GetId returns PathPathArtifact.Id, and is useful for accessing the field via an interface. +func (v *PathPathArtifact) GetId() string { return v.AllArtifactTree.Id } -// GetOrigin returns PathPathHasSourceAt.Origin, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } +// GetAlgorithm returns PathPathArtifact.Algorithm, and is useful for accessing the field via an interface. +func (v *PathPathArtifact) GetAlgorithm() string { return v.AllArtifactTree.Algorithm } -// GetCollector returns PathPathHasSourceAt.Collector, and is useful for accessing the field via an interface. -func (v *PathPathHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } +// GetDigest returns PathPathArtifact.Digest, and is useful for accessing the field via an interface. +func (v *PathPathArtifact) GetDigest() string { return v.AllArtifactTree.Digest } -func (v *PathPathHasSourceAt) UnmarshalJSON(b []byte) error { +func (v *PathPathArtifact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathHasSourceAt + *PathPathArtifact graphql.NoUnmarshalJSON } - firstPass.PathPathHasSourceAt = v + firstPass.PathPathArtifact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -21996,32 +18444,24 @@ func (v *PathPathHasSourceAt) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHasSourceAt) + b, &v.AllArtifactTree) if err != nil { return err } return nil } -type __premarshalPathPathHasSourceAt struct { +type __premarshalPathPathArtifact struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - KnownSince time.Time `json:"knownSince"` - - Package AllHasSourceAtPackage `json:"package"` - - Source AllHasSourceAtSource `json:"source"` - - Origin string `json:"origin"` + Algorithm string `json:"algorithm"` - Collector string `json:"collector"` + Digest string `json:"digest"` } -func (v *PathPathHasSourceAt) MarshalJSON() ([]byte, error) { +func (v *PathPathArtifact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22029,60 +18469,47 @@ func (v *PathPathHasSourceAt) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathHasSourceAt) __premarshalJSON() (*__premarshalPathPathHasSourceAt, error) { - var retval __premarshalPathPathHasSourceAt +func (v *PathPathArtifact) __premarshalJSON() (*__premarshalPathPathArtifact, error) { + var retval __premarshalPathPathArtifact retval.Typename = v.Typename - retval.Id = v.AllHasSourceAt.Id - retval.Justification = v.AllHasSourceAt.Justification - retval.KnownSince = v.AllHasSourceAt.KnownSince - retval.Package = v.AllHasSourceAt.Package - retval.Source = v.AllHasSourceAt.Source - retval.Origin = v.AllHasSourceAt.Origin - retval.Collector = v.AllHasSourceAt.Collector + retval.Id = v.AllArtifactTree.Id + retval.Algorithm = v.AllArtifactTree.Algorithm + retval.Digest = v.AllArtifactTree.Digest return &retval, nil } -// PathPathHashEqual includes the requested fields of the GraphQL type HashEqual. +// PathPathBuilder includes the requested fields of the GraphQL type Builder. // The GraphQL type's documentation follows. // -// HashEqual is an attestation that a set of artifacts are identical. -type PathPathHashEqual struct { - Typename *string `json:"__typename"` - AllHashEqualTree `json:"-"` -} - -// GetTypename returns PathPathHashEqual.Typename, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetTypename() *string { return v.Typename } - -// GetId returns PathPathHashEqual.Id, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetId() string { return v.AllHashEqualTree.Id } - -// GetJustification returns PathPathHashEqual.Justification, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } - -// GetArtifacts returns PathPathHashEqual.Artifacts, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { - return v.AllHashEqualTree.Artifacts +// Builder represents the builder (e.g., FRSCA or GitHub Actions). +// +// Currently builders are identified by the uri field. +type PathPathBuilder struct { + Typename *string `json:"__typename"` + AllBuilderTree `json:"-"` } -// GetOrigin returns PathPathHashEqual.Origin, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } +// GetTypename returns PathPathBuilder.Typename, and is useful for accessing the field via an interface. +func (v *PathPathBuilder) GetTypename() *string { return v.Typename } -// GetCollector returns PathPathHashEqual.Collector, and is useful for accessing the field via an interface. -func (v *PathPathHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } +// GetId returns PathPathBuilder.Id, and is useful for accessing the field via an interface. +func (v *PathPathBuilder) GetId() string { return v.AllBuilderTree.Id } -func (v *PathPathHashEqual) UnmarshalJSON(b []byte) error { +// GetUri returns PathPathBuilder.Uri, and is useful for accessing the field via an interface. +func (v *PathPathBuilder) GetUri() string { return v.AllBuilderTree.Uri } + +func (v *PathPathBuilder) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathHashEqual + *PathPathBuilder graphql.NoUnmarshalJSON } - firstPass.PathPathHashEqual = v + firstPass.PathPathBuilder = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -22090,28 +18517,22 @@ func (v *PathPathHashEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllHashEqualTree) + b, &v.AllBuilderTree) if err != nil { return err } return nil } -type __premarshalPathPathHashEqual struct { +type __premarshalPathPathBuilder struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` - - Origin string `json:"origin"` - - Collector string `json:"collector"` + Uri string `json:"uri"` } -func (v *PathPathHashEqual) MarshalJSON() ([]byte, error) { +func (v *PathPathBuilder) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22119,71 +18540,65 @@ func (v *PathPathHashEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathHashEqual) __premarshalJSON() (*__premarshalPathPathHashEqual, error) { - var retval __premarshalPathPathHashEqual +func (v *PathPathBuilder) __premarshalJSON() (*__premarshalPathPathBuilder, error) { + var retval __premarshalPathPathBuilder retval.Typename = v.Typename - retval.Id = v.AllHashEqualTree.Id - retval.Justification = v.AllHashEqualTree.Justification - retval.Artifacts = v.AllHashEqualTree.Artifacts - retval.Origin = v.AllHashEqualTree.Origin - retval.Collector = v.AllHashEqualTree.Collector + retval.Id = v.AllBuilderTree.Id + retval.Uri = v.AllBuilderTree.Uri return &retval, nil } -// PathPathIsDependency includes the requested fields of the GraphQL type IsDependency. +// PathPathCertifyBad includes the requested fields of the GraphQL type CertifyBad. // The GraphQL type's documentation follows. // -// IsDependency is an attestation to record that a package depends on another. -type PathPathIsDependency struct { - Typename *string `json:"__typename"` - AllIsDependencyTree `json:"-"` +// CertifyBad is an attestation that a package, source, or artifact is considered +// bad. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type PathPathCertifyBad struct { + Typename *string `json:"__typename"` + AllCertifyBad `json:"-"` } -// GetTypename returns PathPathIsDependency.Typename, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetTypename() *string { return v.Typename } - -// GetId returns PathPathIsDependency.Id, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetId() string { return v.AllIsDependencyTree.Id } - -// GetJustification returns PathPathIsDependency.Justification, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetJustification() string { return v.AllIsDependencyTree.Justification } +// GetTypename returns PathPathCertifyBad.Typename, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetTypename() *string { return v.Typename } -// GetPackage returns PathPathIsDependency.Package, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetPackage() AllIsDependencyTreePackage { - return v.AllIsDependencyTree.Package -} +// GetId returns PathPathCertifyBad.Id, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetId() string { return v.AllCertifyBad.Id } -// GetDependentPackage returns PathPathIsDependency.DependentPackage, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { - return v.AllIsDependencyTree.DependentPackage -} +// GetJustification returns PathPathCertifyBad.Justification, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetJustification() string { return v.AllCertifyBad.Justification } -// GetDependencyType returns PathPathIsDependency.DependencyType, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetDependencyType() DependencyType { - return v.AllIsDependencyTree.DependencyType +// GetSubject returns PathPathCertifyBad.Subject, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetSubject() AllCertifyBadSubjectPackageSourceOrArtifact { + return v.AllCertifyBad.Subject } -// GetVersionRange returns PathPathIsDependency.VersionRange, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } - -// GetOrigin returns PathPathIsDependency.Origin, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } +// GetOrigin returns PathPathCertifyBad.Origin, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetOrigin() string { return v.AllCertifyBad.Origin } -// GetCollector returns PathPathIsDependency.Collector, and is useful for accessing the field via an interface. -func (v *PathPathIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } +// GetCollector returns PathPathCertifyBad.Collector, and is useful for accessing the field via an interface. +func (v *PathPathCertifyBad) GetCollector() string { return v.AllCertifyBad.Collector } -func (v *PathPathIsDependency) UnmarshalJSON(b []byte) error { +func (v *PathPathCertifyBad) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathIsDependency + *PathPathCertifyBad graphql.NoUnmarshalJSON } - firstPass.PathPathIsDependency = v + firstPass.PathPathCertifyBad = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -22191,34 +18606,28 @@ func (v *PathPathIsDependency) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsDependencyTree) + b, &v.AllCertifyBad) if err != nil { return err } return nil } -type __premarshalPathPathIsDependency struct { +type __premarshalPathPathCertifyBad struct { Typename *string `json:"__typename"` Id string `json:"id"` Justification string `json:"justification"` - Package AllIsDependencyTreePackage `json:"package"` - - DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` - - DependencyType DependencyType `json:"dependencyType"` - - VersionRange string `json:"versionRange"` + Subject json.RawMessage `json:"subject"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PathPathIsDependency) MarshalJSON() ([]byte, error) { +func (v *PathPathCertifyBad) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22226,68 +18635,79 @@ func (v *PathPathIsDependency) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathIsDependency) __premarshalJSON() (*__premarshalPathPathIsDependency, error) { - var retval __premarshalPathPathIsDependency +func (v *PathPathCertifyBad) __premarshalJSON() (*__premarshalPathPathCertifyBad, error) { + var retval __premarshalPathPathCertifyBad retval.Typename = v.Typename - retval.Id = v.AllIsDependencyTree.Id - retval.Justification = v.AllIsDependencyTree.Justification - retval.Package = v.AllIsDependencyTree.Package - retval.DependentPackage = v.AllIsDependencyTree.DependentPackage - retval.DependencyType = v.AllIsDependencyTree.DependencyType - retval.VersionRange = v.AllIsDependencyTree.VersionRange - retval.Origin = v.AllIsDependencyTree.Origin - retval.Collector = v.AllIsDependencyTree.Collector + retval.Id = v.AllCertifyBad.Id + retval.Justification = v.AllCertifyBad.Justification + { + + dst := &retval.Subject + src := v.AllCertifyBad.Subject + var err error + *dst, err = __marshalAllCertifyBadSubjectPackageSourceOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal PathPathCertifyBad.AllCertifyBad.Subject: %w", err) + } + } + retval.Origin = v.AllCertifyBad.Origin + retval.Collector = v.AllCertifyBad.Collector return &retval, nil } -// PathPathIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// PathPathCertifyGood includes the requested fields of the GraphQL type CertifyGood. // The GraphQL type's documentation follows. // -// IsOccurrence is an attestation to link an artifact to a package or source. +// CertifyGood is an attestation that a package, source, or artifact is considered +// good. // -// Attestation must occur at the PackageVersion or at the SourceName. -type PathPathIsOccurrence struct { - Typename *string `json:"__typename"` - AllIsOccurrencesTree `json:"-"` +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The certification applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type PathPathCertifyGood struct { + Typename *string `json:"__typename"` + AllCertifyGood `json:"-"` } -// GetTypename returns PathPathIsOccurrence.Typename, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetTypename() *string { return v.Typename } +// GetTypename returns PathPathCertifyGood.Typename, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetTypename() *string { return v.Typename } -// GetId returns PathPathIsOccurrence.Id, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } +// GetId returns PathPathCertifyGood.Id, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetId() string { return v.AllCertifyGood.Id } -// GetSubject returns PathPathIsOccurrence.Subject, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { - return v.AllIsOccurrencesTree.Subject -} +// GetJustification returns PathPathCertifyGood.Justification, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetJustification() string { return v.AllCertifyGood.Justification } -// GetArtifact returns PathPathIsOccurrence.Artifact, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { - return v.AllIsOccurrencesTree.Artifact +// GetSubject returns PathPathCertifyGood.Subject, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetSubject() AllCertifyGoodSubjectPackageSourceOrArtifact { + return v.AllCertifyGood.Subject } -// GetJustification returns PathPathIsOccurrence.Justification, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetJustification() string { return v.AllIsOccurrencesTree.Justification } - -// GetOrigin returns PathPathIsOccurrence.Origin, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } +// GetOrigin returns PathPathCertifyGood.Origin, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetOrigin() string { return v.AllCertifyGood.Origin } -// GetCollector returns PathPathIsOccurrence.Collector, and is useful for accessing the field via an interface. -func (v *PathPathIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } +// GetCollector returns PathPathCertifyGood.Collector, and is useful for accessing the field via an interface. +func (v *PathPathCertifyGood) GetCollector() string { return v.AllCertifyGood.Collector } -func (v *PathPathIsOccurrence) UnmarshalJSON(b []byte) error { +func (v *PathPathCertifyGood) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathIsOccurrence + *PathPathCertifyGood graphql.NoUnmarshalJSON } - firstPass.PathPathIsOccurrence = v + firstPass.PathPathCertifyGood = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -22295,30 +18715,28 @@ func (v *PathPathIsOccurrence) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsOccurrencesTree) + b, &v.AllCertifyGood) if err != nil { return err } return nil } -type __premarshalPathPathIsOccurrence struct { +type __premarshalPathPathCertifyGood struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` - Justification string `json:"justification"` + Subject json.RawMessage `json:"subject"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PathPathIsOccurrence) MarshalJSON() ([]byte, error) { +func (v *PathPathCertifyGood) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22326,75 +18744,66 @@ func (v *PathPathIsOccurrence) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathIsOccurrence) __premarshalJSON() (*__premarshalPathPathIsOccurrence, error) { - var retval __premarshalPathPathIsOccurrence +func (v *PathPathCertifyGood) __premarshalJSON() (*__premarshalPathPathCertifyGood, error) { + var retval __premarshalPathPathCertifyGood retval.Typename = v.Typename - retval.Id = v.AllIsOccurrencesTree.Id + retval.Id = v.AllCertifyGood.Id + retval.Justification = v.AllCertifyGood.Justification { dst := &retval.Subject - src := v.AllIsOccurrencesTree.Subject + src := v.AllCertifyGood.Subject var err error - *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + *dst, err = __marshalAllCertifyGoodSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal PathPathIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + "unable to marshal PathPathCertifyGood.AllCertifyGood.Subject: %w", err) } } - retval.Artifact = v.AllIsOccurrencesTree.Artifact - retval.Justification = v.AllIsOccurrencesTree.Justification - retval.Origin = v.AllIsOccurrencesTree.Origin - retval.Collector = v.AllIsOccurrencesTree.Collector + retval.Origin = v.AllCertifyGood.Origin + retval.Collector = v.AllCertifyGood.Collector return &retval, nil } -// PathPathIsVulnerability includes the requested fields of the GraphQL type IsVulnerability. +// PathPathCertifyScorecard includes the requested fields of the GraphQL type CertifyScorecard. // The GraphQL type's documentation follows. // -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type PathPathIsVulnerability struct { - Typename *string `json:"__typename"` - AllIsVulnerability `json:"-"` +// CertifyScorecard is an attestation to attach a Scorecard analysis to a +// particular source repository. +type PathPathCertifyScorecard struct { + Typename *string `json:"__typename"` + AllCertifyScorecard `json:"-"` } -// GetTypename returns PathPathIsVulnerability.Typename, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetTypename() *string { return v.Typename } - -// GetId returns PathPathIsVulnerability.Id, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetId() string { return v.AllIsVulnerability.Id } - -// GetOsv returns PathPathIsVulnerability.Osv, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetOsv() AllIsVulnerabilityOsvOSV { return v.AllIsVulnerability.Osv } +// GetTypename returns PathPathCertifyScorecard.Typename, and is useful for accessing the field via an interface. +func (v *PathPathCertifyScorecard) GetTypename() *string { return v.Typename } -// GetVulnerability returns PathPathIsVulnerability.Vulnerability, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetVulnerability() AllIsVulnerabilityVulnerabilityCveOrGhsa { - return v.AllIsVulnerability.Vulnerability -} +// GetId returns PathPathCertifyScorecard.Id, and is useful for accessing the field via an interface. +func (v *PathPathCertifyScorecard) GetId() string { return v.AllCertifyScorecard.Id } -// GetJustification returns PathPathIsVulnerability.Justification, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetJustification() string { - return v.AllIsVulnerability.Justification +// GetSource returns PathPathCertifyScorecard.Source, and is useful for accessing the field via an interface. +func (v *PathPathCertifyScorecard) GetSource() AllCertifyScorecardSource { + return v.AllCertifyScorecard.Source } -// GetOrigin returns PathPathIsVulnerability.Origin, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetOrigin() string { return v.AllIsVulnerability.Origin } - -// GetCollector returns PathPathIsVulnerability.Collector, and is useful for accessing the field via an interface. -func (v *PathPathIsVulnerability) GetCollector() string { return v.AllIsVulnerability.Collector } +// GetScorecard returns PathPathCertifyScorecard.Scorecard, and is useful for accessing the field via an interface. +func (v *PathPathCertifyScorecard) GetScorecard() AllCertifyScorecardScorecard { + return v.AllCertifyScorecard.Scorecard +} -func (v *PathPathIsVulnerability) UnmarshalJSON(b []byte) error { +func (v *PathPathCertifyScorecard) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathIsVulnerability + *PathPathCertifyScorecard graphql.NoUnmarshalJSON } - firstPass.PathPathIsVulnerability = v + firstPass.PathPathCertifyScorecard = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -22402,30 +18811,24 @@ func (v *PathPathIsVulnerability) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllIsVulnerability) + b, &v.AllCertifyScorecard) if err != nil { return err } return nil } -type __premarshalPathPathIsVulnerability struct { +type __premarshalPathPathCertifyScorecard struct { Typename *string `json:"__typename"` Id string `json:"id"` - Osv AllIsVulnerabilityOsvOSV `json:"osv"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Justification string `json:"justification"` - - Origin string `json:"origin"` + Source AllCertifyScorecardSource `json:"source"` - Collector string `json:"collector"` + Scorecard AllCertifyScorecardScorecard `json:"scorecard"` } -func (v *PathPathIsVulnerability) MarshalJSON() ([]byte, error) { +func (v *PathPathCertifyScorecard) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22433,519 +18836,201 @@ func (v *PathPathIsVulnerability) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathIsVulnerability) __premarshalJSON() (*__premarshalPathPathIsVulnerability, error) { - var retval __premarshalPathPathIsVulnerability +func (v *PathPathCertifyScorecard) __premarshalJSON() (*__premarshalPathPathCertifyScorecard, error) { + var retval __premarshalPathPathCertifyScorecard retval.Typename = v.Typename - retval.Id = v.AllIsVulnerability.Id - retval.Osv = v.AllIsVulnerability.Osv - { - - dst := &retval.Vulnerability - src := v.AllIsVulnerability.Vulnerability - var err error - *dst, err = __marshalAllIsVulnerabilityVulnerabilityCveOrGhsa( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathIsVulnerability.AllIsVulnerability.Vulnerability: %w", err) - } - } - retval.Justification = v.AllIsVulnerability.Justification - retval.Origin = v.AllIsVulnerability.Origin - retval.Collector = v.AllIsVulnerability.Collector + retval.Id = v.AllCertifyScorecard.Id + retval.Source = v.AllCertifyScorecard.Source + retval.Scorecard = v.AllCertifyScorecard.Scorecard return &retval, nil } -// PathPathNoVuln includes the requested fields of the GraphQL type NoVuln. +// PathPathCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. // The GraphQL type's documentation follows. // -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type PathPathNoVuln struct { - Typename *string `json:"__typename"` - Id string `json:"id"` +// CertifyVEXStatement is an attestation to attach VEX statements to a package or +// artifact to clarify the impact of a specific vulnerability. +type PathPathCertifyVEXStatement struct { + Typename *string `json:"__typename"` + AllCertifyVEXStatement `json:"-"` } -// GetTypename returns PathPathNoVuln.Typename, and is useful for accessing the field via an interface. -func (v *PathPathNoVuln) GetTypename() *string { return v.Typename } +// GetTypename returns PathPathCertifyVEXStatement.Typename, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetTypename() *string { return v.Typename } -// GetId returns PathPathNoVuln.Id, and is useful for accessing the field via an interface. -func (v *PathPathNoVuln) GetId() string { return v.Id } +// GetId returns PathPathCertifyVEXStatement.Id, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetId() string { return v.AllCertifyVEXStatement.Id } -// PathPathNode includes the requested fields of the GraphQL interface Node. -// -// PathPathNode is implemented by the following types: -// PathPathArtifact -// PathPathBuilder -// PathPathCVE -// PathPathCertifyBad -// PathPathCertifyGood -// PathPathCertifyScorecard -// PathPathCertifyVEXStatement -// PathPathCertifyVuln -// PathPathGHSA -// PathPathHasMetadata -// PathPathHasSBOM -// PathPathHasSLSA -// PathPathHasSourceAt -// PathPathHashEqual -// PathPathIsDependency -// PathPathIsOccurrence -// PathPathIsVulnerability -// PathPathNoVuln -// PathPathOSV -// PathPathPackage -// PathPathPkgEqual -// PathPathPointOfContact -// PathPathSource -// The GraphQL type's documentation follows. -// -// Node is a union type of all the possible nodes. -// -// It encapsulates the software tree nodes along with the evidence nodes. In a -// path query, all connecting evidence nodes along with their intermediate subject -// nodes need to be returned in order to create a complete graph. -type PathPathNode interface { - implementsGraphQLInterfacePathPathNode() - // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). - GetTypename() *string +// GetSubject returns PathPathCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { + return v.AllCertifyVEXStatement.Subject } -func (v *PathPathArtifact) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathBuilder) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCVE) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCertifyBad) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCertifyGood) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCertifyScorecard) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCertifyVEXStatement) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathCertifyVuln) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathGHSA) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathHasMetadata) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathHasSBOM) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathHasSLSA) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathHasSourceAt) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathHashEqual) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathIsDependency) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathIsOccurrence) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathIsVulnerability) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathNoVuln) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathOSV) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathPackage) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathPkgEqual) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathPointOfContact) implementsGraphQLInterfacePathPathNode() {} -func (v *PathPathSource) implementsGraphQLInterfacePathPathNode() {} - -func __unmarshalPathPathNode(b []byte, v *PathPathNode) error { - if string(b) == "null" { - return nil - } - - var tn struct { - TypeName string `json:"__typename"` - } - err := json.Unmarshal(b, &tn) - if err != nil { - return err - } - - switch tn.TypeName { - case "Artifact": - *v = new(PathPathArtifact) - return json.Unmarshal(b, *v) - case "Builder": - *v = new(PathPathBuilder) - return json.Unmarshal(b, *v) - case "CVE": - *v = new(PathPathCVE) - return json.Unmarshal(b, *v) - case "CertifyBad": - *v = new(PathPathCertifyBad) - return json.Unmarshal(b, *v) - case "CertifyGood": - *v = new(PathPathCertifyGood) - return json.Unmarshal(b, *v) - case "CertifyScorecard": - *v = new(PathPathCertifyScorecard) - return json.Unmarshal(b, *v) - case "CertifyVEXStatement": - *v = new(PathPathCertifyVEXStatement) - return json.Unmarshal(b, *v) - case "CertifyVuln": - *v = new(PathPathCertifyVuln) - return json.Unmarshal(b, *v) - case "GHSA": - *v = new(PathPathGHSA) - return json.Unmarshal(b, *v) - case "HasMetadata": - *v = new(PathPathHasMetadata) - return json.Unmarshal(b, *v) - case "HasSBOM": - *v = new(PathPathHasSBOM) - return json.Unmarshal(b, *v) - case "HasSLSA": - *v = new(PathPathHasSLSA) - return json.Unmarshal(b, *v) - case "HasSourceAt": - *v = new(PathPathHasSourceAt) - return json.Unmarshal(b, *v) - case "HashEqual": - *v = new(PathPathHashEqual) - return json.Unmarshal(b, *v) - case "IsDependency": - *v = new(PathPathIsDependency) - return json.Unmarshal(b, *v) - case "IsOccurrence": - *v = new(PathPathIsOccurrence) - return json.Unmarshal(b, *v) - case "IsVulnerability": - *v = new(PathPathIsVulnerability) - return json.Unmarshal(b, *v) - case "NoVuln": - *v = new(PathPathNoVuln) - return json.Unmarshal(b, *v) - case "OSV": - *v = new(PathPathOSV) - return json.Unmarshal(b, *v) - case "Package": - *v = new(PathPathPackage) - return json.Unmarshal(b, *v) - case "PkgEqual": - *v = new(PathPathPkgEqual) - return json.Unmarshal(b, *v) - case "PointOfContact": - *v = new(PathPathPointOfContact) - return json.Unmarshal(b, *v) - case "Source": - *v = new(PathPathSource) - return json.Unmarshal(b, *v) - case "": - return fmt.Errorf( - "response was missing Node.__typename") - default: - return fmt.Errorf( - `unexpected concrete type for PathPathNode: "%v"`, tn.TypeName) - } +// GetVulnerability returns PathPathCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { + return v.AllCertifyVEXStatement.Vulnerability } -func __marshalPathPathNode(v *PathPathNode) ([]byte, error) { - - var typename string - switch v := (*v).(type) { - case *PathPathArtifact: - typename = "Artifact" +// GetStatus returns PathPathCertifyVEXStatement.Status, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetStatus() VexStatus { return v.AllCertifyVEXStatement.Status } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathArtifact - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathBuilder: - typename = "Builder" +// GetVexJustification returns PathPathCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetVexJustification() VexJustification { + return v.AllCertifyVEXStatement.VexJustification +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathBuilder - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCVE: - typename = "CVE" +// GetStatement returns PathPathCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetStatement() string { + return v.AllCertifyVEXStatement.Statement +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCVE - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCertifyBad: - typename = "CertifyBad" +// GetStatusNotes returns PathPathCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetStatusNotes() string { + return v.AllCertifyVEXStatement.StatusNotes +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCertifyBad - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCertifyGood: - typename = "CertifyGood" +// GetKnownSince returns PathPathCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetKnownSince() time.Time { + return v.AllCertifyVEXStatement.KnownSince +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCertifyGood - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCertifyScorecard: - typename = "CertifyScorecard" +// GetOrigin returns PathPathCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetOrigin() string { return v.AllCertifyVEXStatement.Origin } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCertifyScorecard - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCertifyVEXStatement: - typename = "CertifyVEXStatement" +// GetCollector returns PathPathCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVEXStatement) GetCollector() string { + return v.AllCertifyVEXStatement.Collector +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCertifyVEXStatement - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathCertifyVuln: - typename = "CertifyVuln" +func (v *PathPathCertifyVEXStatement) UnmarshalJSON(b []byte) error { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathCertifyVuln - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathGHSA: - typename = "GHSA" + if string(b) == "null" { + return nil + } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathGHSA - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathHasMetadata: - typename = "HasMetadata" + var firstPass struct { + *PathPathCertifyVEXStatement + graphql.NoUnmarshalJSON + } + firstPass.PathPathCertifyVEXStatement = v - result := struct { - TypeName string `json:"__typename"` - *PathPathHasMetadata - }{typename, v} - return json.Marshal(result) - case *PathPathHasSBOM: - typename = "HasSBOM" + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathHasSBOM - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathHasSLSA: - typename = "HasSLSA" + err = json.Unmarshal( + b, &v.AllCertifyVEXStatement) + if err != nil { + return err + } + return nil +} - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathHasSLSA - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathHasSourceAt: - typename = "HasSourceAt" +type __premarshalPathPathCertifyVEXStatement struct { + Typename *string `json:"__typename"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathHasSourceAt - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathHashEqual: - typename = "HashEqual" + Id string `json:"id"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathHashEqual - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathIsDependency: - typename = "IsDependency" + Subject json.RawMessage `json:"subject"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathIsDependency - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathIsOccurrence: - typename = "IsOccurrence" + Vulnerability AllCertifyVEXStatementVulnerability `json:"vulnerability"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathIsOccurrence - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathIsVulnerability: - typename = "IsVulnerability" + Status VexStatus `json:"status"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathIsVulnerability - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathNoVuln: - typename = "NoVuln" + VexJustification VexJustification `json:"vexJustification"` - result := struct { - TypeName string `json:"__typename"` - *PathPathNoVuln - }{typename, v} - return json.Marshal(result) - case *PathPathOSV: - typename = "OSV" + Statement string `json:"statement"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathOSV - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathPackage: - typename = "Package" + StatusNotes string `json:"statusNotes"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathPackage - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathPkgEqual: - typename = "PkgEqual" + KnownSince time.Time `json:"knownSince"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathPkgEqual - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathPointOfContact: - typename = "PointOfContact" + Origin string `json:"origin"` - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathPointOfContact - }{typename, premarshaled} - return json.Marshal(result) - case *PathPathSource: - typename = "Source" + Collector string `json:"collector"` +} - premarshaled, err := v.__premarshalJSON() +func (v *PathPathCertifyVEXStatement) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *PathPathCertifyVEXStatement) __premarshalJSON() (*__premarshalPathPathCertifyVEXStatement, error) { + var retval __premarshalPathPathCertifyVEXStatement + + retval.Typename = v.Typename + retval.Id = v.AllCertifyVEXStatement.Id + { + + dst := &retval.Subject + src := v.AllCertifyVEXStatement.Subject + var err error + *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( + &src) if err != nil { - return nil, err + return nil, fmt.Errorf( + "unable to marshal PathPathCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) } - result := struct { - TypeName string `json:"__typename"` - *__premarshalPathPathSource - }{typename, premarshaled} - return json.Marshal(result) - case nil: - return []byte("null"), nil - default: - return nil, fmt.Errorf( - `unexpected concrete type for PathPathNode: "%T"`, v) } + retval.Vulnerability = v.AllCertifyVEXStatement.Vulnerability + retval.Status = v.AllCertifyVEXStatement.Status + retval.VexJustification = v.AllCertifyVEXStatement.VexJustification + retval.Statement = v.AllCertifyVEXStatement.Statement + retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes + retval.KnownSince = v.AllCertifyVEXStatement.KnownSince + retval.Origin = v.AllCertifyVEXStatement.Origin + retval.Collector = v.AllCertifyVEXStatement.Collector + return &retval, nil } -// PathPathOSV includes the requested fields of the GraphQL type OSV. +// PathPathCertifyVuln includes the requested fields of the GraphQL type CertifyVuln. // The GraphQL type's documentation follows. // -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). +// CertifyVuln is an attestation to attach vulnerability information to a package. // -// This node can be referred to by other parts of GUAC. -type PathPathOSV struct { - Typename *string `json:"__typename"` - AllOSVTree `json:"-"` +// This information is obtained via a scanner. If there is no vulnerability +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. +type PathPathCertifyVuln struct { + Typename *string `json:"__typename"` + AllCertifyVuln `json:"-"` } -// GetTypename returns PathPathOSV.Typename, and is useful for accessing the field via an interface. -func (v *PathPathOSV) GetTypename() *string { return v.Typename } +// GetTypename returns PathPathCertifyVuln.Typename, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVuln) GetTypename() *string { return v.Typename } + +// GetId returns PathPathCertifyVuln.Id, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVuln) GetId() string { return v.AllCertifyVuln.Id } + +// GetPackage returns PathPathCertifyVuln.Package, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVuln) GetPackage() AllCertifyVulnPackage { return v.AllCertifyVuln.Package } -// GetId returns PathPathOSV.Id, and is useful for accessing the field via an interface. -func (v *PathPathOSV) GetId() string { return v.AllOSVTree.Id } +// GetVulnerability returns PathPathCertifyVuln.Vulnerability, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVuln) GetVulnerability() AllCertifyVulnVulnerability { + return v.AllCertifyVuln.Vulnerability +} -// GetOsvId returns PathPathOSV.OsvId, and is useful for accessing the field via an interface. -func (v *PathPathOSV) GetOsvId() string { return v.AllOSVTree.OsvId } +// GetMetadata returns PathPathCertifyVuln.Metadata, and is useful for accessing the field via an interface. +func (v *PathPathCertifyVuln) GetMetadata() AllCertifyVulnMetadataScanMetadata { + return v.AllCertifyVuln.Metadata +} -func (v *PathPathOSV) UnmarshalJSON(b []byte) error { +func (v *PathPathCertifyVuln) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathOSV + *PathPathCertifyVuln graphql.NoUnmarshalJSON } - firstPass.PathPathOSV = v + firstPass.PathPathCertifyVuln = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -22953,22 +19038,26 @@ func (v *PathPathOSV) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllOSVTree) + b, &v.AllCertifyVuln) if err != nil { return err } return nil } -type __premarshalPathPathOSV struct { +type __premarshalPathPathCertifyVuln struct { Typename *string `json:"__typename"` Id string `json:"id"` - OsvId string `json:"osvId"` + Package AllCertifyVulnPackage `json:"package"` + + Vulnerability AllCertifyVulnVulnerability `json:"vulnerability"` + + Metadata AllCertifyVulnMetadataScanMetadata `json:"metadata"` } -func (v *PathPathOSV) MarshalJSON() ([]byte, error) { +func (v *PathPathCertifyVuln) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -22976,62 +19065,87 @@ func (v *PathPathOSV) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathOSV) __premarshalJSON() (*__premarshalPathPathOSV, error) { - var retval __premarshalPathPathOSV +func (v *PathPathCertifyVuln) __premarshalJSON() (*__premarshalPathPathCertifyVuln, error) { + var retval __premarshalPathPathCertifyVuln retval.Typename = v.Typename - retval.Id = v.AllOSVTree.Id - retval.OsvId = v.AllOSVTree.OsvId + retval.Id = v.AllCertifyVuln.Id + retval.Package = v.AllCertifyVuln.Package + retval.Vulnerability = v.AllCertifyVuln.Vulnerability + retval.Metadata = v.AllCertifyVuln.Metadata return &retval, nil } -// PathPathPackage includes the requested fields of the GraphQL type Package. +// PathPathHasMetadata includes the requested fields of the GraphQL type HasMetadata. // The GraphQL type's documentation follows. // -// Package represents the root of the package trie/tree. +// HasMetadata is an attestation that a package, source, or artifact has a certain +// attested property (key) with value (value). For example, a source may have +// metadata "SourceRepo2FAEnabled=true". // -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// The intent of this evidence tree predicate is to allow extensibility of metadata +// expressible within the GUAC ontology. Metadata that is commonly used will then +// be promoted to a predicate on its own. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// Justification indicates how the metadata was determined. // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PathPathPackage struct { - Typename *string `json:"__typename"` - AllPkgTree `json:"-"` +// The metadata applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +type PathPathHasMetadata struct { + Typename *string `json:"__typename"` } -// GetTypename returns PathPathPackage.Typename, and is useful for accessing the field via an interface. -func (v *PathPathPackage) GetTypename() *string { return v.Typename } +// GetTypename returns PathPathHasMetadata.Typename, and is useful for accessing the field via an interface. +func (v *PathPathHasMetadata) GetTypename() *string { return v.Typename } -// GetId returns PathPathPackage.Id, and is useful for accessing the field via an interface. -func (v *PathPathPackage) GetId() string { return v.AllPkgTree.Id } +// PathPathHasSBOM includes the requested fields of the GraphQL type HasSBOM. +type PathPathHasSBOM struct { + Typename *string `json:"__typename"` + AllHasSBOMTree `json:"-"` +} -// GetType returns PathPathPackage.Type, and is useful for accessing the field via an interface. -func (v *PathPathPackage) GetType() string { return v.AllPkgTree.Type } +// GetTypename returns PathPathHasSBOM.Typename, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetTypename() *string { return v.Typename } -// GetNamespaces returns PathPathPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PathPathPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// GetId returns PathPathHasSBOM.Id, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetId() string { return v.AllHasSBOMTree.Id } + +// GetSubject returns PathPathHasSBOM.Subject, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetSubject() AllHasSBOMTreeSubjectPackageOrArtifact { + return v.AllHasSBOMTree.Subject } -func (v *PathPathPackage) UnmarshalJSON(b []byte) error { +// GetUri returns PathPathHasSBOM.Uri, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetUri() string { return v.AllHasSBOMTree.Uri } + +// GetAlgorithm returns PathPathHasSBOM.Algorithm, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetAlgorithm() string { return v.AllHasSBOMTree.Algorithm } + +// GetDigest returns PathPathHasSBOM.Digest, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetDigest() string { return v.AllHasSBOMTree.Digest } + +// GetDownloadLocation returns PathPathHasSBOM.DownloadLocation, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetDownloadLocation() string { return v.AllHasSBOMTree.DownloadLocation } + +// GetOrigin returns PathPathHasSBOM.Origin, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetOrigin() string { return v.AllHasSBOMTree.Origin } + +// GetCollector returns PathPathHasSBOM.Collector, and is useful for accessing the field via an interface. +func (v *PathPathHasSBOM) GetCollector() string { return v.AllHasSBOMTree.Collector } + +func (v *PathPathHasSBOM) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathPackage + *PathPathHasSBOM graphql.NoUnmarshalJSON } - firstPass.PathPathPackage = v + firstPass.PathPathHasSBOM = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23039,24 +19153,34 @@ func (v *PathPathPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllHasSBOMTree) if err != nil { return err } return nil } -type __premarshalPathPathPackage struct { +type __premarshalPathPathHasSBOM struct { Typename *string `json:"__typename"` Id string `json:"id"` - Type string `json:"type"` + Subject json.RawMessage `json:"subject"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Uri string `json:"uri"` + + Algorithm string `json:"algorithm"` + + Digest string `json:"digest"` + + DownloadLocation string `json:"downloadLocation"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *PathPathPackage) MarshalJSON() ([]byte, error) { +func (v *PathPathHasSBOM) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23064,54 +19188,64 @@ func (v *PathPathPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathPackage) __premarshalJSON() (*__premarshalPathPathPackage, error) { - var retval __premarshalPathPathPackage +func (v *PathPathHasSBOM) __premarshalJSON() (*__premarshalPathPathHasSBOM, error) { + var retval __premarshalPathPathHasSBOM retval.Typename = v.Typename - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Id = v.AllHasSBOMTree.Id + { + + dst := &retval.Subject + src := v.AllHasSBOMTree.Subject + var err error + *dst, err = __marshalAllHasSBOMTreeSubjectPackageOrArtifact( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal PathPathHasSBOM.AllHasSBOMTree.Subject: %w", err) + } + } + retval.Uri = v.AllHasSBOMTree.Uri + retval.Algorithm = v.AllHasSBOMTree.Algorithm + retval.Digest = v.AllHasSBOMTree.Digest + retval.DownloadLocation = v.AllHasSBOMTree.DownloadLocation + retval.Origin = v.AllHasSBOMTree.Origin + retval.Collector = v.AllHasSBOMTree.Collector return &retval, nil } -// PathPathPkgEqual includes the requested fields of the GraphQL type PkgEqual. +// PathPathHasSLSA includes the requested fields of the GraphQL type HasSLSA. // The GraphQL type's documentation follows. // -// PkgEqual is an attestation that a set of packages are similar. -type PathPathPkgEqual struct { +// HasSLSA records that a subject node has a SLSA attestation. +type PathPathHasSLSA struct { Typename *string `json:"__typename"` - AllPkgEqual `json:"-"` + AllSLSATree `json:"-"` } -// GetTypename returns PathPathPkgEqual.Typename, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetTypename() *string { return v.Typename } - -// GetId returns PathPathPkgEqual.Id, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetId() string { return v.AllPkgEqual.Id } - -// GetJustification returns PathPathPkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } +// GetTypename returns PathPathHasSLSA.Typename, and is useful for accessing the field via an interface. +func (v *PathPathHasSLSA) GetTypename() *string { return v.Typename } -// GetPackages returns PathPathPkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.AllPkgEqual.Packages } +// GetId returns PathPathHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *PathPathHasSLSA) GetId() string { return v.AllSLSATree.Id } -// GetOrigin returns PathPathPkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } +// GetSubject returns PathPathHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *PathPathHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { return v.AllSLSATree.Subject } -// GetCollector returns PathPathPkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *PathPathPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } +// GetSlsa returns PathPathHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *PathPathHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -func (v *PathPathPkgEqual) UnmarshalJSON(b []byte) error { +func (v *PathPathHasSLSA) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathPkgEqual + *PathPathHasSLSA graphql.NoUnmarshalJSON } - firstPass.PathPathPkgEqual = v + firstPass.PathPathHasSLSA = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23119,28 +19253,24 @@ func (v *PathPathPkgEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgEqual) + b, &v.AllSLSATree) if err != nil { return err } return nil } -type __premarshalPathPathPkgEqual struct { +type __premarshalPathPathHasSLSA struct { Typename *string `json:"__typename"` Id string `json:"id"` - Justification string `json:"justification"` - - Packages []AllPkgEqualPackagesPackage `json:"packages"` - - Origin string `json:"origin"` + Subject AllSLSATreeSubjectArtifact `json:"subject"` - Collector string `json:"collector"` + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` } -func (v *PathPathPkgEqual) MarshalJSON() ([]byte, error) { +func (v *PathPathHasSLSA) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23148,87 +19278,60 @@ func (v *PathPathPkgEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathPkgEqual) __premarshalJSON() (*__premarshalPathPathPkgEqual, error) { - var retval __premarshalPathPathPkgEqual +func (v *PathPathHasSLSA) __premarshalJSON() (*__premarshalPathPathHasSLSA, error) { + var retval __premarshalPathPathHasSLSA retval.Typename = v.Typename - retval.Id = v.AllPkgEqual.Id - retval.Justification = v.AllPkgEqual.Justification - retval.Packages = v.AllPkgEqual.Packages - retval.Origin = v.AllPkgEqual.Origin - retval.Collector = v.AllPkgEqual.Collector + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa return &retval, nil } -// PathPathPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// PathPathHasSourceAt includes the requested fields of the GraphQL type HasSourceAt. // The GraphQL type's documentation follows. // -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The attestation applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type PathPathPointOfContact struct { - Typename *string `json:"__typename"` - AllPointOfContact `json:"-"` -} - -// GetTypename returns PathPathPointOfContact.Typename, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetTypename() *string { return v.Typename } - -// GetId returns PathPathPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetId() string { return v.AllPointOfContact.Id } - -// GetSubject returns PathPathPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject +// HasSourceAt records that a package's repository is a given source. +type PathPathHasSourceAt struct { + Typename *string `json:"__typename"` + AllHasSourceAt `json:"-"` } -// GetEmail returns PathPathPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } +// GetTypename returns PathPathHasSourceAt.Typename, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetTypename() *string { return v.Typename } -// GetInfo returns PathPathPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } +// GetId returns PathPathHasSourceAt.Id, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetId() string { return v.AllHasSourceAt.Id } -// GetSince returns PathPathPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } +// GetJustification returns PathPathHasSourceAt.Justification, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetJustification() string { return v.AllHasSourceAt.Justification } -// GetJustification returns PathPathPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetJustification() string { return v.AllPointOfContact.Justification } +// GetKnownSince returns PathPathHasSourceAt.KnownSince, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetKnownSince() time.Time { return v.AllHasSourceAt.KnownSince } -// GetOrigin returns PathPathPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } +// GetPackage returns PathPathHasSourceAt.Package, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetPackage() AllHasSourceAtPackage { return v.AllHasSourceAt.Package } -// GetCollector returns PathPathPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *PathPathPointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } +// GetSource returns PathPathHasSourceAt.Source, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetSource() AllHasSourceAtSource { return v.AllHasSourceAt.Source } -func (v *PathPathPointOfContact) UnmarshalJSON(b []byte) error { +// GetOrigin returns PathPathHasSourceAt.Origin, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetOrigin() string { return v.AllHasSourceAt.Origin } + +// GetCollector returns PathPathHasSourceAt.Collector, and is useful for accessing the field via an interface. +func (v *PathPathHasSourceAt) GetCollector() string { return v.AllHasSourceAt.Collector } + +func (v *PathPathHasSourceAt) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathPointOfContact + *PathPathHasSourceAt graphql.NoUnmarshalJSON } - firstPass.PathPathPointOfContact = v + firstPass.PathPathHasSourceAt = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23236,34 +19339,32 @@ func (v *PathPathPointOfContact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPointOfContact) + b, &v.AllHasSourceAt) if err != nil { return err } return nil } -type __premarshalPathPathPointOfContact struct { +type __premarshalPathPathHasSourceAt struct { Typename *string `json:"__typename"` Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` + Justification string `json:"justification"` - Info string `json:"info"` + KnownSince time.Time `json:"knownSince"` - Since time.Time `json:"since"` + Package AllHasSourceAtPackage `json:"package"` - Justification string `json:"justification"` + Source AllHasSourceAtSource `json:"source"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PathPathPointOfContact) MarshalJSON() ([]byte, error) { +func (v *PathPathHasSourceAt) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23271,76 +19372,60 @@ func (v *PathPathPointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathPointOfContact) __premarshalJSON() (*__premarshalPathPathPointOfContact, error) { - var retval __premarshalPathPathPointOfContact +func (v *PathPathHasSourceAt) __premarshalJSON() (*__premarshalPathPathHasSourceAt, error) { + var retval __premarshalPathPathHasSourceAt retval.Typename = v.Typename - retval.Id = v.AllPointOfContact.Id - { - - dst := &retval.Subject - src := v.AllPointOfContact.Subject - var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathPathPointOfContact.AllPointOfContact.Subject: %w", err) - } - } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector + retval.Id = v.AllHasSourceAt.Id + retval.Justification = v.AllHasSourceAt.Justification + retval.KnownSince = v.AllHasSourceAt.KnownSince + retval.Package = v.AllHasSourceAt.Package + retval.Source = v.AllHasSourceAt.Source + retval.Origin = v.AllHasSourceAt.Origin + retval.Collector = v.AllHasSourceAt.Collector return &retval, nil } -// PathPathSource includes the requested fields of the GraphQL type Source. +// PathPathHashEqual includes the requested fields of the GraphQL type HashEqual. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. -// -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. -// -// This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. -// -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type PathPathSource struct { - Typename *string `json:"__typename"` - AllSourceTree `json:"-"` +// HashEqual is an attestation that a set of artifacts are identical. +type PathPathHashEqual struct { + Typename *string `json:"__typename"` + AllHashEqualTree `json:"-"` } -// GetTypename returns PathPathSource.Typename, and is useful for accessing the field via an interface. -func (v *PathPathSource) GetTypename() *string { return v.Typename } +// GetTypename returns PathPathHashEqual.Typename, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetTypename() *string { return v.Typename } -// GetId returns PathPathSource.Id, and is useful for accessing the field via an interface. -func (v *PathPathSource) GetId() string { return v.AllSourceTree.Id } +// GetId returns PathPathHashEqual.Id, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetId() string { return v.AllHashEqualTree.Id } -// GetType returns PathPathSource.Type, and is useful for accessing the field via an interface. -func (v *PathPathSource) GetType() string { return v.AllSourceTree.Type } +// GetJustification returns PathPathHashEqual.Justification, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetJustification() string { return v.AllHashEqualTree.Justification } -// GetNamespaces returns PathPathSource.Namespaces, and is useful for accessing the field via an interface. -func (v *PathPathSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetArtifacts returns PathPathHashEqual.Artifacts, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetArtifacts() []AllHashEqualTreeArtifactsArtifact { + return v.AllHashEqualTree.Artifacts } -func (v *PathPathSource) UnmarshalJSON(b []byte) error { +// GetOrigin returns PathPathHashEqual.Origin, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetOrigin() string { return v.AllHashEqualTree.Origin } + +// GetCollector returns PathPathHashEqual.Collector, and is useful for accessing the field via an interface. +func (v *PathPathHashEqual) GetCollector() string { return v.AllHashEqualTree.Collector } + +func (v *PathPathHashEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PathPathSource + *PathPathHashEqual graphql.NoUnmarshalJSON } - firstPass.PathPathSource = v + firstPass.PathPathHashEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23348,24 +19433,28 @@ func (v *PathPathSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllHashEqualTree) if err != nil { return err } return nil } -type __premarshalPathPathSource struct { +type __premarshalPathPathHashEqual struct { Typename *string `json:"__typename"` Id string `json:"id"` - Type string `json:"type"` + Justification string `json:"justification"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + Artifacts []AllHashEqualTreeArtifactsArtifact `json:"artifacts"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *PathPathSource) MarshalJSON() ([]byte, error) { +func (v *PathPathHashEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23373,142 +19462,71 @@ func (v *PathPathSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PathPathSource) __premarshalJSON() (*__premarshalPathPathSource, error) { - var retval __premarshalPathPathSource +func (v *PathPathHashEqual) __premarshalJSON() (*__premarshalPathPathHashEqual, error) { + var retval __premarshalPathPathHashEqual retval.Typename = v.Typename - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Id = v.AllHashEqualTree.Id + retval.Justification = v.AllHashEqualTree.Justification + retval.Artifacts = v.AllHashEqualTree.Artifacts + retval.Origin = v.AllHashEqualTree.Origin + retval.Collector = v.AllHashEqualTree.Collector return &retval, nil } -// PathResponse is returned by Path on success. -type PathResponse struct { - // path query returns a path between subject and target, of a maximum length. - // - // Since we want to uniquely identify endpoints, nodes must be specified by - // valid IDs only (instead of using filters/input spec structs). - // - // Specifying any Edge value in `usingOnly` will make the path only contain the - // corresponding GUAC evidence trees (GUAC verbs). - Path []PathPathNode `json:"-"` -} - -// GetPath returns PathResponse.Path, and is useful for accessing the field via an interface. -func (v *PathResponse) GetPath() []PathPathNode { return v.Path } - -func (v *PathResponse) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *PathResponse - Path []json.RawMessage `json:"path"` - graphql.NoUnmarshalJSON - } - firstPass.PathResponse = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - { - dst := &v.Path - src := firstPass.Path - *dst = make( - []PathPathNode, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - if len(src) != 0 && string(src) != "null" { - err = __unmarshalPathPathNode( - src, dst) - if err != nil { - return fmt.Errorf( - "unable to unmarshal PathResponse.Path: %w", err) - } - } - } - } - return nil -} - -type __premarshalPathResponse struct { - Path []json.RawMessage `json:"path"` -} - -func (v *PathResponse) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) +// PathPathIsDependency includes the requested fields of the GraphQL type IsDependency. +// The GraphQL type's documentation follows. +// +// IsDependency is an attestation to record that a package depends on another. +type PathPathIsDependency struct { + Typename *string `json:"__typename"` + AllIsDependencyTree `json:"-"` } -func (v *PathResponse) __premarshalJSON() (*__premarshalPathResponse, error) { - var retval __premarshalPathResponse +// GetTypename returns PathPathIsDependency.Typename, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetTypename() *string { return v.Typename } - { +// GetId returns PathPathIsDependency.Id, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetId() string { return v.AllIsDependencyTree.Id } - dst := &retval.Path - src := v.Path - *dst = make( - []json.RawMessage, - len(src)) - for i, src := range src { - dst := &(*dst)[i] - var err error - *dst, err = __marshalPathPathNode( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PathResponse.Path: %w", err) - } - } - } - return &retval, nil -} +// GetJustification returns PathPathIsDependency.Justification, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetJustification() string { return v.AllIsDependencyTree.Justification } -// PkgEqualIngestPkgEqual includes the requested fields of the GraphQL type PkgEqual. -// The GraphQL type's documentation follows. -// -// PkgEqual is an attestation that a set of packages are similar. -type PkgEqualIngestPkgEqual struct { - AllPkgEqual `json:"-"` +// GetPackage returns PathPathIsDependency.Package, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetPackage() AllIsDependencyTreePackage { + return v.AllIsDependencyTree.Package } -// GetId returns PkgEqualIngestPkgEqual.Id, and is useful for accessing the field via an interface. -func (v *PkgEqualIngestPkgEqual) GetId() string { return v.AllPkgEqual.Id } - -// GetJustification returns PkgEqualIngestPkgEqual.Justification, and is useful for accessing the field via an interface. -func (v *PkgEqualIngestPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } +// GetDependentPackage returns PathPathIsDependency.DependentPackage, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetDependentPackage() AllIsDependencyTreeDependentPackage { + return v.AllIsDependencyTree.DependentPackage +} -// GetPackages returns PkgEqualIngestPkgEqual.Packages, and is useful for accessing the field via an interface. -func (v *PkgEqualIngestPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { - return v.AllPkgEqual.Packages +// GetDependencyType returns PathPathIsDependency.DependencyType, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetDependencyType() DependencyType { + return v.AllIsDependencyTree.DependencyType } -// GetOrigin returns PkgEqualIngestPkgEqual.Origin, and is useful for accessing the field via an interface. -func (v *PkgEqualIngestPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } +// GetVersionRange returns PathPathIsDependency.VersionRange, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetVersionRange() string { return v.AllIsDependencyTree.VersionRange } -// GetCollector returns PkgEqualIngestPkgEqual.Collector, and is useful for accessing the field via an interface. -func (v *PkgEqualIngestPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } +// GetOrigin returns PathPathIsDependency.Origin, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetOrigin() string { return v.AllIsDependencyTree.Origin } -func (v *PkgEqualIngestPkgEqual) UnmarshalJSON(b []byte) error { +// GetCollector returns PathPathIsDependency.Collector, and is useful for accessing the field via an interface. +func (v *PathPathIsDependency) GetCollector() string { return v.AllIsDependencyTree.Collector } + +func (v *PathPathIsDependency) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PkgEqualIngestPkgEqual + *PathPathIsDependency graphql.NoUnmarshalJSON } - firstPass.PkgEqualIngestPkgEqual = v + firstPass.PathPathIsDependency = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23516,26 +19534,34 @@ func (v *PkgEqualIngestPkgEqual) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgEqual) + b, &v.AllIsDependencyTree) if err != nil { return err } return nil } -type __premarshalPkgEqualIngestPkgEqual struct { +type __premarshalPathPathIsDependency struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Justification string `json:"justification"` - Packages []AllPkgEqualPackagesPackage `json:"packages"` + Package AllIsDependencyTreePackage `json:"package"` + + DependentPackage AllIsDependencyTreeDependentPackage `json:"dependentPackage"` + + DependencyType DependencyType `json:"dependencyType"` + + VersionRange string `json:"versionRange"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PkgEqualIngestPkgEqual) MarshalJSON() ([]byte, error) { +func (v *PathPathIsDependency) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23543,76 +19569,68 @@ func (v *PkgEqualIngestPkgEqual) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PkgEqualIngestPkgEqual) __premarshalJSON() (*__premarshalPkgEqualIngestPkgEqual, error) { - var retval __premarshalPkgEqualIngestPkgEqual +func (v *PathPathIsDependency) __premarshalJSON() (*__premarshalPathPathIsDependency, error) { + var retval __premarshalPathPathIsDependency - retval.Id = v.AllPkgEqual.Id - retval.Justification = v.AllPkgEqual.Justification - retval.Packages = v.AllPkgEqual.Packages - retval.Origin = v.AllPkgEqual.Origin - retval.Collector = v.AllPkgEqual.Collector + retval.Typename = v.Typename + retval.Id = v.AllIsDependencyTree.Id + retval.Justification = v.AllIsDependencyTree.Justification + retval.Package = v.AllIsDependencyTree.Package + retval.DependentPackage = v.AllIsDependencyTree.DependentPackage + retval.DependencyType = v.AllIsDependencyTree.DependencyType + retval.VersionRange = v.AllIsDependencyTree.VersionRange + retval.Origin = v.AllIsDependencyTree.Origin + retval.Collector = v.AllIsDependencyTree.Collector return &retval, nil } -// PkgEqualInputSpec represents the input to certify that packages are similar. -type PkgEqualInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` +// PathPathIsOccurrence includes the requested fields of the GraphQL type IsOccurrence. +// The GraphQL type's documentation follows. +// +// IsOccurrence is an attestation to link an artifact to a package or source. +// +// Attestation must occur at the PackageVersion or at the SourceName. +type PathPathIsOccurrence struct { + Typename *string `json:"__typename"` + AllIsOccurrencesTree `json:"-"` } -// GetJustification returns PkgEqualInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *PkgEqualInputSpec) GetJustification() string { return v.Justification } +// GetTypename returns PathPathIsOccurrence.Typename, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetTypename() *string { return v.Typename } -// GetOrigin returns PkgEqualInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *PkgEqualInputSpec) GetOrigin() string { return v.Origin } +// GetId returns PathPathIsOccurrence.Id, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetId() string { return v.AllIsOccurrencesTree.Id } -// GetCollector returns PkgEqualInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *PkgEqualInputSpec) GetCollector() string { return v.Collector } +// GetSubject returns PathPathIsOccurrence.Subject, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetSubject() AllIsOccurrencesTreeSubjectPackageOrSource { + return v.AllIsOccurrencesTree.Subject +} -// PkgEqualOtherPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. -// -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. -// -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. -// -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PkgEqualOtherPackage struct { - AllPkgTree `json:"-"` +// GetArtifact returns PathPathIsOccurrence.Artifact, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetArtifact() AllIsOccurrencesTreeArtifact { + return v.AllIsOccurrencesTree.Artifact } -// GetId returns PkgEqualOtherPackage.Id, and is useful for accessing the field via an interface. -func (v *PkgEqualOtherPackage) GetId() string { return v.AllPkgTree.Id } +// GetJustification returns PathPathIsOccurrence.Justification, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetJustification() string { return v.AllIsOccurrencesTree.Justification } -// GetType returns PkgEqualOtherPackage.Type, and is useful for accessing the field via an interface. -func (v *PkgEqualOtherPackage) GetType() string { return v.AllPkgTree.Type } +// GetOrigin returns PathPathIsOccurrence.Origin, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetOrigin() string { return v.AllIsOccurrencesTree.Origin } -// GetNamespaces returns PkgEqualOtherPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PkgEqualOtherPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces -} +// GetCollector returns PathPathIsOccurrence.Collector, and is useful for accessing the field via an interface. +func (v *PathPathIsOccurrence) GetCollector() string { return v.AllIsOccurrencesTree.Collector } -func (v *PkgEqualOtherPackage) UnmarshalJSON(b []byte) error { +func (v *PathPathIsOccurrence) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PkgEqualOtherPackage + *PathPathIsOccurrence graphql.NoUnmarshalJSON } - firstPass.PkgEqualOtherPackage = v + firstPass.PathPathIsOccurrence = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23620,22 +19638,30 @@ func (v *PkgEqualOtherPackage) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPkgTree) + b, &v.AllIsOccurrencesTree) if err != nil { return err } return nil } -type __premarshalPkgEqualOtherPackage struct { +type __premarshalPathPathIsOccurrence struct { + Typename *string `json:"__typename"` + Id string `json:"id"` - Type string `json:"type"` + Subject json.RawMessage `json:"subject"` - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` + Artifact AllIsOccurrencesTreeArtifact `json:"artifact"` + + Justification string `json:"justification"` + + Origin string `json:"origin"` + + Collector string `json:"collector"` } -func (v *PkgEqualOtherPackage) MarshalJSON() ([]byte, error) { +func (v *PathPathIsOccurrence) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23643,280 +19669,465 @@ func (v *PkgEqualOtherPackage) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PkgEqualOtherPackage) __premarshalJSON() (*__premarshalPkgEqualOtherPackage, error) { - var retval __premarshalPkgEqualOtherPackage +func (v *PathPathIsOccurrence) __premarshalJSON() (*__premarshalPathPathIsOccurrence, error) { + var retval __premarshalPathPathIsOccurrence - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllIsOccurrencesTree.Id + { + + dst := &retval.Subject + src := v.AllIsOccurrencesTree.Subject + var err error + *dst, err = __marshalAllIsOccurrencesTreeSubjectPackageOrSource( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal PathPathIsOccurrence.AllIsOccurrencesTree.Subject: %w", err) + } + } + retval.Artifact = v.AllIsOccurrencesTree.Artifact + retval.Justification = v.AllIsOccurrencesTree.Justification + retval.Origin = v.AllIsOccurrencesTree.Origin + retval.Collector = v.AllIsOccurrencesTree.Collector return &retval, nil } -// PkgEqualPkgPackage includes the requested fields of the GraphQL type Package. -// The GraphQL type's documentation follows. -// -// Package represents the root of the package trie/tree. +// PathPathNode includes the requested fields of the GraphQL interface Node. // -// We map package information to a trie, closely matching the pURL specification -// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), -// but deviating from it where GUAC heuristics allow for better representation of -// package information. Each path in the trie fully represents a package; we split -// the trie based on the pURL components. +// PathPathNode is implemented by the following types: +// PathPathArtifact +// PathPathBuilder +// PathPathCertifyBad +// PathPathCertifyGood +// PathPathCertifyScorecard +// PathPathCertifyVEXStatement +// PathPathCertifyVuln +// PathPathHasMetadata +// PathPathHasSBOM +// PathPathHasSLSA +// PathPathHasSourceAt +// PathPathHashEqual +// PathPathIsDependency +// PathPathIsOccurrence +// PathPathPackage +// PathPathPkgEqual +// PathPathPointOfContact +// PathPathSource +// PathPathVulnEqual +// PathPathVulnerability +// The GraphQL type's documentation follows. // -// This node matches a pkg: partial pURL. The type field matches the -// pURL types but we might also use "guac" for the cases where the pURL -// representation is not complete or when we have custom rules. +// Node is a union type of all the possible nodes. // -// Since this node is at the root of the package trie, it is named Package, not -// PackageType. -type PkgEqualPkgPackage struct { - AllPkgTree `json:"-"` -} - -// GetId returns PkgEqualPkgPackage.Id, and is useful for accessing the field via an interface. -func (v *PkgEqualPkgPackage) GetId() string { return v.AllPkgTree.Id } - -// GetType returns PkgEqualPkgPackage.Type, and is useful for accessing the field via an interface. -func (v *PkgEqualPkgPackage) GetType() string { return v.AllPkgTree.Type } - -// GetNamespaces returns PkgEqualPkgPackage.Namespaces, and is useful for accessing the field via an interface. -func (v *PkgEqualPkgPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { - return v.AllPkgTree.Namespaces +// It encapsulates the software tree nodes along with the evidence nodes. In a +// path query, all connecting evidence nodes along with their intermediate subject +// nodes need to be returned in order to create a complete graph. +type PathPathNode interface { + implementsGraphQLInterfacePathPathNode() + // GetTypename returns the receiver's concrete GraphQL type-name (see interface doc for possible values). + GetTypename() *string } -func (v *PkgEqualPkgPackage) UnmarshalJSON(b []byte) error { +func (v *PathPathArtifact) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathBuilder) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathCertifyBad) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathCertifyGood) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathCertifyScorecard) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathCertifyVEXStatement) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathCertifyVuln) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathHasMetadata) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathHasSBOM) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathHasSLSA) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathHasSourceAt) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathHashEqual) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathIsDependency) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathIsOccurrence) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathPackage) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathPkgEqual) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathPointOfContact) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathSource) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathVulnEqual) implementsGraphQLInterfacePathPathNode() {} +func (v *PathPathVulnerability) implementsGraphQLInterfacePathPathNode() {} +func __unmarshalPathPathNode(b []byte, v *PathPathNode) error { if string(b) == "null" { return nil } - var firstPass struct { - *PkgEqualPkgPackage - graphql.NoUnmarshalJSON - } - firstPass.PkgEqualPkgPackage = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err + var tn struct { + TypeName string `json:"__typename"` } - - err = json.Unmarshal( - b, &v.AllPkgTree) + err := json.Unmarshal(b, &tn) if err != nil { return err } - return nil -} - -type __premarshalPkgEqualPkgPackage struct { - Id string `json:"id"` - - Type string `json:"type"` - - Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` -} -func (v *PkgEqualPkgPackage) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err + switch tn.TypeName { + case "Artifact": + *v = new(PathPathArtifact) + return json.Unmarshal(b, *v) + case "Builder": + *v = new(PathPathBuilder) + return json.Unmarshal(b, *v) + case "CertifyBad": + *v = new(PathPathCertifyBad) + return json.Unmarshal(b, *v) + case "CertifyGood": + *v = new(PathPathCertifyGood) + return json.Unmarshal(b, *v) + case "CertifyScorecard": + *v = new(PathPathCertifyScorecard) + return json.Unmarshal(b, *v) + case "CertifyVEXStatement": + *v = new(PathPathCertifyVEXStatement) + return json.Unmarshal(b, *v) + case "CertifyVuln": + *v = new(PathPathCertifyVuln) + return json.Unmarshal(b, *v) + case "HasMetadata": + *v = new(PathPathHasMetadata) + return json.Unmarshal(b, *v) + case "HasSBOM": + *v = new(PathPathHasSBOM) + return json.Unmarshal(b, *v) + case "HasSLSA": + *v = new(PathPathHasSLSA) + return json.Unmarshal(b, *v) + case "HasSourceAt": + *v = new(PathPathHasSourceAt) + return json.Unmarshal(b, *v) + case "HashEqual": + *v = new(PathPathHashEqual) + return json.Unmarshal(b, *v) + case "IsDependency": + *v = new(PathPathIsDependency) + return json.Unmarshal(b, *v) + case "IsOccurrence": + *v = new(PathPathIsOccurrence) + return json.Unmarshal(b, *v) + case "Package": + *v = new(PathPathPackage) + return json.Unmarshal(b, *v) + case "PkgEqual": + *v = new(PathPathPkgEqual) + return json.Unmarshal(b, *v) + case "PointOfContact": + *v = new(PathPathPointOfContact) + return json.Unmarshal(b, *v) + case "Source": + *v = new(PathPathSource) + return json.Unmarshal(b, *v) + case "VulnEqual": + *v = new(PathPathVulnEqual) + return json.Unmarshal(b, *v) + case "Vulnerability": + *v = new(PathPathVulnerability) + return json.Unmarshal(b, *v) + case "": + return fmt.Errorf( + "response was missing Node.__typename") + default: + return fmt.Errorf( + `unexpected concrete type for PathPathNode: "%v"`, tn.TypeName) } - return json.Marshal(premarshaled) -} - -func (v *PkgEqualPkgPackage) __premarshalJSON() (*__premarshalPkgEqualPkgPackage, error) { - var retval __premarshalPkgEqualPkgPackage - - retval.Id = v.AllPkgTree.Id - retval.Type = v.AllPkgTree.Type - retval.Namespaces = v.AllPkgTree.Namespaces - return &retval, nil } -// PkgEqualResponse is returned by PkgEqual on success. -type PkgEqualResponse struct { - // Ingests a new package and returns the corresponding package trie path. - Pkg PkgEqualPkgPackage `json:"pkg"` - // Ingests a new package and returns the corresponding package trie path. - OtherPackage PkgEqualOtherPackage `json:"otherPackage"` - // Adds a certification that two packages are similar. - IngestPkgEqual PkgEqualIngestPkgEqual `json:"ingestPkgEqual"` -} +func __marshalPathPathNode(v *PathPathNode) ([]byte, error) { -// GetPkg returns PkgEqualResponse.Pkg, and is useful for accessing the field via an interface. -func (v *PkgEqualResponse) GetPkg() PkgEqualPkgPackage { return v.Pkg } + var typename string + switch v := (*v).(type) { + case *PathPathArtifact: + typename = "Artifact" -// GetOtherPackage returns PkgEqualResponse.OtherPackage, and is useful for accessing the field via an interface. -func (v *PkgEqualResponse) GetOtherPackage() PkgEqualOtherPackage { return v.OtherPackage } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathArtifact + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathBuilder: + typename = "Builder" -// GetIngestPkgEqual returns PkgEqualResponse.IngestPkgEqual, and is useful for accessing the field via an interface. -func (v *PkgEqualResponse) GetIngestPkgEqual() PkgEqualIngestPkgEqual { return v.IngestPkgEqual } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathBuilder + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathCertifyBad: + typename = "CertifyBad" -// PkgInputSpec specifies a package for mutations. -// -// This is different than PkgSpec because we want to encode mandatory fields: -// type and name. All optional fields are given empty default values. -type PkgInputSpec struct { - Type string `json:"type"` - Namespace *string `json:"namespace"` - Name string `json:"name"` - Version *string `json:"version"` - Qualifiers []PackageQualifierInputSpec `json:"qualifiers"` - Subpath *string `json:"subpath"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathCertifyBad + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathCertifyGood: + typename = "CertifyGood" -// GetType returns PkgInputSpec.Type, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetType() string { return v.Type } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathCertifyGood + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathCertifyScorecard: + typename = "CertifyScorecard" -// GetNamespace returns PkgInputSpec.Namespace, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetNamespace() *string { return v.Namespace } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathCertifyScorecard + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathCertifyVEXStatement: + typename = "CertifyVEXStatement" -// GetName returns PkgInputSpec.Name, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetName() string { return v.Name } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathCertifyVEXStatement + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathCertifyVuln: + typename = "CertifyVuln" -// GetVersion returns PkgInputSpec.Version, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetVersion() *string { return v.Version } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathCertifyVuln + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathHasMetadata: + typename = "HasMetadata" -// GetQualifiers returns PkgInputSpec.Qualifiers, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetQualifiers() []PackageQualifierInputSpec { return v.Qualifiers } + result := struct { + TypeName string `json:"__typename"` + *PathPathHasMetadata + }{typename, v} + return json.Marshal(result) + case *PathPathHasSBOM: + typename = "HasSBOM" -// GetSubpath returns PkgInputSpec.Subpath, and is useful for accessing the field via an interface. -func (v *PkgInputSpec) GetSubpath() *string { return v.Subpath } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathHasSBOM + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathHasSLSA: + typename = "HasSLSA" -// PkgMatchType is an enum to determine if the attestation should be done at the -// specific version or package name. -type PkgMatchType string + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathHasSLSA + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathHasSourceAt: + typename = "HasSourceAt" -const ( - PkgMatchTypeAllVersions PkgMatchType = "ALL_VERSIONS" - PkgMatchTypeSpecificVersion PkgMatchType = "SPECIFIC_VERSION" -) + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathHasSourceAt + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathHashEqual: + typename = "HashEqual" -// PkgSpec allows filtering the list of sources to return in a query. -// -// Each field matches a qualifier from pURL. Use null to match on all values at -// that level. For example, to get all packages in GUAC backend, use a PkgSpec -// where every field is null. -// -// Empty string at a field means matching with the empty string. If passing in -// qualifiers, all of the values in the list must match. Since we want to return -// nodes with any number of qualifiers if no qualifiers are passed in the input, -// we must also return the same set of nodes it the qualifiers list is empty. To -// match on nodes that don't contain any qualifier, set matchOnlyEmptyQualifiers -// to true. If this field is true, then the qualifiers argument is ignored. -type PkgSpec struct { - Id *string `json:"id"` - Type *string `json:"type"` - Namespace *string `json:"namespace"` - Name *string `json:"name"` - Version *string `json:"version"` - Qualifiers []PackageQualifierSpec `json:"qualifiers"` - MatchOnlyEmptyQualifiers *bool `json:"matchOnlyEmptyQualifiers"` - Subpath *string `json:"subpath"` -} + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathHashEqual + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathIsDependency: + typename = "IsDependency" -// GetId returns PkgSpec.Id, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetId() *string { return v.Id } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathIsDependency + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathIsOccurrence: + typename = "IsOccurrence" -// GetType returns PkgSpec.Type, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetType() *string { return v.Type } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathIsOccurrence + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathPackage: + typename = "Package" -// GetNamespace returns PkgSpec.Namespace, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetNamespace() *string { return v.Namespace } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathPackage + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathPkgEqual: + typename = "PkgEqual" -// GetName returns PkgSpec.Name, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetName() *string { return v.Name } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathPkgEqual + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathPointOfContact: + typename = "PointOfContact" -// GetVersion returns PkgSpec.Version, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetVersion() *string { return v.Version } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathPointOfContact + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathSource: + typename = "Source" -// GetQualifiers returns PkgSpec.Qualifiers, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetQualifiers() []PackageQualifierSpec { return v.Qualifiers } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathSource + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathVulnEqual: + typename = "VulnEqual" -// GetMatchOnlyEmptyQualifiers returns PkgSpec.MatchOnlyEmptyQualifiers, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetMatchOnlyEmptyQualifiers() *bool { return v.MatchOnlyEmptyQualifiers } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathVulnEqual + }{typename, premarshaled} + return json.Marshal(result) + case *PathPathVulnerability: + typename = "Vulnerability" -// GetSubpath returns PkgSpec.Subpath, and is useful for accessing the field via an interface. -func (v *PkgSpec) GetSubpath() *string { return v.Subpath } + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + result := struct { + TypeName string `json:"__typename"` + *__premarshalPathPathVulnerability + }{typename, premarshaled} + return json.Marshal(result) + case nil: + return []byte("null"), nil + default: + return nil, fmt.Errorf( + `unexpected concrete type for PathPathNode: "%T"`, v) + } +} -// PointOfContactArtifactIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// PathPathPackage includes the requested fields of the GraphQL type Package. // The GraphQL type's documentation follows. // -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The attestation applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. +// Package represents the root of the package trie/tree. // -// email is the email address (singular) of the point of contact. +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. // -// info is additional contact information other than email address. This is free -// form. +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. // -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type PointOfContactArtifactIngestPointOfContact struct { - AllPointOfContact `json:"-"` -} - -// GetId returns PointOfContactArtifactIngestPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } - -// GetSubject returns PointOfContactArtifactIngestPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject -} - -// GetEmail returns PointOfContactArtifactIngestPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetEmail() string { - return v.AllPointOfContact.Email -} - -// GetInfo returns PointOfContactArtifactIngestPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetInfo() string { - return v.AllPointOfContact.Info +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PathPathPackage struct { + Typename *string `json:"__typename"` + AllPkgTree `json:"-"` } -// GetSince returns PointOfContactArtifactIngestPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetSince() time.Time { - return v.AllPointOfContact.Since -} +// GetTypename returns PathPathPackage.Typename, and is useful for accessing the field via an interface. +func (v *PathPathPackage) GetTypename() *string { return v.Typename } -// GetJustification returns PointOfContactArtifactIngestPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetJustification() string { - return v.AllPointOfContact.Justification -} +// GetId returns PathPathPackage.Id, and is useful for accessing the field via an interface. +func (v *PathPathPackage) GetId() string { return v.AllPkgTree.Id } -// GetOrigin returns PointOfContactArtifactIngestPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetOrigin() string { - return v.AllPointOfContact.Origin -} +// GetType returns PathPathPackage.Type, and is useful for accessing the field via an interface. +func (v *PathPathPackage) GetType() string { return v.AllPkgTree.Type } -// GetCollector returns PointOfContactArtifactIngestPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactIngestPointOfContact) GetCollector() string { - return v.AllPointOfContact.Collector +// GetNamespaces returns PathPathPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PathPathPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -func (v *PointOfContactArtifactIngestPointOfContact) UnmarshalJSON(b []byte) error { +func (v *PathPathPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PointOfContactArtifactIngestPointOfContact + *PathPathPackage graphql.NoUnmarshalJSON } - firstPass.PointOfContactArtifactIngestPointOfContact = v + firstPass.PathPathPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -23924,32 +20135,24 @@ func (v *PointOfContactArtifactIngestPointOfContact) UnmarshalJSON(b []byte) err } err = json.Unmarshal( - b, &v.AllPointOfContact) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalPointOfContactArtifactIngestPointOfContact struct { - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` - - Info string `json:"info"` - - Since time.Time `json:"since"` +type __premarshalPathPathPackage struct { + Typename *string `json:"__typename"` - Justification string `json:"justification"` + Id string `json:"id"` - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *PointOfContactArtifactIngestPointOfContact) MarshalJSON() ([]byte, error) { +func (v *PathPathPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -23957,141 +20160,54 @@ func (v *PointOfContactArtifactIngestPointOfContact) MarshalJSON() ([]byte, erro return json.Marshal(premarshaled) } -func (v *PointOfContactArtifactIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactArtifactIngestPointOfContact, error) { - var retval __premarshalPointOfContactArtifactIngestPointOfContact - - retval.Id = v.AllPointOfContact.Id - { +func (v *PathPathPackage) __premarshalJSON() (*__premarshalPathPathPackage, error) { + var retval __premarshalPathPathPackage - dst := &retval.Subject - src := v.AllPointOfContact.Subject - var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PointOfContactArtifactIngestPointOfContact.AllPointOfContact.Subject: %w", err) - } - } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector + retval.Typename = v.Typename + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// PointOfContactArtifactResponse is returned by PointOfContactArtifact on success. -type PointOfContactArtifactResponse struct { - // Adds a PointOfContact attestation to a package, source or artifact. - IngestPointOfContact PointOfContactArtifactIngestPointOfContact `json:"ingestPointOfContact"` -} - -// GetIngestPointOfContact returns PointOfContactArtifactResponse.IngestPointOfContact, and is useful for accessing the field via an interface. -func (v *PointOfContactArtifactResponse) GetIngestPointOfContact() PointOfContactArtifactIngestPointOfContact { - return v.IngestPointOfContact -} - -// PointOfContactInputSpec represents the mutation input to ingest a PointOfContact evidence. -type PointOfContactInputSpec struct { - Email string `json:"email"` - Info string `json:"info"` - Since time.Time `json:"since"` - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// GetEmail returns PointOfContactInputSpec.Email, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetEmail() string { return v.Email } - -// GetInfo returns PointOfContactInputSpec.Info, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetInfo() string { return v.Info } - -// GetSince returns PointOfContactInputSpec.Since, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetSince() time.Time { return v.Since } - -// GetJustification returns PointOfContactInputSpec.Justification, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetJustification() string { return v.Justification } - -// GetOrigin returns PointOfContactInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns PointOfContactInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *PointOfContactInputSpec) GetCollector() string { return v.Collector } - -// PointOfContactPkgIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// PathPathPkgEqual includes the requested fields of the GraphQL type PkgEqual. // The GraphQL type's documentation follows. // -// PointOfContact is an attestation of how to get in touch with the person(s) responsible -// for a package, source, or artifact. -// -// All evidence trees record a justification for the property they represent as -// well as the document that contains the attestation (origin) and the collector -// that collected the document (collector). -// -// The attestation applies to a subject which is a package, source, or artifact. -// If the attestation targets a package, it must target a PackageName or a -// PackageVersion. If the attestation targets a source, it must target a -// SourceName. -// -// email is the email address (singular) of the point of contact. -// -// info is additional contact information other than email address. This is free -// form. -// -// NOTE: the identifiers for point of contact should be part of software trees. -// This will benefit from identifier look up and traversal as well as organization -// hierarchy. However, until the use case arises, PointOfContact will be a flat -// reference to the contact details. -type PointOfContactPkgIngestPointOfContact struct { - AllPointOfContact `json:"-"` -} - -// GetId returns PointOfContactPkgIngestPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } - -// GetSubject returns PointOfContactPkgIngestPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { - return v.AllPointOfContact.Subject +// PkgEqual is an attestation that a set of packages are similar. +type PathPathPkgEqual struct { + Typename *string `json:"__typename"` + AllPkgEqual `json:"-"` } -// GetEmail returns PointOfContactPkgIngestPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } +// GetTypename returns PathPathPkgEqual.Typename, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetTypename() *string { return v.Typename } -// GetInfo returns PointOfContactPkgIngestPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } +// GetId returns PathPathPkgEqual.Id, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetId() string { return v.AllPkgEqual.Id } -// GetSince returns PointOfContactPkgIngestPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetSince() time.Time { - return v.AllPointOfContact.Since -} +// GetJustification returns PathPathPkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } -// GetJustification returns PointOfContactPkgIngestPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetJustification() string { - return v.AllPointOfContact.Justification -} +// GetPackages returns PathPathPkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { return v.AllPkgEqual.Packages } -// GetOrigin returns PointOfContactPkgIngestPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } +// GetOrigin returns PathPathPkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } -// GetCollector returns PointOfContactPkgIngestPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgIngestPointOfContact) GetCollector() string { - return v.AllPointOfContact.Collector -} +// GetCollector returns PathPathPkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *PathPathPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } -func (v *PointOfContactPkgIngestPointOfContact) UnmarshalJSON(b []byte) error { +func (v *PathPathPkgEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PointOfContactPkgIngestPointOfContact + *PathPathPkgEqual graphql.NoUnmarshalJSON } - firstPass.PointOfContactPkgIngestPointOfContact = v + firstPass.PathPathPkgEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -24099,32 +20215,28 @@ func (v *PointOfContactPkgIngestPointOfContact) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllPointOfContact) + b, &v.AllPkgEqual) if err != nil { return err } return nil } -type __premarshalPointOfContactPkgIngestPointOfContact struct { - Id string `json:"id"` - - Subject json.RawMessage `json:"subject"` - - Email string `json:"email"` - - Info string `json:"info"` +type __premarshalPathPathPkgEqual struct { + Typename *string `json:"__typename"` - Since time.Time `json:"since"` + Id string `json:"id"` Justification string `json:"justification"` + Packages []AllPkgEqualPackagesPackage `json:"packages"` + Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *PointOfContactPkgIngestPointOfContact) MarshalJSON() ([]byte, error) { +func (v *PathPathPkgEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -24132,43 +20244,19 @@ func (v *PointOfContactPkgIngestPointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PointOfContactPkgIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactPkgIngestPointOfContact, error) { - var retval __premarshalPointOfContactPkgIngestPointOfContact - - retval.Id = v.AllPointOfContact.Id - { +func (v *PathPathPkgEqual) __premarshalJSON() (*__premarshalPathPathPkgEqual, error) { + var retval __premarshalPathPathPkgEqual - dst := &retval.Subject - src := v.AllPointOfContact.Subject - var err error - *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal PointOfContactPkgIngestPointOfContact.AllPointOfContact.Subject: %w", err) - } - } - retval.Email = v.AllPointOfContact.Email - retval.Info = v.AllPointOfContact.Info - retval.Since = v.AllPointOfContact.Since - retval.Justification = v.AllPointOfContact.Justification - retval.Origin = v.AllPointOfContact.Origin - retval.Collector = v.AllPointOfContact.Collector + retval.Typename = v.Typename + retval.Id = v.AllPkgEqual.Id + retval.Justification = v.AllPkgEqual.Justification + retval.Packages = v.AllPkgEqual.Packages + retval.Origin = v.AllPkgEqual.Origin + retval.Collector = v.AllPkgEqual.Collector return &retval, nil } -// PointOfContactPkgResponse is returned by PointOfContactPkg on success. -type PointOfContactPkgResponse struct { - // Adds a PointOfContact attestation to a package, source or artifact. - IngestPointOfContact PointOfContactPkgIngestPointOfContact `json:"ingestPointOfContact"` -} - -// GetIngestPointOfContact returns PointOfContactPkgResponse.IngestPointOfContact, and is useful for accessing the field via an interface. -func (v *PointOfContactPkgResponse) GetIngestPointOfContact() PointOfContactPkgIngestPointOfContact { - return v.IngestPointOfContact -} - -// PointOfContactSrcIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// PathPathPointOfContact includes the requested fields of the GraphQL type PointOfContact. // The GraphQL type's documentation follows. // // PointOfContact is an attestation of how to get in touch with the person(s) responsible @@ -24192,53 +20280,51 @@ func (v *PointOfContactPkgResponse) GetIngestPointOfContact() PointOfContactPkgI // This will benefit from identifier look up and traversal as well as organization // hierarchy. However, until the use case arises, PointOfContact will be a flat // reference to the contact details. -type PointOfContactSrcIngestPointOfContact struct { +type PathPathPointOfContact struct { + Typename *string `json:"__typename"` AllPointOfContact `json:"-"` } -// GetId returns PointOfContactSrcIngestPointOfContact.Id, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } +// GetTypename returns PathPathPointOfContact.Typename, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetTypename() *string { return v.Typename } -// GetSubject returns PointOfContactSrcIngestPointOfContact.Subject, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { +// GetId returns PathPathPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetId() string { return v.AllPointOfContact.Id } + +// GetSubject returns PathPathPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { return v.AllPointOfContact.Subject } -// GetEmail returns PointOfContactSrcIngestPointOfContact.Email, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } +// GetEmail returns PathPathPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } -// GetInfo returns PointOfContactSrcIngestPointOfContact.Info, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } +// GetInfo returns PathPathPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } -// GetSince returns PointOfContactSrcIngestPointOfContact.Since, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetSince() time.Time { - return v.AllPointOfContact.Since -} +// GetSince returns PathPathPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetSince() time.Time { return v.AllPointOfContact.Since } -// GetJustification returns PointOfContactSrcIngestPointOfContact.Justification, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetJustification() string { - return v.AllPointOfContact.Justification -} +// GetJustification returns PathPathPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetJustification() string { return v.AllPointOfContact.Justification } -// GetOrigin returns PointOfContactSrcIngestPointOfContact.Origin, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } +// GetOrigin returns PathPathPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } -// GetCollector returns PointOfContactSrcIngestPointOfContact.Collector, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcIngestPointOfContact) GetCollector() string { - return v.AllPointOfContact.Collector -} +// GetCollector returns PathPathPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *PathPathPointOfContact) GetCollector() string { return v.AllPointOfContact.Collector } -func (v *PointOfContactSrcIngestPointOfContact) UnmarshalJSON(b []byte) error { +func (v *PathPathPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *PointOfContactSrcIngestPointOfContact + *PathPathPointOfContact graphql.NoUnmarshalJSON } - firstPass.PointOfContactSrcIngestPointOfContact = v + firstPass.PathPathPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -24253,7 +20339,9 @@ func (v *PointOfContactSrcIngestPointOfContact) UnmarshalJSON(b []byte) error { return nil } -type __premarshalPointOfContactSrcIngestPointOfContact struct { +type __premarshalPathPathPointOfContact struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Subject json.RawMessage `json:"subject"` @@ -24271,7 +20359,7 @@ type __premarshalPointOfContactSrcIngestPointOfContact struct { Collector string `json:"collector"` } -func (v *PointOfContactSrcIngestPointOfContact) MarshalJSON() ([]byte, error) { +func (v *PathPathPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -24279,9 +20367,10 @@ func (v *PointOfContactSrcIngestPointOfContact) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *PointOfContactSrcIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactSrcIngestPointOfContact, error) { - var retval __premarshalPointOfContactSrcIngestPointOfContact +func (v *PathPathPointOfContact) __premarshalJSON() (*__premarshalPathPathPointOfContact, error) { + var retval __premarshalPathPathPointOfContact + retval.Typename = v.Typename retval.Id = v.AllPointOfContact.Id { @@ -24292,7 +20381,7 @@ func (v *PointOfContactSrcIngestPointOfContact) __premarshalJSON() (*__premarsha &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal PointOfContactSrcIngestPointOfContact.AllPointOfContact.Subject: %w", err) + "unable to marshal PathPathPointOfContact.AllPointOfContact.Subject: %w", err) } } retval.Email = v.AllPointOfContact.Email @@ -24304,380 +20393,240 @@ func (v *PointOfContactSrcIngestPointOfContact) __premarshalJSON() (*__premarsha return &retval, nil } -// PointOfContactSrcResponse is returned by PointOfContactSrc on success. -type PointOfContactSrcResponse struct { - // Adds a PointOfContact attestation to a package, source or artifact. - IngestPointOfContact PointOfContactSrcIngestPointOfContact `json:"ingestPointOfContact"` -} - -// GetIngestPointOfContact returns PointOfContactSrcResponse.IngestPointOfContact, and is useful for accessing the field via an interface. -func (v *PointOfContactSrcResponse) GetIngestPointOfContact() PointOfContactSrcIngestPointOfContact { - return v.IngestPointOfContact -} - -// SLSAForArtifactIngestSLSAHasSLSA includes the requested fields of the GraphQL type HasSLSA. +// PathPathSource includes the requested fields of the GraphQL type Source. // The GraphQL type's documentation follows. // -// HasSLSA records that a subject node has a SLSA attestation. -type SLSAForArtifactIngestSLSAHasSLSA struct { - AllSLSATree `json:"-"` -} - -// GetId returns SLSAForArtifactIngestSLSAHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactIngestSLSAHasSLSA) GetId() string { return v.AllSLSATree.Id } - -// GetSubject returns SLSAForArtifactIngestSLSAHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactIngestSLSAHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { - return v.AllSLSATree.Subject -} - -// GetSlsa returns SLSAForArtifactIngestSLSAHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactIngestSLSAHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } - -func (v *SLSAForArtifactIngestSLSAHasSLSA) UnmarshalJSON(b []byte) error { - - if string(b) == "null" { - return nil - } - - var firstPass struct { - *SLSAForArtifactIngestSLSAHasSLSA - graphql.NoUnmarshalJSON - } - firstPass.SLSAForArtifactIngestSLSAHasSLSA = v - - err := json.Unmarshal(b, &firstPass) - if err != nil { - return err - } - - err = json.Unmarshal( - b, &v.AllSLSATree) - if err != nil { - return err - } - return nil -} - -type __premarshalSLSAForArtifactIngestSLSAHasSLSA struct { - Id string `json:"id"` - - Subject AllSLSATreeSubjectArtifact `json:"subject"` - - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` -} - -func (v *SLSAForArtifactIngestSLSAHasSLSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *SLSAForArtifactIngestSLSAHasSLSA) __premarshalJSON() (*__premarshalSLSAForArtifactIngestSLSAHasSLSA, error) { - var retval __premarshalSLSAForArtifactIngestSLSAHasSLSA - - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa - return &retval, nil -} - -// SLSAForArtifactResponse is returned by SLSAForArtifact on success. -type SLSAForArtifactResponse struct { - // Ingests a SLSA attestation - IngestSLSA SLSAForArtifactIngestSLSAHasSLSA `json:"ingestSLSA"` +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type PathPathSource struct { + Typename *string `json:"__typename"` + AllSourceTree `json:"-"` } -// GetIngestSLSA returns SLSAForArtifactResponse.IngestSLSA, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactResponse) GetIngestSLSA() SLSAForArtifactIngestSLSAHasSLSA { - return v.IngestSLSA -} +// GetTypename returns PathPathSource.Typename, and is useful for accessing the field via an interface. +func (v *PathPathSource) GetTypename() *string { return v.Typename } -// SLSAForArtifactsIngestSLSAsHasSLSA includes the requested fields of the GraphQL type HasSLSA. -// The GraphQL type's documentation follows. -// -// HasSLSA records that a subject node has a SLSA attestation. -type SLSAForArtifactsIngestSLSAsHasSLSA struct { - AllSLSATree `json:"-"` -} +// GetId returns PathPathSource.Id, and is useful for accessing the field via an interface. +func (v *PathPathSource) GetId() string { return v.AllSourceTree.Id } -// GetId returns SLSAForArtifactsIngestSLSAsHasSLSA.Id, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetId() string { return v.AllSLSATree.Id } +// GetType returns PathPathSource.Type, and is useful for accessing the field via an interface. +func (v *PathPathSource) GetType() string { return v.AllSourceTree.Type } -// GetSubject returns SLSAForArtifactsIngestSLSAsHasSLSA.Subject, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { - return v.AllSLSATree.Subject +// GetNamespaces returns PathPathSource.Namespaces, and is useful for accessing the field via an interface. +func (v *PathPathSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces } -// GetSlsa returns SLSAForArtifactsIngestSLSAsHasSLSA.Slsa, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } - -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) UnmarshalJSON(b []byte) error { +func (v *PathPathSource) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *SLSAForArtifactsIngestSLSAsHasSLSA + *PathPathSource graphql.NoUnmarshalJSON } - firstPass.SLSAForArtifactsIngestSLSAsHasSLSA = v + firstPass.PathPathSource = v err := json.Unmarshal(b, &firstPass) if err != nil { return err - } - - err = json.Unmarshal( - b, &v.AllSLSATree) - if err != nil { - return err - } - return nil -} - -type __premarshalSLSAForArtifactsIngestSLSAsHasSLSA struct { - Id string `json:"id"` - - Subject AllSLSATreeSubjectArtifact `json:"subject"` - - Slsa AllSLSATreeSlsaSLSA `json:"slsa"` -} - -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) MarshalJSON() ([]byte, error) { - premarshaled, err := v.__premarshalJSON() - if err != nil { - return nil, err - } - return json.Marshal(premarshaled) -} - -func (v *SLSAForArtifactsIngestSLSAsHasSLSA) __premarshalJSON() (*__premarshalSLSAForArtifactsIngestSLSAsHasSLSA, error) { - var retval __premarshalSLSAForArtifactsIngestSLSAsHasSLSA - - retval.Id = v.AllSLSATree.Id - retval.Subject = v.AllSLSATree.Subject - retval.Slsa = v.AllSLSATree.Slsa - return &retval, nil -} - -// SLSAForArtifactsResponse is returned by SLSAForArtifacts on success. -type SLSAForArtifactsResponse struct { - // Bulk Ingest SLSA attestations - IngestSLSAs []SLSAForArtifactsIngestSLSAsHasSLSA `json:"ingestSLSAs"` -} - -// GetIngestSLSAs returns SLSAForArtifactsResponse.IngestSLSAs, and is useful for accessing the field via an interface. -func (v *SLSAForArtifactsResponse) GetIngestSLSAs() []SLSAForArtifactsIngestSLSAsHasSLSA { - return v.IngestSLSAs -} - -// SLSAInputSpec is the same as SLSA but for mutation input. -type SLSAInputSpec struct { - BuildType string `json:"buildType"` - SlsaPredicate []SLSAPredicateInputSpec `json:"slsaPredicate"` - SlsaVersion string `json:"slsaVersion"` - StartedOn *time.Time `json:"startedOn"` - FinishedOn *time.Time `json:"finishedOn"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// GetBuildType returns SLSAInputSpec.BuildType, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetBuildType() string { return v.BuildType } - -// GetSlsaPredicate returns SLSAInputSpec.SlsaPredicate, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetSlsaPredicate() []SLSAPredicateInputSpec { return v.SlsaPredicate } - -// GetSlsaVersion returns SLSAInputSpec.SlsaVersion, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetSlsaVersion() string { return v.SlsaVersion } - -// GetStartedOn returns SLSAInputSpec.StartedOn, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetStartedOn() *time.Time { return v.StartedOn } - -// GetFinishedOn returns SLSAInputSpec.FinishedOn, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetFinishedOn() *time.Time { return v.FinishedOn } - -// GetOrigin returns SLSAInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns SLSAInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *SLSAInputSpec) GetCollector() string { return v.Collector } - -// SLSAPredicateInputSpec allows ingesting SLSAPredicateSpec. -type SLSAPredicateInputSpec struct { - Key string `json:"key"` - Value string `json:"value"` -} - -// GetKey returns SLSAPredicateInputSpec.Key, and is useful for accessing the field via an interface. -func (v *SLSAPredicateInputSpec) GetKey() string { return v.Key } - -// GetValue returns SLSAPredicateInputSpec.Value, and is useful for accessing the field via an interface. -func (v *SLSAPredicateInputSpec) GetValue() string { return v.Value } - -// ScorecardCheckInputSpec represents the mutation input for a Scorecard check. -type ScorecardCheckInputSpec struct { - Check string `json:"check"` - Score int `json:"score"` -} - -// GetCheck returns ScorecardCheckInputSpec.Check, and is useful for accessing the field via an interface. -func (v *ScorecardCheckInputSpec) GetCheck() string { return v.Check } - -// GetScore returns ScorecardCheckInputSpec.Score, and is useful for accessing the field via an interface. -func (v *ScorecardCheckInputSpec) GetScore() int { return v.Score } - -// ScorecardInputSpec represents the mutation input to ingest a Scorecard. -type ScorecardInputSpec struct { - Checks []ScorecardCheckInputSpec `json:"checks"` - AggregateScore float64 `json:"aggregateScore"` - TimeScanned time.Time `json:"timeScanned"` - ScorecardVersion string `json:"scorecardVersion"` - ScorecardCommit string `json:"scorecardCommit"` - Origin string `json:"origin"` - Collector string `json:"collector"` + } + + err = json.Unmarshal( + b, &v.AllSourceTree) + if err != nil { + return err + } + return nil } -// GetChecks returns ScorecardInputSpec.Checks, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetChecks() []ScorecardCheckInputSpec { return v.Checks } +type __premarshalPathPathSource struct { + Typename *string `json:"__typename"` -// GetAggregateScore returns ScorecardInputSpec.AggregateScore, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetAggregateScore() float64 { return v.AggregateScore } + Id string `json:"id"` -// GetTimeScanned returns ScorecardInputSpec.TimeScanned, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetTimeScanned() time.Time { return v.TimeScanned } + Type string `json:"type"` -// GetScorecardVersion returns ScorecardInputSpec.ScorecardVersion, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetScorecardVersion() string { return v.ScorecardVersion } + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` +} -// GetScorecardCommit returns ScorecardInputSpec.ScorecardCommit, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetScorecardCommit() string { return v.ScorecardCommit } +func (v *PathPathSource) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetOrigin returns ScorecardInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetOrigin() string { return v.Origin } +func (v *PathPathSource) __premarshalJSON() (*__premarshalPathPathSource, error) { + var retval __premarshalPathPathSource -// GetCollector returns ScorecardInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *ScorecardInputSpec) GetCollector() string { return v.Collector } + retval.Typename = v.Typename + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces + return &retval, nil +} -// SourceInputSpec specifies a source for mutations. +// PathPathVulnEqual includes the requested fields of the GraphQL type VulnEqual. +// The GraphQL type's documentation follows. // -// This is different than SourceSpec because we want to encode that all fields -// except tag and commit are mandatory fields. All optional fields are given empty -// default values. +// VulnEqual is an attestation to link two vulnerabilities together as being equal" // -// It is an error to set both tag and commit fields to values different than the -// default. -type SourceInputSpec struct { - Type string `json:"type"` - Namespace string `json:"namespace"` - Name string `json:"name"` - Tag *string `json:"tag"` - Commit *string `json:"commit"` +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type PathPathVulnEqual struct { + Typename *string `json:"__typename"` + AllVulnEqual `json:"-"` } -// GetType returns SourceInputSpec.Type, and is useful for accessing the field via an interface. -func (v *SourceInputSpec) GetType() string { return v.Type } +// GetTypename returns PathPathVulnEqual.Typename, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetTypename() *string { return v.Typename } -// GetNamespace returns SourceInputSpec.Namespace, and is useful for accessing the field via an interface. -func (v *SourceInputSpec) GetNamespace() string { return v.Namespace } +// GetId returns PathPathVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetId() string { return v.AllVulnEqual.Id } -// GetName returns SourceInputSpec.Name, and is useful for accessing the field via an interface. -func (v *SourceInputSpec) GetName() string { return v.Name } +// GetVulnerabilities returns PathPathVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.AllVulnEqual.Vulnerabilities +} -// GetTag returns SourceInputSpec.Tag, and is useful for accessing the field via an interface. -func (v *SourceInputSpec) GetTag() *string { return v.Tag } +// GetJustification returns PathPathVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetJustification() string { return v.AllVulnEqual.Justification } -// GetCommit returns SourceInputSpec.Commit, and is useful for accessing the field via an interface. -func (v *SourceInputSpec) GetCommit() *string { return v.Commit } +// GetOrigin returns PathPathVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetOrigin() string { return v.AllVulnEqual.Origin } -// SourceSpec allows filtering the list of sources to return in a query. -// -// Empty string at a field means matching with the empty string. Missing field -// means retrieving all possible matches. -// -// It is an error to specify both tag and commit fields, except it both are set as -// empty string (in which case the returned sources are only those for which there -// is no tag/commit information). -type SourceSpec struct { - Id *string `json:"id"` - Type *string `json:"type"` - Namespace *string `json:"namespace"` - Name *string `json:"name"` - Tag *string `json:"tag"` - Commit *string `json:"commit"` +// GetCollector returns PathPathVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *PathPathVulnEqual) GetCollector() string { return v.AllVulnEqual.Collector } + +func (v *PathPathVulnEqual) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *PathPathVulnEqual + graphql.NoUnmarshalJSON + } + firstPass.PathPathVulnEqual = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllVulnEqual) + if err != nil { + return err + } + return nil } -// GetId returns SourceSpec.Id, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetId() *string { return v.Id } +type __premarshalPathPathVulnEqual struct { + Typename *string `json:"__typename"` -// GetType returns SourceSpec.Type, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetType() *string { return v.Type } + Id string `json:"id"` -// GetNamespace returns SourceSpec.Namespace, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetNamespace() *string { return v.Namespace } + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` -// GetName returns SourceSpec.Name, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetName() *string { return v.Name } + Justification string `json:"justification"` -// GetTag returns SourceSpec.Tag, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetTag() *string { return v.Tag } + Origin string `json:"origin"` -// GetCommit returns SourceSpec.Commit, and is useful for accessing the field via an interface. -func (v *SourceSpec) GetCommit() *string { return v.Commit } + Collector string `json:"collector"` +} -// SourcesResponse is returned by Sources on success. -type SourcesResponse struct { - // Returns all sources matching a filter. - Sources []SourcesSourcesSource `json:"sources"` +func (v *PathPathVulnEqual) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetSources returns SourcesResponse.Sources, and is useful for accessing the field via an interface. -func (v *SourcesResponse) GetSources() []SourcesSourcesSource { return v.Sources } +func (v *PathPathVulnEqual) __premarshalJSON() (*__premarshalPathPathVulnEqual, error) { + var retval __premarshalPathPathVulnEqual -// SourcesSourcesSource includes the requested fields of the GraphQL type Source. + retval.Typename = v.Typename + retval.Id = v.AllVulnEqual.Id + retval.Vulnerabilities = v.AllVulnEqual.Vulnerabilities + retval.Justification = v.AllVulnEqual.Justification + retval.Origin = v.AllVulnEqual.Origin + retval.Collector = v.AllVulnEqual.Collector + return &retval, nil +} + +// PathPathVulnerability includes the requested fields of the GraphQL type Vulnerability. // The GraphQL type's documentation follows. // -// Source represents the root of the source trie/tree. +// Vulnerability represents the root of the vulnerability trie/tree. // -// We map source information to a trie, as a derivative of the pURL specification: -// each path in the trie represents a type, namespace, name and an optional -// qualifier that stands for tag/commit information. +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ // // This node represents the type part of the trie path. It is used to represent -// the version control system that is being used. +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific // -// Since this node is at the root of the source trie, it is named Source, not -// SourceType. -type SourcesSourcesSource struct { - AllSourceTree `json:"-"` +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type PathPathVulnerability struct { + Typename *string `json:"__typename"` + AllVulnerabilityTree `json:"-"` } -// GetId returns SourcesSourcesSource.Id, and is useful for accessing the field via an interface. -func (v *SourcesSourcesSource) GetId() string { return v.AllSourceTree.Id } +// GetTypename returns PathPathVulnerability.Typename, and is useful for accessing the field via an interface. +func (v *PathPathVulnerability) GetTypename() *string { return v.Typename } -// GetType returns SourcesSourcesSource.Type, and is useful for accessing the field via an interface. -func (v *SourcesSourcesSource) GetType() string { return v.AllSourceTree.Type } +// GetId returns PathPathVulnerability.Id, and is useful for accessing the field via an interface. +func (v *PathPathVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetNamespaces returns SourcesSourcesSource.Namespaces, and is useful for accessing the field via an interface. -func (v *SourcesSourcesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { - return v.AllSourceTree.Namespaces +// GetType returns PathPathVulnerability.Type, and is useful for accessing the field via an interface. +func (v *PathPathVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } + +// GetVulnerabilityIDs returns PathPathVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *PathPathVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -func (v *SourcesSourcesSource) UnmarshalJSON(b []byte) error { +func (v *PathPathVulnerability) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *SourcesSourcesSource + *PathPathVulnerability graphql.NoUnmarshalJSON } - firstPass.SourcesSourcesSource = v + firstPass.PathPathVulnerability = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -24685,22 +20634,24 @@ func (v *SourcesSourcesSource) UnmarshalJSON(b []byte) error { } err = json.Unmarshal( - b, &v.AllSourceTree) + b, &v.AllVulnerabilityTree) if err != nil { return err } return nil } -type __premarshalSourcesSourcesSource struct { +type __premarshalPathPathVulnerability struct { + Typename *string `json:"__typename"` + Id string `json:"id"` Type string `json:"type"` - Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -func (v *SourcesSourcesSource) MarshalJSON() ([]byte, error) { +func (v *PathPathVulnerability) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -24708,85 +20659,142 @@ func (v *SourcesSourcesSource) MarshalJSON() ([]byte, error) { return json.Marshal(premarshaled) } -func (v *SourcesSourcesSource) __premarshalJSON() (*__premarshalSourcesSourcesSource, error) { - var retval __premarshalSourcesSourcesSource +func (v *PathPathVulnerability) __premarshalJSON() (*__premarshalPathPathVulnerability, error) { + var retval __premarshalPathPathVulnerability - retval.Id = v.AllSourceTree.Id - retval.Type = v.AllSourceTree.Type - retval.Namespaces = v.AllSourceTree.Namespaces + retval.Typename = v.Typename + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs + return &retval, nil +} + +// PathResponse is returned by Path on success. +type PathResponse struct { + // path query returns a path between subject and target, of a maximum length. + // + // Since we want to uniquely identify endpoints, nodes must be specified by + // valid IDs only (instead of using filters/input spec structs). + // + // Specifying any Edge value in `usingOnly` will make the path only contain the + // corresponding GUAC evidence trees (GUAC verbs). + Path []PathPathNode `json:"-"` +} + +// GetPath returns PathResponse.Path, and is useful for accessing the field via an interface. +func (v *PathResponse) GetPath() []PathPathNode { return v.Path } + +func (v *PathResponse) UnmarshalJSON(b []byte) error { + + if string(b) == "null" { + return nil + } + + var firstPass struct { + *PathResponse + Path []json.RawMessage `json:"path"` + graphql.NoUnmarshalJSON + } + firstPass.PathResponse = v + + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + { + dst := &v.Path + src := firstPass.Path + *dst = make( + []PathPathNode, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + if len(src) != 0 && string(src) != "null" { + err = __unmarshalPathPathNode( + src, dst) + if err != nil { + return fmt.Errorf( + "unable to unmarshal PathResponse.Path: %w", err) + } + } + } + } + return nil +} + +type __premarshalPathResponse struct { + Path []json.RawMessage `json:"path"` +} + +func (v *PathResponse) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} + +func (v *PathResponse) __premarshalJSON() (*__premarshalPathResponse, error) { + var retval __premarshalPathResponse + + { + + dst := &retval.Path + src := v.Path + *dst = make( + []json.RawMessage, + len(src)) + for i, src := range src { + dst := &(*dst)[i] + var err error + *dst, err = __marshalPathPathNode( + &src) + if err != nil { + return nil, fmt.Errorf( + "unable to marshal PathResponse.Path: %w", err) + } + } + } return &retval, nil } -// VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. +// PkgEqualIngestPkgEqual includes the requested fields of the GraphQL type PkgEqual. // The GraphQL type's documentation follows. // -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` -} - -// GetId returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} - -// GetSubject returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} - -// GetStatus returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} - -// GetVexJustification returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification +// PkgEqual is an attestation that a set of packages are similar. +type PkgEqualIngestPkgEqual struct { + AllPkgEqual `json:"-"` } -// GetStatement returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} +// GetId returns PkgEqualIngestPkgEqual.Id, and is useful for accessing the field via an interface. +func (v *PkgEqualIngestPkgEqual) GetId() string { return v.AllPkgEqual.Id } -// GetStatusNotes returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes -} +// GetJustification returns PkgEqualIngestPkgEqual.Justification, and is useful for accessing the field via an interface. +func (v *PkgEqualIngestPkgEqual) GetJustification() string { return v.AllPkgEqual.Justification } -// GetKnownSince returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +// GetPackages returns PkgEqualIngestPkgEqual.Packages, and is useful for accessing the field via an interface. +func (v *PkgEqualIngestPkgEqual) GetPackages() []AllPkgEqualPackagesPackage { + return v.AllPkgEqual.Packages } -// GetOrigin returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin -} +// GetOrigin returns PkgEqualIngestPkgEqual.Origin, and is useful for accessing the field via an interface. +func (v *PkgEqualIngestPkgEqual) GetOrigin() string { return v.AllPkgEqual.Origin } -// GetCollector returns VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector -} +// GetCollector returns PkgEqualIngestPkgEqual.Collector, and is useful for accessing the field via an interface. +func (v *PkgEqualIngestPkgEqual) GetCollector() string { return v.AllPkgEqual.Collector } -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PkgEqualIngestPkgEqual) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement + *PkgEqualIngestPkgEqual graphql.NoUnmarshalJSON } - firstPass.VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement = v + firstPass.PkgEqualIngestPkgEqual = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -24794,36 +20802,26 @@ func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPkgEqual) if err != nil { return err } return nil } -type __premarshalVEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPkgEqualIngestPkgEqual struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` - - Statement string `json:"statement"` - - StatusNotes string `json:"statusNotes"` + Justification string `json:"justification"` - KnownSince time.Time `json:"knownSince"` + Packages []AllPkgEqualPackagesPackage `json:"packages"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PkgEqualIngestPkgEqual) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -24831,125 +20829,76 @@ func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) MarshalJSON() ( return json.Marshal(premarshaled) } -func (v *VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement - - retval.Id = v.AllCertifyVEXStatement.Id - { - - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { +func (v *PkgEqualIngestPkgEqual) __premarshalJSON() (*__premarshalPkgEqualIngestPkgEqual, error) { + var retval __premarshalPkgEqualIngestPkgEqual - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Id = v.AllPkgEqual.Id + retval.Justification = v.AllPkgEqual.Justification + retval.Packages = v.AllPkgEqual.Packages + retval.Origin = v.AllPkgEqual.Origin + retval.Collector = v.AllPkgEqual.Collector return &retval, nil } -// VEXPackageAndGhsaResponse is returned by VEXPackageAndGhsa on success. -type VEXPackageAndGhsaResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` -} - -// GetIngestVEXStatement returns VEXPackageAndGhsaResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VEXPackageAndGhsaResponse) GetIngestVEXStatement() VEXPackageAndGhsaIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement -} - -// VexArtifactAndCveIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. -// -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VexArtifactAndCveIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` -} - -// GetId returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} - -// GetSubject returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability +// PkgEqualInputSpec represents the input to certify that packages are similar. +type PkgEqualInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetStatus returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} +// GetJustification returns PkgEqualInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *PkgEqualInputSpec) GetJustification() string { return v.Justification } -// GetVexJustification returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} +// GetOrigin returns PkgEqualInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *PkgEqualInputSpec) GetOrigin() string { return v.Origin } -// GetStatement returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} +// GetCollector returns PkgEqualInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *PkgEqualInputSpec) GetCollector() string { return v.Collector } -// GetStatusNotes returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes +// PkgEqualOtherPackage includes the requested fields of the GraphQL type Package. +// The GraphQL type's documentation follows. +// +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PkgEqualOtherPackage struct { + AllPkgTree `json:"-"` } -// GetKnownSince returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince -} +// GetId returns PkgEqualOtherPackage.Id, and is useful for accessing the field via an interface. +func (v *PkgEqualOtherPackage) GetId() string { return v.AllPkgTree.Id } -// GetOrigin returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin -} +// GetType returns PkgEqualOtherPackage.Type, and is useful for accessing the field via an interface. +func (v *PkgEqualOtherPackage) GetType() string { return v.AllPkgTree.Type } -// GetCollector returns VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector +// GetNamespaces returns PkgEqualOtherPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PkgEqualOtherPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PkgEqualOtherPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement + *PkgEqualOtherPackage graphql.NoUnmarshalJSON } - firstPass.VexArtifactAndCveIngestVEXStatementCertifyVEXStatement = v + firstPass.PkgEqualOtherPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -24957,36 +20906,22 @@ func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalVexArtifactAndCveIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPkgEqualOtherPackage struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` - - Statement string `json:"statement"` - - StatusNotes string `json:"statusNotes"` - - KnownSince time.Time `json:"knownSince"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PkgEqualOtherPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -24994,125 +20929,58 @@ func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) MarshalJSON() ( return json.Marshal(premarshaled) } -func (v *VexArtifactAndCveIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVexArtifactAndCveIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVexArtifactAndCveIngestVEXStatementCertifyVEXStatement - - retval.Id = v.AllCertifyVEXStatement.Id - { - - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexArtifactAndCveIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector - return &retval, nil -} - -// VexArtifactAndCveResponse is returned by VexArtifactAndCve on success. -type VexArtifactAndCveResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VexArtifactAndCveIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` -} - -// GetIngestVEXStatement returns VexArtifactAndCveResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndCveResponse) GetIngestVEXStatement() VexArtifactAndCveIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement -} - -// VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. -// -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` -} - -// GetId returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} - -// GetSubject returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} - -// GetStatus returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} - -// GetVexJustification returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification -} - -// GetStatement returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} - -// GetStatusNotes returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes -} +func (v *PkgEqualOtherPackage) __premarshalJSON() (*__premarshalPkgEqualOtherPackage, error) { + var retval __premarshalPkgEqualOtherPackage -// GetKnownSince returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces + return &retval, nil } -// GetOrigin returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin +// PkgEqualPkgPackage includes the requested fields of the GraphQL type Package. +// The GraphQL type's documentation follows. +// +// Package represents the root of the package trie/tree. +// +// We map package information to a trie, closely matching the pURL specification +// (https://github.com/package-url/purl-spec/blob/0dd92f26f8bb11956ffdf5e8acfcee71e8560407/README.rst), +// but deviating from it where GUAC heuristics allow for better representation of +// package information. Each path in the trie fully represents a package; we split +// the trie based on the pURL components. +// +// This node matches a pkg: partial pURL. The type field matches the +// pURL types but we might also use "guac" for the cases where the pURL +// representation is not complete or when we have custom rules. +// +// Since this node is at the root of the package trie, it is named Package, not +// PackageType. +type PkgEqualPkgPackage struct { + AllPkgTree `json:"-"` } -// GetCollector returns VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector +// GetId returns PkgEqualPkgPackage.Id, and is useful for accessing the field via an interface. +func (v *PkgEqualPkgPackage) GetId() string { return v.AllPkgTree.Id } + +// GetType returns PkgEqualPkgPackage.Type, and is useful for accessing the field via an interface. +func (v *PkgEqualPkgPackage) GetType() string { return v.AllPkgTree.Type } + +// GetNamespaces returns PkgEqualPkgPackage.Namespaces, and is useful for accessing the field via an interface. +func (v *PkgEqualPkgPackage) GetNamespaces() []AllPkgTreeNamespacesPackageNamespace { + return v.AllPkgTree.Namespaces } -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PkgEqualPkgPackage) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement + *PkgEqualPkgPackage graphql.NoUnmarshalJSON } - firstPass.VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement = v + firstPass.PkgEqualPkgPackage = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -25120,36 +20988,22 @@ func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) UnmarshalJSON( } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPkgTree) if err != nil { return err } return nil } -type __premarshalVexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPkgEqualPkgPackage struct { Id string `json:"id"` - Subject json.RawMessage `json:"subject"` - - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` - - Statement string `json:"statement"` - - StatusNotes string `json:"statusNotes"` - - KnownSince time.Time `json:"knownSince"` - - Origin string `json:"origin"` + Type string `json:"type"` - Collector string `json:"collector"` + Namespaces []AllPkgTreeNamespacesPackageNamespace `json:"namespaces"` } -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PkgEqualPkgPackage) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -25157,125 +21011,198 @@ func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) MarshalJSON() return json.Marshal(premarshaled) } -func (v *VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement - - retval.Id = v.AllCertifyVEXStatement.Id - { - - dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { +func (v *PkgEqualPkgPackage) __premarshalJSON() (*__premarshalPkgEqualPkgPackage, error) { + var retval __premarshalPkgEqualPkgPackage - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability - var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) - } - } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Id = v.AllPkgTree.Id + retval.Type = v.AllPkgTree.Type + retval.Namespaces = v.AllPkgTree.Namespaces return &retval, nil } -// VexArtifactAndGhsaResponse is returned by VexArtifactAndGhsa on success. -type VexArtifactAndGhsaResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` +// PkgEqualResponse is returned by PkgEqual on success. +type PkgEqualResponse struct { + // Ingests a new package and returns the corresponding package trie path. + Pkg PkgEqualPkgPackage `json:"pkg"` + // Ingests a new package and returns the corresponding package trie path. + OtherPackage PkgEqualOtherPackage `json:"otherPackage"` + // Adds a certification that two packages are similar. + IngestPkgEqual PkgEqualIngestPkgEqual `json:"ingestPkgEqual"` } -// GetIngestVEXStatement returns VexArtifactAndGhsaResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndGhsaResponse) GetIngestVEXStatement() VexArtifactAndGhsaIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement -} +// GetPkg returns PkgEqualResponse.Pkg, and is useful for accessing the field via an interface. +func (v *PkgEqualResponse) GetPkg() PkgEqualPkgPackage { return v.Pkg } -// VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. +// GetOtherPackage returns PkgEqualResponse.OtherPackage, and is useful for accessing the field via an interface. +func (v *PkgEqualResponse) GetOtherPackage() PkgEqualOtherPackage { return v.OtherPackage } + +// GetIngestPkgEqual returns PkgEqualResponse.IngestPkgEqual, and is useful for accessing the field via an interface. +func (v *PkgEqualResponse) GetIngestPkgEqual() PkgEqualIngestPkgEqual { return v.IngestPkgEqual } + +// PkgInputSpec specifies a package for mutations. // -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` +// This is different than PkgSpec because we want to encode mandatory fields: +// type and name. All optional fields are given empty default values. +type PkgInputSpec struct { + Type string `json:"type"` + Namespace *string `json:"namespace"` + Name string `json:"name"` + Version *string `json:"version"` + Qualifiers []PackageQualifierInputSpec `json:"qualifiers"` + Subpath *string `json:"subpath"` } -// GetId returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} +// GetType returns PkgInputSpec.Type, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetType() string { return v.Type } -// GetSubject returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject +// GetNamespace returns PkgInputSpec.Namespace, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetNamespace() *string { return v.Namespace } + +// GetName returns PkgInputSpec.Name, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetName() string { return v.Name } + +// GetVersion returns PkgInputSpec.Version, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetVersion() *string { return v.Version } + +// GetQualifiers returns PkgInputSpec.Qualifiers, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetQualifiers() []PackageQualifierInputSpec { return v.Qualifiers } + +// GetSubpath returns PkgInputSpec.Subpath, and is useful for accessing the field via an interface. +func (v *PkgInputSpec) GetSubpath() *string { return v.Subpath } + +// PkgMatchType is an enum to determine if the attestation should be done at the +// specific version or package name. +type PkgMatchType string + +const ( + PkgMatchTypeAllVersions PkgMatchType = "ALL_VERSIONS" + PkgMatchTypeSpecificVersion PkgMatchType = "SPECIFIC_VERSION" +) + +// PkgSpec allows filtering the list of sources to return in a query. +// +// Each field matches a qualifier from pURL. Use null to match on all values at +// that level. For example, to get all packages in GUAC backend, use a PkgSpec +// where every field is null. +// +// Empty string at a field means matching with the empty string. If passing in +// qualifiers, all of the values in the list must match. Since we want to return +// nodes with any number of qualifiers if no qualifiers are passed in the input, +// we must also return the same set of nodes it the qualifiers list is empty. To +// match on nodes that don't contain any qualifier, set matchOnlyEmptyQualifiers +// to true. If this field is true, then the qualifiers argument is ignored. +type PkgSpec struct { + Id *string `json:"id"` + Type *string `json:"type"` + Namespace *string `json:"namespace"` + Name *string `json:"name"` + Version *string `json:"version"` + Qualifiers []PackageQualifierSpec `json:"qualifiers"` + MatchOnlyEmptyQualifiers *bool `json:"matchOnlyEmptyQualifiers"` + Subpath *string `json:"subpath"` } -// GetVulnerability returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability +// GetId returns PkgSpec.Id, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetId() *string { return v.Id } + +// GetType returns PkgSpec.Type, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetType() *string { return v.Type } + +// GetNamespace returns PkgSpec.Namespace, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetNamespace() *string { return v.Namespace } + +// GetName returns PkgSpec.Name, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetName() *string { return v.Name } + +// GetVersion returns PkgSpec.Version, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetVersion() *string { return v.Version } + +// GetQualifiers returns PkgSpec.Qualifiers, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetQualifiers() []PackageQualifierSpec { return v.Qualifiers } + +// GetMatchOnlyEmptyQualifiers returns PkgSpec.MatchOnlyEmptyQualifiers, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetMatchOnlyEmptyQualifiers() *bool { return v.MatchOnlyEmptyQualifiers } + +// GetSubpath returns PkgSpec.Subpath, and is useful for accessing the field via an interface. +func (v *PkgSpec) GetSubpath() *string { return v.Subpath } + +// PointOfContactArtifactIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// The GraphQL type's documentation follows. +// +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type PointOfContactArtifactIngestPointOfContact struct { + AllPointOfContact `json:"-"` } -// GetStatus returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status +// GetId returns PointOfContactArtifactIngestPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } + +// GetSubject returns PointOfContactArtifactIngestPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject } -// GetVexJustification returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification +// GetEmail returns PointOfContactArtifactIngestPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetEmail() string { + return v.AllPointOfContact.Email } -// GetStatement returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement +// GetInfo returns PointOfContactArtifactIngestPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetInfo() string { + return v.AllPointOfContact.Info } -// GetStatusNotes returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes +// GetSince returns PointOfContactArtifactIngestPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetSince() time.Time { + return v.AllPointOfContact.Since } -// GetKnownSince returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +// GetJustification returns PointOfContactArtifactIngestPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetJustification() string { + return v.AllPointOfContact.Justification } -// GetOrigin returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin +// GetOrigin returns PointOfContactArtifactIngestPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetOrigin() string { + return v.AllPointOfContact.Origin } -// GetCollector returns VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector +// GetCollector returns PointOfContactArtifactIngestPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactIngestPointOfContact) GetCollector() string { + return v.AllPointOfContact.Collector } -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PointOfContactArtifactIngestPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement + *PointOfContactArtifactIngestPointOfContact graphql.NoUnmarshalJSON } - firstPass.VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement = v + firstPass.PointOfContactArtifactIngestPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -25283,36 +21210,32 @@ func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalVexArtifactAndOsvIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPointOfContactArtifactIngestPointOfContact struct { Id string `json:"id"` Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` + Email string `json:"email"` - Statement string `json:"statement"` + Info string `json:"info"` - StatusNotes string `json:"statusNotes"` + Since time.Time `json:"since"` - KnownSince time.Time `json:"knownSince"` + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PointOfContactArtifactIngestPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -25320,137 +21243,141 @@ func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) MarshalJSON() ( return json.Marshal(premarshaled) } -func (v *VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVexArtifactAndOsvIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVexArtifactAndOsvIngestVEXStatementCertifyVEXStatement +func (v *PointOfContactArtifactIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactArtifactIngestPointOfContact, error) { + var retval __premarshalPointOfContactArtifactIngestPointOfContact - retval.Id = v.AllCertifyVEXStatement.Id + retval.Id = v.AllPointOfContact.Id { dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability + src := v.AllPointOfContact.Subject var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) + "unable to marshal PointOfContactArtifactIngestPointOfContact.AllPointOfContact.Subject: %w", err) } } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// VexArtifactAndOsvResponse is returned by VexArtifactAndOsv on success. -type VexArtifactAndOsvResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` +// PointOfContactArtifactResponse is returned by PointOfContactArtifact on success. +type PointOfContactArtifactResponse struct { + // Adds a PointOfContact attestation to a package, source or artifact. + IngestPointOfContact PointOfContactArtifactIngestPointOfContact `json:"ingestPointOfContact"` } -// GetIngestVEXStatement returns VexArtifactAndOsvResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VexArtifactAndOsvResponse) GetIngestVEXStatement() VexArtifactAndOsvIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement +// GetIngestPointOfContact returns PointOfContactArtifactResponse.IngestPointOfContact, and is useful for accessing the field via an interface. +func (v *PointOfContactArtifactResponse) GetIngestPointOfContact() PointOfContactArtifactIngestPointOfContact { + return v.IngestPointOfContact } -// Records the justification included in the VEX statement. -type VexJustification string +// PointOfContactInputSpec represents the mutation input to ingest a PointOfContact evidence. +type PointOfContactInputSpec struct { + Email string `json:"email"` + Info string `json:"info"` + Since time.Time `json:"since"` + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` +} -const ( - VexJustificationComponentNotPresent VexJustification = "COMPONENT_NOT_PRESENT" - VexJustificationVulnerableCodeNotPresent VexJustification = "VULNERABLE_CODE_NOT_PRESENT" - VexJustificationVulnerableCodeNotInExecutePath VexJustification = "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH" - VexJustificationVulnerableCodeCannotBeControlledByAdversary VexJustification = "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY" - VexJustificationInlineMitigationsAlreadyExist VexJustification = "INLINE_MITIGATIONS_ALREADY_EXIST" - VexJustificationNotProvided VexJustification = "NOT_PROVIDED" -) +// GetEmail returns PointOfContactInputSpec.Email, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetEmail() string { return v.Email } -// VexPackageAndCveIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. -// The GraphQL type's documentation follows. -// -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VexPackageAndCveIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` -} +// GetInfo returns PointOfContactInputSpec.Info, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetInfo() string { return v.Info } -// GetId returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} +// GetSince returns PointOfContactInputSpec.Since, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetSince() time.Time { return v.Since } -// GetSubject returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} +// GetJustification returns PointOfContactInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetJustification() string { return v.Justification } -// GetVulnerability returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability -} +// GetOrigin returns PointOfContactInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetOrigin() string { return v.Origin } -// GetStatus returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} +// GetCollector returns PointOfContactInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *PointOfContactInputSpec) GetCollector() string { return v.Collector } -// GetVexJustification returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification +// PointOfContactPkgIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. +// The GraphQL type's documentation follows. +// +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type PointOfContactPkgIngestPointOfContact struct { + AllPointOfContact `json:"-"` } -// GetStatement returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} +// GetId returns PointOfContactPkgIngestPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } -// GetStatusNotes returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes +// GetSubject returns PointOfContactPkgIngestPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject } -// GetKnownSince returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +// GetEmail returns PointOfContactPkgIngestPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } + +// GetInfo returns PointOfContactPkgIngestPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } + +// GetSince returns PointOfContactPkgIngestPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetSince() time.Time { + return v.AllPointOfContact.Since } -// GetOrigin returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin +// GetJustification returns PointOfContactPkgIngestPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetJustification() string { + return v.AllPointOfContact.Justification } -// GetCollector returns VexPackageAndCveIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector +// GetOrigin returns PointOfContactPkgIngestPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } + +// GetCollector returns PointOfContactPkgIngestPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgIngestPointOfContact) GetCollector() string { + return v.AllPointOfContact.Collector } -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PointOfContactPkgIngestPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VexPackageAndCveIngestVEXStatementCertifyVEXStatement + *PointOfContactPkgIngestPointOfContact graphql.NoUnmarshalJSON } - firstPass.VexPackageAndCveIngestVEXStatementCertifyVEXStatement = v + firstPass.PointOfContactPkgIngestPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -25458,36 +21385,32 @@ func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalVexPackageAndCveIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPointOfContactPkgIngestPointOfContact struct { Id string `json:"id"` Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` + Email string `json:"email"` - Statement string `json:"statement"` + Info string `json:"info"` - StatusNotes string `json:"statusNotes"` + Since time.Time `json:"since"` - KnownSince time.Time `json:"knownSince"` + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PointOfContactPkgIngestPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -25495,125 +21418,113 @@ func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([ return json.Marshal(premarshaled) } -func (v *VexPackageAndCveIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVexPackageAndCveIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVexPackageAndCveIngestVEXStatementCertifyVEXStatement +func (v *PointOfContactPkgIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactPkgIngestPointOfContact, error) { + var retval __premarshalPointOfContactPkgIngestPointOfContact - retval.Id = v.AllCertifyVEXStatement.Id + retval.Id = v.AllPointOfContact.Id { dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexPackageAndCveIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability + src := v.AllPointOfContact.Subject var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal VexPackageAndCveIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) + "unable to marshal PointOfContactPkgIngestPointOfContact.AllPointOfContact.Subject: %w", err) } } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// VexPackageAndCveResponse is returned by VexPackageAndCve on success. -type VexPackageAndCveResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VexPackageAndCveIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` +// PointOfContactPkgResponse is returned by PointOfContactPkg on success. +type PointOfContactPkgResponse struct { + // Adds a PointOfContact attestation to a package, source or artifact. + IngestPointOfContact PointOfContactPkgIngestPointOfContact `json:"ingestPointOfContact"` } -// GetIngestVEXStatement returns VexPackageAndCveResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VexPackageAndCveResponse) GetIngestVEXStatement() VexPackageAndCveIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement +// GetIngestPointOfContact returns PointOfContactPkgResponse.IngestPointOfContact, and is useful for accessing the field via an interface. +func (v *PointOfContactPkgResponse) GetIngestPointOfContact() PointOfContactPkgIngestPointOfContact { + return v.IngestPointOfContact } -// VexPackageAndOsvIngestVEXStatementCertifyVEXStatement includes the requested fields of the GraphQL type CertifyVEXStatement. +// PointOfContactSrcIngestPointOfContact includes the requested fields of the GraphQL type PointOfContact. // The GraphQL type's documentation follows. // -// CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). -type VexPackageAndOsvIngestVEXStatementCertifyVEXStatement struct { - AllCertifyVEXStatement `json:"-"` -} - -// GetId returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Id, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetId() string { - return v.AllCertifyVEXStatement.Id -} - -// GetSubject returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Subject, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetSubject() AllCertifyVEXStatementSubjectPackageOrArtifact { - return v.AllCertifyVEXStatement.Subject -} - -// GetVulnerability returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Vulnerability, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetVulnerability() AllCertifyVEXStatementVulnerability { - return v.AllCertifyVEXStatement.Vulnerability +// PointOfContact is an attestation of how to get in touch with the person(s) responsible +// for a package, source, or artifact. +// +// All evidence trees record a justification for the property they represent as +// well as the document that contains the attestation (origin) and the collector +// that collected the document (collector). +// +// The attestation applies to a subject which is a package, source, or artifact. +// If the attestation targets a package, it must target a PackageName or a +// PackageVersion. If the attestation targets a source, it must target a +// SourceName. +// +// email is the email address (singular) of the point of contact. +// +// info is additional contact information other than email address. This is free +// form. +// +// NOTE: the identifiers for point of contact should be part of software trees. +// This will benefit from identifier look up and traversal as well as organization +// hierarchy. However, until the use case arises, PointOfContact will be a flat +// reference to the contact details. +type PointOfContactSrcIngestPointOfContact struct { + AllPointOfContact `json:"-"` } -// GetStatus returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Status, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetStatus() VexStatus { - return v.AllCertifyVEXStatement.Status -} +// GetId returns PointOfContactSrcIngestPointOfContact.Id, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetId() string { return v.AllPointOfContact.Id } -// GetVexJustification returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.VexJustification, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetVexJustification() VexJustification { - return v.AllCertifyVEXStatement.VexJustification +// GetSubject returns PointOfContactSrcIngestPointOfContact.Subject, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetSubject() AllPointOfContactSubjectPackageSourceOrArtifact { + return v.AllPointOfContact.Subject } -// GetStatement returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Statement, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetStatement() string { - return v.AllCertifyVEXStatement.Statement -} +// GetEmail returns PointOfContactSrcIngestPointOfContact.Email, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetEmail() string { return v.AllPointOfContact.Email } -// GetStatusNotes returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetStatusNotes() string { - return v.AllCertifyVEXStatement.StatusNotes -} +// GetInfo returns PointOfContactSrcIngestPointOfContact.Info, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetInfo() string { return v.AllPointOfContact.Info } -// GetKnownSince returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.KnownSince, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetKnownSince() time.Time { - return v.AllCertifyVEXStatement.KnownSince +// GetSince returns PointOfContactSrcIngestPointOfContact.Since, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetSince() time.Time { + return v.AllPointOfContact.Since } -// GetOrigin returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Origin, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetOrigin() string { - return v.AllCertifyVEXStatement.Origin +// GetJustification returns PointOfContactSrcIngestPointOfContact.Justification, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetJustification() string { + return v.AllPointOfContact.Justification } -// GetCollector returns VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.Collector, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) GetCollector() string { - return v.AllCertifyVEXStatement.Collector +// GetOrigin returns PointOfContactSrcIngestPointOfContact.Origin, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetOrigin() string { return v.AllPointOfContact.Origin } + +// GetCollector returns PointOfContactSrcIngestPointOfContact.Collector, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcIngestPointOfContact) GetCollector() string { + return v.AllPointOfContact.Collector } -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b []byte) error { +func (v *PointOfContactSrcIngestPointOfContact) UnmarshalJSON(b []byte) error { if string(b) == "null" { return nil } var firstPass struct { - *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement + *PointOfContactSrcIngestPointOfContact graphql.NoUnmarshalJSON } - firstPass.VexPackageAndOsvIngestVEXStatementCertifyVEXStatement = v + firstPass.PointOfContactSrcIngestPointOfContact = v err := json.Unmarshal(b, &firstPass) if err != nil { @@ -25621,36 +21532,32 @@ func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) UnmarshalJSON(b } err = json.Unmarshal( - b, &v.AllCertifyVEXStatement) + b, &v.AllPointOfContact) if err != nil { return err } return nil } -type __premarshalVexPackageAndOsvIngestVEXStatementCertifyVEXStatement struct { +type __premarshalPointOfContactSrcIngestPointOfContact struct { Id string `json:"id"` Subject json.RawMessage `json:"subject"` - Vulnerability json.RawMessage `json:"vulnerability"` - - Status VexStatus `json:"status"` - - VexJustification VexJustification `json:"vexJustification"` + Email string `json:"email"` - Statement string `json:"statement"` + Info string `json:"info"` - StatusNotes string `json:"statusNotes"` + Since time.Time `json:"since"` - KnownSince time.Time `json:"knownSince"` + Justification string `json:"justification"` Origin string `json:"origin"` Collector string `json:"collector"` } -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([]byte, error) { +func (v *PointOfContactSrcIngestPointOfContact) MarshalJSON() ([]byte, error) { premarshaled, err := v.__premarshalJSON() if err != nil { return nil, err @@ -25658,2206 +21565,1779 @@ func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) MarshalJSON() ([ return json.Marshal(premarshaled) } -func (v *VexPackageAndOsvIngestVEXStatementCertifyVEXStatement) __premarshalJSON() (*__premarshalVexPackageAndOsvIngestVEXStatementCertifyVEXStatement, error) { - var retval __premarshalVexPackageAndOsvIngestVEXStatementCertifyVEXStatement +func (v *PointOfContactSrcIngestPointOfContact) __premarshalJSON() (*__premarshalPointOfContactSrcIngestPointOfContact, error) { + var retval __premarshalPointOfContactSrcIngestPointOfContact - retval.Id = v.AllCertifyVEXStatement.Id + retval.Id = v.AllPointOfContact.Id { dst := &retval.Subject - src := v.AllCertifyVEXStatement.Subject - var err error - *dst, err = __marshalAllCertifyVEXStatementSubjectPackageOrArtifact( - &src) - if err != nil { - return nil, fmt.Errorf( - "unable to marshal VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Subject: %w", err) - } - } - { - - dst := &retval.Vulnerability - src := v.AllCertifyVEXStatement.Vulnerability + src := v.AllPointOfContact.Subject var err error - *dst, err = __marshalAllCertifyVEXStatementVulnerability( + *dst, err = __marshalAllPointOfContactSubjectPackageSourceOrArtifact( &src) if err != nil { return nil, fmt.Errorf( - "unable to marshal VexPackageAndOsvIngestVEXStatementCertifyVEXStatement.AllCertifyVEXStatement.Vulnerability: %w", err) + "unable to marshal PointOfContactSrcIngestPointOfContact.AllPointOfContact.Subject: %w", err) } } - retval.Status = v.AllCertifyVEXStatement.Status - retval.VexJustification = v.AllCertifyVEXStatement.VexJustification - retval.Statement = v.AllCertifyVEXStatement.Statement - retval.StatusNotes = v.AllCertifyVEXStatement.StatusNotes - retval.KnownSince = v.AllCertifyVEXStatement.KnownSince - retval.Origin = v.AllCertifyVEXStatement.Origin - retval.Collector = v.AllCertifyVEXStatement.Collector + retval.Email = v.AllPointOfContact.Email + retval.Info = v.AllPointOfContact.Info + retval.Since = v.AllPointOfContact.Since + retval.Justification = v.AllPointOfContact.Justification + retval.Origin = v.AllPointOfContact.Origin + retval.Collector = v.AllPointOfContact.Collector return &retval, nil } -// VexPackageAndOsvResponse is returned by VexPackageAndOsv on success. -type VexPackageAndOsvResponse struct { - // Adds a VEX certification for a package. - IngestVEXStatement VexPackageAndOsvIngestVEXStatementCertifyVEXStatement `json:"ingestVEXStatement"` -} - -// GetIngestVEXStatement returns VexPackageAndOsvResponse.IngestVEXStatement, and is useful for accessing the field via an interface. -func (v *VexPackageAndOsvResponse) GetIngestVEXStatement() VexPackageAndOsvIngestVEXStatementCertifyVEXStatement { - return v.IngestVEXStatement -} - -// VexStatementInputSpec represents the input to ingest VEX statements. -type VexStatementInputSpec struct { - Status VexStatus `json:"status"` - VexJustification VexJustification `json:"vexJustification"` - Statement string `json:"statement"` - StatusNotes string `json:"statusNotes"` - KnownSince time.Time `json:"knownSince"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// GetStatus returns VexStatementInputSpec.Status, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetStatus() VexStatus { return v.Status } - -// GetVexJustification returns VexStatementInputSpec.VexJustification, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetVexJustification() VexJustification { return v.VexJustification } - -// GetStatement returns VexStatementInputSpec.Statement, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetStatement() string { return v.Statement } - -// GetStatusNotes returns VexStatementInputSpec.StatusNotes, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetStatusNotes() string { return v.StatusNotes } - -// GetKnownSince returns VexStatementInputSpec.KnownSince, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetKnownSince() time.Time { return v.KnownSince } - -// GetOrigin returns VexStatementInputSpec.Origin, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetOrigin() string { return v.Origin } - -// GetCollector returns VexStatementInputSpec.Collector, and is useful for accessing the field via an interface. -func (v *VexStatementInputSpec) GetCollector() string { return v.Collector } - -// Records the status of a VEX statement subject. -type VexStatus string - -const ( - VexStatusNotAffected VexStatus = "NOT_AFFECTED" - VexStatusAffected VexStatus = "AFFECTED" - VexStatusFixed VexStatus = "FIXED" - VexStatusUnderInvestigation VexStatus = "UNDER_INVESTIGATION" -) - -// VulnerabilityMetaDataInput represents the input for certifying vulnerability -// scans in mutations. -type VulnerabilityMetaDataInput struct { - TimeScanned time.Time `json:"timeScanned"` - DbUri string `json:"dbUri"` - DbVersion string `json:"dbVersion"` - ScannerUri string `json:"scannerUri"` - ScannerVersion string `json:"scannerVersion"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// GetTimeScanned returns VulnerabilityMetaDataInput.TimeScanned, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetTimeScanned() time.Time { return v.TimeScanned } - -// GetDbUri returns VulnerabilityMetaDataInput.DbUri, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetDbUri() string { return v.DbUri } - -// GetDbVersion returns VulnerabilityMetaDataInput.DbVersion, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetDbVersion() string { return v.DbVersion } - -// GetScannerUri returns VulnerabilityMetaDataInput.ScannerUri, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetScannerUri() string { return v.ScannerUri } - -// GetScannerVersion returns VulnerabilityMetaDataInput.ScannerVersion, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetScannerVersion() string { return v.ScannerVersion } - -// GetOrigin returns VulnerabilityMetaDataInput.Origin, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetOrigin() string { return v.Origin } - -// GetCollector returns VulnerabilityMetaDataInput.Collector, and is useful for accessing the field via an interface. -func (v *VulnerabilityMetaDataInput) GetCollector() string { return v.Collector } - -// __ArtifactsInput is used internally by genqlient -type __ArtifactsInput struct { - Filter ArtifactSpec `json:"filter"` -} - -// GetFilter returns __ArtifactsInput.Filter, and is useful for accessing the field via an interface. -func (v *__ArtifactsInput) GetFilter() ArtifactSpec { return v.Filter } - -// __CVEsInput is used internally by genqlient -type __CVEsInput struct { - Filter CVESpec `json:"filter"` -} - -// GetFilter returns __CVEsInput.Filter, and is useful for accessing the field via an interface. -func (v *__CVEsInput) GetFilter() CVESpec { return v.Filter } - -// __CertifyBadArtifactInput is used internally by genqlient -type __CertifyBadArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - CertifyBad CertifyBadInputSpec `json:"certifyBad"` -} - -// GetArtifact returns __CertifyBadArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__CertifyBadArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - -// GetCertifyBad returns __CertifyBadArtifactInput.CertifyBad, and is useful for accessing the field via an interface. -func (v *__CertifyBadArtifactInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } - -// __CertifyBadArtifactsInput is used internally by genqlient -type __CertifyBadArtifactsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` - CertifyBads []CertifyBadInputSpec `json:"certifyBads"` +// PointOfContactSrcResponse is returned by PointOfContactSrc on success. +type PointOfContactSrcResponse struct { + // Adds a PointOfContact attestation to a package, source or artifact. + IngestPointOfContact PointOfContactSrcIngestPointOfContact `json:"ingestPointOfContact"` } -// GetArtifacts returns __CertifyBadArtifactsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__CertifyBadArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } - -// GetCertifyBads returns __CertifyBadArtifactsInput.CertifyBads, and is useful for accessing the field via an interface. -func (v *__CertifyBadArtifactsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } - -// __CertifyBadPkgInput is used internally by genqlient -type __CertifyBadPkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - CertifyBad CertifyBadInputSpec `json:"certifyBad"` +// GetIngestPointOfContact returns PointOfContactSrcResponse.IngestPointOfContact, and is useful for accessing the field via an interface. +func (v *PointOfContactSrcResponse) GetIngestPointOfContact() PointOfContactSrcIngestPointOfContact { + return v.IngestPointOfContact } -// GetPkg returns __CertifyBadPkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgInput) GetPkg() PkgInputSpec { return v.Pkg } - -// GetPkgMatchType returns __CertifyBadPkgInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - -// GetCertifyBad returns __CertifyBadPkgInput.CertifyBad, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } - -// __CertifyBadPkgsInput is used internally by genqlient -type __CertifyBadPkgsInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - CertifyBads []CertifyBadInputSpec `json:"certifyBads"` +// SLSAForArtifactIngestSLSAHasSLSA includes the requested fields of the GraphQL type HasSLSA. +// The GraphQL type's documentation follows. +// +// HasSLSA records that a subject node has a SLSA attestation. +type SLSAForArtifactIngestSLSAHasSLSA struct { + AllSLSATree `json:"-"` } -// GetPkgs returns __CertifyBadPkgsInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } - -// GetPkgMatchType returns __CertifyBadPkgsInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgsInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - -// GetCertifyBads returns __CertifyBadPkgsInput.CertifyBads, and is useful for accessing the field via an interface. -func (v *__CertifyBadPkgsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } +// GetId returns SLSAForArtifactIngestSLSAHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactIngestSLSAHasSLSA) GetId() string { return v.AllSLSATree.Id } -// __CertifyBadSrcInput is used internally by genqlient -type __CertifyBadSrcInput struct { - Source SourceInputSpec `json:"source"` - CertifyBad CertifyBadInputSpec `json:"certifyBad"` +// GetSubject returns SLSAForArtifactIngestSLSAHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactIngestSLSAHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { + return v.AllSLSATree.Subject } -// GetSource returns __CertifyBadSrcInput.Source, and is useful for accessing the field via an interface. -func (v *__CertifyBadSrcInput) GetSource() SourceInputSpec { return v.Source } - -// GetCertifyBad returns __CertifyBadSrcInput.CertifyBad, and is useful for accessing the field via an interface. -func (v *__CertifyBadSrcInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } - -// __CertifyBadSrcsInput is used internally by genqlient -type __CertifyBadSrcsInput struct { - Sources []SourceInputSpec `json:"sources"` - CertifyBads []CertifyBadInputSpec `json:"certifyBads"` -} +// GetSlsa returns SLSAForArtifactIngestSLSAHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactIngestSLSAHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -// GetSources returns __CertifyBadSrcsInput.Sources, and is useful for accessing the field via an interface. -func (v *__CertifyBadSrcsInput) GetSources() []SourceInputSpec { return v.Sources } +func (v *SLSAForArtifactIngestSLSAHasSLSA) UnmarshalJSON(b []byte) error { -// GetCertifyBads returns __CertifyBadSrcsInput.CertifyBads, and is useful for accessing the field via an interface. -func (v *__CertifyBadSrcsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } + if string(b) == "null" { + return nil + } -// __CertifyBadsInput is used internally by genqlient -type __CertifyBadsInput struct { - Filter CertifyBadSpec `json:"filter"` -} + var firstPass struct { + *SLSAForArtifactIngestSLSAHasSLSA + graphql.NoUnmarshalJSON + } + firstPass.SLSAForArtifactIngestSLSAHasSLSA = v -// GetFilter returns __CertifyBadsInput.Filter, and is useful for accessing the field via an interface. -func (v *__CertifyBadsInput) GetFilter() CertifyBadSpec { return v.Filter } + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// __CertifyCVEInput is used internally by genqlient -type __CertifyCVEInput struct { - Pkg PkgInputSpec `json:"pkg"` - Cve CVEInputSpec `json:"cve"` - CertifyVuln VulnerabilityMetaDataInput `json:"certifyVuln"` + err = json.Unmarshal( + b, &v.AllSLSATree) + if err != nil { + return err + } + return nil } -// GetPkg returns __CertifyCVEInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyCVEInput) GetPkg() PkgInputSpec { return v.Pkg } +type __premarshalSLSAForArtifactIngestSLSAHasSLSA struct { + Id string `json:"id"` -// GetCve returns __CertifyCVEInput.Cve, and is useful for accessing the field via an interface. -func (v *__CertifyCVEInput) GetCve() CVEInputSpec { return v.Cve } + Subject AllSLSATreeSubjectArtifact `json:"subject"` -// GetCertifyVuln returns __CertifyCVEInput.CertifyVuln, and is useful for accessing the field via an interface. -func (v *__CertifyCVEInput) GetCertifyVuln() VulnerabilityMetaDataInput { return v.CertifyVuln } + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` +} -// __CertifyGHSAInput is used internally by genqlient -type __CertifyGHSAInput struct { - Pkg PkgInputSpec `json:"pkg"` - Ghsa GHSAInputSpec `json:"ghsa"` - CertifyVuln VulnerabilityMetaDataInput `json:"certifyVuln"` +func (v *SLSAForArtifactIngestSLSAHasSLSA) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetPkg returns __CertifyGHSAInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyGHSAInput) GetPkg() PkgInputSpec { return v.Pkg } +func (v *SLSAForArtifactIngestSLSAHasSLSA) __premarshalJSON() (*__premarshalSLSAForArtifactIngestSLSAHasSLSA, error) { + var retval __premarshalSLSAForArtifactIngestSLSAHasSLSA -// GetGhsa returns __CertifyGHSAInput.Ghsa, and is useful for accessing the field via an interface. -func (v *__CertifyGHSAInput) GetGhsa() GHSAInputSpec { return v.Ghsa } + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa + return &retval, nil +} -// GetCertifyVuln returns __CertifyGHSAInput.CertifyVuln, and is useful for accessing the field via an interface. -func (v *__CertifyGHSAInput) GetCertifyVuln() VulnerabilityMetaDataInput { return v.CertifyVuln } +// SLSAForArtifactResponse is returned by SLSAForArtifact on success. +type SLSAForArtifactResponse struct { + // Ingests a SLSA attestation + IngestSLSA SLSAForArtifactIngestSLSAHasSLSA `json:"ingestSLSA"` +} -// __CertifyGoodArtifactInput is used internally by genqlient -type __CertifyGoodArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - CertifyGood CertifyGoodInputSpec `json:"certifyGood"` +// GetIngestSLSA returns SLSAForArtifactResponse.IngestSLSA, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactResponse) GetIngestSLSA() SLSAForArtifactIngestSLSAHasSLSA { + return v.IngestSLSA } -// GetArtifact returns __CertifyGoodArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__CertifyGoodArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// SLSAForArtifactsIngestSLSAsHasSLSA includes the requested fields of the GraphQL type HasSLSA. +// The GraphQL type's documentation follows. +// +// HasSLSA records that a subject node has a SLSA attestation. +type SLSAForArtifactsIngestSLSAsHasSLSA struct { + AllSLSATree `json:"-"` +} -// GetCertifyGood returns __CertifyGoodArtifactInput.CertifyGood, and is useful for accessing the field via an interface. -func (v *__CertifyGoodArtifactInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } +// GetId returns SLSAForArtifactsIngestSLSAsHasSLSA.Id, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetId() string { return v.AllSLSATree.Id } -// __CertifyGoodArtifactsInput is used internally by genqlient -type __CertifyGoodArtifactsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` - CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` +// GetSubject returns SLSAForArtifactsIngestSLSAsHasSLSA.Subject, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetSubject() AllSLSATreeSubjectArtifact { + return v.AllSLSATree.Subject } -// GetArtifacts returns __CertifyGoodArtifactsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__CertifyGoodArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } - -// GetCertifyGoods returns __CertifyGoodArtifactsInput.CertifyGoods, and is useful for accessing the field via an interface. -func (v *__CertifyGoodArtifactsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } +// GetSlsa returns SLSAForArtifactsIngestSLSAsHasSLSA.Slsa, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) GetSlsa() AllSLSATreeSlsaSLSA { return v.AllSLSATree.Slsa } -// __CertifyGoodPkgInput is used internally by genqlient -type __CertifyGoodPkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - CertifyGood CertifyGoodInputSpec `json:"certifyGood"` -} +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) UnmarshalJSON(b []byte) error { -// GetPkg returns __CertifyGoodPkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgInput) GetPkg() PkgInputSpec { return v.Pkg } + if string(b) == "null" { + return nil + } -// GetPkgMatchType returns __CertifyGoodPkgInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } + var firstPass struct { + *SLSAForArtifactsIngestSLSAsHasSLSA + graphql.NoUnmarshalJSON + } + firstPass.SLSAForArtifactsIngestSLSAsHasSLSA = v -// GetCertifyGood returns __CertifyGoodPkgInput.CertifyGood, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// __CertifyGoodPkgsInput is used internally by genqlient -type __CertifyGoodPkgsInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` + err = json.Unmarshal( + b, &v.AllSLSATree) + if err != nil { + return err + } + return nil } -// GetPkgs returns __CertifyGoodPkgsInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } - -// GetPkgMatchType returns __CertifyGoodPkgsInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgsInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } +type __premarshalSLSAForArtifactsIngestSLSAsHasSLSA struct { + Id string `json:"id"` -// GetCertifyGoods returns __CertifyGoodPkgsInput.CertifyGoods, and is useful for accessing the field via an interface. -func (v *__CertifyGoodPkgsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } + Subject AllSLSATreeSubjectArtifact `json:"subject"` -// __CertifyGoodSrcInput is used internally by genqlient -type __CertifyGoodSrcInput struct { - Source SourceInputSpec `json:"source"` - CertifyGood CertifyGoodInputSpec `json:"certifyGood"` + Slsa AllSLSATreeSlsaSLSA `json:"slsa"` } -// GetSource returns __CertifyGoodSrcInput.Source, and is useful for accessing the field via an interface. -func (v *__CertifyGoodSrcInput) GetSource() SourceInputSpec { return v.Source } +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetCertifyGood returns __CertifyGoodSrcInput.CertifyGood, and is useful for accessing the field via an interface. -func (v *__CertifyGoodSrcInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } +func (v *SLSAForArtifactsIngestSLSAsHasSLSA) __premarshalJSON() (*__premarshalSLSAForArtifactsIngestSLSAsHasSLSA, error) { + var retval __premarshalSLSAForArtifactsIngestSLSAsHasSLSA -// __CertifyGoodSrcsInput is used internally by genqlient -type __CertifyGoodSrcsInput struct { - Sources []SourceInputSpec `json:"sources"` - CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` + retval.Id = v.AllSLSATree.Id + retval.Subject = v.AllSLSATree.Subject + retval.Slsa = v.AllSLSATree.Slsa + return &retval, nil } -// GetSources returns __CertifyGoodSrcsInput.Sources, and is useful for accessing the field via an interface. -func (v *__CertifyGoodSrcsInput) GetSources() []SourceInputSpec { return v.Sources } +// SLSAForArtifactsResponse is returned by SLSAForArtifacts on success. +type SLSAForArtifactsResponse struct { + // Bulk Ingest SLSA attestations + IngestSLSAs []SLSAForArtifactsIngestSLSAsHasSLSA `json:"ingestSLSAs"` +} -// GetCertifyGoods returns __CertifyGoodSrcsInput.CertifyGoods, and is useful for accessing the field via an interface. -func (v *__CertifyGoodSrcsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } +// GetIngestSLSAs returns SLSAForArtifactsResponse.IngestSLSAs, and is useful for accessing the field via an interface. +func (v *SLSAForArtifactsResponse) GetIngestSLSAs() []SLSAForArtifactsIngestSLSAsHasSLSA { + return v.IngestSLSAs +} -// __CertifyNoKnownVulnInput is used internally by genqlient -type __CertifyNoKnownVulnInput struct { - Pkg PkgInputSpec `json:"pkg"` - CertifyVuln VulnerabilityMetaDataInput `json:"certifyVuln"` +// SLSAInputSpec is the same as SLSA but for mutation input. +type SLSAInputSpec struct { + BuildType string `json:"buildType"` + SlsaPredicate []SLSAPredicateInputSpec `json:"slsaPredicate"` + SlsaVersion string `json:"slsaVersion"` + StartedOn *time.Time `json:"startedOn"` + FinishedOn *time.Time `json:"finishedOn"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetPkg returns __CertifyNoKnownVulnInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyNoKnownVulnInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetBuildType returns SLSAInputSpec.BuildType, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetBuildType() string { return v.BuildType } + +// GetSlsaPredicate returns SLSAInputSpec.SlsaPredicate, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetSlsaPredicate() []SLSAPredicateInputSpec { return v.SlsaPredicate } -// GetCertifyVuln returns __CertifyNoKnownVulnInput.CertifyVuln, and is useful for accessing the field via an interface. -func (v *__CertifyNoKnownVulnInput) GetCertifyVuln() VulnerabilityMetaDataInput { return v.CertifyVuln } +// GetSlsaVersion returns SLSAInputSpec.SlsaVersion, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetSlsaVersion() string { return v.SlsaVersion } -// __CertifyOSVInput is used internally by genqlient -type __CertifyOSVInput struct { - Pkg PkgInputSpec `json:"pkg"` - Osv OSVInputSpec `json:"osv"` - CertifyVuln VulnerabilityMetaDataInput `json:"certifyVuln"` -} +// GetStartedOn returns SLSAInputSpec.StartedOn, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetStartedOn() *time.Time { return v.StartedOn } -// GetPkg returns __CertifyOSVInput.Pkg, and is useful for accessing the field via an interface. -func (v *__CertifyOSVInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetFinishedOn returns SLSAInputSpec.FinishedOn, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetFinishedOn() *time.Time { return v.FinishedOn } -// GetOsv returns __CertifyOSVInput.Osv, and is useful for accessing the field via an interface. -func (v *__CertifyOSVInput) GetOsv() OSVInputSpec { return v.Osv } +// GetOrigin returns SLSAInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetOrigin() string { return v.Origin } -// GetCertifyVuln returns __CertifyOSVInput.CertifyVuln, and is useful for accessing the field via an interface. -func (v *__CertifyOSVInput) GetCertifyVuln() VulnerabilityMetaDataInput { return v.CertifyVuln } +// GetCollector returns SLSAInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *SLSAInputSpec) GetCollector() string { return v.Collector } -// __CertifyScorecardInput is used internally by genqlient -type __CertifyScorecardInput struct { - Source SourceInputSpec `json:"source"` - Scorecard ScorecardInputSpec `json:"scorecard"` +// SLSAPredicateInputSpec allows ingesting SLSAPredicateSpec. +type SLSAPredicateInputSpec struct { + Key string `json:"key"` + Value string `json:"value"` } -// GetSource returns __CertifyScorecardInput.Source, and is useful for accessing the field via an interface. -func (v *__CertifyScorecardInput) GetSource() SourceInputSpec { return v.Source } +// GetKey returns SLSAPredicateInputSpec.Key, and is useful for accessing the field via an interface. +func (v *SLSAPredicateInputSpec) GetKey() string { return v.Key } -// GetScorecard returns __CertifyScorecardInput.Scorecard, and is useful for accessing the field via an interface. -func (v *__CertifyScorecardInput) GetScorecard() ScorecardInputSpec { return v.Scorecard } +// GetValue returns SLSAPredicateInputSpec.Value, and is useful for accessing the field via an interface. +func (v *SLSAPredicateInputSpec) GetValue() string { return v.Value } -// __CertifyScorecardsInput is used internally by genqlient -type __CertifyScorecardsInput struct { - Sources []SourceInputSpec `json:"sources"` - Scorecards []ScorecardInputSpec `json:"scorecards"` +// ScanMetadataInput represents the input for certifying vulnerability +// scans in mutations. +type ScanMetadataInput struct { + TimeScanned time.Time `json:"timeScanned"` + DbUri string `json:"dbUri"` + DbVersion string `json:"dbVersion"` + ScannerUri string `json:"scannerUri"` + ScannerVersion string `json:"scannerVersion"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetSources returns __CertifyScorecardsInput.Sources, and is useful for accessing the field via an interface. -func (v *__CertifyScorecardsInput) GetSources() []SourceInputSpec { return v.Sources } +// GetTimeScanned returns ScanMetadataInput.TimeScanned, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetTimeScanned() time.Time { return v.TimeScanned } -// GetScorecards returns __CertifyScorecardsInput.Scorecards, and is useful for accessing the field via an interface. -func (v *__CertifyScorecardsInput) GetScorecards() []ScorecardInputSpec { return v.Scorecards } +// GetDbUri returns ScanMetadataInput.DbUri, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetDbUri() string { return v.DbUri } -// __FindSoftwareInput is used internally by genqlient -type __FindSoftwareInput struct { - SearchText string `json:"searchText"` -} +// GetDbVersion returns ScanMetadataInput.DbVersion, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetDbVersion() string { return v.DbVersion } -// GetSearchText returns __FindSoftwareInput.SearchText, and is useful for accessing the field via an interface. -func (v *__FindSoftwareInput) GetSearchText() string { return v.SearchText } +// GetScannerUri returns ScanMetadataInput.ScannerUri, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetScannerUri() string { return v.ScannerUri } -// __GHSAsInput is used internally by genqlient -type __GHSAsInput struct { - Filter GHSASpec `json:"filter"` -} +// GetScannerVersion returns ScanMetadataInput.ScannerVersion, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetScannerVersion() string { return v.ScannerVersion } -// GetFilter returns __GHSAsInput.Filter, and is useful for accessing the field via an interface. -func (v *__GHSAsInput) GetFilter() GHSASpec { return v.Filter } +// GetOrigin returns ScanMetadataInput.Origin, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetOrigin() string { return v.Origin } -// __HasMetadataArtifactInput is used internally by genqlient -type __HasMetadataArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - HasMetadata HasMetadataInputSpec `json:"hasMetadata"` +// GetCollector returns ScanMetadataInput.Collector, and is useful for accessing the field via an interface. +func (v *ScanMetadataInput) GetCollector() string { return v.Collector } + +// ScorecardCheckInputSpec represents the mutation input for a Scorecard check. +type ScorecardCheckInputSpec struct { + Check string `json:"check"` + Score int `json:"score"` } -// GetArtifact returns __HasMetadataArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__HasMetadataArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// GetCheck returns ScorecardCheckInputSpec.Check, and is useful for accessing the field via an interface. +func (v *ScorecardCheckInputSpec) GetCheck() string { return v.Check } -// GetHasMetadata returns __HasMetadataArtifactInput.HasMetadata, and is useful for accessing the field via an interface. -func (v *__HasMetadataArtifactInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } +// GetScore returns ScorecardCheckInputSpec.Score, and is useful for accessing the field via an interface. +func (v *ScorecardCheckInputSpec) GetScore() int { return v.Score } -// __HasMetadataPkgInput is used internally by genqlient -type __HasMetadataPkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - HasMetadata HasMetadataInputSpec `json:"hasMetadata"` +// ScorecardInputSpec represents the mutation input to ingest a Scorecard. +type ScorecardInputSpec struct { + Checks []ScorecardCheckInputSpec `json:"checks"` + AggregateScore float64 `json:"aggregateScore"` + TimeScanned time.Time `json:"timeScanned"` + ScorecardVersion string `json:"scorecardVersion"` + ScorecardCommit string `json:"scorecardCommit"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetPkg returns __HasMetadataPkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__HasMetadataPkgInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetChecks returns ScorecardInputSpec.Checks, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetChecks() []ScorecardCheckInputSpec { return v.Checks } -// GetPkgMatchType returns __HasMetadataPkgInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__HasMetadataPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } +// GetAggregateScore returns ScorecardInputSpec.AggregateScore, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetAggregateScore() float64 { return v.AggregateScore } + +// GetTimeScanned returns ScorecardInputSpec.TimeScanned, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetTimeScanned() time.Time { return v.TimeScanned } -// GetHasMetadata returns __HasMetadataPkgInput.HasMetadata, and is useful for accessing the field via an interface. -func (v *__HasMetadataPkgInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } +// GetScorecardVersion returns ScorecardInputSpec.ScorecardVersion, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetScorecardVersion() string { return v.ScorecardVersion } -// __HasMetadataSrcInput is used internally by genqlient -type __HasMetadataSrcInput struct { - Source SourceInputSpec `json:"source"` - HasMetadata HasMetadataInputSpec `json:"hasMetadata"` -} +// GetScorecardCommit returns ScorecardInputSpec.ScorecardCommit, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetScorecardCommit() string { return v.ScorecardCommit } -// GetSource returns __HasMetadataSrcInput.Source, and is useful for accessing the field via an interface. -func (v *__HasMetadataSrcInput) GetSource() SourceInputSpec { return v.Source } +// GetOrigin returns ScorecardInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetOrigin() string { return v.Origin } -// GetHasMetadata returns __HasMetadataSrcInput.HasMetadata, and is useful for accessing the field via an interface. -func (v *__HasMetadataSrcInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } +// GetCollector returns ScorecardInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *ScorecardInputSpec) GetCollector() string { return v.Collector } -// __HasSBOMArtifactInput is used internally by genqlient -type __HasSBOMArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - HasSBOM HasSBOMInputSpec `json:"hasSBOM"` +// SourceInputSpec specifies a source for mutations. +// +// This is different than SourceSpec because we want to encode that all fields +// except tag and commit are mandatory fields. All optional fields are given empty +// default values. +// +// It is an error to set both tag and commit fields to values different than the +// default. +type SourceInputSpec struct { + Type string `json:"type"` + Namespace string `json:"namespace"` + Name string `json:"name"` + Tag *string `json:"tag"` + Commit *string `json:"commit"` } -// GetArtifact returns __HasSBOMArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__HasSBOMArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// GetType returns SourceInputSpec.Type, and is useful for accessing the field via an interface. +func (v *SourceInputSpec) GetType() string { return v.Type } -// GetHasSBOM returns __HasSBOMArtifactInput.HasSBOM, and is useful for accessing the field via an interface. -func (v *__HasSBOMArtifactInput) GetHasSBOM() HasSBOMInputSpec { return v.HasSBOM } +// GetNamespace returns SourceInputSpec.Namespace, and is useful for accessing the field via an interface. +func (v *SourceInputSpec) GetNamespace() string { return v.Namespace } -// __HasSBOMArtifactsInput is used internally by genqlient -type __HasSBOMArtifactsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` - HasSBOMs []HasSBOMInputSpec `json:"hasSBOMs"` -} +// GetName returns SourceInputSpec.Name, and is useful for accessing the field via an interface. +func (v *SourceInputSpec) GetName() string { return v.Name } -// GetArtifacts returns __HasSBOMArtifactsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__HasSBOMArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } +// GetTag returns SourceInputSpec.Tag, and is useful for accessing the field via an interface. +func (v *SourceInputSpec) GetTag() *string { return v.Tag } -// GetHasSBOMs returns __HasSBOMArtifactsInput.HasSBOMs, and is useful for accessing the field via an interface. -func (v *__HasSBOMArtifactsInput) GetHasSBOMs() []HasSBOMInputSpec { return v.HasSBOMs } +// GetCommit returns SourceInputSpec.Commit, and is useful for accessing the field via an interface. +func (v *SourceInputSpec) GetCommit() *string { return v.Commit } -// __HasSBOMPkgInput is used internally by genqlient -type __HasSBOMPkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - HasSBOM HasSBOMInputSpec `json:"hasSBOM"` +// SourceSpec allows filtering the list of sources to return in a query. +// +// Empty string at a field means matching with the empty string. Missing field +// means retrieving all possible matches. +// +// It is an error to specify both tag and commit fields, except it both are set as +// empty string (in which case the returned sources are only those for which there +// is no tag/commit information). +type SourceSpec struct { + Id *string `json:"id"` + Type *string `json:"type"` + Namespace *string `json:"namespace"` + Name *string `json:"name"` + Tag *string `json:"tag"` + Commit *string `json:"commit"` } -// GetPkg returns __HasSBOMPkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__HasSBOMPkgInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetId returns SourceSpec.Id, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetId() *string { return v.Id } -// GetHasSBOM returns __HasSBOMPkgInput.HasSBOM, and is useful for accessing the field via an interface. -func (v *__HasSBOMPkgInput) GetHasSBOM() HasSBOMInputSpec { return v.HasSBOM } +// GetType returns SourceSpec.Type, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetType() *string { return v.Type } -// __HasSBOMPkgsInput is used internally by genqlient -type __HasSBOMPkgsInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` - HasSBOMs []HasSBOMInputSpec `json:"hasSBOMs"` -} +// GetNamespace returns SourceSpec.Namespace, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetNamespace() *string { return v.Namespace } -// GetPkgs returns __HasSBOMPkgsInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__HasSBOMPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } +// GetName returns SourceSpec.Name, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetName() *string { return v.Name } -// GetHasSBOMs returns __HasSBOMPkgsInput.HasSBOMs, and is useful for accessing the field via an interface. -func (v *__HasSBOMPkgsInput) GetHasSBOMs() []HasSBOMInputSpec { return v.HasSBOMs } +// GetTag returns SourceSpec.Tag, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetTag() *string { return v.Tag } -// __HasSourceAtInput is used internally by genqlient -type __HasSourceAtInput struct { - Pkg PkgInputSpec `json:"pkg"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - Source SourceInputSpec `json:"source"` - HasSourceAt HasSourceAtInputSpec `json:"hasSourceAt"` +// GetCommit returns SourceSpec.Commit, and is useful for accessing the field via an interface. +func (v *SourceSpec) GetCommit() *string { return v.Commit } + +// SourcesResponse is returned by Sources on success. +type SourcesResponse struct { + // Returns all sources matching a filter. + Sources []SourcesSourcesSource `json:"sources"` } -// GetPkg returns __HasSourceAtInput.Pkg, and is useful for accessing the field via an interface. -func (v *__HasSourceAtInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetSources returns SourcesResponse.Sources, and is useful for accessing the field via an interface. +func (v *SourcesResponse) GetSources() []SourcesSourcesSource { return v.Sources } -// GetPkgMatchType returns __HasSourceAtInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__HasSourceAtInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } +// SourcesSourcesSource includes the requested fields of the GraphQL type Source. +// The GraphQL type's documentation follows. +// +// Source represents the root of the source trie/tree. +// +// We map source information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type, namespace, name and an optional +// qualifier that stands for tag/commit information. +// +// This node represents the type part of the trie path. It is used to represent +// the version control system that is being used. +// +// Since this node is at the root of the source trie, it is named Source, not +// SourceType. +type SourcesSourcesSource struct { + AllSourceTree `json:"-"` +} -// GetSource returns __HasSourceAtInput.Source, and is useful for accessing the field via an interface. -func (v *__HasSourceAtInput) GetSource() SourceInputSpec { return v.Source } +// GetId returns SourcesSourcesSource.Id, and is useful for accessing the field via an interface. +func (v *SourcesSourcesSource) GetId() string { return v.AllSourceTree.Id } -// GetHasSourceAt returns __HasSourceAtInput.HasSourceAt, and is useful for accessing the field via an interface. -func (v *__HasSourceAtInput) GetHasSourceAt() HasSourceAtInputSpec { return v.HasSourceAt } +// GetType returns SourcesSourcesSource.Type, and is useful for accessing the field via an interface. +func (v *SourcesSourcesSource) GetType() string { return v.AllSourceTree.Type } -// __HashEqualInput is used internally by genqlient -type __HashEqualInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - OtherArtifact ArtifactInputSpec `json:"otherArtifact"` - HashEqual HashEqualInputSpec `json:"hashEqual"` +// GetNamespaces returns SourcesSourcesSource.Namespaces, and is useful for accessing the field via an interface. +func (v *SourcesSourcesSource) GetNamespaces() []AllSourceTreeNamespacesSourceNamespace { + return v.AllSourceTree.Namespaces } -// GetArtifact returns __HashEqualInput.Artifact, and is useful for accessing the field via an interface. -func (v *__HashEqualInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +func (v *SourcesSourcesSource) UnmarshalJSON(b []byte) error { -// GetOtherArtifact returns __HashEqualInput.OtherArtifact, and is useful for accessing the field via an interface. -func (v *__HashEqualInput) GetOtherArtifact() ArtifactInputSpec { return v.OtherArtifact } + if string(b) == "null" { + return nil + } -// GetHashEqual returns __HashEqualInput.HashEqual, and is useful for accessing the field via an interface. -func (v *__HashEqualInput) GetHashEqual() HashEqualInputSpec { return v.HashEqual } + var firstPass struct { + *SourcesSourcesSource + graphql.NoUnmarshalJSON + } + firstPass.SourcesSourcesSource = v -// __HashEqualsInput is used internally by genqlient -type __HashEqualsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` - OtherArtifacts []ArtifactInputSpec `json:"otherArtifacts"` - HashEquals []HashEqualInputSpec `json:"hashEquals"` -} + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// GetArtifacts returns __HashEqualsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__HashEqualsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + err = json.Unmarshal( + b, &v.AllSourceTree) + if err != nil { + return err + } + return nil +} -// GetOtherArtifacts returns __HashEqualsInput.OtherArtifacts, and is useful for accessing the field via an interface. -func (v *__HashEqualsInput) GetOtherArtifacts() []ArtifactInputSpec { return v.OtherArtifacts } +type __premarshalSourcesSourcesSource struct { + Id string `json:"id"` -// GetHashEquals returns __HashEqualsInput.HashEquals, and is useful for accessing the field via an interface. -func (v *__HashEqualsInput) GetHashEquals() []HashEqualInputSpec { return v.HashEquals } + Type string `json:"type"` -// __IngestArtifactInput is used internally by genqlient -type __IngestArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` + Namespaces []AllSourceTreeNamespacesSourceNamespace `json:"namespaces"` } -// GetArtifact returns __IngestArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__IngestArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - -// __IngestArtifactsInput is used internally by genqlient -type __IngestArtifactsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` +func (v *SourcesSourcesSource) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetArtifacts returns __IngestArtifactsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__IngestArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } +func (v *SourcesSourcesSource) __premarshalJSON() (*__premarshalSourcesSourcesSource, error) { + var retval __premarshalSourcesSourcesSource -// __IngestBuilderInput is used internally by genqlient -type __IngestBuilderInput struct { - Builder BuilderInputSpec `json:"builder"` + retval.Id = v.AllSourceTree.Id + retval.Type = v.AllSourceTree.Type + retval.Namespaces = v.AllSourceTree.Namespaces + return &retval, nil } -// GetBuilder returns __IngestBuilderInput.Builder, and is useful for accessing the field via an interface. -func (v *__IngestBuilderInput) GetBuilder() BuilderInputSpec { return v.Builder } +// Records the justification included in the VEX statement. +type VexJustification string -// __IngestBuildersInput is used internally by genqlient -type __IngestBuildersInput struct { - Builders []BuilderInputSpec `json:"builders"` +const ( + VexJustificationComponentNotPresent VexJustification = "COMPONENT_NOT_PRESENT" + VexJustificationVulnerableCodeNotPresent VexJustification = "VULNERABLE_CODE_NOT_PRESENT" + VexJustificationVulnerableCodeNotInExecutePath VexJustification = "VULNERABLE_CODE_NOT_IN_EXECUTE_PATH" + VexJustificationVulnerableCodeCannotBeControlledByAdversary VexJustification = "VULNERABLE_CODE_CANNOT_BE_CONTROLLED_BY_ADVERSARY" + VexJustificationInlineMitigationsAlreadyExist VexJustification = "INLINE_MITIGATIONS_ALREADY_EXIST" + VexJustificationNotProvided VexJustification = "NOT_PROVIDED" +) + +// VexStatementInputSpec represents the input to ingest VEX statements. +type VexStatementInputSpec struct { + Status VexStatus `json:"status"` + VexJustification VexJustification `json:"vexJustification"` + Statement string `json:"statement"` + StatusNotes string `json:"statusNotes"` + KnownSince time.Time `json:"knownSince"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetBuilders returns __IngestBuildersInput.Builders, and is useful for accessing the field via an interface. -func (v *__IngestBuildersInput) GetBuilders() []BuilderInputSpec { return v.Builders } +// GetStatus returns VexStatementInputSpec.Status, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetStatus() VexStatus { return v.Status } -// __IngestCVEInput is used internally by genqlient -type __IngestCVEInput struct { - Cve CVEInputSpec `json:"cve"` -} +// GetVexJustification returns VexStatementInputSpec.VexJustification, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetVexJustification() VexJustification { return v.VexJustification } -// GetCve returns __IngestCVEInput.Cve, and is useful for accessing the field via an interface. -func (v *__IngestCVEInput) GetCve() CVEInputSpec { return v.Cve } +// GetStatement returns VexStatementInputSpec.Statement, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetStatement() string { return v.Statement } -// __IngestCVEsInput is used internally by genqlient -type __IngestCVEsInput struct { - Cves []CVEInputSpec `json:"cves"` -} +// GetStatusNotes returns VexStatementInputSpec.StatusNotes, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetStatusNotes() string { return v.StatusNotes } -// GetCves returns __IngestCVEsInput.Cves, and is useful for accessing the field via an interface. -func (v *__IngestCVEsInput) GetCves() []CVEInputSpec { return v.Cves } +// GetKnownSince returns VexStatementInputSpec.KnownSince, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetKnownSince() time.Time { return v.KnownSince } -// __IngestGHSAInput is used internally by genqlient -type __IngestGHSAInput struct { - Ghsa GHSAInputSpec `json:"ghsa"` -} +// GetOrigin returns VexStatementInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetOrigin() string { return v.Origin } -// GetGhsa returns __IngestGHSAInput.Ghsa, and is useful for accessing the field via an interface. -func (v *__IngestGHSAInput) GetGhsa() GHSAInputSpec { return v.Ghsa } +// GetCollector returns VexStatementInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *VexStatementInputSpec) GetCollector() string { return v.Collector } -// __IngestGHSAsInput is used internally by genqlient -type __IngestGHSAsInput struct { - Ghsas []GHSAInputSpec `json:"ghsas"` -} +// Records the status of a VEX statement subject. +type VexStatus string -// GetGhsas returns __IngestGHSAsInput.Ghsas, and is useful for accessing the field via an interface. -func (v *__IngestGHSAsInput) GetGhsas() []GHSAInputSpec { return v.Ghsas } +const ( + VexStatusNotAffected VexStatus = "NOT_AFFECTED" + VexStatusAffected VexStatus = "AFFECTED" + VexStatusFixed VexStatus = "FIXED" + VexStatusUnderInvestigation VexStatus = "UNDER_INVESTIGATION" +) -// __IngestOSVInput is used internally by genqlient -type __IngestOSVInput struct { - Osv OSVInputSpec `json:"osv"` +// VulnEqualIngestVulnEqual includes the requested fields of the GraphQL type VulnEqual. +// The GraphQL type's documentation follows. +// +// VulnEqual is an attestation to link two vulnerabilities together as being equal" +// +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type VulnEqualIngestVulnEqual struct { + AllVulnEqual `json:"-"` } -// GetOsv returns __IngestOSVInput.Osv, and is useful for accessing the field via an interface. -func (v *__IngestOSVInput) GetOsv() OSVInputSpec { return v.Osv } +// GetId returns VulnEqualIngestVulnEqual.Id, and is useful for accessing the field via an interface. +func (v *VulnEqualIngestVulnEqual) GetId() string { return v.AllVulnEqual.Id } -// __IngestOSVsInput is used internally by genqlient -type __IngestOSVsInput struct { - Osvs []OSVInputSpec `json:"osvs"` +// GetVulnerabilities returns VulnEqualIngestVulnEqual.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *VulnEqualIngestVulnEqual) GetVulnerabilities() []AllVulnEqualVulnerabilitiesVulnerability { + return v.AllVulnEqual.Vulnerabilities } -// GetOsvs returns __IngestOSVsInput.Osvs, and is useful for accessing the field via an interface. -func (v *__IngestOSVsInput) GetOsvs() []OSVInputSpec { return v.Osvs } +// GetJustification returns VulnEqualIngestVulnEqual.Justification, and is useful for accessing the field via an interface. +func (v *VulnEqualIngestVulnEqual) GetJustification() string { return v.AllVulnEqual.Justification } -// __IngestPackageInput is used internally by genqlient -type __IngestPackageInput struct { - Pkg PkgInputSpec `json:"pkg"` -} +// GetOrigin returns VulnEqualIngestVulnEqual.Origin, and is useful for accessing the field via an interface. +func (v *VulnEqualIngestVulnEqual) GetOrigin() string { return v.AllVulnEqual.Origin } -// GetPkg returns __IngestPackageInput.Pkg, and is useful for accessing the field via an interface. -func (v *__IngestPackageInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetCollector returns VulnEqualIngestVulnEqual.Collector, and is useful for accessing the field via an interface. +func (v *VulnEqualIngestVulnEqual) GetCollector() string { return v.AllVulnEqual.Collector } -// __IngestPackagesInput is used internally by genqlient -type __IngestPackagesInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` -} +func (v *VulnEqualIngestVulnEqual) UnmarshalJSON(b []byte) error { -// GetPkgs returns __IngestPackagesInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__IngestPackagesInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + if string(b) == "null" { + return nil + } -// __IngestSourceInput is used internally by genqlient -type __IngestSourceInput struct { - Source SourceInputSpec `json:"source"` -} + var firstPass struct { + *VulnEqualIngestVulnEqual + graphql.NoUnmarshalJSON + } + firstPass.VulnEqualIngestVulnEqual = v -// GetSource returns __IngestSourceInput.Source, and is useful for accessing the field via an interface. -func (v *__IngestSourceInput) GetSource() SourceInputSpec { return v.Source } + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// __IngestSourcesInput is used internally by genqlient -type __IngestSourcesInput struct { - Sources []SourceInputSpec `json:"sources"` + err = json.Unmarshal( + b, &v.AllVulnEqual) + if err != nil { + return err + } + return nil } -// GetSources returns __IngestSourcesInput.Sources, and is useful for accessing the field via an interface. -func (v *__IngestSourcesInput) GetSources() []SourceInputSpec { return v.Sources } - -// __IsDependenciesInput is used internally by genqlient -type __IsDependenciesInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` - DepPkgs []PkgInputSpec `json:"depPkgs"` - Dependencies []IsDependencyInputSpec `json:"dependencies"` -} +type __premarshalVulnEqualIngestVulnEqual struct { + Id string `json:"id"` -// GetPkgs returns __IsDependenciesInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__IsDependenciesInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + Vulnerabilities []AllVulnEqualVulnerabilitiesVulnerability `json:"vulnerabilities"` -// GetDepPkgs returns __IsDependenciesInput.DepPkgs, and is useful for accessing the field via an interface. -func (v *__IsDependenciesInput) GetDepPkgs() []PkgInputSpec { return v.DepPkgs } + Justification string `json:"justification"` -// GetDependencies returns __IsDependenciesInput.Dependencies, and is useful for accessing the field via an interface. -func (v *__IsDependenciesInput) GetDependencies() []IsDependencyInputSpec { return v.Dependencies } + Origin string `json:"origin"` -// __IsDependencyInput is used internally by genqlient -type __IsDependencyInput struct { - Pkg PkgInputSpec `json:"pkg"` - DepPkg PkgInputSpec `json:"depPkg"` - Dependency IsDependencyInputSpec `json:"dependency"` + Collector string `json:"collector"` } -// GetPkg returns __IsDependencyInput.Pkg, and is useful for accessing the field via an interface. -func (v *__IsDependencyInput) GetPkg() PkgInputSpec { return v.Pkg } +func (v *VulnEqualIngestVulnEqual) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetDepPkg returns __IsDependencyInput.DepPkg, and is useful for accessing the field via an interface. -func (v *__IsDependencyInput) GetDepPkg() PkgInputSpec { return v.DepPkg } +func (v *VulnEqualIngestVulnEqual) __premarshalJSON() (*__premarshalVulnEqualIngestVulnEqual, error) { + var retval __premarshalVulnEqualIngestVulnEqual -// GetDependency returns __IsDependencyInput.Dependency, and is useful for accessing the field via an interface. -func (v *__IsDependencyInput) GetDependency() IsDependencyInputSpec { return v.Dependency } + retval.Id = v.AllVulnEqual.Id + retval.Vulnerabilities = v.AllVulnEqual.Vulnerabilities + retval.Justification = v.AllVulnEqual.Justification + retval.Origin = v.AllVulnEqual.Origin + retval.Collector = v.AllVulnEqual.Collector + return &retval, nil +} -// __IsOccurrencePkgInput is used internally by genqlient -type __IsOccurrencePkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - Artifact ArtifactInputSpec `json:"artifact"` - Occurrence IsOccurrenceInputSpec `json:"occurrence"` +// VulnEqualInputSpec represents the input to link vulnerabilities to each other. +type VulnEqualInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// GetPkg returns __IsOccurrencePkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__IsOccurrencePkgInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetJustification returns VulnEqualInputSpec.Justification, and is useful for accessing the field via an interface. +func (v *VulnEqualInputSpec) GetJustification() string { return v.Justification } -// GetArtifact returns __IsOccurrencePkgInput.Artifact, and is useful for accessing the field via an interface. -func (v *__IsOccurrencePkgInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// GetOrigin returns VulnEqualInputSpec.Origin, and is useful for accessing the field via an interface. +func (v *VulnEqualInputSpec) GetOrigin() string { return v.Origin } -// GetOccurrence returns __IsOccurrencePkgInput.Occurrence, and is useful for accessing the field via an interface. -func (v *__IsOccurrencePkgInput) GetOccurrence() IsOccurrenceInputSpec { return v.Occurrence } +// GetCollector returns VulnEqualInputSpec.Collector, and is useful for accessing the field via an interface. +func (v *VulnEqualInputSpec) GetCollector() string { return v.Collector } -// __IsOccurrenceSrcInput is used internally by genqlient -type __IsOccurrenceSrcInput struct { - Source SourceInputSpec `json:"source"` - Artifact ArtifactInputSpec `json:"artifact"` - Occurrence IsOccurrenceInputSpec `json:"occurrence"` +// VulnEqualOtherVulnVulnerability includes the requested fields of the GraphQL type Vulnerability. +// The GraphQL type's documentation follows. +// +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type VulnEqualOtherVulnVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetSource returns __IsOccurrenceSrcInput.Source, and is useful for accessing the field via an interface. -func (v *__IsOccurrenceSrcInput) GetSource() SourceInputSpec { return v.Source } - -// GetArtifact returns __IsOccurrenceSrcInput.Artifact, and is useful for accessing the field via an interface. -func (v *__IsOccurrenceSrcInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// GetId returns VulnEqualOtherVulnVulnerability.Id, and is useful for accessing the field via an interface. +func (v *VulnEqualOtherVulnVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetOccurrence returns __IsOccurrenceSrcInput.Occurrence, and is useful for accessing the field via an interface. -func (v *__IsOccurrenceSrcInput) GetOccurrence() IsOccurrenceInputSpec { return v.Occurrence } +// GetType returns VulnEqualOtherVulnVulnerability.Type, and is useful for accessing the field via an interface. +func (v *VulnEqualOtherVulnVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// __IsOccurrencesPkgInput is used internally by genqlient -type __IsOccurrencesPkgInput struct { - Pkgs []PkgInputSpec `json:"pkgs"` - Artifacts []ArtifactInputSpec `json:"artifacts"` - Occurrences []IsOccurrenceInputSpec `json:"occurrences"` +// GetVulnerabilityIDs returns VulnEqualOtherVulnVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *VulnEqualOtherVulnVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetPkgs returns __IsOccurrencesPkgInput.Pkgs, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesPkgInput) GetPkgs() []PkgInputSpec { return v.Pkgs } +func (v *VulnEqualOtherVulnVulnerability) UnmarshalJSON(b []byte) error { -// GetArtifacts returns __IsOccurrencesPkgInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesPkgInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + if string(b) == "null" { + return nil + } -// GetOccurrences returns __IsOccurrencesPkgInput.Occurrences, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesPkgInput) GetOccurrences() []IsOccurrenceInputSpec { return v.Occurrences } + var firstPass struct { + *VulnEqualOtherVulnVulnerability + graphql.NoUnmarshalJSON + } + firstPass.VulnEqualOtherVulnVulnerability = v -// __IsOccurrencesSrcInput is used internally by genqlient -type __IsOccurrencesSrcInput struct { - Sources []SourceInputSpec `json:"sources"` - Artifacts []ArtifactInputSpec `json:"artifacts"` - Occurrences []IsOccurrenceInputSpec `json:"occurrences"` -} + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// GetSources returns __IsOccurrencesSrcInput.Sources, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesSrcInput) GetSources() []SourceInputSpec { return v.Sources } + err = json.Unmarshal( + b, &v.AllVulnerabilityTree) + if err != nil { + return err + } + return nil +} -// GetArtifacts returns __IsOccurrencesSrcInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesSrcInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } +type __premarshalVulnEqualOtherVulnVulnerability struct { + Id string `json:"id"` -// GetOccurrences returns __IsOccurrencesSrcInput.Occurrences, and is useful for accessing the field via an interface. -func (v *__IsOccurrencesSrcInput) GetOccurrences() []IsOccurrenceInputSpec { return v.Occurrences } + Type string `json:"type"` -// __IsVulnerabilityCVEInput is used internally by genqlient -type __IsVulnerabilityCVEInput struct { - Osv OSVInputSpec `json:"osv"` - Cve CVEInputSpec `json:"cve"` - IsVulnerability IsVulnerabilityInputSpec `json:"isVulnerability"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -// GetOsv returns __IsVulnerabilityCVEInput.Osv, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityCVEInput) GetOsv() OSVInputSpec { return v.Osv } +func (v *VulnEqualOtherVulnVulnerability) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetCve returns __IsVulnerabilityCVEInput.Cve, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityCVEInput) GetCve() CVEInputSpec { return v.Cve } +func (v *VulnEqualOtherVulnVulnerability) __premarshalJSON() (*__premarshalVulnEqualOtherVulnVulnerability, error) { + var retval __premarshalVulnEqualOtherVulnVulnerability -// GetIsVulnerability returns __IsVulnerabilityCVEInput.IsVulnerability, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityCVEInput) GetIsVulnerability() IsVulnerabilityInputSpec { - return v.IsVulnerability + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs + return &retval, nil } -// __IsVulnerabilityGHSAInput is used internally by genqlient -type __IsVulnerabilityGHSAInput struct { - Osv OSVInputSpec `json:"osv"` - Ghsa GHSAInputSpec `json:"ghsa"` - IsVulnerability IsVulnerabilityInputSpec `json:"isVulnerability"` +// VulnEqualResponse is returned by VulnEqual on success. +type VulnEqualResponse struct { + // Ingests a new vulnerability and returns the corresponding vulnerability trie path. + Vuln VulnEqualVulnVulnerability `json:"vuln"` + // Ingests a new vulnerability and returns the corresponding vulnerability trie path. + OtherVuln VulnEqualOtherVulnVulnerability `json:"otherVuln"` + // Ingest a mapping between vulnerabilities. + IngestVulnEqual VulnEqualIngestVulnEqual `json:"ingestVulnEqual"` } -// GetOsv returns __IsVulnerabilityGHSAInput.Osv, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityGHSAInput) GetOsv() OSVInputSpec { return v.Osv } +// GetVuln returns VulnEqualResponse.Vuln, and is useful for accessing the field via an interface. +func (v *VulnEqualResponse) GetVuln() VulnEqualVulnVulnerability { return v.Vuln } -// GetGhsa returns __IsVulnerabilityGHSAInput.Ghsa, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityGHSAInput) GetGhsa() GHSAInputSpec { return v.Ghsa } +// GetOtherVuln returns VulnEqualResponse.OtherVuln, and is useful for accessing the field via an interface. +func (v *VulnEqualResponse) GetOtherVuln() VulnEqualOtherVulnVulnerability { return v.OtherVuln } -// GetIsVulnerability returns __IsVulnerabilityGHSAInput.IsVulnerability, and is useful for accessing the field via an interface. -func (v *__IsVulnerabilityGHSAInput) GetIsVulnerability() IsVulnerabilityInputSpec { - return v.IsVulnerability -} +// GetIngestVulnEqual returns VulnEqualResponse.IngestVulnEqual, and is useful for accessing the field via an interface. +func (v *VulnEqualResponse) GetIngestVulnEqual() VulnEqualIngestVulnEqual { return v.IngestVulnEqual } -// __NeighborsInput is used internally by genqlient -type __NeighborsInput struct { - Node string `json:"node"` - UsingOnly []Edge `json:"usingOnly"` +// VulnEqualVulnVulnerability includes the requested fields of the GraphQL type Vulnerability. +// The GraphQL type's documentation follows. +// +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type VulnEqualVulnVulnerability struct { + AllVulnerabilityTree `json:"-"` } -// GetNode returns __NeighborsInput.Node, and is useful for accessing the field via an interface. -func (v *__NeighborsInput) GetNode() string { return v.Node } +// GetId returns VulnEqualVulnVulnerability.Id, and is useful for accessing the field via an interface. +func (v *VulnEqualVulnVulnerability) GetId() string { return v.AllVulnerabilityTree.Id } -// GetUsingOnly returns __NeighborsInput.UsingOnly, and is useful for accessing the field via an interface. -func (v *__NeighborsInput) GetUsingOnly() []Edge { return v.UsingOnly } +// GetType returns VulnEqualVulnVulnerability.Type, and is useful for accessing the field via an interface. +func (v *VulnEqualVulnVulnerability) GetType() string { return v.AllVulnerabilityTree.Type } -// __NodeInput is used internally by genqlient -type __NodeInput struct { - Node string `json:"node"` +// GetVulnerabilityIDs returns VulnEqualVulnVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *VulnEqualVulnVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetNode returns __NodeInput.Node, and is useful for accessing the field via an interface. -func (v *__NodeInput) GetNode() string { return v.Node } - -// __NodesInput is used internally by genqlient -type __NodesInput struct { - Nodes []string `json:"nodes"` -} +func (v *VulnEqualVulnVulnerability) UnmarshalJSON(b []byte) error { -// GetNodes returns __NodesInput.Nodes, and is useful for accessing the field via an interface. -func (v *__NodesInput) GetNodes() []string { return v.Nodes } + if string(b) == "null" { + return nil + } -// __OSVsInput is used internally by genqlient -type __OSVsInput struct { - Filter OSVSpec `json:"filter"` -} + var firstPass struct { + *VulnEqualVulnVulnerability + graphql.NoUnmarshalJSON + } + firstPass.VulnEqualVulnVulnerability = v -// GetFilter returns __OSVsInput.Filter, and is useful for accessing the field via an interface. -func (v *__OSVsInput) GetFilter() OSVSpec { return v.Filter } + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } -// __PackageNamesInput is used internally by genqlient -type __PackageNamesInput struct { - Filter PkgSpec `json:"filter"` + err = json.Unmarshal( + b, &v.AllVulnerabilityTree) + if err != nil { + return err + } + return nil } -// GetFilter returns __PackageNamesInput.Filter, and is useful for accessing the field via an interface. -func (v *__PackageNamesInput) GetFilter() PkgSpec { return v.Filter } - -// __PackageNamespacesInput is used internally by genqlient -type __PackageNamespacesInput struct { - Filter PkgSpec `json:"filter"` -} +type __premarshalVulnEqualVulnVulnerability struct { + Id string `json:"id"` -// GetFilter returns __PackageNamespacesInput.Filter, and is useful for accessing the field via an interface. -func (v *__PackageNamespacesInput) GetFilter() PkgSpec { return v.Filter } + Type string `json:"type"` -// __PackageTypesInput is used internally by genqlient -type __PackageTypesInput struct { - Filter PkgSpec `json:"filter"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -// GetFilter returns __PackageTypesInput.Filter, and is useful for accessing the field via an interface. -func (v *__PackageTypesInput) GetFilter() PkgSpec { return v.Filter } - -// __PackageVersionsInput is used internally by genqlient -type __PackageVersionsInput struct { - Filter PkgSpec `json:"filter"` +func (v *VulnEqualVulnVulnerability) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) } -// GetFilter returns __PackageVersionsInput.Filter, and is useful for accessing the field via an interface. -func (v *__PackageVersionsInput) GetFilter() PkgSpec { return v.Filter } +func (v *VulnEqualVulnVulnerability) __premarshalJSON() (*__premarshalVulnEqualVulnVulnerability, error) { + var retval __premarshalVulnEqualVulnVulnerability -// __PackagesInput is used internally by genqlient -type __PackagesInput struct { - Filter PkgSpec `json:"filter"` + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs + return &retval, nil } -// GetFilter returns __PackagesInput.Filter, and is useful for accessing the field via an interface. -func (v *__PackagesInput) GetFilter() PkgSpec { return v.Filter } - -// __PathInput is used internally by genqlient -type __PathInput struct { - Subject string `json:"subject"` - Target string `json:"target"` - MaxPathLength int `json:"maxPathLength"` - UsingOnly []Edge `json:"usingOnly"` +// VulnerabilitiesResponse is returned by Vulnerabilities on success. +type VulnerabilitiesResponse struct { + // Returns all vulnerabilities matching a filter. + Vulnerabilities []VulnerabilitiesVulnerabilitiesVulnerability `json:"vulnerabilities"` } -// GetSubject returns __PathInput.Subject, and is useful for accessing the field via an interface. -func (v *__PathInput) GetSubject() string { return v.Subject } +// GetVulnerabilities returns VulnerabilitiesResponse.Vulnerabilities, and is useful for accessing the field via an interface. +func (v *VulnerabilitiesResponse) GetVulnerabilities() []VulnerabilitiesVulnerabilitiesVulnerability { + return v.Vulnerabilities +} -// GetTarget returns __PathInput.Target, and is useful for accessing the field via an interface. -func (v *__PathInput) GetTarget() string { return v.Target } +// VulnerabilitiesVulnerabilitiesVulnerability includes the requested fields of the GraphQL type Vulnerability. +// The GraphQL type's documentation follows. +// +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: +// +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type VulnerabilitiesVulnerabilitiesVulnerability struct { + AllVulnerabilityTree `json:"-"` +} -// GetMaxPathLength returns __PathInput.MaxPathLength, and is useful for accessing the field via an interface. -func (v *__PathInput) GetMaxPathLength() int { return v.MaxPathLength } +// GetId returns VulnerabilitiesVulnerabilitiesVulnerability.Id, and is useful for accessing the field via an interface. +func (v *VulnerabilitiesVulnerabilitiesVulnerability) GetId() string { + return v.AllVulnerabilityTree.Id +} -// GetUsingOnly returns __PathInput.UsingOnly, and is useful for accessing the field via an interface. -func (v *__PathInput) GetUsingOnly() []Edge { return v.UsingOnly } +// GetType returns VulnerabilitiesVulnerabilitiesVulnerability.Type, and is useful for accessing the field via an interface. +func (v *VulnerabilitiesVulnerabilitiesVulnerability) GetType() string { + return v.AllVulnerabilityTree.Type +} -// __PkgEqualInput is used internally by genqlient -type __PkgEqualInput struct { - Pkg PkgInputSpec `json:"pkg"` - OtherPackage PkgInputSpec `json:"otherPackage"` - PkgEqual PkgEqualInputSpec `json:"pkgEqual"` +// GetVulnerabilityIDs returns VulnerabilitiesVulnerabilitiesVulnerability.VulnerabilityIDs, and is useful for accessing the field via an interface. +func (v *VulnerabilitiesVulnerabilitiesVulnerability) GetVulnerabilityIDs() []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID { + return v.AllVulnerabilityTree.VulnerabilityIDs } -// GetPkg returns __PkgEqualInput.Pkg, and is useful for accessing the field via an interface. -func (v *__PkgEqualInput) GetPkg() PkgInputSpec { return v.Pkg } +func (v *VulnerabilitiesVulnerabilitiesVulnerability) UnmarshalJSON(b []byte) error { -// GetOtherPackage returns __PkgEqualInput.OtherPackage, and is useful for accessing the field via an interface. -func (v *__PkgEqualInput) GetOtherPackage() PkgInputSpec { return v.OtherPackage } + if string(b) == "null" { + return nil + } -// GetPkgEqual returns __PkgEqualInput.PkgEqual, and is useful for accessing the field via an interface. -func (v *__PkgEqualInput) GetPkgEqual() PkgEqualInputSpec { return v.PkgEqual } + var firstPass struct { + *VulnerabilitiesVulnerabilitiesVulnerability + graphql.NoUnmarshalJSON + } + firstPass.VulnerabilitiesVulnerabilitiesVulnerability = v -// __PointOfContactArtifactInput is used internally by genqlient -type __PointOfContactArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - PointOfContact PointOfContactInputSpec `json:"pointOfContact"` + err := json.Unmarshal(b, &firstPass) + if err != nil { + return err + } + + err = json.Unmarshal( + b, &v.AllVulnerabilityTree) + if err != nil { + return err + } + return nil } -// GetArtifact returns __PointOfContactArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__PointOfContactArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +type __premarshalVulnerabilitiesVulnerabilitiesVulnerability struct { + Id string `json:"id"` -// GetPointOfContact returns __PointOfContactArtifactInput.PointOfContact, and is useful for accessing the field via an interface. -func (v *__PointOfContactArtifactInput) GetPointOfContact() PointOfContactInputSpec { - return v.PointOfContact -} + Type string `json:"type"` -// __PointOfContactPkgInput is used internally by genqlient -type __PointOfContactPkgInput struct { - Pkg PkgInputSpec `json:"pkg"` - PkgMatchType MatchFlags `json:"pkgMatchType"` - PointOfContact PointOfContactInputSpec `json:"pointOfContact"` + VulnerabilityIDs []AllVulnerabilityTreeVulnerabilityIDsVulnerabilityID `json:"vulnerabilityIDs"` } -// GetPkg returns __PointOfContactPkgInput.Pkg, and is useful for accessing the field via an interface. -func (v *__PointOfContactPkgInput) GetPkg() PkgInputSpec { return v.Pkg } +func (v *VulnerabilitiesVulnerabilitiesVulnerability) MarshalJSON() ([]byte, error) { + premarshaled, err := v.__premarshalJSON() + if err != nil { + return nil, err + } + return json.Marshal(premarshaled) +} -// GetPkgMatchType returns __PointOfContactPkgInput.PkgMatchType, and is useful for accessing the field via an interface. -func (v *__PointOfContactPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } +func (v *VulnerabilitiesVulnerabilitiesVulnerability) __premarshalJSON() (*__premarshalVulnerabilitiesVulnerabilitiesVulnerability, error) { + var retval __premarshalVulnerabilitiesVulnerabilitiesVulnerability -// GetPointOfContact returns __PointOfContactPkgInput.PointOfContact, and is useful for accessing the field via an interface. -func (v *__PointOfContactPkgInput) GetPointOfContact() PointOfContactInputSpec { - return v.PointOfContact + retval.Id = v.AllVulnerabilityTree.Id + retval.Type = v.AllVulnerabilityTree.Type + retval.VulnerabilityIDs = v.AllVulnerabilityTree.VulnerabilityIDs + return &retval, nil } -// __PointOfContactSrcInput is used internally by genqlient -type __PointOfContactSrcInput struct { - Source SourceInputSpec `json:"source"` - PointOfContact PointOfContactInputSpec `json:"pointOfContact"` +// VulnInputSpec specifies a vulnerability for mutations. +// +// This is different than VulnSpec because we want to encode mandatory fields: +// type and vulnerabilityID. +type VulnerabilityInputSpec struct { + Type string `json:"type"` + VulnerabilityID string `json:"vulnerabilityID"` } -// GetSource returns __PointOfContactSrcInput.Source, and is useful for accessing the field via an interface. -func (v *__PointOfContactSrcInput) GetSource() SourceInputSpec { return v.Source } +// GetType returns VulnerabilityInputSpec.Type, and is useful for accessing the field via an interface. +func (v *VulnerabilityInputSpec) GetType() string { return v.Type } -// GetPointOfContact returns __PointOfContactSrcInput.PointOfContact, and is useful for accessing the field via an interface. -func (v *__PointOfContactSrcInput) GetPointOfContact() PointOfContactInputSpec { - return v.PointOfContact -} +// GetVulnerabilityID returns VulnerabilityInputSpec.VulnerabilityID, and is useful for accessing the field via an interface. +func (v *VulnerabilityInputSpec) GetVulnerabilityID() string { return v.VulnerabilityID } -// __SLSAForArtifactInput is used internally by genqlient -type __SLSAForArtifactInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - Materials []ArtifactInputSpec `json:"materials"` - Builder BuilderInputSpec `json:"builder"` - Slsa SLSAInputSpec `json:"slsa"` +// VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query. +// +// Use null to match on all values at that level. +// For example, to get all vulnerabilities in GUAC backend, use a VulnSpec +// where every field is null. +type VulnerabilitySpec struct { + Id *string `json:"id"` + Type *string `json:"type"` + VulnerabilityID *string `json:"vulnerabilityID"` } -// GetArtifact returns __SLSAForArtifactInput.Artifact, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - -// GetMaterials returns __SLSAForArtifactInput.Materials, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactInput) GetMaterials() []ArtifactInputSpec { return v.Materials } +// GetId returns VulnerabilitySpec.Id, and is useful for accessing the field via an interface. +func (v *VulnerabilitySpec) GetId() *string { return v.Id } -// GetBuilder returns __SLSAForArtifactInput.Builder, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactInput) GetBuilder() BuilderInputSpec { return v.Builder } +// GetType returns VulnerabilitySpec.Type, and is useful for accessing the field via an interface. +func (v *VulnerabilitySpec) GetType() *string { return v.Type } -// GetSlsa returns __SLSAForArtifactInput.Slsa, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactInput) GetSlsa() SLSAInputSpec { return v.Slsa } +// GetVulnerabilityID returns VulnerabilitySpec.VulnerabilityID, and is useful for accessing the field via an interface. +func (v *VulnerabilitySpec) GetVulnerabilityID() *string { return v.VulnerabilityID } -// __SLSAForArtifactsInput is used internally by genqlient -type __SLSAForArtifactsInput struct { - Artifacts []ArtifactInputSpec `json:"artifacts"` - MaterialsList [][]ArtifactInputSpec `json:"materialsList"` - Builders []BuilderInputSpec `json:"builders"` - SlsaList []SLSAInputSpec `json:"slsaList"` +// __ArtifactsInput is used internally by genqlient +type __ArtifactsInput struct { + Filter ArtifactSpec `json:"filter"` } -// GetArtifacts returns __SLSAForArtifactsInput.Artifacts, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } +// GetFilter returns __ArtifactsInput.Filter, and is useful for accessing the field via an interface. +func (v *__ArtifactsInput) GetFilter() ArtifactSpec { return v.Filter } -// GetMaterialsList returns __SLSAForArtifactsInput.MaterialsList, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactsInput) GetMaterialsList() [][]ArtifactInputSpec { return v.MaterialsList } +// __CertifyBadArtifactInput is used internally by genqlient +type __CertifyBadArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + CertifyBad CertifyBadInputSpec `json:"certifyBad"` +} -// GetBuilders returns __SLSAForArtifactsInput.Builders, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactsInput) GetBuilders() []BuilderInputSpec { return v.Builders } +// GetArtifact returns __CertifyBadArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__CertifyBadArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } -// GetSlsaList returns __SLSAForArtifactsInput.SlsaList, and is useful for accessing the field via an interface. -func (v *__SLSAForArtifactsInput) GetSlsaList() []SLSAInputSpec { return v.SlsaList } +// GetCertifyBad returns __CertifyBadArtifactInput.CertifyBad, and is useful for accessing the field via an interface. +func (v *__CertifyBadArtifactInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } -// __SourcesInput is used internally by genqlient -type __SourcesInput struct { - Filter SourceSpec `json:"filter"` +// __CertifyBadArtifactsInput is used internally by genqlient +type __CertifyBadArtifactsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` + CertifyBads []CertifyBadInputSpec `json:"certifyBads"` } -// GetFilter returns __SourcesInput.Filter, and is useful for accessing the field via an interface. -func (v *__SourcesInput) GetFilter() SourceSpec { return v.Filter } +// GetArtifacts returns __CertifyBadArtifactsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__CertifyBadArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } -// __VEXPackageAndGhsaInput is used internally by genqlient -type __VEXPackageAndGhsaInput struct { - Pkg PkgInputSpec `json:"pkg"` - Ghsa GHSAInputSpec `json:"ghsa"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// GetCertifyBads returns __CertifyBadArtifactsInput.CertifyBads, and is useful for accessing the field via an interface. +func (v *__CertifyBadArtifactsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } + +// __CertifyBadPkgInput is used internally by genqlient +type __CertifyBadPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + CertifyBad CertifyBadInputSpec `json:"certifyBad"` } -// GetPkg returns __VEXPackageAndGhsaInput.Pkg, and is useful for accessing the field via an interface. -func (v *__VEXPackageAndGhsaInput) GetPkg() PkgInputSpec { return v.Pkg } +// GetPkg returns __CertifyBadPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgInput) GetPkg() PkgInputSpec { return v.Pkg } -// GetGhsa returns __VEXPackageAndGhsaInput.Ghsa, and is useful for accessing the field via an interface. -func (v *__VEXPackageAndGhsaInput) GetGhsa() GHSAInputSpec { return v.Ghsa } +// GetPkgMatchType returns __CertifyBadPkgInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } -// GetVexStatement returns __VEXPackageAndGhsaInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VEXPackageAndGhsaInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetCertifyBad returns __CertifyBadPkgInput.CertifyBad, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } -// __VexArtifactAndCveInput is used internally by genqlient -type __VexArtifactAndCveInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - Cve CVEInputSpec `json:"cve"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// __CertifyBadPkgsInput is used internally by genqlient +type __CertifyBadPkgsInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + CertifyBads []CertifyBadInputSpec `json:"certifyBads"` } -// GetArtifact returns __VexArtifactAndCveInput.Artifact, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndCveInput) GetArtifact() ArtifactInputSpec { return v.Artifact } +// GetPkgs returns __CertifyBadPkgsInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } -// GetCve returns __VexArtifactAndCveInput.Cve, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndCveInput) GetCve() CVEInputSpec { return v.Cve } +// GetPkgMatchType returns __CertifyBadPkgsInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgsInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } -// GetVexStatement returns __VexArtifactAndCveInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndCveInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetCertifyBads returns __CertifyBadPkgsInput.CertifyBads, and is useful for accessing the field via an interface. +func (v *__CertifyBadPkgsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } -// __VexArtifactAndGhsaInput is used internally by genqlient -type __VexArtifactAndGhsaInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - Ghsa GHSAInputSpec `json:"ghsa"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// __CertifyBadSrcInput is used internally by genqlient +type __CertifyBadSrcInput struct { + Source SourceInputSpec `json:"source"` + CertifyBad CertifyBadInputSpec `json:"certifyBad"` } -// GetArtifact returns __VexArtifactAndGhsaInput.Artifact, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndGhsaInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - -// GetGhsa returns __VexArtifactAndGhsaInput.Ghsa, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndGhsaInput) GetGhsa() GHSAInputSpec { return v.Ghsa } +// GetSource returns __CertifyBadSrcInput.Source, and is useful for accessing the field via an interface. +func (v *__CertifyBadSrcInput) GetSource() SourceInputSpec { return v.Source } -// GetVexStatement returns __VexArtifactAndGhsaInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndGhsaInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetCertifyBad returns __CertifyBadSrcInput.CertifyBad, and is useful for accessing the field via an interface. +func (v *__CertifyBadSrcInput) GetCertifyBad() CertifyBadInputSpec { return v.CertifyBad } -// __VexArtifactAndOsvInput is used internally by genqlient -type __VexArtifactAndOsvInput struct { - Artifact ArtifactInputSpec `json:"artifact"` - Osv OSVInputSpec `json:"osv"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// __CertifyBadSrcsInput is used internally by genqlient +type __CertifyBadSrcsInput struct { + Sources []SourceInputSpec `json:"sources"` + CertifyBads []CertifyBadInputSpec `json:"certifyBads"` } -// GetArtifact returns __VexArtifactAndOsvInput.Artifact, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndOsvInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - -// GetOsv returns __VexArtifactAndOsvInput.Osv, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndOsvInput) GetOsv() OSVInputSpec { return v.Osv } +// GetSources returns __CertifyBadSrcsInput.Sources, and is useful for accessing the field via an interface. +func (v *__CertifyBadSrcsInput) GetSources() []SourceInputSpec { return v.Sources } -// GetVexStatement returns __VexArtifactAndOsvInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VexArtifactAndOsvInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetCertifyBads returns __CertifyBadSrcsInput.CertifyBads, and is useful for accessing the field via an interface. +func (v *__CertifyBadSrcsInput) GetCertifyBads() []CertifyBadInputSpec { return v.CertifyBads } -// __VexPackageAndCveInput is used internally by genqlient -type __VexPackageAndCveInput struct { - Pkg PkgInputSpec `json:"pkg"` - Cve CVEInputSpec `json:"cve"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// __CertifyBadsInput is used internally by genqlient +type __CertifyBadsInput struct { + Filter CertifyBadSpec `json:"filter"` } -// GetPkg returns __VexPackageAndCveInput.Pkg, and is useful for accessing the field via an interface. -func (v *__VexPackageAndCveInput) GetPkg() PkgInputSpec { return v.Pkg } - -// GetCve returns __VexPackageAndCveInput.Cve, and is useful for accessing the field via an interface. -func (v *__VexPackageAndCveInput) GetCve() CVEInputSpec { return v.Cve } - -// GetVexStatement returns __VexPackageAndCveInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VexPackageAndCveInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetFilter returns __CertifyBadsInput.Filter, and is useful for accessing the field via an interface. +func (v *__CertifyBadsInput) GetFilter() CertifyBadSpec { return v.Filter } -// __VexPackageAndOsvInput is used internally by genqlient -type __VexPackageAndOsvInput struct { - Pkg PkgInputSpec `json:"pkg"` - Osv OSVInputSpec `json:"osv"` - VexStatement VexStatementInputSpec `json:"vexStatement"` +// __CertifyGoodArtifactInput is used internally by genqlient +type __CertifyGoodArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + CertifyGood CertifyGoodInputSpec `json:"certifyGood"` } -// GetPkg returns __VexPackageAndOsvInput.Pkg, and is useful for accessing the field via an interface. -func (v *__VexPackageAndOsvInput) GetPkg() PkgInputSpec { return v.Pkg } - -// GetOsv returns __VexPackageAndOsvInput.Osv, and is useful for accessing the field via an interface. -func (v *__VexPackageAndOsvInput) GetOsv() OSVInputSpec { return v.Osv } +// GetArtifact returns __CertifyGoodArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__CertifyGoodArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } -// GetVexStatement returns __VexPackageAndOsvInput.VexStatement, and is useful for accessing the field via an interface. -func (v *__VexPackageAndOsvInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } +// GetCertifyGood returns __CertifyGoodArtifactInput.CertifyGood, and is useful for accessing the field via an interface. +func (v *__CertifyGoodArtifactInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } -// The query or mutation executed by Artifacts. -const Artifacts_Operation = ` -query Artifacts ($filter: ArtifactSpec!) { - artifacts(artifactSpec: $filter) { - ... AllArtifactTree - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest +// __CertifyGoodArtifactsInput is used internally by genqlient +type __CertifyGoodArtifactsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` + CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` } -` - -func Artifacts( - ctx context.Context, - client graphql.Client, - filter ArtifactSpec, -) (*ArtifactsResponse, error) { - req := &graphql.Request{ - OpName: "Artifacts", - Query: Artifacts_Operation, - Variables: &__ArtifactsInput{ - Filter: filter, - }, - } - var err error - var data ArtifactsResponse - resp := &graphql.Response{Data: &data} +// GetArtifacts returns __CertifyGoodArtifactsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__CertifyGoodArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetCertifyGoods returns __CertifyGoodArtifactsInput.CertifyGoods, and is useful for accessing the field via an interface. +func (v *__CertifyGoodArtifactsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } - return &data, err +// __CertifyGoodPkgInput is used internally by genqlient +type __CertifyGoodPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + CertifyGood CertifyGoodInputSpec `json:"certifyGood"` } -// The query or mutation executed by CVEs. -const CVEs_Operation = ` -query CVEs ($filter: CVESpec!) { - cve(cveSpec: $filter) { - ... AllCveTree - } -} -fragment AllCveTree on CVE { - id - year - cveId +// GetPkg returns __CertifyGoodPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetPkgMatchType returns __CertifyGoodPkgInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } + +// GetCertifyGood returns __CertifyGoodPkgInput.CertifyGood, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } + +// __CertifyGoodPkgsInput is used internally by genqlient +type __CertifyGoodPkgsInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` } -` -func CVEs( - ctx context.Context, - client graphql.Client, - filter CVESpec, -) (*CVEsResponse, error) { - req := &graphql.Request{ - OpName: "CVEs", - Query: CVEs_Operation, - Variables: &__CVEsInput{ - Filter: filter, - }, - } - var err error +// GetPkgs returns __CertifyGoodPkgsInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } - var data CVEsResponse - resp := &graphql.Response{Data: &data} +// GetPkgMatchType returns __CertifyGoodPkgsInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgsInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetCertifyGoods returns __CertifyGoodPkgsInput.CertifyGoods, and is useful for accessing the field via an interface. +func (v *__CertifyGoodPkgsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } - return &data, err +// __CertifyGoodSrcInput is used internally by genqlient +type __CertifyGoodSrcInput struct { + Source SourceInputSpec `json:"source"` + CertifyGood CertifyGoodInputSpec `json:"certifyGood"` } -// The query or mutation executed by CertifyBadArtifact. -const CertifyBadArtifact_Operation = ` -mutation CertifyBadArtifact ($artifact: ArtifactInputSpec!, $certifyBad: CertifyBadInputSpec!) { - ingestCertifyBad(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBad: $certifyBad) { - ... AllCertifyBad - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } -} -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} -` +// GetSource returns __CertifyGoodSrcInput.Source, and is useful for accessing the field via an interface. +func (v *__CertifyGoodSrcInput) GetSource() SourceInputSpec { return v.Source } -func CertifyBadArtifact( - ctx context.Context, - client graphql.Client, - artifact ArtifactInputSpec, - certifyBad CertifyBadInputSpec, -) (*CertifyBadArtifactResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadArtifact", - Query: CertifyBadArtifact_Operation, - Variables: &__CertifyBadArtifactInput{ - Artifact: artifact, - CertifyBad: certifyBad, - }, - } - var err error +// GetCertifyGood returns __CertifyGoodSrcInput.CertifyGood, and is useful for accessing the field via an interface. +func (v *__CertifyGoodSrcInput) GetCertifyGood() CertifyGoodInputSpec { return v.CertifyGood } - var data CertifyBadArtifactResponse - resp := &graphql.Response{Data: &data} +// __CertifyGoodSrcsInput is used internally by genqlient +type __CertifyGoodSrcsInput struct { + Sources []SourceInputSpec `json:"sources"` + CertifyGoods []CertifyGoodInputSpec `json:"certifyGoods"` +} - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetSources returns __CertifyGoodSrcsInput.Sources, and is useful for accessing the field via an interface. +func (v *__CertifyGoodSrcsInput) GetSources() []SourceInputSpec { return v.Sources } - return &data, err -} +// GetCertifyGoods returns __CertifyGoodSrcsInput.CertifyGoods, and is useful for accessing the field via an interface. +func (v *__CertifyGoodSrcsInput) GetCertifyGoods() []CertifyGoodInputSpec { return v.CertifyGoods } -// The query or mutation executed by CertifyBadArtifacts. -const CertifyBadArtifacts_Operation = ` -mutation CertifyBadArtifacts ($artifacts: [ArtifactInputSpec!]!, $certifyBads: [CertifyBadInputSpec!]!) { - ingestCertifyBads(subjects: {artifacts:$artifacts}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBads: $certifyBads) { - ... AllCertifyBad - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } -} -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest +// __CertifyScorecardInput is used internally by genqlient +type __CertifyScorecardInput struct { + Source SourceInputSpec `json:"source"` + Scorecard ScorecardInputSpec `json:"scorecard"` } -` -func CertifyBadArtifacts( - ctx context.Context, - client graphql.Client, - artifacts []ArtifactInputSpec, - certifyBads []CertifyBadInputSpec, -) (*CertifyBadArtifactsResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadArtifacts", - Query: CertifyBadArtifacts_Operation, - Variables: &__CertifyBadArtifactsInput{ - Artifacts: artifacts, - CertifyBads: certifyBads, - }, - } - var err error +// GetSource returns __CertifyScorecardInput.Source, and is useful for accessing the field via an interface. +func (v *__CertifyScorecardInput) GetSource() SourceInputSpec { return v.Source } - var data CertifyBadArtifactsResponse - resp := &graphql.Response{Data: &data} +// GetScorecard returns __CertifyScorecardInput.Scorecard, and is useful for accessing the field via an interface. +func (v *__CertifyScorecardInput) GetScorecard() ScorecardInputSpec { return v.Scorecard } + +// __CertifyScorecardsInput is used internally by genqlient +type __CertifyScorecardsInput struct { + Sources []SourceInputSpec `json:"sources"` + Scorecards []ScorecardInputSpec `json:"scorecards"` +} + +// GetSources returns __CertifyScorecardsInput.Sources, and is useful for accessing the field via an interface. +func (v *__CertifyScorecardsInput) GetSources() []SourceInputSpec { return v.Sources } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetScorecards returns __CertifyScorecardsInput.Scorecards, and is useful for accessing the field via an interface. +func (v *__CertifyScorecardsInput) GetScorecards() []ScorecardInputSpec { return v.Scorecards } - return &data, err +// __CertifyVexArtifactInput is used internally by genqlient +type __CertifyVexArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + Vulnerability VulnerabilityInputSpec `json:"vulnerability"` + VexStatement VexStatementInputSpec `json:"vexStatement"` } -// The query or mutation executed by CertifyBadPkg. -const CertifyBadPkg_Operation = ` -mutation CertifyBadPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $certifyBad: CertifyBadInputSpec!) { - ingestCertifyBad(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, certifyBad: $certifyBad) { - ... AllCertifyBad - } +// GetArtifact returns __CertifyVexArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__CertifyVexArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetVulnerability returns __CertifyVexArtifactInput.Vulnerability, and is useful for accessing the field via an interface. +func (v *__CertifyVexArtifactInput) GetVulnerability() VulnerabilityInputSpec { return v.Vulnerability } + +// GetVexStatement returns __CertifyVexArtifactInput.VexStatement, and is useful for accessing the field via an interface. +func (v *__CertifyVexArtifactInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } + +// __CertifyVexPkgInput is used internally by genqlient +type __CertifyVexPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + Vulnerability VulnerabilityInputSpec `json:"vulnerability"` + VexStatement VexStatementInputSpec `json:"vexStatement"` } -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector + +// GetPkg returns __CertifyVexPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__CertifyVexPkgInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetVulnerability returns __CertifyVexPkgInput.Vulnerability, and is useful for accessing the field via an interface. +func (v *__CertifyVexPkgInput) GetVulnerability() VulnerabilityInputSpec { return v.Vulnerability } + +// GetVexStatement returns __CertifyVexPkgInput.VexStatement, and is useful for accessing the field via an interface. +func (v *__CertifyVexPkgInput) GetVexStatement() VexStatementInputSpec { return v.VexStatement } + +// __CertifyVulnPkgInput is used internally by genqlient +type __CertifyVulnPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + Vulnerability VulnerabilityInputSpec `json:"vulnerability"` + CertifyVuln ScanMetadataInput `json:"certifyVuln"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetPkg returns __CertifyVulnPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__CertifyVulnPkgInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetVulnerability returns __CertifyVulnPkgInput.Vulnerability, and is useful for accessing the field via an interface. +func (v *__CertifyVulnPkgInput) GetVulnerability() VulnerabilityInputSpec { return v.Vulnerability } + +// GetCertifyVuln returns __CertifyVulnPkgInput.CertifyVuln, and is useful for accessing the field via an interface. +func (v *__CertifyVulnPkgInput) GetCertifyVuln() ScanMetadataInput { return v.CertifyVuln } + +// __FindSoftwareInput is used internally by genqlient +type __FindSoftwareInput struct { + SearchText string `json:"searchText"` } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + +// GetSearchText returns __FindSoftwareInput.SearchText, and is useful for accessing the field via an interface. +func (v *__FindSoftwareInput) GetSearchText() string { return v.SearchText } + +// __HasMetadataArtifactInput is used internally by genqlient +type __HasMetadataArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + HasMetadata HasMetadataInputSpec `json:"hasMetadata"` } -fragment AllArtifactTree on Artifact { - id - algorithm - digest + +// GetArtifact returns __HasMetadataArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__HasMetadataArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetHasMetadata returns __HasMetadataArtifactInput.HasMetadata, and is useful for accessing the field via an interface. +func (v *__HasMetadataArtifactInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } + +// __HasMetadataPkgInput is used internally by genqlient +type __HasMetadataPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + HasMetadata HasMetadataInputSpec `json:"hasMetadata"` } -` -func CertifyBadPkg( - ctx context.Context, - client graphql.Client, - pkg PkgInputSpec, - pkgMatchType MatchFlags, - certifyBad CertifyBadInputSpec, -) (*CertifyBadPkgResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadPkg", - Query: CertifyBadPkg_Operation, - Variables: &__CertifyBadPkgInput{ - Pkg: pkg, - PkgMatchType: pkgMatchType, - CertifyBad: certifyBad, - }, - } - var err error +// GetPkg returns __HasMetadataPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__HasMetadataPkgInput) GetPkg() PkgInputSpec { return v.Pkg } - var data CertifyBadPkgResponse - resp := &graphql.Response{Data: &data} +// GetPkgMatchType returns __HasMetadataPkgInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__HasMetadataPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetHasMetadata returns __HasMetadataPkgInput.HasMetadata, and is useful for accessing the field via an interface. +func (v *__HasMetadataPkgInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } - return &data, err +// __HasMetadataSrcInput is used internally by genqlient +type __HasMetadataSrcInput struct { + Source SourceInputSpec `json:"source"` + HasMetadata HasMetadataInputSpec `json:"hasMetadata"` } -// The query or mutation executed by CertifyBadPkgs. -const CertifyBadPkgs_Operation = ` -mutation CertifyBadPkgs ($pkgs: [PkgInputSpec!]!, $pkgMatchType: MatchFlags!, $certifyBads: [CertifyBadInputSpec!]!) { - ingestCertifyBads(subjects: {packages:$pkgs}, pkgMatchType: $pkgMatchType, certifyBads: $certifyBads) { - ... AllCertifyBad - } +// GetSource returns __HasMetadataSrcInput.Source, and is useful for accessing the field via an interface. +func (v *__HasMetadataSrcInput) GetSource() SourceInputSpec { return v.Source } + +// GetHasMetadata returns __HasMetadataSrcInput.HasMetadata, and is useful for accessing the field via an interface. +func (v *__HasMetadataSrcInput) GetHasMetadata() HasMetadataInputSpec { return v.HasMetadata } + +// __HasSBOMArtifactInput is used internally by genqlient +type __HasSBOMArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + HasSBOM HasSBOMInputSpec `json:"hasSBOM"` } -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector + +// GetArtifact returns __HasSBOMArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__HasSBOMArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetHasSBOM returns __HasSBOMArtifactInput.HasSBOM, and is useful for accessing the field via an interface. +func (v *__HasSBOMArtifactInput) GetHasSBOM() HasSBOMInputSpec { return v.HasSBOM } + +// __HasSBOMArtifactsInput is used internally by genqlient +type __HasSBOMArtifactsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` + HasSBOMs []HasSBOMInputSpec `json:"hasSBOMs"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetArtifacts returns __HasSBOMArtifactsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__HasSBOMArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + +// GetHasSBOMs returns __HasSBOMArtifactsInput.HasSBOMs, and is useful for accessing the field via an interface. +func (v *__HasSBOMArtifactsInput) GetHasSBOMs() []HasSBOMInputSpec { return v.HasSBOMs } + +// __HasSBOMPkgInput is used internally by genqlient +type __HasSBOMPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + HasSBOM HasSBOMInputSpec `json:"hasSBOM"` } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + +// GetPkg returns __HasSBOMPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__HasSBOMPkgInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetHasSBOM returns __HasSBOMPkgInput.HasSBOM, and is useful for accessing the field via an interface. +func (v *__HasSBOMPkgInput) GetHasSBOM() HasSBOMInputSpec { return v.HasSBOM } + +// __HasSBOMPkgsInput is used internally by genqlient +type __HasSBOMPkgsInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` + HasSBOMs []HasSBOMInputSpec `json:"hasSBOMs"` } -fragment AllArtifactTree on Artifact { - id - algorithm - digest + +// GetPkgs returns __HasSBOMPkgsInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__HasSBOMPkgsInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + +// GetHasSBOMs returns __HasSBOMPkgsInput.HasSBOMs, and is useful for accessing the field via an interface. +func (v *__HasSBOMPkgsInput) GetHasSBOMs() []HasSBOMInputSpec { return v.HasSBOMs } + +// __HasSourceAtInput is used internally by genqlient +type __HasSourceAtInput struct { + Pkg PkgInputSpec `json:"pkg"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + Source SourceInputSpec `json:"source"` + HasSourceAt HasSourceAtInputSpec `json:"hasSourceAt"` } -` -func CertifyBadPkgs( - ctx context.Context, - client graphql.Client, - pkgs []PkgInputSpec, - pkgMatchType MatchFlags, - certifyBads []CertifyBadInputSpec, -) (*CertifyBadPkgsResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadPkgs", - Query: CertifyBadPkgs_Operation, - Variables: &__CertifyBadPkgsInput{ - Pkgs: pkgs, - PkgMatchType: pkgMatchType, - CertifyBads: certifyBads, - }, - } - var err error +// GetPkg returns __HasSourceAtInput.Pkg, and is useful for accessing the field via an interface. +func (v *__HasSourceAtInput) GetPkg() PkgInputSpec { return v.Pkg } - var data CertifyBadPkgsResponse - resp := &graphql.Response{Data: &data} +// GetPkgMatchType returns __HasSourceAtInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__HasSourceAtInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetSource returns __HasSourceAtInput.Source, and is useful for accessing the field via an interface. +func (v *__HasSourceAtInput) GetSource() SourceInputSpec { return v.Source } - return &data, err -} +// GetHasSourceAt returns __HasSourceAtInput.HasSourceAt, and is useful for accessing the field via an interface. +func (v *__HasSourceAtInput) GetHasSourceAt() HasSourceAtInputSpec { return v.HasSourceAt } -// The query or mutation executed by CertifyBadSrc. -const CertifyBadSrc_Operation = ` -mutation CertifyBadSrc ($source: SourceInputSpec!, $certifyBad: CertifyBadInputSpec!) { - ingestCertifyBad(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBad: $certifyBad) { - ... AllCertifyBad - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } -} -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest +// __HashEqualInput is used internally by genqlient +type __HashEqualInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + OtherArtifact ArtifactInputSpec `json:"otherArtifact"` + HashEqual HashEqualInputSpec `json:"hashEqual"` } -` -func CertifyBadSrc( - ctx context.Context, - client graphql.Client, - source SourceInputSpec, - certifyBad CertifyBadInputSpec, -) (*CertifyBadSrcResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadSrc", - Query: CertifyBadSrc_Operation, - Variables: &__CertifyBadSrcInput{ - Source: source, - CertifyBad: certifyBad, - }, - } - var err error +// GetArtifact returns __HashEqualInput.Artifact, and is useful for accessing the field via an interface. +func (v *__HashEqualInput) GetArtifact() ArtifactInputSpec { return v.Artifact } - var data CertifyBadSrcResponse - resp := &graphql.Response{Data: &data} +// GetOtherArtifact returns __HashEqualInput.OtherArtifact, and is useful for accessing the field via an interface. +func (v *__HashEqualInput) GetOtherArtifact() ArtifactInputSpec { return v.OtherArtifact } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetHashEqual returns __HashEqualInput.HashEqual, and is useful for accessing the field via an interface. +func (v *__HashEqualInput) GetHashEqual() HashEqualInputSpec { return v.HashEqual } - return &data, err +// __HashEqualsInput is used internally by genqlient +type __HashEqualsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` + OtherArtifacts []ArtifactInputSpec `json:"otherArtifacts"` + HashEquals []HashEqualInputSpec `json:"hashEquals"` } -// The query or mutation executed by CertifyBadSrcs. -const CertifyBadSrcs_Operation = ` -mutation CertifyBadSrcs ($sources: [SourceInputSpec!]!, $certifyBads: [CertifyBadInputSpec!]!) { - ingestCertifyBads(subjects: {sources:$sources}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBads: $certifyBads) { - ... AllCertifyBad - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector +// GetArtifacts returns __HashEqualsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__HashEqualsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + +// GetOtherArtifacts returns __HashEqualsInput.OtherArtifacts, and is useful for accessing the field via an interface. +func (v *__HashEqualsInput) GetOtherArtifacts() []ArtifactInputSpec { return v.OtherArtifacts } + +// GetHashEquals returns __HashEqualsInput.HashEquals, and is useful for accessing the field via an interface. +func (v *__HashEqualsInput) GetHashEquals() []HashEqualInputSpec { return v.HashEquals } + +// __IngestArtifactInput is used internally by genqlient +type __IngestArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetArtifact returns __IngestArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__IngestArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// __IngestArtifactsInput is used internally by genqlient +type __IngestArtifactsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + +// GetArtifacts returns __IngestArtifactsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__IngestArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + +// __IngestBuilderInput is used internally by genqlient +type __IngestBuilderInput struct { + Builder BuilderInputSpec `json:"builder"` } -fragment AllArtifactTree on Artifact { - id - algorithm - digest + +// GetBuilder returns __IngestBuilderInput.Builder, and is useful for accessing the field via an interface. +func (v *__IngestBuilderInput) GetBuilder() BuilderInputSpec { return v.Builder } + +// __IngestBuildersInput is used internally by genqlient +type __IngestBuildersInput struct { + Builders []BuilderInputSpec `json:"builders"` } -` -func CertifyBadSrcs( - ctx context.Context, - client graphql.Client, - sources []SourceInputSpec, - certifyBads []CertifyBadInputSpec, -) (*CertifyBadSrcsResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBadSrcs", - Query: CertifyBadSrcs_Operation, - Variables: &__CertifyBadSrcsInput{ - Sources: sources, - CertifyBads: certifyBads, - }, - } - var err error +// GetBuilders returns __IngestBuildersInput.Builders, and is useful for accessing the field via an interface. +func (v *__IngestBuildersInput) GetBuilders() []BuilderInputSpec { return v.Builders } + +// __IngestPackageInput is used internally by genqlient +type __IngestPackageInput struct { + Pkg PkgInputSpec `json:"pkg"` +} - var data CertifyBadSrcsResponse - resp := &graphql.Response{Data: &data} +// GetPkg returns __IngestPackageInput.Pkg, and is useful for accessing the field via an interface. +func (v *__IngestPackageInput) GetPkg() PkgInputSpec { return v.Pkg } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// __IngestPackagesInput is used internally by genqlient +type __IngestPackagesInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` +} - return &data, err +// GetPkgs returns __IngestPackagesInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__IngestPackagesInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + +// __IngestSourceInput is used internally by genqlient +type __IngestSourceInput struct { + Source SourceInputSpec `json:"source"` } -// The query or mutation executed by CertifyBads. -const CertifyBads_Operation = ` -query CertifyBads ($filter: CertifyBadSpec!) { - CertifyBad(certifyBadSpec: $filter) { - ... AllCertifyBad - } +// GetSource returns __IngestSourceInput.Source, and is useful for accessing the field via an interface. +func (v *__IngestSourceInput) GetSource() SourceInputSpec { return v.Source } + +// __IngestSourcesInput is used internally by genqlient +type __IngestSourcesInput struct { + Sources []SourceInputSpec `json:"sources"` } -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector + +// GetSources returns __IngestSourcesInput.Sources, and is useful for accessing the field via an interface. +func (v *__IngestSourcesInput) GetSources() []SourceInputSpec { return v.Sources } + +// __IngestVulnerabilitiesInput is used internally by genqlient +type __IngestVulnerabilitiesInput struct { + Vulns []VulnerabilityInputSpec `json:"vulns"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetVulns returns __IngestVulnerabilitiesInput.Vulns, and is useful for accessing the field via an interface. +func (v *__IngestVulnerabilitiesInput) GetVulns() []VulnerabilityInputSpec { return v.Vulns } + +// __IngestVulnerabilityInput is used internally by genqlient +type __IngestVulnerabilityInput struct { + Vuln VulnerabilityInputSpec `json:"vuln"` } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + +// GetVuln returns __IngestVulnerabilityInput.Vuln, and is useful for accessing the field via an interface. +func (v *__IngestVulnerabilityInput) GetVuln() VulnerabilityInputSpec { return v.Vuln } + +// __IsDependenciesInput is used internally by genqlient +type __IsDependenciesInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` + DepPkgs []PkgInputSpec `json:"depPkgs"` + Dependencies []IsDependencyInputSpec `json:"dependencies"` } -fragment AllArtifactTree on Artifact { - id - algorithm - digest + +// GetPkgs returns __IsDependenciesInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__IsDependenciesInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + +// GetDepPkgs returns __IsDependenciesInput.DepPkgs, and is useful for accessing the field via an interface. +func (v *__IsDependenciesInput) GetDepPkgs() []PkgInputSpec { return v.DepPkgs } + +// GetDependencies returns __IsDependenciesInput.Dependencies, and is useful for accessing the field via an interface. +func (v *__IsDependenciesInput) GetDependencies() []IsDependencyInputSpec { return v.Dependencies } + +// __IsDependencyInput is used internally by genqlient +type __IsDependencyInput struct { + Pkg PkgInputSpec `json:"pkg"` + DepPkg PkgInputSpec `json:"depPkg"` + Dependency IsDependencyInputSpec `json:"dependency"` } -` -func CertifyBads( - ctx context.Context, - client graphql.Client, - filter CertifyBadSpec, -) (*CertifyBadsResponse, error) { - req := &graphql.Request{ - OpName: "CertifyBads", - Query: CertifyBads_Operation, - Variables: &__CertifyBadsInput{ - Filter: filter, - }, - } - var err error +// GetPkg returns __IsDependencyInput.Pkg, and is useful for accessing the field via an interface. +func (v *__IsDependencyInput) GetPkg() PkgInputSpec { return v.Pkg } - var data CertifyBadsResponse - resp := &graphql.Response{Data: &data} +// GetDepPkg returns __IsDependencyInput.DepPkg, and is useful for accessing the field via an interface. +func (v *__IsDependencyInput) GetDepPkg() PkgInputSpec { return v.DepPkg } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetDependency returns __IsDependencyInput.Dependency, and is useful for accessing the field via an interface. +func (v *__IsDependencyInput) GetDependency() IsDependencyInputSpec { return v.Dependency } - return &data, err +// __IsOccurrencePkgInput is used internally by genqlient +type __IsOccurrencePkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + Artifact ArtifactInputSpec `json:"artifact"` + Occurrence IsOccurrenceInputSpec `json:"occurrence"` } -// The query or mutation executed by CertifyCVE. -const CertifyCVE_Operation = ` -mutation CertifyCVE ($pkg: PkgInputSpec!, $cve: CVEInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {cve:$cve}, certifyVuln: $certifyVuln) { - ... AllCertifyVuln - } +// GetPkg returns __IsOccurrencePkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__IsOccurrencePkgInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetArtifact returns __IsOccurrencePkgInput.Artifact, and is useful for accessing the field via an interface. +func (v *__IsOccurrencePkgInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetOccurrence returns __IsOccurrencePkgInput.Occurrence, and is useful for accessing the field via an interface. +func (v *__IsOccurrencePkgInput) GetOccurrence() IsOccurrenceInputSpec { return v.Occurrence } + +// __IsOccurrenceSrcInput is used internally by genqlient +type __IsOccurrenceSrcInput struct { + Source SourceInputSpec `json:"source"` + Artifact ArtifactInputSpec `json:"artifact"` + Occurrence IsOccurrenceInputSpec `json:"occurrence"` } -fragment AllCertifyVuln on CertifyVuln { - id - package { - ... AllPkgTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } - } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector - } + +// GetSource returns __IsOccurrenceSrcInput.Source, and is useful for accessing the field via an interface. +func (v *__IsOccurrenceSrcInput) GetSource() SourceInputSpec { return v.Source } + +// GetArtifact returns __IsOccurrenceSrcInput.Artifact, and is useful for accessing the field via an interface. +func (v *__IsOccurrenceSrcInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetOccurrence returns __IsOccurrenceSrcInput.Occurrence, and is useful for accessing the field via an interface. +func (v *__IsOccurrenceSrcInput) GetOccurrence() IsOccurrenceInputSpec { return v.Occurrence } + +// __IsOccurrencesPkgInput is used internally by genqlient +type __IsOccurrencesPkgInput struct { + Pkgs []PkgInputSpec `json:"pkgs"` + Artifacts []ArtifactInputSpec `json:"artifacts"` + Occurrences []IsOccurrenceInputSpec `json:"occurrences"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetPkgs returns __IsOccurrencesPkgInput.Pkgs, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesPkgInput) GetPkgs() []PkgInputSpec { return v.Pkgs } + +// GetArtifacts returns __IsOccurrencesPkgInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesPkgInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + +// GetOccurrences returns __IsOccurrencesPkgInput.Occurrences, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesPkgInput) GetOccurrences() []IsOccurrenceInputSpec { return v.Occurrences } + +// __IsOccurrencesSrcInput is used internally by genqlient +type __IsOccurrencesSrcInput struct { + Sources []SourceInputSpec `json:"sources"` + Artifacts []ArtifactInputSpec `json:"artifacts"` + Occurrences []IsOccurrenceInputSpec `json:"occurrences"` } -fragment AllCveTree on CVE { - id - year - cveId + +// GetSources returns __IsOccurrencesSrcInput.Sources, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesSrcInput) GetSources() []SourceInputSpec { return v.Sources } + +// GetArtifacts returns __IsOccurrencesSrcInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesSrcInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } + +// GetOccurrences returns __IsOccurrencesSrcInput.Occurrences, and is useful for accessing the field via an interface. +func (v *__IsOccurrencesSrcInput) GetOccurrences() []IsOccurrenceInputSpec { return v.Occurrences } + +// __NeighborsInput is used internally by genqlient +type __NeighborsInput struct { + Node string `json:"node"` + UsingOnly []Edge `json:"usingOnly"` +} + +// GetNode returns __NeighborsInput.Node, and is useful for accessing the field via an interface. +func (v *__NeighborsInput) GetNode() string { return v.Node } + +// GetUsingOnly returns __NeighborsInput.UsingOnly, and is useful for accessing the field via an interface. +func (v *__NeighborsInput) GetUsingOnly() []Edge { return v.UsingOnly } + +// __NodeInput is used internally by genqlient +type __NodeInput struct { + Node string `json:"node"` } -fragment AllOSVTree on OSV { - id - osvId + +// GetNode returns __NodeInput.Node, and is useful for accessing the field via an interface. +func (v *__NodeInput) GetNode() string { return v.Node } + +// __NodesInput is used internally by genqlient +type __NodesInput struct { + Nodes []string `json:"nodes"` } -fragment AllGHSATree on GHSA { - id - ghsaId + +// GetNodes returns __NodesInput.Nodes, and is useful for accessing the field via an interface. +func (v *__NodesInput) GetNodes() []string { return v.Nodes } + +// __PackageNamesInput is used internally by genqlient +type __PackageNamesInput struct { + Filter PkgSpec `json:"filter"` } -` -func CertifyCVE( - ctx context.Context, - client graphql.Client, - pkg PkgInputSpec, - cve CVEInputSpec, - certifyVuln VulnerabilityMetaDataInput, -) (*CertifyCVEResponse, error) { - req := &graphql.Request{ - OpName: "CertifyCVE", - Query: CertifyCVE_Operation, - Variables: &__CertifyCVEInput{ - Pkg: pkg, - Cve: cve, - CertifyVuln: certifyVuln, - }, - } - var err error +// GetFilter returns __PackageNamesInput.Filter, and is useful for accessing the field via an interface. +func (v *__PackageNamesInput) GetFilter() PkgSpec { return v.Filter } - var data CertifyCVEResponse - resp := &graphql.Response{Data: &data} +// __PackageNamespacesInput is used internally by genqlient +type __PackageNamespacesInput struct { + Filter PkgSpec `json:"filter"` +} - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetFilter returns __PackageNamespacesInput.Filter, and is useful for accessing the field via an interface. +func (v *__PackageNamespacesInput) GetFilter() PkgSpec { return v.Filter } - return &data, err +// __PackageTypesInput is used internally by genqlient +type __PackageTypesInput struct { + Filter PkgSpec `json:"filter"` } -// The query or mutation executed by CertifyGHSA. -const CertifyGHSA_Operation = ` -mutation CertifyGHSA ($pkg: PkgInputSpec!, $ghsa: GHSAInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {ghsa:$ghsa}, certifyVuln: $certifyVuln) { - ... AllCertifyVuln - } +// GetFilter returns __PackageTypesInput.Filter, and is useful for accessing the field via an interface. +func (v *__PackageTypesInput) GetFilter() PkgSpec { return v.Filter } + +// __PackageVersionsInput is used internally by genqlient +type __PackageVersionsInput struct { + Filter PkgSpec `json:"filter"` } -fragment AllCertifyVuln on CertifyVuln { - id - package { - ... AllPkgTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } - } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector - } + +// GetFilter returns __PackageVersionsInput.Filter, and is useful for accessing the field via an interface. +func (v *__PackageVersionsInput) GetFilter() PkgSpec { return v.Filter } + +// __PackagesInput is used internally by genqlient +type __PackagesInput struct { + Filter PkgSpec `json:"filter"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetFilter returns __PackagesInput.Filter, and is useful for accessing the field via an interface. +func (v *__PackagesInput) GetFilter() PkgSpec { return v.Filter } + +// __PathInput is used internally by genqlient +type __PathInput struct { + Subject string `json:"subject"` + Target string `json:"target"` + MaxPathLength int `json:"maxPathLength"` + UsingOnly []Edge `json:"usingOnly"` } -fragment AllCveTree on CVE { - id - year - cveId + +// GetSubject returns __PathInput.Subject, and is useful for accessing the field via an interface. +func (v *__PathInput) GetSubject() string { return v.Subject } + +// GetTarget returns __PathInput.Target, and is useful for accessing the field via an interface. +func (v *__PathInput) GetTarget() string { return v.Target } + +// GetMaxPathLength returns __PathInput.MaxPathLength, and is useful for accessing the field via an interface. +func (v *__PathInput) GetMaxPathLength() int { return v.MaxPathLength } + +// GetUsingOnly returns __PathInput.UsingOnly, and is useful for accessing the field via an interface. +func (v *__PathInput) GetUsingOnly() []Edge { return v.UsingOnly } + +// __PkgEqualInput is used internally by genqlient +type __PkgEqualInput struct { + Pkg PkgInputSpec `json:"pkg"` + OtherPackage PkgInputSpec `json:"otherPackage"` + PkgEqual PkgEqualInputSpec `json:"pkgEqual"` } -fragment AllOSVTree on OSV { - id - osvId + +// GetPkg returns __PkgEqualInput.Pkg, and is useful for accessing the field via an interface. +func (v *__PkgEqualInput) GetPkg() PkgInputSpec { return v.Pkg } + +// GetOtherPackage returns __PkgEqualInput.OtherPackage, and is useful for accessing the field via an interface. +func (v *__PkgEqualInput) GetOtherPackage() PkgInputSpec { return v.OtherPackage } + +// GetPkgEqual returns __PkgEqualInput.PkgEqual, and is useful for accessing the field via an interface. +func (v *__PkgEqualInput) GetPkgEqual() PkgEqualInputSpec { return v.PkgEqual } + +// __PointOfContactArtifactInput is used internally by genqlient +type __PointOfContactArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + PointOfContact PointOfContactInputSpec `json:"pointOfContact"` } -fragment AllGHSATree on GHSA { - id - ghsaId + +// GetArtifact returns __PointOfContactArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__PointOfContactArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetPointOfContact returns __PointOfContactArtifactInput.PointOfContact, and is useful for accessing the field via an interface. +func (v *__PointOfContactArtifactInput) GetPointOfContact() PointOfContactInputSpec { + return v.PointOfContact } -` -func CertifyGHSA( - ctx context.Context, - client graphql.Client, - pkg PkgInputSpec, - ghsa GHSAInputSpec, - certifyVuln VulnerabilityMetaDataInput, -) (*CertifyGHSAResponse, error) { - req := &graphql.Request{ - OpName: "CertifyGHSA", - Query: CertifyGHSA_Operation, - Variables: &__CertifyGHSAInput{ - Pkg: pkg, - Ghsa: ghsa, - CertifyVuln: certifyVuln, - }, - } - var err error +// __PointOfContactPkgInput is used internally by genqlient +type __PointOfContactPkgInput struct { + Pkg PkgInputSpec `json:"pkg"` + PkgMatchType MatchFlags `json:"pkgMatchType"` + PointOfContact PointOfContactInputSpec `json:"pointOfContact"` +} - var data CertifyGHSAResponse - resp := &graphql.Response{Data: &data} +// GetPkg returns __PointOfContactPkgInput.Pkg, and is useful for accessing the field via an interface. +func (v *__PointOfContactPkgInput) GetPkg() PkgInputSpec { return v.Pkg } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetPkgMatchType returns __PointOfContactPkgInput.PkgMatchType, and is useful for accessing the field via an interface. +func (v *__PointOfContactPkgInput) GetPkgMatchType() MatchFlags { return v.PkgMatchType } - return &data, err +// GetPointOfContact returns __PointOfContactPkgInput.PointOfContact, and is useful for accessing the field via an interface. +func (v *__PointOfContactPkgInput) GetPointOfContact() PointOfContactInputSpec { + return v.PointOfContact } -// The query or mutation executed by CertifyGoodArtifact. -const CertifyGoodArtifact_Operation = ` -mutation CertifyGoodArtifact ($artifact: ArtifactInputSpec!, $certifyGood: CertifyGoodInputSpec!) { - ingestCertifyGood(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGood: $certifyGood) { - ... AllCertifyGood - } -} -fragment AllCertifyGood on CertifyGood { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector +// __PointOfContactSrcInput is used internally by genqlient +type __PointOfContactSrcInput struct { + Source SourceInputSpec `json:"source"` + PointOfContact PointOfContactInputSpec `json:"pointOfContact"` } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetSource returns __PointOfContactSrcInput.Source, and is useful for accessing the field via an interface. +func (v *__PointOfContactSrcInput) GetSource() SourceInputSpec { return v.Source } + +// GetPointOfContact returns __PointOfContactSrcInput.PointOfContact, and is useful for accessing the field via an interface. +func (v *__PointOfContactSrcInput) GetPointOfContact() PointOfContactInputSpec { + return v.PointOfContact } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + +// __SLSAForArtifactInput is used internally by genqlient +type __SLSAForArtifactInput struct { + Artifact ArtifactInputSpec `json:"artifact"` + Materials []ArtifactInputSpec `json:"materials"` + Builder BuilderInputSpec `json:"builder"` + Slsa SLSAInputSpec `json:"slsa"` } -fragment AllArtifactTree on Artifact { - id - algorithm - digest + +// GetArtifact returns __SLSAForArtifactInput.Artifact, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactInput) GetArtifact() ArtifactInputSpec { return v.Artifact } + +// GetMaterials returns __SLSAForArtifactInput.Materials, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactInput) GetMaterials() []ArtifactInputSpec { return v.Materials } + +// GetBuilder returns __SLSAForArtifactInput.Builder, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactInput) GetBuilder() BuilderInputSpec { return v.Builder } + +// GetSlsa returns __SLSAForArtifactInput.Slsa, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactInput) GetSlsa() SLSAInputSpec { return v.Slsa } + +// __SLSAForArtifactsInput is used internally by genqlient +type __SLSAForArtifactsInput struct { + Artifacts []ArtifactInputSpec `json:"artifacts"` + MaterialsList [][]ArtifactInputSpec `json:"materialsList"` + Builders []BuilderInputSpec `json:"builders"` + SlsaList []SLSAInputSpec `json:"slsaList"` } -` -func CertifyGoodArtifact( - ctx context.Context, - client graphql.Client, - artifact ArtifactInputSpec, - certifyGood CertifyGoodInputSpec, -) (*CertifyGoodArtifactResponse, error) { - req := &graphql.Request{ - OpName: "CertifyGoodArtifact", - Query: CertifyGoodArtifact_Operation, - Variables: &__CertifyGoodArtifactInput{ - Artifact: artifact, - CertifyGood: certifyGood, - }, - } - var err error +// GetArtifacts returns __SLSAForArtifactsInput.Artifacts, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactsInput) GetArtifacts() []ArtifactInputSpec { return v.Artifacts } - var data CertifyGoodArtifactResponse - resp := &graphql.Response{Data: &data} +// GetMaterialsList returns __SLSAForArtifactsInput.MaterialsList, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactsInput) GetMaterialsList() [][]ArtifactInputSpec { return v.MaterialsList } - err = client.MakeRequest( - ctx, - req, - resp, - ) +// GetBuilders returns __SLSAForArtifactsInput.Builders, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactsInput) GetBuilders() []BuilderInputSpec { return v.Builders } - return &data, err +// GetSlsaList returns __SLSAForArtifactsInput.SlsaList, and is useful for accessing the field via an interface. +func (v *__SLSAForArtifactsInput) GetSlsaList() []SLSAInputSpec { return v.SlsaList } + +// __SourcesInput is used internally by genqlient +type __SourcesInput struct { + Filter SourceSpec `json:"filter"` } -// The query or mutation executed by CertifyGoodArtifacts. -const CertifyGoodArtifacts_Operation = ` -mutation CertifyGoodArtifacts ($artifacts: [ArtifactInputSpec!]!, $certifyGoods: [CertifyGoodInputSpec!]!) { - ingestCertifyGoods(subjects: {artifacts:$artifacts}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGoods: $certifyGoods) { - ... AllCertifyGood - } +// GetFilter returns __SourcesInput.Filter, and is useful for accessing the field via an interface. +func (v *__SourcesInput) GetFilter() SourceSpec { return v.Filter } + +// __VulnEqualInput is used internally by genqlient +type __VulnEqualInput struct { + Vulnerability VulnerabilityInputSpec `json:"vulnerability"` + OtherVulnerability VulnerabilityInputSpec `json:"otherVulnerability"` + VulnEqual VulnEqualInputSpec `json:"vulnEqual"` } -fragment AllCertifyGood on CertifyGood { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector + +// GetVulnerability returns __VulnEqualInput.Vulnerability, and is useful for accessing the field via an interface. +func (v *__VulnEqualInput) GetVulnerability() VulnerabilityInputSpec { return v.Vulnerability } + +// GetOtherVulnerability returns __VulnEqualInput.OtherVulnerability, and is useful for accessing the field via an interface. +func (v *__VulnEqualInput) GetOtherVulnerability() VulnerabilityInputSpec { + return v.OtherVulnerability } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } + +// GetVulnEqual returns __VulnEqualInput.VulnEqual, and is useful for accessing the field via an interface. +func (v *__VulnEqualInput) GetVulnEqual() VulnEqualInputSpec { return v.VulnEqual } + +// __VulnerabilitiesInput is used internally by genqlient +type __VulnerabilitiesInput struct { + Filter VulnerabilitySpec `json:"filter"` } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } + +// GetFilter returns __VulnerabilitiesInput.Filter, and is useful for accessing the field via an interface. +func (v *__VulnerabilitiesInput) GetFilter() VulnerabilitySpec { return v.Filter } + +// The query or mutation executed by Artifacts. +const Artifacts_Operation = ` +query Artifacts ($filter: ArtifactSpec!) { + artifacts(artifactSpec: $filter) { + ... AllArtifactTree } } fragment AllArtifactTree on Artifact { @@ -27867,23 +23347,21 @@ fragment AllArtifactTree on Artifact { } ` -func CertifyGoodArtifacts( +func Artifacts( ctx context.Context, client graphql.Client, - artifacts []ArtifactInputSpec, - certifyGoods []CertifyGoodInputSpec, -) (*CertifyGoodArtifactsResponse, error) { + filter ArtifactSpec, +) (*ArtifactsResponse, error) { req := &graphql.Request{ - OpName: "CertifyGoodArtifacts", - Query: CertifyGoodArtifacts_Operation, - Variables: &__CertifyGoodArtifactsInput{ - Artifacts: artifacts, - CertifyGoods: certifyGoods, + OpName: "Artifacts", + Query: Artifacts_Operation, + Variables: &__ArtifactsInput{ + Filter: filter, }, } var err error - var data CertifyGoodArtifactsResponse + var data ArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -27895,14 +23373,14 @@ func CertifyGoodArtifacts( return &data, err } -// The query or mutation executed by CertifyGoodPkg. -const CertifyGoodPkg_Operation = ` -mutation CertifyGoodPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $certifyGood: CertifyGoodInputSpec!) { - ingestCertifyGood(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, certifyGood: $certifyGood) { - ... AllCertifyGood +// The query or mutation executed by CertifyBadArtifact. +const CertifyBadArtifact_Operation = ` +mutation CertifyBadArtifact ($artifact: ArtifactInputSpec!, $certifyBad: CertifyBadInputSpec!) { + ingestCertifyBad(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBad: $certifyBad) { + ... AllCertifyBad } } -fragment AllCertifyGood on CertifyGood { +fragment AllCertifyBad on CertifyBad { id justification subject { @@ -27962,25 +23440,23 @@ fragment AllArtifactTree on Artifact { } ` -func CertifyGoodPkg( +func CertifyBadArtifact( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - pkgMatchType MatchFlags, - certifyGood CertifyGoodInputSpec, -) (*CertifyGoodPkgResponse, error) { + artifact ArtifactInputSpec, + certifyBad CertifyBadInputSpec, +) (*CertifyBadArtifactResponse, error) { req := &graphql.Request{ - OpName: "CertifyGoodPkg", - Query: CertifyGoodPkg_Operation, - Variables: &__CertifyGoodPkgInput{ - Pkg: pkg, - PkgMatchType: pkgMatchType, - CertifyGood: certifyGood, + OpName: "CertifyBadArtifact", + Query: CertifyBadArtifact_Operation, + Variables: &__CertifyBadArtifactInput{ + Artifact: artifact, + CertifyBad: certifyBad, }, } var err error - var data CertifyGoodPkgResponse + var data CertifyBadArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -27992,14 +23468,14 @@ func CertifyGoodPkg( return &data, err } -// The query or mutation executed by CertifyGoodPkgs. -const CertifyGoodPkgs_Operation = ` -mutation CertifyGoodPkgs ($pkgs: [PkgInputSpec!]!, $pkgMatchType: MatchFlags!, $certifyGoods: [CertifyGoodInputSpec!]!) { - ingestCertifyGoods(subjects: {packages:$pkgs}, pkgMatchType: $pkgMatchType, certifyGoods: $certifyGoods) { - ... AllCertifyGood +// The query or mutation executed by CertifyBadArtifacts. +const CertifyBadArtifacts_Operation = ` +mutation CertifyBadArtifacts ($artifacts: [ArtifactInputSpec!]!, $certifyBads: [CertifyBadInputSpec!]!) { + ingestCertifyBads(subjects: {artifacts:$artifacts}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBads: $certifyBads) { + ... AllCertifyBad } } -fragment AllCertifyGood on CertifyGood { +fragment AllCertifyBad on CertifyBad { id justification subject { @@ -28059,25 +23535,23 @@ fragment AllArtifactTree on Artifact { } ` -func CertifyGoodPkgs( +func CertifyBadArtifacts( ctx context.Context, client graphql.Client, - pkgs []PkgInputSpec, - pkgMatchType MatchFlags, - certifyGoods []CertifyGoodInputSpec, -) (*CertifyGoodPkgsResponse, error) { + artifacts []ArtifactInputSpec, + certifyBads []CertifyBadInputSpec, +) (*CertifyBadArtifactsResponse, error) { req := &graphql.Request{ - OpName: "CertifyGoodPkgs", - Query: CertifyGoodPkgs_Operation, - Variables: &__CertifyGoodPkgsInput{ - Pkgs: pkgs, - PkgMatchType: pkgMatchType, - CertifyGoods: certifyGoods, + OpName: "CertifyBadArtifacts", + Query: CertifyBadArtifacts_Operation, + Variables: &__CertifyBadArtifactsInput{ + Artifacts: artifacts, + CertifyBads: certifyBads, }, } var err error - var data CertifyGoodPkgsResponse + var data CertifyBadArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28089,14 +23563,14 @@ func CertifyGoodPkgs( return &data, err } -// The query or mutation executed by CertifyGoodSrc. -const CertifyGoodSrc_Operation = ` -mutation CertifyGoodSrc ($source: SourceInputSpec!, $certifyGood: CertifyGoodInputSpec!) { - ingestCertifyGood(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGood: $certifyGood) { - ... AllCertifyGood +// The query or mutation executed by CertifyBadPkg. +const CertifyBadPkg_Operation = ` +mutation CertifyBadPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $certifyBad: CertifyBadInputSpec!) { + ingestCertifyBad(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, certifyBad: $certifyBad) { + ... AllCertifyBad } } -fragment AllCertifyGood on CertifyGood { +fragment AllCertifyBad on CertifyBad { id justification subject { @@ -28156,23 +23630,25 @@ fragment AllArtifactTree on Artifact { } ` -func CertifyGoodSrc( +func CertifyBadPkg( ctx context.Context, client graphql.Client, - source SourceInputSpec, - certifyGood CertifyGoodInputSpec, -) (*CertifyGoodSrcResponse, error) { + pkg PkgInputSpec, + pkgMatchType MatchFlags, + certifyBad CertifyBadInputSpec, +) (*CertifyBadPkgResponse, error) { req := &graphql.Request{ - OpName: "CertifyGoodSrc", - Query: CertifyGoodSrc_Operation, - Variables: &__CertifyGoodSrcInput{ - Source: source, - CertifyGood: certifyGood, + OpName: "CertifyBadPkg", + Query: CertifyBadPkg_Operation, + Variables: &__CertifyBadPkgInput{ + Pkg: pkg, + PkgMatchType: pkgMatchType, + CertifyBad: certifyBad, }, } var err error - var data CertifyGoodSrcResponse + var data CertifyBadPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28184,14 +23660,14 @@ func CertifyGoodSrc( return &data, err } -// The query or mutation executed by CertifyGoodSrcs. -const CertifyGoodSrcs_Operation = ` -mutation CertifyGoodSrcs ($sources: [SourceInputSpec!]!, $certifyGoods: [CertifyGoodInputSpec!]!) { - ingestCertifyGoods(subjects: {sources:$sources}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGoods: $certifyGoods) { - ... AllCertifyGood +// The query or mutation executed by CertifyBadPkgs. +const CertifyBadPkgs_Operation = ` +mutation CertifyBadPkgs ($pkgs: [PkgInputSpec!]!, $pkgMatchType: MatchFlags!, $certifyBads: [CertifyBadInputSpec!]!) { + ingestCertifyBads(subjects: {packages:$pkgs}, pkgMatchType: $pkgMatchType, certifyBads: $certifyBads) { + ... AllCertifyBad } } -fragment AllCertifyGood on CertifyGood { +fragment AllCertifyBad on CertifyBad { id justification subject { @@ -28251,23 +23727,25 @@ fragment AllArtifactTree on Artifact { } ` -func CertifyGoodSrcs( +func CertifyBadPkgs( ctx context.Context, client graphql.Client, - sources []SourceInputSpec, - certifyGoods []CertifyGoodInputSpec, -) (*CertifyGoodSrcsResponse, error) { + pkgs []PkgInputSpec, + pkgMatchType MatchFlags, + certifyBads []CertifyBadInputSpec, +) (*CertifyBadPkgsResponse, error) { req := &graphql.Request{ - OpName: "CertifyGoodSrcs", - Query: CertifyGoodSrcs_Operation, - Variables: &__CertifyGoodSrcsInput{ - Sources: sources, - CertifyGoods: certifyGoods, + OpName: "CertifyBadPkgs", + Query: CertifyBadPkgs_Operation, + Variables: &__CertifyBadPkgsInput{ + Pkgs: pkgs, + PkgMatchType: pkgMatchType, + CertifyBads: certifyBads, }, } var err error - var data CertifyGoodSrcsResponse + var data CertifyBadPkgsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28279,42 +23757,30 @@ func CertifyGoodSrcs( return &data, err } -// The query or mutation executed by CertifyNoKnownVuln. -const CertifyNoKnownVuln_Operation = ` -mutation CertifyNoKnownVuln ($pkg: PkgInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {noVuln:true}, certifyVuln: $certifyVuln) { - ... AllCertifyVuln +// The query or mutation executed by CertifyBadSrc. +const CertifyBadSrc_Operation = ` +mutation CertifyBadSrc ($source: SourceInputSpec!, $certifyBad: CertifyBadInputSpec!) { + ingestCertifyBad(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBad: $certifyBad) { + ... AllCertifyBad } } -fragment AllCertifyVuln on CertifyVuln { +fragment AllCertifyBad on CertifyBad { id - package { - ... AllPkgTree - } - vulnerability { + justification + subject { __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree + ... on Package { + ... AllPkgTree } - ... on GHSA { - ... AllGHSATree + ... on Source { + ... AllSourceTree } - ... on NoVuln { - id + ... on Artifact { + ... AllArtifactTree } } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector - } + origin + collector } fragment AllPkgTree on Package { id @@ -28337,38 +23803,44 @@ fragment AllPkgTree on Package { } } } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllOSVTree on OSV { +fragment AllSourceTree on Source { id - osvId + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } } -fragment AllGHSATree on GHSA { +fragment AllArtifactTree on Artifact { id - ghsaId + algorithm + digest } ` -func CertifyNoKnownVuln( +func CertifyBadSrc( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - certifyVuln VulnerabilityMetaDataInput, -) (*CertifyNoKnownVulnResponse, error) { + source SourceInputSpec, + certifyBad CertifyBadInputSpec, +) (*CertifyBadSrcResponse, error) { req := &graphql.Request{ - OpName: "CertifyNoKnownVuln", - Query: CertifyNoKnownVuln_Operation, - Variables: &__CertifyNoKnownVulnInput{ - Pkg: pkg, - CertifyVuln: certifyVuln, + OpName: "CertifyBadSrc", + Query: CertifyBadSrc_Operation, + Variables: &__CertifyBadSrcInput{ + Source: source, + CertifyBad: certifyBad, }, } var err error - var data CertifyNoKnownVulnResponse + var data CertifyBadSrcResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28380,42 +23852,30 @@ func CertifyNoKnownVuln( return &data, err } -// The query or mutation executed by CertifyOSV. -const CertifyOSV_Operation = ` -mutation CertifyOSV ($pkg: PkgInputSpec!, $osv: OSVInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {osv:$osv}, certifyVuln: $certifyVuln) { - ... AllCertifyVuln +// The query or mutation executed by CertifyBadSrcs. +const CertifyBadSrcs_Operation = ` +mutation CertifyBadSrcs ($sources: [SourceInputSpec!]!, $certifyBads: [CertifyBadInputSpec!]!) { + ingestCertifyBads(subjects: {sources:$sources}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyBads: $certifyBads) { + ... AllCertifyBad } } -fragment AllCertifyVuln on CertifyVuln { +fragment AllCertifyBad on CertifyBad { id - package { - ... AllPkgTree - } - vulnerability { + justification + subject { __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree + ... on Package { + ... AllPkgTree } - ... on GHSA { - ... AllGHSATree + ... on Source { + ... AllSourceTree } - ... on NoVuln { - id + ... on Artifact { + ... AllArtifactTree } } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector - } + origin + collector } fragment AllPkgTree on Package { id @@ -28438,76 +23898,6 @@ fragment AllPkgTree on Package { } } } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -` - -func CertifyOSV( - ctx context.Context, - client graphql.Client, - pkg PkgInputSpec, - osv OSVInputSpec, - certifyVuln VulnerabilityMetaDataInput, -) (*CertifyOSVResponse, error) { - req := &graphql.Request{ - OpName: "CertifyOSV", - Query: CertifyOSV_Operation, - Variables: &__CertifyOSVInput{ - Pkg: pkg, - Osv: osv, - CertifyVuln: certifyVuln, - }, - } - var err error - - var data CertifyOSVResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by CertifyScorecard. -const CertifyScorecard_Operation = ` -mutation CertifyScorecard ($source: SourceInputSpec!, $scorecard: ScorecardInputSpec!) { - ingestScorecard(source: $source, scorecard: $scorecard) { - ... AllCertifyScorecard - } -} -fragment AllCertifyScorecard on CertifyScorecard { - id - source { - ... AllSourceTree - } - scorecard { - timeScanned - aggregateScore - checks { - check - score - } - scorecardVersion - scorecardCommit - origin - collector - } -} fragment AllSourceTree on Source { id type @@ -28522,94 +23912,30 @@ fragment AllSourceTree on Source { } } } -` - -func CertifyScorecard( - ctx context.Context, - client graphql.Client, - source SourceInputSpec, - scorecard ScorecardInputSpec, -) (*CertifyScorecardResponse, error) { - req := &graphql.Request{ - OpName: "CertifyScorecard", - Query: CertifyScorecard_Operation, - Variables: &__CertifyScorecardInput{ - Source: source, - Scorecard: scorecard, - }, - } - var err error - - var data CertifyScorecardResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by CertifyScorecards. -const CertifyScorecards_Operation = ` -mutation CertifyScorecards ($sources: [SourceInputSpec!]!, $scorecards: [ScorecardInputSpec!]!) { - ingestScorecards(sources: $sources, scorecards: $scorecards) { - ... AllCertifyScorecard - } -} -fragment AllCertifyScorecard on CertifyScorecard { - id - source { - ... AllSourceTree - } - scorecard { - timeScanned - aggregateScore - checks { - check - score - } - scorecardVersion - scorecardCommit - origin - collector - } -} -fragment AllSourceTree on Source { +fragment AllArtifactTree on Artifact { id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } + algorithm + digest } ` -func CertifyScorecards( +func CertifyBadSrcs( ctx context.Context, client graphql.Client, sources []SourceInputSpec, - scorecards []ScorecardInputSpec, -) (*CertifyScorecardsResponse, error) { - req := &graphql.Request{ - OpName: "CertifyScorecards", - Query: CertifyScorecards_Operation, - Variables: &__CertifyScorecardsInput{ - Sources: sources, - Scorecards: scorecards, + certifyBads []CertifyBadInputSpec, +) (*CertifyBadSrcsResponse, error) { + req := &graphql.Request{ + OpName: "CertifyBadSrcs", + Query: CertifyBadSrcs_Operation, + Variables: &__CertifyBadSrcsInput{ + Sources: sources, + CertifyBads: certifyBads, }, } var err error - var data CertifyScorecardsResponse + var data CertifyBadSrcsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28621,10 +23947,17 @@ func CertifyScorecards( return &data, err } -// The query or mutation executed by FindSoftware. -const FindSoftware_Operation = ` -query FindSoftware ($searchText: String!) { - findSoftware(searchText: $searchText) { +// The query or mutation executed by CertifyBads. +const CertifyBads_Operation = ` +query CertifyBads ($filter: CertifyBadSpec!) { + CertifyBad(certifyBadSpec: $filter) { + ... AllCertifyBad + } +} +fragment AllCertifyBad on CertifyBad { + id + justification + subject { __typename ... on Package { ... AllPkgTree @@ -28636,6 +23969,8 @@ query FindSoftware ($searchText: String!) { ... AllArtifactTree } } + origin + collector } fragment AllPkgTree on Package { id @@ -28679,60 +24014,21 @@ fragment AllArtifactTree on Artifact { } ` -func FindSoftware( - ctx context.Context, - client graphql.Client, - searchText string, -) (*FindSoftwareResponse, error) { - req := &graphql.Request{ - OpName: "FindSoftware", - Query: FindSoftware_Operation, - Variables: &__FindSoftwareInput{ - SearchText: searchText, - }, - } - var err error - - var data FindSoftwareResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by GHSAs. -const GHSAs_Operation = ` -query GHSAs ($filter: GHSASpec!) { - ghsa(ghsaSpec: $filter) { - ... AllGHSATree - } -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -` - -func GHSAs( +func CertifyBads( ctx context.Context, client graphql.Client, - filter GHSASpec, -) (*GHSAsResponse, error) { + filter CertifyBadSpec, +) (*CertifyBadsResponse, error) { req := &graphql.Request{ - OpName: "GHSAs", - Query: GHSAs_Operation, - Variables: &__GHSAsInput{ + OpName: "CertifyBads", + Query: CertifyBads_Operation, + Variables: &__CertifyBadsInput{ Filter: filter, }, } var err error - var data GHSAsResponse + var data CertifyBadsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28744,15 +24040,16 @@ func GHSAs( return &data, err } -// The query or mutation executed by HasMetadataArtifact. -const HasMetadataArtifact_Operation = ` -mutation HasMetadataArtifact ($artifact: ArtifactInputSpec!, $hasMetadata: HasMetadataInputSpec!) { - ingestHasMetadata(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, hasMetadata: $hasMetadata) { - ... AllHasMetadata +// The query or mutation executed by CertifyGoodArtifact. +const CertifyGoodArtifact_Operation = ` +mutation CertifyGoodArtifact ($artifact: ArtifactInputSpec!, $certifyGood: CertifyGoodInputSpec!) { + ingestCertifyGood(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGood: $certifyGood) { + ... AllCertifyGood } } -fragment AllHasMetadata on HasMetadata { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename ... on Package { @@ -28765,10 +24062,6 @@ fragment AllHasMetadata on HasMetadata { ... AllArtifactTree } } - key - value - timestamp - justification origin collector } @@ -28814,23 +24107,23 @@ fragment AllArtifactTree on Artifact { } ` -func HasMetadataArtifact( +func CertifyGoodArtifact( ctx context.Context, client graphql.Client, artifact ArtifactInputSpec, - hasMetadata HasMetadataInputSpec, -) (*HasMetadataArtifactResponse, error) { + certifyGood CertifyGoodInputSpec, +) (*CertifyGoodArtifactResponse, error) { req := &graphql.Request{ - OpName: "HasMetadataArtifact", - Query: HasMetadataArtifact_Operation, - Variables: &__HasMetadataArtifactInput{ + OpName: "CertifyGoodArtifact", + Query: CertifyGoodArtifact_Operation, + Variables: &__CertifyGoodArtifactInput{ Artifact: artifact, - HasMetadata: hasMetadata, + CertifyGood: certifyGood, }, } var err error - var data HasMetadataArtifactResponse + var data CertifyGoodArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28842,15 +24135,16 @@ func HasMetadataArtifact( return &data, err } -// The query or mutation executed by HasMetadataPkg. -const HasMetadataPkg_Operation = ` -mutation HasMetadataPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $hasMetadata: HasMetadataInputSpec!) { - ingestHasMetadata(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, hasMetadata: $hasMetadata) { - ... AllHasMetadata +// The query or mutation executed by CertifyGoodArtifacts. +const CertifyGoodArtifacts_Operation = ` +mutation CertifyGoodArtifacts ($artifacts: [ArtifactInputSpec!]!, $certifyGoods: [CertifyGoodInputSpec!]!) { + ingestCertifyGoods(subjects: {artifacts:$artifacts}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGoods: $certifyGoods) { + ... AllCertifyGood } } -fragment AllHasMetadata on HasMetadata { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename ... on Package { @@ -28863,10 +24157,6 @@ fragment AllHasMetadata on HasMetadata { ... AllArtifactTree } } - key - value - timestamp - justification origin collector } @@ -28912,25 +24202,23 @@ fragment AllArtifactTree on Artifact { } ` -func HasMetadataPkg( +func CertifyGoodArtifacts( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - pkgMatchType MatchFlags, - hasMetadata HasMetadataInputSpec, -) (*HasMetadataPkgResponse, error) { + artifacts []ArtifactInputSpec, + certifyGoods []CertifyGoodInputSpec, +) (*CertifyGoodArtifactsResponse, error) { req := &graphql.Request{ - OpName: "HasMetadataPkg", - Query: HasMetadataPkg_Operation, - Variables: &__HasMetadataPkgInput{ - Pkg: pkg, - PkgMatchType: pkgMatchType, - HasMetadata: hasMetadata, + OpName: "CertifyGoodArtifacts", + Query: CertifyGoodArtifacts_Operation, + Variables: &__CertifyGoodArtifactsInput{ + Artifacts: artifacts, + CertifyGoods: certifyGoods, }, } var err error - var data HasMetadataPkgResponse + var data CertifyGoodArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -28942,15 +24230,16 @@ func HasMetadataPkg( return &data, err } -// The query or mutation executed by HasMetadataSrc. -const HasMetadataSrc_Operation = ` -mutation HasMetadataSrc ($source: SourceInputSpec!, $hasMetadata: HasMetadataInputSpec!) { - ingestHasMetadata(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, hasMetadata: $hasMetadata) { - ... AllHasMetadata +// The query or mutation executed by CertifyGoodPkg. +const CertifyGoodPkg_Operation = ` +mutation CertifyGoodPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $certifyGood: CertifyGoodInputSpec!) { + ingestCertifyGood(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, certifyGood: $certifyGood) { + ... AllCertifyGood } } -fragment AllHasMetadata on HasMetadata { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename ... on Package { @@ -28963,10 +24252,6 @@ fragment AllHasMetadata on HasMetadata { ... AllArtifactTree } } - key - value - timestamp - justification origin collector } @@ -29012,23 +24297,25 @@ fragment AllArtifactTree on Artifact { } ` -func HasMetadataSrc( +func CertifyGoodPkg( ctx context.Context, client graphql.Client, - source SourceInputSpec, - hasMetadata HasMetadataInputSpec, -) (*HasMetadataSrcResponse, error) { + pkg PkgInputSpec, + pkgMatchType MatchFlags, + certifyGood CertifyGoodInputSpec, +) (*CertifyGoodPkgResponse, error) { req := &graphql.Request{ - OpName: "HasMetadataSrc", - Query: HasMetadataSrc_Operation, - Variables: &__HasMetadataSrcInput{ - Source: source, - HasMetadata: hasMetadata, + OpName: "CertifyGoodPkg", + Query: CertifyGoodPkg_Operation, + Variables: &__CertifyGoodPkgInput{ + Pkg: pkg, + PkgMatchType: pkgMatchType, + CertifyGood: certifyGood, }, } var err error - var data HasMetadataSrcResponse + var data CertifyGoodPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29040,36 +24327,31 @@ func HasMetadataSrc( return &data, err } -// The query or mutation executed by HasSBOMArtifact. -const HasSBOMArtifact_Operation = ` -mutation HasSBOMArtifact ($artifact: ArtifactInputSpec!, $hasSBOM: HasSBOMInputSpec!) { - ingestHasSBOM(subject: {artifact:$artifact}, hasSBOM: $hasSBOM) { - ... AllHasSBOMTree +// The query or mutation executed by CertifyGoodPkgs. +const CertifyGoodPkgs_Operation = ` +mutation CertifyGoodPkgs ($pkgs: [PkgInputSpec!]!, $pkgMatchType: MatchFlags!, $certifyGoods: [CertifyGoodInputSpec!]!) { + ingestCertifyGoods(subjects: {packages:$pkgs}, pkgMatchType: $pkgMatchType, certifyGoods: $certifyGoods) { + ... AllCertifyGood } } -fragment AllHasSBOMTree on HasSBOM { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename - ... on Artifact { - ... AllArtifactTree - } ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } } - uri - algorithm - digest - downloadLocation origin collector } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} fragment AllPkgTree on Package { id type @@ -29091,25 +24373,46 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func HasSBOMArtifact( +func CertifyGoodPkgs( ctx context.Context, client graphql.Client, - artifact ArtifactInputSpec, - hasSBOM HasSBOMInputSpec, -) (*HasSBOMArtifactResponse, error) { + pkgs []PkgInputSpec, + pkgMatchType MatchFlags, + certifyGoods []CertifyGoodInputSpec, +) (*CertifyGoodPkgsResponse, error) { req := &graphql.Request{ - OpName: "HasSBOMArtifact", - Query: HasSBOMArtifact_Operation, - Variables: &__HasSBOMArtifactInput{ - Artifact: artifact, - HasSBOM: hasSBOM, + OpName: "CertifyGoodPkgs", + Query: CertifyGoodPkgs_Operation, + Variables: &__CertifyGoodPkgsInput{ + Pkgs: pkgs, + PkgMatchType: pkgMatchType, + CertifyGoods: certifyGoods, }, } var err error - var data HasSBOMArtifactResponse + var data CertifyGoodPkgsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29121,36 +24424,31 @@ func HasSBOMArtifact( return &data, err } -// The query or mutation executed by HasSBOMArtifacts. -const HasSBOMArtifacts_Operation = ` -mutation HasSBOMArtifacts ($artifacts: [ArtifactInputSpec!]!, $hasSBOMs: [HasSBOMInputSpec!]!) { - ingestHasSBOMs(subjects: {artifacts:$artifacts}, hasSBOMs: $hasSBOMs) { - ... AllHasSBOMTree +// The query or mutation executed by CertifyGoodSrc. +const CertifyGoodSrc_Operation = ` +mutation CertifyGoodSrc ($source: SourceInputSpec!, $certifyGood: CertifyGoodInputSpec!) { + ingestCertifyGood(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGood: $certifyGood) { + ... AllCertifyGood } } -fragment AllHasSBOMTree on HasSBOM { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename - ... on Artifact { - ... AllArtifactTree - } ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } } - uri - algorithm - digest - downloadLocation origin collector } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} fragment AllPkgTree on Package { id type @@ -29172,25 +24470,44 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func HasSBOMArtifacts( +func CertifyGoodSrc( ctx context.Context, client graphql.Client, - artifacts []ArtifactInputSpec, - hasSBOMs []HasSBOMInputSpec, -) (*HasSBOMArtifactsResponse, error) { + source SourceInputSpec, + certifyGood CertifyGoodInputSpec, +) (*CertifyGoodSrcResponse, error) { req := &graphql.Request{ - OpName: "HasSBOMArtifacts", - Query: HasSBOMArtifacts_Operation, - Variables: &__HasSBOMArtifactsInput{ - Artifacts: artifacts, - HasSBOMs: hasSBOMs, + OpName: "CertifyGoodSrc", + Query: CertifyGoodSrc_Operation, + Variables: &__CertifyGoodSrcInput{ + Source: source, + CertifyGood: certifyGood, }, } var err error - var data HasSBOMArtifactsResponse + var data CertifyGoodSrcResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29202,36 +24519,31 @@ func HasSBOMArtifacts( return &data, err } -// The query or mutation executed by HasSBOMPkg. -const HasSBOMPkg_Operation = ` -mutation HasSBOMPkg ($pkg: PkgInputSpec!, $hasSBOM: HasSBOMInputSpec!) { - ingestHasSBOM(subject: {package:$pkg}, hasSBOM: $hasSBOM) { - ... AllHasSBOMTree +// The query or mutation executed by CertifyGoodSrcs. +const CertifyGoodSrcs_Operation = ` +mutation CertifyGoodSrcs ($sources: [SourceInputSpec!]!, $certifyGoods: [CertifyGoodInputSpec!]!) { + ingestCertifyGoods(subjects: {sources:$sources}, pkgMatchType: {pkg:ALL_VERSIONS}, certifyGoods: $certifyGoods) { + ... AllCertifyGood } } -fragment AllHasSBOMTree on HasSBOM { +fragment AllCertifyGood on CertifyGood { id + justification subject { __typename - ... on Artifact { - ... AllArtifactTree - } ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } } - uri - algorithm - digest - downloadLocation origin collector } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} fragment AllPkgTree on Package { id type @@ -29253,25 +24565,44 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func HasSBOMPkg( +func CertifyGoodSrcs( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - hasSBOM HasSBOMInputSpec, -) (*HasSBOMPkgResponse, error) { + sources []SourceInputSpec, + certifyGoods []CertifyGoodInputSpec, +) (*CertifyGoodSrcsResponse, error) { req := &graphql.Request{ - OpName: "HasSBOMPkg", - Query: HasSBOMPkg_Operation, - Variables: &__HasSBOMPkgInput{ - Pkg: pkg, - HasSBOM: hasSBOM, + OpName: "CertifyGoodSrcs", + Query: CertifyGoodSrcs_Operation, + Variables: &__CertifyGoodSrcsInput{ + Sources: sources, + CertifyGoods: certifyGoods, }, } var err error - var data HasSBOMPkgResponse + var data CertifyGoodSrcsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29283,37 +24614,32 @@ func HasSBOMPkg( return &data, err } -// The query or mutation executed by HasSBOMPkgs. -const HasSBOMPkgs_Operation = ` -mutation HasSBOMPkgs ($pkgs: [PkgInputSpec!]!, $hasSBOMs: [HasSBOMInputSpec!]!) { - ingestHasSBOMs(subjects: {packages:$pkgs}, hasSBOMs: $hasSBOMs) { - ... AllHasSBOMTree +// The query or mutation executed by CertifyScorecard. +const CertifyScorecard_Operation = ` +mutation CertifyScorecard ($source: SourceInputSpec!, $scorecard: ScorecardInputSpec!) { + ingestScorecard(source: $source, scorecard: $scorecard) { + ... AllCertifyScorecard } } -fragment AllHasSBOMTree on HasSBOM { +fragment AllCertifyScorecard on CertifyScorecard { id - subject { - __typename - ... on Artifact { - ... AllArtifactTree - } - ... on Package { - ... AllPkgTree + source { + ... AllSourceTree + } + scorecard { + timeScanned + aggregateScore + checks { + check + score } + scorecardVersion + scorecardCommit + origin + collector } - uri - algorithm - digest - downloadLocation - origin - collector -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest } -fragment AllPkgTree on Package { +fragment AllSourceTree on Source { id type namespaces { @@ -29322,37 +24648,30 @@ fragment AllPkgTree on Package { names { id name - versions { - id - version - qualifiers { - key - value - } - subpath - } + tag + commit } } } ` -func HasSBOMPkgs( +func CertifyScorecard( ctx context.Context, client graphql.Client, - pkgs []PkgInputSpec, - hasSBOMs []HasSBOMInputSpec, -) (*HasSBOMPkgsResponse, error) { + source SourceInputSpec, + scorecard ScorecardInputSpec, +) (*CertifyScorecardResponse, error) { req := &graphql.Request{ - OpName: "HasSBOMPkgs", - Query: HasSBOMPkgs_Operation, - Variables: &__HasSBOMPkgsInput{ - Pkgs: pkgs, - HasSBOMs: hasSBOMs, + OpName: "CertifyScorecard", + Query: CertifyScorecard_Operation, + Variables: &__CertifyScorecardInput{ + Source: source, + Scorecard: scorecard, }, } var err error - var data HasSBOMPkgsResponse + var data CertifyScorecardResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29364,45 +24683,29 @@ func HasSBOMPkgs( return &data, err } -// The query or mutation executed by HasSourceAt. -const HasSourceAt_Operation = ` -mutation HasSourceAt ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $source: SourceInputSpec!, $hasSourceAt: HasSourceAtInputSpec!) { - ingestHasSourceAt(pkg: $pkg, pkgMatchType: $pkgMatchType, source: $source, hasSourceAt: $hasSourceAt) { - ... AllHasSourceAt +// The query or mutation executed by CertifyScorecards. +const CertifyScorecards_Operation = ` +mutation CertifyScorecards ($sources: [SourceInputSpec!]!, $scorecards: [ScorecardInputSpec!]!) { + ingestScorecards(sources: $sources, scorecards: $scorecards) { + ... AllCertifyScorecard } } -fragment AllHasSourceAt on HasSourceAt { +fragment AllCertifyScorecard on CertifyScorecard { id - justification - knownSince - package { - ... AllPkgTree - } source { ... AllSourceTree } - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } + scorecard { + timeScanned + aggregateScore + checks { + check + score } + scorecardVersion + scorecardCommit + origin + collector } } fragment AllSourceTree on Source { @@ -29421,27 +24724,23 @@ fragment AllSourceTree on Source { } ` -func HasSourceAt( +func CertifyScorecards( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - pkgMatchType MatchFlags, - source SourceInputSpec, - hasSourceAt HasSourceAtInputSpec, -) (*HasSourceAtResponse, error) { + sources []SourceInputSpec, + scorecards []ScorecardInputSpec, +) (*CertifyScorecardsResponse, error) { req := &graphql.Request{ - OpName: "HasSourceAt", - Query: HasSourceAt_Operation, - Variables: &__HasSourceAtInput{ - Pkg: pkg, - PkgMatchType: pkgMatchType, - Source: source, - HasSourceAt: hasSourceAt, + OpName: "CertifyScorecards", + Query: CertifyScorecards_Operation, + Variables: &__CertifyScorecardsInput{ + Sources: sources, + Scorecards: scorecards, }, } var err error - var data HasSourceAtResponse + var data CertifyScorecardsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29453,48 +24752,90 @@ func HasSourceAt( return &data, err } -// The query or mutation executed by HashEqual. -const HashEqual_Operation = ` -mutation HashEqual ($artifact: ArtifactInputSpec!, $otherArtifact: ArtifactInputSpec!, $hashEqual: HashEqualInputSpec!) { - ingestHashEqual(artifact: $artifact, otherArtifact: $otherArtifact, hashEqual: $hashEqual) { - ... AllHashEqualTree +// The query or mutation executed by CertifyVexArtifact. +const CertifyVexArtifact_Operation = ` +mutation CertifyVexArtifact ($artifact: ArtifactInputSpec!, $vulnerability: VulnerabilityInputSpec!, $vexStatement: VexStatementInputSpec!) { + ingestVEXStatement(subject: {artifact:$artifact}, vulnerability: $vulnerability, vexStatement: $vexStatement) { + ... AllCertifyVEXStatement } } -fragment AllHashEqualTree on HashEqual { +fragment AllCertifyVEXStatement on CertifyVEXStatement { id - justification - artifacts { - ... AllArtifactTree + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Artifact { + ... AllArtifactTree + } + } + vulnerability { + ... AllVulnerabilityTree } + status + vexJustification + statement + statusNotes + knownSince origin collector } +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} fragment AllArtifactTree on Artifact { id algorithm digest } +fragment AllVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } +} ` -func HashEqual( +func CertifyVexArtifact( ctx context.Context, client graphql.Client, artifact ArtifactInputSpec, - otherArtifact ArtifactInputSpec, - hashEqual HashEqualInputSpec, -) (*HashEqualResponse, error) { + vulnerability VulnerabilityInputSpec, + vexStatement VexStatementInputSpec, +) (*CertifyVexArtifactResponse, error) { req := &graphql.Request{ - OpName: "HashEqual", - Query: HashEqual_Operation, - Variables: &__HashEqualInput{ + OpName: "CertifyVexArtifact", + Query: CertifyVexArtifact_Operation, + Variables: &__CertifyVexArtifactInput{ Artifact: artifact, - OtherArtifact: otherArtifact, - HashEqual: hashEqual, + Vulnerability: vulnerability, + VexStatement: vexStatement, }, } var err error - var data HashEqualResponse + var data CertifyVexArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29506,48 +24847,90 @@ func HashEqual( return &data, err } -// The query or mutation executed by HashEquals. -const HashEquals_Operation = ` -mutation HashEquals ($artifacts: [ArtifactInputSpec!]!, $otherArtifacts: [ArtifactInputSpec!]!, $hashEquals: [HashEqualInputSpec!]!) { - ingestHashEquals(artifacts: $artifacts, otherArtifacts: $otherArtifacts, hashEquals: $hashEquals) { - ... AllHashEqualTree +// The query or mutation executed by CertifyVexPkg. +const CertifyVexPkg_Operation = ` +mutation CertifyVexPkg ($pkg: PkgInputSpec!, $vulnerability: VulnerabilityInputSpec!, $vexStatement: VexStatementInputSpec!) { + ingestVEXStatement(subject: {package:$pkg}, vulnerability: $vulnerability, vexStatement: $vexStatement) { + ... AllCertifyVEXStatement } } -fragment AllHashEqualTree on HashEqual { +fragment AllCertifyVEXStatement on CertifyVEXStatement { id - justification - artifacts { - ... AllArtifactTree + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Artifact { + ... AllArtifactTree + } + } + vulnerability { + ... AllVulnerabilityTree } + status + vexJustification + statement + statusNotes + knownSince origin collector } +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} fragment AllArtifactTree on Artifact { id algorithm digest } +fragment AllVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } +} ` -func HashEquals( +func CertifyVexPkg( ctx context.Context, client graphql.Client, - artifacts []ArtifactInputSpec, - otherArtifacts []ArtifactInputSpec, - hashEquals []HashEqualInputSpec, -) (*HashEqualsResponse, error) { + pkg PkgInputSpec, + vulnerability VulnerabilityInputSpec, + vexStatement VexStatementInputSpec, +) (*CertifyVexPkgResponse, error) { req := &graphql.Request{ - OpName: "HashEquals", - Query: HashEquals_Operation, - Variables: &__HashEqualsInput{ - Artifacts: artifacts, - OtherArtifacts: otherArtifacts, - HashEquals: hashEquals, + OpName: "CertifyVexPkg", + Query: CertifyVexPkg_Operation, + Variables: &__CertifyVexPkgInput{ + Pkg: pkg, + Vulnerability: vulnerability, + VexStatement: vexStatement, }, } var err error - var data HashEqualsResponse + var data CertifyVexPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29559,35 +24942,81 @@ func HashEquals( return &data, err } -// The query or mutation executed by IngestArtifact. -const IngestArtifact_Operation = ` -mutation IngestArtifact ($artifact: ArtifactInputSpec!) { - ingestArtifact(artifact: $artifact) { - ... AllArtifactTree +// The query or mutation executed by CertifyVulnPkg. +const CertifyVulnPkg_Operation = ` +mutation CertifyVulnPkg ($pkg: PkgInputSpec!, $vulnerability: VulnerabilityInputSpec!, $certifyVuln: ScanMetadataInput!) { + ingestCertifyVuln(pkg: $pkg, vulnerability: $vulnerability, certifyVuln: $certifyVuln) { + ... AllCertifyVuln } } -fragment AllArtifactTree on Artifact { +fragment AllCertifyVuln on CertifyVuln { id - algorithm - digest + package { + ... AllPkgTree + } + vulnerability { + ... AllVulnerabilityTree + } + metadata { + dbUri + dbVersion + scannerUri + scannerVersion + timeScanned + origin + collector + } +} +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } } ` -func IngestArtifact( +func CertifyVulnPkg( ctx context.Context, client graphql.Client, - artifact ArtifactInputSpec, -) (*IngestArtifactResponse, error) { + pkg PkgInputSpec, + vulnerability VulnerabilityInputSpec, + certifyVuln ScanMetadataInput, +) (*CertifyVulnPkgResponse, error) { req := &graphql.Request{ - OpName: "IngestArtifact", - Query: IngestArtifact_Operation, - Variables: &__IngestArtifactInput{ - Artifact: artifact, + OpName: "CertifyVulnPkg", + Query: CertifyVulnPkg_Operation, + Variables: &__CertifyVulnPkgInput{ + Pkg: pkg, + Vulnerability: vulnerability, + CertifyVuln: certifyVuln, }, } var err error - var data IngestArtifactResponse + var data CertifyVulnPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29599,11 +25028,55 @@ func IngestArtifact( return &data, err } -// The query or mutation executed by IngestArtifacts. -const IngestArtifacts_Operation = ` -mutation IngestArtifacts ($artifacts: [ArtifactInputSpec!]!) { - ingestArtifacts(artifacts: $artifacts) { - ... AllArtifactTree +// The query or mutation executed by FindSoftware. +const FindSoftware_Operation = ` +query FindSoftware ($searchText: String!) { + findSoftware(searchText: $searchText) { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } +} +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } } } fragment AllArtifactTree on Artifact { @@ -29613,21 +25086,21 @@ fragment AllArtifactTree on Artifact { } ` -func IngestArtifacts( +func FindSoftware( ctx context.Context, client graphql.Client, - artifacts []ArtifactInputSpec, -) (*IngestArtifactsResponse, error) { + searchText string, +) (*FindSoftwareResponse, error) { req := &graphql.Request{ - OpName: "IngestArtifacts", - Query: IngestArtifacts_Operation, - Variables: &__IngestArtifactsInput{ - Artifacts: artifacts, + OpName: "FindSoftware", + Query: FindSoftware_Operation, + Variables: &__FindSoftwareInput{ + SearchText: searchText, }, } var err error - var data IngestArtifactsResponse + var data FindSoftwareResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29639,30 +25112,93 @@ func IngestArtifacts( return &data, err } -// The query or mutation executed by IngestBuilder. -const IngestBuilder_Operation = ` -mutation IngestBuilder ($builder: BuilderInputSpec!) { - ingestBuilder(builder: $builder) { - uri +// The query or mutation executed by HasMetadataArtifact. +const HasMetadataArtifact_Operation = ` +mutation HasMetadataArtifact ($artifact: ArtifactInputSpec!, $hasMetadata: HasMetadataInputSpec!) { + ingestHasMetadata(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, hasMetadata: $hasMetadata) { + ... AllHasMetadata + } +} +fragment AllHasMetadata on HasMetadata { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + key + value + timestamp + justification + origin + collector +} +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } } } +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func IngestBuilder( +func HasMetadataArtifact( ctx context.Context, client graphql.Client, - builder BuilderInputSpec, -) (*IngestBuilderResponse, error) { + artifact ArtifactInputSpec, + hasMetadata HasMetadataInputSpec, +) (*HasMetadataArtifactResponse, error) { req := &graphql.Request{ - OpName: "IngestBuilder", - Query: IngestBuilder_Operation, - Variables: &__IngestBuilderInput{ - Builder: builder, + OpName: "HasMetadataArtifact", + Query: HasMetadataArtifact_Operation, + Variables: &__HasMetadataArtifactInput{ + Artifact: artifact, + HasMetadata: hasMetadata, }, } var err error - var data IngestBuilderResponse + var data HasMetadataArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29674,30 +25210,95 @@ func IngestBuilder( return &data, err } -// The query or mutation executed by IngestBuilders. -const IngestBuilders_Operation = ` -mutation IngestBuilders ($builders: [BuilderInputSpec!]!) { - ingestBuilders(builders: $builders) { - uri +// The query or mutation executed by HasMetadataPkg. +const HasMetadataPkg_Operation = ` +mutation HasMetadataPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $hasMetadata: HasMetadataInputSpec!) { + ingestHasMetadata(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, hasMetadata: $hasMetadata) { + ... AllHasMetadata + } +} +fragment AllHasMetadata on HasMetadata { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + key + value + timestamp + justification + origin + collector +} +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } } } +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func IngestBuilders( +func HasMetadataPkg( ctx context.Context, client graphql.Client, - builders []BuilderInputSpec, -) (*IngestBuildersResponse, error) { + pkg PkgInputSpec, + pkgMatchType MatchFlags, + hasMetadata HasMetadataInputSpec, +) (*HasMetadataPkgResponse, error) { req := &graphql.Request{ - OpName: "IngestBuilders", - Query: IngestBuilders_Operation, - Variables: &__IngestBuildersInput{ - Builders: builders, + OpName: "HasMetadataPkg", + Query: HasMetadataPkg_Operation, + Variables: &__HasMetadataPkgInput{ + Pkg: pkg, + PkgMatchType: pkgMatchType, + HasMetadata: hasMetadata, }, } var err error - var data IngestBuildersResponse + var data HasMetadataPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29709,35 +25310,93 @@ func IngestBuilders( return &data, err } -// The query or mutation executed by IngestCVE. -const IngestCVE_Operation = ` -mutation IngestCVE ($cve: CVEInputSpec!) { - ingestCVE(cve: $cve) { - ... AllCveTree +// The query or mutation executed by HasMetadataSrc. +const HasMetadataSrc_Operation = ` +mutation HasMetadataSrc ($source: SourceInputSpec!, $hasMetadata: HasMetadataInputSpec!) { + ingestHasMetadata(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, hasMetadata: $hasMetadata) { + ... AllHasMetadata + } +} +fragment AllHasMetadata on HasMetadata { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + key + value + timestamp + justification + origin + collector +} +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } } } -fragment AllCveTree on CVE { +fragment AllArtifactTree on Artifact { id - year - cveId + algorithm + digest } ` -func IngestCVE( +func HasMetadataSrc( ctx context.Context, client graphql.Client, - cve CVEInputSpec, -) (*IngestCVEResponse, error) { + source SourceInputSpec, + hasMetadata HasMetadataInputSpec, +) (*HasMetadataSrcResponse, error) { req := &graphql.Request{ - OpName: "IngestCVE", - Query: IngestCVE_Operation, - Variables: &__IngestCVEInput{ - Cve: cve, + OpName: "HasMetadataSrc", + Query: HasMetadataSrc_Operation, + Variables: &__HasMetadataSrcInput{ + Source: source, + HasMetadata: hasMetadata, }, } var err error - var data IngestCVEResponse + var data HasMetadataSrcResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29749,74 +25408,76 @@ func IngestCVE( return &data, err } -// The query or mutation executed by IngestCVEs. -const IngestCVEs_Operation = ` -mutation IngestCVEs ($cves: [CVEInputSpec!]!) { - ingestCVEs(cves: $cves) { - ... AllCveTree +// The query or mutation executed by HasSBOMArtifact. +const HasSBOMArtifact_Operation = ` +mutation HasSBOMArtifact ($artifact: ArtifactInputSpec!, $hasSBOM: HasSBOMInputSpec!) { + ingestHasSBOM(subject: {artifact:$artifact}, hasSBOM: $hasSBOM) { + ... AllHasSBOMTree } } -fragment AllCveTree on CVE { +fragment AllHasSBOMTree on HasSBOM { id - year - cveId -} -` - -func IngestCVEs( - ctx context.Context, - client graphql.Client, - cves []CVEInputSpec, -) (*IngestCVEsResponse, error) { - req := &graphql.Request{ - OpName: "IngestCVEs", - Query: IngestCVEs_Operation, - Variables: &__IngestCVEsInput{ - Cves: cves, - }, + subject { + __typename + ... on Artifact { + ... AllArtifactTree + } + ... on Package { + ... AllPkgTree + } } - var err error - - var data IngestCVEsResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err + uri + algorithm + digest + downloadLocation + origin + collector } - -// The query or mutation executed by IngestGHSA. -const IngestGHSA_Operation = ` -mutation IngestGHSA ($ghsa: GHSAInputSpec!) { - ingestGHSA(ghsa: $ghsa) { - ... AllGHSATree - } +fragment AllArtifactTree on Artifact { + id + algorithm + digest } -fragment AllGHSATree on GHSA { +fragment AllPkgTree on Package { id - ghsaId + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } } ` -func IngestGHSA( +func HasSBOMArtifact( ctx context.Context, client graphql.Client, - ghsa GHSAInputSpec, -) (*IngestGHSAResponse, error) { + artifact ArtifactInputSpec, + hasSBOM HasSBOMInputSpec, +) (*HasSBOMArtifactResponse, error) { req := &graphql.Request{ - OpName: "IngestGHSA", - Query: IngestGHSA_Operation, - Variables: &__IngestGHSAInput{ - Ghsa: ghsa, + OpName: "HasSBOMArtifact", + Query: HasSBOMArtifact_Operation, + Variables: &__HasSBOMArtifactInput{ + Artifact: artifact, + HasSBOM: hasSBOM, }, } var err error - var data IngestGHSAResponse + var data HasSBOMArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29828,73 +25489,76 @@ func IngestGHSA( return &data, err } -// The query or mutation executed by IngestGHSAs. -const IngestGHSAs_Operation = ` -mutation IngestGHSAs ($ghsas: [GHSAInputSpec!]!) { - ingestGHSAs(ghsas: $ghsas) { - ... AllGHSATree +// The query or mutation executed by HasSBOMArtifacts. +const HasSBOMArtifacts_Operation = ` +mutation HasSBOMArtifacts ($artifacts: [ArtifactInputSpec!]!, $hasSBOMs: [HasSBOMInputSpec!]!) { + ingestHasSBOMs(subjects: {artifacts:$artifacts}, hasSBOMs: $hasSBOMs) { + ... AllHasSBOMTree } } -fragment AllGHSATree on GHSA { +fragment AllHasSBOMTree on HasSBOM { id - ghsaId -} -` - -func IngestGHSAs( - ctx context.Context, - client graphql.Client, - ghsas []GHSAInputSpec, -) (*IngestGHSAsResponse, error) { - req := &graphql.Request{ - OpName: "IngestGHSAs", - Query: IngestGHSAs_Operation, - Variables: &__IngestGHSAsInput{ - Ghsas: ghsas, - }, + subject { + __typename + ... on Artifact { + ... AllArtifactTree + } + ... on Package { + ... AllPkgTree + } } - var err error - - var data IngestGHSAsResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err + uri + algorithm + digest + downloadLocation + origin + collector } - -// The query or mutation executed by IngestOSV. -const IngestOSV_Operation = ` -mutation IngestOSV ($osv: OSVInputSpec!) { - ingestOSV(osv: $osv) { - ... AllOSVTree - } +fragment AllArtifactTree on Artifact { + id + algorithm + digest } -fragment AllOSVTree on OSV { +fragment AllPkgTree on Package { id - osvId + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } } ` -func IngestOSV( +func HasSBOMArtifacts( ctx context.Context, client graphql.Client, - osv OSVInputSpec, -) (*IngestOSVResponse, error) { + artifacts []ArtifactInputSpec, + hasSBOMs []HasSBOMInputSpec, +) (*HasSBOMArtifactsResponse, error) { req := &graphql.Request{ - OpName: "IngestOSV", - Query: IngestOSV_Operation, - Variables: &__IngestOSVInput{ - Osv: osv, + OpName: "HasSBOMArtifacts", + Query: HasSBOMArtifacts_Operation, + Variables: &__HasSBOMArtifactsInput{ + Artifacts: artifacts, + HasSBOMs: hasSBOMs, }, } var err error - var data IngestOSVResponse + var data HasSBOMArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29906,34 +25570,76 @@ func IngestOSV( return &data, err } -// The query or mutation executed by IngestOSVs. -const IngestOSVs_Operation = ` -mutation IngestOSVs ($osvs: [OSVInputSpec!]!) { - ingestOSVs(osvs: $osvs) { - ... AllOSVTree +// The query or mutation executed by HasSBOMPkg. +const HasSBOMPkg_Operation = ` +mutation HasSBOMPkg ($pkg: PkgInputSpec!, $hasSBOM: HasSBOMInputSpec!) { + ingestHasSBOM(subject: {package:$pkg}, hasSBOM: $hasSBOM) { + ... AllHasSBOMTree + } +} +fragment AllHasSBOMTree on HasSBOM { + id + subject { + __typename + ... on Artifact { + ... AllArtifactTree + } + ... on Package { + ... AllPkgTree + } } + uri + algorithm + digest + downloadLocation + origin + collector +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest } -fragment AllOSVTree on OSV { +fragment AllPkgTree on Package { id - osvId + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } } ` -func IngestOSVs( +func HasSBOMPkg( ctx context.Context, client graphql.Client, - osvs []OSVInputSpec, -) (*IngestOSVsResponse, error) { + pkg PkgInputSpec, + hasSBOM HasSBOMInputSpec, +) (*HasSBOMPkgResponse, error) { req := &graphql.Request{ - OpName: "IngestOSVs", - Query: IngestOSVs_Operation, - Variables: &__IngestOSVsInput{ - Osvs: osvs, + OpName: "HasSBOMPkg", + Query: HasSBOMPkg_Operation, + Variables: &__HasSBOMPkgInput{ + Pkg: pkg, + HasSBOM: hasSBOM, }, } var err error - var data IngestOSVsResponse + var data HasSBOMPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -29945,12 +25651,35 @@ func IngestOSVs( return &data, err } -// The query or mutation executed by IngestPackage. -const IngestPackage_Operation = ` -mutation IngestPackage ($pkg: PkgInputSpec!) { - ingestPackage(pkg: $pkg) { - ... AllPkgTree +// The query or mutation executed by HasSBOMPkgs. +const HasSBOMPkgs_Operation = ` +mutation HasSBOMPkgs ($pkgs: [PkgInputSpec!]!, $hasSBOMs: [HasSBOMInputSpec!]!) { + ingestHasSBOMs(subjects: {packages:$pkgs}, hasSBOMs: $hasSBOMs) { + ... AllHasSBOMTree + } +} +fragment AllHasSBOMTree on HasSBOM { + id + subject { + __typename + ... on Artifact { + ... AllArtifactTree + } + ... on Package { + ... AllPkgTree + } } + uri + algorithm + digest + downloadLocation + origin + collector +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest } fragment AllPkgTree on Package { id @@ -29975,21 +25704,23 @@ fragment AllPkgTree on Package { } ` -func IngestPackage( +func HasSBOMPkgs( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, -) (*IngestPackageResponse, error) { + pkgs []PkgInputSpec, + hasSBOMs []HasSBOMInputSpec, +) (*HasSBOMPkgsResponse, error) { req := &graphql.Request{ - OpName: "IngestPackage", - Query: IngestPackage_Operation, - Variables: &__IngestPackageInput{ - Pkg: pkg, + OpName: "HasSBOMPkgs", + Query: HasSBOMPkgs_Operation, + Variables: &__HasSBOMPkgsInput{ + Pkgs: pkgs, + HasSBOMs: hasSBOMs, }, } var err error - var data IngestPackageResponse + var data HasSBOMPkgsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30001,12 +25732,25 @@ func IngestPackage( return &data, err } -// The query or mutation executed by IngestPackages. -const IngestPackages_Operation = ` -mutation IngestPackages ($pkgs: [PkgInputSpec!]!) { - ingestPackages(pkgs: $pkgs) { +// The query or mutation executed by HasSourceAt. +const HasSourceAt_Operation = ` +mutation HasSourceAt ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $source: SourceInputSpec!, $hasSourceAt: HasSourceAtInputSpec!) { + ingestHasSourceAt(pkg: $pkg, pkgMatchType: $pkgMatchType, source: $source, hasSourceAt: $hasSourceAt) { + ... AllHasSourceAt + } +} +fragment AllHasSourceAt on HasSourceAt { + id + justification + knownSince + package { ... AllPkgTree } + source { + ... AllSourceTree + } + origin + collector } fragment AllPkgTree on Package { id @@ -30029,23 +25773,43 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} ` -func IngestPackages( +func HasSourceAt( ctx context.Context, client graphql.Client, - pkgs []PkgInputSpec, -) (*IngestPackagesResponse, error) { + pkg PkgInputSpec, + pkgMatchType MatchFlags, + source SourceInputSpec, + hasSourceAt HasSourceAtInputSpec, +) (*HasSourceAtResponse, error) { req := &graphql.Request{ - OpName: "IngestPackages", - Query: IngestPackages_Operation, - Variables: &__IngestPackagesInput{ - Pkgs: pkgs, + OpName: "HasSourceAt", + Query: HasSourceAt_Operation, + Variables: &__HasSourceAtInput{ + Pkg: pkg, + PkgMatchType: pkgMatchType, + Source: source, + HasSourceAt: hasSourceAt, }, } var err error - var data IngestPackagesResponse + var data HasSourceAtResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30057,44 +25821,48 @@ func IngestPackages( return &data, err } -// The query or mutation executed by IngestSource. -const IngestSource_Operation = ` -mutation IngestSource ($source: SourceInputSpec!) { - ingestSource(source: $source) { - ... AllSourceTree +// The query or mutation executed by HashEqual. +const HashEqual_Operation = ` +mutation HashEqual ($artifact: ArtifactInputSpec!, $otherArtifact: ArtifactInputSpec!, $hashEqual: HashEqualInputSpec!) { + ingestHashEqual(artifact: $artifact, otherArtifact: $otherArtifact, hashEqual: $hashEqual) { + ... AllHashEqualTree } } -fragment AllSourceTree on Source { +fragment AllHashEqualTree on HashEqual { id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } + justification + artifacts { + ... AllArtifactTree } + origin + collector +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest } ` -func IngestSource( +func HashEqual( ctx context.Context, client graphql.Client, - source SourceInputSpec, -) (*IngestSourceResponse, error) { + artifact ArtifactInputSpec, + otherArtifact ArtifactInputSpec, + hashEqual HashEqualInputSpec, +) (*HashEqualResponse, error) { req := &graphql.Request{ - OpName: "IngestSource", - Query: IngestSource_Operation, - Variables: &__IngestSourceInput{ - Source: source, + OpName: "HashEqual", + Query: HashEqual_Operation, + Variables: &__HashEqualInput{ + Artifact: artifact, + OtherArtifact: otherArtifact, + HashEqual: hashEqual, }, } var err error - var data IngestSourceResponse + var data HashEqualResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30106,44 +25874,48 @@ func IngestSource( return &data, err } -// The query or mutation executed by IngestSources. -const IngestSources_Operation = ` -mutation IngestSources ($sources: [SourceInputSpec!]!) { - ingestSources(sources: $sources) { - ... AllSourceTree +// The query or mutation executed by HashEquals. +const HashEquals_Operation = ` +mutation HashEquals ($artifacts: [ArtifactInputSpec!]!, $otherArtifacts: [ArtifactInputSpec!]!, $hashEquals: [HashEqualInputSpec!]!) { + ingestHashEquals(artifacts: $artifacts, otherArtifacts: $otherArtifacts, hashEquals: $hashEquals) { + ... AllHashEqualTree } } -fragment AllSourceTree on Source { +fragment AllHashEqualTree on HashEqual { id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } + justification + artifacts { + ... AllArtifactTree } + origin + collector +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest } ` -func IngestSources( +func HashEquals( ctx context.Context, client graphql.Client, - sources []SourceInputSpec, -) (*IngestSourcesResponse, error) { + artifacts []ArtifactInputSpec, + otherArtifacts []ArtifactInputSpec, + hashEquals []HashEqualInputSpec, +) (*HashEqualsResponse, error) { req := &graphql.Request{ - OpName: "IngestSources", - Query: IngestSources_Operation, - Variables: &__IngestSourcesInput{ - Sources: sources, + OpName: "HashEquals", + Query: HashEquals_Operation, + Variables: &__HashEqualsInput{ + Artifacts: artifacts, + OtherArtifacts: otherArtifacts, + HashEquals: hashEquals, }, } var err error - var data IngestSourcesResponse + var data HashEqualsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30155,69 +25927,75 @@ func IngestSources( return &data, err } -// The query or mutation executed by IsDependencies. -const IsDependencies_Operation = ` -mutation IsDependencies ($pkgs: [PkgInputSpec!]!, $depPkgs: [PkgInputSpec!]!, $dependencies: [IsDependencyInputSpec!]!) { - ingestDependencies(pkgs: $pkgs, depPkgs: $depPkgs, dependencies: $dependencies) { - ... AllIsDependencyTree +// The query or mutation executed by IngestArtifact. +const IngestArtifact_Operation = ` +mutation IngestArtifact ($artifact: ArtifactInputSpec!) { + ingestArtifact(artifact: $artifact) { + ... AllArtifactTree } } -fragment AllIsDependencyTree on IsDependency { +fragment AllArtifactTree on Artifact { id - justification - package { - ... AllPkgTree - } - dependentPackage { - ... AllPkgTree + algorithm + digest +} +` + +func IngestArtifact( + ctx context.Context, + client graphql.Client, + artifact ArtifactInputSpec, +) (*IngestArtifactResponse, error) { + req := &graphql.Request{ + OpName: "IngestArtifact", + Query: IngestArtifact_Operation, + Variables: &__IngestArtifactInput{ + Artifact: artifact, + }, } - dependencyType - versionRange - origin - collector + var err error + + var data IngestArtifactResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err } -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } + +// The query or mutation executed by IngestArtifacts. +const IngestArtifacts_Operation = ` +mutation IngestArtifacts ($artifacts: [ArtifactInputSpec!]!) { + ingestArtifacts(artifacts: $artifacts) { + ... AllArtifactTree } } +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func IsDependencies( +func IngestArtifacts( ctx context.Context, client graphql.Client, - pkgs []PkgInputSpec, - depPkgs []PkgInputSpec, - dependencies []IsDependencyInputSpec, -) (*IsDependenciesResponse, error) { + artifacts []ArtifactInputSpec, +) (*IngestArtifactsResponse, error) { req := &graphql.Request{ - OpName: "IsDependencies", - Query: IsDependencies_Operation, - Variables: &__IsDependenciesInput{ - Pkgs: pkgs, - DepPkgs: depPkgs, - Dependencies: dependencies, + OpName: "IngestArtifacts", + Query: IngestArtifacts_Operation, + Variables: &__IngestArtifactsInput{ + Artifacts: artifacts, }, } var err error - var data IsDependenciesResponse + var data IngestArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30229,69 +26007,30 @@ func IsDependencies( return &data, err } -// The query or mutation executed by IsDependency. -const IsDependency_Operation = ` -mutation IsDependency ($pkg: PkgInputSpec!, $depPkg: PkgInputSpec!, $dependency: IsDependencyInputSpec!) { - ingestDependency(pkg: $pkg, depPkg: $depPkg, dependency: $dependency) { - ... AllIsDependencyTree - } -} -fragment AllIsDependencyTree on IsDependency { - id - justification - package { - ... AllPkgTree - } - dependentPackage { - ... AllPkgTree - } - dependencyType - versionRange - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } +// The query or mutation executed by IngestBuilder. +const IngestBuilder_Operation = ` +mutation IngestBuilder ($builder: BuilderInputSpec!) { + ingestBuilder(builder: $builder) { + uri } } ` -func IsDependency( +func IngestBuilder( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - depPkg PkgInputSpec, - dependency IsDependencyInputSpec, -) (*IsDependencyResponse, error) { + builder BuilderInputSpec, +) (*IngestBuilderResponse, error) { req := &graphql.Request{ - OpName: "IsDependency", - Query: IsDependency_Operation, - Variables: &__IsDependencyInput{ - Pkg: pkg, - DepPkg: depPkg, - Dependency: dependency, + OpName: "IngestBuilder", + Query: IngestBuilder_Operation, + Variables: &__IngestBuilderInput{ + Builder: builder, }, } var err error - var data IsDependencyResponse + var data IngestBuilderResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30303,92 +26042,30 @@ func IsDependency( return &data, err } -// The query or mutation executed by IsOccurrencePkg. -const IsOccurrencePkg_Operation = ` -mutation IsOccurrencePkg ($pkg: PkgInputSpec!, $artifact: ArtifactInputSpec!, $occurrence: IsOccurrenceInputSpec!) { - ingestOccurrence(subject: {package:$pkg}, artifact: $artifact, occurrence: $occurrence) { - ... AllIsOccurrencesTree - } -} -fragment AllIsOccurrencesTree on IsOccurrence { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - } - artifact { - ... AllArtifactTree - } - justification - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } - } -} -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } +// The query or mutation executed by IngestBuilders. +const IngestBuilders_Operation = ` +mutation IngestBuilders ($builders: [BuilderInputSpec!]!) { + ingestBuilders(builders: $builders) { + uri } } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func IsOccurrencePkg( +func IngestBuilders( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - artifact ArtifactInputSpec, - occurrence IsOccurrenceInputSpec, -) (*IsOccurrencePkgResponse, error) { + builders []BuilderInputSpec, +) (*IngestBuildersResponse, error) { req := &graphql.Request{ - OpName: "IsOccurrencePkg", - Query: IsOccurrencePkg_Operation, - Variables: &__IsOccurrencePkgInput{ - Pkg: pkg, - Artifact: artifact, - Occurrence: occurrence, + OpName: "IngestBuilders", + Query: IngestBuilders_Operation, + Variables: &__IngestBuildersInput{ + Builders: builders, }, } var err error - var data IsOccurrencePkgResponse + var data IngestBuildersResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30400,30 +26077,12 @@ func IsOccurrencePkg( return &data, err } -// The query or mutation executed by IsOccurrenceSrc. -const IsOccurrenceSrc_Operation = ` -mutation IsOccurrenceSrc ($source: SourceInputSpec!, $artifact: ArtifactInputSpec!, $occurrence: IsOccurrenceInputSpec!) { - ingestOccurrence(subject: {source:$source}, artifact: $artifact, occurrence: $occurrence) { - ... AllIsOccurrencesTree - } -} -fragment AllIsOccurrencesTree on IsOccurrence { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - } - artifact { - ... AllArtifactTree +// The query or mutation executed by IngestPackage. +const IngestPackage_Operation = ` +mutation IngestPackage ($pkg: PkgInputSpec!) { + ingestPackage(pkg: $pkg) { + ... AllPkgTree } - justification - origin - collector } fragment AllPkgTree on Package { id @@ -30446,46 +26105,23 @@ fragment AllPkgTree on Package { } } } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func IsOccurrenceSrc( +func IngestPackage( ctx context.Context, client graphql.Client, - source SourceInputSpec, - artifact ArtifactInputSpec, - occurrence IsOccurrenceInputSpec, -) (*IsOccurrenceSrcResponse, error) { + pkg PkgInputSpec, +) (*IngestPackageResponse, error) { req := &graphql.Request{ - OpName: "IsOccurrenceSrc", - Query: IsOccurrenceSrc_Operation, - Variables: &__IsOccurrenceSrcInput{ - Source: source, - Artifact: artifact, - Occurrence: occurrence, + OpName: "IngestPackage", + Query: IngestPackage_Operation, + Variables: &__IngestPackageInput{ + Pkg: pkg, }, } var err error - var data IsOccurrenceSrcResponse + var data IngestPackageResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30494,33 +26130,15 @@ func IsOccurrenceSrc( resp, ) - return &data, err -} - -// The query or mutation executed by IsOccurrencesPkg. -const IsOccurrencesPkg_Operation = ` -mutation IsOccurrencesPkg ($pkgs: [PkgInputSpec!]!, $artifacts: [ArtifactInputSpec!]!, $occurrences: [IsOccurrenceInputSpec!]!) { - ingestOccurrences(subjects: {packages:$pkgs}, artifacts: $artifacts, occurrences: $occurrences) { - ... AllIsOccurrencesTree - } + return &data, err } -fragment AllIsOccurrencesTree on IsOccurrence { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - } - artifact { - ... AllArtifactTree + +// The query or mutation executed by IngestPackages. +const IngestPackages_Operation = ` +mutation IngestPackages ($pkgs: [PkgInputSpec!]!) { + ingestPackages(pkgs: $pkgs) { + ... AllPkgTree } - justification - origin - collector } fragment AllPkgTree on Package { id @@ -30543,6 +26161,41 @@ fragment AllPkgTree on Package { } } } +` + +func IngestPackages( + ctx context.Context, + client graphql.Client, + pkgs []PkgInputSpec, +) (*IngestPackagesResponse, error) { + req := &graphql.Request{ + OpName: "IngestPackages", + Query: IngestPackages_Operation, + Variables: &__IngestPackagesInput{ + Pkgs: pkgs, + }, + } + var err error + + var data IngestPackagesResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err +} + +// The query or mutation executed by IngestSource. +const IngestSource_Operation = ` +mutation IngestSource ($source: SourceInputSpec!) { + ingestSource(source: $source) { + ... AllSourceTree + } +} fragment AllSourceTree on Source { id type @@ -30557,32 +26210,23 @@ fragment AllSourceTree on Source { } } } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func IsOccurrencesPkg( +func IngestSource( ctx context.Context, client graphql.Client, - pkgs []PkgInputSpec, - artifacts []ArtifactInputSpec, - occurrences []IsOccurrenceInputSpec, -) (*IsOccurrencesPkgResponse, error) { + source SourceInputSpec, +) (*IngestSourceResponse, error) { req := &graphql.Request{ - OpName: "IsOccurrencesPkg", - Query: IsOccurrencesPkg_Operation, - Variables: &__IsOccurrencesPkgInput{ - Pkgs: pkgs, - Artifacts: artifacts, - Occurrences: occurrences, + OpName: "IngestSource", + Query: IngestSource_Operation, + Variables: &__IngestSourceInput{ + Source: source, }, } var err error - var data IsOccurrencesPkgResponse + var data IngestSourceResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30594,50 +26238,11 @@ func IsOccurrencesPkg( return &data, err } -// The query or mutation executed by IsOccurrencesSrc. -const IsOccurrencesSrc_Operation = ` -mutation IsOccurrencesSrc ($sources: [SourceInputSpec!]!, $artifacts: [ArtifactInputSpec!]!, $occurrences: [IsOccurrenceInputSpec!]!) { - ingestOccurrences(subjects: {sources:$sources}, artifacts: $artifacts, occurrences: $occurrences) { - ... AllIsOccurrencesTree - } -} -fragment AllIsOccurrencesTree on IsOccurrence { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - } - artifact { - ... AllArtifactTree - } - justification - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } +// The query or mutation executed by IngestSources. +const IngestSources_Operation = ` +mutation IngestSources ($sources: [SourceInputSpec!]!) { + ingestSources(sources: $sources) { + ... AllSourceTree } } fragment AllSourceTree on Source { @@ -30654,32 +26259,23 @@ fragment AllSourceTree on Source { } } } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func IsOccurrencesSrc( +func IngestSources( ctx context.Context, client graphql.Client, sources []SourceInputSpec, - artifacts []ArtifactInputSpec, - occurrences []IsOccurrenceInputSpec, -) (*IsOccurrencesSrcResponse, error) { +) (*IngestSourcesResponse, error) { req := &graphql.Request{ - OpName: "IsOccurrencesSrc", - Query: IsOccurrencesSrc_Operation, - Variables: &__IsOccurrencesSrcInput{ - Sources: sources, - Artifacts: artifacts, - Occurrences: occurrences, + OpName: "IngestSources", + Query: IngestSources_Operation, + Variables: &__IngestSourcesInput{ + Sources: sources, }, } var err error - var data IsOccurrencesSrcResponse + var data IngestSourcesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30691,65 +26287,38 @@ func IsOccurrencesSrc( return &data, err } -// The query or mutation executed by IsVulnerabilityCVE. -const IsVulnerabilityCVE_Operation = ` -mutation IsVulnerabilityCVE ($osv: OSVInputSpec!, $cve: CVEInputSpec!, $isVulnerability: IsVulnerabilityInputSpec!) { - ingestIsVulnerability(osv: $osv, vulnerability: {cve:$cve}, isVulnerability: $isVulnerability) { - ... AllIsVulnerability +// The query or mutation executed by IngestVulnerabilities. +const IngestVulnerabilities_Operation = ` +mutation IngestVulnerabilities ($vulns: [VulnerabilityInputSpec!]!) { + ingestVulnerabilities(vulns: $vulns) { + ... AllVulnerabilityTree } } -fragment AllIsVulnerability on IsVulnerability { +fragment AllVulnerabilityTree on Vulnerability { id - osv { - ... AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } + type + vulnerabilityIDs { + id + vulnerabilityID } - justification - origin - collector -} -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId } ` -func IsVulnerabilityCVE( +func IngestVulnerabilities( ctx context.Context, client graphql.Client, - osv OSVInputSpec, - cve CVEInputSpec, - isVulnerability IsVulnerabilityInputSpec, -) (*IsVulnerabilityCVEResponse, error) { + vulns []VulnerabilityInputSpec, +) (*IngestVulnerabilitiesResponse, error) { req := &graphql.Request{ - OpName: "IsVulnerabilityCVE", - Query: IsVulnerabilityCVE_Operation, - Variables: &__IsVulnerabilityCVEInput{ - Osv: osv, - Cve: cve, - IsVulnerability: isVulnerability, + OpName: "IngestVulnerabilities", + Query: IngestVulnerabilities_Operation, + Variables: &__IngestVulnerabilitiesInput{ + Vulns: vulns, }, } var err error - var data IsVulnerabilityCVEResponse + var data IngestVulnerabilitiesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30761,65 +26330,38 @@ func IsVulnerabilityCVE( return &data, err } -// The query or mutation executed by IsVulnerabilityGHSA. -const IsVulnerabilityGHSA_Operation = ` -mutation IsVulnerabilityGHSA ($osv: OSVInputSpec!, $ghsa: GHSAInputSpec!, $isVulnerability: IsVulnerabilityInputSpec!) { - ingestIsVulnerability(osv: $osv, vulnerability: {ghsa:$ghsa}, isVulnerability: $isVulnerability) { - ... AllIsVulnerability +// The query or mutation executed by IngestVulnerability. +const IngestVulnerability_Operation = ` +mutation IngestVulnerability ($vuln: VulnerabilityInputSpec!) { + ingestVulnerability(vuln: $vuln) { + ... AllVulnerabilityTree } } -fragment AllIsVulnerability on IsVulnerability { +fragment AllVulnerabilityTree on Vulnerability { id - osv { - ... AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } + type + vulnerabilityIDs { + id + vulnerabilityID } - justification - origin - collector -} -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId } ` -func IsVulnerabilityGHSA( +func IngestVulnerability( ctx context.Context, client graphql.Client, - osv OSVInputSpec, - ghsa GHSAInputSpec, - isVulnerability IsVulnerabilityInputSpec, -) (*IsVulnerabilityGHSAResponse, error) { + vuln VulnerabilityInputSpec, +) (*IngestVulnerabilityResponse, error) { req := &graphql.Request{ - OpName: "IsVulnerabilityGHSA", - Query: IsVulnerabilityGHSA_Operation, - Variables: &__IsVulnerabilityGHSAInput{ - Osv: osv, - Ghsa: ghsa, - IsVulnerability: isVulnerability, + OpName: "IngestVulnerability", + Query: IngestVulnerability_Operation, + Variables: &__IngestVulnerabilityInput{ + Vuln: vuln, }, } var err error - var data IsVulnerabilityGHSAResponse + var data IngestVulnerabilityResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -30831,81 +26373,26 @@ func IsVulnerabilityGHSA( return &data, err } -// The query or mutation executed by Neighbors. -const Neighbors_Operation = ` -query Neighbors ($node: ID!, $usingOnly: [Edge!]!) { - neighbors(node: $node, usingOnly: $usingOnly) { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - ... on Builder { - ... AllBuilderTree - } - ... on OSV { - ... AllOSVTree - } - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } - ... on CertifyScorecard { - ... AllCertifyScorecard - } - ... on PkgEqual { - ... AllPkgEqual - } - ... on IsOccurrence { - ... AllIsOccurrencesTree - } - ... on IsDependency { - ... AllIsDependencyTree - } - ... on HasSLSA { - ... AllSLSATree - } - ... on CertifyBad { - ... AllCertifyBad - } - ... on CertifyGood { - ... AllCertifyGood - } - ... on HashEqual { - ... AllHashEqualTree - } - ... on HasSBOM { - ... AllHasSBOMTree - } - ... on HasSourceAt { - ... AllHasSourceAt - } - ... on PointOfContact { - ... AllPointOfContact - } - ... on CertifyVuln { - ... AllCertifyVuln - } - ... on IsVulnerability { - ... AllIsVulnerability - } - ... on CertifyVEXStatement { - ... AllCertifyVEXStatement - } - ... on Builder { - ... AllBuilderTree - } +// The query or mutation executed by IsDependencies. +const IsDependencies_Operation = ` +mutation IsDependencies ($pkgs: [PkgInputSpec!]!, $depPkgs: [PkgInputSpec!]!, $dependencies: [IsDependencyInputSpec!]!) { + ingestDependencies(pkgs: $pkgs, depPkgs: $depPkgs, dependencies: $dependencies) { + ... AllIsDependencyTree + } +} +fragment AllIsDependencyTree on IsDependency { + id + justification + package { + ... AllPkgTree } + dependentPackage { + ... AllPkgTree + } + dependencyType + versionRange + origin + collector } fragment AllPkgTree on Package { id @@ -30928,86 +26415,44 @@ fragment AllPkgTree on Package { } } } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} -fragment AllBuilderTree on Builder { - id - uri -} -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllCertifyScorecard on CertifyScorecard { - id - source { - ... AllSourceTree - } - scorecard { - timeScanned - aggregateScore - checks { - check - score - } - scorecardVersion - scorecardCommit - origin - collector - } -} -fragment AllPkgEqual on PkgEqual { - id - justification - packages { - ... AllPkgTree +` + +func IsDependencies( + ctx context.Context, + client graphql.Client, + pkgs []PkgInputSpec, + depPkgs []PkgInputSpec, + dependencies []IsDependencyInputSpec, +) (*IsDependenciesResponse, error) { + req := &graphql.Request{ + OpName: "IsDependencies", + Query: IsDependencies_Operation, + Variables: &__IsDependenciesInput{ + Pkgs: pkgs, + DepPkgs: depPkgs, + Dependencies: dependencies, + }, } - origin - collector + var err error + + var data IsDependenciesResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err } -fragment AllIsOccurrencesTree on IsOccurrence { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - } - artifact { - ... AllArtifactTree + +// The query or mutation executed by IsDependency. +const IsDependency_Operation = ` +mutation IsDependency ($pkg: PkgInputSpec!, $depPkg: PkgInputSpec!, $dependency: IsDependencyInputSpec!) { + ingestDependency(pkg: $pkg, depPkg: $depPkg, dependency: $dependency) { + ... AllIsDependencyTree } - justification - origin - collector } fragment AllIsDependencyTree on IsDependency { id @@ -31023,108 +26468,67 @@ fragment AllIsDependencyTree on IsDependency { origin collector } -fragment AllSLSATree on HasSLSA { +fragment AllPkgTree on Package { id - subject { - ... AllArtifactTree - } - slsa { - builtFrom { - ... AllArtifactTree - } - builtBy { + type + namespaces { + id + namespace + names { id - uri - } - buildType - slsaPredicate { - key - value - } - slsaVersion - startedOn - finishedOn - origin - collector - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllCertifyGood on CertifyGood { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllHashEqualTree on HashEqual { - id - justification - artifacts { - ... AllArtifactTree - } - origin - collector -} -fragment AllHasSBOMTree on HasSBOM { - id - subject { - __typename - ... on Artifact { - ... AllArtifactTree - } - ... on Package { - ... AllPkgTree + name + versions { + id + version + qualifiers { + key + value + } + subpath + } } } - uri - algorithm - digest - downloadLocation - origin - collector } -fragment AllHasSourceAt on HasSourceAt { - id - justification - knownSince - package { - ... AllPkgTree +` + +func IsDependency( + ctx context.Context, + client graphql.Client, + pkg PkgInputSpec, + depPkg PkgInputSpec, + dependency IsDependencyInputSpec, +) (*IsDependencyResponse, error) { + req := &graphql.Request{ + OpName: "IsDependency", + Query: IsDependency_Operation, + Variables: &__IsDependencyInput{ + Pkg: pkg, + DepPkg: depPkg, + Dependency: dependency, + }, } - source { - ... AllSourceTree + var err error + + var data IsDependencyResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err +} + +// The query or mutation executed by IsOccurrencePkg. +const IsOccurrencePkg_Operation = ` +mutation IsOccurrencePkg ($pkg: PkgInputSpec!, $artifact: ArtifactInputSpec!, $occurrence: IsOccurrenceInputSpec!) { + ingestOccurrence(subject: {package:$pkg}, artifact: $artifact, occurrence: $occurrence) { + ... AllIsOccurrencesTree } - origin - collector } -fragment AllPointOfContact on PointOfContact { +fragment AllIsOccurrencesTree on IsOccurrence { id subject { __typename @@ -31134,115 +26538,172 @@ fragment AllPointOfContact on PointOfContact { ... on Source { ... AllSourceTree } - ... on Artifact { - ... AllArtifactTree - } } - email - info - since + artifact { + ... AllArtifactTree + } justification origin collector } -fragment AllCertifyVuln on CertifyVuln { +fragment AllPkgTree on Package { id - package { - ... AllPkgTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { + type + namespaces { + id + namespace + names { id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } } } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } } } -fragment AllIsVulnerability on IsVulnerability { +fragment AllArtifactTree on Artifact { id - osv { - ... AllOSVTree + algorithm + digest +} +` + +func IsOccurrencePkg( + ctx context.Context, + client graphql.Client, + pkg PkgInputSpec, + artifact ArtifactInputSpec, + occurrence IsOccurrenceInputSpec, +) (*IsOccurrencePkgResponse, error) { + req := &graphql.Request{ + OpName: "IsOccurrencePkg", + Query: IsOccurrencePkg_Operation, + Variables: &__IsOccurrencePkgInput{ + Pkg: pkg, + Artifact: artifact, + Occurrence: occurrence, + }, } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } + var err error + + var data IsOccurrencePkgResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err +} + +// The query or mutation executed by IsOccurrenceSrc. +const IsOccurrenceSrc_Operation = ` +mutation IsOccurrenceSrc ($source: SourceInputSpec!, $artifact: ArtifactInputSpec!, $occurrence: IsOccurrenceInputSpec!) { + ingestOccurrence(subject: {source:$source}, artifact: $artifact, occurrence: $occurrence) { + ... AllIsOccurrencesTree } - justification - origin - collector } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllIsOccurrencesTree on IsOccurrence { id subject { __typename ... on Package { ... AllPkgTree } - ... on Artifact { - ... AllArtifactTree + ... on Source { + ... AllSourceTree } } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } + artifact { + ... AllArtifactTree } - status - vexJustification - statement - statusNotes - knownSince + justification origin collector } +fragment AllPkgTree on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } +} +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} ` -func Neighbors( +func IsOccurrenceSrc( ctx context.Context, client graphql.Client, - node string, - usingOnly []Edge, -) (*NeighborsResponse, error) { + source SourceInputSpec, + artifact ArtifactInputSpec, + occurrence IsOccurrenceInputSpec, +) (*IsOccurrenceSrcResponse, error) { req := &graphql.Request{ - OpName: "Neighbors", - Query: Neighbors_Operation, - Variables: &__NeighborsInput{ - Node: node, - UsingOnly: usingOnly, + OpName: "IsOccurrenceSrc", + Query: IsOccurrenceSrc_Operation, + Variables: &__IsOccurrenceSrcInput{ + Source: source, + Artifact: artifact, + Occurrence: occurrence, }, } var err error - var data NeighborsResponse + var data IsOccurrenceSrcResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -31254,81 +26715,30 @@ func Neighbors( return &data, err } -// The query or mutation executed by Node. -const Node_Operation = ` -query Node ($node: ID!) { - node(node: $node) { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - ... on Builder { - ... AllBuilderTree - } - ... on OSV { - ... AllOSVTree - } - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } - ... on CertifyScorecard { - ... AllCertifyScorecard - } - ... on PkgEqual { - ... AllPkgEqual - } - ... on IsOccurrence { - ... AllIsOccurrencesTree - } - ... on IsDependency { - ... AllIsDependencyTree - } - ... on HasSLSA { - ... AllSLSATree - } - ... on CertifyBad { - ... AllCertifyBad - } - ... on CertifyGood { - ... AllCertifyGood - } - ... on HashEqual { - ... AllHashEqualTree - } - ... on HasSBOM { - ... AllHasSBOMTree - } - ... on HasSourceAt { - ... AllHasSourceAt - } - ... on PointOfContact { - ... AllPointOfContact - } - ... on CertifyVuln { - ... AllCertifyVuln - } - ... on IsVulnerability { - ... AllIsVulnerability - } - ... on CertifyVEXStatement { - ... AllCertifyVEXStatement +// The query or mutation executed by IsOccurrencesPkg. +const IsOccurrencesPkg_Operation = ` +mutation IsOccurrencesPkg ($pkgs: [PkgInputSpec!]!, $artifacts: [ArtifactInputSpec!]!, $occurrences: [IsOccurrenceInputSpec!]!) { + ingestOccurrences(subjects: {packages:$pkgs}, artifacts: $artifacts, occurrences: $occurrences) { + ... AllIsOccurrencesTree + } +} +fragment AllIsOccurrencesTree on IsOccurrence { + id + subject { + __typename + ... on Package { + ... AllPkgTree } - ... on Builder { - ... AllBuilderTree + ... on Source { + ... AllSourceTree } } + artifact { + ... AllArtifactTree + } + justification + origin + collector } fragment AllPkgTree on Package { id @@ -31370,49 +26780,44 @@ fragment AllArtifactTree on Artifact { algorithm digest } -fragment AllBuilderTree on Builder { - id - uri -} -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllCertifyScorecard on CertifyScorecard { - id - source { - ... AllSourceTree - } - scorecard { - timeScanned - aggregateScore - checks { - check - score - } - scorecardVersion - scorecardCommit - origin - collector +` + +func IsOccurrencesPkg( + ctx context.Context, + client graphql.Client, + pkgs []PkgInputSpec, + artifacts []ArtifactInputSpec, + occurrences []IsOccurrenceInputSpec, +) (*IsOccurrencesPkgResponse, error) { + req := &graphql.Request{ + OpName: "IsOccurrencesPkg", + Query: IsOccurrencesPkg_Operation, + Variables: &__IsOccurrencesPkgInput{ + Pkgs: pkgs, + Artifacts: artifacts, + Occurrences: occurrences, + }, } + var err error + + var data IsOccurrencesPkgResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err } -fragment AllPkgEqual on PkgEqual { - id - justification - packages { - ... AllPkgTree + +// The query or mutation executed by IsOccurrencesSrc. +const IsOccurrencesSrc_Operation = ` +mutation IsOccurrencesSrc ($sources: [SourceInputSpec!]!, $artifacts: [ArtifactInputSpec!]!, $occurrences: [IsOccurrenceInputSpec!]!) { + ingestOccurrences(subjects: {sources:$sources}, artifacts: $artifacts, occurrences: $occurrences) { + ... AllIsOccurrencesTree } - origin - collector } fragment AllIsOccurrencesTree on IsOccurrence { id @@ -31432,238 +26837,67 @@ fragment AllIsOccurrencesTree on IsOccurrence { origin collector } -fragment AllIsDependencyTree on IsDependency { - id - justification - package { - ... AllPkgTree - } - dependentPackage { - ... AllPkgTree - } - dependencyType - versionRange - origin - collector -} -fragment AllSLSATree on HasSLSA { - id - subject { - ... AllArtifactTree - } - slsa { - builtFrom { - ... AllArtifactTree - } - builtBy { - id - uri - } - buildType - slsaPredicate { - key - value - } - slsaVersion - startedOn - finishedOn - origin - collector - } -} -fragment AllCertifyBad on CertifyBad { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllCertifyGood on CertifyGood { - id - justification - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - origin - collector -} -fragment AllHashEqualTree on HashEqual { - id - justification - artifacts { - ... AllArtifactTree - } - origin - collector -} -fragment AllHasSBOMTree on HasSBOM { - id - subject { - __typename - ... on Artifact { - ... AllArtifactTree - } - ... on Package { - ... AllPkgTree - } - } - uri - algorithm - digest - downloadLocation - origin - collector -} -fragment AllHasSourceAt on HasSourceAt { - id - justification - knownSince - package { - ... AllPkgTree - } - source { - ... AllSourceTree - } - origin - collector -} -fragment AllPointOfContact on PointOfContact { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - email - info - since - justification - origin - collector -} -fragment AllCertifyVuln on CertifyVuln { +fragment AllPkgTree on Package { id - package { - ... AllPkgTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { + type + namespaces { + id + namespace + names { id - } - } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } } } -fragment AllIsVulnerability on IsVulnerability { +fragment AllSourceTree on Source { id - osv { - ... AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree + type + namespaces { + id + namespace + names { + id + name + tag + commit } } - justification - origin - collector } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllArtifactTree on Artifact { id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Artifact { - ... AllArtifactTree - } - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } - } - status - vexJustification - statement - statusNotes - knownSince - origin - collector + algorithm + digest } ` -func Node( +func IsOccurrencesSrc( ctx context.Context, client graphql.Client, - node string, -) (*NodeResponse, error) { + sources []SourceInputSpec, + artifacts []ArtifactInputSpec, + occurrences []IsOccurrenceInputSpec, +) (*IsOccurrencesSrcResponse, error) { req := &graphql.Request{ - OpName: "Node", - Query: Node_Operation, - Variables: &__NodeInput{ - Node: node, + OpName: "IsOccurrencesSrc", + Query: IsOccurrencesSrc_Operation, + Variables: &__IsOccurrencesSrcInput{ + Sources: sources, + Artifacts: artifacts, + Occurrences: occurrences, }, } var err error - var data NodeResponse + var data IsOccurrencesSrcResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -31675,10 +26909,10 @@ func Node( return &data, err } -// The query or mutation executed by Nodes. -const Nodes_Operation = ` -query Nodes ($nodes: [ID!]!) { - nodes(nodes: $nodes) { +// The query or mutation executed by Neighbors. +const Neighbors_Operation = ` +query Neighbors ($node: ID!, $usingOnly: [Edge!]!) { + neighbors(node: $node, usingOnly: $usingOnly) { __typename ... on Package { ... AllPkgTree @@ -31692,17 +26926,8 @@ query Nodes ($nodes: [ID!]!) { ... on Builder { ... AllBuilderTree } - ... on OSV { - ... AllOSVTree - } - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ... AllVulnerabilityTree } ... on CertifyScorecard { ... AllCertifyScorecard @@ -31740,8 +26965,8 @@ query Nodes ($nodes: [ID!]!) { ... on CertifyVuln { ... AllCertifyVuln } - ... on IsVulnerability { - ... AllIsVulnerability + ... on VulnEqual { + ... AllVulnEqual } ... on CertifyVEXStatement { ... AllCertifyVEXStatement @@ -31795,18 +27020,13 @@ fragment AllBuilderTree on Builder { id uri } -fragment AllOSVTree on OSV { - id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { +fragment AllVulnerabilityTree on Vulnerability { id - ghsaId + type + vulnerabilityIDs { + id + vulnerabilityID + } } fragment AllCertifyScorecard on CertifyScorecard { id @@ -31948,355 +27168,115 @@ fragment AllHasSBOMTree on HasSBOM { ... AllPkgTree } } - uri - algorithm - digest - downloadLocation - origin - collector -} -fragment AllHasSourceAt on HasSourceAt { - id - justification - knownSince - package { - ... AllPkgTree - } - source { - ... AllSourceTree - } - origin - collector -} -fragment AllPointOfContact on PointOfContact { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } - } - email - info - since - justification - origin - collector -} -fragment AllCertifyVuln on CertifyVuln { - id - package { - ... AllPkgTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } - } - metadata { - dbUri - dbVersion - scannerUri - scannerVersion - timeScanned - origin - collector - } -} -fragment AllIsVulnerability on IsVulnerability { - id - osv { - ... AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - } - justification - origin - collector -} -fragment AllCertifyVEXStatement on CertifyVEXStatement { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Artifact { - ... AllArtifactTree - } - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } - } - status - vexJustification - statement - statusNotes - knownSince - origin - collector -} -` - -func Nodes( - ctx context.Context, - client graphql.Client, - nodes []string, -) (*NodesResponse, error) { - req := &graphql.Request{ - OpName: "Nodes", - Query: Nodes_Operation, - Variables: &__NodesInput{ - Nodes: nodes, - }, - } - var err error - - var data NodesResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by OSVs. -const OSVs_Operation = ` -query OSVs ($filter: OSVSpec!) { - osv(osvSpec: $filter) { - ... AllOSVTree - } -} -fragment AllOSVTree on OSV { - id - osvId -} -` - -func OSVs( - ctx context.Context, - client graphql.Client, - filter OSVSpec, -) (*OSVsResponse, error) { - req := &graphql.Request{ - OpName: "OSVs", - Query: OSVs_Operation, - Variables: &__OSVsInput{ - Filter: filter, - }, - } - var err error - - var data OSVsResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by PackageNames. -const PackageNames_Operation = ` -query PackageNames ($filter: PkgSpec!) { - packages(pkgSpec: $filter) { - id - type - namespaces { - id - namespace - names { - id - name - } - } - } + uri + algorithm + digest + downloadLocation + origin + collector } -` - -func PackageNames( - ctx context.Context, - client graphql.Client, - filter PkgSpec, -) (*PackageNamesResponse, error) { - req := &graphql.Request{ - OpName: "PackageNames", - Query: PackageNames_Operation, - Variables: &__PackageNamesInput{ - Filter: filter, - }, +fragment AllHasSourceAt on HasSourceAt { + id + justification + knownSince + package { + ... AllPkgTree } - var err error - - var data PackageNamesResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err + source { + ... AllSourceTree + } + origin + collector } - -// The query or mutation executed by PackageNamespaces. -const PackageNamespaces_Operation = ` -query PackageNamespaces ($filter: PkgSpec!) { - packages(pkgSpec: $filter) { - id - type - namespaces { - id - namespace +fragment AllPointOfContact on PointOfContact { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree } } + email + info + since + justification + origin + collector } -` - -func PackageNamespaces( - ctx context.Context, - client graphql.Client, - filter PkgSpec, -) (*PackageNamespacesResponse, error) { - req := &graphql.Request{ - OpName: "PackageNamespaces", - Query: PackageNamespaces_Operation, - Variables: &__PackageNamespacesInput{ - Filter: filter, - }, +fragment AllCertifyVuln on CertifyVuln { + id + package { + ... AllPkgTree } - var err error - - var data PackageNamespacesResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err -} - -// The query or mutation executed by PackageTypes. -const PackageTypes_Operation = ` -query PackageTypes ($filter: PkgSpec!) { - packages(pkgSpec: $filter) { - id - type + vulnerability { + ... AllVulnerabilityTree + } + metadata { + dbUri + dbVersion + scannerUri + scannerVersion + timeScanned + origin + collector } } -` - -func PackageTypes( - ctx context.Context, - client graphql.Client, - filter PkgSpec, -) (*PackageTypesResponse, error) { - req := &graphql.Request{ - OpName: "PackageTypes", - Query: PackageTypes_Operation, - Variables: &__PackageTypesInput{ - Filter: filter, - }, +fragment AllVulnEqual on VulnEqual { + id + vulnerabilities { + ... AllVulnerabilityTree } - var err error - - var data PackageTypesResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err + justification + origin + collector } - -// The query or mutation executed by PackageVersions. -const PackageVersions_Operation = ` -query PackageVersions ($filter: PkgSpec!) { - packages(pkgSpec: $filter) { - id - type - namespaces { - id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } +fragment AllCertifyVEXStatement on CertifyVEXStatement { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Artifact { + ... AllArtifactTree } } + vulnerability { + ... AllVulnerabilityTree + } + status + vexJustification + statement + statusNotes + knownSince + origin + collector } ` -func PackageVersions( +func Neighbors( ctx context.Context, client graphql.Client, - filter PkgSpec, -) (*PackageVersionsResponse, error) { + node string, + usingOnly []Edge, +) (*NeighborsResponse, error) { req := &graphql.Request{ - OpName: "PackageVersions", - Query: PackageVersions_Operation, - Variables: &__PackageVersionsInput{ - Filter: filter, + OpName: "Neighbors", + Query: Neighbors_Operation, + Variables: &__NeighborsInput{ + Node: node, + UsingOnly: usingOnly, }, } var err error - var data PackageVersionsResponse + var data NeighborsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -32308,11 +27288,71 @@ func PackageVersions( return &data, err } -// The query or mutation executed by Packages. -const Packages_Operation = ` -query Packages ($filter: PkgSpec!) { - packages(pkgSpec: $filter) { - ... AllPkgTree +// The query or mutation executed by Node. +const Node_Operation = ` +query Node ($node: ID!) { + node(node: $node) { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + ... on Builder { + ... AllBuilderTree + } + ... on Vulnerability { + ... AllVulnerabilityTree + } + ... on CertifyScorecard { + ... AllCertifyScorecard + } + ... on PkgEqual { + ... AllPkgEqual + } + ... on IsOccurrence { + ... AllIsOccurrencesTree + } + ... on IsDependency { + ... AllIsDependencyTree + } + ... on HasSLSA { + ... AllSLSATree + } + ... on CertifyBad { + ... AllCertifyBad + } + ... on CertifyGood { + ... AllCertifyGood + } + ... on HashEqual { + ... AllHashEqualTree + } + ... on HasSBOM { + ... AllHasSBOMTree + } + ... on HasSourceAt { + ... AllHasSourceAt + } + ... on PointOfContact { + ... AllPointOfContact + } + ... on CertifyVuln { + ... AllCertifyVuln + } + ... on VulnEqual { + ... AllVulnEqual + } + ... on CertifyVEXStatement { + ... AllCertifyVEXStatement + } + ... on Builder { + ... AllBuilderTree + } } } fragment AllPkgTree on Package { @@ -32336,23 +27376,284 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} +fragment AllBuilderTree on Builder { + id + uri +} +fragment AllVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } +} +fragment AllCertifyScorecard on CertifyScorecard { + id + source { + ... AllSourceTree + } + scorecard { + timeScanned + aggregateScore + checks { + check + score + } + scorecardVersion + scorecardCommit + origin + collector + } +} +fragment AllPkgEqual on PkgEqual { + id + justification + packages { + ... AllPkgTree + } + origin + collector +} +fragment AllIsOccurrencesTree on IsOccurrence { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + } + artifact { + ... AllArtifactTree + } + justification + origin + collector +} +fragment AllIsDependencyTree on IsDependency { + id + justification + package { + ... AllPkgTree + } + dependentPackage { + ... AllPkgTree + } + dependencyType + versionRange + origin + collector +} +fragment AllSLSATree on HasSLSA { + id + subject { + ... AllArtifactTree + } + slsa { + builtFrom { + ... AllArtifactTree + } + builtBy { + id + uri + } + buildType + slsaPredicate { + key + value + } + slsaVersion + startedOn + finishedOn + origin + collector + } +} +fragment AllCertifyBad on CertifyBad { + id + justification + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + origin + collector +} +fragment AllCertifyGood on CertifyGood { + id + justification + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + origin + collector +} +fragment AllHashEqualTree on HashEqual { + id + justification + artifacts { + ... AllArtifactTree + } + origin + collector +} +fragment AllHasSBOMTree on HasSBOM { + id + subject { + __typename + ... on Artifact { + ... AllArtifactTree + } + ... on Package { + ... AllPkgTree + } + } + uri + algorithm + digest + downloadLocation + origin + collector +} +fragment AllHasSourceAt on HasSourceAt { + id + justification + knownSince + package { + ... AllPkgTree + } + source { + ... AllSourceTree + } + origin + collector +} +fragment AllPointOfContact on PointOfContact { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + email + info + since + justification + origin + collector +} +fragment AllCertifyVuln on CertifyVuln { + id + package { + ... AllPkgTree + } + vulnerability { + ... AllVulnerabilityTree + } + metadata { + dbUri + dbVersion + scannerUri + scannerVersion + timeScanned + origin + collector + } +} +fragment AllVulnEqual on VulnEqual { + id + vulnerabilities { + ... AllVulnerabilityTree + } + justification + origin + collector +} +fragment AllCertifyVEXStatement on CertifyVEXStatement { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Artifact { + ... AllArtifactTree + } + } + vulnerability { + ... AllVulnerabilityTree + } + status + vexJustification + statement + statusNotes + knownSince + origin + collector +} ` -func Packages( +func Node( ctx context.Context, client graphql.Client, - filter PkgSpec, -) (*PackagesResponse, error) { + node string, +) (*NodeResponse, error) { req := &graphql.Request{ - OpName: "Packages", - Query: Packages_Operation, - Variables: &__PackagesInput{ - Filter: filter, + OpName: "Node", + Query: Node_Operation, + Variables: &__NodeInput{ + Node: node, }, } var err error - var data PackagesResponse + var data NodeResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -32364,10 +27665,10 @@ func Packages( return &data, err } -// The query or mutation executed by Path. -const Path_Operation = ` -query Path ($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge!]!) { - path(subject: $subject, target: $target, maxPathLength: $maxPathLength, usingOnly: $usingOnly) { +// The query or mutation executed by Nodes. +const Nodes_Operation = ` +query Nodes ($nodes: [ID!]!) { + nodes(nodes: $nodes) { __typename ... on Package { ... AllPkgTree @@ -32381,17 +27682,8 @@ query Path ($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge ... on Builder { ... AllBuilderTree } - ... on OSV { - ... AllOSVTree - } - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ... AllVulnerabilityTree } ... on CertifyScorecard { ... AllCertifyScorecard @@ -32429,8 +27721,8 @@ query Path ($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge ... on CertifyVuln { ... AllCertifyVuln } - ... on IsVulnerability { - ... AllIsVulnerability + ... on VulnEqual { + ... AllVulnEqual } ... on CertifyVEXStatement { ... AllCertifyVEXStatement @@ -32484,18 +27776,13 @@ fragment AllBuilderTree on Builder { id uri } -fragment AllOSVTree on OSV { +fragment AllVulnerabilityTree on Vulnerability { id - osvId -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId + type + vulnerabilityIDs { + id + vulnerabilityID + } } fragment AllCertifyScorecard on CertifyScorecard { id @@ -32684,19 +27971,7 @@ fragment AllCertifyVuln on CertifyVuln { ... AllPkgTree } vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on OSV { - ... AllOSVTree - } - ... on GHSA { - ... AllGHSATree - } - ... on NoVuln { - id - } + ... AllVulnerabilityTree } metadata { dbUri @@ -32708,19 +27983,10 @@ fragment AllCertifyVuln on CertifyVuln { collector } } -fragment AllIsVulnerability on IsVulnerability { +fragment AllVulnEqual on VulnEqual { id - osv { - ... AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } + vulnerabilities { + ... AllVulnerabilityTree } justification origin @@ -32738,16 +28004,7 @@ fragment AllCertifyVEXStatement on CertifyVEXStatement { } } vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } + ... AllVulnerabilityTree } status vexJustification @@ -32759,27 +28016,21 @@ fragment AllCertifyVEXStatement on CertifyVEXStatement { } ` -func Path( +func Nodes( ctx context.Context, client graphql.Client, - subject string, - target string, - maxPathLength int, - usingOnly []Edge, -) (*PathResponse, error) { + nodes []string, +) (*NodesResponse, error) { req := &graphql.Request{ - OpName: "Path", - Query: Path_Operation, - Variables: &__PathInput{ - Subject: subject, - Target: target, - MaxPathLength: maxPathLength, - UsingOnly: usingOnly, + OpName: "Nodes", + Query: Nodes_Operation, + Variables: &__NodesInput{ + Nodes: nodes, }, } var err error - var data PathResponse + var data NodesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -32791,70 +28042,79 @@ func Path( return &data, err } -// The query or mutation executed by PkgEqual. -const PkgEqual_Operation = ` -mutation PkgEqual ($pkg: PkgInputSpec!, $otherPackage: PkgInputSpec!, $pkgEqual: PkgEqualInputSpec!) { - pkg: ingestPackage(pkg: $pkg) { - ... AllPkgTree - } - otherPackage: ingestPackage(pkg: $otherPackage) { - ... AllPkgTree - } - ingestPkgEqual(pkg: $pkg, otherPackage: $otherPackage, pkgEqual: $pkgEqual) { - ... AllPkgEqual - } -} -fragment AllPkgTree on Package { - id - type - namespaces { +// The query or mutation executed by PackageNames. +const PackageNames_Operation = ` +query PackageNames ($filter: PkgSpec!) { + packages(pkgSpec: $filter) { id - namespace - names { + type + namespaces { id - name - versions { + namespace + names { id - version - qualifiers { - key - value - } - subpath + name } } } } -fragment AllPkgEqual on PkgEqual { - id - justification - packages { - ... AllPkgTree +` + +func PackageNames( + ctx context.Context, + client graphql.Client, + filter PkgSpec, +) (*PackageNamesResponse, error) { + req := &graphql.Request{ + OpName: "PackageNames", + Query: PackageNames_Operation, + Variables: &__PackageNamesInput{ + Filter: filter, + }, + } + var err error + + var data PackageNamesResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err +} + +// The query or mutation executed by PackageNamespaces. +const PackageNamespaces_Operation = ` +query PackageNamespaces ($filter: PkgSpec!) { + packages(pkgSpec: $filter) { + id + type + namespaces { + id + namespace + } } - origin - collector } ` -func PkgEqual( +func PackageNamespaces( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - otherPackage PkgInputSpec, - pkgEqual PkgEqualInputSpec, -) (*PkgEqualResponse, error) { + filter PkgSpec, +) (*PackageNamespacesResponse, error) { req := &graphql.Request{ - OpName: "PkgEqual", - Query: PkgEqual_Operation, - Variables: &__PkgEqualInput{ - Pkg: pkg, - OtherPackage: otherPackage, - PkgEqual: pkgEqual, + OpName: "PackageNamespaces", + Query: PackageNamespaces_Operation, + Variables: &__PackageNamespacesInput{ + Filter: filter, }, } var err error - var data PkgEqualResponse + var data PackageNamespacesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -32866,93 +28126,84 @@ func PkgEqual( return &data, err } -// The query or mutation executed by PointOfContactArtifact. -const PointOfContactArtifact_Operation = ` -mutation PointOfContactArtifact ($artifact: ArtifactInputSpec!, $pointOfContact: PointOfContactInputSpec!) { - ingestPointOfContact(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, pointOfContact: $pointOfContact) { - ... AllPointOfContact +// The query or mutation executed by PackageTypes. +const PackageTypes_Operation = ` +query PackageTypes ($filter: PkgSpec!) { + packages(pkgSpec: $filter) { + id + type } } -fragment AllPointOfContact on PointOfContact { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } +` + +func PackageTypes( + ctx context.Context, + client graphql.Client, + filter PkgSpec, +) (*PackageTypesResponse, error) { + req := &graphql.Request{ + OpName: "PackageTypes", + Query: PackageTypes_Operation, + Variables: &__PackageTypesInput{ + Filter: filter, + }, } - email - info - since - justification - origin - collector + var err error + + var data PackageTypesResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err } -fragment AllPkgTree on Package { - id - type - namespaces { + +// The query or mutation executed by PackageVersions. +const PackageVersions_Operation = ` +query PackageVersions ($filter: PkgSpec!) { + packages(pkgSpec: $filter) { id - namespace - names { + type + namespaces { id - name - versions { + namespace + names { id - version - qualifiers { - key - value + name + versions { + id + version + qualifiers { + key + value + } + subpath } - subpath } } } } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func PointOfContactArtifact( +func PackageVersions( ctx context.Context, client graphql.Client, - artifact ArtifactInputSpec, - pointOfContact PointOfContactInputSpec, -) (*PointOfContactArtifactResponse, error) { + filter PkgSpec, +) (*PackageVersionsResponse, error) { req := &graphql.Request{ - OpName: "PointOfContactArtifact", - Query: PointOfContactArtifact_Operation, - Variables: &__PointOfContactArtifactInput{ - Artifact: artifact, - PointOfContact: pointOfContact, + OpName: "PackageVersions", + Query: PackageVersions_Operation, + Variables: &__PackageVersionsInput{ + Filter: filter, }, } var err error - var data PointOfContactArtifactResponse + var data PackageVersionsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -32964,33 +28215,12 @@ func PointOfContactArtifact( return &data, err } -// The query or mutation executed by PointOfContactPkg. -const PointOfContactPkg_Operation = ` -mutation PointOfContactPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $pointOfContact: PointOfContactInputSpec!) { - ingestPointOfContact(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, pointOfContact: $pointOfContact) { - ... AllPointOfContact - } -} -fragment AllPointOfContact on PointOfContact { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Source { - ... AllSourceTree - } - ... on Artifact { - ... AllArtifactTree - } +// The query or mutation executed by Packages. +const Packages_Operation = ` +query Packages ($filter: PkgSpec!) { + packages(pkgSpec: $filter) { + ... AllPkgTree } - email - info - since - justification - origin - collector } fragment AllPkgTree on Package { id @@ -33013,46 +28243,23 @@ fragment AllPkgTree on Package { } } } -fragment AllSourceTree on Source { - id - type - namespaces { - id - namespace - names { - id - name - tag - commit - } - } -} -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} ` -func PointOfContactPkg( +func Packages( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - pkgMatchType MatchFlags, - pointOfContact PointOfContactInputSpec, -) (*PointOfContactPkgResponse, error) { + filter PkgSpec, +) (*PackagesResponse, error) { req := &graphql.Request{ - OpName: "PointOfContactPkg", - Query: PointOfContactPkg_Operation, - Variables: &__PointOfContactPkgInput{ - Pkg: pkg, - PkgMatchType: pkgMatchType, - PointOfContact: pointOfContact, + OpName: "Packages", + Query: Packages_Operation, + Variables: &__PackagesInput{ + Filter: filter, }, } var err error - var data PointOfContactPkgResponse + var data PackagesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33064,16 +28271,10 @@ func PointOfContactPkg( return &data, err } -// The query or mutation executed by PointOfContactSrc. -const PointOfContactSrc_Operation = ` -mutation PointOfContactSrc ($source: SourceInputSpec!, $pointOfContact: PointOfContactInputSpec!) { - ingestPointOfContact(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, pointOfContact: $pointOfContact) { - ... AllPointOfContact - } -} -fragment AllPointOfContact on PointOfContact { - id - subject { +// The query or mutation executed by Path. +const Path_Operation = ` +query Path ($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge!]!) { + path(subject: $subject, target: $target, maxPathLength: $maxPathLength, usingOnly: $usingOnly) { __typename ... on Package { ... AllPkgTree @@ -33084,13 +28285,58 @@ fragment AllPointOfContact on PointOfContact { ... on Artifact { ... AllArtifactTree } + ... on Builder { + ... AllBuilderTree + } + ... on Vulnerability { + ... AllVulnerabilityTree + } + ... on CertifyScorecard { + ... AllCertifyScorecard + } + ... on PkgEqual { + ... AllPkgEqual + } + ... on IsOccurrence { + ... AllIsOccurrencesTree + } + ... on IsDependency { + ... AllIsDependencyTree + } + ... on HasSLSA { + ... AllSLSATree + } + ... on CertifyBad { + ... AllCertifyBad + } + ... on CertifyGood { + ... AllCertifyGood + } + ... on HashEqual { + ... AllHashEqualTree + } + ... on HasSBOM { + ... AllHasSBOMTree + } + ... on HasSourceAt { + ... AllHasSourceAt + } + ... on PointOfContact { + ... AllPointOfContact + } + ... on CertifyVuln { + ... AllCertifyVuln + } + ... on VulnEqual { + ... AllVulnEqual + } + ... on CertifyVEXStatement { + ... AllCertifyVEXStatement + } + ... on Builder { + ... AllBuilderTree + } } - email - info - since - justification - origin - collector } fragment AllPkgTree on Package { id @@ -33132,42 +28378,76 @@ fragment AllArtifactTree on Artifact { algorithm digest } -` - -func PointOfContactSrc( - ctx context.Context, - client graphql.Client, - source SourceInputSpec, - pointOfContact PointOfContactInputSpec, -) (*PointOfContactSrcResponse, error) { - req := &graphql.Request{ - OpName: "PointOfContactSrc", - Query: PointOfContactSrc_Operation, - Variables: &__PointOfContactSrcInput{ - Source: source, - PointOfContact: pointOfContact, - }, +fragment AllBuilderTree on Builder { + id + uri +} +fragment AllVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID } - var err error - - var data PointOfContactSrcResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err } - -// The query or mutation executed by SLSAForArtifact. -const SLSAForArtifact_Operation = ` -mutation SLSAForArtifact ($artifact: ArtifactInputSpec!, $materials: [ArtifactInputSpec!]!, $builder: BuilderInputSpec!, $slsa: SLSAInputSpec!) { - ingestSLSA(subject: $artifact, builtFrom: $materials, builtBy: $builder, slsa: $slsa) { - ... AllSLSATree +fragment AllCertifyScorecard on CertifyScorecard { + id + source { + ... AllSourceTree + } + scorecard { + timeScanned + aggregateScore + checks { + check + score + } + scorecardVersion + scorecardCommit + origin + collector + } +} +fragment AllPkgEqual on PkgEqual { + id + justification + packages { + ... AllPkgTree + } + origin + collector +} +fragment AllIsOccurrencesTree on IsOccurrence { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + } + artifact { + ... AllArtifactTree + } + justification + origin + collector +} +fragment AllIsDependencyTree on IsDependency { + id + justification + package { + ... AllPkgTree + } + dependentPackage { + ... AllPkgTree } + dependencyType + versionRange + origin + collector } fragment AllSLSATree on HasSLSA { id @@ -33194,105 +28474,175 @@ fragment AllSLSATree on HasSLSA { collector } } -fragment AllArtifactTree on Artifact { +fragment AllCertifyBad on CertifyBad { id - algorithm - digest -} -` - -func SLSAForArtifact( - ctx context.Context, - client graphql.Client, - artifact ArtifactInputSpec, - materials []ArtifactInputSpec, - builder BuilderInputSpec, - slsa SLSAInputSpec, -) (*SLSAForArtifactResponse, error) { - req := &graphql.Request{ - OpName: "SLSAForArtifact", - Query: SLSAForArtifact_Operation, - Variables: &__SLSAForArtifactInput{ - Artifact: artifact, - Materials: materials, - Builder: builder, - Slsa: slsa, - }, + justification + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } } - var err error - - var data SLSAForArtifactResponse - resp := &graphql.Response{Data: &data} - - err = client.MakeRequest( - ctx, - req, - resp, - ) - - return &data, err + origin + collector } - -// The query or mutation executed by SLSAForArtifacts. -const SLSAForArtifacts_Operation = ` -mutation SLSAForArtifacts ($artifacts: [ArtifactInputSpec!]!, $materialsList: [[ArtifactInputSpec!]!]!, $builders: [BuilderInputSpec!]!, $slsaList: [SLSAInputSpec!]!) { - ingestSLSAs(subjects: $artifacts, builtFromList: $materialsList, builtByList: $builders, slsaList: $slsaList) { - ... AllSLSATree +fragment AllCertifyGood on CertifyGood { + id + justification + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } } + origin + collector } -fragment AllSLSATree on HasSLSA { +fragment AllHashEqualTree on HashEqual { id - subject { + justification + artifacts { ... AllArtifactTree } - slsa { - builtFrom { + origin + collector +} +fragment AllHasSBOMTree on HasSBOM { + id + subject { + __typename + ... on Artifact { ... AllArtifactTree } - builtBy { - id - uri + ... on Package { + ... AllPkgTree } - buildType - slsaPredicate { - key - value + } + uri + algorithm + digest + downloadLocation + origin + collector +} +fragment AllHasSourceAt on HasSourceAt { + id + justification + knownSince + package { + ... AllPkgTree + } + source { + ... AllSourceTree + } + origin + collector +} +fragment AllPointOfContact on PointOfContact { + id + subject { + __typename + ... on Package { + ... AllPkgTree } - slsaVersion - startedOn - finishedOn + ... on Source { + ... AllSourceTree + } + ... on Artifact { + ... AllArtifactTree + } + } + email + info + since + justification + origin + collector +} +fragment AllCertifyVuln on CertifyVuln { + id + package { + ... AllPkgTree + } + vulnerability { + ... AllVulnerabilityTree + } + metadata { + dbUri + dbVersion + scannerUri + scannerVersion + timeScanned origin collector } } -fragment AllArtifactTree on Artifact { +fragment AllVulnEqual on VulnEqual { id - algorithm - digest + vulnerabilities { + ... AllVulnerabilityTree + } + justification + origin + collector +} +fragment AllCertifyVEXStatement on CertifyVEXStatement { + id + subject { + __typename + ... on Package { + ... AllPkgTree + } + ... on Artifact { + ... AllArtifactTree + } + } + vulnerability { + ... AllVulnerabilityTree + } + status + vexJustification + statement + statusNotes + knownSince + origin + collector } ` -func SLSAForArtifacts( +func Path( ctx context.Context, client graphql.Client, - artifacts []ArtifactInputSpec, - materialsList [][]ArtifactInputSpec, - builders []BuilderInputSpec, - slsaList []SLSAInputSpec, -) (*SLSAForArtifactsResponse, error) { + subject string, + target string, + maxPathLength int, + usingOnly []Edge, +) (*PathResponse, error) { req := &graphql.Request{ - OpName: "SLSAForArtifacts", - Query: SLSAForArtifacts_Operation, - Variables: &__SLSAForArtifactsInput{ - Artifacts: artifacts, - MaterialsList: materialsList, - Builders: builders, - SlsaList: slsaList, + OpName: "Path", + Query: Path_Operation, + Variables: &__PathInput{ + Subject: subject, + Target: target, + MaxPathLength: maxPathLength, + UsingOnly: usingOnly, }, } var err error - var data SLSAForArtifactsResponse + var data PathResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33304,14 +28654,20 @@ func SLSAForArtifacts( return &data, err } -// The query or mutation executed by Sources. -const Sources_Operation = ` -query Sources ($filter: SourceSpec!) { - sources(sourceSpec: $filter) { - ... AllSourceTree +// The query or mutation executed by PkgEqual. +const PkgEqual_Operation = ` +mutation PkgEqual ($pkg: PkgInputSpec!, $otherPackage: PkgInputSpec!, $pkgEqual: PkgEqualInputSpec!) { + pkg: ingestPackage(pkg: $pkg) { + ... AllPkgTree + } + otherPackage: ingestPackage(pkg: $otherPackage) { + ... AllPkgTree + } + ingestPkgEqual(pkg: $pkg, otherPackage: $otherPackage, pkgEqual: $pkgEqual) { + ... AllPkgEqual } } -fragment AllSourceTree on Source { +fragment AllPkgTree on Package { id type namespaces { @@ -33320,28 +28676,48 @@ fragment AllSourceTree on Source { names { id name - tag - commit + versions { + id + version + qualifiers { + key + value + } + subpath + } } } } +fragment AllPkgEqual on PkgEqual { + id + justification + packages { + ... AllPkgTree + } + origin + collector +} ` -func Sources( +func PkgEqual( ctx context.Context, client graphql.Client, - filter SourceSpec, -) (*SourcesResponse, error) { + pkg PkgInputSpec, + otherPackage PkgInputSpec, + pkgEqual PkgEqualInputSpec, +) (*PkgEqualResponse, error) { req := &graphql.Request{ - OpName: "Sources", - Query: Sources_Operation, - Variables: &__SourcesInput{ - Filter: filter, + OpName: "PkgEqual", + Query: PkgEqual_Operation, + Variables: &__PkgEqualInput{ + Pkg: pkg, + OtherPackage: otherPackage, + PkgEqual: pkgEqual, }, } var err error - var data SourcesResponse + var data PkgEqualResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33353,41 +28729,31 @@ func Sources( return &data, err } -// The query or mutation executed by VEXPackageAndGhsa. -const VEXPackageAndGhsa_Operation = ` -mutation VEXPackageAndGhsa ($pkg: PkgInputSpec!, $ghsa: GHSAInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package:$pkg}, vulnerability: {ghsa:$ghsa}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement +// The query or mutation executed by PointOfContactArtifact. +const PointOfContactArtifact_Operation = ` +mutation PointOfContactArtifact ($artifact: ArtifactInputSpec!, $pointOfContact: PointOfContactInputSpec!) { + ingestPointOfContact(subject: {artifact:$artifact}, pkgMatchType: {pkg:ALL_VERSIONS}, pointOfContact: $pointOfContact) { + ... AllPointOfContact } } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllPointOfContact on PointOfContact { id subject { __typename ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } ... on Artifact { ... AllArtifactTree } } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } - } - status - vexJustification - statement - statusNotes - knownSince + email + info + since + justification origin collector } @@ -33412,45 +28778,44 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} fragment AllArtifactTree on Artifact { id algorithm digest } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllOSVTree on OSV { - id - osvId -} ` -func VEXPackageAndGhsa( +func PointOfContactArtifact( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - ghsa GHSAInputSpec, - vexStatement VexStatementInputSpec, -) (*VEXPackageAndGhsaResponse, error) { + artifact ArtifactInputSpec, + pointOfContact PointOfContactInputSpec, +) (*PointOfContactArtifactResponse, error) { req := &graphql.Request{ - OpName: "VEXPackageAndGhsa", - Query: VEXPackageAndGhsa_Operation, - Variables: &__VEXPackageAndGhsaInput{ - Pkg: pkg, - Ghsa: ghsa, - VexStatement: vexStatement, + OpName: "PointOfContactArtifact", + Query: PointOfContactArtifact_Operation, + Variables: &__PointOfContactArtifactInput{ + Artifact: artifact, + PointOfContact: pointOfContact, }, } var err error - var data VEXPackageAndGhsaResponse + var data PointOfContactArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33462,41 +28827,31 @@ func VEXPackageAndGhsa( return &data, err } -// The query or mutation executed by VexArtifactAndCve. -const VexArtifactAndCve_Operation = ` -mutation VexArtifactAndCve ($artifact: ArtifactInputSpec!, $cve: CVEInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact:$artifact}, vulnerability: {cve:$cve}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement +// The query or mutation executed by PointOfContactPkg. +const PointOfContactPkg_Operation = ` +mutation PointOfContactPkg ($pkg: PkgInputSpec!, $pkgMatchType: MatchFlags!, $pointOfContact: PointOfContactInputSpec!) { + ingestPointOfContact(subject: {package:$pkg}, pkgMatchType: $pkgMatchType, pointOfContact: $pointOfContact) { + ... AllPointOfContact } } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllPointOfContact on PointOfContact { id subject { __typename ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } ... on Artifact { ... AllArtifactTree } } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } - } - status - vexJustification - statement - statusNotes - knownSince + email + info + since + justification origin collector } @@ -33521,45 +28876,46 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} fragment AllArtifactTree on Artifact { id algorithm digest } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllOSVTree on OSV { - id - osvId -} ` -func VexArtifactAndCve( +func PointOfContactPkg( ctx context.Context, client graphql.Client, - artifact ArtifactInputSpec, - cve CVEInputSpec, - vexStatement VexStatementInputSpec, -) (*VexArtifactAndCveResponse, error) { + pkg PkgInputSpec, + pkgMatchType MatchFlags, + pointOfContact PointOfContactInputSpec, +) (*PointOfContactPkgResponse, error) { req := &graphql.Request{ - OpName: "VexArtifactAndCve", - Query: VexArtifactAndCve_Operation, - Variables: &__VexArtifactAndCveInput{ - Artifact: artifact, - Cve: cve, - VexStatement: vexStatement, + OpName: "PointOfContactPkg", + Query: PointOfContactPkg_Operation, + Variables: &__PointOfContactPkgInput{ + Pkg: pkg, + PkgMatchType: pkgMatchType, + PointOfContact: pointOfContact, }, } var err error - var data VexArtifactAndCveResponse + var data PointOfContactPkgResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33571,41 +28927,31 @@ func VexArtifactAndCve( return &data, err } -// The query or mutation executed by VexArtifactAndGhsa. -const VexArtifactAndGhsa_Operation = ` -mutation VexArtifactAndGhsa ($artifact: ArtifactInputSpec!, $ghsa: GHSAInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact:$artifact}, vulnerability: {ghsa:$ghsa}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement +// The query or mutation executed by PointOfContactSrc. +const PointOfContactSrc_Operation = ` +mutation PointOfContactSrc ($source: SourceInputSpec!, $pointOfContact: PointOfContactInputSpec!) { + ingestPointOfContact(subject: {source:$source}, pkgMatchType: {pkg:ALL_VERSIONS}, pointOfContact: $pointOfContact) { + ... AllPointOfContact } } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllPointOfContact on PointOfContact { id subject { __typename ... on Package { ... AllPkgTree } + ... on Source { + ... AllSourceTree + } ... on Artifact { ... AllArtifactTree } } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } - } - status - vexJustification - statement - statusNotes - knownSince + email + info + since + justification origin collector } @@ -33630,45 +28976,115 @@ fragment AllPkgTree on Package { } } } +fragment AllSourceTree on Source { + id + type + namespaces { + id + namespace + names { + id + name + tag + commit + } + } +} +fragment AllArtifactTree on Artifact { + id + algorithm + digest +} +` + +func PointOfContactSrc( + ctx context.Context, + client graphql.Client, + source SourceInputSpec, + pointOfContact PointOfContactInputSpec, +) (*PointOfContactSrcResponse, error) { + req := &graphql.Request{ + OpName: "PointOfContactSrc", + Query: PointOfContactSrc_Operation, + Variables: &__PointOfContactSrcInput{ + Source: source, + PointOfContact: pointOfContact, + }, + } + var err error + + var data PointOfContactSrcResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err +} + +// The query or mutation executed by SLSAForArtifact. +const SLSAForArtifact_Operation = ` +mutation SLSAForArtifact ($artifact: ArtifactInputSpec!, $materials: [ArtifactInputSpec!]!, $builder: BuilderInputSpec!, $slsa: SLSAInputSpec!) { + ingestSLSA(subject: $artifact, builtFrom: $materials, builtBy: $builder, slsa: $slsa) { + ... AllSLSATree + } +} +fragment AllSLSATree on HasSLSA { + id + subject { + ... AllArtifactTree + } + slsa { + builtFrom { + ... AllArtifactTree + } + builtBy { + id + uri + } + buildType + slsaPredicate { + key + value + } + slsaVersion + startedOn + finishedOn + origin + collector + } +} fragment AllArtifactTree on Artifact { id algorithm digest } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllOSVTree on OSV { - id - osvId -} ` -func VexArtifactAndGhsa( +func SLSAForArtifact( ctx context.Context, client graphql.Client, artifact ArtifactInputSpec, - ghsa GHSAInputSpec, - vexStatement VexStatementInputSpec, -) (*VexArtifactAndGhsaResponse, error) { + materials []ArtifactInputSpec, + builder BuilderInputSpec, + slsa SLSAInputSpec, +) (*SLSAForArtifactResponse, error) { req := &graphql.Request{ - OpName: "VexArtifactAndGhsa", - Query: VexArtifactAndGhsa_Operation, - Variables: &__VexArtifactAndGhsaInput{ - Artifact: artifact, - Ghsa: ghsa, - VexStatement: vexStatement, + OpName: "SLSAForArtifact", + Query: SLSAForArtifact_Operation, + Variables: &__SLSAForArtifactInput{ + Artifact: artifact, + Materials: materials, + Builder: builder, + Slsa: slsa, }, } var err error - var data VexArtifactAndGhsaResponse + var data SLSAForArtifactResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33680,63 +29096,36 @@ func VexArtifactAndGhsa( return &data, err } -// The query or mutation executed by VexArtifactAndOsv. -const VexArtifactAndOsv_Operation = ` -mutation VexArtifactAndOsv ($artifact: ArtifactInputSpec!, $osv: OSVInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact:$artifact}, vulnerability: {osv:$osv}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement +// The query or mutation executed by SLSAForArtifacts. +const SLSAForArtifacts_Operation = ` +mutation SLSAForArtifacts ($artifacts: [ArtifactInputSpec!]!, $materialsList: [[ArtifactInputSpec!]!]!, $builders: [BuilderInputSpec!]!, $slsaList: [SLSAInputSpec!]!) { + ingestSLSAs(subjects: $artifacts, builtFromList: $materialsList, builtByList: $builders, slsaList: $slsaList) { + ... AllSLSATree } } -fragment AllCertifyVEXStatement on CertifyVEXStatement { +fragment AllSLSATree on HasSLSA { id subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Artifact { - ... AllArtifactTree - } + ... AllArtifactTree } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree + slsa { + builtFrom { + ... AllArtifactTree } - } - status - vexJustification - statement - statusNotes - knownSince - origin - collector -} -fragment AllPkgTree on Package { - id - type - namespaces { - id - namespace - names { + builtBy { id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } + uri + } + buildType + slsaPredicate { + key + value } + slsaVersion + startedOn + finishedOn + origin + collector } } fragment AllArtifactTree on Artifact { @@ -33744,40 +29133,29 @@ fragment AllArtifactTree on Artifact { algorithm digest } -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllOSVTree on OSV { - id - osvId -} ` -func VexArtifactAndOsv( +func SLSAForArtifacts( ctx context.Context, client graphql.Client, - artifact ArtifactInputSpec, - osv OSVInputSpec, - vexStatement VexStatementInputSpec, -) (*VexArtifactAndOsvResponse, error) { + artifacts []ArtifactInputSpec, + materialsList [][]ArtifactInputSpec, + builders []BuilderInputSpec, + slsaList []SLSAInputSpec, +) (*SLSAForArtifactsResponse, error) { req := &graphql.Request{ - OpName: "VexArtifactAndOsv", - Query: VexArtifactAndOsv_Operation, - Variables: &__VexArtifactAndOsvInput{ - Artifact: artifact, - Osv: osv, - VexStatement: vexStatement, + OpName: "SLSAForArtifacts", + Query: SLSAForArtifacts_Operation, + Variables: &__SLSAForArtifactsInput{ + Artifacts: artifacts, + MaterialsList: materialsList, + Builders: builders, + SlsaList: slsaList, }, } var err error - var data VexArtifactAndOsvResponse + var data SLSAForArtifactsResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33789,45 +29167,14 @@ func VexArtifactAndOsv( return &data, err } -// The query or mutation executed by VexPackageAndCve. -const VexPackageAndCve_Operation = ` -mutation VexPackageAndCve ($pkg: PkgInputSpec!, $cve: CVEInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package:$pkg}, vulnerability: {cve:$cve}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement - } -} -fragment AllCertifyVEXStatement on CertifyVEXStatement { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Artifact { - ... AllArtifactTree - } - } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } +// The query or mutation executed by Sources. +const Sources_Operation = ` +query Sources ($filter: SourceSpec!) { + sources(sourceSpec: $filter) { + ... AllSourceTree } - status - vexJustification - statement - statusNotes - knownSince - origin - collector } -fragment AllPkgTree on Package { +fragment AllSourceTree on Source { id type namespaces { @@ -33836,57 +29183,28 @@ fragment AllPkgTree on Package { names { id name - versions { - id - version - qualifiers { - key - value - } - subpath - } + tag + commit } } } -fragment AllArtifactTree on Artifact { - id - algorithm - digest -} -fragment AllCveTree on CVE { - id - year - cveId -} -fragment AllGHSATree on GHSA { - id - ghsaId -} -fragment AllOSVTree on OSV { - id - osvId -} ` -func VexPackageAndCve( +func Sources( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - cve CVEInputSpec, - vexStatement VexStatementInputSpec, -) (*VexPackageAndCveResponse, error) { + filter SourceSpec, +) (*SourcesResponse, error) { req := &graphql.Request{ - OpName: "VexPackageAndCve", - Query: VexPackageAndCve_Operation, - Variables: &__VexPackageAndCveInput{ - Pkg: pkg, - Cve: cve, - VexStatement: vexStatement, + OpName: "Sources", + Query: Sources_Operation, + Variables: &__SourcesInput{ + Filter: filter, }, } var err error - var data VexPackageAndCveResponse + var data SourcesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( @@ -33898,104 +29216,100 @@ func VexPackageAndCve( return &data, err } -// The query or mutation executed by VexPackageAndOsv. -const VexPackageAndOsv_Operation = ` -mutation VexPackageAndOsv ($pkg: PkgInputSpec!, $osv: OSVInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package:$pkg}, vulnerability: {osv:$osv}, vexStatement: $vexStatement) { - ... AllCertifyVEXStatement +// The query or mutation executed by VulnEqual. +const VulnEqual_Operation = ` +mutation VulnEqual ($vulnerability: VulnerabilityInputSpec!, $otherVulnerability: VulnerabilityInputSpec!, $vulnEqual: VulnEqualInputSpec!) { + vuln: ingestVulnerability(vuln: $vulnerability) { + ... AllVulnerabilityTree } -} -fragment AllCertifyVEXStatement on CertifyVEXStatement { - id - subject { - __typename - ... on Package { - ... AllPkgTree - } - ... on Artifact { - ... AllArtifactTree - } + otherVuln: ingestVulnerability(vuln: $otherVulnerability) { + ... AllVulnerabilityTree } - vulnerability { - __typename - ... on CVE { - ... AllCveTree - } - ... on GHSA { - ... AllGHSATree - } - ... on OSV { - ... AllOSVTree - } + ingestVulnEqual(vulnerability: $vulnerability, otherVulnerability: $otherVulnerability, vulnEqual: $vulnEqual) { + ... AllVulnEqual } - status - vexJustification - statement - statusNotes - knownSince - origin - collector } -fragment AllPkgTree on Package { +fragment AllVulnerabilityTree on Vulnerability { id type - namespaces { + vulnerabilityIDs { id - namespace - names { - id - name - versions { - id - version - qualifiers { - key - value - } - subpath - } - } + vulnerabilityID } } -fragment AllArtifactTree on Artifact { +fragment AllVulnEqual on VulnEqual { id - algorithm - digest + vulnerabilities { + ... AllVulnerabilityTree + } + justification + origin + collector } -fragment AllCveTree on CVE { - id - year - cveId +` + +func VulnEqual( + ctx context.Context, + client graphql.Client, + vulnerability VulnerabilityInputSpec, + otherVulnerability VulnerabilityInputSpec, + vulnEqual VulnEqualInputSpec, +) (*VulnEqualResponse, error) { + req := &graphql.Request{ + OpName: "VulnEqual", + Query: VulnEqual_Operation, + Variables: &__VulnEqualInput{ + Vulnerability: vulnerability, + OtherVulnerability: otherVulnerability, + VulnEqual: vulnEqual, + }, + } + var err error + + var data VulnEqualResponse + resp := &graphql.Response{Data: &data} + + err = client.MakeRequest( + ctx, + req, + resp, + ) + + return &data, err } -fragment AllGHSATree on GHSA { - id - ghsaId + +// The query or mutation executed by Vulnerabilities. +const Vulnerabilities_Operation = ` +query Vulnerabilities ($filter: VulnerabilitySpec!) { + vulnerabilities(vulnSpec: $filter) { + ... AllVulnerabilityTree + } } -fragment AllOSVTree on OSV { +fragment AllVulnerabilityTree on Vulnerability { id - osvId + type + vulnerabilityIDs { + id + vulnerabilityID + } } ` -func VexPackageAndOsv( +func Vulnerabilities( ctx context.Context, client graphql.Client, - pkg PkgInputSpec, - osv OSVInputSpec, - vexStatement VexStatementInputSpec, -) (*VexPackageAndOsvResponse, error) { + filter VulnerabilitySpec, +) (*VulnerabilitiesResponse, error) { req := &graphql.Request{ - OpName: "VexPackageAndOsv", - Query: VexPackageAndOsv_Operation, - Variables: &__VexPackageAndOsvInput{ - Pkg: pkg, - Osv: osv, - VexStatement: vexStatement, + OpName: "Vulnerabilities", + Query: Vulnerabilities_Operation, + Variables: &__VulnerabilitiesInput{ + Filter: filter, }, } var err error - var data VexPackageAndOsvResponse + var data VulnerabilitiesResponse resp := &graphql.Response{Data: &data} err = client.MakeRequest( diff --git a/pkg/assembler/clients/helpers/assembler.go b/pkg/assembler/clients/helpers/assembler.go index 485aac069b..e81a5cba9d 100644 --- a/pkg/assembler/clients/helpers/assembler.go +++ b/pkg/assembler/clients/helpers/assembler.go @@ -68,26 +68,10 @@ func GetAssembler(ctx context.Context, gqlclient graphql.Client) func([]assemble } } - cves := p.GetCVEs(ctx) - logger.Infof("assembling CVE: %v", len(cves)) - for _, v := range cves { - if err := ingestCVE(ctx, gqlclient, v); err != nil { - return err - } - } - - osvs := p.GetOSVs(ctx) - logger.Infof("assembling OSV: %v", len(osvs)) - for _, v := range osvs { - if err := ingestOSV(ctx, gqlclient, v); err != nil { - return err - } - } - - ghsas := p.GetGHSAs(ctx) - logger.Infof("assembling GHSA: %v", len(ghsas)) - for _, v := range ghsas { - if err := ingestGHSA(ctx, gqlclient, v); err != nil { + vulns := p.GetVulnerabilities(ctx) + logger.Infof("assembling Vulnerability: %v", len(vulns)) + for _, v := range vulns { + if err := ingestVulnerability(ctx, gqlclient, v); err != nil { return err } } @@ -127,9 +111,9 @@ func GetAssembler(ctx context.Context, gqlclient graphql.Client) func([]assemble } } - logger.Infof("assembling IsVuln: %v", len(p.IsVuln)) - for _, iv := range p.IsVuln { - if err := ingestIsVuln(ctx, gqlclient, iv); err != nil { + logger.Infof("assembling VulnEqual: %v", len(p.VulnEqual)) + for _, ve := range p.VulnEqual { + if err := ingestVulnEqual(ctx, gqlclient, ve); err != nil { return err } } @@ -214,18 +198,8 @@ func ingestBuilder(ctx context.Context, client graphql.Client, v *model.BuilderI return err } -func ingestCVE(ctx context.Context, client graphql.Client, v *model.CVEInputSpec) error { - _, err := model.IngestCVE(ctx, client, *v) - return err -} - -func ingestOSV(ctx context.Context, client graphql.Client, v *model.OSVInputSpec) error { - _, err := model.IngestOSV(ctx, client, *v) - return err -} - -func ingestGHSA(ctx context.Context, client graphql.Client, v *model.GHSAInputSpec) error { - _, err := model.IngestGHSA(ctx, client, *v) +func ingestVulnerability(ctx context.Context, client graphql.Client, v *model.VulnerabilityInputSpec) error { + _, err := model.IngestVulnerability(ctx, client, *v) return err } @@ -261,39 +235,19 @@ func ingestHasSlsa(ctx context.Context, client graphql.Client, v assembler.HasSl } func ingestCertifyVuln(ctx context.Context, client graphql.Client, cv assembler.CertifyVulnIngest) error { - if err := ValidateVulnerabilityInput(cv.OSV, cv.CVE, cv.GHSA, "certifyVulnerability"); err != nil { - return fmt.Errorf("input validation failed for certifyVulnerability: %w", err) - } - - if cv.OSV != nil { - _, err := model.CertifyOSV(ctx, client, *cv.Pkg, *cv.OSV, *cv.VulnData) - return err - } - if cv.CVE != nil { - _, err := model.CertifyCVE(ctx, client, *cv.Pkg, *cv.CVE, *cv.VulnData) - return err - } - if cv.GHSA != nil { - _, err := model.CertifyGHSA(ctx, client, *cv.Pkg, *cv.GHSA, *cv.VulnData) - return err - } - _, err := model.CertifyNoKnownVuln(ctx, client, *cv.Pkg, *cv.VulnData) + _, err := model.CertifyVulnPkg(ctx, client, *cv.Pkg, *cv.Vulnerability, *cv.VulnData) return err } -func ingestIsVuln(ctx context.Context, client graphql.Client, iv assembler.IsVulnIngest) error { - if iv.CVE != nil && iv.GHSA != nil { - return fmt.Errorf("unable to create IsVuln with both CVE and GHSA specified") +func ingestVulnEqual(ctx context.Context, client graphql.Client, ve assembler.VulnEqualIngest) error { + if ve.Vulnerability == nil { + return fmt.Errorf("unable to create VulnEqual without vulnerability") } - if iv.CVE == nil && iv.GHSA == nil { - return fmt.Errorf("unable to create IsVuln without either CVE or GHSA specified") + if ve.EqualVulnerability == nil { + return fmt.Errorf("unable to create VulnEqual without equal vulnerability") } - if iv.CVE != nil { - _, err := model.IsVulnerabilityCVE(ctx, client, *iv.OSV, *iv.CVE, *iv.IsVuln) - return err - } - _, err := model.IsVulnerabilityGHSA(ctx, client, *iv.OSV, *iv.GHSA, *iv.IsVuln) + _, err := model.VulnEqual(ctx, client, *ve.Vulnerability, *ve.EqualVulnerability, *ve.VulnEqual) return err } @@ -370,10 +324,6 @@ func ingestHasSBOM(ctx context.Context, client graphql.Client, hb assembler.HasS } func ingestVex(ctx context.Context, client graphql.Client, vi assembler.VexIngest) error { - if err := ValidateVulnerabilityInput(vi.OSV, vi.CVE, vi.GHSA, "VexIngest"); err != nil { - return fmt.Errorf("input validation failed for VexIngest: %w", err) - } - if vi.Artifact != nil && vi.Pkg != nil { return fmt.Errorf("unable to create VexIngest with both Pkg and Artifact specified") } @@ -382,51 +332,17 @@ func ingestVex(ctx context.Context, client graphql.Client, vi assembler.VexInges return fmt.Errorf("unable to create VexIngest without either Pkg or Artifact specified") } - if vi.CVE != nil { - if vi.Pkg != nil { - _, err := model.VexPackageAndCve(ctx, client, *vi.Pkg, *vi.CVE, *vi.VexData) - if err != nil { - return err - } - } - - if vi.Artifact != nil { - _, err := model.VexArtifactAndCve(ctx, client, *vi.Artifact, *vi.CVE, *vi.VexData) - if err != nil { - return err - } - } - } - - if vi.GHSA != nil { - if vi.Pkg != nil { - _, err := model.VEXPackageAndGhsa(ctx, client, *vi.Pkg, *vi.GHSA, *vi.VexData) - if err != nil { - return err - } - } - - if vi.Artifact != nil { - _, err := model.VexArtifactAndGhsa(ctx, client, *vi.Artifact, *vi.GHSA, *vi.VexData) - if err != nil { - return err - } + if vi.Pkg != nil { + _, err := model.CertifyVexPkg(ctx, client, *vi.Pkg, *vi.Vulnerability, *vi.VexData) + if err != nil { + return err } } - if vi.OSV != nil { - if vi.Pkg != nil { - _, err := model.VexPackageAndOsv(ctx, client, *vi.Pkg, *vi.OSV, *vi.VexData) - if err != nil { - return err - } - } - - if vi.Artifact != nil { - _, err := model.VexArtifactAndOsv(ctx, client, *vi.Artifact, *vi.OSV, *vi.VexData) - if err != nil { - return err - } + if vi.Artifact != nil { + _, err := model.CertifyVexArtifact(ctx, client, *vi.Artifact, *vi.Vulnerability, *vi.VexData) + if err != nil { + return err } } return nil @@ -472,21 +388,4 @@ func validatePackageSourceOrArtifactInput(pkg *model.PkgInputSpec, src *model.So return nil } -func ValidateVulnerabilityInput(osv *model.OSVInputSpec, cve *model.CVEInputSpec, ghsa *model.GHSAInputSpec, path string) error { - vulnDefined := 0 - if osv != nil { - vulnDefined = vulnDefined + 1 - } - if ghsa != nil { - vulnDefined = vulnDefined + 1 - } - if cve != nil { - vulnDefined = vulnDefined + 1 - } - if vulnDefined > 2 { - return fmt.Errorf("must specify at most one vulnerability (cve, osv, or ghsa) for %v", path) - } - return nil -} - // TODO(lumjjb): add more ingestion verbs as they come up diff --git a/pkg/assembler/clients/helpers/bulk.go b/pkg/assembler/clients/helpers/bulk.go index aba42286aa..38456d864f 100644 --- a/pkg/assembler/clients/helpers/bulk.go +++ b/pkg/assembler/clients/helpers/bulk.go @@ -81,38 +81,15 @@ func GetBulkAssembler(ctx context.Context, gqlclient graphql.Client) func([]asse return fmt.Errorf("ingestBuilders failed with error: %w", err) } - cves := p.GetCVEs(ctx) - logger.Infof("assembling CVE: %v", len(cves)) - var collectedCVEs []model.CVEInputSpec - collectedCVEs = make([]model.CVEInputSpec, 0) - for _, v := range cves { - collectedCVEs = append(collectedCVEs, *v) + vulns := p.GetVulnerabilities(ctx) + logger.Infof("assembling Vulnerability: %v", len(vulns)) + var collectedVulns []model.VulnerabilityInputSpec + collectedVulns = make([]model.VulnerabilityInputSpec, 0) + for _, v := range vulns { + collectedVulns = append(collectedVulns, *v) } - if err := ingestCVEs(ctx, gqlclient, collectedCVEs); err != nil { - return fmt.Errorf("ingestCVEs failed with error: %w", err) - } - - osvs := p.GetOSVs(ctx) - logger.Infof("assembling OSV: %v", len(osvs)) - var collectedOSVs []model.OSVInputSpec - collectedOSVs = make([]model.OSVInputSpec, 0) - for _, v := range osvs { - collectedOSVs = append(collectedOSVs, *v) - } - if err := ingestOSVs(ctx, gqlclient, collectedOSVs); err != nil { - return fmt.Errorf("ingestOSVs failed with error: %w", err) - } - - // TODO(pxp928): add bulk ingestion for ghsas - ghsas := p.GetGHSAs(ctx) - logger.Infof("assembling GHSA: %v", len(ghsas)) - var collectedGHSAs []model.GHSAInputSpec - collectedGHSAs = make([]model.GHSAInputSpec, 0) - for _, v := range ghsas { - collectedGHSAs = append(collectedGHSAs, *v) - } - if err := ingestGHSAs(ctx, gqlclient, collectedGHSAs); err != nil { - return fmt.Errorf("ingestGHSAs failed with error: %w", err) + if err := ingestVulnerabilities(ctx, gqlclient, collectedVulns); err != nil { + return fmt.Errorf("ingestVulnerabilities failed with error: %w", err) } logger.Infof("assembling CertifyScorecard: %v", len(p.CertifyScorecard)) @@ -144,9 +121,9 @@ func GetBulkAssembler(ctx context.Context, gqlclient graphql.Client) func([]asse } // TODO(pxp928): add bulk ingestion for IsVuln - logger.Infof("assembling IsVuln: %v", len(p.IsVuln)) - for _, iv := range p.IsVuln { - if err := ingestIsVuln(ctx, gqlclient, iv); err != nil { + logger.Infof("assembling VulnEqual: %v", len(p.VulnEqual)) + for _, iv := range p.VulnEqual { + if err := ingestVulnEqual(ctx, gqlclient, iv); err != nil { return fmt.Errorf("ingestIsVuln failed with error: %w", err) } @@ -246,26 +223,10 @@ func ingestBuilders(ctx context.Context, client graphql.Client, v []model.Builde return nil } -func ingestCVEs(ctx context.Context, client graphql.Client, v []model.CVEInputSpec) error { - _, err := model.IngestCVEs(ctx, client, v) - if err != nil { - return fmt.Errorf("ingestCVEs failed with error: %w", err) - } - return nil -} - -func ingestOSVs(ctx context.Context, client graphql.Client, v []model.OSVInputSpec) error { - _, err := model.IngestOSVs(ctx, client, v) - if err != nil { - return fmt.Errorf("ingestOSVs failed with error: %w", err) - } - return nil -} - -func ingestGHSAs(ctx context.Context, client graphql.Client, v []model.GHSAInputSpec) error { - _, err := model.IngestGHSAs(ctx, client, v) +func ingestVulnerabilities(ctx context.Context, client graphql.Client, v []model.VulnerabilityInputSpec) error { + _, err := model.IngestVulnerabilities(ctx, client, v) if err != nil { - return fmt.Errorf("ingestGHSAs failed with error: %w", err) + return fmt.Errorf("ingestVulnerabilities failed with error: %w", err) } return nil } diff --git a/pkg/assembler/clients/helpers/parallel.go b/pkg/assembler/clients/helpers/parallel.go index eaf47b3b8b..f9d38e46a9 100644 --- a/pkg/assembler/clients/helpers/parallel.go +++ b/pkg/assembler/clients/helpers/parallel.go @@ -83,34 +83,14 @@ func GetParallelAssembler(ctx context.Context, gqlclient graphql.Client) func([] logger.Infof("assembling Materials: %v", len(materials)) nouns.Go(func() error { return ingestArtifacts(errGroupNounCtx, gqlclient, materials) }) - cves := p.GetCVEs(errGroupNounCtx) - logger.Infof("assembling CVE: %v", len(cves)) - for _, v := range cves { + vulns := p.GetVulnerabilities(errGroupNounCtx) + logger.Infof("assembling Vulnerability: %v", len(vulns)) + for _, v := range vulns { if errGroupNounCtx.Err() != nil { break } v := v - nouns.Go(func() error { return ingestCVE(errGroupNounCtx, gqlclient, v) }) - } - - osvs := p.GetOSVs(errGroupNounCtx) - logger.Infof("assembling OSV: %v", len(osvs)) - for _, v := range osvs { - if errGroupNounCtx.Err() != nil { - break - } - v := v - nouns.Go(func() error { return ingestOSV(errGroupNounCtx, gqlclient, v) }) - } - - ghsas := p.GetGHSAs(errGroupNounCtx) - logger.Infof("assembling GHSA: %v", len(ghsas)) - for _, v := range ghsas { - if errGroupNounCtx.Err() != nil { - break - } - v := v - nouns.Go(func() error { return ingestGHSA(errGroupNounCtx, gqlclient, v) }) + nouns.Go(func() error { return ingestVulnerability(errGroupNounCtx, gqlclient, v) }) } } @@ -170,13 +150,13 @@ func GetParallelAssembler(ctx context.Context, gqlclient graphql.Client) func([] verbs.Go(func() error { return ingestCertifyVuln(errGroupVerbCtx, gqlclient, cv) }) } - logger.Infof("assembling IsVuln: %v", len(p.IsVuln)) - for _, iv := range p.IsVuln { + logger.Infof("assembling VulnEqual: %v", len(p.VulnEqual)) + for _, iv := range p.VulnEqual { if errGroupVerbCtx.Err() != nil { break } iv := iv - verbs.Go(func() error { return ingestIsVuln(errGroupVerbCtx, gqlclient, iv) }) + verbs.Go(func() error { return ingestVulnEqual(errGroupVerbCtx, gqlclient, iv) }) } logger.Infof("assembling HasSourceAt: %v", len(p.HasSourceAt)) diff --git a/pkg/assembler/clients/operations/certifyVEXStatement.graphql b/pkg/assembler/clients/operations/certifyVEXStatement.graphql index 5b36343ceb..be3da2b233 100644 --- a/pkg/assembler/clients/operations/certifyVEXStatement.graphql +++ b/pkg/assembler/clients/operations/certifyVEXStatement.graphql @@ -17,38 +17,14 @@ # Defines the GraphQL operations to ingest VEX statements into GUAC -mutation VexPackageAndCve($pkg: PkgInputSpec!, $cve: CVEInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package: $pkg}, vulnerability: {cve: $cve}, vexStatement: $vexStatement) { +mutation CertifyVexPkg($pkg: PkgInputSpec!, $vulnerability: VulnerabilityInputSpec!, $vexStatement: VexStatementInputSpec!) { + ingestVEXStatement(subject: {package: $pkg}, vulnerability: $vulnerability, vexStatement: $vexStatement) { ...AllCertifyVEXStatement } } -mutation VEXPackageAndGhsa($pkg: PkgInputSpec!, $ghsa: GHSAInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package: $pkg}, vulnerability: {ghsa: $ghsa}, vexStatement: $vexStatement) { - ...AllCertifyVEXStatement - } -} - -mutation VexPackageAndOsv($pkg: PkgInputSpec!, $osv: OSVInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {package: $pkg}, vulnerability: {osv: $osv}, vexStatement: $vexStatement) { - ...AllCertifyVEXStatement - } -} - -mutation VexArtifactAndCve($artifact: ArtifactInputSpec!, $cve: CVEInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact: $artifact}, vulnerability: {cve: $cve}, vexStatement: $vexStatement) { - ...AllCertifyVEXStatement - } -} - -mutation VexArtifactAndGhsa($artifact: ArtifactInputSpec!, $ghsa: GHSAInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact: $artifact}, vulnerability: {ghsa: $ghsa}, vexStatement: $vexStatement) { - ...AllCertifyVEXStatement - } -} - -mutation VexArtifactAndOsv($artifact: ArtifactInputSpec!, $osv: OSVInputSpec!, $vexStatement: VexStatementInputSpec!) { - ingestVEXStatement(subject: {artifact: $artifact}, vulnerability: {osv: $osv}, vexStatement: $vexStatement) { +mutation CertifyVexArtifact($artifact: ArtifactInputSpec!, $vulnerability: VulnerabilityInputSpec!, $vexStatement: VexStatementInputSpec!) { + ingestVEXStatement(subject: {artifact: $artifact}, vulnerability: $vulnerability,, vexStatement: $vexStatement) { ...AllCertifyVEXStatement } } diff --git a/pkg/assembler/clients/operations/certifyVuln.graphql b/pkg/assembler/clients/operations/certifyVuln.graphql index 7af1f7e3eb..4675d23e6b 100644 --- a/pkg/assembler/clients/operations/certifyVuln.graphql +++ b/pkg/assembler/clients/operations/certifyVuln.graphql @@ -17,26 +17,8 @@ # Defines the GraphQL operations to ingest a vulnerability certification into GUAC -mutation CertifyOSV($pkg: PkgInputSpec!, $osv: OSVInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {osv: $osv}, certifyVuln: $certifyVuln) { - ...AllCertifyVuln - } -} - -mutation CertifyCVE($pkg: PkgInputSpec!, $cve: CVEInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {cve: $cve}, certifyVuln: $certifyVuln) { - ...AllCertifyVuln - } -} - -mutation CertifyGHSA($pkg: PkgInputSpec!, $ghsa: GHSAInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {ghsa: $ghsa}, certifyVuln: $certifyVuln) { - ...AllCertifyVuln - } -} - -mutation CertifyNoKnownVuln($pkg: PkgInputSpec!, $certifyVuln: VulnerabilityMetaDataInput!) { - ingestVulnerability(pkg: $pkg, vulnerability: {noVuln: true}, certifyVuln: $certifyVuln) { +mutation CertifyVulnPkg($pkg: PkgInputSpec!, $vulnerability: VulnerabilityInputSpec!, $certifyVuln: ScanMetadataInput!) { + ingestCertifyVuln(pkg: $pkg, vulnerability: $vulnerability, certifyVuln: $certifyVuln) { ...AllCertifyVuln } } diff --git a/pkg/assembler/clients/operations/isVulnerability.graphql b/pkg/assembler/clients/operations/isVulnerability.graphql deleted file mode 100644 index f04d366e6e..0000000000 --- a/pkg/assembler/clients/operations/isVulnerability.graphql +++ /dev/null @@ -1,30 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines the GraphQL operations to ingest a isVulnerability into GUAC - -mutation IsVulnerabilityCVE($osv: OSVInputSpec!, $cve: CVEInputSpec!, $isVulnerability: IsVulnerabilityInputSpec!) { - ingestIsVulnerability(osv: $osv, vulnerability: {cve: $cve}, isVulnerability: $isVulnerability) { - ...AllIsVulnerability - } -} - -mutation IsVulnerabilityGHSA($osv: OSVInputSpec!, $ghsa: GHSAInputSpec!, $isVulnerability: IsVulnerabilityInputSpec!) { - ingestIsVulnerability(osv: $osv, vulnerability: {ghsa: $ghsa}, isVulnerability: $isVulnerability) { - ...AllIsVulnerability - } -} diff --git a/pkg/assembler/clients/operations/osv.graphql b/pkg/assembler/clients/operations/osv.graphql deleted file mode 100644 index bd10b1d0b6..0000000000 --- a/pkg/assembler/clients/operations/osv.graphql +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Ingest OSV - -mutation IngestOSV($osv: OSVInputSpec!) { - ingestOSV(osv: $osv) { - ...AllOSVTree - } -} - -# Bulk Ingest OSV - -mutation IngestOSVs($osvs: [OSVInputSpec!]!) { - ingestOSVs(osvs: $osvs) { - ...AllOSVTree - } -} - -# Exposes GraphQL queries to retrieve GUAC OSVs - -query OSVs($filter: OSVSpec!) { - osv(osvSpec: $filter) { - ...AllOSVTree - } -} diff --git a/pkg/assembler/clients/operations/path.graphql b/pkg/assembler/clients/operations/path.graphql index bc9eedf64e..ce02e50b37 100644 --- a/pkg/assembler/clients/operations/path.graphql +++ b/pkg/assembler/clients/operations/path.graphql @@ -32,17 +32,8 @@ query Path($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge! ... on Builder { ...AllBuilderTree } - ... on OSV { - ...AllOSVTree - } - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ...AllVulnerabilityTree } ... on CertifyScorecard { ...AllCertifyScorecard @@ -80,8 +71,8 @@ query Path($subject: ID!, $target: ID!, $maxPathLength: Int!, $usingOnly: [Edge! ... on CertifyVuln { ...AllCertifyVuln } - ... on IsVulnerability { - ...AllIsVulnerability + ... on VulnEqual { + ...AllVulnEqual } ... on CertifyVEXStatement { ...AllCertifyVEXStatement @@ -107,17 +98,8 @@ query Neighbors($node: ID!, $usingOnly: [Edge!]!) { ... on Builder { ...AllBuilderTree } - ... on OSV { - ...AllOSVTree - } - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ...AllVulnerabilityTree } ... on CertifyScorecard { ...AllCertifyScorecard @@ -155,8 +137,8 @@ query Neighbors($node: ID!, $usingOnly: [Edge!]!) { ... on CertifyVuln { ...AllCertifyVuln } - ... on IsVulnerability { - ...AllIsVulnerability + ... on VulnEqual { + ...AllVulnEqual } ... on CertifyVEXStatement { ...AllCertifyVEXStatement @@ -182,17 +164,8 @@ query Node($node: ID!) { ... on Builder { ...AllBuilderTree } - ... on OSV { - ...AllOSVTree - } - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ...AllVulnerabilityTree } ... on CertifyScorecard { ...AllCertifyScorecard @@ -230,8 +203,8 @@ query Node($node: ID!) { ... on CertifyVuln { ...AllCertifyVuln } - ... on IsVulnerability { - ...AllIsVulnerability + ... on VulnEqual { + ...AllVulnEqual } ... on CertifyVEXStatement { ...AllCertifyVEXStatement @@ -257,17 +230,8 @@ query Nodes($nodes: [ID!]!) { ... on Builder { ...AllBuilderTree } - ... on OSV { - ...AllOSVTree - } - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } - ... on NoVuln { - id + ... on Vulnerability { + ...AllVulnerabilityTree } ... on CertifyScorecard { ...AllCertifyScorecard @@ -305,8 +269,8 @@ query Nodes($nodes: [ID!]!) { ... on CertifyVuln { ...AllCertifyVuln } - ... on IsVulnerability { - ...AllIsVulnerability + ... on VulnEqual { + ...AllVulnEqual } ... on CertifyVEXStatement { ...AllCertifyVEXStatement diff --git a/pkg/assembler/clients/operations/trees.graphql b/pkg/assembler/clients/operations/trees.graphql index bafad388ac..9da8e67b57 100644 --- a/pkg/assembler/clients/operations/trees.graphql +++ b/pkg/assembler/clients/operations/trees.graphql @@ -67,20 +67,13 @@ fragment AllBuilderTree on Builder { uri } -fragment AllCveTree on CVE { +fragment AllVulnerabilityTree on Vulnerability { id - year - cveId -} - -fragment AllGHSATree on GHSA { - id - ghsaId -} - -fragment AllOSVTree on OSV { - id - osvId + type + vulnerabilityIDs { + id + vulnerabilityID + } } fragment AllCertifyScorecard on CertifyScorecard { @@ -249,19 +242,7 @@ fragment AllCertifyVuln on CertifyVuln { ...AllPkgTree } vulnerability { - __typename - ... on CVE { - ...AllCveTree - } - ... on OSV { - ...AllOSVTree - } - ... on GHSA { - ...AllGHSATree - } - ... on NoVuln { - id - } + ...AllVulnerabilityTree } metadata { dbUri @@ -284,19 +265,10 @@ fragment AllPkgEqual on PkgEqual { collector } -fragment AllIsVulnerability on IsVulnerability { +fragment AllVulnEqual on VulnEqual { id - osv { - ...AllOSVTree - } - vulnerability { - __typename - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } + vulnerabilities { + ...AllVulnerabilityTree } justification origin @@ -315,16 +287,7 @@ fragment AllCertifyVEXStatement on CertifyVEXStatement { } } vulnerability { - __typename - ... on CVE { - ...AllCveTree - } - ... on GHSA { - ...AllGHSATree - } - ... on OSV { - ...AllOSVTree - } + ...AllVulnerabilityTree } status vexJustification diff --git a/pkg/assembler/clients/operations/ghsa.graphql b/pkg/assembler/clients/operations/vulnEqual.graphql similarity index 55% rename from pkg/assembler/clients/operations/ghsa.graphql rename to pkg/assembler/clients/operations/vulnEqual.graphql index 258d65e145..55c4f5797c 100644 --- a/pkg/assembler/clients/operations/ghsa.graphql +++ b/pkg/assembler/clients/operations/vulnEqual.graphql @@ -15,26 +15,16 @@ # NOTE: This is experimental and might change in the future! -# Ingest GHSA +# Defines the GraphQL operations to certify that two vulnerabilities are identical -mutation IngestGHSA($ghsa: GHSAInputSpec!) { - ingestGHSA(ghsa: $ghsa) { - ...AllGHSATree +mutation VulnEqual($vulnerability: VulnerabilityInputSpec!, $otherVulnerability: VulnerabilityInputSpec!, $vulnEqual: VulnEqualInputSpec!) { + vuln: ingestVulnerability(vuln: $vulnerability) { + ...AllVulnerabilityTree } -} - -# Bulk Ingest GHSA - -mutation IngestGHSAs($ghsas: [GHSAInputSpec!]!) { - ingestGHSAs(ghsas: $ghsas) { - ...AllGHSATree + otherVuln: ingestVulnerability(vuln: $otherVulnerability) { + ...AllVulnerabilityTree } -} - -# Exposes GraphQL queries to retrieve GUAC GHSAs - -query GHSAs($filter: GHSASpec!) { - ghsa(ghsaSpec: $filter) { - ...AllGHSATree + ingestVulnEqual(vulnerability: $vulnerability, otherVulnerability: $otherVulnerability, vulnEqual: $vulnEqual) { + ...AllVulnEqual } } diff --git a/pkg/assembler/clients/operations/cve.graphql b/pkg/assembler/clients/operations/vulnerability.graphql similarity index 57% rename from pkg/assembler/clients/operations/cve.graphql rename to pkg/assembler/clients/operations/vulnerability.graphql index d55aa5124c..fb5cda6def 100644 --- a/pkg/assembler/clients/operations/cve.graphql +++ b/pkg/assembler/clients/operations/vulnerability.graphql @@ -15,26 +15,26 @@ # NOTE: This is experimental and might change in the future! -# Ingest CVE +# Ingest Vulnerability -mutation IngestCVE($cve: CVEInputSpec!) { - ingestCVE(cve: $cve) { - ...AllCveTree +mutation IngestVulnerability($vuln: VulnerabilityInputSpec!) { + ingestVulnerability(vuln: $vuln) { + ...AllVulnerabilityTree } } -# Bulk Ingest CVE +# Bulk Ingest Vulnerability -mutation IngestCVEs($cves: [CVEInputSpec!]!) { - ingestCVEs(cves: $cves) { - ...AllCveTree +mutation IngestVulnerabilities($vulns: [VulnerabilityInputSpec!]!) { + ingestVulnerabilities(vulns: $vulns) { + ...AllVulnerabilityTree } } -# Exposes GraphQL queries to retrieve GUAC CVEs +# Exposes GraphQL queries to retrieve GUAC vulnerabilities -query CVEs($filter: CVESpec!) { - cve(cveSpec: $filter) { - ...AllCveTree +query Vulnerabilities($filter: VulnerabilitySpec!) { + vulnerabilities(vulnSpec: $filter) { + ...AllVulnerabilityTree } } diff --git a/pkg/assembler/graphql/examples/certify_vex.gql b/pkg/assembler/graphql/examples/certify_vex.gql index 3028646c95..9edccc717f 100644 --- a/pkg/assembler/graphql/examples/certify_vex.gql +++ b/pkg/assembler/graphql/examples/certify_vex.gql @@ -30,19 +30,11 @@ fragment allCertifyVEXStatementTree on CertifyVEXStatement { } } vulnerability { - __typename - ... on CVE { - id - year - cveId - } - ... on OSV { + id + type + vulnerabilityIDs { id - osvId - } - ... on GHSA { - id - ghsaId + vulnerabilityID } } status @@ -67,50 +59,65 @@ query CertifyVEXStatementQ2 { } query CertifyVEXStatementQ3 { - CertifyVEXStatement(certifyVEXStatementSpec: {subject: {package: {name: "openssl"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {subject: {package: {name: "openssl"}}} + ) { ...allCertifyVEXStatementTree } } - query CertifyVEXStatementQ4 { - CertifyVEXStatement(certifyVEXStatementSpec: {subject: {artifact: {algorithm: "sha256", digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {subject: {artifact: {algorithm: "sha256", digest: "6bbb0da1891646e58eb3e6a63af3a6fc3c8eb5a0d44824cba581d2e14a0450cf"}}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ5 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {cve: {cveId: "CVE-2019-13110"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "CVE-2019-13110"}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ6 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {ghsa: {ghsaId: "GHSA-h45f-rjvw-2rv2"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "GHSA-h45f-rjvw-2rv2"}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ7 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {cve: {cveId: "CVE-2018-43610"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "CVE-2018-43610"}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ8 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {ghsa: {ghsaId: "GHSA-hj5f-4gvw-4rv2"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "GHSA-hj5f-4gvw-4rv2"}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ9 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {osv: {osvId: "cve-2019-14750"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "cve-2019-14750"}} + ) { ...allCertifyVEXStatementTree } } query CertifyVEXStatementQ10 { - CertifyVEXStatement(certifyVEXStatementSpec: {vulnerability: {osv: {osvId: "cve-2018-15710"}}}) { + CertifyVEXStatement( + certifyVEXStatementSpec: {vulnerability: {vulnerabilityID: "cve-2018-15710"}} + ) { ...allCertifyVEXStatementTree } } diff --git a/pkg/assembler/graphql/examples/certify_vuln.gql b/pkg/assembler/graphql/examples/certify_vuln.gql index 323c629096..f65e5bb6df 100644 --- a/pkg/assembler/graphql/examples/certify_vuln.gql +++ b/pkg/assembler/graphql/examples/certify_vuln.gql @@ -1,43 +1,32 @@ fragment allCertifyVulnTree on CertifyVuln { id package { + id + type + namespaces { id - type - namespaces { + namespace + names { id - namespace - names { + name + versions { id - name - versions { - id - version - qualifiers { - key - value - } - subpath + version + qualifiers { + key + value } + subpath } } } + } vulnerability { - __typename - ... on CVE { - id - year - cveId - } - ... on OSV { - id - osvId - } - ... on GHSA { - id - ghsaId - } - ... on NoVuln { + id + type + vulnerabilityIDs { id + vulnerabilityID } } metadata { @@ -76,20 +65,21 @@ query CertifyVulnQ4 { } query CertifyVulnQ5 { - CertifyVuln(certifyVulnSpec: {vulnerability: {cve: {cveId: "CVE-2019-13110"}}}) { + CertifyVuln(certifyVulnSpec: {vulnerability: {vulnerabilityID: "CVE-2019-13110"}}) { ...allCertifyVulnTree } } - query CertifyVulnQ6 { - CertifyVuln(certifyVulnSpec: {vulnerability: {ghsa: {ghsaId: "GHSA-h45f-rjvw-2rv2"}}}) { + CertifyVuln( + certifyVulnSpec: {vulnerability: {vulnerabilityID: "GHSA-h45f-rjvw-2rv2"}} + ) { ...allCertifyVulnTree } } query CertifyVulnQ7 { - CertifyVuln(certifyVulnSpec: {vulnerability: {osv: {osvId: "CVE-2019-13110"}}}) { + CertifyVuln(certifyVulnSpec: {vulnerability: {type: "osv", vulnerabilityID: "CVE-2019-13110"}}) { ...allCertifyVulnTree } } diff --git a/pkg/assembler/graphql/examples/cve_ghsa_osv.gql b/pkg/assembler/graphql/examples/cve_ghsa_osv.gql deleted file mode 100644 index 662b50fbf2..0000000000 --- a/pkg/assembler/graphql/examples/cve_ghsa_osv.gql +++ /dev/null @@ -1,99 +0,0 @@ -fragment allCveTree on CVE { - id - year - cveId -} - -fragment allGHSATree on GHSA { - id - ghsaId -} - -fragment allOSVTree on OSV { - id - osvId -} - -query CVEQ1 { - cve(cveSpec: {}) { - ...allCveTree - } -} - -query CVEQ2 { - cve(cveSpec: {year: 2014}) { - ...allCveTree - } -} - -query CVEQ3 { - cve(cveSpec: {cveId: "CVE-2014-8139"}) { - ...allCveTree - } -} - -query CVEQ4 { - cve(cveSpec: {year: 2014, cveId: "CVE-2014-8140"}) { - ...allCveTree - } -} - -mutation CVEM1 { - ingestCVE(cve: {year: 2023, cveId: "CVE-2023-12345"}) { - ...allCveTree - } -} - -mutation CVEM2 { - ingestCVE(cve: {year: 2032, cveId: "cve-2032-12345"}) { - ...allCveTree - } -} - -query GHSAQ1 { - ghsa(ghsaSpec: {}) { - ...allGHSATree - } -} - -query GHSAQ2 { - ghsa(ghsaSpec: {ghsaId: "GHSA-h45f-rjvw-2rv2"}) { - ...allGHSATree - } -} - -mutation GHSAM1 { - ingestGHSA(ghsa: {ghsaId: "GHSA-abcd-efgh-1234"}) { - ...allGHSATree - } -} - -query OSVQ1 { - osv(osvSpec: {}) { - ...allOSVTree - } -} - -query OSVQ2 { - osv(osvSpec: {osvId: "CVE-2014-8139"}) { - ...allOSVTree - } -} - -query OSVQ3 { - osv(osvSpec: {osvId: "ghsa-h45f-rjvw-2rv2"}) { - ...allOSVTree - } -} - -mutation OSVM1 { - ingestOSV(osv: {osvId: "GHSA-abcd-efgh-1234"}) { - ...allOSVTree - } -} - -mutation OSVM2 { - ingestOSV(osv: {osvId: "CVE-2023-12345"}) { - ...allOSVTree - } -} diff --git a/pkg/assembler/graphql/examples/is_vulnerability.gql b/pkg/assembler/graphql/examples/is_vulnerability.gql deleted file mode 100644 index b9b752692d..0000000000 --- a/pkg/assembler/graphql/examples/is_vulnerability.gql +++ /dev/null @@ -1,58 +0,0 @@ -fragment allIsVulnerabilityTree on IsVulnerability { - id - osv { - id - osvId - } - vulnerability { - __typename - ... on CVE { - id - year - cveId - } - ... on GHSA { - id - ghsaId - } - } - justification - origin - collector -} - -query IsVulnerabilityQ1 { - IsVulnerability(isVulnerabilitySpec: {}) { - ...allIsVulnerabilityTree - } -} - -query IsVulnerabilityQ2 { - IsVulnerability(isVulnerabilitySpec: {origin: "testing backend"}) { - ...allIsVulnerabilityTree - } -} - -query IsVulnerabilityQ3 { - IsVulnerability(isVulnerabilitySpec: {osv: {osvId: "GHSA-h45f-rjvw-2rv2"}}) { - ...allIsVulnerabilityTree - } -} - -query IsVulnerabilityQ4 { - IsVulnerability(isVulnerabilitySpec: {osv: {osvId: "CVE-2019-13110"}}) { - ...allIsVulnerabilityTree - } -} - -query IsVulnerabilityQ5 { - IsVulnerability(isVulnerabilitySpec: {vulnerability: {cve: {cveId: "CVE-2019-13110"}}}) { - ...allIsVulnerabilityTree - } -} - -query IsVulnerabilityQ6 { - IsVulnerability(isVulnerabilitySpec: {vulnerability: {ghsa: {ghsaId: "GHSA-h45f-rjvw-2rv2"}}}) { - ...allIsVulnerabilityTree - } -} diff --git a/pkg/assembler/graphql/examples/vulnEqual.gql b/pkg/assembler/graphql/examples/vulnEqual.gql new file mode 100644 index 0000000000..9a5439127b --- /dev/null +++ b/pkg/assembler/graphql/examples/vulnEqual.gql @@ -0,0 +1,38 @@ +fragment allVulnEqualTree on VulnEqual { + id + vulnerabilities { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } + } + justification + origin + collector +} + +query IsVulnerabilityQ1 { + vulnEqual(vulnEqualSpec: {}) { + ...allVulnEqualTree + } +} + +query IsVulnerabilityQ2 { + vulnEqual(vulnEqualSpec: {origin: "testing backend"}) { + ...allVulnEqualTree + } +} + +query IsVulnerabilityQ3 { + vulnEqual(vulnEqualSpec: {vulnerabilities: {vulnerabilityID: "GHSA-h45f-rjvw-2rv2"}}) { + ...allVulnEqualTree + } +} + +query IsVulnerabilityQ4 { + vulnEqual(vulnEqualSpec: {vulnerabilities: {vulnerabilityID: "CVE-2019-13110"}}) { + ...allVulnEqualTree + } +} diff --git a/pkg/assembler/graphql/examples/vulnerability.gql b/pkg/assembler/graphql/examples/vulnerability.gql new file mode 100644 index 0000000000..df1e094814 --- /dev/null +++ b/pkg/assembler/graphql/examples/vulnerability.gql @@ -0,0 +1,92 @@ +fragment allVulnerabilityTree on Vulnerability { + id + type + vulnerabilityIDs { + id + vulnerabilityID + } +} + +query CVEQ1 { + vulnerabilities(vulnSpec: {}) { + ...allVulnerabilityTree + } +} + +query CVEQ2 { + vulnerabilities(vulnSpec: {type: "cve"}) { + ...allVulnerabilityTree + } +} + +query CVEQ3 { + vulnerabilities(vulnSpec: {vulnerabilityID: "CVE-2014-8139"}) { + ...allVulnerabilityTree + } +} + +query CVEQ4 { + vulnerabilities(vulnSpec: {type: "cve", vulnerabilityID: "CVE-2014-8140"}) { + ...allVulnerabilityTree + } +} + +mutation CVEM1 { + ingestVulnerability(vuln: {type: "cve", vulnerabilityID: "CVE-2023-12345"}) { + ...allVulnerabilityTree + } +} + +mutation CVEM2 { + ingestVulnerability(vuln: {type: "cve", vulnerabilityID: "cve-2032-12345"}) { + ...allVulnerabilityTree + } +} + +query GHSAQ1 { + vulnerabilities(vulnSpec: {type: "ghsa"}) { + ...allVulnerabilityTree + } +} + +query GHSAQ2 { + vulnerabilities(vulnSpec: {vulnerabilityID: "GHSA-h45f-rjvw-2rv2"}) { + ...allVulnerabilityTree + } +} + +mutation GHSAM1 { + ingestVulnerability(vuln: {type: "ghsa", vulnerabilityID: "GHSA-abcd-efgh-1234"}) { + ...allVulnerabilityTree + } +} + +query OSVQ1 { + vulnerabilities(vulnSpec: {type: "osv"}) { + ...allVulnerabilityTree + } +} + +query OSVQ2 { + vulnerabilities(vulnSpec: {type: "osv", vulnerabilityID: "CVE-2014-8139"}) { + ...allVulnerabilityTree + } +} + +query OSVQ3 { + vulnerabilities(vulnSpec: {vulnerabilityID: "ghsa-h45f-rjvw-2rv2"}) { + ...allVulnerabilityTree + } +} + +mutation OSVM1 { + ingestVulnerability(vuln: {type: "osv", vulnerabilityID: "GHSA-abcd-efgh-1234"}) { + ...allVulnerabilityTree + } +} + +mutation OSVM2 { + ingestVulnerability(vuln: {type: "osv", vulnerabilityID: "CVE-2023-12345"}) { + ...allVulnerabilityTree + } +} diff --git a/pkg/assembler/graphql/generated/artifact.generated.go b/pkg/assembler/graphql/generated/artifact.generated.go index 9d12de4f82..b628c9cd7f 100644 --- a/pkg/assembler/graphql/generated/artifact.generated.go +++ b/pkg/assembler/graphql/generated/artifact.generated.go @@ -29,13 +29,9 @@ type MutationResolver interface { IngestCertifyGoods(ctx context.Context, subjects model.PackageSourceOrArtifactInputs, pkgMatchType model.MatchFlags, certifyGoods []*model.CertifyGoodInputSpec) ([]*model.CertifyGood, error) IngestScorecard(ctx context.Context, source model.SourceInputSpec, scorecard model.ScorecardInputSpec) (*model.CertifyScorecard, error) IngestScorecards(ctx context.Context, sources []*model.SourceInputSpec, scorecards []*model.ScorecardInputSpec) ([]*model.CertifyScorecard, error) - IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) - IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) + IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) + IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) IngestPointOfContact(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, pointOfContact model.PointOfContactInputSpec) (*model.PointOfContact, error) - IngestCve(ctx context.Context, cve *model.CVEInputSpec) (*model.Cve, error) - IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) - IngestGhsa(ctx context.Context, ghsa *model.GHSAInputSpec) (*model.Ghsa, error) - IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) IngestHasSbom(ctx context.Context, subject model.PackageOrArtifactInput, hasSbom model.HasSBOMInputSpec) (*model.HasSbom, error) IngestHasSBOMs(ctx context.Context, subjects model.PackageOrArtifactInputs, hasSBOMs []*model.HasSBOMInputSpec) ([]*model.HasSbom, error) IngestSlsa(ctx context.Context, subject model.ArtifactInputSpec, builtFrom []*model.ArtifactInputSpec, builtBy model.BuilderInputSpec, slsa model.SLSAInputSpec) (*model.HasSlsa, error) @@ -47,15 +43,15 @@ type MutationResolver interface { IngestDependencies(ctx context.Context, pkgs []*model.PkgInputSpec, depPkgs []*model.PkgInputSpec, dependencies []*model.IsDependencyInputSpec) ([]*model.IsDependency, error) IngestOccurrence(ctx context.Context, subject model.PackageOrSourceInput, artifact model.ArtifactInputSpec, occurrence model.IsOccurrenceInputSpec) (*model.IsOccurrence, error) IngestOccurrences(ctx context.Context, subjects model.PackageOrSourceInputs, artifacts []*model.ArtifactInputSpec, occurrences []*model.IsOccurrenceInputSpec) ([]*model.IsOccurrence, error) - IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) IngestHasMetadata(ctx context.Context, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, hasMetadata model.HasMetadataInputSpec) (*model.HasMetadata, error) - IngestOsv(ctx context.Context, osv *model.OSVInputSpec) (*model.Osv, error) - IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) IngestPackage(ctx context.Context, pkg model.PkgInputSpec) (*model.Package, error) IngestPackages(ctx context.Context, pkgs []*model.PkgInputSpec) ([]*model.Package, error) IngestPkgEqual(ctx context.Context, pkg model.PkgInputSpec, otherPackage model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) (*model.PkgEqual, error) IngestSource(ctx context.Context, source model.SourceInputSpec) (*model.Source, error) IngestSources(ctx context.Context, sources []*model.SourceInputSpec) ([]*model.Source, error) + IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) + IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) + IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) } type QueryResolver interface { Artifacts(ctx context.Context, artifactSpec model.ArtifactSpec) ([]*model.Artifact, error) @@ -66,17 +62,13 @@ type QueryResolver interface { CertifyVEXStatement(ctx context.Context, certifyVEXStatementSpec model.CertifyVEXStatementSpec) ([]*model.CertifyVEXStatement, error) CertifyVuln(ctx context.Context, certifyVulnSpec model.CertifyVulnSpec) ([]*model.CertifyVuln, error) PointOfContact(ctx context.Context, pointOfContactSpec model.PointOfContactSpec) ([]*model.PointOfContact, error) - Cve(ctx context.Context, cveSpec model.CVESpec) ([]*model.Cve, error) - Ghsa(ctx context.Context, ghsaSpec model.GHSASpec) ([]*model.Ghsa, error) HasSbom(ctx context.Context, hasSBOMSpec model.HasSBOMSpec) ([]*model.HasSbom, error) HasSlsa(ctx context.Context, hasSLSASpec model.HasSLSASpec) ([]*model.HasSlsa, error) HasSourceAt(ctx context.Context, hasSourceAtSpec model.HasSourceAtSpec) ([]*model.HasSourceAt, error) HashEqual(ctx context.Context, hashEqualSpec model.HashEqualSpec) ([]*model.HashEqual, error) IsDependency(ctx context.Context, isDependencySpec model.IsDependencySpec) ([]*model.IsDependency, error) IsOccurrence(ctx context.Context, isOccurrenceSpec model.IsOccurrenceSpec) ([]*model.IsOccurrence, error) - IsVulnerability(ctx context.Context, isVulnerabilitySpec model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) HasMetadata(ctx context.Context, hasMetadataSpec model.HasMetadataSpec) ([]*model.HasMetadata, error) - Osv(ctx context.Context, osvSpec model.OSVSpec) ([]*model.Osv, error) Packages(ctx context.Context, pkgSpec model.PkgSpec) ([]*model.Package, error) Path(ctx context.Context, subject string, target string, maxPathLength int, usingOnly []model.Edge) ([]model.Node, error) Neighbors(ctx context.Context, node string, usingOnly []model.Edge) ([]model.Node, error) @@ -85,6 +77,8 @@ type QueryResolver interface { PkgEqual(ctx context.Context, pkgEqualSpec model.PkgEqualSpec) ([]*model.PkgEqual, error) FindSoftware(ctx context.Context, searchText string) ([]model.PackageSourceOrArtifact, error) Sources(ctx context.Context, sourceSpec model.SourceSpec) ([]*model.Source, error) + VulnEqual(ctx context.Context, vulnEqualSpec model.VulnEqualSpec) ([]*model.VulnEqual, error) + Vulnerabilities(ctx context.Context, vulnSpec model.VulnerabilitySpec) ([]*model.Vulnerability, error) } // endregion ************************** generated!.gotpl ************************** @@ -151,36 +145,6 @@ func (ec *executionContext) field_Mutation_ingestBuilders_args(ctx context.Conte return args, nil } -func (ec *executionContext) field_Mutation_ingestCVE_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 *model.CVEInputSpec - if tmp, ok := rawArgs["cve"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cve")) - arg0, err = ec.unmarshalOCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["cve"] = arg0 - return args, nil -} - -func (ec *executionContext) field_Mutation_ingestCVEs_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 []*model.CVEInputSpec - if tmp, ok := rawArgs["cves"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cves")) - arg0, err = ec.unmarshalNCVEInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpecᚄ(ctx, tmp) - if err != nil { - return nil, err - } - } - args["cves"] = arg0 - return args, nil -} - func (ec *executionContext) field_Mutation_ingestCertifyBad_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -313,6 +277,39 @@ func (ec *executionContext) field_Mutation_ingestCertifyGoods_args(ctx context.C return args, nil } +func (ec *executionContext) field_Mutation_ingestCertifyVuln_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { + var err error + args := map[string]interface{}{} + var arg0 model.PkgInputSpec + if tmp, ok := rawArgs["pkg"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pkg")) + arg0, err = ec.unmarshalNPkgInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPkgInputSpec(ctx, tmp) + if err != nil { + return nil, err + } + } + args["pkg"] = arg0 + var arg1 model.VulnerabilityInputSpec + if tmp, ok := rawArgs["vulnerability"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) + arg1, err = ec.unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, tmp) + if err != nil { + return nil, err + } + } + args["vulnerability"] = arg1 + var arg2 model.ScanMetadataInput + if tmp, ok := rawArgs["certifyVuln"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("certifyVuln")) + arg2, err = ec.unmarshalNScanMetadataInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐScanMetadataInput(ctx, tmp) + if err != nil { + return nil, err + } + } + args["certifyVuln"] = arg2 + return args, nil +} + func (ec *executionContext) field_Mutation_ingestDependencies_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -379,36 +376,6 @@ func (ec *executionContext) field_Mutation_ingestDependency_args(ctx context.Con return args, nil } -func (ec *executionContext) field_Mutation_ingestGHSA_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 *model.GHSAInputSpec - if tmp, ok := rawArgs["ghsa"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsa")) - arg0, err = ec.unmarshalOGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["ghsa"] = arg0 - return args, nil -} - -func (ec *executionContext) field_Mutation_ingestGHSAs_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 []*model.GHSAInputSpec - if tmp, ok := rawArgs["ghsas"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsas")) - arg0, err = ec.unmarshalNGHSAInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpecᚄ(ctx, tmp) - if err != nil { - return nil, err - } - } - args["ghsas"] = arg0 - return args, nil -} - func (ec *executionContext) field_Mutation_ingestHasMetadata_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -598,69 +565,6 @@ func (ec *executionContext) field_Mutation_ingestHashEquals_args(ctx context.Con return args, nil } -func (ec *executionContext) field_Mutation_ingestIsVulnerability_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 model.OSVInputSpec - if tmp, ok := rawArgs["osv"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osv")) - arg0, err = ec.unmarshalNOSVInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["osv"] = arg0 - var arg1 model.CveOrGhsaInput - if tmp, ok := rawArgs["vulnerability"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) - arg1, err = ec.unmarshalNCveOrGhsaInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsaInput(ctx, tmp) - if err != nil { - return nil, err - } - } - args["vulnerability"] = arg1 - var arg2 model.IsVulnerabilityInputSpec - if tmp, ok := rawArgs["isVulnerability"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("isVulnerability")) - arg2, err = ec.unmarshalNIsVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilityInputSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["isVulnerability"] = arg2 - return args, nil -} - -func (ec *executionContext) field_Mutation_ingestOSV_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 *model.OSVInputSpec - if tmp, ok := rawArgs["osv"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osv")) - arg0, err = ec.unmarshalOOSVInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["osv"] = arg0 - return args, nil -} - -func (ec *executionContext) field_Mutation_ingestOSVs_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 []*model.OSVInputSpec - if tmp, ok := rawArgs["osvs"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osvs")) - arg0, err = ec.unmarshalNOSVInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpecᚄ(ctx, tmp) - if err != nil { - return nil, err - } - } - args["osvs"] = arg0 - return args, nil -} - func (ec *executionContext) field_Mutation_ingestOccurrence_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -997,10 +901,10 @@ func (ec *executionContext) field_Mutation_ingestVEXStatement_args(ctx context.C } } args["subject"] = arg0 - var arg1 model.VulnerabilityInput + var arg1 model.VulnerabilityInputSpec if tmp, ok := rawArgs["vulnerability"]; ok { ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) - arg1, err = ec.unmarshalNVulnerabilityInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInput(ctx, tmp) + arg1, err = ec.unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, tmp) if err != nil { return nil, err } @@ -1018,36 +922,66 @@ func (ec *executionContext) field_Mutation_ingestVEXStatement_args(ctx context.C return args, nil } -func (ec *executionContext) field_Mutation_ingestVulnerability_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { +func (ec *executionContext) field_Mutation_ingestVulnEqual_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} - var arg0 model.PkgInputSpec - if tmp, ok := rawArgs["pkg"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("pkg")) - arg0, err = ec.unmarshalNPkgInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPkgInputSpec(ctx, tmp) + var arg0 model.VulnerabilityInputSpec + if tmp, ok := rawArgs["vulnerability"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) + arg0, err = ec.unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, tmp) if err != nil { return nil, err } } - args["pkg"] = arg0 - var arg1 model.VulnerabilityInput - if tmp, ok := rawArgs["vulnerability"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) - arg1, err = ec.unmarshalNVulnerabilityInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInput(ctx, tmp) + args["vulnerability"] = arg0 + var arg1 model.VulnerabilityInputSpec + if tmp, ok := rawArgs["otherVulnerability"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("otherVulnerability")) + arg1, err = ec.unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, tmp) if err != nil { return nil, err } } - args["vulnerability"] = arg1 - var arg2 model.VulnerabilityMetaDataInput - if tmp, ok := rawArgs["certifyVuln"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("certifyVuln")) - arg2, err = ec.unmarshalNVulnerabilityMetaDataInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityMetaDataInput(ctx, tmp) + args["otherVulnerability"] = arg1 + var arg2 model.VulnEqualInputSpec + if tmp, ok := rawArgs["vulnEqual"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnEqual")) + arg2, err = ec.unmarshalNVulnEqualInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualInputSpec(ctx, tmp) if err != nil { return nil, err } } - args["certifyVuln"] = arg2 + args["vulnEqual"] = arg2 + return args, nil +} + +func (ec *executionContext) field_Mutation_ingestVulnerabilities_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { + var err error + args := map[string]interface{}{} + var arg0 []*model.VulnerabilityInputSpec + if tmp, ok := rawArgs["vulns"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulns")) + arg0, err = ec.unmarshalNVulnerabilityInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpecᚄ(ctx, tmp) + if err != nil { + return nil, err + } + } + args["vulns"] = arg0 + return args, nil +} + +func (ec *executionContext) field_Mutation_ingestVulnerability_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { + var err error + args := map[string]interface{}{} + var arg0 model.VulnerabilityInputSpec + if tmp, ok := rawArgs["vuln"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vuln")) + arg0, err = ec.unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, tmp) + if err != nil { + return nil, err + } + } + args["vuln"] = arg0 return args, nil } @@ -1216,21 +1150,6 @@ func (ec *executionContext) field_Query_IsOccurrence_args(ctx context.Context, r return args, nil } -func (ec *executionContext) field_Query_IsVulnerability_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 model.IsVulnerabilitySpec - if tmp, ok := rawArgs["isVulnerabilitySpec"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("isVulnerabilitySpec")) - arg0, err = ec.unmarshalNIsVulnerabilitySpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilitySpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["isVulnerabilitySpec"] = arg0 - return args, nil -} - func (ec *executionContext) field_Query_PkgEqual_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -1306,21 +1225,6 @@ func (ec *executionContext) field_Query_builders_args(ctx context.Context, rawAr return args, nil } -func (ec *executionContext) field_Query_cve_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 model.CVESpec - if tmp, ok := rawArgs["cveSpec"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cveSpec")) - arg0, err = ec.unmarshalNCVESpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVESpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["cveSpec"] = arg0 - return args, nil -} - func (ec *executionContext) field_Query_findSoftware_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -1336,21 +1240,6 @@ func (ec *executionContext) field_Query_findSoftware_args(ctx context.Context, r return args, nil } -func (ec *executionContext) field_Query_ghsa_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 model.GHSASpec - if tmp, ok := rawArgs["ghsaSpec"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsaSpec")) - arg0, err = ec.unmarshalNGHSASpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSASpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["ghsaSpec"] = arg0 - return args, nil -} - func (ec *executionContext) field_Query_neighbors_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -1405,21 +1294,6 @@ func (ec *executionContext) field_Query_nodes_args(ctx context.Context, rawArgs return args, nil } -func (ec *executionContext) field_Query_osv_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { - var err error - args := map[string]interface{}{} - var arg0 model.OSVSpec - if tmp, ok := rawArgs["osvSpec"]; ok { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osvSpec")) - arg0, err = ec.unmarshalNOSVSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVSpec(ctx, tmp) - if err != nil { - return nil, err - } - } - args["osvSpec"] = arg0 - return args, nil -} - func (ec *executionContext) field_Query_packages_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { var err error args := map[string]interface{}{} @@ -1507,6 +1381,36 @@ func (ec *executionContext) field_Query_sources_args(ctx context.Context, rawArg return args, nil } +func (ec *executionContext) field_Query_vulnEqual_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { + var err error + args := map[string]interface{}{} + var arg0 model.VulnEqualSpec + if tmp, ok := rawArgs["vulnEqualSpec"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnEqualSpec")) + arg0, err = ec.unmarshalNVulnEqualSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualSpec(ctx, tmp) + if err != nil { + return nil, err + } + } + args["vulnEqualSpec"] = arg0 + return args, nil +} + +func (ec *executionContext) field_Query_vulnerabilities_args(ctx context.Context, rawArgs map[string]interface{}) (map[string]interface{}, error) { + var err error + args := map[string]interface{}{} + var arg0 model.VulnerabilitySpec + if tmp, ok := rawArgs["vulnSpec"]; ok { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnSpec")) + arg0, err = ec.unmarshalNVulnerabilitySpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx, tmp) + if err != nil { + return nil, err + } + } + args["vulnSpec"] = arg0 + return args, nil +} + // endregion ***************************** args.gotpl ***************************** // region ************************** directives.gotpl ************************** @@ -2303,7 +2207,7 @@ func (ec *executionContext) _Mutation_ingestVEXStatement(ctx context.Context, fi }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestVEXStatement(rctx, fc.Args["subject"].(model.PackageOrArtifactInput), fc.Args["vulnerability"].(model.VulnerabilityInput), fc.Args["vexStatement"].(model.VexStatementInputSpec)) + return ec.resolvers.Mutation().IngestVEXStatement(rctx, fc.Args["subject"].(model.PackageOrArtifactInput), fc.Args["vulnerability"].(model.VulnerabilityInputSpec), fc.Args["vexStatement"].(model.VexStatementInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -2366,8 +2270,8 @@ func (ec *executionContext) fieldContext_Mutation_ingestVEXStatement(ctx context return fc, nil } -func (ec *executionContext) _Mutation_ingestVulnerability(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestVulnerability(ctx, field) +func (ec *executionContext) _Mutation_ingestCertifyVuln(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestCertifyVuln(ctx, field) if err != nil { return graphql.Null } @@ -2380,7 +2284,7 @@ func (ec *executionContext) _Mutation_ingestVulnerability(ctx context.Context, f }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestVulnerability(rctx, fc.Args["pkg"].(model.PkgInputSpec), fc.Args["vulnerability"].(model.VulnerabilityInput), fc.Args["certifyVuln"].(model.VulnerabilityMetaDataInput)) + return ec.resolvers.Mutation().IngestCertifyVuln(rctx, fc.Args["pkg"].(model.PkgInputSpec), fc.Args["vulnerability"].(model.VulnerabilityInputSpec), fc.Args["certifyVuln"].(model.ScanMetadataInput)) }) if err != nil { ec.Error(ctx, err) @@ -2397,7 +2301,7 @@ func (ec *executionContext) _Mutation_ingestVulnerability(ctx context.Context, f return ec.marshalNCertifyVuln2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCertifyVuln(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestVulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestCertifyVuln(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -2424,7 +2328,7 @@ func (ec *executionContext) fieldContext_Mutation_ingestVulnerability(ctx contex } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestVulnerability_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestCertifyVuln_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } @@ -2504,8 +2408,8 @@ func (ec *executionContext) fieldContext_Mutation_ingestPointOfContact(ctx conte return fc, nil } -func (ec *executionContext) _Mutation_ingestCVE(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestCVE(ctx, field) +func (ec *executionContext) _Mutation_ingestHasSBOM(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestHasSBOM(ctx, field) if err != nil { return graphql.Null } @@ -2518,7 +2422,7 @@ func (ec *executionContext) _Mutation_ingestCVE(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestCve(rctx, fc.Args["cve"].(*model.CVEInputSpec)) + return ec.resolvers.Mutation().IngestHasSbom(rctx, fc.Args["subject"].(model.PackageOrArtifactInput), fc.Args["hasSBOM"].(model.HasSBOMInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -2530,12 +2434,12 @@ func (ec *executionContext) _Mutation_ingestCVE(ctx context.Context, field graph } return graphql.Null } - res := resTmp.(*model.Cve) + res := resTmp.(*model.HasSbom) fc.Result = res - return ec.marshalNCVE2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCve(ctx, field.Selections, res) + return ec.marshalNHasSBOM2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSbom(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestCVE(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestHasSBOM(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -2544,13 +2448,23 @@ func (ec *executionContext) fieldContext_Mutation_ingestCVE(ctx context.Context, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_CVE_id(ctx, field) - case "year": - return ec.fieldContext_CVE_year(ctx, field) - case "cveId": - return ec.fieldContext_CVE_cveId(ctx, field) + return ec.fieldContext_HasSBOM_id(ctx, field) + case "subject": + return ec.fieldContext_HasSBOM_subject(ctx, field) + case "uri": + return ec.fieldContext_HasSBOM_uri(ctx, field) + case "algorithm": + return ec.fieldContext_HasSBOM_algorithm(ctx, field) + case "digest": + return ec.fieldContext_HasSBOM_digest(ctx, field) + case "downloadLocation": + return ec.fieldContext_HasSBOM_downloadLocation(ctx, field) + case "origin": + return ec.fieldContext_HasSBOM_origin(ctx, field) + case "collector": + return ec.fieldContext_HasSBOM_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type CVE", field.Name) + return nil, fmt.Errorf("no field named %q was found under type HasSBOM", field.Name) }, } defer func() { @@ -2560,15 +2474,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestCVE(ctx context.Context, } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestCVE_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestHasSBOM_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestCVEs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestCVEs(ctx, field) +func (ec *executionContext) _Mutation_ingestHasSBOMs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestHasSBOMs(ctx, field) if err != nil { return graphql.Null } @@ -2581,7 +2495,7 @@ func (ec *executionContext) _Mutation_ingestCVEs(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestCVEs(rctx, fc.Args["cves"].([]*model.CVEInputSpec)) + return ec.resolvers.Mutation().IngestHasSBOMs(rctx, fc.Args["subjects"].(model.PackageOrArtifactInputs), fc.Args["hasSBOMs"].([]*model.HasSBOMInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -2593,12 +2507,12 @@ func (ec *executionContext) _Mutation_ingestCVEs(ctx context.Context, field grap } return graphql.Null } - res := resTmp.([]*model.Cve) + res := resTmp.([]*model.HasSbom) fc.Result = res - return ec.marshalNCVE2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveᚄ(ctx, field.Selections, res) + return ec.marshalNHasSBOM2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSbomᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestCVEs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestHasSBOMs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -2607,13 +2521,23 @@ func (ec *executionContext) fieldContext_Mutation_ingestCVEs(ctx context.Context Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_CVE_id(ctx, field) - case "year": - return ec.fieldContext_CVE_year(ctx, field) - case "cveId": - return ec.fieldContext_CVE_cveId(ctx, field) + return ec.fieldContext_HasSBOM_id(ctx, field) + case "subject": + return ec.fieldContext_HasSBOM_subject(ctx, field) + case "uri": + return ec.fieldContext_HasSBOM_uri(ctx, field) + case "algorithm": + return ec.fieldContext_HasSBOM_algorithm(ctx, field) + case "digest": + return ec.fieldContext_HasSBOM_digest(ctx, field) + case "downloadLocation": + return ec.fieldContext_HasSBOM_downloadLocation(ctx, field) + case "origin": + return ec.fieldContext_HasSBOM_origin(ctx, field) + case "collector": + return ec.fieldContext_HasSBOM_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type CVE", field.Name) + return nil, fmt.Errorf("no field named %q was found under type HasSBOM", field.Name) }, } defer func() { @@ -2623,15 +2547,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestCVEs(ctx context.Context } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestCVEs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestHasSBOMs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestGHSA(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestGHSA(ctx, field) +func (ec *executionContext) _Mutation_ingestSLSA(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestSLSA(ctx, field) if err != nil { return graphql.Null } @@ -2644,7 +2568,7 @@ func (ec *executionContext) _Mutation_ingestGHSA(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestGhsa(rctx, fc.Args["ghsa"].(*model.GHSAInputSpec)) + return ec.resolvers.Mutation().IngestSlsa(rctx, fc.Args["subject"].(model.ArtifactInputSpec), fc.Args["builtFrom"].([]*model.ArtifactInputSpec), fc.Args["builtBy"].(model.BuilderInputSpec), fc.Args["slsa"].(model.SLSAInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -2656,12 +2580,12 @@ func (ec *executionContext) _Mutation_ingestGHSA(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(*model.Ghsa) + res := resTmp.(*model.HasSlsa) fc.Result = res - return ec.marshalNGHSA2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsa(ctx, field.Selections, res) + return ec.marshalNHasSLSA2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSlsa(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestGHSA(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestSLSA(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -2670,11 +2594,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestGHSA(ctx context.Context Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_GHSA_id(ctx, field) - case "ghsaId": - return ec.fieldContext_GHSA_ghsaId(ctx, field) + return ec.fieldContext_HasSLSA_id(ctx, field) + case "subject": + return ec.fieldContext_HasSLSA_subject(ctx, field) + case "slsa": + return ec.fieldContext_HasSLSA_slsa(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type GHSA", field.Name) + return nil, fmt.Errorf("no field named %q was found under type HasSLSA", field.Name) }, } defer func() { @@ -2684,15 +2610,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestGHSA(ctx context.Context } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestGHSA_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestSLSA_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestGHSAs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestGHSAs(ctx, field) +func (ec *executionContext) _Mutation_ingestSLSAs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestSLSAs(ctx, field) if err != nil { return graphql.Null } @@ -2705,7 +2631,7 @@ func (ec *executionContext) _Mutation_ingestGHSAs(ctx context.Context, field gra }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestGHSAs(rctx, fc.Args["ghsas"].([]*model.GHSAInputSpec)) + return ec.resolvers.Mutation().IngestSLSAs(rctx, fc.Args["subjects"].([]*model.ArtifactInputSpec), fc.Args["builtFromList"].([][]*model.ArtifactInputSpec), fc.Args["builtByList"].([]*model.BuilderInputSpec), fc.Args["slsaList"].([]*model.SLSAInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -2717,277 +2643,7 @@ func (ec *executionContext) _Mutation_ingestGHSAs(ctx context.Context, field gra } return graphql.Null } - res := resTmp.([]*model.Ghsa) - fc.Result = res - return ec.marshalNGHSA2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsaᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Mutation_ingestGHSAs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Mutation", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_GHSA_id(ctx, field) - case "ghsaId": - return ec.fieldContext_GHSA_ghsaId(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type GHSA", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestGHSAs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Mutation_ingestHasSBOM(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestHasSBOM(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestHasSbom(rctx, fc.Args["subject"].(model.PackageOrArtifactInput), fc.Args["hasSBOM"].(model.HasSBOMInputSpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(*model.HasSbom) - fc.Result = res - return ec.marshalNHasSBOM2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSbom(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Mutation_ingestHasSBOM(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Mutation", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_HasSBOM_id(ctx, field) - case "subject": - return ec.fieldContext_HasSBOM_subject(ctx, field) - case "uri": - return ec.fieldContext_HasSBOM_uri(ctx, field) - case "algorithm": - return ec.fieldContext_HasSBOM_algorithm(ctx, field) - case "digest": - return ec.fieldContext_HasSBOM_digest(ctx, field) - case "downloadLocation": - return ec.fieldContext_HasSBOM_downloadLocation(ctx, field) - case "origin": - return ec.fieldContext_HasSBOM_origin(ctx, field) - case "collector": - return ec.fieldContext_HasSBOM_collector(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type HasSBOM", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestHasSBOM_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Mutation_ingestHasSBOMs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestHasSBOMs(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestHasSBOMs(rctx, fc.Args["subjects"].(model.PackageOrArtifactInputs), fc.Args["hasSBOMs"].([]*model.HasSBOMInputSpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.HasSbom) - fc.Result = res - return ec.marshalNHasSBOM2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSbomᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Mutation_ingestHasSBOMs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Mutation", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_HasSBOM_id(ctx, field) - case "subject": - return ec.fieldContext_HasSBOM_subject(ctx, field) - case "uri": - return ec.fieldContext_HasSBOM_uri(ctx, field) - case "algorithm": - return ec.fieldContext_HasSBOM_algorithm(ctx, field) - case "digest": - return ec.fieldContext_HasSBOM_digest(ctx, field) - case "downloadLocation": - return ec.fieldContext_HasSBOM_downloadLocation(ctx, field) - case "origin": - return ec.fieldContext_HasSBOM_origin(ctx, field) - case "collector": - return ec.fieldContext_HasSBOM_collector(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type HasSBOM", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestHasSBOMs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Mutation_ingestSLSA(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestSLSA(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestSlsa(rctx, fc.Args["subject"].(model.ArtifactInputSpec), fc.Args["builtFrom"].([]*model.ArtifactInputSpec), fc.Args["builtBy"].(model.BuilderInputSpec), fc.Args["slsa"].(model.SLSAInputSpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(*model.HasSlsa) - fc.Result = res - return ec.marshalNHasSLSA2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSlsa(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Mutation_ingestSLSA(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Mutation", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_HasSLSA_id(ctx, field) - case "subject": - return ec.fieldContext_HasSLSA_subject(ctx, field) - case "slsa": - return ec.fieldContext_HasSLSA_slsa(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type HasSLSA", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestSLSA_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Mutation_ingestSLSAs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestSLSAs(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestSLSAs(rctx, fc.Args["subjects"].([]*model.ArtifactInputSpec), fc.Args["builtFromList"].([][]*model.ArtifactInputSpec), fc.Args["builtByList"].([]*model.BuilderInputSpec), fc.Args["slsaList"].([]*model.SLSAInputSpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.HasSlsa) + res := resTmp.([]*model.HasSlsa) fc.Result = res return ec.marshalNHasSLSA2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasSlsaᚄ(ctx, field.Selections, res) } @@ -3513,8 +3169,8 @@ func (ec *executionContext) fieldContext_Mutation_ingestOccurrences(ctx context. return fc, nil } -func (ec *executionContext) _Mutation_ingestIsVulnerability(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestIsVulnerability(ctx, field) +func (ec *executionContext) _Mutation_ingestHasMetadata(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestHasMetadata(ctx, field) if err != nil { return graphql.Null } @@ -3527,7 +3183,7 @@ func (ec *executionContext) _Mutation_ingestIsVulnerability(ctx context.Context, }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestIsVulnerability(rctx, fc.Args["osv"].(model.OSVInputSpec), fc.Args["vulnerability"].(model.CveOrGhsaInput), fc.Args["isVulnerability"].(model.IsVulnerabilityInputSpec)) + return ec.resolvers.Mutation().IngestHasMetadata(rctx, fc.Args["subject"].(model.PackageSourceOrArtifactInput), fc.Args["pkgMatchType"].(model.MatchFlags), fc.Args["hasMetadata"].(model.HasMetadataInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3539,12 +3195,12 @@ func (ec *executionContext) _Mutation_ingestIsVulnerability(ctx context.Context, } return graphql.Null } - res := resTmp.(*model.IsVulnerability) + res := resTmp.(*model.HasMetadata) fc.Result = res - return ec.marshalNIsVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerability(ctx, field.Selections, res) + return ec.marshalNHasMetadata2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasMetadata(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestIsVulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestHasMetadata(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3553,19 +3209,23 @@ func (ec *executionContext) fieldContext_Mutation_ingestIsVulnerability(ctx cont Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_IsVulnerability_id(ctx, field) - case "osv": - return ec.fieldContext_IsVulnerability_osv(ctx, field) - case "vulnerability": - return ec.fieldContext_IsVulnerability_vulnerability(ctx, field) + return ec.fieldContext_HasMetadata_id(ctx, field) + case "subject": + return ec.fieldContext_HasMetadata_subject(ctx, field) + case "key": + return ec.fieldContext_HasMetadata_key(ctx, field) + case "value": + return ec.fieldContext_HasMetadata_value(ctx, field) + case "timestamp": + return ec.fieldContext_HasMetadata_timestamp(ctx, field) case "justification": - return ec.fieldContext_IsVulnerability_justification(ctx, field) + return ec.fieldContext_HasMetadata_justification(ctx, field) case "origin": - return ec.fieldContext_IsVulnerability_origin(ctx, field) + return ec.fieldContext_HasMetadata_origin(ctx, field) case "collector": - return ec.fieldContext_IsVulnerability_collector(ctx, field) + return ec.fieldContext_HasMetadata_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type IsVulnerability", field.Name) + return nil, fmt.Errorf("no field named %q was found under type HasMetadata", field.Name) }, } defer func() { @@ -3575,15 +3235,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestIsVulnerability(ctx cont } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestIsVulnerability_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestHasMetadata_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestHasMetadata(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestHasMetadata(ctx, field) +func (ec *executionContext) _Mutation_ingestPackage(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestPackage(ctx, field) if err != nil { return graphql.Null } @@ -3596,7 +3256,7 @@ func (ec *executionContext) _Mutation_ingestHasMetadata(ctx context.Context, fie }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestHasMetadata(rctx, fc.Args["subject"].(model.PackageSourceOrArtifactInput), fc.Args["pkgMatchType"].(model.MatchFlags), fc.Args["hasMetadata"].(model.HasMetadataInputSpec)) + return ec.resolvers.Mutation().IngestPackage(rctx, fc.Args["pkg"].(model.PkgInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3608,12 +3268,12 @@ func (ec *executionContext) _Mutation_ingestHasMetadata(ctx context.Context, fie } return graphql.Null } - res := resTmp.(*model.HasMetadata) + res := resTmp.(*model.Package) fc.Result = res - return ec.marshalNHasMetadata2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasMetadata(ctx, field.Selections, res) + return ec.marshalNPackage2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPackage(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestHasMetadata(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestPackage(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3622,23 +3282,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestHasMetadata(ctx context. Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_HasMetadata_id(ctx, field) - case "subject": - return ec.fieldContext_HasMetadata_subject(ctx, field) - case "key": - return ec.fieldContext_HasMetadata_key(ctx, field) - case "value": - return ec.fieldContext_HasMetadata_value(ctx, field) - case "timestamp": - return ec.fieldContext_HasMetadata_timestamp(ctx, field) - case "justification": - return ec.fieldContext_HasMetadata_justification(ctx, field) - case "origin": - return ec.fieldContext_HasMetadata_origin(ctx, field) - case "collector": - return ec.fieldContext_HasMetadata_collector(ctx, field) + return ec.fieldContext_Package_id(ctx, field) + case "type": + return ec.fieldContext_Package_type(ctx, field) + case "namespaces": + return ec.fieldContext_Package_namespaces(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type HasMetadata", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Package", field.Name) }, } defer func() { @@ -3648,15 +3298,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestHasMetadata(ctx context. } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestHasMetadata_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestPackage_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestOSV(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestOSV(ctx, field) +func (ec *executionContext) _Mutation_ingestPackages(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestPackages(ctx, field) if err != nil { return graphql.Null } @@ -3669,7 +3319,7 @@ func (ec *executionContext) _Mutation_ingestOSV(ctx context.Context, field graph }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestOsv(rctx, fc.Args["osv"].(*model.OSVInputSpec)) + return ec.resolvers.Mutation().IngestPackages(rctx, fc.Args["pkgs"].([]*model.PkgInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3681,12 +3331,12 @@ func (ec *executionContext) _Mutation_ingestOSV(ctx context.Context, field graph } return graphql.Null } - res := resTmp.(*model.Osv) + res := resTmp.([]*model.Package) fc.Result = res - return ec.marshalNOSV2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsv(ctx, field.Selections, res) + return ec.marshalNPackage2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPackageᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestOSV(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestPackages(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3695,11 +3345,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestOSV(ctx context.Context, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_OSV_id(ctx, field) - case "osvId": - return ec.fieldContext_OSV_osvId(ctx, field) + return ec.fieldContext_Package_id(ctx, field) + case "type": + return ec.fieldContext_Package_type(ctx, field) + case "namespaces": + return ec.fieldContext_Package_namespaces(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type OSV", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Package", field.Name) }, } defer func() { @@ -3709,15 +3361,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestOSV(ctx context.Context, } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestOSV_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestPackages_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestOSVs(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestOSVs(ctx, field) +func (ec *executionContext) _Mutation_ingestPkgEqual(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestPkgEqual(ctx, field) if err != nil { return graphql.Null } @@ -3730,7 +3382,7 @@ func (ec *executionContext) _Mutation_ingestOSVs(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestOSVs(rctx, fc.Args["osvs"].([]*model.OSVInputSpec)) + return ec.resolvers.Mutation().IngestPkgEqual(rctx, fc.Args["pkg"].(model.PkgInputSpec), fc.Args["otherPackage"].(model.PkgInputSpec), fc.Args["pkgEqual"].(model.PkgEqualInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3742,12 +3394,12 @@ func (ec *executionContext) _Mutation_ingestOSVs(ctx context.Context, field grap } return graphql.Null } - res := resTmp.([]*model.Osv) + res := resTmp.(*model.PkgEqual) fc.Result = res - return ec.marshalNOSV2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsvᚄ(ctx, field.Selections, res) + return ec.marshalNPkgEqual2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPkgEqual(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestOSVs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestPkgEqual(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3756,11 +3408,17 @@ func (ec *executionContext) fieldContext_Mutation_ingestOSVs(ctx context.Context Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_OSV_id(ctx, field) - case "osvId": - return ec.fieldContext_OSV_osvId(ctx, field) + return ec.fieldContext_PkgEqual_id(ctx, field) + case "packages": + return ec.fieldContext_PkgEqual_packages(ctx, field) + case "justification": + return ec.fieldContext_PkgEqual_justification(ctx, field) + case "origin": + return ec.fieldContext_PkgEqual_origin(ctx, field) + case "collector": + return ec.fieldContext_PkgEqual_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type OSV", field.Name) + return nil, fmt.Errorf("no field named %q was found under type PkgEqual", field.Name) }, } defer func() { @@ -3770,15 +3428,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestOSVs(ctx context.Context } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestOSVs_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestPkgEqual_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestPackage(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestPackage(ctx, field) +func (ec *executionContext) _Mutation_ingestSource(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestSource(ctx, field) if err != nil { return graphql.Null } @@ -3791,7 +3449,7 @@ func (ec *executionContext) _Mutation_ingestPackage(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestPackage(rctx, fc.Args["pkg"].(model.PkgInputSpec)) + return ec.resolvers.Mutation().IngestSource(rctx, fc.Args["source"].(model.SourceInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3803,12 +3461,12 @@ func (ec *executionContext) _Mutation_ingestPackage(ctx context.Context, field g } return graphql.Null } - res := resTmp.(*model.Package) + res := resTmp.(*model.Source) fc.Result = res - return ec.marshalNPackage2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPackage(ctx, field.Selections, res) + return ec.marshalNSource2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐSource(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestPackage(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestSource(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3817,13 +3475,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestPackage(ctx context.Cont Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_Package_id(ctx, field) + return ec.fieldContext_Source_id(ctx, field) case "type": - return ec.fieldContext_Package_type(ctx, field) + return ec.fieldContext_Source_type(ctx, field) case "namespaces": - return ec.fieldContext_Package_namespaces(ctx, field) + return ec.fieldContext_Source_namespaces(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Package", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Source", field.Name) }, } defer func() { @@ -3833,15 +3491,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestPackage(ctx context.Cont } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestPackage_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestSource_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestPackages(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestPackages(ctx, field) +func (ec *executionContext) _Mutation_ingestSources(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestSources(ctx, field) if err != nil { return graphql.Null } @@ -3854,7 +3512,7 @@ func (ec *executionContext) _Mutation_ingestPackages(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestPackages(rctx, fc.Args["pkgs"].([]*model.PkgInputSpec)) + return ec.resolvers.Mutation().IngestSources(rctx, fc.Args["sources"].([]*model.SourceInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3866,12 +3524,12 @@ func (ec *executionContext) _Mutation_ingestPackages(ctx context.Context, field } return graphql.Null } - res := resTmp.([]*model.Package) + res := resTmp.([]*model.Source) fc.Result = res - return ec.marshalNPackage2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPackageᚄ(ctx, field.Selections, res) + return ec.marshalNSource2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐSourceᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestPackages(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestSources(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3880,13 +3538,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestPackages(ctx context.Con Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_Package_id(ctx, field) + return ec.fieldContext_Source_id(ctx, field) case "type": - return ec.fieldContext_Package_type(ctx, field) + return ec.fieldContext_Source_type(ctx, field) case "namespaces": - return ec.fieldContext_Package_namespaces(ctx, field) + return ec.fieldContext_Source_namespaces(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Package", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Source", field.Name) }, } defer func() { @@ -3896,15 +3554,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestPackages(ctx context.Con } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestPackages_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestSources_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestPkgEqual(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestPkgEqual(ctx, field) +func (ec *executionContext) _Mutation_ingestVulnEqual(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestVulnEqual(ctx, field) if err != nil { return graphql.Null } @@ -3917,7 +3575,7 @@ func (ec *executionContext) _Mutation_ingestPkgEqual(ctx context.Context, field }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestPkgEqual(rctx, fc.Args["pkg"].(model.PkgInputSpec), fc.Args["otherPackage"].(model.PkgInputSpec), fc.Args["pkgEqual"].(model.PkgEqualInputSpec)) + return ec.resolvers.Mutation().IngestVulnEqual(rctx, fc.Args["vulnerability"].(model.VulnerabilityInputSpec), fc.Args["otherVulnerability"].(model.VulnerabilityInputSpec), fc.Args["vulnEqual"].(model.VulnEqualInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3929,12 +3587,12 @@ func (ec *executionContext) _Mutation_ingestPkgEqual(ctx context.Context, field } return graphql.Null } - res := resTmp.(*model.PkgEqual) + res := resTmp.(*model.VulnEqual) fc.Result = res - return ec.marshalNPkgEqual2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐPkgEqual(ctx, field.Selections, res) + return ec.marshalNVulnEqual2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqual(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestPkgEqual(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestVulnEqual(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -3943,17 +3601,17 @@ func (ec *executionContext) fieldContext_Mutation_ingestPkgEqual(ctx context.Con Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_PkgEqual_id(ctx, field) - case "packages": - return ec.fieldContext_PkgEqual_packages(ctx, field) + return ec.fieldContext_VulnEqual_id(ctx, field) + case "vulnerabilities": + return ec.fieldContext_VulnEqual_vulnerabilities(ctx, field) case "justification": - return ec.fieldContext_PkgEqual_justification(ctx, field) + return ec.fieldContext_VulnEqual_justification(ctx, field) case "origin": - return ec.fieldContext_PkgEqual_origin(ctx, field) + return ec.fieldContext_VulnEqual_origin(ctx, field) case "collector": - return ec.fieldContext_PkgEqual_collector(ctx, field) + return ec.fieldContext_VulnEqual_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type PkgEqual", field.Name) + return nil, fmt.Errorf("no field named %q was found under type VulnEqual", field.Name) }, } defer func() { @@ -3963,15 +3621,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestPkgEqual(ctx context.Con } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestPkgEqual_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestVulnEqual_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestSource(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestSource(ctx, field) +func (ec *executionContext) _Mutation_ingestVulnerability(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestVulnerability(ctx, field) if err != nil { return graphql.Null } @@ -3984,7 +3642,7 @@ func (ec *executionContext) _Mutation_ingestSource(ctx context.Context, field gr }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestSource(rctx, fc.Args["source"].(model.SourceInputSpec)) + return ec.resolvers.Mutation().IngestVulnerability(rctx, fc.Args["vuln"].(model.VulnerabilityInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -3996,12 +3654,12 @@ func (ec *executionContext) _Mutation_ingestSource(ctx context.Context, field gr } return graphql.Null } - res := resTmp.(*model.Source) + res := resTmp.(*model.Vulnerability) fc.Result = res - return ec.marshalNSource2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐSource(ctx, field.Selections, res) + return ec.marshalNVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestSource(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestVulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -4010,13 +3668,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestSource(ctx context.Conte Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_Source_id(ctx, field) + return ec.fieldContext_Vulnerability_id(ctx, field) case "type": - return ec.fieldContext_Source_type(ctx, field) - case "namespaces": - return ec.fieldContext_Source_namespaces(ctx, field) + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Source", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) }, } defer func() { @@ -4026,15 +3684,15 @@ func (ec *executionContext) fieldContext_Mutation_ingestSource(ctx context.Conte } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestSource_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestVulnerability_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Mutation_ingestSources(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Mutation_ingestSources(ctx, field) +func (ec *executionContext) _Mutation_ingestVulnerabilities(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Mutation_ingestVulnerabilities(ctx, field) if err != nil { return graphql.Null } @@ -4047,7 +3705,7 @@ func (ec *executionContext) _Mutation_ingestSources(ctx context.Context, field g }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Mutation().IngestSources(rctx, fc.Args["sources"].([]*model.SourceInputSpec)) + return ec.resolvers.Mutation().IngestVulnerabilities(rctx, fc.Args["vulns"].([]*model.VulnerabilityInputSpec)) }) if err != nil { ec.Error(ctx, err) @@ -4059,12 +3717,12 @@ func (ec *executionContext) _Mutation_ingestSources(ctx context.Context, field g } return graphql.Null } - res := resTmp.([]*model.Source) + res := resTmp.([]*model.Vulnerability) fc.Result = res - return ec.marshalNSource2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐSourceᚄ(ctx, field.Selections, res) + return ec.marshalNVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Mutation_ingestSources(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Mutation_ingestVulnerabilities(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Mutation", Field: field, @@ -4073,13 +3731,13 @@ func (ec *executionContext) fieldContext_Mutation_ingestSources(ctx context.Cont Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_Source_id(ctx, field) + return ec.fieldContext_Vulnerability_id(ctx, field) case "type": - return ec.fieldContext_Source_type(ctx, field) - case "namespaces": - return ec.fieldContext_Source_namespaces(ctx, field) + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type Source", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) }, } defer func() { @@ -4089,7 +3747,7 @@ func (ec *executionContext) fieldContext_Mutation_ingestSources(ctx context.Cont } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Mutation_ingestSources_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Mutation_ingestVulnerabilities_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } @@ -4632,130 +4290,6 @@ func (ec *executionContext) fieldContext_Query_PointOfContact(ctx context.Contex return fc, nil } -func (ec *executionContext) _Query_cve(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_cve(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Cve(rctx, fc.Args["cveSpec"].(model.CVESpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.Cve) - fc.Result = res - return ec.marshalNCVE2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Query_cve(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Query", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_CVE_id(ctx, field) - case "year": - return ec.fieldContext_CVE_year(ctx, field) - case "cveId": - return ec.fieldContext_CVE_cveId(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type CVE", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_cve_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Query_ghsa(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_ghsa(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Ghsa(rctx, fc.Args["ghsaSpec"].(model.GHSASpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.Ghsa) - fc.Result = res - return ec.marshalNGHSA2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsaᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Query_ghsa(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Query", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_GHSA_id(ctx, field) - case "ghsaId": - return ec.fieldContext_GHSA_ghsaId(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type GHSA", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_ghsa_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - func (ec *executionContext) _Query_HasSBOM(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { fc, err := ec.fieldContext_Query_HasSBOM(ctx, field) if err != nil { @@ -5153,151 +4687,9 @@ func (ec *executionContext) fieldContext_Query_IsOccurrence(ctx context.Context, case "origin": return ec.fieldContext_IsOccurrence_origin(ctx, field) case "collector": - return ec.fieldContext_IsOccurrence_collector(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type IsOccurrence", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_IsOccurrence_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Query_IsVulnerability(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_IsVulnerability(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().IsVulnerability(rctx, fc.Args["isVulnerabilitySpec"].(model.IsVulnerabilitySpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.IsVulnerability) - fc.Result = res - return ec.marshalNIsVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilityᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Query_IsVulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Query", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_IsVulnerability_id(ctx, field) - case "osv": - return ec.fieldContext_IsVulnerability_osv(ctx, field) - case "vulnerability": - return ec.fieldContext_IsVulnerability_vulnerability(ctx, field) - case "justification": - return ec.fieldContext_IsVulnerability_justification(ctx, field) - case "origin": - return ec.fieldContext_IsVulnerability_origin(ctx, field) - case "collector": - return ec.fieldContext_IsVulnerability_collector(ctx, field) - } - return nil, fmt.Errorf("no field named %q was found under type IsVulnerability", field.Name) - }, - } - defer func() { - if r := recover(); r != nil { - err = ec.Recover(ctx, r) - ec.Error(ctx, err) - } - }() - ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_IsVulnerability_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { - ec.Error(ctx, err) - return fc, err - } - return fc, nil -} - -func (ec *executionContext) _Query_HasMetadata(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_HasMetadata(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().HasMetadata(rctx, fc.Args["hasMetadataSpec"].(model.HasMetadataSpec)) - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.([]*model.HasMetadata) - fc.Result = res - return ec.marshalNHasMetadata2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasMetadataᚄ(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_Query_HasMetadata(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "Query", - Field: field, - IsMethod: true, - IsResolver: true, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - switch field.Name { - case "id": - return ec.fieldContext_HasMetadata_id(ctx, field) - case "subject": - return ec.fieldContext_HasMetadata_subject(ctx, field) - case "key": - return ec.fieldContext_HasMetadata_key(ctx, field) - case "value": - return ec.fieldContext_HasMetadata_value(ctx, field) - case "timestamp": - return ec.fieldContext_HasMetadata_timestamp(ctx, field) - case "justification": - return ec.fieldContext_HasMetadata_justification(ctx, field) - case "origin": - return ec.fieldContext_HasMetadata_origin(ctx, field) - case "collector": - return ec.fieldContext_HasMetadata_collector(ctx, field) + return ec.fieldContext_IsOccurrence_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type HasMetadata", field.Name) + return nil, fmt.Errorf("no field named %q was found under type IsOccurrence", field.Name) }, } defer func() { @@ -5307,15 +4699,15 @@ func (ec *executionContext) fieldContext_Query_HasMetadata(ctx context.Context, } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_HasMetadata_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Query_IsOccurrence_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } return fc, nil } -func (ec *executionContext) _Query_osv(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_Query_osv(ctx, field) +func (ec *executionContext) _Query_HasMetadata(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_HasMetadata(ctx, field) if err != nil { return graphql.Null } @@ -5328,7 +4720,7 @@ func (ec *executionContext) _Query_osv(ctx context.Context, field graphql.Collec }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return ec.resolvers.Query().Osv(rctx, fc.Args["osvSpec"].(model.OSVSpec)) + return ec.resolvers.Query().HasMetadata(rctx, fc.Args["hasMetadataSpec"].(model.HasMetadataSpec)) }) if err != nil { ec.Error(ctx, err) @@ -5340,12 +4732,12 @@ func (ec *executionContext) _Query_osv(ctx context.Context, field graphql.Collec } return graphql.Null } - res := resTmp.([]*model.Osv) + res := resTmp.([]*model.HasMetadata) fc.Result = res - return ec.marshalNOSV2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsvᚄ(ctx, field.Selections, res) + return ec.marshalNHasMetadata2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐHasMetadataᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_Query_osv(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_Query_HasMetadata(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ Object: "Query", Field: field, @@ -5354,11 +4746,23 @@ func (ec *executionContext) fieldContext_Query_osv(ctx context.Context, field gr Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_OSV_id(ctx, field) - case "osvId": - return ec.fieldContext_OSV_osvId(ctx, field) + return ec.fieldContext_HasMetadata_id(ctx, field) + case "subject": + return ec.fieldContext_HasMetadata_subject(ctx, field) + case "key": + return ec.fieldContext_HasMetadata_key(ctx, field) + case "value": + return ec.fieldContext_HasMetadata_value(ctx, field) + case "timestamp": + return ec.fieldContext_HasMetadata_timestamp(ctx, field) + case "justification": + return ec.fieldContext_HasMetadata_justification(ctx, field) + case "origin": + return ec.fieldContext_HasMetadata_origin(ctx, field) + case "collector": + return ec.fieldContext_HasMetadata_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type OSV", field.Name) + return nil, fmt.Errorf("no field named %q was found under type HasMetadata", field.Name) }, } defer func() { @@ -5368,7 +4772,7 @@ func (ec *executionContext) fieldContext_Query_osv(ctx context.Context, field gr } }() ctx = graphql.WithFieldContext(ctx, fc) - if fc.Args, err = ec.field_Query_osv_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + if fc.Args, err = ec.field_Query_HasMetadata_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { ec.Error(ctx, err) return fc, err } @@ -5843,6 +5247,136 @@ func (ec *executionContext) fieldContext_Query_sources(ctx context.Context, fiel return fc, nil } +func (ec *executionContext) _Query_vulnEqual(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_vulnEqual(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return ec.resolvers.Query().VulnEqual(rctx, fc.Args["vulnEqualSpec"].(model.VulnEqualSpec)) + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.VulnEqual) + fc.Result = res + return ec.marshalNVulnEqual2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Query_vulnEqual(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Query", + Field: field, + IsMethod: true, + IsResolver: true, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_VulnEqual_id(ctx, field) + case "vulnerabilities": + return ec.fieldContext_VulnEqual_vulnerabilities(ctx, field) + case "justification": + return ec.fieldContext_VulnEqual_justification(ctx, field) + case "origin": + return ec.fieldContext_VulnEqual_origin(ctx, field) + case "collector": + return ec.fieldContext_VulnEqual_collector(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type VulnEqual", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query_vulnEqual_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + +func (ec *executionContext) _Query_vulnerabilities(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Query_vulnerabilities(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return ec.resolvers.Query().Vulnerabilities(rctx, fc.Args["vulnSpec"].(model.VulnerabilitySpec)) + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.Vulnerability) + fc.Result = res + return ec.marshalNVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Query_vulnerabilities(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Query", + Field: field, + IsMethod: true, + IsResolver: true, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_Vulnerability_id(ctx, field) + case "type": + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) + }, + } + defer func() { + if r := recover(); r != nil { + err = ec.Recover(ctx, r) + ec.Error(ctx, err) + } + }() + ctx = graphql.WithFieldContext(ctx, fc) + if fc.Args, err = ec.field_Query_vulnerabilities_args(ctx, field.ArgumentMap(ec.Variables)); err != nil { + ec.Error(ctx, err) + return fc, err + } + return fc, nil +} + func (ec *executionContext) _Query___type(ctx context.Context, field graphql.CollectedField) (ret graphql.Marshaler) { fc, err := ec.fieldContext_Query___type(ctx, field) if err != nil { @@ -6214,9 +5748,9 @@ func (ec *executionContext) _Mutation(ctx context.Context, sel ast.SelectionSet) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestVulnerability": + case "ingestCertifyVuln": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestVulnerability(ctx, field) + return ec._Mutation_ingestCertifyVuln(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ @@ -6228,34 +5762,6 @@ func (ec *executionContext) _Mutation(ctx context.Context, sel ast.SelectionSet) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestCVE": - out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestCVE(ctx, field) - }) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "ingestCVEs": - out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestCVEs(ctx, field) - }) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "ingestGHSA": - out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestGHSA(ctx, field) - }) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "ingestGHSAs": - out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestGHSAs(ctx, field) - }) - if out.Values[i] == graphql.Null { - out.Invalids++ - } case "ingestHasSBOM": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { return ec._Mutation_ingestHasSBOM(ctx, field) @@ -6333,65 +5839,65 @@ func (ec *executionContext) _Mutation(ctx context.Context, sel ast.SelectionSet) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestIsVulnerability": + case "ingestHasMetadata": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestIsVulnerability(ctx, field) + return ec._Mutation_ingestHasMetadata(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestHasMetadata": + case "ingestPackage": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestHasMetadata(ctx, field) + return ec._Mutation_ingestPackage(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestOSV": + case "ingestPackages": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestOSV(ctx, field) + return ec._Mutation_ingestPackages(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestOSVs": + case "ingestPkgEqual": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestOSVs(ctx, field) + return ec._Mutation_ingestPkgEqual(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestPackage": + case "ingestSource": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestPackage(ctx, field) + return ec._Mutation_ingestSource(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestPackages": + case "ingestSources": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestPackages(ctx, field) + return ec._Mutation_ingestSources(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestPkgEqual": + case "ingestVulnEqual": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestPkgEqual(ctx, field) + return ec._Mutation_ingestVulnEqual(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestSource": + case "ingestVulnerability": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestSource(ctx, field) + return ec._Mutation_ingestVulnerability(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ } - case "ingestSources": + case "ingestVulnerabilities": out.Values[i] = ec.OperationContext.RootResolverMiddleware(innerCtx, func(ctx context.Context) (res graphql.Marshaler) { - return ec._Mutation_ingestSources(ctx, field) + return ec._Mutation_ingestVulnerabilities(ctx, field) }) if out.Values[i] == graphql.Null { out.Invalids++ @@ -6613,50 +6119,6 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) } - out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "cve": - field := field - - innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - } - }() - res = ec._Query_cve(ctx, field) - if res == graphql.Null { - atomic.AddUint32(&fs.Invalids, 1) - } - return res - } - - rrm := func(ctx context.Context) graphql.Marshaler { - return ec.OperationContext.RootResolverMiddleware(ctx, - func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) - } - - out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "ghsa": - field := field - - innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - } - }() - res = ec._Query_ghsa(ctx, field) - if res == graphql.Null { - atomic.AddUint32(&fs.Invalids, 1) - } - return res - } - - rrm := func(ctx context.Context) graphql.Marshaler { - return ec.OperationContext.RootResolverMiddleware(ctx, - func(ctx context.Context) graphql.Marshaler { return innerFunc(ctx, out) }) - } - out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) case "HasSBOM": field := field @@ -6790,7 +6252,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "IsVulnerability": + case "HasMetadata": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6799,7 +6261,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_IsVulnerability(ctx, field) + res = ec._Query_HasMetadata(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6812,7 +6274,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "HasMetadata": + case "packages": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6821,7 +6283,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_HasMetadata(ctx, field) + res = ec._Query_packages(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6834,7 +6296,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "osv": + case "path": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6843,7 +6305,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_osv(ctx, field) + res = ec._Query_path(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6856,7 +6318,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "packages": + case "neighbors": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6865,7 +6327,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_packages(ctx, field) + res = ec._Query_neighbors(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6878,7 +6340,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "path": + case "node": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6887,7 +6349,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_path(ctx, field) + res = ec._Query_node(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6900,7 +6362,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "neighbors": + case "nodes": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6909,7 +6371,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_neighbors(ctx, field) + res = ec._Query_nodes(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6922,7 +6384,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "node": + case "PkgEqual": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6931,7 +6393,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_node(ctx, field) + res = ec._Query_PkgEqual(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6944,7 +6406,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "nodes": + case "findSoftware": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6953,7 +6415,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_nodes(ctx, field) + res = ec._Query_findSoftware(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6966,7 +6428,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "PkgEqual": + case "sources": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6975,7 +6437,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_PkgEqual(ctx, field) + res = ec._Query_sources(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -6988,7 +6450,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "findSoftware": + case "vulnEqual": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -6997,7 +6459,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_findSoftware(ctx, field) + res = ec._Query_vulnEqual(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } @@ -7010,7 +6472,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr } out.Concurrently(i, func(ctx context.Context) graphql.Marshaler { return rrm(innerCtx) }) - case "sources": + case "vulnerabilities": field := field innerFunc := func(ctx context.Context, fs *graphql.FieldSet) (res graphql.Marshaler) { @@ -7019,7 +6481,7 @@ func (ec *executionContext) _Query(ctx context.Context, sel ast.SelectionSet) gr ec.Error(ctx, ec.Recover(ctx, r)) } }() - res = ec._Query_sources(ctx, field) + res = ec._Query_vulnerabilities(ctx, field) if res == graphql.Null { atomic.AddUint32(&fs.Invalids, 1) } diff --git a/pkg/assembler/graphql/generated/certifyVEXStatement.generated.go b/pkg/assembler/graphql/generated/certifyVEXStatement.generated.go index 690b64180d..9ce44446e9 100644 --- a/pkg/assembler/graphql/generated/certifyVEXStatement.generated.go +++ b/pkg/assembler/graphql/generated/certifyVEXStatement.generated.go @@ -144,9 +144,9 @@ func (ec *executionContext) _CertifyVEXStatement_vulnerability(ctx context.Conte } return graphql.Null } - res := resTmp.(model.Vulnerability) + res := resTmp.(*model.Vulnerability) fc.Result = res - return ec.marshalNVulnerability2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, field.Selections, res) + return ec.marshalNVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, field.Selections, res) } func (ec *executionContext) fieldContext_CertifyVEXStatement_vulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { @@ -156,7 +156,15 @@ func (ec *executionContext) fieldContext_CertifyVEXStatement_vulnerability(ctx c IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Vulnerability does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_Vulnerability_id(ctx, field) + case "type": + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) }, } return fc, nil diff --git a/pkg/assembler/graphql/generated/certifyVuln.generated.go b/pkg/assembler/graphql/generated/certifyVuln.generated.go index 540e1f4597..055f5c4bf0 100644 --- a/pkg/assembler/graphql/generated/certifyVuln.generated.go +++ b/pkg/assembler/graphql/generated/certifyVuln.generated.go @@ -152,9 +152,9 @@ func (ec *executionContext) _CertifyVuln_vulnerability(ctx context.Context, fiel } return graphql.Null } - res := resTmp.(model.Vulnerability) + res := resTmp.(*model.Vulnerability) fc.Result = res - return ec.marshalNVulnerability2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, field.Selections, res) + return ec.marshalNVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, field.Selections, res) } func (ec *executionContext) fieldContext_CertifyVuln_vulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { @@ -164,7 +164,15 @@ func (ec *executionContext) fieldContext_CertifyVuln_vulnerability(ctx context.C IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Vulnerability does not have child fields") + switch field.Name { + case "id": + return ec.fieldContext_Vulnerability_id(ctx, field) + case "type": + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) }, } return fc, nil @@ -196,9 +204,9 @@ func (ec *executionContext) _CertifyVuln_metadata(ctx context.Context, field gra } return graphql.Null } - res := resTmp.(*model.VulnerabilityMetaData) + res := resTmp.(*model.ScanMetadata) fc.Result = res - return ec.marshalNVulnerabilityMetaData2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityMetaData(ctx, field.Selections, res) + return ec.marshalNScanMetadata2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐScanMetadata(ctx, field.Selections, res) } func (ec *executionContext) fieldContext_CertifyVuln_metadata(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { @@ -210,72 +218,28 @@ func (ec *executionContext) fieldContext_CertifyVuln_metadata(ctx context.Contex Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "timeScanned": - return ec.fieldContext_VulnerabilityMetaData_timeScanned(ctx, field) + return ec.fieldContext_ScanMetadata_timeScanned(ctx, field) case "dbUri": - return ec.fieldContext_VulnerabilityMetaData_dbUri(ctx, field) + return ec.fieldContext_ScanMetadata_dbUri(ctx, field) case "dbVersion": - return ec.fieldContext_VulnerabilityMetaData_dbVersion(ctx, field) + return ec.fieldContext_ScanMetadata_dbVersion(ctx, field) case "scannerUri": - return ec.fieldContext_VulnerabilityMetaData_scannerUri(ctx, field) + return ec.fieldContext_ScanMetadata_scannerUri(ctx, field) case "scannerVersion": - return ec.fieldContext_VulnerabilityMetaData_scannerVersion(ctx, field) + return ec.fieldContext_ScanMetadata_scannerVersion(ctx, field) case "origin": - return ec.fieldContext_VulnerabilityMetaData_origin(ctx, field) + return ec.fieldContext_ScanMetadata_origin(ctx, field) case "collector": - return ec.fieldContext_VulnerabilityMetaData_collector(ctx, field) + return ec.fieldContext_ScanMetadata_collector(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type VulnerabilityMetaData", field.Name) + return nil, fmt.Errorf("no field named %q was found under type ScanMetadata", field.Name) }, } return fc, nil } -func (ec *executionContext) _NoVuln_id(ctx context.Context, field graphql.CollectedField, obj *model.NoVuln) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_NoVuln_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.ID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_NoVuln_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "NoVuln", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _VulnerabilityMetaData_timeScanned(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_timeScanned(ctx, field) +func (ec *executionContext) _ScanMetadata_timeScanned(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_timeScanned(ctx, field) if err != nil { return graphql.Null } @@ -305,9 +269,9 @@ func (ec *executionContext) _VulnerabilityMetaData_timeScanned(ctx context.Conte return ec.marshalNTime2timeᚐTime(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_timeScanned(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_timeScanned(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -318,8 +282,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_timeScanned(ctx c return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_dbUri(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_dbUri(ctx, field) +func (ec *executionContext) _ScanMetadata_dbUri(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_dbUri(ctx, field) if err != nil { return graphql.Null } @@ -349,9 +313,9 @@ func (ec *executionContext) _VulnerabilityMetaData_dbUri(ctx context.Context, fi return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_dbUri(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_dbUri(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -362,8 +326,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_dbUri(ctx context return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_dbVersion(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_dbVersion(ctx, field) +func (ec *executionContext) _ScanMetadata_dbVersion(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_dbVersion(ctx, field) if err != nil { return graphql.Null } @@ -393,9 +357,9 @@ func (ec *executionContext) _VulnerabilityMetaData_dbVersion(ctx context.Context return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_dbVersion(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_dbVersion(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -406,8 +370,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_dbVersion(ctx con return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_scannerUri(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_scannerUri(ctx, field) +func (ec *executionContext) _ScanMetadata_scannerUri(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_scannerUri(ctx, field) if err != nil { return graphql.Null } @@ -437,9 +401,9 @@ func (ec *executionContext) _VulnerabilityMetaData_scannerUri(ctx context.Contex return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_scannerUri(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_scannerUri(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -450,8 +414,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_scannerUri(ctx co return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_scannerVersion(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_scannerVersion(ctx, field) +func (ec *executionContext) _ScanMetadata_scannerVersion(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_scannerVersion(ctx, field) if err != nil { return graphql.Null } @@ -481,9 +445,9 @@ func (ec *executionContext) _VulnerabilityMetaData_scannerVersion(ctx context.Co return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_scannerVersion(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_scannerVersion(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -494,8 +458,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_scannerVersion(ct return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_origin(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_origin(ctx, field) +func (ec *executionContext) _ScanMetadata_origin(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_origin(ctx, field) if err != nil { return graphql.Null } @@ -525,9 +489,9 @@ func (ec *executionContext) _VulnerabilityMetaData_origin(ctx context.Context, f return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_origin(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_origin(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -538,8 +502,8 @@ func (ec *executionContext) fieldContext_VulnerabilityMetaData_origin(ctx contex return fc, nil } -func (ec *executionContext) _VulnerabilityMetaData_collector(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityMetaData) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_VulnerabilityMetaData_collector(ctx, field) +func (ec *executionContext) _ScanMetadata_collector(ctx context.Context, field graphql.CollectedField, obj *model.ScanMetadata) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_ScanMetadata_collector(ctx, field) if err != nil { return graphql.Null } @@ -569,9 +533,9 @@ func (ec *executionContext) _VulnerabilityMetaData_collector(ctx context.Context return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_VulnerabilityMetaData_collector(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_ScanMetadata_collector(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "VulnerabilityMetaData", + Object: "ScanMetadata", Field: field, IsMethod: false, IsResolver: false, @@ -696,64 +660,8 @@ func (ec *executionContext) unmarshalInputCertifyVulnSpec(ctx context.Context, o return it, nil } -func (ec *executionContext) unmarshalInputVulnerabilityInput(ctx context.Context, obj interface{}) (model.VulnerabilityInput, error) { - var it model.VulnerabilityInput - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"osv", "cve", "ghsa", "noVuln"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "osv": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osv")) - data, err := ec.unmarshalOOSVInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx, v) - if err != nil { - return it, err - } - it.Osv = data - case "cve": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cve")) - data, err := ec.unmarshalOCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx, v) - if err != nil { - return it, err - } - it.Cve = data - case "ghsa": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsa")) - data, err := ec.unmarshalOGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx, v) - if err != nil { - return it, err - } - it.Ghsa = data - case "noVuln": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("noVuln")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err - } - it.NoVuln = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputVulnerabilityMetaDataInput(ctx context.Context, obj interface{}) (model.VulnerabilityMetaDataInput, error) { - var it model.VulnerabilityMetaDataInput +func (ec *executionContext) unmarshalInputScanMetadataInput(ctx context.Context, obj interface{}) (model.ScanMetadataInput, error) { + var it model.ScanMetadataInput asMap := map[string]interface{}{} for k, v := range obj.(map[string]interface{}) { asMap[k] = v @@ -835,103 +743,10 @@ func (ec *executionContext) unmarshalInputVulnerabilityMetaDataInput(ctx context return it, nil } -func (ec *executionContext) unmarshalInputVulnerabilitySpec(ctx context.Context, obj interface{}) (model.VulnerabilitySpec, error) { - var it model.VulnerabilitySpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"osv", "cve", "ghsa", "noVuln"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "osv": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osv")) - data, err := ec.unmarshalOOSVSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVSpec(ctx, v) - if err != nil { - return it, err - } - it.Osv = data - case "cve": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cve")) - data, err := ec.unmarshalOCVESpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVESpec(ctx, v) - if err != nil { - return it, err - } - it.Cve = data - case "ghsa": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsa")) - data, err := ec.unmarshalOGHSASpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSASpec(ctx, v) - if err != nil { - return it, err - } - it.Ghsa = data - case "noVuln": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("noVuln")) - data, err := ec.unmarshalOBoolean2ᚖbool(ctx, v) - if err != nil { - return it, err - } - it.NoVuln = data - } - } - - return it, nil -} - // endregion **************************** input.gotpl ***************************** // region ************************** interface.gotpl *************************** -func (ec *executionContext) _Vulnerability(ctx context.Context, sel ast.SelectionSet, obj model.Vulnerability) graphql.Marshaler { - switch obj := (obj).(type) { - case nil: - return graphql.Null - case model.Osv: - return ec._OSV(ctx, sel, &obj) - case *model.Osv: - if obj == nil { - return graphql.Null - } - return ec._OSV(ctx, sel, obj) - case model.Cve: - return ec._CVE(ctx, sel, &obj) - case *model.Cve: - if obj == nil { - return graphql.Null - } - return ec._CVE(ctx, sel, obj) - case model.Ghsa: - return ec._GHSA(ctx, sel, &obj) - case *model.Ghsa: - if obj == nil { - return graphql.Null - } - return ec._GHSA(ctx, sel, obj) - case model.NoVuln: - return ec._NoVuln(ctx, sel, &obj) - case *model.NoVuln: - if obj == nil { - return graphql.Null - } - return ec._NoVuln(ctx, sel, obj) - default: - panic(fmt.Errorf("unexpected type %T", obj)) - } -} - // endregion ************************** interface.gotpl *************************** // region **************************** object.gotpl **************************** @@ -990,88 +805,49 @@ func (ec *executionContext) _CertifyVuln(ctx context.Context, sel ast.SelectionS return out } -var noVulnImplementors = []string{"NoVuln", "Vulnerability", "Node"} +var scanMetadataImplementors = []string{"ScanMetadata"} -func (ec *executionContext) _NoVuln(ctx context.Context, sel ast.SelectionSet, obj *model.NoVuln) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, noVulnImplementors) +func (ec *executionContext) _ScanMetadata(ctx context.Context, sel ast.SelectionSet, obj *model.ScanMetadata) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, scanMetadataImplementors) out := graphql.NewFieldSet(fields) deferred := make(map[string]*graphql.FieldSet) for i, field := range fields { switch field.Name { case "__typename": - out.Values[i] = graphql.MarshalString("NoVuln") - case "id": - out.Values[i] = ec._NoVuln_id(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - default: - panic("unknown field " + strconv.Quote(field.Name)) - } - } - out.Dispatch(ctx) - if out.Invalids > 0 { - return graphql.Null - } - - atomic.AddInt32(&ec.deferred, int32(len(deferred))) - - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) - } - - return out -} - -var vulnerabilityMetaDataImplementors = []string{"VulnerabilityMetaData"} - -func (ec *executionContext) _VulnerabilityMetaData(ctx context.Context, sel ast.SelectionSet, obj *model.VulnerabilityMetaData) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, vulnerabilityMetaDataImplementors) - - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("VulnerabilityMetaData") + out.Values[i] = graphql.MarshalString("ScanMetadata") case "timeScanned": - out.Values[i] = ec._VulnerabilityMetaData_timeScanned(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_timeScanned(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "dbUri": - out.Values[i] = ec._VulnerabilityMetaData_dbUri(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_dbUri(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "dbVersion": - out.Values[i] = ec._VulnerabilityMetaData_dbVersion(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_dbVersion(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "scannerUri": - out.Values[i] = ec._VulnerabilityMetaData_scannerUri(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_scannerUri(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "scannerVersion": - out.Values[i] = ec._VulnerabilityMetaData_scannerVersion(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_scannerVersion(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "origin": - out.Values[i] = ec._VulnerabilityMetaData_origin(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_origin(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "collector": - out.Values[i] = ec._VulnerabilityMetaData_collector(ctx, field, obj) + out.Values[i] = ec._ScanMetadata_collector(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } @@ -1165,42 +941,19 @@ func (ec *executionContext) unmarshalNCertifyVulnSpec2githubᚗcomᚋguacsecᚋg return res, graphql.ErrorOnPath(ctx, err) } -func (ec *executionContext) marshalNVulnerability2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx context.Context, sel ast.SelectionSet, v model.Vulnerability) graphql.Marshaler { - if v == nil { - if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { - ec.Errorf(ctx, "the requested element is null which the schema does not allow") - } - return graphql.Null - } - return ec._Vulnerability(ctx, sel, v) -} - -func (ec *executionContext) unmarshalNVulnerabilityInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInput(ctx context.Context, v interface{}) (model.VulnerabilityInput, error) { - res, err := ec.unmarshalInputVulnerabilityInput(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) marshalNVulnerabilityMetaData2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityMetaData(ctx context.Context, sel ast.SelectionSet, v *model.VulnerabilityMetaData) graphql.Marshaler { +func (ec *executionContext) marshalNScanMetadata2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐScanMetadata(ctx context.Context, sel ast.SelectionSet, v *model.ScanMetadata) graphql.Marshaler { if v == nil { if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { ec.Errorf(ctx, "the requested element is null which the schema does not allow") } return graphql.Null } - return ec._VulnerabilityMetaData(ctx, sel, v) + return ec._ScanMetadata(ctx, sel, v) } -func (ec *executionContext) unmarshalNVulnerabilityMetaDataInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityMetaDataInput(ctx context.Context, v interface{}) (model.VulnerabilityMetaDataInput, error) { - res, err := ec.unmarshalInputVulnerabilityMetaDataInput(ctx, v) +func (ec *executionContext) unmarshalNScanMetadataInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐScanMetadataInput(ctx context.Context, v interface{}) (model.ScanMetadataInput, error) { + res, err := ec.unmarshalInputScanMetadataInput(ctx, v) return res, graphql.ErrorOnPath(ctx, err) } -func (ec *executionContext) unmarshalOVulnerabilitySpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx context.Context, v interface{}) (*model.VulnerabilitySpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputVulnerabilitySpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - // endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/generated/cve.generated.go b/pkg/assembler/graphql/generated/cve.generated.go deleted file mode 100644 index 1b3667b288..0000000000 --- a/pkg/assembler/graphql/generated/cve.generated.go +++ /dev/null @@ -1,414 +0,0 @@ -// Code generated by github.com/99designs/gqlgen, DO NOT EDIT. - -package generated - -import ( - "context" - "errors" - "strconv" - "sync" - "sync/atomic" - - "github.com/99designs/gqlgen/graphql" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/vektah/gqlparser/v2/ast" -) - -// region ************************** generated!.gotpl ************************** - -// endregion ************************** generated!.gotpl ************************** - -// region ***************************** args.gotpl ***************************** - -// endregion ***************************** args.gotpl ***************************** - -// region ************************** directives.gotpl ************************** - -// endregion ************************** directives.gotpl ************************** - -// region **************************** field.gotpl ***************************** - -func (ec *executionContext) _CVE_id(ctx context.Context, field graphql.CollectedField, obj *model.Cve) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_CVE_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.ID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_CVE_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "CVE", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _CVE_year(ctx context.Context, field graphql.CollectedField, obj *model.Cve) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_CVE_year(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.Year, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(int) - fc.Result = res - return ec.marshalNInt2int(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_CVE_year(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "CVE", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type Int does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _CVE_cveId(ctx context.Context, field graphql.CollectedField, obj *model.Cve) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_CVE_cveId(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.CveID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_CVE_cveId(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "CVE", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, - } - return fc, nil -} - -// endregion **************************** field.gotpl ***************************** - -// region **************************** input.gotpl ***************************** - -func (ec *executionContext) unmarshalInputCVEInputSpec(ctx context.Context, obj interface{}) (model.CVEInputSpec, error) { - var it model.CVEInputSpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"year", "cveId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "year": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("year")) - data, err := ec.unmarshalNInt2int(ctx, v) - if err != nil { - return it, err - } - it.Year = data - case "cveId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cveId")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.CveID = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputCVESpec(ctx context.Context, obj interface{}) (model.CVESpec, error) { - var it model.CVESpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"id", "year", "cveId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "id": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalOID2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ID = data - case "year": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("year")) - data, err := ec.unmarshalOInt2ᚖint(ctx, v) - if err != nil { - return it, err - } - it.Year = data - case "cveId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cveId")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.CveID = data - } - } - - return it, nil -} - -// endregion **************************** input.gotpl ***************************** - -// region ************************** interface.gotpl *************************** - -// endregion ************************** interface.gotpl *************************** - -// region **************************** object.gotpl **************************** - -var cVEImplementors = []string{"CVE", "Vulnerability", "CveOrGhsa", "Node"} - -func (ec *executionContext) _CVE(ctx context.Context, sel ast.SelectionSet, obj *model.Cve) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, cVEImplementors) - - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("CVE") - case "id": - out.Values[i] = ec._CVE_id(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "year": - out.Values[i] = ec._CVE_year(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "cveId": - out.Values[i] = ec._CVE_cveId(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - default: - panic("unknown field " + strconv.Quote(field.Name)) - } - } - out.Dispatch(ctx) - if out.Invalids > 0 { - return graphql.Null - } - - atomic.AddInt32(&ec.deferred, int32(len(deferred))) - - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) - } - - return out -} - -// endregion **************************** object.gotpl **************************** - -// region ***************************** type.gotpl ***************************** - -func (ec *executionContext) marshalNCVE2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCve(ctx context.Context, sel ast.SelectionSet, v model.Cve) graphql.Marshaler { - return ec._CVE(ctx, sel, &v) -} - -func (ec *executionContext) marshalNCVE2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.Cve) graphql.Marshaler { - ret := make(graphql.Array, len(v)) - var wg sync.WaitGroup - isLen1 := len(v) == 1 - if !isLen1 { - wg.Add(len(v)) - } - for i := range v { - i := i - fc := &graphql.FieldContext{ - Index: &i, - Result: &v[i], - } - ctx := graphql.WithFieldContext(ctx, fc) - f := func(i int) { - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = nil - } - }() - if !isLen1 { - defer wg.Done() - } - ret[i] = ec.marshalNCVE2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCve(ctx, sel, v[i]) - } - if isLen1 { - f(i) - } else { - go f(i) - } - - } - wg.Wait() - - for _, e := range ret { - if e == graphql.Null { - return graphql.Null - } - } - - return ret -} - -func (ec *executionContext) marshalNCVE2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCve(ctx context.Context, sel ast.SelectionSet, v *model.Cve) graphql.Marshaler { - if v == nil { - if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { - ec.Errorf(ctx, "the requested element is null which the schema does not allow") - } - return graphql.Null - } - return ec._CVE(ctx, sel, v) -} - -func (ec *executionContext) unmarshalNCVEInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpecᚄ(ctx context.Context, v interface{}) ([]*model.CVEInputSpec, error) { - var vSlice []interface{} - if v != nil { - vSlice = graphql.CoerceList(v) - } - var err error - res := make([]*model.CVEInputSpec, len(vSlice)) - for i := range vSlice { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) - res[i], err = ec.unmarshalNCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx, vSlice[i]) - if err != nil { - return nil, err - } - } - return res, nil -} - -func (ec *executionContext) unmarshalNCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx context.Context, v interface{}) (*model.CVEInputSpec, error) { - res, err := ec.unmarshalInputCVEInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalNCVESpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVESpec(ctx context.Context, v interface{}) (model.CVESpec, error) { - res, err := ec.unmarshalInputCVESpec(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx context.Context, v interface{}) (*model.CVEInputSpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputCVEInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOCVESpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVESpec(ctx context.Context, v interface{}) (*model.CVESpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputCVESpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -// endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/generated/ghsa.generated.go b/pkg/assembler/graphql/generated/ghsa.generated.go deleted file mode 100644 index 228d3223c3..0000000000 --- a/pkg/assembler/graphql/generated/ghsa.generated.go +++ /dev/null @@ -1,347 +0,0 @@ -// Code generated by github.com/99designs/gqlgen, DO NOT EDIT. - -package generated - -import ( - "context" - "errors" - "strconv" - "sync" - "sync/atomic" - - "github.com/99designs/gqlgen/graphql" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/vektah/gqlparser/v2/ast" -) - -// region ************************** generated!.gotpl ************************** - -// endregion ************************** generated!.gotpl ************************** - -// region ***************************** args.gotpl ***************************** - -// endregion ***************************** args.gotpl ***************************** - -// region ************************** directives.gotpl ************************** - -// endregion ************************** directives.gotpl ************************** - -// region **************************** field.gotpl ***************************** - -func (ec *executionContext) _GHSA_id(ctx context.Context, field graphql.CollectedField, obj *model.Ghsa) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_GHSA_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.ID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_GHSA_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "GHSA", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _GHSA_ghsaId(ctx context.Context, field graphql.CollectedField, obj *model.Ghsa) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_GHSA_ghsaId(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.GhsaID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_GHSA_ghsaId(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "GHSA", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, - } - return fc, nil -} - -// endregion **************************** field.gotpl ***************************** - -// region **************************** input.gotpl ***************************** - -func (ec *executionContext) unmarshalInputGHSAInputSpec(ctx context.Context, obj interface{}) (model.GHSAInputSpec, error) { - var it model.GHSAInputSpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"ghsaId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "ghsaId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsaId")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.GhsaID = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputGHSASpec(ctx context.Context, obj interface{}) (model.GHSASpec, error) { - var it model.GHSASpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"id", "ghsaId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "id": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalOID2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ID = data - case "ghsaId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsaId")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.GhsaID = data - } - } - - return it, nil -} - -// endregion **************************** input.gotpl ***************************** - -// region ************************** interface.gotpl *************************** - -// endregion ************************** interface.gotpl *************************** - -// region **************************** object.gotpl **************************** - -var gHSAImplementors = []string{"GHSA", "Vulnerability", "CveOrGhsa", "Node"} - -func (ec *executionContext) _GHSA(ctx context.Context, sel ast.SelectionSet, obj *model.Ghsa) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, gHSAImplementors) - - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("GHSA") - case "id": - out.Values[i] = ec._GHSA_id(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "ghsaId": - out.Values[i] = ec._GHSA_ghsaId(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - default: - panic("unknown field " + strconv.Quote(field.Name)) - } - } - out.Dispatch(ctx) - if out.Invalids > 0 { - return graphql.Null - } - - atomic.AddInt32(&ec.deferred, int32(len(deferred))) - - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) - } - - return out -} - -// endregion **************************** object.gotpl **************************** - -// region ***************************** type.gotpl ***************************** - -func (ec *executionContext) marshalNGHSA2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsa(ctx context.Context, sel ast.SelectionSet, v model.Ghsa) graphql.Marshaler { - return ec._GHSA(ctx, sel, &v) -} - -func (ec *executionContext) marshalNGHSA2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsaᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.Ghsa) graphql.Marshaler { - ret := make(graphql.Array, len(v)) - var wg sync.WaitGroup - isLen1 := len(v) == 1 - if !isLen1 { - wg.Add(len(v)) - } - for i := range v { - i := i - fc := &graphql.FieldContext{ - Index: &i, - Result: &v[i], - } - ctx := graphql.WithFieldContext(ctx, fc) - f := func(i int) { - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = nil - } - }() - if !isLen1 { - defer wg.Done() - } - ret[i] = ec.marshalNGHSA2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsa(ctx, sel, v[i]) - } - if isLen1 { - f(i) - } else { - go f(i) - } - - } - wg.Wait() - - for _, e := range ret { - if e == graphql.Null { - return graphql.Null - } - } - - return ret -} - -func (ec *executionContext) marshalNGHSA2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGhsa(ctx context.Context, sel ast.SelectionSet, v *model.Ghsa) graphql.Marshaler { - if v == nil { - if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { - ec.Errorf(ctx, "the requested element is null which the schema does not allow") - } - return graphql.Null - } - return ec._GHSA(ctx, sel, v) -} - -func (ec *executionContext) unmarshalNGHSAInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpecᚄ(ctx context.Context, v interface{}) ([]*model.GHSAInputSpec, error) { - var vSlice []interface{} - if v != nil { - vSlice = graphql.CoerceList(v) - } - var err error - res := make([]*model.GHSAInputSpec, len(vSlice)) - for i := range vSlice { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) - res[i], err = ec.unmarshalNGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx, vSlice[i]) - if err != nil { - return nil, err - } - } - return res, nil -} - -func (ec *executionContext) unmarshalNGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx context.Context, v interface{}) (*model.GHSAInputSpec, error) { - res, err := ec.unmarshalInputGHSAInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalNGHSASpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSASpec(ctx context.Context, v interface{}) (model.GHSASpec, error) { - res, err := ec.unmarshalInputGHSASpec(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx context.Context, v interface{}) (*model.GHSAInputSpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputGHSAInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOGHSASpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSASpec(ctx context.Context, v interface{}) (*model.GHSASpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputGHSASpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -// endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/generated/osv.generated.go b/pkg/assembler/graphql/generated/osv.generated.go deleted file mode 100644 index 361f5a1b6f..0000000000 --- a/pkg/assembler/graphql/generated/osv.generated.go +++ /dev/null @@ -1,352 +0,0 @@ -// Code generated by github.com/99designs/gqlgen, DO NOT EDIT. - -package generated - -import ( - "context" - "errors" - "strconv" - "sync" - "sync/atomic" - - "github.com/99designs/gqlgen/graphql" - "github.com/guacsec/guac/pkg/assembler/graphql/model" - "github.com/vektah/gqlparser/v2/ast" -) - -// region ************************** generated!.gotpl ************************** - -// endregion ************************** generated!.gotpl ************************** - -// region ***************************** args.gotpl ***************************** - -// endregion ***************************** args.gotpl ***************************** - -// region ************************** directives.gotpl ************************** - -// endregion ************************** directives.gotpl ************************** - -// region **************************** field.gotpl ***************************** - -func (ec *executionContext) _OSV_id(ctx context.Context, field graphql.CollectedField, obj *model.Osv) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_OSV_id(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.ID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNID2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_OSV_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "OSV", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type ID does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _OSV_osvId(ctx context.Context, field graphql.CollectedField, obj *model.Osv) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_OSV_osvId(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.OsvID, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(string) - fc.Result = res - return ec.marshalNString2string(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_OSV_osvId(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "OSV", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type String does not have child fields") - }, - } - return fc, nil -} - -// endregion **************************** field.gotpl ***************************** - -// region **************************** input.gotpl ***************************** - -func (ec *executionContext) unmarshalInputOSVInputSpec(ctx context.Context, obj interface{}) (model.OSVInputSpec, error) { - var it model.OSVInputSpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"osvId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "osvId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osvId")) - data, err := ec.unmarshalNString2string(ctx, v) - if err != nil { - return it, err - } - it.OsvID = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputOSVSpec(ctx context.Context, obj interface{}) (model.OSVSpec, error) { - var it model.OSVSpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"id", "osvId"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "id": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) - data, err := ec.unmarshalOID2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.ID = data - case "osvId": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osvId")) - data, err := ec.unmarshalOString2ᚖstring(ctx, v) - if err != nil { - return it, err - } - it.OsvID = data - } - } - - return it, nil -} - -// endregion **************************** input.gotpl ***************************** - -// region ************************** interface.gotpl *************************** - -// endregion ************************** interface.gotpl *************************** - -// region **************************** object.gotpl **************************** - -var oSVImplementors = []string{"OSV", "Vulnerability", "Node"} - -func (ec *executionContext) _OSV(ctx context.Context, sel ast.SelectionSet, obj *model.Osv) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, oSVImplementors) - - out := graphql.NewFieldSet(fields) - deferred := make(map[string]*graphql.FieldSet) - for i, field := range fields { - switch field.Name { - case "__typename": - out.Values[i] = graphql.MarshalString("OSV") - case "id": - out.Values[i] = ec._OSV_id(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "osvId": - out.Values[i] = ec._OSV_osvId(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - default: - panic("unknown field " + strconv.Quote(field.Name)) - } - } - out.Dispatch(ctx) - if out.Invalids > 0 { - return graphql.Null - } - - atomic.AddInt32(&ec.deferred, int32(len(deferred))) - - for label, dfs := range deferred { - ec.processDeferredGroup(graphql.DeferredGroup{ - Label: label, - Path: graphql.GetPath(ctx), - FieldSet: dfs, - Context: ctx, - }) - } - - return out -} - -// endregion **************************** object.gotpl **************************** - -// region ***************************** type.gotpl ***************************** - -func (ec *executionContext) marshalNOSV2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsv(ctx context.Context, sel ast.SelectionSet, v model.Osv) graphql.Marshaler { - return ec._OSV(ctx, sel, &v) -} - -func (ec *executionContext) marshalNOSV2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsvᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.Osv) graphql.Marshaler { - ret := make(graphql.Array, len(v)) - var wg sync.WaitGroup - isLen1 := len(v) == 1 - if !isLen1 { - wg.Add(len(v)) - } - for i := range v { - i := i - fc := &graphql.FieldContext{ - Index: &i, - Result: &v[i], - } - ctx := graphql.WithFieldContext(ctx, fc) - f := func(i int) { - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = nil - } - }() - if !isLen1 { - defer wg.Done() - } - ret[i] = ec.marshalNOSV2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsv(ctx, sel, v[i]) - } - if isLen1 { - f(i) - } else { - go f(i) - } - - } - wg.Wait() - - for _, e := range ret { - if e == graphql.Null { - return graphql.Null - } - } - - return ret -} - -func (ec *executionContext) marshalNOSV2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsv(ctx context.Context, sel ast.SelectionSet, v *model.Osv) graphql.Marshaler { - if v == nil { - if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { - ec.Errorf(ctx, "the requested element is null which the schema does not allow") - } - return graphql.Null - } - return ec._OSV(ctx, sel, v) -} - -func (ec *executionContext) unmarshalNOSVInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx context.Context, v interface{}) (model.OSVInputSpec, error) { - res, err := ec.unmarshalInputOSVInputSpec(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalNOSVInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpecᚄ(ctx context.Context, v interface{}) ([]*model.OSVInputSpec, error) { - var vSlice []interface{} - if v != nil { - vSlice = graphql.CoerceList(v) - } - var err error - res := make([]*model.OSVInputSpec, len(vSlice)) - for i := range vSlice { - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) - res[i], err = ec.unmarshalNOSVInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx, vSlice[i]) - if err != nil { - return nil, err - } - } - return res, nil -} - -func (ec *executionContext) unmarshalNOSVInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx context.Context, v interface{}) (*model.OSVInputSpec, error) { - res, err := ec.unmarshalInputOSVInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalNOSVSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVSpec(ctx context.Context, v interface{}) (model.OSVSpec, error) { - res, err := ec.unmarshalInputOSVSpec(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOOSVInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVInputSpec(ctx context.Context, v interface{}) (*model.OSVInputSpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputOSVInputSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) unmarshalOOSVSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVSpec(ctx context.Context, v interface{}) (*model.OSVSpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputOSVSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -// endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/generated/path.generated.go b/pkg/assembler/graphql/generated/path.generated.go index 3ab483a19b..0b4c81ac72 100644 --- a/pkg/assembler/graphql/generated/path.generated.go +++ b/pkg/assembler/graphql/generated/path.generated.go @@ -66,34 +66,13 @@ func (ec *executionContext) _Node(ctx context.Context, sel ast.SelectionSet, obj return graphql.Null } return ec._Builder(ctx, sel, obj) - case model.Osv: - return ec._OSV(ctx, sel, &obj) - case *model.Osv: + case model.Vulnerability: + return ec._Vulnerability(ctx, sel, &obj) + case *model.Vulnerability: if obj == nil { return graphql.Null } - return ec._OSV(ctx, sel, obj) - case model.Cve: - return ec._CVE(ctx, sel, &obj) - case *model.Cve: - if obj == nil { - return graphql.Null - } - return ec._CVE(ctx, sel, obj) - case model.Ghsa: - return ec._GHSA(ctx, sel, &obj) - case *model.Ghsa: - if obj == nil { - return graphql.Null - } - return ec._GHSA(ctx, sel, obj) - case model.NoVuln: - return ec._NoVuln(ctx, sel, &obj) - case *model.NoVuln: - if obj == nil { - return graphql.Null - } - return ec._NoVuln(ctx, sel, obj) + return ec._Vulnerability(ctx, sel, obj) case model.IsOccurrence: return ec._IsOccurrence(ctx, sel, &obj) case *model.IsOccurrence: @@ -108,13 +87,13 @@ func (ec *executionContext) _Node(ctx context.Context, sel ast.SelectionSet, obj return graphql.Null } return ec._IsDependency(ctx, sel, obj) - case model.IsVulnerability: - return ec._IsVulnerability(ctx, sel, &obj) - case *model.IsVulnerability: + case model.VulnEqual: + return ec._VulnEqual(ctx, sel, &obj) + case *model.VulnEqual: if obj == nil { return graphql.Null } - return ec._IsVulnerability(ctx, sel, obj) + return ec._VulnEqual(ctx, sel, obj) case model.CertifyVEXStatement: return ec._CertifyVEXStatement(ctx, sel, &obj) case *model.CertifyVEXStatement: diff --git a/pkg/assembler/graphql/generated/prelude.generated.go b/pkg/assembler/graphql/generated/prelude.generated.go index d6a3ad981d..c2e5ef3612 100644 --- a/pkg/assembler/graphql/generated/prelude.generated.go +++ b/pkg/assembler/graphql/generated/prelude.generated.go @@ -2608,22 +2608,6 @@ func (ec *executionContext) marshalOID2ᚖstring(ctx context.Context, sel ast.Se return res } -func (ec *executionContext) unmarshalOInt2ᚖint(ctx context.Context, v interface{}) (*int, error) { - if v == nil { - return nil, nil - } - res, err := graphql.UnmarshalInt(v) - return &res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) marshalOInt2ᚖint(ctx context.Context, sel ast.SelectionSet, v *int) graphql.Marshaler { - if v == nil { - return graphql.Null - } - res := graphql.MarshalInt(*v) - return res -} - func (ec *executionContext) unmarshalOString2ᚖstring(ctx context.Context, v interface{}) (*string, error) { if v == nil { return nil, nil diff --git a/pkg/assembler/graphql/generated/root_.generated.go b/pkg/assembler/graphql/generated/root_.generated.go index 3aec75c9ee..2209ca17b6 100644 --- a/pkg/assembler/graphql/generated/root_.generated.go +++ b/pkg/assembler/graphql/generated/root_.generated.go @@ -50,12 +50,6 @@ type ComplexityRoot struct { URI func(childComplexity int) int } - CVE struct { - CveID func(childComplexity int) int - ID func(childComplexity int) int - Year func(childComplexity int) int - } - CertifyBad struct { Collector func(childComplexity int) int ID func(childComplexity int) int @@ -98,11 +92,6 @@ type ComplexityRoot struct { Vulnerability func(childComplexity int) int } - GHSA struct { - GhsaID func(childComplexity int) int - ID func(childComplexity int) int - } - HasMetadata struct { Collector func(childComplexity int) int ID func(childComplexity int) int @@ -169,41 +158,26 @@ type ComplexityRoot struct { Subject func(childComplexity int) int } - IsVulnerability struct { - Collector func(childComplexity int) int - ID func(childComplexity int) int - Justification func(childComplexity int) int - Origin func(childComplexity int) int - Osv func(childComplexity int) int - Vulnerability func(childComplexity int) int - } - Mutation struct { IngestArtifact func(childComplexity int, artifact *model.ArtifactInputSpec) int IngestArtifacts func(childComplexity int, artifacts []*model.ArtifactInputSpec) int IngestBuilder func(childComplexity int, builder *model.BuilderInputSpec) int IngestBuilders func(childComplexity int, builders []*model.BuilderInputSpec) int - IngestCVEs func(childComplexity int, cves []*model.CVEInputSpec) int IngestCertifyBad func(childComplexity int, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, certifyBad model.CertifyBadInputSpec) int IngestCertifyBads func(childComplexity int, subjects model.PackageSourceOrArtifactInputs, pkgMatchType model.MatchFlags, certifyBads []*model.CertifyBadInputSpec) int IngestCertifyGood func(childComplexity int, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, certifyGood model.CertifyGoodInputSpec) int IngestCertifyGoods func(childComplexity int, subjects model.PackageSourceOrArtifactInputs, pkgMatchType model.MatchFlags, certifyGoods []*model.CertifyGoodInputSpec) int - IngestCve func(childComplexity int, cve *model.CVEInputSpec) int + IngestCertifyVuln func(childComplexity int, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) int IngestDependencies func(childComplexity int, pkgs []*model.PkgInputSpec, depPkgs []*model.PkgInputSpec, dependencies []*model.IsDependencyInputSpec) int IngestDependency func(childComplexity int, pkg model.PkgInputSpec, depPkg model.PkgInputSpec, dependency model.IsDependencyInputSpec) int - IngestGHSAs func(childComplexity int, ghsas []*model.GHSAInputSpec) int - IngestGhsa func(childComplexity int, ghsa *model.GHSAInputSpec) int IngestHasMetadata func(childComplexity int, subject model.PackageSourceOrArtifactInput, pkgMatchType model.MatchFlags, hasMetadata model.HasMetadataInputSpec) int IngestHasSBOMs func(childComplexity int, subjects model.PackageOrArtifactInputs, hasSBOMs []*model.HasSBOMInputSpec) int IngestHasSbom func(childComplexity int, subject model.PackageOrArtifactInput, hasSbom model.HasSBOMInputSpec) int IngestHasSourceAt func(childComplexity int, pkg model.PkgInputSpec, pkgMatchType model.MatchFlags, source model.SourceInputSpec, hasSourceAt model.HasSourceAtInputSpec) int IngestHashEqual func(childComplexity int, artifact model.ArtifactInputSpec, otherArtifact model.ArtifactInputSpec, hashEqual model.HashEqualInputSpec) int IngestHashEquals func(childComplexity int, artifacts []*model.ArtifactInputSpec, otherArtifacts []*model.ArtifactInputSpec, hashEquals []*model.HashEqualInputSpec) int - IngestIsVulnerability func(childComplexity int, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) int - IngestOSVs func(childComplexity int, osvs []*model.OSVInputSpec) int IngestOccurrence func(childComplexity int, subject model.PackageOrSourceInput, artifact model.ArtifactInputSpec, occurrence model.IsOccurrenceInputSpec) int IngestOccurrences func(childComplexity int, subjects model.PackageOrSourceInputs, artifacts []*model.ArtifactInputSpec, occurrences []*model.IsOccurrenceInputSpec) int - IngestOsv func(childComplexity int, osv *model.OSVInputSpec) int IngestPackage func(childComplexity int, pkg model.PkgInputSpec) int IngestPackages func(childComplexity int, pkgs []*model.PkgInputSpec) int IngestPkgEqual func(childComplexity int, pkg model.PkgInputSpec, otherPackage model.PkgInputSpec, pkgEqual model.PkgEqualInputSpec) int @@ -214,17 +188,10 @@ type ComplexityRoot struct { IngestSlsa func(childComplexity int, subject model.ArtifactInputSpec, builtFrom []*model.ArtifactInputSpec, builtBy model.BuilderInputSpec, slsa model.SLSAInputSpec) int IngestSource func(childComplexity int, source model.SourceInputSpec) int IngestSources func(childComplexity int, sources []*model.SourceInputSpec) int - IngestVEXStatement func(childComplexity int, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) int - IngestVulnerability func(childComplexity int, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) int - } - - NoVuln struct { - ID func(childComplexity int) int - } - - OSV struct { - ID func(childComplexity int) int - OsvID func(childComplexity int) int + IngestVEXStatement func(childComplexity int, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) int + IngestVulnEqual func(childComplexity int, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) int + IngestVulnerabilities func(childComplexity int, vulns []*model.VulnerabilityInputSpec) int + IngestVulnerability func(childComplexity int, vuln model.VulnerabilityInputSpec) int } Package struct { @@ -283,9 +250,7 @@ type ComplexityRoot struct { CertifyGood func(childComplexity int, certifyGoodSpec model.CertifyGoodSpec) int CertifyVEXStatement func(childComplexity int, certifyVEXStatementSpec model.CertifyVEXStatementSpec) int CertifyVuln func(childComplexity int, certifyVulnSpec model.CertifyVulnSpec) int - Cve func(childComplexity int, cveSpec model.CVESpec) int FindSoftware func(childComplexity int, searchText string) int - Ghsa func(childComplexity int, ghsaSpec model.GHSASpec) int HasMetadata func(childComplexity int, hasMetadataSpec model.HasMetadataSpec) int HasSbom func(childComplexity int, hasSBOMSpec model.HasSBOMSpec) int HasSlsa func(childComplexity int, hasSLSASpec model.HasSLSASpec) int @@ -293,17 +258,17 @@ type ComplexityRoot struct { HashEqual func(childComplexity int, hashEqualSpec model.HashEqualSpec) int IsDependency func(childComplexity int, isDependencySpec model.IsDependencySpec) int IsOccurrence func(childComplexity int, isOccurrenceSpec model.IsOccurrenceSpec) int - IsVulnerability func(childComplexity int, isVulnerabilitySpec model.IsVulnerabilitySpec) int Neighbors func(childComplexity int, node string, usingOnly []model.Edge) int Node func(childComplexity int, node string) int Nodes func(childComplexity int, nodes []string) int - Osv func(childComplexity int, osvSpec model.OSVSpec) int Packages func(childComplexity int, pkgSpec model.PkgSpec) int Path func(childComplexity int, subject string, target string, maxPathLength int, usingOnly []model.Edge) int PkgEqual func(childComplexity int, pkgEqualSpec model.PkgEqualSpec) int PointOfContact func(childComplexity int, pointOfContactSpec model.PointOfContactSpec) int Scorecards func(childComplexity int, scorecardSpec model.CertifyScorecardSpec) int Sources func(childComplexity int, sourceSpec model.SourceSpec) int + VulnEqual func(childComplexity int, vulnEqualSpec model.VulnEqualSpec) int + Vulnerabilities func(childComplexity int, vulnSpec model.VulnerabilitySpec) int } SLSA struct { @@ -323,6 +288,16 @@ type ComplexityRoot struct { Value func(childComplexity int) int } + ScanMetadata struct { + Collector func(childComplexity int) int + DbURI func(childComplexity int) int + DbVersion func(childComplexity int) int + Origin func(childComplexity int) int + ScannerURI func(childComplexity int) int + ScannerVersion func(childComplexity int) int + TimeScanned func(childComplexity int) int + } + Scorecard struct { AggregateScore func(childComplexity int) int Checks func(childComplexity int) int @@ -357,14 +332,23 @@ type ComplexityRoot struct { Namespace func(childComplexity int) int } - VulnerabilityMetaData struct { - Collector func(childComplexity int) int - DbURI func(childComplexity int) int - DbVersion func(childComplexity int) int - Origin func(childComplexity int) int - ScannerURI func(childComplexity int) int - ScannerVersion func(childComplexity int) int - TimeScanned func(childComplexity int) int + VulnEqual struct { + Collector func(childComplexity int) int + ID func(childComplexity int) int + Justification func(childComplexity int) int + Origin func(childComplexity int) int + Vulnerabilities func(childComplexity int) int + } + + Vulnerability struct { + ID func(childComplexity int) int + Type func(childComplexity int) int + VulnerabilityIDs func(childComplexity int) int + } + + VulnerabilityID struct { + ID func(childComplexity int) int + VulnerabilityID func(childComplexity int) int } } @@ -418,27 +402,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Builder.URI(childComplexity), true - case "CVE.cveId": - if e.complexity.CVE.CveID == nil { - break - } - - return e.complexity.CVE.CveID(childComplexity), true - - case "CVE.id": - if e.complexity.CVE.ID == nil { - break - } - - return e.complexity.CVE.ID(childComplexity), true - - case "CVE.year": - if e.complexity.CVE.Year == nil { - break - } - - return e.complexity.CVE.Year(childComplexity), true - case "CertifyBad.collector": if e.complexity.CertifyBad.Collector == nil { break @@ -628,20 +591,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.CertifyVuln.Vulnerability(childComplexity), true - case "GHSA.ghsaId": - if e.complexity.GHSA.GhsaID == nil { - break - } - - return e.complexity.GHSA.GhsaID(childComplexity), true - - case "GHSA.id": - if e.complexity.GHSA.ID == nil { - break - } - - return e.complexity.GHSA.ID(childComplexity), true - case "HasMetadata.collector": if e.complexity.HasMetadata.Collector == nil { break @@ -957,48 +906,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.IsOccurrence.Subject(childComplexity), true - case "IsVulnerability.collector": - if e.complexity.IsVulnerability.Collector == nil { - break - } - - return e.complexity.IsVulnerability.Collector(childComplexity), true - - case "IsVulnerability.id": - if e.complexity.IsVulnerability.ID == nil { - break - } - - return e.complexity.IsVulnerability.ID(childComplexity), true - - case "IsVulnerability.justification": - if e.complexity.IsVulnerability.Justification == nil { - break - } - - return e.complexity.IsVulnerability.Justification(childComplexity), true - - case "IsVulnerability.origin": - if e.complexity.IsVulnerability.Origin == nil { - break - } - - return e.complexity.IsVulnerability.Origin(childComplexity), true - - case "IsVulnerability.osv": - if e.complexity.IsVulnerability.Osv == nil { - break - } - - return e.complexity.IsVulnerability.Osv(childComplexity), true - - case "IsVulnerability.vulnerability": - if e.complexity.IsVulnerability.Vulnerability == nil { - break - } - - return e.complexity.IsVulnerability.Vulnerability(childComplexity), true - case "Mutation.ingestArtifact": if e.complexity.Mutation.IngestArtifact == nil { break @@ -1047,18 +954,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Mutation.IngestBuilders(childComplexity, args["builders"].([]*model.BuilderInputSpec)), true - case "Mutation.ingestCVEs": - if e.complexity.Mutation.IngestCVEs == nil { - break - } - - args, err := ec.field_Mutation_ingestCVEs_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestCVEs(childComplexity, args["cves"].([]*model.CVEInputSpec)), true - case "Mutation.ingestCertifyBad": if e.complexity.Mutation.IngestCertifyBad == nil { break @@ -1107,17 +1002,17 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Mutation.IngestCertifyGoods(childComplexity, args["subjects"].(model.PackageSourceOrArtifactInputs), args["pkgMatchType"].(model.MatchFlags), args["certifyGoods"].([]*model.CertifyGoodInputSpec)), true - case "Mutation.ingestCVE": - if e.complexity.Mutation.IngestCve == nil { + case "Mutation.ingestCertifyVuln": + if e.complexity.Mutation.IngestCertifyVuln == nil { break } - args, err := ec.field_Mutation_ingestCVE_args(context.TODO(), rawArgs) + args, err := ec.field_Mutation_ingestCertifyVuln_args(context.TODO(), rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.IngestCve(childComplexity, args["cve"].(*model.CVEInputSpec)), true + return e.complexity.Mutation.IngestCertifyVuln(childComplexity, args["pkg"].(model.PkgInputSpec), args["vulnerability"].(model.VulnerabilityInputSpec), args["certifyVuln"].(model.ScanMetadataInput)), true case "Mutation.ingestDependencies": if e.complexity.Mutation.IngestDependencies == nil { @@ -1143,30 +1038,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Mutation.IngestDependency(childComplexity, args["pkg"].(model.PkgInputSpec), args["depPkg"].(model.PkgInputSpec), args["dependency"].(model.IsDependencyInputSpec)), true - case "Mutation.ingestGHSAs": - if e.complexity.Mutation.IngestGHSAs == nil { - break - } - - args, err := ec.field_Mutation_ingestGHSAs_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestGHSAs(childComplexity, args["ghsas"].([]*model.GHSAInputSpec)), true - - case "Mutation.ingestGHSA": - if e.complexity.Mutation.IngestGhsa == nil { - break - } - - args, err := ec.field_Mutation_ingestGHSA_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestGhsa(childComplexity, args["ghsa"].(*model.GHSAInputSpec)), true - case "Mutation.ingestHasMetadata": if e.complexity.Mutation.IngestHasMetadata == nil { break @@ -1239,30 +1110,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Mutation.IngestHashEquals(childComplexity, args["artifacts"].([]*model.ArtifactInputSpec), args["otherArtifacts"].([]*model.ArtifactInputSpec), args["hashEquals"].([]*model.HashEqualInputSpec)), true - case "Mutation.ingestIsVulnerability": - if e.complexity.Mutation.IngestIsVulnerability == nil { - break - } - - args, err := ec.field_Mutation_ingestIsVulnerability_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestIsVulnerability(childComplexity, args["osv"].(model.OSVInputSpec), args["vulnerability"].(model.CveOrGhsaInput), args["isVulnerability"].(model.IsVulnerabilityInputSpec)), true - - case "Mutation.ingestOSVs": - if e.complexity.Mutation.IngestOSVs == nil { - break - } - - args, err := ec.field_Mutation_ingestOSVs_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestOSVs(childComplexity, args["osvs"].([]*model.OSVInputSpec)), true - case "Mutation.ingestOccurrence": if e.complexity.Mutation.IngestOccurrence == nil { break @@ -1287,18 +1134,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Mutation.IngestOccurrences(childComplexity, args["subjects"].(model.PackageOrSourceInputs), args["artifacts"].([]*model.ArtifactInputSpec), args["occurrences"].([]*model.IsOccurrenceInputSpec)), true - case "Mutation.ingestOSV": - if e.complexity.Mutation.IngestOsv == nil { - break - } - - args, err := ec.field_Mutation_ingestOSV_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Mutation.IngestOsv(childComplexity, args["osv"].(*model.OSVInputSpec)), true - case "Mutation.ingestPackage": if e.complexity.Mutation.IngestPackage == nil { break @@ -1429,40 +1264,43 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return 0, false } - return e.complexity.Mutation.IngestVEXStatement(childComplexity, args["subject"].(model.PackageOrArtifactInput), args["vulnerability"].(model.VulnerabilityInput), args["vexStatement"].(model.VexStatementInputSpec)), true + return e.complexity.Mutation.IngestVEXStatement(childComplexity, args["subject"].(model.PackageOrArtifactInput), args["vulnerability"].(model.VulnerabilityInputSpec), args["vexStatement"].(model.VexStatementInputSpec)), true - case "Mutation.ingestVulnerability": - if e.complexity.Mutation.IngestVulnerability == nil { + case "Mutation.ingestVulnEqual": + if e.complexity.Mutation.IngestVulnEqual == nil { break } - args, err := ec.field_Mutation_ingestVulnerability_args(context.TODO(), rawArgs) + args, err := ec.field_Mutation_ingestVulnEqual_args(context.TODO(), rawArgs) if err != nil { return 0, false } - return e.complexity.Mutation.IngestVulnerability(childComplexity, args["pkg"].(model.PkgInputSpec), args["vulnerability"].(model.VulnerabilityInput), args["certifyVuln"].(model.VulnerabilityMetaDataInput)), true + return e.complexity.Mutation.IngestVulnEqual(childComplexity, args["vulnerability"].(model.VulnerabilityInputSpec), args["otherVulnerability"].(model.VulnerabilityInputSpec), args["vulnEqual"].(model.VulnEqualInputSpec)), true - case "NoVuln.id": - if e.complexity.NoVuln.ID == nil { + case "Mutation.ingestVulnerabilities": + if e.complexity.Mutation.IngestVulnerabilities == nil { break } - return e.complexity.NoVuln.ID(childComplexity), true - - case "OSV.id": - if e.complexity.OSV.ID == nil { - break + args, err := ec.field_Mutation_ingestVulnerabilities_args(context.TODO(), rawArgs) + if err != nil { + return 0, false } - return e.complexity.OSV.ID(childComplexity), true + return e.complexity.Mutation.IngestVulnerabilities(childComplexity, args["vulns"].([]*model.VulnerabilityInputSpec)), true - case "OSV.osvId": - if e.complexity.OSV.OsvID == nil { + case "Mutation.ingestVulnerability": + if e.complexity.Mutation.IngestVulnerability == nil { break } - return e.complexity.OSV.OsvID(childComplexity), true + args, err := ec.field_Mutation_ingestVulnerability_args(context.TODO(), rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Mutation.IngestVulnerability(childComplexity, args["vuln"].(model.VulnerabilityInputSpec)), true case "Package.id": if e.complexity.Package.ID == nil { @@ -1732,18 +1570,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Query.CertifyVuln(childComplexity, args["certifyVulnSpec"].(model.CertifyVulnSpec)), true - case "Query.cve": - if e.complexity.Query.Cve == nil { - break - } - - args, err := ec.field_Query_cve_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Query.Cve(childComplexity, args["cveSpec"].(model.CVESpec)), true - case "Query.findSoftware": if e.complexity.Query.FindSoftware == nil { break @@ -1756,18 +1582,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Query.FindSoftware(childComplexity, args["searchText"].(string)), true - case "Query.ghsa": - if e.complexity.Query.Ghsa == nil { - break - } - - args, err := ec.field_Query_ghsa_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Query.Ghsa(childComplexity, args["ghsaSpec"].(model.GHSASpec)), true - case "Query.HasMetadata": if e.complexity.Query.HasMetadata == nil { break @@ -1852,18 +1666,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Query.IsOccurrence(childComplexity, args["isOccurrenceSpec"].(model.IsOccurrenceSpec)), true - case "Query.IsVulnerability": - if e.complexity.Query.IsVulnerability == nil { - break - } - - args, err := ec.field_Query_IsVulnerability_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Query.IsVulnerability(childComplexity, args["isVulnerabilitySpec"].(model.IsVulnerabilitySpec)), true - case "Query.neighbors": if e.complexity.Query.Neighbors == nil { break @@ -1900,18 +1702,6 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Query.Nodes(childComplexity, args["nodes"].([]string)), true - case "Query.osv": - if e.complexity.Query.Osv == nil { - break - } - - args, err := ec.field_Query_osv_args(context.TODO(), rawArgs) - if err != nil { - return 0, false - } - - return e.complexity.Query.Osv(childComplexity, args["osvSpec"].(model.OSVSpec)), true - case "Query.packages": if e.complexity.Query.Packages == nil { break @@ -1984,6 +1774,30 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.Query.Sources(childComplexity, args["sourceSpec"].(model.SourceSpec)), true + case "Query.vulnEqual": + if e.complexity.Query.VulnEqual == nil { + break + } + + args, err := ec.field_Query_vulnEqual_args(context.TODO(), rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.VulnEqual(childComplexity, args["vulnEqualSpec"].(model.VulnEqualSpec)), true + + case "Query.vulnerabilities": + if e.complexity.Query.Vulnerabilities == nil { + break + } + + args, err := ec.field_Query_vulnerabilities_args(context.TODO(), rawArgs) + if err != nil { + return 0, false + } + + return e.complexity.Query.Vulnerabilities(childComplexity, args["vulnSpec"].(model.VulnerabilitySpec)), true + case "SLSA.buildType": if e.complexity.SLSA.BuildType == nil { break @@ -2061,6 +1875,55 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.SLSAPredicate.Value(childComplexity), true + case "ScanMetadata.collector": + if e.complexity.ScanMetadata.Collector == nil { + break + } + + return e.complexity.ScanMetadata.Collector(childComplexity), true + + case "ScanMetadata.dbUri": + if e.complexity.ScanMetadata.DbURI == nil { + break + } + + return e.complexity.ScanMetadata.DbURI(childComplexity), true + + case "ScanMetadata.dbVersion": + if e.complexity.ScanMetadata.DbVersion == nil { + break + } + + return e.complexity.ScanMetadata.DbVersion(childComplexity), true + + case "ScanMetadata.origin": + if e.complexity.ScanMetadata.Origin == nil { + break + } + + return e.complexity.ScanMetadata.Origin(childComplexity), true + + case "ScanMetadata.scannerUri": + if e.complexity.ScanMetadata.ScannerURI == nil { + break + } + + return e.complexity.ScanMetadata.ScannerURI(childComplexity), true + + case "ScanMetadata.scannerVersion": + if e.complexity.ScanMetadata.ScannerVersion == nil { + break + } + + return e.complexity.ScanMetadata.ScannerVersion(childComplexity), true + + case "ScanMetadata.timeScanned": + if e.complexity.ScanMetadata.TimeScanned == nil { + break + } + + return e.complexity.ScanMetadata.TimeScanned(childComplexity), true + case "Scorecard.aggregateScore": if e.complexity.Scorecard.AggregateScore == nil { break @@ -2194,54 +2057,75 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in return e.complexity.SourceNamespace.Namespace(childComplexity), true - case "VulnerabilityMetaData.collector": - if e.complexity.VulnerabilityMetaData.Collector == nil { + case "VulnEqual.collector": + if e.complexity.VulnEqual.Collector == nil { + break + } + + return e.complexity.VulnEqual.Collector(childComplexity), true + + case "VulnEqual.id": + if e.complexity.VulnEqual.ID == nil { + break + } + + return e.complexity.VulnEqual.ID(childComplexity), true + + case "VulnEqual.justification": + if e.complexity.VulnEqual.Justification == nil { + break + } + + return e.complexity.VulnEqual.Justification(childComplexity), true + + case "VulnEqual.origin": + if e.complexity.VulnEqual.Origin == nil { break } - return e.complexity.VulnerabilityMetaData.Collector(childComplexity), true + return e.complexity.VulnEqual.Origin(childComplexity), true - case "VulnerabilityMetaData.dbUri": - if e.complexity.VulnerabilityMetaData.DbURI == nil { + case "VulnEqual.vulnerabilities": + if e.complexity.VulnEqual.Vulnerabilities == nil { break } - return e.complexity.VulnerabilityMetaData.DbURI(childComplexity), true + return e.complexity.VulnEqual.Vulnerabilities(childComplexity), true - case "VulnerabilityMetaData.dbVersion": - if e.complexity.VulnerabilityMetaData.DbVersion == nil { + case "Vulnerability.id": + if e.complexity.Vulnerability.ID == nil { break } - return e.complexity.VulnerabilityMetaData.DbVersion(childComplexity), true + return e.complexity.Vulnerability.ID(childComplexity), true - case "VulnerabilityMetaData.origin": - if e.complexity.VulnerabilityMetaData.Origin == nil { + case "Vulnerability.type": + if e.complexity.Vulnerability.Type == nil { break } - return e.complexity.VulnerabilityMetaData.Origin(childComplexity), true + return e.complexity.Vulnerability.Type(childComplexity), true - case "VulnerabilityMetaData.scannerUri": - if e.complexity.VulnerabilityMetaData.ScannerURI == nil { + case "Vulnerability.vulnerabilityIDs": + if e.complexity.Vulnerability.VulnerabilityIDs == nil { break } - return e.complexity.VulnerabilityMetaData.ScannerURI(childComplexity), true + return e.complexity.Vulnerability.VulnerabilityIDs(childComplexity), true - case "VulnerabilityMetaData.scannerVersion": - if e.complexity.VulnerabilityMetaData.ScannerVersion == nil { + case "VulnerabilityID.id": + if e.complexity.VulnerabilityID.ID == nil { break } - return e.complexity.VulnerabilityMetaData.ScannerVersion(childComplexity), true + return e.complexity.VulnerabilityID.ID(childComplexity), true - case "VulnerabilityMetaData.timeScanned": - if e.complexity.VulnerabilityMetaData.TimeScanned == nil { + case "VulnerabilityID.vulnerabilityID": + if e.complexity.VulnerabilityID.VulnerabilityID == nil { break } - return e.complexity.VulnerabilityMetaData.TimeScanned(childComplexity), true + return e.complexity.VulnerabilityID.VulnerabilityID(childComplexity), true } return 0, false @@ -2255,8 +2139,6 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputArtifactSpec, ec.unmarshalInputBuilderInputSpec, ec.unmarshalInputBuilderSpec, - ec.unmarshalInputCVEInputSpec, - ec.unmarshalInputCVESpec, ec.unmarshalInputCertifyBadInputSpec, ec.unmarshalInputCertifyBadSpec, ec.unmarshalInputCertifyGoodInputSpec, @@ -2264,10 +2146,6 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputCertifyScorecardSpec, ec.unmarshalInputCertifyVEXStatementSpec, ec.unmarshalInputCertifyVulnSpec, - ec.unmarshalInputCveOrGhsaInput, - ec.unmarshalInputCveOrGhsaSpec, - ec.unmarshalInputGHSAInputSpec, - ec.unmarshalInputGHSASpec, ec.unmarshalInputHasMetadataInputSpec, ec.unmarshalInputHasMetadataSpec, ec.unmarshalInputHasSBOMInputSpec, @@ -2281,11 +2159,7 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputIsDependencySpec, ec.unmarshalInputIsOccurrenceInputSpec, ec.unmarshalInputIsOccurrenceSpec, - ec.unmarshalInputIsVulnerabilityInputSpec, - ec.unmarshalInputIsVulnerabilitySpec, ec.unmarshalInputMatchFlags, - ec.unmarshalInputOSVInputSpec, - ec.unmarshalInputOSVSpec, ec.unmarshalInputPackageOrArtifactInput, ec.unmarshalInputPackageOrArtifactInputs, ec.unmarshalInputPackageOrArtifactSpec, @@ -2307,14 +2181,16 @@ func (e *executableSchema) Exec(ctx context.Context) graphql.ResponseHandler { ec.unmarshalInputSLSAInputSpec, ec.unmarshalInputSLSAPredicateInputSpec, ec.unmarshalInputSLSAPredicateSpec, + ec.unmarshalInputScanMetadataInput, ec.unmarshalInputScorecardCheckInputSpec, ec.unmarshalInputScorecardCheckSpec, ec.unmarshalInputScorecardInputSpec, ec.unmarshalInputSourceInputSpec, ec.unmarshalInputSourceSpec, ec.unmarshalInputVexStatementInputSpec, - ec.unmarshalInputVulnerabilityInput, - ec.unmarshalInputVulnerabilityMetaDataInput, + ec.unmarshalInputVulnEqualInputSpec, + ec.unmarshalInputVulnEqualSpec, + ec.unmarshalInputVulnerabilityInputSpec, ec.unmarshalInputVulnerabilitySpec, ) first := true @@ -2952,7 +2828,7 @@ enum VexJustification { """ CertifyVEXStatement is an attestation to attach VEX statements to a package or -artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). +artifact to clarify the impact of a specific vulnerability. """ type CertifyVEXStatement { id: ID! @@ -2980,10 +2856,9 @@ type CertifyVEXStatement { CertifyVEXStatementSpec allows filtering the list of VEX statements to return in a query. -Only one subject type (package or artifact) and one vulnerability type (CVE, -GHSA or OSV) may be specified. +Only one subject type (package or artifact) and one vulnerability may be specified. -Note that setting noVuln in VulnerabilitySpec is invalid for VEX statements! +Note that setting noVuln vulnerability type is invalid for VEX statements! """ input CertifyVEXStatementSpec { id: ID @@ -3016,7 +2891,7 @@ extend type Query { extend type Mutation { "Adds a VEX certification for a package." - ingestVEXStatement(subject: PackageOrArtifactInput!, vulnerability: VulnerabilityInput!, vexStatement: VexStatementInputSpec!): CertifyVEXStatement! + ingestVEXStatement(subject: PackageOrArtifactInput!, vulnerability: VulnerabilityInputSpec!, vexStatement: VexStatementInputSpec!): CertifyVEXStatement! } `, BuiltIn: false}, {Name: "../schema/certifyVuln.graphql", Input: `# @@ -3038,74 +2913,29 @@ extend type Mutation { # Defines a GraphQL schema for the vulnerability certifications -""" -NoVuln is a special vulnerability node to attest that no vulnerability has been -found during a vulnerability scan. - -Backends guarantee that this is a singleton node. -""" -type NoVuln { - id: ID! -} - -"Vulnerability is a union of OSV, CVE, GHSA or the NoVuln node." -union Vulnerability = OSV | CVE | GHSA | NoVuln - -""" -VulnerabilitySpec allows using Vulnerability union as input type to be used in -read queries. - -Either noVuln must be set or exactly one of osv, cve or ghsa -must be set to non-nil. Setting noVuln to true means retrieving only nodes where -there is no vulnerability attached. Setting it to false means retrieving only nodes -with identified vulnerabilities. Setting one of the other fields means retrieving -certifications for the corresponding vulnerability types. -""" -input VulnerabilitySpec { - osv: OSVSpec - cve: CVESpec - ghsa: GHSASpec - noVuln: Boolean -} - -""" -VulnerabilityInput allows using Vulnerability union as -input type to be used in mutations. - -Either noVuln must be set to true or one of osv, cve, or ghsa must be -set to non-nil. If noVuln is set then this is an ingestion of a known lack of -vulnerabilities, so the special NoVuln node will be used by the backend. -Otherwise, the specific vulnerability type will be linked to this attestation. -""" -input VulnerabilityInput { - osv: OSVInputSpec - cve: CVEInputSpec - ghsa: GHSAInputSpec - noVuln: Boolean -} - """ CertifyVuln is an attestation to attach vulnerability information to a package. This information is obtained via a scanner. If there is no vulnerability -detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. +detected, we attach the a vulnerability with "NoVuln" type and an empty string +for the vulnerability ID. """ type CertifyVuln { id: ID! "The package that is attested" package: Package! - "The vulnerability object. Can be an OSV, CVE, or GHSA or the special NoVuln node." + "The vulnerability can be an be a specific vulnerability or NoVuln type." vulnerability: Vulnerability! "Metadata attached to the certification" - metadata: VulnerabilityMetaData! + metadata: ScanMetadata! } """ -VulnerabilityMetaData is the metadata attached to vulnerability certification. +ScanMetadata is the metadata attached to vulnerability certification. It contains metadata about the scanner process that created the certification. """ -type VulnerabilityMetaData { +type ScanMetadata { "Time of scan (in RFC 3339 format)" timeScanned: Time! "URI of the vulnerability database used by the scanner" @@ -3129,7 +2959,7 @@ return in a query. Specifying just the package allows to query for all vulnerabilities associated with the package. -Only one vulnerability type (OSV, CVE, GHSA, or special NoVuln) may be +Only one vulnerability (or NoVuln vulnerability type) may be specified. """ input CertifyVulnSpec { @@ -3146,10 +2976,10 @@ input CertifyVulnSpec { } """ -VulnerabilityMetaDataInput represents the input for certifying vulnerability +ScanMetadataInput represents the input for certifying vulnerability scans in mutations. """ -input VulnerabilityMetaDataInput { +input ScanMetadataInput { timeScanned: Time! dbUri: String! dbVersion: String! @@ -3166,7 +2996,7 @@ extend type Query { extend type Mutation { "Adds a certification that a package has been scanned for vulnerabilities." - ingestVulnerability(pkg: PkgInputSpec!, vulnerability: VulnerabilityInput!, certifyVuln: VulnerabilityMetaDataInput!): CertifyVuln! + ingestCertifyVuln(pkg: PkgInputSpec!, vulnerability: VulnerabilityInputSpec!, certifyVuln: ScanMetadataInput!): CertifyVuln! } `, BuiltIn: false}, {Name: "../schema/contact.graphql", Input: `# @@ -3266,7 +3096,7 @@ extend type Mutation { ingestPointOfContact(subject: PackageSourceOrArtifactInput!, pkgMatchType: MatchFlags!, pointOfContact: PointOfContactInputSpec!): PointOfContact! } `, BuiltIn: false}, - {Name: "../schema/cve.graphql", Input: `# + {Name: "../schema/hasSBOM.graphql", Input: `# # Copyright 2023 The GUAC Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -3283,121 +3113,7 @@ extend type Mutation { # NOTE: This is experimental and might change in the future! -# Defines a GraphQL schema for a vulnerability in CVE schema - -""" -CVE represents a vulnerability in the Common Vulnerabilities and Exposures -schema. - -The vulnerability identifier contains a year field, so we are extracting that -to allow matching for vulnerabilities found in a given year. - -The vulnerability identifier field is mandatory and canonicalized to be -lowercase. - -This node can be referred to by other parts of GUAC. -""" -type CVE { - id: ID! - year: Int! - cveId: String! -} - -"CVESpec allows filtering the list of advisories to return in a query." -input CVESpec { - id: ID - year: Int - cveId: String -} - -"CVEInputSpec specifies a CVE vulnerability for mutations." -input CVEInputSpec { - year: Int! - cveId: String! -} - -extend type Query { - "Returns all CVEs matching a filter." - cve(cveSpec: CVESpec!): [CVE!]! -} - -extend type Mutation { - "Ingests new CVE and returns it." - ingestCVE(cve: CVEInputSpec): CVE! - "Bulk ingests new CVEs and returns a list of them." - ingestCVEs(cves: [CVEInputSpec!]!): [CVE!]! -} -`, BuiltIn: false}, - {Name: "../schema/ghsa.graphql", Input: `# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -""" -GHSA represents GitHub security advisories. - -The advisory id field is mandatory and canonicalized to be lowercase. - -This node can be referred to by other parts of GUAC. -""" -type GHSA { - id: ID! - ghsaId: String! -} - -"GHSASpec allows filtering the list of advisories to return in a query." -input GHSASpec { - id: ID - ghsaId: String -} - -"GHSAInputSpec specifies a GitHub Security Advisory for mutations." -input GHSAInputSpec { - ghsaId: String! -} - -extend type Query { - "Returns all GitHub Security Advisories matching a filter." - ghsa(ghsaSpec: GHSASpec!): [GHSA!]! -} - -extend type Mutation { - "Ingests a new GitHub Security Advisory and returns it." - ingestGHSA(ghsa: GHSAInputSpec): GHSA! - "Bulk ingests new GHSAs and returns a list of them." - ingestGHSAs(ghsas: [GHSAInputSpec!]!): [GHSA!]! -} -`, BuiltIn: false}, - {Name: "../schema/hasSBOM.graphql", Input: `# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema for recording presence of SBOMs +# Defines a GraphQL schema for recording presence of SBOMs type HasSBOM { id: ID! @@ -3934,93 +3650,6 @@ extend type Mutation { "Bulk ingest that an artifact is produced from a package or source." ingestOccurrences(subjects: PackageOrSourceInputs!, artifacts: [ArtifactInputSpec!]!, occurrences: [IsOccurrenceInputSpec!]!): [IsOccurrence!]! } -`, BuiltIn: false}, - {Name: "../schema/isVulnerability.graphql", Input: `# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema to link CVE/GHSA to the OSV data - -"CveOrGhsa is a union of CVE and GHSA." -union CveOrGhsa = CVE | GHSA - -""" -CveOrGhsaSpec allows using CveOrGhsa union as input type for queries. - -Exactly one field must be specified. -""" -input CveOrGhsaSpec { - cve: CVESpec - ghsa: GHSASpec -} - -""" -CveOrGhsaInput allows using CveOrGhsa union as input type for mutations. - -Exactly one field must be specified. -""" -input CveOrGhsaInput { - cve: CVEInputSpec - ghsa: GHSAInputSpec -} - -"IsVulnerability is an attestation to link CVE/GHSA with data in OSV." -type IsVulnerability { - id: ID! - "The OSV that encapsulates the vulnerability" - osv: OSV! - "The upstream vulnerability information" - vulnerability: CveOrGhsa! - "Justification for the attested relationship" - justification: String! - "Document from which this attestation is generated from" - origin: String! - "GUAC collector for the document" - collector: String! -} - -""" -IsVulnerabilitySpec allows filtering the list of vulnerability links to return -in a query. -""" -input IsVulnerabilitySpec { - id: ID - osv: OSVSpec - vulnerability: CveOrGhsaSpec - justification: String - origin: String - collector: String -} - -"IsVulnerabilityInputSpec represents the input to link CVE/GHSA with OSV data." -input IsVulnerabilityInputSpec { - justification: String! - origin: String! - collector: String! -} - -extend type Query { - "Returns all OSV-CVE/GHSA vulnerability mappings that match a filter." - IsVulnerability(isVulnerabilitySpec: IsVulnerabilitySpec!): [IsVulnerability!]! -} - -extend type Mutation { - "Ingest a mapping between an OSV entry and a CVE/GHSA vulnerability." - ingestIsVulnerability(osv: OSVInputSpec!, vulnerability: CveOrGhsaInput!, isVulnerability: IsVulnerabilityInputSpec!): IsVulnerability! -} `, BuiltIn: false}, {Name: "../schema/metadata.graphql", Input: `# # Copyright 2023 The GUAC Authors. @@ -4113,63 +3742,6 @@ extend type Mutation { "Adds metadata about a package, source or artifact." ingestHasMetadata(subject: PackageSourceOrArtifactInput!, pkgMatchType: MatchFlags!, hasMetadata: HasMetadataInputSpec!): HasMetadata! } -`, BuiltIn: false}, - {Name: "../schema/osv.graphql", Input: `# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema for a vulnerability in OSV schema - -""" -OSV represents an Open Source Vulnerability. - -The osvId field is mandatory and canonicalized to be lowercase. - -This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -CVE ID). - -This node can be referred to by other parts of GUAC. -""" -type OSV { - id: ID! - osvId: String! -} - -"OSVSpec allows filtering the list of advisories to return in a query." -input OSVSpec { - id: ID - osvId: String -} - -"OSVInputSpec specifies a OSV vulnerability for mutations." -input OSVInputSpec { - osvId: String! -} - -extend type Query { - "Returns all OSV vulnerabilities matching a filter." - osv(osvSpec: OSVSpec!): [OSV!]! -} - -extend type Mutation { - "Ingests a new OSV vulnerability and returns it." - ingestOSV(osv: OSVInputSpec): OSV! - "Bulk ingests new OSVs and returns a list of them." - ingestOSVs(osvs: [OSVInputSpec!]!): [OSV!]! -} `, BuiltIn: false}, {Name: "../schema/package.graphql", Input: `# # Copyright 2023 The GUAC Authors. @@ -4391,13 +3963,10 @@ union Node | Source | Artifact | Builder - | OSV - | CVE - | GHSA - | NoVuln + | Vulnerability | IsOccurrence | IsDependency - | IsVulnerability + | VulnEqual | CertifyVEXStatement | HashEqual | CertifyBad @@ -4434,16 +4003,9 @@ enum Edge { ARTIFACT_HAS_METADATA ARTIFACT_POINT_OF_CONTACT BUILDER_HAS_SLSA - CVE_CERTIFY_VEX_STATEMENT - CVE_CERTIFY_VULN - CVE_IS_VULNERABILITY - GHSA_CERTIFY_VEX_STATEMENT - GHSA_CERTIFY_VULN - GHSA_IS_VULNERABILITY - NO_VULN_CERTIFY_VULN - OSV_CERTIFY_VEX_STATEMENT - OSV_CERTIFY_VULN - OSV_IS_VULNERABILITY + VULNERABILITY_CERTIFY_VEX_STATEMENT + VULNERABILITY_CERTIFY_VULN + VULNERABILITY_VULN_EQUAL PACKAGE_CERTIFY_BAD PACKAGE_CERTIFY_GOOD PACKAGE_CERTIFY_VEX_STATEMENT @@ -4471,14 +4033,9 @@ enum Edge { CERTIFY_GOOD_SOURCE CERTIFY_SCORECARD_SOURCE CERTIFY_VEX_STATEMENT_ARTIFACT - CERTIFY_VEX_STATEMENT_CVE - CERTIFY_VEX_STATEMENT_GHSA - CERTIFY_VEX_STATEMENT_OSV + CERTIFY_VEX_STATEMENT_VULNERABILITY CERTIFY_VEX_STATEMENT_PACKAGE - CERTIFY_VULN_CVE - CERTIFY_VULN_GHSA - CERTIFY_VULN_NO_VULN - CERTIFY_VULN_OSV + CERTIFY_VULN_VULNERABILITY CERTIFY_VULN_PACKAGE HASH_EQUAL_ARTIFACT HAS_SBOM_ARTIFACT @@ -4492,9 +4049,7 @@ enum Edge { IS_OCCURRENCE_ARTIFACT IS_OCCURRENCE_PACKAGE IS_OCCURRENCE_SOURCE - IS_VULNERABILITY_CVE - IS_VULNERABILITY_GHSA - IS_VULNERABILITY_OSV + VULN_EQUAL_VULNERABILITY PKG_EQUAL_PACKAGE HAS_METADATA_PACKAGE HAS_METADATA_ARTIFACT @@ -4757,6 +4312,174 @@ extend type Mutation { "Bulk ingests sources and returns the list of corresponding source trie path." ingestSources(sources: [SourceInputSpec!]!): [Source!]! } +`, BuiltIn: false}, + {Name: "../schema/vulnEqual.graphql", Input: `# +# Copyright 2023 The GUAC Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This is experimental and might change in the future! + +# Defines a GraphQL schema to link vulnerabilities together + +""" +VulnEqual is an attestation to link two vulnerabilities together as being equal" + +Note that setting noVuln vulnerability type is invalid for VulnEqual! + +""" +type VulnEqual { + id: ID! + "Collection of vulnerabilities that are similar" + vulnerabilities: [Vulnerability!]! + "Justification for the attested relationship" + justification: String! + "Document from which this attestation is generated from" + origin: String! + "GUAC collector for the document" + collector: String! +} + +""" +VulnEqualSpec allows filtering the list of vulnerability links to return +in a query. +""" +input VulnEqualSpec { + id: ID + vulnerabilities: [VulnerabilitySpec] + justification: String + origin: String + collector: String +} + +"VulnEqualInputSpec represents the input to link vulnerabilities to each other." +input VulnEqualInputSpec { + justification: String! + origin: String! + collector: String! +} + +extend type Query { + "Returns all equal vulnerability mappings that match a filter." + vulnEqual(vulnEqualSpec: VulnEqualSpec!): [VulnEqual!]! +} + +extend type Mutation { + "Ingest a mapping between vulnerabilities." + ingestVulnEqual(vulnerability: VulnerabilityInputSpec!, otherVulnerability: VulnerabilityInputSpec!, vulnEqual: VulnEqualInputSpec!): VulnEqual! +} +`, BuiltIn: false}, + {Name: "../schema/vulnerability.graphql", Input: `# +# Copyright 2023 The GUAC Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This is experimental and might change in the future! + +# Defines a GraphQL schema for the vulnerability trie/tree + +""" +Vulnerability represents the root of the vulnerability trie/tree. + +We map vulnerability information to a trie, as a derivative of the pURL specification: +each path in the trie represents a type and a vulnerability ID. This allows for generic +representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +This would be in the general format: vuln:/// + +Examples: + +CVE, using path separator: vuln://cve/cve-2023-20753 +OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +Random vendor: vuln://snyk/sn-whatever +NoVuln: vuln://novuln/ + + +This node represents the type part of the trie path. It is used to represent +the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific + +Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +VulnerabilityType. + +NoVuln is a special vulnerability node to attest that no vulnerability has been +found during a vulnerability scan. It will have the type "novuln" and contain an empty string +for vulnerabilityID + +The resolvers will enforce that both the type and vulnerability IDs are lower case. +""" +type Vulnerability { + id: ID! + type: String! + vulnerabilityIDs: [VulnerabilityID!]! +} + +""" +VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability. + +This will be enforced to be all lowercase. + +The namespace field is mandatory. +""" +type VulnerabilityID { + id: ID! + vulnerabilityID: String! +} + +""" +VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query. + +Use null to match on all values at that level. +For example, to get all vulnerabilities in GUAC backend, use a VulnSpec +where every field is null. + +""" +input VulnerabilitySpec { + id: ID + type: String + vulnerabilityID: String +} + +""" +VulnInputSpec specifies a vulnerability for mutations. + +This is different than VulnSpec because we want to encode mandatory fields: +type and vulnerabilityID. +""" +input VulnerabilityInputSpec { + type: String! + vulnerabilityID: String! +} + +extend type Query { + "Returns all vulnerabilities matching a filter." + vulnerabilities(vulnSpec: VulnerabilitySpec!): [Vulnerability!]! +} + +extend type Mutation { + "Ingests a new vulnerability and returns the corresponding vulnerability trie path." + ingestVulnerability(vuln: VulnerabilityInputSpec!): Vulnerability! + "Bulk ingests vulnerabilities and returns the list of corresponding vulnerability trie path." + ingestVulnerabilities(vulns: [VulnerabilityInputSpec!]!): [Vulnerability!]! +} `, BuiltIn: false}, } var parsedSchema = gqlparser.MustLoadSchema(sources...) diff --git a/pkg/assembler/graphql/generated/isVulnerability.generated.go b/pkg/assembler/graphql/generated/vulnEqual.generated.go similarity index 50% rename from pkg/assembler/graphql/generated/isVulnerability.generated.go rename to pkg/assembler/graphql/generated/vulnEqual.generated.go index 497a7468b5..c0dea88dc7 100644 --- a/pkg/assembler/graphql/generated/isVulnerability.generated.go +++ b/pkg/assembler/graphql/generated/vulnEqual.generated.go @@ -29,8 +29,8 @@ import ( // region **************************** field.gotpl ***************************** -func (ec *executionContext) _IsVulnerability_id(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_id(ctx, field) +func (ec *executionContext) _VulnEqual_id(ctx context.Context, field graphql.CollectedField, obj *model.VulnEqual) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnEqual_id(ctx, field) if err != nil { return graphql.Null } @@ -60,9 +60,9 @@ func (ec *executionContext) _IsVulnerability_id(ctx context.Context, field graph return ec.marshalNID2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_IsVulnerability_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VulnEqual_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "IsVulnerability", + Object: "VulnEqual", Field: field, IsMethod: false, IsResolver: false, @@ -73,8 +73,8 @@ func (ec *executionContext) fieldContext_IsVulnerability_id(ctx context.Context, return fc, nil } -func (ec *executionContext) _IsVulnerability_osv(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_osv(ctx, field) +func (ec *executionContext) _VulnEqual_vulnerabilities(ctx context.Context, field graphql.CollectedField, obj *model.VulnEqual) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnEqual_vulnerabilities(ctx, field) if err != nil { return graphql.Null } @@ -87,7 +87,7 @@ func (ec *executionContext) _IsVulnerability_osv(ctx context.Context, field grap }() resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { ctx = rctx // use context from middleware stack in children - return obj.Osv, nil + return obj.Vulnerabilities, nil }) if err != nil { ec.Error(ctx, err) @@ -99,76 +99,34 @@ func (ec *executionContext) _IsVulnerability_osv(ctx context.Context, field grap } return graphql.Null } - res := resTmp.(*model.Osv) + res := resTmp.([]*model.Vulnerability) fc.Result = res - return ec.marshalNOSV2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOsv(ctx, field.Selections, res) + return ec.marshalNVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityᚄ(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_IsVulnerability_osv(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VulnEqual_vulnerabilities(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "IsVulnerability", + Object: "VulnEqual", Field: field, IsMethod: false, IsResolver: false, Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { switch field.Name { case "id": - return ec.fieldContext_OSV_id(ctx, field) - case "osvId": - return ec.fieldContext_OSV_osvId(ctx, field) + return ec.fieldContext_Vulnerability_id(ctx, field) + case "type": + return ec.fieldContext_Vulnerability_type(ctx, field) + case "vulnerabilityIDs": + return ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) } - return nil, fmt.Errorf("no field named %q was found under type OSV", field.Name) + return nil, fmt.Errorf("no field named %q was found under type Vulnerability", field.Name) }, } return fc, nil } -func (ec *executionContext) _IsVulnerability_vulnerability(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_vulnerability(ctx, field) - if err != nil { - return graphql.Null - } - ctx = graphql.WithFieldContext(ctx, fc) - defer func() { - if r := recover(); r != nil { - ec.Error(ctx, ec.Recover(ctx, r)) - ret = graphql.Null - } - }() - resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { - ctx = rctx // use context from middleware stack in children - return obj.Vulnerability, nil - }) - if err != nil { - ec.Error(ctx, err) - return graphql.Null - } - if resTmp == nil { - if !graphql.HasFieldError(ctx, fc) { - ec.Errorf(ctx, "must not be null") - } - return graphql.Null - } - res := resTmp.(model.CveOrGhsa) - fc.Result = res - return ec.marshalNCveOrGhsa2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsa(ctx, field.Selections, res) -} - -func (ec *executionContext) fieldContext_IsVulnerability_vulnerability(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { - fc = &graphql.FieldContext{ - Object: "IsVulnerability", - Field: field, - IsMethod: false, - IsResolver: false, - Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { - return nil, errors.New("field of type CveOrGhsa does not have child fields") - }, - } - return fc, nil -} - -func (ec *executionContext) _IsVulnerability_justification(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_justification(ctx, field) +func (ec *executionContext) _VulnEqual_justification(ctx context.Context, field graphql.CollectedField, obj *model.VulnEqual) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnEqual_justification(ctx, field) if err != nil { return graphql.Null } @@ -198,9 +156,9 @@ func (ec *executionContext) _IsVulnerability_justification(ctx context.Context, return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_IsVulnerability_justification(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VulnEqual_justification(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "IsVulnerability", + Object: "VulnEqual", Field: field, IsMethod: false, IsResolver: false, @@ -211,8 +169,8 @@ func (ec *executionContext) fieldContext_IsVulnerability_justification(ctx conte return fc, nil } -func (ec *executionContext) _IsVulnerability_origin(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_origin(ctx, field) +func (ec *executionContext) _VulnEqual_origin(ctx context.Context, field graphql.CollectedField, obj *model.VulnEqual) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnEqual_origin(ctx, field) if err != nil { return graphql.Null } @@ -242,9 +200,9 @@ func (ec *executionContext) _IsVulnerability_origin(ctx context.Context, field g return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_IsVulnerability_origin(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VulnEqual_origin(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "IsVulnerability", + Object: "VulnEqual", Field: field, IsMethod: false, IsResolver: false, @@ -255,8 +213,8 @@ func (ec *executionContext) fieldContext_IsVulnerability_origin(ctx context.Cont return fc, nil } -func (ec *executionContext) _IsVulnerability_collector(ctx context.Context, field graphql.CollectedField, obj *model.IsVulnerability) (ret graphql.Marshaler) { - fc, err := ec.fieldContext_IsVulnerability_collector(ctx, field) +func (ec *executionContext) _VulnEqual_collector(ctx context.Context, field graphql.CollectedField, obj *model.VulnEqual) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnEqual_collector(ctx, field) if err != nil { return graphql.Null } @@ -286,9 +244,9 @@ func (ec *executionContext) _IsVulnerability_collector(ctx context.Context, fiel return ec.marshalNString2string(ctx, field.Selections, res) } -func (ec *executionContext) fieldContext_IsVulnerability_collector(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { +func (ec *executionContext) fieldContext_VulnEqual_collector(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { fc = &graphql.FieldContext{ - Object: "IsVulnerability", + Object: "VulnEqual", Field: field, IsMethod: false, IsResolver: false, @@ -303,84 +261,8 @@ func (ec *executionContext) fieldContext_IsVulnerability_collector(ctx context.C // region **************************** input.gotpl ***************************** -func (ec *executionContext) unmarshalInputCveOrGhsaInput(ctx context.Context, obj interface{}) (model.CveOrGhsaInput, error) { - var it model.CveOrGhsaInput - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"cve", "ghsa"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "cve": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cve")) - data, err := ec.unmarshalOCVEInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVEInputSpec(ctx, v) - if err != nil { - return it, err - } - it.Cve = data - case "ghsa": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsa")) - data, err := ec.unmarshalOGHSAInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSAInputSpec(ctx, v) - if err != nil { - return it, err - } - it.Ghsa = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputCveOrGhsaSpec(ctx context.Context, obj interface{}) (model.CveOrGhsaSpec, error) { - var it model.CveOrGhsaSpec - asMap := map[string]interface{}{} - for k, v := range obj.(map[string]interface{}) { - asMap[k] = v - } - - fieldsInOrder := [...]string{"cve", "ghsa"} - for _, k := range fieldsInOrder { - v, ok := asMap[k] - if !ok { - continue - } - switch k { - case "cve": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cve")) - data, err := ec.unmarshalOCVESpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCVESpec(ctx, v) - if err != nil { - return it, err - } - it.Cve = data - case "ghsa": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ghsa")) - data, err := ec.unmarshalOGHSASpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐGHSASpec(ctx, v) - if err != nil { - return it, err - } - it.Ghsa = data - } - } - - return it, nil -} - -func (ec *executionContext) unmarshalInputIsVulnerabilityInputSpec(ctx context.Context, obj interface{}) (model.IsVulnerabilityInputSpec, error) { - var it model.IsVulnerabilityInputSpec +func (ec *executionContext) unmarshalInputVulnEqualInputSpec(ctx context.Context, obj interface{}) (model.VulnEqualInputSpec, error) { + var it model.VulnEqualInputSpec asMap := map[string]interface{}{} for k, v := range obj.(map[string]interface{}) { asMap[k] = v @@ -426,14 +308,14 @@ func (ec *executionContext) unmarshalInputIsVulnerabilityInputSpec(ctx context.C return it, nil } -func (ec *executionContext) unmarshalInputIsVulnerabilitySpec(ctx context.Context, obj interface{}) (model.IsVulnerabilitySpec, error) { - var it model.IsVulnerabilitySpec +func (ec *executionContext) unmarshalInputVulnEqualSpec(ctx context.Context, obj interface{}) (model.VulnEqualSpec, error) { + var it model.VulnEqualSpec asMap := map[string]interface{}{} for k, v := range obj.(map[string]interface{}) { asMap[k] = v } - fieldsInOrder := [...]string{"id", "osv", "vulnerability", "justification", "origin", "collector"} + fieldsInOrder := [...]string{"id", "vulnerabilities", "justification", "origin", "collector"} for _, k := range fieldsInOrder { v, ok := asMap[k] if !ok { @@ -449,24 +331,15 @@ func (ec *executionContext) unmarshalInputIsVulnerabilitySpec(ctx context.Contex return it, err } it.ID = data - case "osv": - var err error - - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("osv")) - data, err := ec.unmarshalOOSVSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐOSVSpec(ctx, v) - if err != nil { - return it, err - } - it.Osv = data - case "vulnerability": + case "vulnerabilities": var err error - ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerability")) - data, err := ec.unmarshalOCveOrGhsaSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsaSpec(ctx, v) + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerabilities")) + data, err := ec.unmarshalOVulnerabilitySpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx, v) if err != nil { return it, err } - it.Vulnerability = data + it.Vulnerabilities = data case "justification": var err error @@ -504,71 +377,43 @@ func (ec *executionContext) unmarshalInputIsVulnerabilitySpec(ctx context.Contex // region ************************** interface.gotpl *************************** -func (ec *executionContext) _CveOrGhsa(ctx context.Context, sel ast.SelectionSet, obj model.CveOrGhsa) graphql.Marshaler { - switch obj := (obj).(type) { - case nil: - return graphql.Null - case model.Cve: - return ec._CVE(ctx, sel, &obj) - case *model.Cve: - if obj == nil { - return graphql.Null - } - return ec._CVE(ctx, sel, obj) - case model.Ghsa: - return ec._GHSA(ctx, sel, &obj) - case *model.Ghsa: - if obj == nil { - return graphql.Null - } - return ec._GHSA(ctx, sel, obj) - default: - panic(fmt.Errorf("unexpected type %T", obj)) - } -} - // endregion ************************** interface.gotpl *************************** // region **************************** object.gotpl **************************** -var isVulnerabilityImplementors = []string{"IsVulnerability", "Node"} +var vulnEqualImplementors = []string{"VulnEqual", "Node"} -func (ec *executionContext) _IsVulnerability(ctx context.Context, sel ast.SelectionSet, obj *model.IsVulnerability) graphql.Marshaler { - fields := graphql.CollectFields(ec.OperationContext, sel, isVulnerabilityImplementors) +func (ec *executionContext) _VulnEqual(ctx context.Context, sel ast.SelectionSet, obj *model.VulnEqual) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, vulnEqualImplementors) out := graphql.NewFieldSet(fields) deferred := make(map[string]*graphql.FieldSet) for i, field := range fields { switch field.Name { case "__typename": - out.Values[i] = graphql.MarshalString("IsVulnerability") + out.Values[i] = graphql.MarshalString("VulnEqual") case "id": - out.Values[i] = ec._IsVulnerability_id(ctx, field, obj) - if out.Values[i] == graphql.Null { - out.Invalids++ - } - case "osv": - out.Values[i] = ec._IsVulnerability_osv(ctx, field, obj) + out.Values[i] = ec._VulnEqual_id(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } - case "vulnerability": - out.Values[i] = ec._IsVulnerability_vulnerability(ctx, field, obj) + case "vulnerabilities": + out.Values[i] = ec._VulnEqual_vulnerabilities(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "justification": - out.Values[i] = ec._IsVulnerability_justification(ctx, field, obj) + out.Values[i] = ec._VulnEqual_justification(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "origin": - out.Values[i] = ec._IsVulnerability_origin(ctx, field, obj) + out.Values[i] = ec._VulnEqual_origin(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } case "collector": - out.Values[i] = ec._IsVulnerability_collector(ctx, field, obj) + out.Values[i] = ec._VulnEqual_collector(ctx, field, obj) if out.Values[i] == graphql.Null { out.Invalids++ } @@ -599,26 +444,11 @@ func (ec *executionContext) _IsVulnerability(ctx context.Context, sel ast.Select // region ***************************** type.gotpl ***************************** -func (ec *executionContext) marshalNCveOrGhsa2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsa(ctx context.Context, sel ast.SelectionSet, v model.CveOrGhsa) graphql.Marshaler { - if v == nil { - if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { - ec.Errorf(ctx, "the requested element is null which the schema does not allow") - } - return graphql.Null - } - return ec._CveOrGhsa(ctx, sel, v) +func (ec *executionContext) marshalNVulnEqual2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqual(ctx context.Context, sel ast.SelectionSet, v model.VulnEqual) graphql.Marshaler { + return ec._VulnEqual(ctx, sel, &v) } -func (ec *executionContext) unmarshalNCveOrGhsaInput2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsaInput(ctx context.Context, v interface{}) (model.CveOrGhsaInput, error) { - res, err := ec.unmarshalInputCveOrGhsaInput(ctx, v) - return res, graphql.ErrorOnPath(ctx, err) -} - -func (ec *executionContext) marshalNIsVulnerability2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerability(ctx context.Context, sel ast.SelectionSet, v model.IsVulnerability) graphql.Marshaler { - return ec._IsVulnerability(ctx, sel, &v) -} - -func (ec *executionContext) marshalNIsVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilityᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.IsVulnerability) graphql.Marshaler { +func (ec *executionContext) marshalNVulnEqual2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.VulnEqual) graphql.Marshaler { ret := make(graphql.Array, len(v)) var wg sync.WaitGroup isLen1 := len(v) == 1 @@ -642,7 +472,7 @@ func (ec *executionContext) marshalNIsVulnerability2ᚕᚖgithub.comᚋguacsec if !isLen1 { defer wg.Done() } - ret[i] = ec.marshalNIsVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerability(ctx, sel, v[i]) + ret[i] = ec.marshalNVulnEqual2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqual(ctx, sel, v[i]) } if isLen1 { f(i) @@ -662,32 +492,24 @@ func (ec *executionContext) marshalNIsVulnerability2ᚕᚖgithub.comᚋguacsec return ret } -func (ec *executionContext) marshalNIsVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerability(ctx context.Context, sel ast.SelectionSet, v *model.IsVulnerability) graphql.Marshaler { +func (ec *executionContext) marshalNVulnEqual2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqual(ctx context.Context, sel ast.SelectionSet, v *model.VulnEqual) graphql.Marshaler { if v == nil { if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { ec.Errorf(ctx, "the requested element is null which the schema does not allow") } return graphql.Null } - return ec._IsVulnerability(ctx, sel, v) + return ec._VulnEqual(ctx, sel, v) } -func (ec *executionContext) unmarshalNIsVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilityInputSpec(ctx context.Context, v interface{}) (model.IsVulnerabilityInputSpec, error) { - res, err := ec.unmarshalInputIsVulnerabilityInputSpec(ctx, v) +func (ec *executionContext) unmarshalNVulnEqualInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualInputSpec(ctx context.Context, v interface{}) (model.VulnEqualInputSpec, error) { + res, err := ec.unmarshalInputVulnEqualInputSpec(ctx, v) return res, graphql.ErrorOnPath(ctx, err) } -func (ec *executionContext) unmarshalNIsVulnerabilitySpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐIsVulnerabilitySpec(ctx context.Context, v interface{}) (model.IsVulnerabilitySpec, error) { - res, err := ec.unmarshalInputIsVulnerabilitySpec(ctx, v) +func (ec *executionContext) unmarshalNVulnEqualSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnEqualSpec(ctx context.Context, v interface{}) (model.VulnEqualSpec, error) { + res, err := ec.unmarshalInputVulnEqualSpec(ctx, v) return res, graphql.ErrorOnPath(ctx, err) } -func (ec *executionContext) unmarshalOCveOrGhsaSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐCveOrGhsaSpec(ctx context.Context, v interface{}) (*model.CveOrGhsaSpec, error) { - if v == nil { - return nil, nil - } - res, err := ec.unmarshalInputCveOrGhsaSpec(ctx, v) - return &res, graphql.ErrorOnPath(ctx, err) -} - // endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/generated/vulnerability.generated.go b/pkg/assembler/graphql/generated/vulnerability.generated.go new file mode 100644 index 0000000000..cdccd0bf87 --- /dev/null +++ b/pkg/assembler/graphql/generated/vulnerability.generated.go @@ -0,0 +1,624 @@ +// Code generated by github.com/99designs/gqlgen, DO NOT EDIT. + +package generated + +import ( + "context" + "errors" + "fmt" + "strconv" + "sync" + "sync/atomic" + + "github.com/99designs/gqlgen/graphql" + "github.com/guacsec/guac/pkg/assembler/graphql/model" + "github.com/vektah/gqlparser/v2/ast" +) + +// region ************************** generated!.gotpl ************************** + +// endregion ************************** generated!.gotpl ************************** + +// region ***************************** args.gotpl ***************************** + +// endregion ***************************** args.gotpl ***************************** + +// region ************************** directives.gotpl ************************** + +// endregion ************************** directives.gotpl ************************** + +// region **************************** field.gotpl ***************************** + +func (ec *executionContext) _Vulnerability_id(ctx context.Context, field graphql.CollectedField, obj *model.Vulnerability) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Vulnerability_id(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return obj.ID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNID2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Vulnerability_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Vulnerability", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type ID does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Vulnerability_type(ctx context.Context, field graphql.CollectedField, obj *model.Vulnerability) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Vulnerability_type(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return obj.Type, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Vulnerability_type(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Vulnerability", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _Vulnerability_vulnerabilityIDs(ctx context.Context, field graphql.CollectedField, obj *model.Vulnerability) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_Vulnerability_vulnerabilityIDs(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return obj.VulnerabilityIDs, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.([]*model.VulnerabilityID) + fc.Result = res + return ec.marshalNVulnerabilityID2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityIDᚄ(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_Vulnerability_vulnerabilityIDs(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "Vulnerability", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + switch field.Name { + case "id": + return ec.fieldContext_VulnerabilityID_id(ctx, field) + case "vulnerabilityID": + return ec.fieldContext_VulnerabilityID_vulnerabilityID(ctx, field) + } + return nil, fmt.Errorf("no field named %q was found under type VulnerabilityID", field.Name) + }, + } + return fc, nil +} + +func (ec *executionContext) _VulnerabilityID_id(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityID) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnerabilityID_id(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return obj.ID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNID2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VulnerabilityID_id(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VulnerabilityID", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type ID does not have child fields") + }, + } + return fc, nil +} + +func (ec *executionContext) _VulnerabilityID_vulnerabilityID(ctx context.Context, field graphql.CollectedField, obj *model.VulnerabilityID) (ret graphql.Marshaler) { + fc, err := ec.fieldContext_VulnerabilityID_vulnerabilityID(ctx, field) + if err != nil { + return graphql.Null + } + ctx = graphql.WithFieldContext(ctx, fc) + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = graphql.Null + } + }() + resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) { + ctx = rctx // use context from middleware stack in children + return obj.VulnerabilityID, nil + }) + if err != nil { + ec.Error(ctx, err) + return graphql.Null + } + if resTmp == nil { + if !graphql.HasFieldError(ctx, fc) { + ec.Errorf(ctx, "must not be null") + } + return graphql.Null + } + res := resTmp.(string) + fc.Result = res + return ec.marshalNString2string(ctx, field.Selections, res) +} + +func (ec *executionContext) fieldContext_VulnerabilityID_vulnerabilityID(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) { + fc = &graphql.FieldContext{ + Object: "VulnerabilityID", + Field: field, + IsMethod: false, + IsResolver: false, + Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) { + return nil, errors.New("field of type String does not have child fields") + }, + } + return fc, nil +} + +// endregion **************************** field.gotpl ***************************** + +// region **************************** input.gotpl ***************************** + +func (ec *executionContext) unmarshalInputVulnerabilityInputSpec(ctx context.Context, obj interface{}) (model.VulnerabilityInputSpec, error) { + var it model.VulnerabilityInputSpec + asMap := map[string]interface{}{} + for k, v := range obj.(map[string]interface{}) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"type", "vulnerabilityID"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "type": + var err error + + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("type")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.Type = data + case "vulnerabilityID": + var err error + + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerabilityID")) + data, err := ec.unmarshalNString2string(ctx, v) + if err != nil { + return it, err + } + it.VulnerabilityID = data + } + } + + return it, nil +} + +func (ec *executionContext) unmarshalInputVulnerabilitySpec(ctx context.Context, obj interface{}) (model.VulnerabilitySpec, error) { + var it model.VulnerabilitySpec + asMap := map[string]interface{}{} + for k, v := range obj.(map[string]interface{}) { + asMap[k] = v + } + + fieldsInOrder := [...]string{"id", "type", "vulnerabilityID"} + for _, k := range fieldsInOrder { + v, ok := asMap[k] + if !ok { + continue + } + switch k { + case "id": + var err error + + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("id")) + data, err := ec.unmarshalOID2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.ID = data + case "type": + var err error + + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("type")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.Type = data + case "vulnerabilityID": + var err error + + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("vulnerabilityID")) + data, err := ec.unmarshalOString2ᚖstring(ctx, v) + if err != nil { + return it, err + } + it.VulnerabilityID = data + } + } + + return it, nil +} + +// endregion **************************** input.gotpl ***************************** + +// region ************************** interface.gotpl *************************** + +// endregion ************************** interface.gotpl *************************** + +// region **************************** object.gotpl **************************** + +var vulnerabilityImplementors = []string{"Vulnerability", "Node"} + +func (ec *executionContext) _Vulnerability(ctx context.Context, sel ast.SelectionSet, obj *model.Vulnerability) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, vulnerabilityImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("Vulnerability") + case "id": + out.Values[i] = ec._Vulnerability_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "type": + out.Values[i] = ec._Vulnerability_type(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "vulnerabilityIDs": + out.Values[i] = ec._Vulnerability_vulnerabilityIDs(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +var vulnerabilityIDImplementors = []string{"VulnerabilityID"} + +func (ec *executionContext) _VulnerabilityID(ctx context.Context, sel ast.SelectionSet, obj *model.VulnerabilityID) graphql.Marshaler { + fields := graphql.CollectFields(ec.OperationContext, sel, vulnerabilityIDImplementors) + + out := graphql.NewFieldSet(fields) + deferred := make(map[string]*graphql.FieldSet) + for i, field := range fields { + switch field.Name { + case "__typename": + out.Values[i] = graphql.MarshalString("VulnerabilityID") + case "id": + out.Values[i] = ec._VulnerabilityID_id(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + case "vulnerabilityID": + out.Values[i] = ec._VulnerabilityID_vulnerabilityID(ctx, field, obj) + if out.Values[i] == graphql.Null { + out.Invalids++ + } + default: + panic("unknown field " + strconv.Quote(field.Name)) + } + } + out.Dispatch(ctx) + if out.Invalids > 0 { + return graphql.Null + } + + atomic.AddInt32(&ec.deferred, int32(len(deferred))) + + for label, dfs := range deferred { + ec.processDeferredGroup(graphql.DeferredGroup{ + Label: label, + Path: graphql.GetPath(ctx), + FieldSet: dfs, + Context: ctx, + }) + } + + return out +} + +// endregion **************************** object.gotpl **************************** + +// region ***************************** type.gotpl ***************************** + +func (ec *executionContext) marshalNVulnerability2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx context.Context, sel ast.SelectionSet, v model.Vulnerability) graphql.Marshaler { + return ec._Vulnerability(ctx, sel, &v) +} + +func (ec *executionContext) marshalNVulnerability2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.Vulnerability) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } + + } + wg.Wait() + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + +func (ec *executionContext) marshalNVulnerability2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerability(ctx context.Context, sel ast.SelectionSet, v *model.Vulnerability) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._Vulnerability(ctx, sel, v) +} + +func (ec *executionContext) marshalNVulnerabilityID2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityIDᚄ(ctx context.Context, sel ast.SelectionSet, v []*model.VulnerabilityID) graphql.Marshaler { + ret := make(graphql.Array, len(v)) + var wg sync.WaitGroup + isLen1 := len(v) == 1 + if !isLen1 { + wg.Add(len(v)) + } + for i := range v { + i := i + fc := &graphql.FieldContext{ + Index: &i, + Result: &v[i], + } + ctx := graphql.WithFieldContext(ctx, fc) + f := func(i int) { + defer func() { + if r := recover(); r != nil { + ec.Error(ctx, ec.Recover(ctx, r)) + ret = nil + } + }() + if !isLen1 { + defer wg.Done() + } + ret[i] = ec.marshalNVulnerabilityID2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityID(ctx, sel, v[i]) + } + if isLen1 { + f(i) + } else { + go f(i) + } + + } + wg.Wait() + + for _, e := range ret { + if e == graphql.Null { + return graphql.Null + } + } + + return ret +} + +func (ec *executionContext) marshalNVulnerabilityID2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityID(ctx context.Context, sel ast.SelectionSet, v *model.VulnerabilityID) graphql.Marshaler { + if v == nil { + if !graphql.HasFieldError(ctx, graphql.GetFieldContext(ctx)) { + ec.Errorf(ctx, "the requested element is null which the schema does not allow") + } + return graphql.Null + } + return ec._VulnerabilityID(ctx, sel, v) +} + +func (ec *executionContext) unmarshalNVulnerabilityInputSpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx context.Context, v interface{}) (model.VulnerabilityInputSpec, error) { + res, err := ec.unmarshalInputVulnerabilityInputSpec(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNVulnerabilityInputSpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpecᚄ(ctx context.Context, v interface{}) ([]*model.VulnerabilityInputSpec, error) { + var vSlice []interface{} + if v != nil { + vSlice = graphql.CoerceList(v) + } + var err error + res := make([]*model.VulnerabilityInputSpec, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalNVulnerabilityInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) unmarshalNVulnerabilityInputSpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilityInputSpec(ctx context.Context, v interface{}) (*model.VulnerabilityInputSpec, error) { + res, err := ec.unmarshalInputVulnerabilityInputSpec(ctx, v) + return &res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalNVulnerabilitySpec2githubᚗcomᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx context.Context, v interface{}) (model.VulnerabilitySpec, error) { + res, err := ec.unmarshalInputVulnerabilitySpec(ctx, v) + return res, graphql.ErrorOnPath(ctx, err) +} + +func (ec *executionContext) unmarshalOVulnerabilitySpec2ᚕᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx context.Context, v interface{}) ([]*model.VulnerabilitySpec, error) { + if v == nil { + return nil, nil + } + var vSlice []interface{} + if v != nil { + vSlice = graphql.CoerceList(v) + } + var err error + res := make([]*model.VulnerabilitySpec, len(vSlice)) + for i := range vSlice { + ctx := graphql.WithPathContext(ctx, graphql.NewPathWithIndex(i)) + res[i], err = ec.unmarshalOVulnerabilitySpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx, vSlice[i]) + if err != nil { + return nil, err + } + } + return res, nil +} + +func (ec *executionContext) unmarshalOVulnerabilitySpec2ᚖgithub.comᚋguacsecᚋguacᚋpkgᚋassemblerᚋgraphqlᚋmodelᚐVulnerabilitySpec(ctx context.Context, v interface{}) (*model.VulnerabilitySpec, error) { + if v == nil { + return nil, nil + } + res, err := ec.unmarshalInputVulnerabilitySpec(ctx, v) + return &res, graphql.ErrorOnPath(ctx, err) +} + +// endregion ***************************** type.gotpl ***************************** diff --git a/pkg/assembler/graphql/model/nodes.go b/pkg/assembler/graphql/model/nodes.go index 56c97b633a..af44f3a79e 100644 --- a/pkg/assembler/graphql/model/nodes.go +++ b/pkg/assembler/graphql/model/nodes.go @@ -9,11 +9,6 @@ import ( "time" ) -// CveOrGhsa is a union of CVE and GHSA. -type CveOrGhsa interface { - IsCveOrGhsa() -} - // Node is a union type of all the possible nodes. // // It encapsulates the software tree nodes along with the evidence nodes. In a @@ -38,11 +33,6 @@ type PackageSourceOrArtifact interface { IsPackageSourceOrArtifact() } -// Vulnerability is a union of OSV, CVE, GHSA or the NoVuln node. -type Vulnerability interface { - IsVulnerability() -} - // Artifact represents an artifact identified by a checksum hash. // // The checksum is split into the digest value and the algorithm used to generate @@ -100,41 +90,6 @@ type BuilderSpec struct { URI *string `json:"uri,omitempty"` } -// CVE represents a vulnerability in the Common Vulnerabilities and Exposures -// schema. -// -// The vulnerability identifier contains a year field, so we are extracting that -// to allow matching for vulnerabilities found in a given year. -// -// The vulnerability identifier field is mandatory and canonicalized to be -// lowercase. -// -// This node can be referred to by other parts of GUAC. -type Cve struct { - ID string `json:"id"` - Year int `json:"year"` - CveID string `json:"cveId"` -} - -func (Cve) IsVulnerability() {} - -func (Cve) IsCveOrGhsa() {} - -func (Cve) IsNode() {} - -// CVEInputSpec specifies a CVE vulnerability for mutations. -type CVEInputSpec struct { - Year int `json:"year"` - CveID string `json:"cveId"` -} - -// CVESpec allows filtering the list of advisories to return in a query. -type CVESpec struct { - ID *string `json:"id,omitempty"` - Year *int `json:"year,omitempty"` - CveID *string `json:"cveId,omitempty"` -} - // CertifyBad is an attestation that a package, source, or artifact is considered // bad. // @@ -252,13 +207,13 @@ type CertifyScorecardSpec struct { } // CertifyVEXStatement is an attestation to attach VEX statements to a package or -// artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). +// artifact to clarify the impact of a specific vulnerability. type CertifyVEXStatement struct { ID string `json:"id"` // Subject of attestation Subject PackageOrArtifact `json:"subject"` // Attested vulnerability - Vulnerability Vulnerability `json:"vulnerability"` + Vulnerability *Vulnerability `json:"vulnerability"` // Status of the vulnerabilities with respect to the subject Status VexStatus `json:"status"` // Justification from VEX statement @@ -280,10 +235,9 @@ func (CertifyVEXStatement) IsNode() {} // CertifyVEXStatementSpec allows filtering the list of VEX statements to // return in a query. // -// Only one subject type (package or artifact) and one vulnerability type (CVE, -// GHSA or OSV) may be specified. +// Only one subject type (package or artifact) and one vulnerability may be specified. // -// Note that setting noVuln in VulnerabilitySpec is invalid for VEX statements! +// Note that setting noVuln vulnerability type is invalid for VEX statements! type CertifyVEXStatementSpec struct { ID *string `json:"id,omitempty"` Subject *PackageOrArtifactSpec `json:"subject,omitempty"` @@ -300,15 +254,16 @@ type CertifyVEXStatementSpec struct { // CertifyVuln is an attestation to attach vulnerability information to a package. // // This information is obtained via a scanner. If there is no vulnerability -// detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. +// detected, we attach the a vulnerability with "NoVuln" type and an empty string +// for the vulnerability ID. type CertifyVuln struct { ID string `json:"id"` // The package that is attested Package *Package `json:"package"` - // The vulnerability object. Can be an OSV, CVE, or GHSA or the special NoVuln node. - Vulnerability Vulnerability `json:"vulnerability"` + // The vulnerability can be an be a specific vulnerability or NoVuln type. + Vulnerability *Vulnerability `json:"vulnerability"` // Metadata attached to the certification - Metadata *VulnerabilityMetaData `json:"metadata"` + Metadata *ScanMetadata `json:"metadata"` } func (CertifyVuln) IsNode() {} @@ -319,7 +274,7 @@ func (CertifyVuln) IsNode() {} // Specifying just the package allows to query for all vulnerabilities associated // with the package. // -// Only one vulnerability type (OSV, CVE, GHSA, or special NoVuln) may be +// Only one vulnerability (or NoVuln vulnerability type) may be // specified. type CertifyVulnSpec struct { ID *string `json:"id,omitempty"` @@ -334,49 +289,6 @@ type CertifyVulnSpec struct { Collector *string `json:"collector,omitempty"` } -// CveOrGhsaInput allows using CveOrGhsa union as input type for mutations. -// -// Exactly one field must be specified. -type CveOrGhsaInput struct { - Cve *CVEInputSpec `json:"cve,omitempty"` - Ghsa *GHSAInputSpec `json:"ghsa,omitempty"` -} - -// CveOrGhsaSpec allows using CveOrGhsa union as input type for queries. -// -// Exactly one field must be specified. -type CveOrGhsaSpec struct { - Cve *CVESpec `json:"cve,omitempty"` - Ghsa *GHSASpec `json:"ghsa,omitempty"` -} - -// GHSA represents GitHub security advisories. -// -// The advisory id field is mandatory and canonicalized to be lowercase. -// -// This node can be referred to by other parts of GUAC. -type Ghsa struct { - ID string `json:"id"` - GhsaID string `json:"ghsaId"` -} - -func (Ghsa) IsVulnerability() {} - -func (Ghsa) IsCveOrGhsa() {} - -func (Ghsa) IsNode() {} - -// GHSAInputSpec specifies a GitHub Security Advisory for mutations. -type GHSAInputSpec struct { - GhsaID string `json:"ghsaId"` -} - -// GHSASpec allows filtering the list of advisories to return in a query. -type GHSASpec struct { - ID *string `json:"id,omitempty"` - GhsaID *string `json:"ghsaId,omitempty"` -} - // HasMetadata is an attestation that a package, source, or artifact has a certain // attested property (key) with value (value). For example, a source may have // metadata "SourceRepo2FAEnabled=true". @@ -663,86 +575,11 @@ type IsOccurrenceSpec struct { Collector *string `json:"collector,omitempty"` } -// IsVulnerability is an attestation to link CVE/GHSA with data in OSV. -type IsVulnerability struct { - ID string `json:"id"` - // The OSV that encapsulates the vulnerability - Osv *Osv `json:"osv"` - // The upstream vulnerability information - Vulnerability CveOrGhsa `json:"vulnerability"` - // Justification for the attested relationship - Justification string `json:"justification"` - // Document from which this attestation is generated from - Origin string `json:"origin"` - // GUAC collector for the document - Collector string `json:"collector"` -} - -func (IsVulnerability) IsNode() {} - -// IsVulnerabilityInputSpec represents the input to link CVE/GHSA with OSV data. -type IsVulnerabilityInputSpec struct { - Justification string `json:"justification"` - Origin string `json:"origin"` - Collector string `json:"collector"` -} - -// IsVulnerabilitySpec allows filtering the list of vulnerability links to return -// in a query. -type IsVulnerabilitySpec struct { - ID *string `json:"id,omitempty"` - Osv *OSVSpec `json:"osv,omitempty"` - Vulnerability *CveOrGhsaSpec `json:"vulnerability,omitempty"` - Justification *string `json:"justification,omitempty"` - Origin *string `json:"origin,omitempty"` - Collector *string `json:"collector,omitempty"` -} - // MatchFlags is used to input the PkgMatchType enum. type MatchFlags struct { Pkg PkgMatchType `json:"pkg"` } -// NoVuln is a special vulnerability node to attest that no vulnerability has been -// found during a vulnerability scan. -// -// Backends guarantee that this is a singleton node. -type NoVuln struct { - ID string `json:"id"` -} - -func (NoVuln) IsVulnerability() {} - -func (NoVuln) IsNode() {} - -// OSV represents an Open Source Vulnerability. -// -// The osvId field is mandatory and canonicalized to be lowercase. -// -// This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -// CVE ID). -// -// This node can be referred to by other parts of GUAC. -type Osv struct { - ID string `json:"id"` - OsvID string `json:"osvId"` -} - -func (Osv) IsVulnerability() {} - -func (Osv) IsNode() {} - -// OSVInputSpec specifies a OSV vulnerability for mutations. -type OSVInputSpec struct { - OsvID string `json:"osvId"` -} - -// OSVSpec allows filtering the list of advisories to return in a query. -type OSVSpec struct { - ID *string `json:"id,omitempty"` - OsvID *string `json:"osvId,omitempty"` -} - // Package represents the root of the package trie/tree. // // We map package information to a trie, closely matching the pURL specification @@ -1169,6 +1006,38 @@ type SLSAPredicateSpec struct { Value string `json:"value"` } +// ScanMetadata is the metadata attached to vulnerability certification. +// +// It contains metadata about the scanner process that created the certification. +type ScanMetadata struct { + // Time of scan (in RFC 3339 format) + TimeScanned time.Time `json:"timeScanned"` + // URI of the vulnerability database used by the scanner + DbURI string `json:"dbUri"` + // Version of the vulnerability database used by the scanner + DbVersion string `json:"dbVersion"` + // URI of the scanner + ScannerURI string `json:"scannerUri"` + // Version of the scanner + ScannerVersion string `json:"scannerVersion"` + // Document from which this attestation is generated from + Origin string `json:"origin"` + // GUAC collector for the document + Collector string `json:"collector"` +} + +// ScanMetadataInput represents the input for certifying vulnerability +// scans in mutations. +type ScanMetadataInput struct { + TimeScanned time.Time `json:"timeScanned"` + DbURI string `json:"dbUri"` + DbVersion string `json:"dbVersion"` + ScannerURI string `json:"scannerUri"` + ScannerVersion string `json:"scannerVersion"` + Origin string `json:"origin"` + Collector string `json:"collector"` +} + // Scorecard contains all of the fields present in a Scorecard attestation. // // We also include fields to specify under what conditions the check was performed @@ -1326,65 +1195,101 @@ type VexStatementInputSpec struct { Collector string `json:"collector"` } -// VulnerabilityInput allows using Vulnerability union as -// input type to be used in mutations. -// -// Either noVuln must be set to true or one of osv, cve, or ghsa must be -// set to non-nil. If noVuln is set then this is an ingestion of a known lack of -// vulnerabilities, so the special NoVuln node will be used by the backend. -// Otherwise, the specific vulnerability type will be linked to this attestation. -type VulnerabilityInput struct { - Osv *OSVInputSpec `json:"osv,omitempty"` - Cve *CVEInputSpec `json:"cve,omitempty"` - Ghsa *GHSAInputSpec `json:"ghsa,omitempty"` - NoVuln *bool `json:"noVuln,omitempty"` -} - -// VulnerabilityMetaData is the metadata attached to vulnerability certification. +// VulnEqual is an attestation to link two vulnerabilities together as being equal" // -// It contains metadata about the scanner process that created the certification. -type VulnerabilityMetaData struct { - // Time of scan (in RFC 3339 format) - TimeScanned time.Time `json:"timeScanned"` - // URI of the vulnerability database used by the scanner - DbURI string `json:"dbUri"` - // Version of the vulnerability database used by the scanner - DbVersion string `json:"dbVersion"` - // URI of the scanner - ScannerURI string `json:"scannerUri"` - // Version of the scanner - ScannerVersion string `json:"scannerVersion"` +// Note that setting noVuln vulnerability type is invalid for VulnEqual! +type VulnEqual struct { + ID string `json:"id"` + // Collection of vulnerabilities that are similar + Vulnerabilities []*Vulnerability `json:"vulnerabilities"` + // Justification for the attested relationship + Justification string `json:"justification"` // Document from which this attestation is generated from Origin string `json:"origin"` // GUAC collector for the document Collector string `json:"collector"` } -// VulnerabilityMetaDataInput represents the input for certifying vulnerability -// scans in mutations. -type VulnerabilityMetaDataInput struct { - TimeScanned time.Time `json:"timeScanned"` - DbURI string `json:"dbUri"` - DbVersion string `json:"dbVersion"` - ScannerURI string `json:"scannerUri"` - ScannerVersion string `json:"scannerVersion"` - Origin string `json:"origin"` - Collector string `json:"collector"` +func (VulnEqual) IsNode() {} + +// VulnEqualInputSpec represents the input to link vulnerabilities to each other. +type VulnEqualInputSpec struct { + Justification string `json:"justification"` + Origin string `json:"origin"` + Collector string `json:"collector"` } -// VulnerabilitySpec allows using Vulnerability union as input type to be used in -// read queries. +// VulnEqualSpec allows filtering the list of vulnerability links to return +// in a query. +type VulnEqualSpec struct { + ID *string `json:"id,omitempty"` + Vulnerabilities []*VulnerabilitySpec `json:"vulnerabilities,omitempty"` + Justification *string `json:"justification,omitempty"` + Origin *string `json:"origin,omitempty"` + Collector *string `json:"collector,omitempty"` +} + +// Vulnerability represents the root of the vulnerability trie/tree. +// +// We map vulnerability information to a trie, as a derivative of the pURL specification: +// each path in the trie represents a type and a vulnerability ID. This allows for generic +// representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +// This would be in the general format: vuln:/// +// +// Examples: // -// Either noVuln must be set or exactly one of osv, cve or ghsa -// must be set to non-nil. Setting noVuln to true means retrieving only nodes where -// there is no vulnerability attached. Setting it to false means retrieving only nodes -// with identified vulnerabilities. Setting one of the other fields means retrieving -// certifications for the corresponding vulnerability types. +// CVE, using path separator: vuln://cve/cve-2023-20753 +// OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +// Random vendor: vuln://snyk/sn-whatever +// NoVuln: vuln://novuln/ +// +// This node represents the type part of the trie path. It is used to represent +// the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific +// +// Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +// VulnerabilityType. +// +// NoVuln is a special vulnerability node to attest that no vulnerability has been +// found during a vulnerability scan. It will have the type "novuln" and contain an empty string +// for vulnerabilityID +// +// The resolvers will enforce that both the type and vulnerability IDs are lower case. +type Vulnerability struct { + ID string `json:"id"` + Type string `json:"type"` + VulnerabilityIDs []*VulnerabilityID `json:"vulnerabilityIDs"` +} + +func (Vulnerability) IsNode() {} + +// VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability. +// +// This will be enforced to be all lowercase. +// +// The namespace field is mandatory. +type VulnerabilityID struct { + ID string `json:"id"` + VulnerabilityID string `json:"vulnerabilityID"` +} + +// VulnInputSpec specifies a vulnerability for mutations. +// +// This is different than VulnSpec because we want to encode mandatory fields: +// type and vulnerabilityID. +type VulnerabilityInputSpec struct { + Type string `json:"type"` + VulnerabilityID string `json:"vulnerabilityID"` +} + +// VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query. +// +// Use null to match on all values at that level. +// For example, to get all vulnerabilities in GUAC backend, use a VulnSpec +// where every field is null. type VulnerabilitySpec struct { - Osv *OSVSpec `json:"osv,omitempty"` - Cve *CVESpec `json:"cve,omitempty"` - Ghsa *GHSASpec `json:"ghsa,omitempty"` - NoVuln *bool `json:"noVuln,omitempty"` + ID *string `json:"id,omitempty"` + Type *string `json:"type,omitempty"` + VulnerabilityID *string `json:"vulnerabilityID,omitempty"` } // DependencyType determines the type of the dependency. @@ -1447,83 +1352,69 @@ func (e DependencyType) MarshalGQL(w io.Writer) { type Edge string const ( - EdgeArtifactCertifyBad Edge = "ARTIFACT_CERTIFY_BAD" - EdgeArtifactCertifyGood Edge = "ARTIFACT_CERTIFY_GOOD" - EdgeArtifactCertifyVexStatement Edge = "ARTIFACT_CERTIFY_VEX_STATEMENT" - EdgeArtifactHashEqual Edge = "ARTIFACT_HASH_EQUAL" - EdgeArtifactHasSbom Edge = "ARTIFACT_HAS_SBOM" - EdgeArtifactHasSlsa Edge = "ARTIFACT_HAS_SLSA" - EdgeArtifactIsOccurrence Edge = "ARTIFACT_IS_OCCURRENCE" - EdgeArtifactHasMetadata Edge = "ARTIFACT_HAS_METADATA" - EdgeArtifactPointOfContact Edge = "ARTIFACT_POINT_OF_CONTACT" - EdgeBuilderHasSlsa Edge = "BUILDER_HAS_SLSA" - EdgeCveCertifyVexStatement Edge = "CVE_CERTIFY_VEX_STATEMENT" - EdgeCveCertifyVuln Edge = "CVE_CERTIFY_VULN" - EdgeCveIsVulnerability Edge = "CVE_IS_VULNERABILITY" - EdgeGhsaCertifyVexStatement Edge = "GHSA_CERTIFY_VEX_STATEMENT" - EdgeGhsaCertifyVuln Edge = "GHSA_CERTIFY_VULN" - EdgeGhsaIsVulnerability Edge = "GHSA_IS_VULNERABILITY" - EdgeNoVulnCertifyVuln Edge = "NO_VULN_CERTIFY_VULN" - EdgeOsvCertifyVexStatement Edge = "OSV_CERTIFY_VEX_STATEMENT" - EdgeOsvCertifyVuln Edge = "OSV_CERTIFY_VULN" - EdgeOsvIsVulnerability Edge = "OSV_IS_VULNERABILITY" - EdgePackageCertifyBad Edge = "PACKAGE_CERTIFY_BAD" - EdgePackageCertifyGood Edge = "PACKAGE_CERTIFY_GOOD" - EdgePackageCertifyVexStatement Edge = "PACKAGE_CERTIFY_VEX_STATEMENT" - EdgePackageCertifyVuln Edge = "PACKAGE_CERTIFY_VULN" - EdgePackageHasSbom Edge = "PACKAGE_HAS_SBOM" - EdgePackageHasSourceAt Edge = "PACKAGE_HAS_SOURCE_AT" - EdgePackageIsDependency Edge = "PACKAGE_IS_DEPENDENCY" - EdgePackageIsOccurrence Edge = "PACKAGE_IS_OCCURRENCE" - EdgePackagePkgEqual Edge = "PACKAGE_PKG_EQUAL" - EdgePackageHasMetadata Edge = "PACKAGE_HAS_METADATA" - EdgePackagePointOfContact Edge = "PACKAGE_POINT_OF_CONTACT" - EdgeSourceCertifyBad Edge = "SOURCE_CERTIFY_BAD" - EdgeSourceCertifyGood Edge = "SOURCE_CERTIFY_GOOD" - EdgeSourceCertifyScorecard Edge = "SOURCE_CERTIFY_SCORECARD" - EdgeSourceHasSourceAt Edge = "SOURCE_HAS_SOURCE_AT" - EdgeSourceIsOccurrence Edge = "SOURCE_IS_OCCURRENCE" - EdgeSourceHasMetadata Edge = "SOURCE_HAS_METADATA" - EdgeSourcePointOfContact Edge = "SOURCE_POINT_OF_CONTACT" - EdgeCertifyBadArtifact Edge = "CERTIFY_BAD_ARTIFACT" - EdgeCertifyBadPackage Edge = "CERTIFY_BAD_PACKAGE" - EdgeCertifyBadSource Edge = "CERTIFY_BAD_SOURCE" - EdgeCertifyGoodArtifact Edge = "CERTIFY_GOOD_ARTIFACT" - EdgeCertifyGoodPackage Edge = "CERTIFY_GOOD_PACKAGE" - EdgeCertifyGoodSource Edge = "CERTIFY_GOOD_SOURCE" - EdgeCertifyScorecardSource Edge = "CERTIFY_SCORECARD_SOURCE" - EdgeCertifyVexStatementArtifact Edge = "CERTIFY_VEX_STATEMENT_ARTIFACT" - EdgeCertifyVexStatementCve Edge = "CERTIFY_VEX_STATEMENT_CVE" - EdgeCertifyVexStatementGhsa Edge = "CERTIFY_VEX_STATEMENT_GHSA" - EdgeCertifyVexStatementOsv Edge = "CERTIFY_VEX_STATEMENT_OSV" - EdgeCertifyVexStatementPackage Edge = "CERTIFY_VEX_STATEMENT_PACKAGE" - EdgeCertifyVulnCve Edge = "CERTIFY_VULN_CVE" - EdgeCertifyVulnGhsa Edge = "CERTIFY_VULN_GHSA" - EdgeCertifyVulnNoVuln Edge = "CERTIFY_VULN_NO_VULN" - EdgeCertifyVulnOsv Edge = "CERTIFY_VULN_OSV" - EdgeCertifyVulnPackage Edge = "CERTIFY_VULN_PACKAGE" - EdgeHashEqualArtifact Edge = "HASH_EQUAL_ARTIFACT" - EdgeHasSbomArtifact Edge = "HAS_SBOM_ARTIFACT" - EdgeHasSbomPackage Edge = "HAS_SBOM_PACKAGE" - EdgeHasSlsaBuiltBy Edge = "HAS_SLSA_BUILT_BY" - EdgeHasSlsaMaterials Edge = "HAS_SLSA_MATERIALS" - EdgeHasSlsaSubject Edge = "HAS_SLSA_SUBJECT" - EdgeHasSourceAtPackage Edge = "HAS_SOURCE_AT_PACKAGE" - EdgeHasSourceAtSource Edge = "HAS_SOURCE_AT_SOURCE" - EdgeIsDependencyPackage Edge = "IS_DEPENDENCY_PACKAGE" - EdgeIsOccurrenceArtifact Edge = "IS_OCCURRENCE_ARTIFACT" - EdgeIsOccurrencePackage Edge = "IS_OCCURRENCE_PACKAGE" - EdgeIsOccurrenceSource Edge = "IS_OCCURRENCE_SOURCE" - EdgeIsVulnerabilityCve Edge = "IS_VULNERABILITY_CVE" - EdgeIsVulnerabilityGhsa Edge = "IS_VULNERABILITY_GHSA" - EdgeIsVulnerabilityOsv Edge = "IS_VULNERABILITY_OSV" - EdgePkgEqualPackage Edge = "PKG_EQUAL_PACKAGE" - EdgeHasMetadataPackage Edge = "HAS_METADATA_PACKAGE" - EdgeHasMetadataArtifact Edge = "HAS_METADATA_ARTIFACT" - EdgeHasMetadataSource Edge = "HAS_METADATA_SOURCE" - EdgePointOfContactPackage Edge = "POINT_OF_CONTACT_PACKAGE" - EdgePointOfContactArtifact Edge = "POINT_OF_CONTACT_ARTIFACT" - EdgePointOfContactSource Edge = "POINT_OF_CONTACT_SOURCE" + EdgeArtifactCertifyBad Edge = "ARTIFACT_CERTIFY_BAD" + EdgeArtifactCertifyGood Edge = "ARTIFACT_CERTIFY_GOOD" + EdgeArtifactCertifyVexStatement Edge = "ARTIFACT_CERTIFY_VEX_STATEMENT" + EdgeArtifactHashEqual Edge = "ARTIFACT_HASH_EQUAL" + EdgeArtifactHasSbom Edge = "ARTIFACT_HAS_SBOM" + EdgeArtifactHasSlsa Edge = "ARTIFACT_HAS_SLSA" + EdgeArtifactIsOccurrence Edge = "ARTIFACT_IS_OCCURRENCE" + EdgeArtifactHasMetadata Edge = "ARTIFACT_HAS_METADATA" + EdgeArtifactPointOfContact Edge = "ARTIFACT_POINT_OF_CONTACT" + EdgeBuilderHasSlsa Edge = "BUILDER_HAS_SLSA" + EdgeVulnerabilityCertifyVexStatement Edge = "VULNERABILITY_CERTIFY_VEX_STATEMENT" + EdgeVulnerabilityCertifyVuln Edge = "VULNERABILITY_CERTIFY_VULN" + EdgeVulnerabilityVulnEqual Edge = "VULNERABILITY_VULN_EQUAL" + EdgePackageCertifyBad Edge = "PACKAGE_CERTIFY_BAD" + EdgePackageCertifyGood Edge = "PACKAGE_CERTIFY_GOOD" + EdgePackageCertifyVexStatement Edge = "PACKAGE_CERTIFY_VEX_STATEMENT" + EdgePackageCertifyVuln Edge = "PACKAGE_CERTIFY_VULN" + EdgePackageHasSbom Edge = "PACKAGE_HAS_SBOM" + EdgePackageHasSourceAt Edge = "PACKAGE_HAS_SOURCE_AT" + EdgePackageIsDependency Edge = "PACKAGE_IS_DEPENDENCY" + EdgePackageIsOccurrence Edge = "PACKAGE_IS_OCCURRENCE" + EdgePackagePkgEqual Edge = "PACKAGE_PKG_EQUAL" + EdgePackageHasMetadata Edge = "PACKAGE_HAS_METADATA" + EdgePackagePointOfContact Edge = "PACKAGE_POINT_OF_CONTACT" + EdgeSourceCertifyBad Edge = "SOURCE_CERTIFY_BAD" + EdgeSourceCertifyGood Edge = "SOURCE_CERTIFY_GOOD" + EdgeSourceCertifyScorecard Edge = "SOURCE_CERTIFY_SCORECARD" + EdgeSourceHasSourceAt Edge = "SOURCE_HAS_SOURCE_AT" + EdgeSourceIsOccurrence Edge = "SOURCE_IS_OCCURRENCE" + EdgeSourceHasMetadata Edge = "SOURCE_HAS_METADATA" + EdgeSourcePointOfContact Edge = "SOURCE_POINT_OF_CONTACT" + EdgeCertifyBadArtifact Edge = "CERTIFY_BAD_ARTIFACT" + EdgeCertifyBadPackage Edge = "CERTIFY_BAD_PACKAGE" + EdgeCertifyBadSource Edge = "CERTIFY_BAD_SOURCE" + EdgeCertifyGoodArtifact Edge = "CERTIFY_GOOD_ARTIFACT" + EdgeCertifyGoodPackage Edge = "CERTIFY_GOOD_PACKAGE" + EdgeCertifyGoodSource Edge = "CERTIFY_GOOD_SOURCE" + EdgeCertifyScorecardSource Edge = "CERTIFY_SCORECARD_SOURCE" + EdgeCertifyVexStatementArtifact Edge = "CERTIFY_VEX_STATEMENT_ARTIFACT" + EdgeCertifyVexStatementVulnerability Edge = "CERTIFY_VEX_STATEMENT_VULNERABILITY" + EdgeCertifyVexStatementPackage Edge = "CERTIFY_VEX_STATEMENT_PACKAGE" + EdgeCertifyVulnVulnerability Edge = "CERTIFY_VULN_VULNERABILITY" + EdgeCertifyVulnPackage Edge = "CERTIFY_VULN_PACKAGE" + EdgeHashEqualArtifact Edge = "HASH_EQUAL_ARTIFACT" + EdgeHasSbomArtifact Edge = "HAS_SBOM_ARTIFACT" + EdgeHasSbomPackage Edge = "HAS_SBOM_PACKAGE" + EdgeHasSlsaBuiltBy Edge = "HAS_SLSA_BUILT_BY" + EdgeHasSlsaMaterials Edge = "HAS_SLSA_MATERIALS" + EdgeHasSlsaSubject Edge = "HAS_SLSA_SUBJECT" + EdgeHasSourceAtPackage Edge = "HAS_SOURCE_AT_PACKAGE" + EdgeHasSourceAtSource Edge = "HAS_SOURCE_AT_SOURCE" + EdgeIsDependencyPackage Edge = "IS_DEPENDENCY_PACKAGE" + EdgeIsOccurrenceArtifact Edge = "IS_OCCURRENCE_ARTIFACT" + EdgeIsOccurrencePackage Edge = "IS_OCCURRENCE_PACKAGE" + EdgeIsOccurrenceSource Edge = "IS_OCCURRENCE_SOURCE" + EdgeVulnEqualVulnerability Edge = "VULN_EQUAL_VULNERABILITY" + EdgePkgEqualPackage Edge = "PKG_EQUAL_PACKAGE" + EdgeHasMetadataPackage Edge = "HAS_METADATA_PACKAGE" + EdgeHasMetadataArtifact Edge = "HAS_METADATA_ARTIFACT" + EdgeHasMetadataSource Edge = "HAS_METADATA_SOURCE" + EdgePointOfContactPackage Edge = "POINT_OF_CONTACT_PACKAGE" + EdgePointOfContactArtifact Edge = "POINT_OF_CONTACT_ARTIFACT" + EdgePointOfContactSource Edge = "POINT_OF_CONTACT_SOURCE" ) var AllEdge = []Edge{ @@ -1537,16 +1428,9 @@ var AllEdge = []Edge{ EdgeArtifactHasMetadata, EdgeArtifactPointOfContact, EdgeBuilderHasSlsa, - EdgeCveCertifyVexStatement, - EdgeCveCertifyVuln, - EdgeCveIsVulnerability, - EdgeGhsaCertifyVexStatement, - EdgeGhsaCertifyVuln, - EdgeGhsaIsVulnerability, - EdgeNoVulnCertifyVuln, - EdgeOsvCertifyVexStatement, - EdgeOsvCertifyVuln, - EdgeOsvIsVulnerability, + EdgeVulnerabilityCertifyVexStatement, + EdgeVulnerabilityCertifyVuln, + EdgeVulnerabilityVulnEqual, EdgePackageCertifyBad, EdgePackageCertifyGood, EdgePackageCertifyVexStatement, @@ -1573,14 +1457,9 @@ var AllEdge = []Edge{ EdgeCertifyGoodSource, EdgeCertifyScorecardSource, EdgeCertifyVexStatementArtifact, - EdgeCertifyVexStatementCve, - EdgeCertifyVexStatementGhsa, - EdgeCertifyVexStatementOsv, + EdgeCertifyVexStatementVulnerability, EdgeCertifyVexStatementPackage, - EdgeCertifyVulnCve, - EdgeCertifyVulnGhsa, - EdgeCertifyVulnNoVuln, - EdgeCertifyVulnOsv, + EdgeCertifyVulnVulnerability, EdgeCertifyVulnPackage, EdgeHashEqualArtifact, EdgeHasSbomArtifact, @@ -1594,9 +1473,7 @@ var AllEdge = []Edge{ EdgeIsOccurrenceArtifact, EdgeIsOccurrencePackage, EdgeIsOccurrenceSource, - EdgeIsVulnerabilityCve, - EdgeIsVulnerabilityGhsa, - EdgeIsVulnerabilityOsv, + EdgeVulnEqualVulnerability, EdgePkgEqualPackage, EdgeHasMetadataPackage, EdgeHasMetadataArtifact, @@ -1608,7 +1485,7 @@ var AllEdge = []Edge{ func (e Edge) IsValid() bool { switch e { - case EdgeArtifactCertifyBad, EdgeArtifactCertifyGood, EdgeArtifactCertifyVexStatement, EdgeArtifactHashEqual, EdgeArtifactHasSbom, EdgeArtifactHasSlsa, EdgeArtifactIsOccurrence, EdgeArtifactHasMetadata, EdgeArtifactPointOfContact, EdgeBuilderHasSlsa, EdgeCveCertifyVexStatement, EdgeCveCertifyVuln, EdgeCveIsVulnerability, EdgeGhsaCertifyVexStatement, EdgeGhsaCertifyVuln, EdgeGhsaIsVulnerability, EdgeNoVulnCertifyVuln, EdgeOsvCertifyVexStatement, EdgeOsvCertifyVuln, EdgeOsvIsVulnerability, EdgePackageCertifyBad, EdgePackageCertifyGood, EdgePackageCertifyVexStatement, EdgePackageCertifyVuln, EdgePackageHasSbom, EdgePackageHasSourceAt, EdgePackageIsDependency, EdgePackageIsOccurrence, EdgePackagePkgEqual, EdgePackageHasMetadata, EdgePackagePointOfContact, EdgeSourceCertifyBad, EdgeSourceCertifyGood, EdgeSourceCertifyScorecard, EdgeSourceHasSourceAt, EdgeSourceIsOccurrence, EdgeSourceHasMetadata, EdgeSourcePointOfContact, EdgeCertifyBadArtifact, EdgeCertifyBadPackage, EdgeCertifyBadSource, EdgeCertifyGoodArtifact, EdgeCertifyGoodPackage, EdgeCertifyGoodSource, EdgeCertifyScorecardSource, EdgeCertifyVexStatementArtifact, EdgeCertifyVexStatementCve, EdgeCertifyVexStatementGhsa, EdgeCertifyVexStatementOsv, EdgeCertifyVexStatementPackage, EdgeCertifyVulnCve, EdgeCertifyVulnGhsa, EdgeCertifyVulnNoVuln, EdgeCertifyVulnOsv, EdgeCertifyVulnPackage, EdgeHashEqualArtifact, EdgeHasSbomArtifact, EdgeHasSbomPackage, EdgeHasSlsaBuiltBy, EdgeHasSlsaMaterials, EdgeHasSlsaSubject, EdgeHasSourceAtPackage, EdgeHasSourceAtSource, EdgeIsDependencyPackage, EdgeIsOccurrenceArtifact, EdgeIsOccurrencePackage, EdgeIsOccurrenceSource, EdgeIsVulnerabilityCve, EdgeIsVulnerabilityGhsa, EdgeIsVulnerabilityOsv, EdgePkgEqualPackage, EdgeHasMetadataPackage, EdgeHasMetadataArtifact, EdgeHasMetadataSource, EdgePointOfContactPackage, EdgePointOfContactArtifact, EdgePointOfContactSource: + case EdgeArtifactCertifyBad, EdgeArtifactCertifyGood, EdgeArtifactCertifyVexStatement, EdgeArtifactHashEqual, EdgeArtifactHasSbom, EdgeArtifactHasSlsa, EdgeArtifactIsOccurrence, EdgeArtifactHasMetadata, EdgeArtifactPointOfContact, EdgeBuilderHasSlsa, EdgeVulnerabilityCertifyVexStatement, EdgeVulnerabilityCertifyVuln, EdgeVulnerabilityVulnEqual, EdgePackageCertifyBad, EdgePackageCertifyGood, EdgePackageCertifyVexStatement, EdgePackageCertifyVuln, EdgePackageHasSbom, EdgePackageHasSourceAt, EdgePackageIsDependency, EdgePackageIsOccurrence, EdgePackagePkgEqual, EdgePackageHasMetadata, EdgePackagePointOfContact, EdgeSourceCertifyBad, EdgeSourceCertifyGood, EdgeSourceCertifyScorecard, EdgeSourceHasSourceAt, EdgeSourceIsOccurrence, EdgeSourceHasMetadata, EdgeSourcePointOfContact, EdgeCertifyBadArtifact, EdgeCertifyBadPackage, EdgeCertifyBadSource, EdgeCertifyGoodArtifact, EdgeCertifyGoodPackage, EdgeCertifyGoodSource, EdgeCertifyScorecardSource, EdgeCertifyVexStatementArtifact, EdgeCertifyVexStatementVulnerability, EdgeCertifyVexStatementPackage, EdgeCertifyVulnVulnerability, EdgeCertifyVulnPackage, EdgeHashEqualArtifact, EdgeHasSbomArtifact, EdgeHasSbomPackage, EdgeHasSlsaBuiltBy, EdgeHasSlsaMaterials, EdgeHasSlsaSubject, EdgeHasSourceAtPackage, EdgeHasSourceAtSource, EdgeIsDependencyPackage, EdgeIsOccurrenceArtifact, EdgeIsOccurrencePackage, EdgeIsOccurrenceSource, EdgeVulnEqualVulnerability, EdgePkgEqualPackage, EdgeHasMetadataPackage, EdgeHasMetadataArtifact, EdgeHasMetadataSource, EdgePointOfContactPackage, EdgePointOfContactArtifact, EdgePointOfContactSource: return true } return false diff --git a/pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go b/pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go index 47dfa58c97..92192a4086 100644 --- a/pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go +++ b/pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go @@ -6,16 +6,56 @@ package resolvers import ( "context" + "strings" "github.com/guacsec/guac/pkg/assembler/graphql/model" ) // IngestVEXStatement is the resolver for the ingestVEXStatement field. -func (r *mutationResolver) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInput, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { - return r.Backend.IngestVEXStatement(ctx, subject, vulnerability, vexStatement) +func (r *mutationResolver) IngestVEXStatement(ctx context.Context, subject model.PackageOrArtifactInput, vulnerability model.VulnerabilityInputSpec, vexStatement model.VexStatementInputSpec) (*model.CertifyVEXStatement, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + return r.Backend.IngestVEXStatement(ctx, subject, + model.VulnerabilityInputSpec{Type: strings.ToLower(vulnerability.Type), VulnerabilityID: strings.ToLower(vulnerability.VulnerabilityID)}, + vexStatement) } // CertifyVEXStatement is the resolver for the CertifyVEXStatement field. func (r *queryResolver) CertifyVEXStatement(ctx context.Context, certifyVEXStatementSpec model.CertifyVEXStatementSpec) ([]*model.CertifyVEXStatement, error) { - return r.Backend.CertifyVEXStatement(ctx, &certifyVEXStatementSpec) + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + if certifyVEXStatementSpec.Vulnerability != nil { + lowercaseVulnFilter := model.VulnerabilitySpec{ + Type: toLower(certifyVEXStatementSpec.Vulnerability.Type), + VulnerabilityID: toLower(certifyVEXStatementSpec.Vulnerability.VulnerabilityID), + } + + lowercaseCertifyVexFilter := model.CertifyVEXStatementSpec{ + ID: certifyVEXStatementSpec.ID, + Subject: certifyVEXStatementSpec.Subject, + Vulnerability: &lowercaseVulnFilter, + Status: certifyVEXStatementSpec.Status, + VexJustification: certifyVEXStatementSpec.VexJustification, + Statement: certifyVEXStatementSpec.Statement, + StatusNotes: certifyVEXStatementSpec.StatusNotes, + KnownSince: certifyVEXStatementSpec.KnownSince, + Origin: certifyVEXStatementSpec.Origin, + Collector: certifyVEXStatementSpec.Collector, + } + return r.Backend.CertifyVEXStatement(ctx, &lowercaseCertifyVexFilter) + } else { + return r.Backend.CertifyVEXStatement(ctx, &certifyVEXStatementSpec) + } +} + +// !!! WARNING !!! +// The code below was going to be deleted when updating resolvers. It has been copied here so you have +// one last chance to move it out of harms way if you want. There are two reasons this happens: +// - When renaming or deleting a resolver the old code will be put in here. You can safely delete +// it when you're done. +// - You have helper methods in this file. Move them out to keep these resolver files clean. +func toLower(filter *string) *string { + if filter != nil { + lower := strings.ToLower(*filter) + return &lower + } + return nil } diff --git a/pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go b/pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go index ca894fbf06..22ea24a5ac 100644 --- a/pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go +++ b/pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go @@ -6,16 +6,42 @@ package resolvers import ( "context" + "strings" "github.com/guacsec/guac/pkg/assembler/graphql/model" ) -// IngestVulnerability is the resolver for the ingestVulnerability field. -func (r *mutationResolver) IngestVulnerability(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInput, certifyVuln model.VulnerabilityMetaDataInput) (*model.CertifyVuln, error) { - return r.Backend.IngestVulnerability(ctx, pkg, vulnerability, certifyVuln) +// IngestCertifyVuln is the resolver for the ingestCertifyVuln field. +func (r *mutationResolver) IngestCertifyVuln(ctx context.Context, pkg model.PkgInputSpec, vulnerability model.VulnerabilityInputSpec, certifyVuln model.ScanMetadataInput) (*model.CertifyVuln, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + return r.Backend.IngestCertifyVuln(ctx, pkg, + model.VulnerabilityInputSpec{Type: strings.ToLower(vulnerability.Type), VulnerabilityID: strings.ToLower(vulnerability.VulnerabilityID)}, + certifyVuln) } // CertifyVuln is the resolver for the CertifyVuln field. func (r *queryResolver) CertifyVuln(ctx context.Context, certifyVulnSpec model.CertifyVulnSpec) ([]*model.CertifyVuln, error) { - return r.Backend.CertifyVuln(ctx, &certifyVulnSpec) + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + if certifyVulnSpec.Vulnerability != nil { + lowercaseVulnFilter := model.VulnerabilitySpec{ + Type: toLower(certifyVulnSpec.Vulnerability.Type), + VulnerabilityID: toLower(certifyVulnSpec.Vulnerability.VulnerabilityID), + } + + lowercaseCertifyVulnFilter := model.CertifyVulnSpec{ + ID: certifyVulnSpec.ID, + Package: certifyVulnSpec.Package, + Vulnerability: &lowercaseVulnFilter, + TimeScanned: certifyVulnSpec.TimeScanned, + DbURI: certifyVulnSpec.DbURI, + DbVersion: certifyVulnSpec.DbVersion, + ScannerURI: certifyVulnSpec.ScannerURI, + ScannerVersion: certifyVulnSpec.ScannerVersion, + Origin: certifyVulnSpec.Origin, + Collector: certifyVulnSpec.Collector, + } + return r.Backend.CertifyVuln(ctx, &lowercaseCertifyVulnFilter) + } else { + return r.Backend.CertifyVuln(ctx, &certifyVulnSpec) + } } diff --git a/pkg/assembler/graphql/resolvers/cve.resolvers.go b/pkg/assembler/graphql/resolvers/cve.resolvers.go deleted file mode 100644 index 1dd5da448a..0000000000 --- a/pkg/assembler/graphql/resolvers/cve.resolvers.go +++ /dev/null @@ -1,26 +0,0 @@ -package resolvers - -// This file will be automatically regenerated based on the schema, any resolver implementations -// will be copied through when generating and any unknown code will be moved to the end. -// Code generated by github.com/99designs/gqlgen version v0.17.36 - -import ( - "context" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// IngestCve is the resolver for the ingestCVE field. -func (r *mutationResolver) IngestCve(ctx context.Context, cve *model.CVEInputSpec) (*model.Cve, error) { - return r.Backend.IngestCve(ctx, cve) -} - -// IngestCVEs is the resolver for the ingestCVEs field. -func (r *mutationResolver) IngestCVEs(ctx context.Context, cves []*model.CVEInputSpec) ([]*model.Cve, error) { - return r.Backend.IngestCVEs(ctx, cves) -} - -// Cve is the resolver for the cve field. -func (r *queryResolver) Cve(ctx context.Context, cveSpec model.CVESpec) ([]*model.Cve, error) { - return r.Backend.Cve(ctx, &cveSpec) -} diff --git a/pkg/assembler/graphql/resolvers/ghsa.resolvers.go b/pkg/assembler/graphql/resolvers/ghsa.resolvers.go deleted file mode 100644 index c9cee880e3..0000000000 --- a/pkg/assembler/graphql/resolvers/ghsa.resolvers.go +++ /dev/null @@ -1,26 +0,0 @@ -package resolvers - -// This file will be automatically regenerated based on the schema, any resolver implementations -// will be copied through when generating and any unknown code will be moved to the end. -// Code generated by github.com/99designs/gqlgen version v0.17.36 - -import ( - "context" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// IngestGhsa is the resolver for the ingestGHSA field. -func (r *mutationResolver) IngestGhsa(ctx context.Context, ghsa *model.GHSAInputSpec) (*model.Ghsa, error) { - return r.Backend.IngestGhsa(ctx, ghsa) -} - -// IngestGHSAs is the resolver for the ingestGHSAs field. -func (r *mutationResolver) IngestGHSAs(ctx context.Context, ghsas []*model.GHSAInputSpec) ([]*model.Ghsa, error) { - return r.Backend.IngestGHSAs(ctx, ghsas) -} - -// Ghsa is the resolver for the ghsa field. -func (r *queryResolver) Ghsa(ctx context.Context, ghsaSpec model.GHSASpec) ([]*model.Ghsa, error) { - return r.Backend.Ghsa(ctx, &ghsaSpec) -} diff --git a/pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go b/pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go deleted file mode 100644 index 604911f97a..0000000000 --- a/pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go +++ /dev/null @@ -1,21 +0,0 @@ -package resolvers - -// This file will be automatically regenerated based on the schema, any resolver implementations -// will be copied through when generating and any unknown code will be moved to the end. -// Code generated by github.com/99designs/gqlgen version v0.17.36 - -import ( - "context" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// IngestIsVulnerability is the resolver for the ingestIsVulnerability field. -func (r *mutationResolver) IngestIsVulnerability(ctx context.Context, osv model.OSVInputSpec, vulnerability model.CveOrGhsaInput, isVulnerability model.IsVulnerabilityInputSpec) (*model.IsVulnerability, error) { - return r.Backend.IngestIsVulnerability(ctx, osv, vulnerability, isVulnerability) -} - -// IsVulnerability is the resolver for the IsVulnerability field. -func (r *queryResolver) IsVulnerability(ctx context.Context, isVulnerabilitySpec model.IsVulnerabilitySpec) ([]*model.IsVulnerability, error) { - return r.Backend.IsVulnerability(ctx, &isVulnerabilitySpec) -} diff --git a/pkg/assembler/graphql/resolvers/osv.resolvers.go b/pkg/assembler/graphql/resolvers/osv.resolvers.go deleted file mode 100644 index 85b7a1898c..0000000000 --- a/pkg/assembler/graphql/resolvers/osv.resolvers.go +++ /dev/null @@ -1,26 +0,0 @@ -package resolvers - -// This file will be automatically regenerated based on the schema, any resolver implementations -// will be copied through when generating and any unknown code will be moved to the end. -// Code generated by github.com/99designs/gqlgen version v0.17.36 - -import ( - "context" - - "github.com/guacsec/guac/pkg/assembler/graphql/model" -) - -// IngestOsv is the resolver for the ingestOSV field. -func (r *mutationResolver) IngestOsv(ctx context.Context, osv *model.OSVInputSpec) (*model.Osv, error) { - return r.Backend.IngestOsv(ctx, osv) -} - -// IngestOSVs is the resolver for the ingestOSVs field. -func (r *mutationResolver) IngestOSVs(ctx context.Context, osvs []*model.OSVInputSpec) ([]*model.Osv, error) { - return r.Backend.IngestOSVs(ctx, osvs) -} - -// Osv is the resolver for the osv field. -func (r *queryResolver) Osv(ctx context.Context, osvSpec model.OSVSpec) ([]*model.Osv, error) { - return r.Backend.Osv(ctx, &osvSpec) -} diff --git a/pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go b/pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go new file mode 100644 index 0000000000..f0686e0d13 --- /dev/null +++ b/pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go @@ -0,0 +1,53 @@ +package resolvers + +// This file will be automatically regenerated based on the schema, any resolver implementations +// will be copied through when generating and any unknown code will be moved to the end. +// Code generated by github.com/99designs/gqlgen version v0.17.36 + +import ( + "context" + "strings" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" + "github.com/vektah/gqlparser/v2/gqlerror" +) + +// IngestVulnEqual is the resolver for the ingestVulnEqual field. +func (r *mutationResolver) IngestVulnEqual(ctx context.Context, vulnerability model.VulnerabilityInputSpec, otherVulnerability model.VulnerabilityInputSpec, vulnEqual model.VulnEqualInputSpec) (*model.VulnEqual, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + return r.Backend.IngestVulnEqual(ctx, + model.VulnerabilityInputSpec{Type: strings.ToLower(vulnerability.Type), VulnerabilityID: strings.ToLower(vulnerability.VulnerabilityID)}, + model.VulnerabilityInputSpec{Type: strings.ToLower(otherVulnerability.Type), VulnerabilityID: strings.ToLower(otherVulnerability.VulnerabilityID)}, + vulnEqual) +} + +// VulnEqual is the resolver for the vulnEqual field. +func (r *queryResolver) VulnEqual(ctx context.Context, vulnEqualSpec model.VulnEqualSpec) ([]*model.VulnEqual, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + + if vulnEqualSpec.Vulnerabilities != nil && len(vulnEqualSpec.Vulnerabilities) > 2 { + return nil, gqlerror.Errorf("cannot specify more than 2 vulnerabilities in VulnEqual") + } + + if len(vulnEqualSpec.Vulnerabilities) > 0 { + var lowercaseVulnFilterList []*model.VulnerabilitySpec + for _, v := range vulnEqualSpec.Vulnerabilities { + lowercaseVulnFilter := model.VulnerabilitySpec{ + Type: toLower(v.Type), + VulnerabilityID: toLower(v.VulnerabilityID), + } + lowercaseVulnFilterList = append(lowercaseVulnFilterList, &lowercaseVulnFilter) + } + + lowercaseVulnEqualFilter := model.VulnEqualSpec{ + ID: vulnEqualSpec.ID, + Vulnerabilities: lowercaseVulnFilterList, + Justification: vulnEqualSpec.Justification, + Origin: vulnEqualSpec.Origin, + Collector: vulnEqualSpec.Collector, + } + return r.Backend.VulnEqual(ctx, &lowercaseVulnEqualFilter) + } else { + return r.Backend.VulnEqual(ctx, &vulnEqualSpec) + } +} diff --git a/pkg/assembler/graphql/resolvers/vulnerability.resolvers.go b/pkg/assembler/graphql/resolvers/vulnerability.resolvers.go new file mode 100644 index 0000000000..98a9bd275c --- /dev/null +++ b/pkg/assembler/graphql/resolvers/vulnerability.resolvers.go @@ -0,0 +1,38 @@ +package resolvers + +// This file will be automatically regenerated based on the schema, any resolver implementations +// will be copied through when generating and any unknown code will be moved to the end. +// Code generated by github.com/99designs/gqlgen version v0.17.36 + +import ( + "context" + "strings" + + "github.com/guacsec/guac/pkg/assembler/graphql/model" +) + +// IngestVulnerability is the resolver for the ingestVulnerability field. +func (r *mutationResolver) IngestVulnerability(ctx context.Context, vuln model.VulnerabilityInputSpec) (*model.Vulnerability, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + return r.Backend.IngestVulnerability(ctx, model.VulnerabilityInputSpec{Type: strings.ToLower(vuln.Type), VulnerabilityID: strings.ToLower(vuln.VulnerabilityID)}) +} + +// IngestVulnerabilities is the resolver for the ingestVulnerabilities field. +func (r *mutationResolver) IngestVulnerabilities(ctx context.Context, vulns []*model.VulnerabilityInputSpec) ([]*model.Vulnerability, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + var lowercaseVulnInputList []*model.VulnerabilityInputSpec + for _, v := range vulns { + lowercaseVulnInput := model.VulnerabilityInputSpec{ + Type: strings.ToLower(v.Type), + VulnerabilityID: strings.ToLower(v.VulnerabilityID), + } + lowercaseVulnInputList = append(lowercaseVulnInputList, &lowercaseVulnInput) + } + return r.Backend.IngestVulnerabilities(ctx, lowercaseVulnInputList) +} + +// Vulnerabilities is the resolver for the vulnerabilities field. +func (r *queryResolver) Vulnerabilities(ctx context.Context, vulnSpec model.VulnerabilitySpec) ([]*model.Vulnerability, error) { + // vulnerability input (type and vulnerability ID) will be enforced to be lowercase + return r.Backend.Vulnerabilities(ctx, &model.VulnerabilitySpec{Type: toLower(vulnSpec.Type), VulnerabilityID: toLower(vulnSpec.VulnerabilityID)}) +} diff --git a/pkg/assembler/graphql/schema/certifyVEXStatement.graphql b/pkg/assembler/graphql/schema/certifyVEXStatement.graphql index 7b91dfd62e..3e34fd9432 100644 --- a/pkg/assembler/graphql/schema/certifyVEXStatement.graphql +++ b/pkg/assembler/graphql/schema/certifyVEXStatement.graphql @@ -71,7 +71,7 @@ enum VexJustification { """ CertifyVEXStatement is an attestation to attach VEX statements to a package or -artifact to clarify the impact of a specific vulnerability (CVE, GHSA or OSV). +artifact to clarify the impact of a specific vulnerability. """ type CertifyVEXStatement { id: ID! @@ -99,10 +99,9 @@ type CertifyVEXStatement { CertifyVEXStatementSpec allows filtering the list of VEX statements to return in a query. -Only one subject type (package or artifact) and one vulnerability type (CVE, -GHSA or OSV) may be specified. +Only one subject type (package or artifact) and one vulnerability may be specified. -Note that setting noVuln in VulnerabilitySpec is invalid for VEX statements! +Note that setting noVuln vulnerability type is invalid for VEX statements! """ input CertifyVEXStatementSpec { id: ID @@ -135,5 +134,5 @@ extend type Query { extend type Mutation { "Adds a VEX certification for a package." - ingestVEXStatement(subject: PackageOrArtifactInput!, vulnerability: VulnerabilityInput!, vexStatement: VexStatementInputSpec!): CertifyVEXStatement! + ingestVEXStatement(subject: PackageOrArtifactInput!, vulnerability: VulnerabilityInputSpec!, vexStatement: VexStatementInputSpec!): CertifyVEXStatement! } diff --git a/pkg/assembler/graphql/schema/certifyVuln.graphql b/pkg/assembler/graphql/schema/certifyVuln.graphql index f39c57f33d..db1553324d 100644 --- a/pkg/assembler/graphql/schema/certifyVuln.graphql +++ b/pkg/assembler/graphql/schema/certifyVuln.graphql @@ -17,74 +17,29 @@ # Defines a GraphQL schema for the vulnerability certifications -""" -NoVuln is a special vulnerability node to attest that no vulnerability has been -found during a vulnerability scan. - -Backends guarantee that this is a singleton node. -""" -type NoVuln { - id: ID! -} - -"Vulnerability is a union of OSV, CVE, GHSA or the NoVuln node." -union Vulnerability = OSV | CVE | GHSA | NoVuln - -""" -VulnerabilitySpec allows using Vulnerability union as input type to be used in -read queries. - -Either noVuln must be set or exactly one of osv, cve or ghsa -must be set to non-nil. Setting noVuln to true means retrieving only nodes where -there is no vulnerability attached. Setting it to false means retrieving only nodes -with identified vulnerabilities. Setting one of the other fields means retrieving -certifications for the corresponding vulnerability types. -""" -input VulnerabilitySpec { - osv: OSVSpec - cve: CVESpec - ghsa: GHSASpec - noVuln: Boolean -} - -""" -VulnerabilityInput allows using Vulnerability union as -input type to be used in mutations. - -Either noVuln must be set to true or one of osv, cve, or ghsa must be -set to non-nil. If noVuln is set then this is an ingestion of a known lack of -vulnerabilities, so the special NoVuln node will be used by the backend. -Otherwise, the specific vulnerability type will be linked to this attestation. -""" -input VulnerabilityInput { - osv: OSVInputSpec - cve: CVEInputSpec - ghsa: GHSAInputSpec - noVuln: Boolean -} - """ CertifyVuln is an attestation to attach vulnerability information to a package. This information is obtained via a scanner. If there is no vulnerability -detected (no OSV, CVE, or GHSA), we attach the special NoVuln node. +detected, we attach the a vulnerability with "NoVuln" type and an empty string +for the vulnerability ID. """ type CertifyVuln { id: ID! "The package that is attested" package: Package! - "The vulnerability object. Can be an OSV, CVE, or GHSA or the special NoVuln node." + "The vulnerability can be an be a specific vulnerability or NoVuln type." vulnerability: Vulnerability! "Metadata attached to the certification" - metadata: VulnerabilityMetaData! + metadata: ScanMetadata! } """ -VulnerabilityMetaData is the metadata attached to vulnerability certification. +ScanMetadata is the metadata attached to vulnerability certification. It contains metadata about the scanner process that created the certification. """ -type VulnerabilityMetaData { +type ScanMetadata { "Time of scan (in RFC 3339 format)" timeScanned: Time! "URI of the vulnerability database used by the scanner" @@ -108,7 +63,7 @@ return in a query. Specifying just the package allows to query for all vulnerabilities associated with the package. -Only one vulnerability type (OSV, CVE, GHSA, or special NoVuln) may be +Only one vulnerability (or NoVuln vulnerability type) may be specified. """ input CertifyVulnSpec { @@ -125,10 +80,10 @@ input CertifyVulnSpec { } """ -VulnerabilityMetaDataInput represents the input for certifying vulnerability +ScanMetadataInput represents the input for certifying vulnerability scans in mutations. """ -input VulnerabilityMetaDataInput { +input ScanMetadataInput { timeScanned: Time! dbUri: String! dbVersion: String! @@ -145,5 +100,5 @@ extend type Query { extend type Mutation { "Adds a certification that a package has been scanned for vulnerabilities." - ingestVulnerability(pkg: PkgInputSpec!, vulnerability: VulnerabilityInput!, certifyVuln: VulnerabilityMetaDataInput!): CertifyVuln! + ingestCertifyVuln(pkg: PkgInputSpec!, vulnerability: VulnerabilityInputSpec!, certifyVuln: ScanMetadataInput!): CertifyVuln! } diff --git a/pkg/assembler/graphql/schema/cve.graphql b/pkg/assembler/graphql/schema/cve.graphql deleted file mode 100644 index d389ba877a..0000000000 --- a/pkg/assembler/graphql/schema/cve.graphql +++ /dev/null @@ -1,61 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema for a vulnerability in CVE schema - -""" -CVE represents a vulnerability in the Common Vulnerabilities and Exposures -schema. - -The vulnerability identifier contains a year field, so we are extracting that -to allow matching for vulnerabilities found in a given year. - -The vulnerability identifier field is mandatory and canonicalized to be -lowercase. - -This node can be referred to by other parts of GUAC. -""" -type CVE { - id: ID! - year: Int! - cveId: String! -} - -"CVESpec allows filtering the list of advisories to return in a query." -input CVESpec { - id: ID - year: Int - cveId: String -} - -"CVEInputSpec specifies a CVE vulnerability for mutations." -input CVEInputSpec { - year: Int! - cveId: String! -} - -extend type Query { - "Returns all CVEs matching a filter." - cve(cveSpec: CVESpec!): [CVE!]! -} - -extend type Mutation { - "Ingests new CVE and returns it." - ingestCVE(cve: CVEInputSpec): CVE! - "Bulk ingests new CVEs and returns a list of them." - ingestCVEs(cves: [CVEInputSpec!]!): [CVE!]! -} diff --git a/pkg/assembler/graphql/schema/ghsa.graphql b/pkg/assembler/graphql/schema/ghsa.graphql deleted file mode 100644 index afa7d9160a..0000000000 --- a/pkg/assembler/graphql/schema/ghsa.graphql +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -""" -GHSA represents GitHub security advisories. - -The advisory id field is mandatory and canonicalized to be lowercase. - -This node can be referred to by other parts of GUAC. -""" -type GHSA { - id: ID! - ghsaId: String! -} - -"GHSASpec allows filtering the list of advisories to return in a query." -input GHSASpec { - id: ID - ghsaId: String -} - -"GHSAInputSpec specifies a GitHub Security Advisory for mutations." -input GHSAInputSpec { - ghsaId: String! -} - -extend type Query { - "Returns all GitHub Security Advisories matching a filter." - ghsa(ghsaSpec: GHSASpec!): [GHSA!]! -} - -extend type Mutation { - "Ingests a new GitHub Security Advisory and returns it." - ingestGHSA(ghsa: GHSAInputSpec): GHSA! - "Bulk ingests new GHSAs and returns a list of them." - ingestGHSAs(ghsas: [GHSAInputSpec!]!): [GHSA!]! -} diff --git a/pkg/assembler/graphql/schema/isVulnerability.graphql b/pkg/assembler/graphql/schema/isVulnerability.graphql deleted file mode 100644 index 8f681e5b43..0000000000 --- a/pkg/assembler/graphql/schema/isVulnerability.graphql +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema to link CVE/GHSA to the OSV data - -"CveOrGhsa is a union of CVE and GHSA." -union CveOrGhsa = CVE | GHSA - -""" -CveOrGhsaSpec allows using CveOrGhsa union as input type for queries. - -Exactly one field must be specified. -""" -input CveOrGhsaSpec { - cve: CVESpec - ghsa: GHSASpec -} - -""" -CveOrGhsaInput allows using CveOrGhsa union as input type for mutations. - -Exactly one field must be specified. -""" -input CveOrGhsaInput { - cve: CVEInputSpec - ghsa: GHSAInputSpec -} - -"IsVulnerability is an attestation to link CVE/GHSA with data in OSV." -type IsVulnerability { - id: ID! - "The OSV that encapsulates the vulnerability" - osv: OSV! - "The upstream vulnerability information" - vulnerability: CveOrGhsa! - "Justification for the attested relationship" - justification: String! - "Document from which this attestation is generated from" - origin: String! - "GUAC collector for the document" - collector: String! -} - -""" -IsVulnerabilitySpec allows filtering the list of vulnerability links to return -in a query. -""" -input IsVulnerabilitySpec { - id: ID - osv: OSVSpec - vulnerability: CveOrGhsaSpec - justification: String - origin: String - collector: String -} - -"IsVulnerabilityInputSpec represents the input to link CVE/GHSA with OSV data." -input IsVulnerabilityInputSpec { - justification: String! - origin: String! - collector: String! -} - -extend type Query { - "Returns all OSV-CVE/GHSA vulnerability mappings that match a filter." - IsVulnerability(isVulnerabilitySpec: IsVulnerabilitySpec!): [IsVulnerability!]! -} - -extend type Mutation { - "Ingest a mapping between an OSV entry and a CVE/GHSA vulnerability." - ingestIsVulnerability(osv: OSVInputSpec!, vulnerability: CveOrGhsaInput!, isVulnerability: IsVulnerabilityInputSpec!): IsVulnerability! -} diff --git a/pkg/assembler/graphql/schema/osv.graphql b/pkg/assembler/graphql/schema/osv.graphql deleted file mode 100644 index 3cb4099b0e..0000000000 --- a/pkg/assembler/graphql/schema/osv.graphql +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright 2023 The GUAC Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# NOTE: This is experimental and might change in the future! - -# Defines a GraphQL schema for a vulnerability in OSV schema - -""" -OSV represents an Open Source Vulnerability. - -The osvId field is mandatory and canonicalized to be lowercase. - -This maps to a vulnerability ID specific to the environment (e.g., GHSA ID or -CVE ID). - -This node can be referred to by other parts of GUAC. -""" -type OSV { - id: ID! - osvId: String! -} - -"OSVSpec allows filtering the list of advisories to return in a query." -input OSVSpec { - id: ID - osvId: String -} - -"OSVInputSpec specifies a OSV vulnerability for mutations." -input OSVInputSpec { - osvId: String! -} - -extend type Query { - "Returns all OSV vulnerabilities matching a filter." - osv(osvSpec: OSVSpec!): [OSV!]! -} - -extend type Mutation { - "Ingests a new OSV vulnerability and returns it." - ingestOSV(osv: OSVInputSpec): OSV! - "Bulk ingests new OSVs and returns a list of them." - ingestOSVs(osvs: [OSVInputSpec!]!): [OSV!]! -} diff --git a/pkg/assembler/graphql/schema/path.graphql b/pkg/assembler/graphql/schema/path.graphql index 60f54fd9ed..af6643f9a1 100644 --- a/pkg/assembler/graphql/schema/path.graphql +++ b/pkg/assembler/graphql/schema/path.graphql @@ -29,13 +29,10 @@ union Node | Source | Artifact | Builder - | OSV - | CVE - | GHSA - | NoVuln + | Vulnerability | IsOccurrence | IsDependency - | IsVulnerability + | VulnEqual | CertifyVEXStatement | HashEqual | CertifyBad @@ -72,16 +69,9 @@ enum Edge { ARTIFACT_HAS_METADATA ARTIFACT_POINT_OF_CONTACT BUILDER_HAS_SLSA - CVE_CERTIFY_VEX_STATEMENT - CVE_CERTIFY_VULN - CVE_IS_VULNERABILITY - GHSA_CERTIFY_VEX_STATEMENT - GHSA_CERTIFY_VULN - GHSA_IS_VULNERABILITY - NO_VULN_CERTIFY_VULN - OSV_CERTIFY_VEX_STATEMENT - OSV_CERTIFY_VULN - OSV_IS_VULNERABILITY + VULNERABILITY_CERTIFY_VEX_STATEMENT + VULNERABILITY_CERTIFY_VULN + VULNERABILITY_VULN_EQUAL PACKAGE_CERTIFY_BAD PACKAGE_CERTIFY_GOOD PACKAGE_CERTIFY_VEX_STATEMENT @@ -109,14 +99,9 @@ enum Edge { CERTIFY_GOOD_SOURCE CERTIFY_SCORECARD_SOURCE CERTIFY_VEX_STATEMENT_ARTIFACT - CERTIFY_VEX_STATEMENT_CVE - CERTIFY_VEX_STATEMENT_GHSA - CERTIFY_VEX_STATEMENT_OSV + CERTIFY_VEX_STATEMENT_VULNERABILITY CERTIFY_VEX_STATEMENT_PACKAGE - CERTIFY_VULN_CVE - CERTIFY_VULN_GHSA - CERTIFY_VULN_NO_VULN - CERTIFY_VULN_OSV + CERTIFY_VULN_VULNERABILITY CERTIFY_VULN_PACKAGE HASH_EQUAL_ARTIFACT HAS_SBOM_ARTIFACT @@ -130,9 +115,7 @@ enum Edge { IS_OCCURRENCE_ARTIFACT IS_OCCURRENCE_PACKAGE IS_OCCURRENCE_SOURCE - IS_VULNERABILITY_CVE - IS_VULNERABILITY_GHSA - IS_VULNERABILITY_OSV + VULN_EQUAL_VULNERABILITY PKG_EQUAL_PACKAGE HAS_METADATA_PACKAGE HAS_METADATA_ARTIFACT diff --git a/pkg/assembler/graphql/schema/vulnEqual.graphql b/pkg/assembler/graphql/schema/vulnEqual.graphql new file mode 100644 index 0000000000..0f06b4534b --- /dev/null +++ b/pkg/assembler/graphql/schema/vulnEqual.graphql @@ -0,0 +1,65 @@ +# +# Copyright 2023 The GUAC Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This is experimental and might change in the future! + +# Defines a GraphQL schema to link vulnerabilities together + +""" +VulnEqual is an attestation to link two vulnerabilities together as being equal" + +Note that setting noVuln vulnerability type is invalid for VulnEqual! + +""" +type VulnEqual { + id: ID! + "Collection of vulnerabilities that are similar" + vulnerabilities: [Vulnerability!]! + "Justification for the attested relationship" + justification: String! + "Document from which this attestation is generated from" + origin: String! + "GUAC collector for the document" + collector: String! +} + +""" +VulnEqualSpec allows filtering the list of vulnerability links to return +in a query. +""" +input VulnEqualSpec { + id: ID + vulnerabilities: [VulnerabilitySpec] + justification: String + origin: String + collector: String +} + +"VulnEqualInputSpec represents the input to link vulnerabilities to each other." +input VulnEqualInputSpec { + justification: String! + origin: String! + collector: String! +} + +extend type Query { + "Returns all equal vulnerability mappings that match a filter." + vulnEqual(vulnEqualSpec: VulnEqualSpec!): [VulnEqual!]! +} + +extend type Mutation { + "Ingest a mapping between vulnerabilities." + ingestVulnEqual(vulnerability: VulnerabilityInputSpec!, otherVulnerability: VulnerabilityInputSpec!, vulnEqual: VulnEqualInputSpec!): VulnEqual! +} diff --git a/pkg/assembler/graphql/schema/vulnerability.graphql b/pkg/assembler/graphql/schema/vulnerability.graphql new file mode 100644 index 0000000000..20220c176e --- /dev/null +++ b/pkg/assembler/graphql/schema/vulnerability.graphql @@ -0,0 +1,101 @@ +# +# Copyright 2023 The GUAC Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE: This is experimental and might change in the future! + +# Defines a GraphQL schema for the vulnerability trie/tree + +""" +Vulnerability represents the root of the vulnerability trie/tree. + +We map vulnerability information to a trie, as a derivative of the pURL specification: +each path in the trie represents a type and a vulnerability ID. This allows for generic +representation of the various vulnerabilities and does not limit to just cve, ghsa or osv. +This would be in the general format: vuln:/// + +Examples: + +CVE, using path separator: vuln://cve/cve-2023-20753 +OSV, representing its knowledge of a GHSA: vuln://osv/ghsa-205hk +Random vendor: vuln://snyk/sn-whatever +NoVuln: vuln://novuln/ + + +This node represents the type part of the trie path. It is used to represent +the specific type of the vulnerability: cve, ghsa, osv or some other vendor specific + +Since this node is at the root of the vulnerability trie, it is named Vulnerability, not +VulnerabilityType. + +NoVuln is a special vulnerability node to attest that no vulnerability has been +found during a vulnerability scan. It will have the type "novuln" and contain an empty string +for vulnerabilityID + +The resolvers will enforce that both the type and vulnerability IDs are lower case. +""" +type Vulnerability { + id: ID! + type: String! + vulnerabilityIDs: [VulnerabilityID!]! +} + +""" +VulnerabilityID is a specific vulnerability ID associated with the type of the vulnerability. + +This will be enforced to be all lowercase. + +The namespace field is mandatory. +""" +type VulnerabilityID { + id: ID! + vulnerabilityID: String! +} + +""" +VulnerabilitySpec allows filtering the list of vulnerabilities to return in a query. + +Use null to match on all values at that level. +For example, to get all vulnerabilities in GUAC backend, use a VulnSpec +where every field is null. + +""" +input VulnerabilitySpec { + id: ID + type: String + vulnerabilityID: String +} + +""" +VulnInputSpec specifies a vulnerability for mutations. + +This is different than VulnSpec because we want to encode mandatory fields: +type and vulnerabilityID. +""" +input VulnerabilityInputSpec { + type: String! + vulnerabilityID: String! +} + +extend type Query { + "Returns all vulnerabilities matching a filter." + vulnerabilities(vulnSpec: VulnerabilitySpec!): [Vulnerability!]! +} + +extend type Mutation { + "Ingests a new vulnerability and returns the corresponding vulnerability trie path." + ingestVulnerability(vuln: VulnerabilityInputSpec!): Vulnerability! + "Bulk ingests vulnerabilities and returns the list of corresponding vulnerability trie path." + ingestVulnerabilities(vulns: [VulnerabilityInputSpec!]!): [Vulnerability!]! +} diff --git a/pkg/assembler/helpers/vuln.go b/pkg/assembler/helpers/vuln.go index f2f1df785a..91fa9f69e7 100644 --- a/pkg/assembler/helpers/vuln.go +++ b/pkg/assembler/helpers/vuln.go @@ -17,31 +17,23 @@ package helpers import ( "fmt" - "strconv" "strings" "github.com/guacsec/guac/pkg/assembler/clients/generated" ) -func OSVToGHSACVE(OSVId string) (*generated.CVEInputSpec, *generated.GHSAInputSpec, error) { - if strings.HasPrefix(OSVId, "CVE") { - p := strings.Split(OSVId, "-") - if len(p) != 3 { - return nil, nil, fmt.Errorf("malformed CVE identifier: %q", OSVId) - } - year, err := strconv.Atoi(p[1]) - if err != nil { - return nil, nil, fmt.Errorf("failed to convert year to int: %w", err) - } - return &generated.CVEInputSpec{ - CveId: OSVId, - Year: year, - }, nil, nil - } - if strings.HasPrefix(OSVId, "GHSA") { - return nil, &generated.GHSAInputSpec{ - GhsaId: OSVId, - }, nil +func VulnInputToVURI(vuln *generated.VulnerabilityInputSpec) string { + s := fmt.Sprintf("vuln://%s/%s", strings.ToLower(vuln.Type), strings.ToLower(vuln.VulnerabilityID)) + return s +} + +func CreateVulnInput(vulnID string) (*generated.VulnerabilityInputSpec, error) { + v := strings.Split(vulnID, "-") + if len(v) == 1 { + return nil, fmt.Errorf("malformed vulnerability identifier: %q", vulnID) } - return nil, nil, fmt.Errorf("unknown OSV identifier: %q", OSVId) + return &generated.VulnerabilityInputSpec{ + Type: strings.ToLower(v[0]), + VulnerabilityID: strings.ToLower(vulnID), + }, nil } diff --git a/pkg/assembler/helpers/vuln_test.go b/pkg/assembler/helpers/vuln_test.go index f1ae4b38e9..3aca4cb61e 100644 --- a/pkg/assembler/helpers/vuln_test.go +++ b/pkg/assembler/helpers/vuln_test.go @@ -23,61 +23,115 @@ import ( "github.com/guacsec/guac/pkg/assembler/helpers" ) -func TestOSVToGHSACVE(t *testing.T) { +func TestVulnInputToVURI(t *testing.T) { + tests := []struct { + Name string + Input *generated.VulnerabilityInputSpec + ExpVURI string + }{ + { + Name: "cve", + Input: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-2023-8675", + }, + ExpVURI: "vuln://cve/cve-2023-8675", + }, + { + Name: "ghsa", + Input: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "GHSA-gwvq-rgqf-993f", + }, + ExpVURI: "vuln://ghsa/ghsa-gwvq-rgqf-993f", + }, + { + Name: "dsa", + Input: &generated.VulnerabilityInputSpec{ + Type: "DSA", + VulnerabilityID: "DSA-5464-1", + }, + ExpVURI: "vuln://dsa/dsa-5464-1", + }, + { + Name: "osv", + Input: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "DLA-3515-1", + }, + ExpVURI: "vuln://osv/dla-3515-1", + }, + } + for _, test := range tests { + t.Run(test.Name, func(t *testing.T) { + vuln := helpers.VulnInputToVURI(test.Input) + if diff := cmp.Diff(test.ExpVURI, vuln); diff != "" { + t.Errorf("Unexpected results. (-want +got):\n%s", diff) + } + }) + } +} + +func TestCreateVulnInput(t *testing.T) { tests := []struct { Name string Input string - ExpCVE *generated.CVEInputSpec - ExpGHSA *generated.GHSAInputSpec + ExpVuln *generated.VulnerabilityInputSpec ExpErr bool }{ { Name: "Good CVE", Input: "CVE-1999-1234", - ExpCVE: &generated.CVEInputSpec{ - CveId: "CVE-1999-1234", - Year: 1999, + ExpVuln: &generated.VulnerabilityInputSpec{ + Type: "cve", + VulnerabilityID: "cve-1999-1234", }, - ExpGHSA: nil, - ExpErr: false, + ExpErr: false, }, { - Name: "Good GHSA", - Input: "GHSA-1234-asdf-qwer", - ExpCVE: nil, - ExpGHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-1234-asdf-qwer", + Name: "Good GHSA", + Input: "GHSA-1234-asdf-qwer", + ExpVuln: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-1234-asdf-qwer", }, ExpErr: false, }, { - Name: "Bad CVE", - Input: "CVE-1999", - ExpCVE: nil, - ExpGHSA: nil, - ExpErr: true, + Name: "Good OSV - asb", + Input: "ASB-A-189942529", + ExpVuln: &generated.VulnerabilityInputSpec{ + Type: "asb", + VulnerabilityID: "asb-a-189942529", + }, + ExpErr: false, + }, + { + Name: "Good OSV - dsa", + Input: "DSA-5474-1", + ExpVuln: &generated.VulnerabilityInputSpec{ + Type: "dsa", + VulnerabilityID: "dsa-5474-1", + }, + ExpErr: false, }, { Name: "Bad", Input: "asdf", - ExpCVE: nil, - ExpGHSA: nil, + ExpVuln: nil, ExpErr: true, }, } for _, test := range tests { t.Run(test.Name, func(t *testing.T) { - cve, ghsa, err := helpers.OSVToGHSACVE(test.Input) + vuln, err := helpers.CreateVulnInput(test.Input) if (err != nil) != test.ExpErr { t.Errorf("Expected error: %v got: %v", test.ExpErr, err) } if err != nil { return } - if diff := cmp.Diff(test.ExpCVE, cve); diff != "" { - t.Errorf("Unexpected results. (-want +got):\n%s", diff) - } - if diff := cmp.Diff(test.ExpGHSA, ghsa); diff != "" { + if diff := cmp.Diff(test.ExpVuln, vuln); diff != "" { t.Errorf("Unexpected results. (-want +got):\n%s", diff) } }) diff --git a/pkg/certifier/components/root_package/root_package_test.go b/pkg/certifier/components/root_package/root_package_test.go index c3a60bf122..6a924875ca 100644 --- a/pkg/certifier/components/root_package/root_package_test.go +++ b/pkg/certifier/components/root_package/root_package_test.go @@ -97,12 +97,12 @@ func Test_packageQuery_GetComponents(t *testing.T) { }) neighborCertifyVulnTimeStamp := generated.NeighborsNeighborsCertifyVuln{} - neighborCertifyVulnTimeStamp.Metadata = generated.AllCertifyVulnMetadataVulnerabilityMetaData{ + neighborCertifyVulnTimeStamp.Metadata = generated.AllCertifyVulnMetadataScanMetadata{ TimeScanned: tm.UTC(), } neighborCertifyVulnTimeNow := generated.NeighborsNeighborsCertifyVuln{} - neighborCertifyVulnTimeNow.Metadata = generated.AllCertifyVulnMetadataVulnerabilityMetaData{ + neighborCertifyVulnTimeNow.Metadata = generated.AllCertifyVulnMetadataScanMetadata{ TimeScanned: time.Now().UTC(), } diff --git a/pkg/cli/store.go b/pkg/cli/store.go index aef9888c53..d25e0b9db0 100644 --- a/pkg/cli/store.go +++ b/pkg/cli/store.go @@ -72,7 +72,7 @@ func init() { set.IntP("search-depth", "d", 0, "depth to search, 0 has no limit") - set.StringP("vuln-id", "v", "", "CVE, GHSA or OSV ID to check") + set.StringP("vuln-id", "v", "", "vulnerability ID to check") set.Int("num-path", 0, "number of paths to return, 0 means all paths") set.String("start-purl", "", "string input of purl with package to start search from") set.String("stop-purl", "", "string input of purl with package to stop search at") diff --git a/pkg/ingestor/parser/common/graph_builder.go b/pkg/ingestor/parser/common/graph_builder.go index ffc559f0a3..ef6d725ee2 100644 --- a/pkg/ingestor/parser/common/graph_builder.go +++ b/pkg/ingestor/parser/common/graph_builder.go @@ -88,9 +88,9 @@ func addMetadata(predicates *assembler.IngestPredicates, foundIdentities []Trust v.VulnData.Origin = srcInfo.Source } - for _, v := range predicates.IsVuln { - v.IsVuln.Collector = srcInfo.Collector - v.IsVuln.Origin = srcInfo.Source + for _, v := range predicates.VulnEqual { + v.VulnEqual.Collector = srcInfo.Collector + v.VulnEqual.Origin = srcInfo.Source } for _, v := range predicates.HasSourceAt { diff --git a/pkg/ingestor/parser/csaf/parser_csaf.go b/pkg/ingestor/parser/csaf/parser_csaf.go index 73d14fa3ef..a3c1370151 100644 --- a/pkg/ingestor/parser/csaf/parser_csaf.go +++ b/pkg/ingestor/parser/csaf/parser_csaf.go @@ -154,7 +154,7 @@ func (c *csafParser) findPkgSpec(ctx context.Context, product_id string) (*gener return helpers.PurlToPkg(*purl) } -func (c *csafParser) generateVexIngest(ctx context.Context, cve *generated.CVEInputSpec, ghsa *generated.GHSAInputSpec, vuln *csaf.Vulnerability, status string, product_id string) *assembler.VexIngest { +func (c *csafParser) generateVexIngest(ctx context.Context, vulnInput *generated.VulnerabilityInputSpec, csafVuln *csaf.Vulnerability, status string, product_id string) *assembler.VexIngest { logger := logging.FromContext(ctx) vi := &assembler.VexIngest{} @@ -169,16 +169,16 @@ func (c *csafParser) generateVexIngest(ctx context.Context, cve *generated.CVEIn var statement *string if vd.Status == generated.VexStatusNotAffected { - statement = findImpactStatement(vuln, product_id) + statement = findImpactStatement(csafVuln, product_id) } else { - statement = findActionStatement(vuln, product_id) + statement = findActionStatement(csafVuln, product_id) } if statement != nil { vd.Statement = *statement } - for _, flag := range vuln.Flags { + for _, flag := range csafVuln.Flags { found := false for _, pid := range flag.ProductIDs { if pid == product_id { @@ -193,8 +193,7 @@ func (c *csafParser) generateVexIngest(ctx context.Context, cve *generated.CVEIn } vi.VexData = &vd - vi.CVE = cve - vi.GHSA = ghsa + vi.Vulnerability = vulnInput pkg, err := c.findPkgSpec(ctx, product_id) if err != nil { @@ -214,7 +213,7 @@ func (c *csafParser) GetPredicates(ctx context.Context) *assembler.IngestPredica if len(c.csaf.Vulnerabilities) > 0 { for _, v := range c.csaf.Vulnerabilities { - cve, ghsa, err := helpers.OSVToGHSACVE(v.CVE) + vuln, err := helpers.CreateVulnInput(v.CVE) if err != nil { return nil } @@ -224,20 +223,19 @@ func (c *csafParser) GetPredicates(ctx context.Context) *assembler.IngestPredica products := v.ProductStatus[status] if len(products) > 0 { for _, product := range products { - vi := c.generateVexIngest(ctx, cve, ghsa, &v, status, product) + vi := c.generateVexIngest(ctx, vuln, &v, status, product) if vi == nil { continue } if status == "known_affected" || status == "under_investigation" { - vulnData := generated.VulnerabilityMetaDataInput{ + vulnData := generated.ScanMetadataInput{ TimeScanned: c.csaf.Document.Tracking.CurrentReleaseDate, } cv := assembler.CertifyVulnIngest{ - Pkg: vi.Pkg, - CVE: cve, - GHSA: ghsa, - VulnData: &vulnData, + Pkg: vi.Pkg, + Vulnerability: vuln, + VulnData: &vulnData, } cvs = append(cvs, cv) } diff --git a/pkg/ingestor/parser/vuln/vuln.go b/pkg/ingestor/parser/vuln/vuln.go index 037da4d261..ae8c3f4185 100644 --- a/pkg/ingestor/parser/vuln/vuln.go +++ b/pkg/ingestor/parser/vuln/vuln.go @@ -34,6 +34,7 @@ import ( "context" "encoding/json" "fmt" + "strings" "github.com/guacsec/guac/pkg/assembler" "github.com/guacsec/guac/pkg/assembler/clients/generated" @@ -41,16 +42,17 @@ import ( attestation_vuln "github.com/guacsec/guac/pkg/certifier/attestation" "github.com/guacsec/guac/pkg/handler/processor" "github.com/guacsec/guac/pkg/ingestor/parser/common" - "github.com/guacsec/guac/pkg/logging" ) type parser struct { - packages []*generated.PkgInputSpec - vulnData *generated.VulnerabilityMetaDataInput - vulns []*generated.OSVInputSpec - isVulns []assembler.IsVulnIngest + packages []*generated.PkgInputSpec + vulnData *generated.ScanMetadataInput + vulns []*generated.VulnerabilityInputSpec + vulnEquals []assembler.VulnEqualIngest } +var noVulnInput *generated.VulnerabilityInputSpec = &generated.VulnerabilityInputSpec{Type: "noVuln", VulnerabilityID: ""} + // NewVulnCertificationParser initializes the parser func NewVulnCertificationParser() common.DocumentParser { return &parser{} @@ -73,7 +75,7 @@ func (c *parser) Parse(ctx context.Context, doc *processor.Document) error { return fmt.Errorf("unable to parse vulns of statement: %w", err) } c.vulns = vs - c.isVulns = ivs + c.vulnEquals = ivs return nil } @@ -98,8 +100,8 @@ func parseSubject(s *attestation_vuln.VulnerabilityStatement) ([]*generated.PkgI return ps, nil } -func parseMetadata(s *attestation_vuln.VulnerabilityStatement) *generated.VulnerabilityMetaDataInput { - return &generated.VulnerabilityMetaDataInput{ +func parseMetadata(s *attestation_vuln.VulnerabilityStatement) *generated.ScanMetadataInput { + return &generated.ScanMetadataInput{ TimeScanned: *s.Predicate.Metadata.ScannedOn, DbUri: s.Predicate.Scanner.Database.Uri, DbVersion: s.Predicate.Scanner.Database.Version, @@ -108,26 +110,25 @@ func parseMetadata(s *attestation_vuln.VulnerabilityStatement) *generated.Vulner } } -func parseVulns(ctx context.Context, s *attestation_vuln.VulnerabilityStatement) ([]*generated.OSVInputSpec, - []assembler.IsVulnIngest, error) { - logger := logging.FromContext(ctx) - var vs []*generated.OSVInputSpec - var ivs []assembler.IsVulnIngest +// TODO (pxp928): Remove creation of osv node and just create the vulnerability nodes specified +func parseVulns(ctx context.Context, s *attestation_vuln.VulnerabilityStatement) ([]*generated.VulnerabilityInputSpec, + []assembler.VulnEqualIngest, error) { + var vs []*generated.VulnerabilityInputSpec + var ivs []assembler.VulnEqualIngest for _, id := range s.Predicate.Scanner.Result { - v := &generated.OSVInputSpec{ - OsvId: id.VulnerabilityId, + v := &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: strings.ToLower(id.VulnerabilityId), } vs = append(vs, v) - cve, ghsa, err := helpers.OSVToGHSACVE(id.VulnerabilityId) + vuln, err := helpers.CreateVulnInput(id.VulnerabilityId) if err != nil { - logger.Debugf("osvID is not a CVE or GHSA: %v", err) - continue + return nil, nil, fmt.Errorf("createVulnInput failed with error: %w", err) } - iv := assembler.IsVulnIngest{ - OSV: v, - CVE: cve, - GHSA: ghsa, - IsVuln: &generated.IsVulnerabilityInputSpec{ + iv := assembler.VulnEqualIngest{ + Vulnerability: v, + EqualVulnerability: vuln, + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, } @@ -138,22 +139,23 @@ func parseVulns(ctx context.Context, s *attestation_vuln.VulnerabilityStatement) func (c *parser) GetPredicates(ctx context.Context) *assembler.IngestPredicates { rv := &assembler.IngestPredicates{ - IsVuln: c.isVulns, + VulnEqual: c.vulnEquals, } for _, p := range c.packages { if len(c.vulns) > 0 { for _, v := range c.vulns { cv := assembler.CertifyVulnIngest{ - Pkg: p, - OSV: v, - VulnData: c.vulnData, + Pkg: p, + Vulnerability: v, + VulnData: c.vulnData, } rv.CertifyVuln = append(rv.CertifyVuln, cv) } } else { rv.CertifyVuln = append(rv.CertifyVuln, assembler.CertifyVulnIngest{ - Pkg: p, - VulnData: c.vulnData, + Pkg: p, + Vulnerability: noVulnInput, + VulnData: c.vulnData, }) } } diff --git a/pkg/ingestor/parser/vuln/vuln_test.go b/pkg/ingestor/parser/vuln/vuln_test.go index c794102b9d..de10c3ca64 100644 --- a/pkg/ingestor/parser/vuln/vuln_test.go +++ b/pkg/ingestor/parser/vuln/vuln_test.go @@ -39,7 +39,7 @@ func TestParser(t *testing.T) { name string doc *processor.Document wantCVs []assembler.CertifyVulnIngest - wantIVs []assembler.IsVulnIngest + wantIVs []assembler.VulnEqualIngest wantErr bool }{{ name: "valid vulnerability certifier document", @@ -62,10 +62,11 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-7rjr-3q55-vv33", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -79,10 +80,11 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -96,10 +98,11 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -113,10 +116,11 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -130,10 +134,11 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", @@ -147,86 +152,93 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-vwqq-5vrc-xw9h", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - VulnData: &generated.VulnerabilityMetaDataInput{ + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", }, }, }, - wantIVs: []assembler.IsVulnIngest{ + wantIVs: []assembler.VulnEqualIngest{ { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-vwqq-5vrc-xw9h", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-vwqq-5vrc-xw9h", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-vwqq-5vrc-xw9h", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-7rjr-3q55-vv33", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-7rjr-3q55-vv33", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-7rjr-3q55-vv33", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-8489-44mv-ggj8", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-8489-44mv-ggj8", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-8489-44mv-ggj8", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-fxph-q3j8-mv87", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-fxph-q3j8-mv87", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-fxph-q3j8-mv87", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-jfh8-c2jp-5v3q", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-jfh8-c2jp-5v3q", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-jfh8-c2jp-5v3q", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, { - OSV: &generated.OSVInputSpec{ - OsvId: "GHSA-p6xc-xr62-6r2g", + Vulnerability: &generated.VulnerabilityInputSpec{ + Type: "osv", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - CVE: nil, - GHSA: &generated.GHSAInputSpec{ - GhsaId: "GHSA-p6xc-xr62-6r2g", + EqualVulnerability: &generated.VulnerabilityInputSpec{ + Type: "ghsa", + VulnerabilityID: "ghsa-p6xc-xr62-6r2g", }, - IsVuln: &generated.IsVulnerabilityInputSpec{ + VulnEqual: &generated.VulnEqualInputSpec{ Justification: "Decoded OSV data", }, }, @@ -251,26 +263,27 @@ func TestParser(t *testing.T) { Version: ptrfrom.String("2.8.1"), Subpath: ptrfrom.String(""), }, - VulnData: &generated.VulnerabilityMetaDataInput{ + Vulnerability: &generated.VulnerabilityInputSpec{Type: "noVuln"}, + VulnData: &generated.ScanMetadataInput{ TimeScanned: tm, ScannerUri: "osv.dev", ScannerVersion: "0.0.14", }, }}, - wantIVs: []assembler.IsVulnIngest{}, + wantIVs: []assembler.VulnEqualIngest{}, wantErr: false, }} - ivSortOpt := cmp.Transformer("Sort", func(in []assembler.IsVulnIngest) []assembler.IsVulnIngest { - out := append([]assembler.IsVulnIngest(nil), in...) + ivSortOpt := cmp.Transformer("Sort", func(in []assembler.VulnEqualIngest) []assembler.VulnEqualIngest { + out := append([]assembler.VulnEqualIngest(nil), in...) sort.Slice(out, func(i, j int) bool { - return strings.Compare(out[i].OSV.OsvId, out[j].OSV.OsvId) > 0 + return strings.Compare(out[i].Vulnerability.VulnerabilityID, out[j].Vulnerability.VulnerabilityID) > 0 }) return out }) cvSortOpt := cmp.Transformer("Sort", func(in []assembler.CertifyVulnIngest) []assembler.CertifyVulnIngest { out := append([]assembler.CertifyVulnIngest(nil), in...) sort.Slice(out, func(i, j int) bool { - return strings.Compare(out[i].OSV.OsvId, out[j].OSV.OsvId) > 0 + return strings.Compare(out[i].Vulnerability.VulnerabilityID, out[j].Vulnerability.VulnerabilityID) > 0 }) return out }) @@ -288,7 +301,7 @@ func TestParser(t *testing.T) { if diff := cmp.Diff(tt.wantCVs, ip.CertifyVuln, cvSortOpt); diff != "" { t.Errorf("Unexpected results. (-want +got):\n%s", diff) } - if diff := cmp.Diff(tt.wantIVs, ip.IsVuln, ivSortOpt); diff != "" { + if diff := cmp.Diff(tt.wantIVs, ip.VulnEqual, ivSortOpt); diff != "" { t.Errorf("Unexpected results. (-want +got):\n%s", diff) } })