From 840130f7db56d49bdd6282168dcb222928cc03d7 Mon Sep 17 00:00:00 2001 From: Marco Rizzi Date: Fri, 20 Sep 2024 15:24:23 +0200 Subject: [PATCH] TC-1642 Fix VulnerabilityID not found (#128) Signed-off-by: mrizzi --- demo/graphql/queries-trustification.gql | 6 ++++++ internal/testing/e2e-trustification/e2e | 3 +++ .../expectVulnerabilityIDNotFound.json | 1 + pkg/assembler/backends/ent/backend/search.go | 10 +++++++--- 4 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql index 238467ef04..6142f65538 100644 --- a/demo/graphql/queries-trustification.gql +++ b/demo/graphql/queries-trustification.gql @@ -403,3 +403,9 @@ query CVE_2023_1664 { documentRef } } + +query VulnerabilityIDNotFound { + findTopLevelPackagesRelatedToVulnerability (vulnerabilityID:"CVE") { + __typename + } +} diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e index 9ac1e3d00a..f93548e0f3 100755 --- a/internal/testing/e2e-trustification/e2e +++ b/internal/testing/e2e-trustification/e2e @@ -93,6 +93,9 @@ diff -u "${SCRIPT_DIR}/expectFindRelatedProductsCount.json" "${GUAC_DIR}/gotFind cat "$queries" | gql-cli http://localhost:8080/query -o FindRelatedProducts | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability[] ' > "${GUAC_DIR}/gotFindRelatedProducts.json" diff -u <(sort "${SCRIPT_DIR}/expectFindRelatedProducts.json") <(sort "${GUAC_DIR}/gotFindRelatedProducts.json") +cat "$queries" | gql-cli http://localhost:8080/query -o VulnerabilityIDNotFound | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability ' > "${GUAC_DIR}/gotVulnerabilityIDNotFound.json" +diff -u "${SCRIPT_DIR}/expectVulnerabilityIDNotFound.json" "${GUAC_DIR}/gotVulnerabilityIDNotFound.json" + cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .findDependentProduct | sort_by(.digest)' > "${GUAC_DIR}/gotFindDependentProduct.json" diff -u "${SCRIPT_DIR}/expectFindDependentProduct.json" "${GUAC_DIR}/gotFindDependentProduct.json" diff --git a/internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json b/internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json new file mode 100644 index 0000000000..fe51488c70 --- /dev/null +++ b/internal/testing/e2e-trustification/expectVulnerabilityIDNotFound.json @@ -0,0 +1 @@ +[] diff --git a/pkg/assembler/backends/ent/backend/search.go b/pkg/assembler/backends/ent/backend/search.go index e04aa2928b..1d45f23272 100644 --- a/pkg/assembler/backends/ent/backend/search.go +++ b/pkg/assembler/backends/ent/backend/search.go @@ -156,11 +156,15 @@ func (b *EntBackend) FindTopLevelPackagesRelatedToVulnerability(ctx context.Cont }) }). Only(ctx) - if err != nil { - return nil, gqlerror.Errorf("error querying for SBOMs related to %v due to : %v", vulnerabilityID, err) - } // build the output result backward compatible with the previous version var result [][]model.Node + if err != nil { + if ent.IsNotFound(err) { + return result, nil + } else { + return nil, gqlerror.Errorf("error querying for SBOMs related to %v due to : %v", vulnerabilityID, err) + } + } // Vex has priority over Vuln just for consistency with previous implementation, but it could be changed if len(vulnerability.Edges.Vex) > 0 { for _, vex := range vulnerability.Edges.Vex {