TC-1970 Add indexes supporting search.findVulnerabilities method

Signed-off-by: mrizzi <mrizzi@redhat.com>
mrizzi · Dec 6, 2024 · 6ffc0fd · 6ffc0fd
1 parent 9bc17fa
commit 6ffc0fd
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 23 deletions.
diff --git a/pkg/assembler/backends/ent/backend/search.go b/pkg/assembler/backends/ent/backend/search.go
@@ -17,11 +17,8 @@ package backend
 
 import (
 	"context"
-	"fmt"
-	"slices"
-	"sort"
-
 	"entgo.io/ent/dialect/sql"
+	"fmt"
 	"github.com/google/uuid"
 	"github.com/guacsec/guac/internal/testing/ptrfrom"
 	"github.com/guacsec/guac/pkg/assembler/backends/ent"
@@ -38,6 +35,7 @@ import (
 	"github.com/guacsec/guac/pkg/assembler/helpers"
 	"github.com/vektah/gqlparser/v2/gqlerror"
 	"golang.org/x/exp/maps"
+	"sort"
 )
 
 // FindSoftware takes in a searchText string and looks for software
@@ -416,25 +414,15 @@ func (b *EntBackend) findVulnerabilities(ctx context.Context, hasSBOMSpec *model
 			return nil, gqlerror.Errorf("Multiple SBOMs with different URIs have been found with the provided hasSBOMSpec %+v (URIs found \"%v\" and \"%v\")", hasSBOMSpec, sboms[0].URI, sbom.URI)
 		}
 		// collect the SBOM's packages UUIDs
-		packages, err := b.client.BillOfMaterials.QueryIncludedSoftwarePackages(sbom).All(ctx)
+		dependenciesPackagesUUIDs, err = b.client.BillOfMaterials.QueryIncludedSoftwarePackages(sbom).IDs(ctx)
 		if err != nil {
 			return nil, gqlerror.Errorf("error querying for QueryIncludedSoftwarePackages with SBOM URI %v due to : %v", sbom.URI, err)
 		}
-		for _, pkg := range packages {
-			if !slices.Contains(dependenciesPackagesUUIDs, pkg.ID) {
-				dependenciesPackagesUUIDs = append(dependenciesPackagesUUIDs, pkg.ID)
-			}
-		}
 		// collect the SBOM's artifacts UUIDs
-		artifacts, err := b.client.BillOfMaterials.QueryIncludedSoftwareArtifacts(sbom).All(ctx)
+		dependenciesArtifactsUUIDs, err = b.client.BillOfMaterials.QueryIncludedSoftwareArtifacts(sbom).IDs(ctx)
 		if err != nil {
 			return nil, gqlerror.Errorf("error querying for IncludedSoftwareArtifacts with SBOM URI %v due to : %v", sbom.URI, err)
 		}
-		for _, art := range artifacts {
-			if !slices.Contains(dependenciesArtifactsUUIDs, art.ID) {
-				dependenciesArtifactsUUIDs = append(dependenciesArtifactsUUIDs, art.ID)
-			}
-		}
 	}
 
 	batches := chunk(dependenciesPackagesUUIDs, MaxWhereParameters)
@@ -447,8 +435,7 @@ func (b *EntBackend) findVulnerabilities(ctx context.Context, hasSBOMSpec *model
 				certifyvex.PackageIDIn(pkgs...),
 			).
 			WithVulnerability().
-			WithPackage(withPackageVersionTree()).
-			Order(ent.Desc(vulnerabilityid.FieldID))
+			WithPackage(withPackageVersionTree())
 
 		if offset != nil {
 			certifyVexQuery.Offset(*offset)
@@ -476,8 +463,7 @@ func (b *EntBackend) findVulnerabilities(ctx context.Context, hasSBOMSpec *model
 				certifyvex.ArtifactIDIn(arts...),
 			).
 			WithVulnerability().
-			WithArtifact().
-			Order(ent.Desc(vulnerabilityid.FieldID))
+			WithArtifact()
 
 		if offset != nil {
 			certifyVexQuery.Offset(*offset)
@@ -502,10 +488,10 @@ func (b *EntBackend) findVulnerabilities(ctx context.Context, hasSBOMSpec *model
 		certifyVulnQuery := b.client.CertifyVuln.Query().
 			Where(
 				certifyvuln.PackageIDIn(pkgs...),
+				certifyvuln.HasVulnerabilityWith(vulnerabilityid.TypeNEQ(NoVuln)),
 			).
 			WithVulnerability().
-			WithPackage(withPackageVersionTree()).
-			Order(ent.Desc(vulnerabilityid.FieldID))
+			WithPackage(withPackageVersionTree())
 
 		if offset != nil {
 			certifyVulnQuery.Offset(*offset)

diff --git a/pkg/assembler/backends/ent/migrate/schema.go b/pkg/assembler/backends/ent/migrate/schema.go
diff --git a/pkg/assembler/backends/ent/schema/certifyvex.go b/pkg/assembler/backends/ent/schema/certifyvex.go
@@ -65,6 +65,8 @@ func (CertifyVex) Indexes() []ent.Index {
 		index.Fields("known_since", "justification", "status", "statement", "status_notes", "origin", "collector", "document_ref").
 			Edges("vulnerability", "package").Unique().Annotations(entsql.IndexWhere("artifact_id IS NULL")).StorageKey("vex_artifact_id"),
 		index.Fields("known_since", "justification", "status", "statement", "status_notes", "origin", "collector", "document_ref").
-		Edges("vulnerability", "artifact").Unique().Annotations(entsql.IndexWhere("package_id IS NULL")).StorageKey("vex_package_id"),
+			Edges("vulnerability", "artifact").Unique().Annotations(entsql.IndexWhere("package_id IS NULL")).StorageKey("vex_package_id"),
+		// supporting search.findVulnerabilities method
+		index.Fields("package_id", "status"),
 	}
 }
diff --git a/pkg/assembler/backends/ent/schema/certifyvuln.go b/pkg/assembler/backends/ent/schema/certifyvuln.go
@@ -60,5 +60,7 @@ func (CertifyVuln) Edges() []ent.Edge {
 func (CertifyVuln) Indexes() []ent.Index {
 	return []ent.Index{
 		index.Fields("db_uri", "db_version", "scanner_uri", "scanner_version", "origin", "collector", "time_scanned", "document_ref").Edges("vulnerability", "package").Unique(),
+		// supporting search.findVulnerabilities method
+		index.Fields("package_id").Edges("vulnerability"),
 	}
 }