diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql index 6142f65538..d91706ee1a 100644 --- a/demo/graphql/queries-trustification.gql +++ b/demo/graphql/queries-trustification.gql @@ -409,3 +409,9 @@ query VulnerabilityIDNotFound { __typename } } + +query TC_1609_HasSBOM { + HasSBOM (hasSBOMSpec: {uri: "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod"}) { + ...allHasSBOMTree + } +} diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e index f93548e0f3..f3a78f228a 100755 --- a/internal/testing/e2e-trustification/e2e +++ b/internal/testing/e2e-trustification/e2e @@ -116,4 +116,12 @@ echo @@@@ Running TC_1609 queries and validating output cat "$queries" | gql-cli http://localhost:8080/query -o TC_1609_FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .findDependentProduct[].subject.namespaces[]?.names[]?.versions[]?.qualifiers? |= sort | .findDependentProduct' > "${GUAC_DIR}/gotTC_1609_FindDependentProduct.json" diff -u "${SCRIPT_DIR}/expectTC_1609_FindDependentProduct.json" "${GUAC_DIR}/gotTC_1609_FindDependentProduct.json" +echo @@@@ Ingesting TC-1689-spdx-rpmmod.json into server +time go run ./cmd/guacone collect files ${GUAC_DIR}/internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json; + +echo @@@@ Running TC-1689 queries and validating output + +cat "$queries" | gql-cli http://localhost:8080/query -o TC_1609_HasSBOM | jq --sort-keys 'del(.. | .id?) | del(.. | .downloadLocation?) | del(.. | .origin?) | .HasSBOM[] ' > "${GUAC_DIR}/gotTC_1689_HasSBOM.json" +diff -u "${SCRIPT_DIR}/expectTC_1689_HasSBOM.json" "${GUAC_DIR}/gotTC_1689_HasSBOM.json" + # Note: graphql_playground is left running, CI will clean it up diff --git a/internal/testing/e2e-trustification/expectTC_1689_HasSBOM.json b/internal/testing/e2e-trustification/expectTC_1689_HasSBOM.json new file mode 100644 index 0000000000..65c1f4365c --- /dev/null +++ b/internal/testing/e2e-trustification/expectTC_1689_HasSBOM.json @@ -0,0 +1,27 @@ +{ + "algorithm": "sha256", + "collector": "FileCollector", + "digest": "6240b3dd495214421ee3788069b58234bb8c1a27016bf65608560d0e2071a04c", + "subject": { + "__typename": "Package", + "namespaces": [ + { + "names": [ + { + "name": "sample-rpmmod", + "versions": [ + { + "qualifiers": [], + "subpath": "", + "version": "" + } + ] + } + ], + "namespace": "spdx" + } + ], + "type": "guac" + }, + "uri": "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod" +} diff --git a/internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json b/internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json new file mode 100644 index 0000000000..a7e373c668 --- /dev/null +++ b/internal/testing/testdata/exampledata/TC-1689-spdx-rpmmod.json @@ -0,0 +1,34 @@ +{ + "SPDXID": "SPDXRef-DOCUMENT", + "spdxVersion": "SPDX-2.3", + "creationInfo": { + "created": "2024-09-23T17:24:42Z" + }, + "name": "sample-rpmmod", + "dataLicense": "CC0-1.0", + "documentDescribes": [ + "SPDXRef-sample-rpmmod" + ], + "documentNamespace": "https://access.redhat.com/security/data/sbom/spdx/sample-rpmmod", + "packages": [ + { + "SPDXID": "SPDXRef-97f5899f-fb76-4ea9-819e-244f68b35bd9", + "copyrightText": "NOASSERTION", + "downloadLocation": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "PACKAGE_MANAGER", + "referenceLocator": "pkg:rpmmod/redhat/inkscape@flatpak:9000020220406181214:4a735dea", + "referenceType": "purl" + } + ], + "filesAnalyzed": false, + "licenseConcluded": "NOASSERTION", + "licenseDeclared": "NOASSERTION", + "name": "inkscape", + "originator": "NOASSERTION", + "supplier": "Organization: Red Hat", + "versionInfo": "flatpak-9000020220406181214.4a735dea" + } + ] +} \ No newline at end of file diff --git a/pkg/assembler/helpers/purl.go b/pkg/assembler/helpers/purl.go index b935425058..3ba0ccfa13 100644 --- a/pkg/assembler/helpers/purl.go +++ b/pkg/assembler/helpers/purl.go @@ -159,7 +159,7 @@ func purlConvert(p purl.PackageURL) (*model.PkgInputSpec, error) { // so that they can be referenced with higher specificity in GUAC // // PURL types not defined in purl library handled generically - case "alpine", "alpm", "apk", "huggingface", "githubactions", "mlflow", "qpkg", "pub", "swid", PurlTypeGuac: + case "alpine", "alpm", "apk", "huggingface", "githubactions", "mlflow", "qpkg", "pub", "swid", PurlTypeGuac, "rpmmod": fallthrough // PURL types defined in purl library handled generically case purl.TypeBitbucket, purl.TypeCocoapods, purl.TypeCargo,