e2e trustification-based test: added FindDependentProduct

Signed-off-by: mrizzi <[email protected]>
trustification · Nov 28, 2023 · b1d2624 · b1d2624
1 parent 8036926
commit b1d2624
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 0 deletions.
diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql
@@ -236,6 +236,45 @@ fragment allCertifyVEXStatementTree on CertifyVEXStatement {
   collector
 }
 
+fragment allHasSBOMTree on HasSBOM {
+  id
+  subject {
+    __typename
+    ... on Package {
+      id
+      type
+      namespaces {
+        id
+        namespace
+        names {
+          id
+          name
+          versions {
+            id
+            version
+            qualifiers {
+              key
+              value
+            }
+            subpath
+          }
+        }
+      }
+    }
+    ... on Artifact {
+      id
+      algorithm
+      digest
+    }
+  }
+  uri
+  algorithm
+  digest
+  downloadLocation
+  origin
+  collector
+}
+
 query FindVulnerabilitySbomURI_quarkus {
   findVulnerabilityBySbomURI (
     sbomURI:"https://access.redhat.com/security/data/sbom/beta/spdx/quarkus-bom-d6ecbbd9-31bf-46fd-afda-8082120f5260", offset:0, limit:1000) {
@@ -286,3 +325,11 @@ query FindRelatedProducts {
     }
   }
 }
+
+query FindDependentProduct {
+  findDependentProduct(
+    purl: "pkg:rpm/redhat/[email protected]_8?arch=x86_64", offset: 0, limit: 10
+  ) {
+    ...allHasSBOMTree
+  }
+}
diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e
@@ -75,4 +75,7 @@ diff -u "${SCRIPT_DIR}/expectFindVulnerabilitySbomURI_ubi8.json" "${GUAC_DIR}/go
 cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindRelatedProducts | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability[] | length' > "${GUAC_DIR}/gotFindRelatedProducts.json"
 diff -u "${SCRIPT_DIR}/expectFindRelatedProducts.json" "${GUAC_DIR}/gotFindRelatedProducts.json"
 
+cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | .findDependentProduct' > "${GUAC_DIR}/gotFindDependentProduct.json"
+diff -u "${SCRIPT_DIR}/expectFindDependentProduct.json" "${GUAC_DIR}/gotFindDependentProduct.json"
+
 # Note: graphql_playground is left running, CI will clean it up
diff --git a/internal/testing/e2e-trustification/expectFindDependentProduct.json b/internal/testing/e2e-trustification/expectFindDependentProduct.json
@@ -0,0 +1,35 @@
+[
+  {
+    "subject": {
+      "__typename": "Package",
+      "type": "oci",
+      "namespaces": [
+        {
+          "namespace": "registry.redhat.io/ubi8-minimal",
+          "names": [
+            {
+              "name": "ubi8-minimal-container",
+              "versions": [
+                {
+                  "version": "sha256:b93deceb59a58588d5b16429fc47f98920f84740a1f2ed6454e33275f0701b59",
+                  "qualifiers": [
+                    {
+                      "key": "tag",
+                      "value": "8.8-1072.1697626218"
+                    }
+                  ],
+                  "subpath": ""
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    "uri": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi8-minimal-container-5b43ae22-cbf0-4626-8ec5-4ae0765a3d4b",
+    "algorithm": "sha256",
+    "digest": "3d99f13040baaa0e682e6e3e1500907a78babe741ab3d3c2bacc13963e1d3646",
+    "origin": "",
+    "collector": ""
+  }
+]