From b1d262447b3dba00c5aed45ee2d14a06568273c2 Mon Sep 17 00:00:00 2001 From: mrizzi Date: Tue, 28 Nov 2023 11:25:27 +0100 Subject: [PATCH] e2e trustification-based test: added FindDependentProduct Signed-off-by: mrizzi --- demo/graphql/queries-trustification.gql | 47 +++++++++++++++++++ internal/testing/e2e-trustification/e2e | 3 ++ .../expectFindDependentProduct.json | 35 ++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 internal/testing/e2e-trustification/expectFindDependentProduct.json diff --git a/demo/graphql/queries-trustification.gql b/demo/graphql/queries-trustification.gql index 7e4c8ab5ccb..80a4fe15280 100644 --- a/demo/graphql/queries-trustification.gql +++ b/demo/graphql/queries-trustification.gql @@ -236,6 +236,45 @@ fragment allCertifyVEXStatementTree on CertifyVEXStatement { collector } +fragment allHasSBOMTree on HasSBOM { + id + subject { + __typename + ... on Package { + id + type + namespaces { + id + namespace + names { + id + name + versions { + id + version + qualifiers { + key + value + } + subpath + } + } + } + } + ... on Artifact { + id + algorithm + digest + } + } + uri + algorithm + digest + downloadLocation + origin + collector +} + query FindVulnerabilitySbomURI_quarkus { findVulnerabilityBySbomURI ( sbomURI:"https://access.redhat.com/security/data/sbom/beta/spdx/quarkus-bom-d6ecbbd9-31bf-46fd-afda-8082120f5260", offset:0, limit:1000) { @@ -286,3 +325,11 @@ query FindRelatedProducts { } } } + +query FindDependentProduct { + findDependentProduct( + purl: "pkg:rpm/redhat/libuuid@2.32.1-42.el8_8?arch=x86_64", offset: 0, limit: 10 + ) { + ...allHasSBOMTree + } +} diff --git a/internal/testing/e2e-trustification/e2e b/internal/testing/e2e-trustification/e2e index bbf87db6bce..da1aa42c3a0 100755 --- a/internal/testing/e2e-trustification/e2e +++ b/internal/testing/e2e-trustification/e2e @@ -75,4 +75,7 @@ diff -u "${SCRIPT_DIR}/expectFindVulnerabilitySbomURI_ubi8.json" "${GUAC_DIR}/go cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindRelatedProducts | jq 'del(.. | .id?) | del(.. | .origin?) | .findTopLevelPackagesRelatedToVulnerability[] | length' > "${GUAC_DIR}/gotFindRelatedProducts.json" diff -u "${SCRIPT_DIR}/expectFindRelatedProducts.json" "${GUAC_DIR}/gotFindRelatedProducts.json" +cat ./demo/graphql/queries-trustification.gql | gql-cli http://localhost:8080/query -o FindDependentProduct | jq 'del(.. | .id?) | del(.. | .downloadLocation?) | .findDependentProduct' > "${GUAC_DIR}/gotFindDependentProduct.json" +diff -u "${SCRIPT_DIR}/expectFindDependentProduct.json" "${GUAC_DIR}/gotFindDependentProduct.json" + # Note: graphql_playground is left running, CI will clean it up diff --git a/internal/testing/e2e-trustification/expectFindDependentProduct.json b/internal/testing/e2e-trustification/expectFindDependentProduct.json new file mode 100644 index 00000000000..bcdd374cb0f --- /dev/null +++ b/internal/testing/e2e-trustification/expectFindDependentProduct.json @@ -0,0 +1,35 @@ +[ + { + "subject": { + "__typename": "Package", + "type": "oci", + "namespaces": [ + { + "namespace": "registry.redhat.io/ubi8-minimal", + "names": [ + { + "name": "ubi8-minimal-container", + "versions": [ + { + "version": "sha256:b93deceb59a58588d5b16429fc47f98920f84740a1f2ed6454e33275f0701b59", + "qualifiers": [ + { + "key": "tag", + "value": "8.8-1072.1697626218" + } + ], + "subpath": "" + } + ] + } + ] + } + ] + }, + "uri": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi8-minimal-container-5b43ae22-cbf0-4626-8ec5-4ae0765a3d4b", + "algorithm": "sha256", + "digest": "3d99f13040baaa0e682e6e3e1500907a78babe741ab3d3c2bacc13963e1d3646", + "origin": "", + "collector": "" + } +]