For components in an SBOM that have no explicitly defined relationshi…

…ps we now set an implied relationship in analysis graph.
JimFuller-RedHat · Nov 21, 2024 · 81f0c12 · 81f0c12
1 parent b1ec048
commit 81f0c12
Show file tree

Hide file tree

Showing 7 changed files with 214 additions and 66 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/entity/src/relationship.rs b/entity/src/relationship.rs
@@ -48,6 +48,8 @@ pub enum Relationship {
     DescribedBy,
     #[sea_orm(num_value = 14)]
     PackageOf,
+    #[sea_orm(num_value = 15)]
+    Undefined,
 }
 
 impl fmt::Display for Relationship {

diff --git a/modules/analysis/Cargo.toml b/modules/analysis/Cargo.toml
@@ -24,6 +24,7 @@ tokio = { workspace = true, features = ["full"] }
 tracing = { workspace = true }
 utoipa = { workspace = true, features = ["actix_extras", "uuid"] }
 utoipa-actix-web = { workspace = true }
+uuid = { workspace = true }
 
 [dev-dependencies]
 actix-http = { workspace = true }

diff --git a/modules/analysis/src/endpoints.rs b/modules/analysis/src/endpoints.rs
@@ -321,6 +321,10 @@ mod test {
         );
         assert_eq!(
             response["items"][0]["deps"][0]["purl"],
+            "pkg:rpm/redhat/EE@0.0.0?arch=src"
+        );
+        assert_eq!(
+            response["items"][0]["deps"][1]["purl"],
             "pkg:rpm/redhat/B@0.0.0"
         );
 
@@ -344,6 +348,10 @@ mod test {
         );
         assert_eq!(
             response["items"][0]["deps"][0]["purl"],
+            "pkg:rpm/redhat/EE@0.0.0?arch=src"
+        );
+        assert_eq!(
+            response["items"][0]["deps"][1]["purl"],
             "pkg:rpm/redhat/B@0.0.0"
         );
 
@@ -429,7 +437,7 @@ mod test {
         let uri = format!("/api/v1/analysis/root-component?q=sbom_id={}", sbom_id);
         let request: Request = TestRequest::get().uri(uri.clone().as_str()).to_request();
         let response: Value = app.call_and_read_body_json(request).await;
-        assert_eq!(&response["total"], 7);
+        assert_eq!(&response["total"], 8);
 
         // negative test
         let uri = "/api/v1/analysis/root-component?q=sbom_id=urn:uuid:99999999-9999-9999-9999-999999999999";

diff --git a/modules/analysis/src/model.rs b/modules/analysis/src/model.rs
@@ -43,6 +43,7 @@ impl fmt::Display for PackageNode {
 pub struct AncNode {
     pub sbom_id: String,
     pub node_id: String,
+    pub relationship: String,
     pub purl: String,
     pub name: String,
     pub version: String,
@@ -141,6 +142,11 @@ impl GraphMap {
         self.map.get(key)
     }
 
+    // Retrieve all sbom ids(read access)
+    pub fn sbom_ids(&self) -> Vec<String> {
+        self.map.keys().cloned().collect()
+    }
+
     // Get the singleton instance of GraphMap
     pub fn get_instance() -> Arc<RwLock<GraphMap>> {
         G.get_or_init(|| Arc::new(RwLock::new(GraphMap::new())))