Skip to content

Commit

Permalink
TC-1794 Update guac-rs v0.7.2
Browse files Browse the repository at this point in the history 
Signed-off-by: mrizzi <[email protected]>
  • Loading branch information
@mrizzi
mrizzi committed Sep 27, 2024
1 parent 200d7dc commit 61a3e30
Show file tree
Hide file tree
Showing 11 changed files with 59 additions and 46 deletions.
4 changes: 2 additions & 2 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ default-members = [
]

[workspace.dependencies]
guac = { version = "0.3.1" }
guac = { version = "0.7.2-0" }
#guac = { path = "../guac-rs/lib" }

[patch.crates-io]
Expand Down
28 changes: 17 additions & 11 deletions collector/osv/src/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use derive_more::Display;
use guac::client::intrinsic::certify_vuln::ScanMetadataInput;
use guac::client::intrinsic::vuln_equal::VulnEqualInputSpec;
//use guac::client::intrinsic::vuln_metadata::{VulnerabilityMetadataInputSpec, VulnerabilityScoreType};
use guac::client::intrinsic::vulnerability::VulnerabilityInputSpec;
use guac::client::intrinsic::vulnerability::{IDorVulnerabilityInput, VulnerabilityInputSpec};
use packageurl::PackageUrl;
use utoipa::OpenApi;
use utoipa_swagger_ui::SwaggerUi;
Expand Down Expand Up @@ -143,15 +143,19 @@ pub async fn collect_packages(
Some(aliases) => {
for alias in aliases {
if alias.to_lowercase().starts_with("cve") {
vulnerability_input_specs.push(VulnerabilityInputSpec {
r#type: "cve".to_string(),
vulnerability_id: alias.clone(),
});
vulnerability_input_specs.push(IDorVulnerabilityInput::from(
&VulnerabilityInputSpec {
r#type: "cve".to_string(),
vulnerability_id: alias.clone(),
},
));
} else {
alias_vuln_input_specs.push(VulnerabilityInputSpec {
r#type: "osv".to_string(),
vulnerability_id: alias.clone(),
})
alias_vuln_input_specs.push(IDorVulnerabilityInput::from(
&VulnerabilityInputSpec {
r#type: "osv".to_string(),
vulnerability_id: alias.clone(),
},
));
}
}
}
Expand Down Expand Up @@ -202,10 +206,10 @@ pub async fn collect_packages(
*/
if !vulnerability_input_specs.is_empty() {
// otherwise the original vulnerability must be part of the aliases
alias_vuln_input_specs.push(VulnerabilityInputSpec {
alias_vuln_input_specs.push(IDorVulnerabilityInput::from(&VulnerabilityInputSpec {
r#type: "osv".to_string(),
vulnerability_id: vuln.id.clone(),
})
}));
}
// Next, for each vulnerability mentioned by OSV, ensure the vulnerability
// is known to GUAC so that further verbs can be applied to them.
Expand Down Expand Up @@ -235,6 +239,7 @@ pub async fn collect_packages(
time_scanned: Default::default(),
origin: "osv".to_string(),
collector: "osv".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand Down Expand Up @@ -266,6 +271,7 @@ pub async fn collect_packages(
collector: "osv".to_string(),
origin: "osv".to_string(),
justification: "osv".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand Down
29 changes: 18 additions & 11 deletions collector/snyk/src/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use actix_web::{post, web, HttpResponse, Responder, ResponseError};
use guac::client::intrinsic::certify_vuln::ScanMetadataInput;
use guac::client::intrinsic::vuln_equal::VulnEqualInputSpec;
use guac::client::intrinsic::vuln_metadata::{VulnerabilityMetadataInputSpec, VulnerabilityScoreType};
use guac::client::intrinsic::vulnerability::VulnerabilityInputSpec;
use guac::client::intrinsic::vulnerability::{IDorVulnerabilityInput, VulnerabilityInputSpec};
use packageurl::PackageUrl;
use utoipa::OpenApi;
use utoipa_swagger_ui::SwaggerUi;
Expand Down Expand Up @@ -140,10 +140,10 @@ pub async fn collect_packages(

let mut ids = Vec::new();

let snyk_vuln_input_spec = VulnerabilityInputSpec {
let snyk_vuln_input_spec = IDorVulnerabilityInput::from(&VulnerabilityInputSpec {
r#type: "snyk".to_string(),
vulnerability_id: issue.attributes.key.clone(),
};
});

ids.push(issue.attributes.key.clone());
// Ingest the root Snyk issue `key`
Expand Down Expand Up @@ -175,6 +175,7 @@ pub async fn collect_packages(
time_scanned: Default::default(),
origin: "snyk".to_string(),
collector: "snyk".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand All @@ -186,10 +187,11 @@ pub async fn collect_packages(
}

for problem in &issue.attributes.problems {
let problem_vuln_input_spec = VulnerabilityInputSpec {
r#type: "snyk".to_string(),
vulnerability_id: problem.id.clone(),
};
let problem_vuln_input_spec =
IDorVulnerabilityInput::from(&VulnerabilityInputSpec {
r#type: "snyk".to_string(),
vulnerability_id: problem.id.clone(),
});

ids.push(problem.id.clone());

Expand All @@ -214,6 +216,7 @@ pub async fn collect_packages(
justification: "snyk".to_string(),
origin: "snyk".to_string(),
collector: "snyk".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand All @@ -223,10 +226,11 @@ pub async fn collect_packages(

// Special-case CVEs
if problem.id.to_lowercase().starts_with("cve") {
let cve_vuln_input_spec = VulnerabilityInputSpec {
r#type: "cve".to_string(),
vulnerability_id: problem.id.clone(),
};
let cve_vuln_input_spec =
IDorVulnerabilityInput::from(&VulnerabilityInputSpec {
r#type: "cve".to_string(),
vulnerability_id: problem.id.clone(),
});

if let Err(err) = state
.guac_client
Expand All @@ -247,6 +251,7 @@ pub async fn collect_packages(
justification: "snyk".to_string(),
origin: "snyk".to_string(),
collector: "snyk".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand All @@ -270,6 +275,7 @@ pub async fn collect_packages(
timestamp: Default::default(),
origin: severity.source.clone(),
collector: "snyk".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand All @@ -288,6 +294,7 @@ pub async fn collect_packages(
timestamp: Default::default(),
origin: severity.source.clone(),
collector: "snyk".to_string(),
document_ref: "".to_string(),
},
)
.await
Expand Down
2 changes: 1 addition & 1 deletion deploy/compose/.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ EXHORT_API_PORT=8088
COLLECTORIST_API_PORT=8180
COLLECTOR_OSV_API_PORT=8181
COLLECTOR_SNYK_API_PORT=8182
GUAC_IMAGE=ghcr.io/trustification/guac:v0.3.32
GUAC_IMAGE=ghcr.io/trustification/guac:v0.7.2-RC7
#GUAC_IMAGE=local-organic-guac
CHROMEDRIVER_IMAGE=docker.io/selenium/standalone-chrome:117.0
JAEGER_IMAGE=docker.io/jaegertracing/all-in-one:latest
Expand Down
10 changes: 5 additions & 5 deletions deploy/k8s/legacy/values-crc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.27
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7
domain: trustification.apps-crc.testing

deployPostgres: true
Expand All @@ -24,7 +24,7 @@ postgres:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
sso: {}
sso: { }
kafka:
image: docker.io/bitnami/kafka@sha256:8fedaa492f1f570cade60f5ff09978cd841307b1e9f93fe6216136ca165fcc2d
minio:
Expand Down Expand Up @@ -52,7 +52,7 @@ config:
authentication: files/crc/auth.yaml
collectorist: files/crc/collectorist.yaml
default:
routeAnnotations: {}
routeAnnotations: { }
spog:
crdaUrl: https://rhda.rhcloud.com/api/v4/analysis
branding: true
Expand Down Expand Up @@ -205,7 +205,7 @@ exhort:
enabled: true
api:
resources:
keycloakRealm: {}
keycloakRealm: { }
oidcClients:
frontend:
issuerUrl: https://sso.trustification.apps-crc.testing/realms/chicken
Expand Down Expand Up @@ -237,7 +237,7 @@ guac:
database:
enabled: true
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
resources:
Expand Down
8 changes: 4 additions & 4 deletions deploy/k8s/legacy/values-minikube.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.27
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7

deployPostgres: true
deployMinio: true
Expand All @@ -13,7 +13,7 @@ ssoDefaults: true

postgres:
image: docker.io/bitnami/postgresql:15
sso: {}
sso: { }
kafka:
image: docker.io/bitnami/kafka@sha256:8fedaa492f1f570cade60f5ff09978cd841307b1e9f93fe6216136ca165fcc2d
resources:
Expand Down Expand Up @@ -209,7 +209,7 @@ exhort:
enabled: true
api:
resources:
keycloakRealm: {}
keycloakRealm: { }
oidcClients:
frontend:
issuerUrl: https://sso.trustification.dev/realms/chicken
Expand All @@ -227,7 +227,7 @@ guac:
database:
enabled: true
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
resources:
Expand Down
10 changes: 5 additions & 5 deletions deploy/k8s/legacy/values-openshift-blueprint.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.27
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7

domain: apps.cluster-s2528.sandbox1481.opentlc.com

Expand All @@ -62,7 +62,7 @@ postgres:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
sso: {}
sso: { }
kafka:
image: docker.io/bitnami/kafka@sha256:8fedaa492f1f570cade60f5ff09978cd841307b1e9f93fe6216136ca165fcc2d
resources:
Expand Down Expand Up @@ -100,7 +100,7 @@ config:
enabled: true
name: trustification-config
default:
routeAnnotations: {}
routeAnnotations: { }
spog:
crdaUrl: https://rhda.rhcloud.com/api/v4/analysis
branding: true
Expand Down Expand Up @@ -254,7 +254,7 @@ exhort:
enabled: true
api:
resources:
keycloakRealm: {}
keycloakRealm: { }
oidcClients:
frontend:
issuerUrl: https://sso.apps.cluster-s2528.sandbox1481.opentlc.com/realms/chicken
Expand Down Expand Up @@ -286,7 +286,7 @@ guac:
database:
enabled: true
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
resources:
Expand Down
4 changes: 2 additions & 2 deletions deploy/trustification.dev/dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.32
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7
domain: dev.trustification.dev
replicas: 1
graphqlReplicas: 1
Expand Down Expand Up @@ -230,7 +230,7 @@ guac:
database:
enabled: false
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
affinity:
Expand Down
4 changes: 2 additions & 2 deletions deploy/trustification.dev/prod.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.32
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7
domain: trustification.dev
replicas: 2
graphqlReplicas: 1
Expand Down Expand Up @@ -230,7 +230,7 @@ guac:
database:
enabled: true
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
affinity:
Expand Down
4 changes: 2 additions & 2 deletions deploy/trustification.dev/staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ trustImage: ghcr.io/trustification/trust
uiImage: ghcr.io/trustification/trust
docsImage: ghcr.io/trustification/trust-docs
testsImage: ghcr.io/trustification/trust-tests
guacImage: ghcr.io/trustification/guac:v0.3.32
guacImage: ghcr.io/trustification/guac:v0.7.2-RC7
domain: staging.trustification.dev
replicas: 1
imagePullPolicy: IfNotPresent
Expand Down Expand Up @@ -229,7 +229,7 @@ guac:
database:
enabled: true
image: docker.io/library/postgres:15
initJob: {}
initJob: { }
graphql:
debug: true
affinity:
Expand Down

0 comments on commit 61a3e30

Please sign in to comment.