guacsec · kodiakhq · Mar 27, 2023 · Mar 23, 2023 · Mar 26, 2023 · Mar 26, 2023
@@ -18,17 +18,17 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"os"
 	"time"
 
-	"github.com/guacsec/guac/pkg/assembler/graphdb"
+	"github.com/Khan/genqlient/graphql"
 	"github.com/guacsec/guac/pkg/certifier"
 	"github.com/guacsec/guac/pkg/certifier/certify"
 	"github.com/guacsec/guac/pkg/certifier/components/root_package"
 	"github.com/guacsec/guac/pkg/certifier/osv"
 	"github.com/guacsec/guac/pkg/handler/processor"
 	"github.com/guacsec/guac/pkg/logging"
-	"github.com/neo4j/neo4j-go-driver/v4/neo4j"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -45,6 +45,7 @@ var certifierCmd = &cobra.Command{
 			viper.GetString("gdbpass"),
 			viper.GetString("gdbaddr"),
 			viper.GetString("realm"),
+			viper.GetString("gql-endpoint"),
 		)
 
 		if err != nil {
@@ -57,12 +58,8 @@ var certifierCmd = &cobra.Command{
 			logger.Fatalf("unable to register certifier: %w", err)
 		}
 
-		authToken := graphdb.CreateAuthTokenWithUsernameAndPassword(opts.user, opts.pass, opts.realm)
-		client, err := graphdb.NewGraphClient(opts.dbAddr, authToken)
-		if err != nil {
-			logger.Errorf("error: %v", err)
-			os.Exit(1)
-		}
+		httpClient := http.Client{}
+		gqlclient := graphql.NewClient(opts.graphqlEndpoint, &httpClient)
 
 		processorFunc, err := getProcessor(ctx)
 		if err != nil {
@@ -81,7 +78,7 @@ var certifierCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
-		packageQueryFunc, err := getPackageQuery(client)
+		packageQueryFunc, err := getPackageQuery(gqlclient)
 		if err != nil {
 			logger.Errorf("error: %v", err)
 			os.Exit(1)
@@ -138,17 +135,18 @@ var certifierCmd = &cobra.Command{
 	},
 }
 
-func validateCertifierFlags(user string, pass string, dbAddr string, realm string) (options, error) {
+func validateCertifierFlags(user string, pass string, dbAddr string, realm string, graphqlEndpoint string) (options, error) {
 	var opts options
 	opts.user = user
 	opts.pass = pass
 	opts.dbAddr = dbAddr
 	opts.realm = realm
+	opts.graphqlEndpoint = graphqlEndpoint
 
 	return opts, nil
 }
 
-func getPackageQuery(client neo4j.Driver) (func() certifier.QueryComponents, error) {
+func getPackageQuery(client graphql.Client) (func() certifier.QueryComponents, error) {
 	return func() certifier.QueryComponents {
 		packageQuery := root_package.NewPackageQuery(client, 0)
 		return packageQuery

@@ -19,11 +19,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"net/http"
 	"os"
 	"sync"
 
+	"github.com/Khan/genqlient/graphql"
 	"github.com/guacsec/guac/pkg/assembler"
-	"github.com/guacsec/guac/pkg/assembler/graphdb"
 	"github.com/guacsec/guac/pkg/certifier"
 	"github.com/guacsec/guac/pkg/certifier/certify"
 	"github.com/guacsec/guac/pkg/certifier/components/root_package"
@@ -32,7 +33,6 @@ import (
 	"github.com/guacsec/guac/pkg/handler/processor"
 	parser_common "github.com/guacsec/guac/pkg/ingestor/parser/common"
 	"github.com/guacsec/guac/pkg/logging"
-	"github.com/neo4j/neo4j-go-driver/v4/neo4j"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
@@ -62,12 +62,9 @@ var certifierCmd = &cobra.Command{
 			logger.Fatalf("unable to register certifier: %w", err)
 		}
 
-		authToken := graphdb.CreateAuthTokenWithUsernameAndPassword(opts.user, opts.pass, opts.realm)
-		client, err := graphdb.NewGraphClient(opts.dbAddr, authToken)
-		if err != nil {
-			logger.Errorf("error: %v", err)
-			os.Exit(1)
-		}
+		// TODO: Fix this with the graphQL endpoint
+		httpClient := http.Client{}
+		gqlclient := graphql.NewClient("", &httpClient)
 
 		// initialize jetstream
 		// TODO: pass in credentials file for NATS secure login
@@ -129,7 +126,7 @@ var certifierCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
-		packageQueryFunc, err := getPackageQuery(client)
+		packageQueryFunc, err := getPackageQuery(gqlclient)
 		if err != nil {
 			logger.Errorf("error: %v", err)
 			os.Exit(1)
@@ -200,7 +197,7 @@ func getCertifierPublish(ctx context.Context) (func(*processor.Document) error,
 	}, nil
 }
 
-func getPackageQuery(client neo4j.Driver) (func() certifier.QueryComponents, error) {
+func getPackageQuery(client graphql.Client) (func() certifier.QueryComponents, error) {
 	return func() certifier.QueryComponents {
 		packageQuery := root_package.NewPackageQuery(client, 0)
 		return packageQuery

diff --git a/internal/testing/testdata/testdata.go b/internal/testing/testdata/testdata.go
@@ -26,9 +26,7 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/guacsec/guac/internal/testing/keyutil"
 	"github.com/guacsec/guac/pkg/assembler"
-	"github.com/guacsec/guac/pkg/assembler/clients/generated"
 	model "github.com/guacsec/guac/pkg/assembler/clients/generated"
-	"github.com/guacsec/guac/pkg/assembler/helpers"
 	asmhelpers "github.com/guacsec/guac/pkg/assembler/helpers"
 	"github.com/guacsec/guac/pkg/certifier/components/root_package"
 	"github.com/guacsec/guac/pkg/handler/processor"
@@ -185,21 +183,21 @@ var (
 		Digest:    "3a2bd2c5cc4c978e8aefd8bd0ef335fb42ee31d1",
 	}
 
-	artPkg, _ = helpers.PurlToPkg(helpers.GuacGenericPurl("helloworld"))
+	artPkg, _ = asmhelpers.PurlToPkg(asmhelpers.GuacGenericPurl("helloworld"))
 
 	mat1 = model.ArtifactInputSpec{
 		Algorithm: "sha1",
 		Digest:    "24279c5185ddc042896e3748f47fa89b48c1c14e",
 	}
 
-	mat1Src, _ = helpers.VcsToSrc("git+https://github.com/curl/curl-docker@master")
+	mat1Src, _ = asmhelpers.VcsToSrc("git+https://github.com/curl/curl-docker@master")
 
 	mat2 = model.ArtifactInputSpec{
 		Algorithm: "sha1",
 		Digest:    "0bcaaa161e719bca41b6d33fc02547c0f97d5397",
 	}
 
-	mat2Pkg, _ = helpers.PurlToPkg(helpers.GuacGenericPurl("github_hosted_vm:ubuntu-18.04:20210123.1"))
+	mat2Pkg, _ = asmhelpers.PurlToPkg(asmhelpers.GuacGenericPurl("github_hosted_vm:ubuntu-18.04:20210123.1"))
 
 	build = model.BuilderInputSpec{
 		Uri: "https://github.com/Attestations/GitHubHostedActions@v1",
@@ -235,11 +233,11 @@ var (
 		},
 		HasSlsa: []assembler.HasSlsaIngest{
 			{
-				HasSlsa: &generated.SLSAInputSpec{
+				HasSlsa: &model.SLSAInputSpec{
 					BuildType:   "https://github.com/Attestations/GitHubActionsWorkflow@v1",
 					SlsaVersion: "https://slsa.dev/provenance/v0.2",
 					StartedOn:   slsaStartTime,
-					SlsaPredicate: []generated.SLSAPredicateInputSpec{
+					SlsaPredicate: []model.SLSAPredicateInputSpec{
 						{Key: "slsa.metadata.completeness.environment", Value: "true"},
 						{Key: "slsa.metadata.buildStartedOn", Value: "2020-08-19T08:38:00Z"},
 						{Key: "slsa.metadata.completeness.materials", Value: "false"},
@@ -658,16 +656,10 @@ var (
 			  "uri":"guac",
 			  "producer_id":"guacsec/guac"
 		   },
-		   "scanner":{
-			  "uri":"osv.dev",
-			  "version":"0.0.14",
-			  "db":{
-			  },
-			  "result":[
-				 {
-					"vulnerability_id":"GHSA-599f-7c49-w659"
-				 }
-			  ]
+		   "scanner": {
+			"uri": "osv.dev",
+			"version": "0.0.14",
+			"db": {}
 		   },
 		   "metadata":{
 			  "scannedOn":"2022-11-22T13:19:18.825699-05:00"
@@ -688,34 +680,10 @@ var (
 			  "uri":"guac",
 			  "producer_id":"guacsec/guac"
 		   },
-		   "scanner":{
-			  "uri":"osv.dev",
-			  "version":"0.0.14",
-			  "db":{
-			  },
-			  "result":[
-				 {
-					"vulnerability_id":"GHSA-599f-7c49-w659"
-				 },
-				 {
-					"vulnerability_id":"GHSA-7rjr-3q55-vv33"
-				 },
-				 {
-					"vulnerability_id":"GHSA-8489-44mv-ggj8"
-				 },
-				 {
-					"vulnerability_id":"GHSA-fxph-q3j8-mv87"
-				 },
-				 {
-					"vulnerability_id":"GHSA-jfh8-c2jp-5v3q"
-				 },
-				 {
-					"vulnerability_id":"GHSA-p6xc-xr62-6r2g"
-				 },
-				 {
-					"vulnerability_id":"GHSA-vwqq-5vrc-xw9h"
-				 }
-			  ]
+		   "scanner": {
+			"uri": "osv.dev",
+			"version": "0.0.14",
+			"db": {}
 		   },
 		   "metadata":{
 			  "scannedOn":"2022-11-22T13:19:18.825699-05:00"
@@ -768,43 +736,24 @@ var (
 		}
 	 }`
 
-	rootPackage = assembler.PackageNode{
+	RootPackage = root_package.PackageNode{
 		Purl: "pkg:oci/vul-image-latest?repository_url=grc.io",
 	}
 
-	secondLevelPackage = assembler.PackageNode{
-		Purl:   "pkg:oci/vul-secondLevel-latest?repository_url=grc.io",
-		Digest: []string{"sha256:fe608dbc4894fc0b9c82908ece9ddddb63bb79083e5b25f2c02f87773bde1aa1"},
+	SecondLevelPackage = root_package.PackageNode{
+		Purl:      "pkg:oci/vul-secondLevel-latest?repository_url=grc.io",
+		Algorithm: "sha256",
+		Digest:    "fe608dbc4894fc0b9c82908ece9ddddb63bb79083e5b25f2c02f87773bde1aa1",
 	}
 
-	log4JPackage = assembler.PackageNode{
+	Log4JPackage = root_package.PackageNode{
 		Purl: "pkg:maven/org.apache.logging.log4j/[email protected]",
 	}
 
-	text4ShelPackage = assembler.PackageNode{
+	Text4ShelPackage = root_package.PackageNode{
 		Purl: "pkg:maven/org.apache.commons/[email protected]",
 	}
 
-	text4shell = &root_package.PackageComponent{
-		Package:     text4ShelPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	log4j = &root_package.PackageComponent{
-		Package:     log4JPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	secondLevel = &root_package.PackageComponent{
-		Package:     secondLevelPackage,
-		DepPackages: []*root_package.PackageComponent{text4shell},
-	}
-
-	RootComponent = &root_package.PackageComponent{
-		Package:     rootPackage,
-		DepPackages: []*root_package.PackageComponent{secondLevel, log4j},
-	}
-
 	VertxWebCommonAttestation = `{
 		"_type": "https://in-toto.io/Statement/v0.1",
 		"predicateType": "https://in-toto.io/attestation/vuln/v0.1",
@@ -935,54 +884,25 @@ var (
 		}
 	}`
 
-	vertxWebCommonPackage = assembler.PackageNode{
+	VertxWebCommonPackage = root_package.PackageNode{
 		Purl: "pkg:maven/io.vertx/[email protected]?type=jar",
 	}
 
-	vertxAuthCommonPackage = assembler.PackageNode{
+	VertxAuthCommonPackage = root_package.PackageNode{
 		Purl: "pkg:maven/io.vertx/[email protected]?type=jar",
 	}
 
-	vertxBridgeCommonPackage = assembler.PackageNode{
+	VertxBridgeCommonPackage = root_package.PackageNode{
 		Purl: "pkg:maven/io.vertx/[email protected]?type=jar",
 	}
 
-	vertxCoreCommonPackage = assembler.PackageNode{
+	VertxCoreCommonPackage = root_package.PackageNode{
 		Purl: "pkg:maven/io.vertx/[email protected]?type=jar",
 	}
 
-	vertxWebPackage = assembler.PackageNode{
+	VertxWebPackage = root_package.PackageNode{
 		Purl: "pkg:maven/io.vertx/[email protected]?type=jar",
 	}
-
-	// ignore dependencies for the test
-	vertxWebCommon = &root_package.PackageComponent{
-		Package:     vertxWebCommonPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	// ignore dependencies for the test
-	vertxAuthCommon = &root_package.PackageComponent{
-		Package:     vertxAuthCommonPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	// ignore dependencies for the test
-	vertxBridgeCommon = &root_package.PackageComponent{
-		Package:     vertxBridgeCommonPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	// ignore dependencies for the test
-	vertxCore = &root_package.PackageComponent{
-		Package:     vertxCoreCommonPackage,
-		DepPackages: []*root_package.PackageComponent{},
-	}
-
-	VertxWeb = &root_package.PackageComponent{
-		Package:     vertxWebPackage,
-		DepPackages: []*root_package.PackageComponent{vertxWebCommon, vertxAuthCommon, vertxBridgeCommon, vertxCore},
-	}
 )
 
 func GuacNodeSliceEqual(slice1, slice2 []assembler.GuacNode) bool {
@@ -1118,15 +1038,15 @@ func isOccurenceLess(e1, e2 assembler.IsOccurenceIngest) bool {
 	return gLess(e1, e2)
 }
 
-func packageQualifierInputSpecLess(e1, e2 generated.PackageQualifierInputSpec) bool {
+func packageQualifierInputSpecLess(e1, e2 model.PackageQualifierInputSpec) bool {
 	return gLess(e1, e2)
 }
 
-func psaInputSpecLess(e1, e2 generated.ArtifactInputSpec) bool {
+func psaInputSpecLess(e1, e2 model.ArtifactInputSpec) bool {
 	return gLess(e1, e2)
 }
 
-func slsaPredicateInputSpecLess(e1, e2 generated.SLSAPredicateInputSpec) bool {
+func slsaPredicateInputSpecLess(e1, e2 model.SLSAPredicateInputSpec) bool {
 	return gLess(e1, e2)
 }