Skip to content

Commit

Permalink
Fix BOM uploads (#81)
Browse files Browse the repository at this point in the history 
* fix: upload BOM

* fix: copy paste bugs
  • Loading branch information
@chrisdlangton
chrisdlangton authored Nov 27, 2024
1 parent e6c62c4 commit 6010118
Show file tree
Hide file tree
Showing 6 changed files with 172 additions and 198 deletions.
34 changes: 17 additions & 17 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,23 +63,23 @@ git-demo:
git stash pop || true

_purge_data: ## FOR DOCO ONLY
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Session;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM GitBranch;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Dependency;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM SarifResults;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM CycloneDXInfo;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM SPDXInfo;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM SARIFInfo;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM IntegrationUsageLog;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Triage;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Finding;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM GitRepo;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Artifact;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM CVEADP;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM CVEMetadata;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM CVENumberingAuthrity;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM AuthorizedDataPublisher;"
npx wrangler d1 execute vulnetix --remote --command "DELETE FROM Link;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Session;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitBranch;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Dependency;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM SarifResults;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM CycloneDXInfo;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM SPDXInfo;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM SARIFInfo;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM IntegrationUsageLog;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Triage;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Finding;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitRepo;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Artifact;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM CVEADP;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM CVEMetadata;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM CVENumberingAuthrity;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM AuthorizedDataPublisher;"
npx wrangler d1 execute vulnetix --local --command "DELETE FROM Link;"

_helpers: ## FOR DOCO ONLY
npx wrangler d1 execute vulnetix --local --file ./migrations/0001_init.sql
Expand Down
40 changes: 28 additions & 12 deletions functions/api/cdx.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,24 +115,40 @@ export async function onRequestPost(context) {
createdAt: cdx.metadata?.timestamp ? new Date(cdx.metadata.timestamp).getTime() : new Date().getTime(),
toolName: cdx.metadata.tools.map(t => `${t?.vendor} ${t?.name} ${t?.version}`.trim()).join(', '),
}
const info = await data.prisma.CycloneDXInfo.upsert({

const lookup = await data.prisma.CycloneDXInfo.findUnique({
where: {
cdxId,
orgId: data.session.orgId,
},
update: {
createdAt: cdxData.createdAt,
serialNumber: cdxData.serialNumber
},
create: {
...cdxData,
org: { connect: { uuid: data.session.orgId } },
artifact: { connect: { uuid: artifactUuid } },
}
})
data.logger(`/upload/cdx ${cdxId} kid=${data.session.kid}`, info)
if (lookup?.cdxId) {
const infoUpd = await data.prisma.CycloneDXInfo.update({
where: {
cdxId: lookup.cdxId
},
data: {
createdAt: cdxData.createdAt,
serialNumber: cdxData.serialNumber,
}
})
data.logger(`Update CycloneDX ${cdxId}`, infoUpd)
} else {
const infoAdd = await data.prisma.CycloneDXInfo.create({
data: {
...cdxData,
org: { connect: { uuid: data.session.orgId } },
artifact: { connect: { uuid: artifactUuid } },
}
})
data.logger(`Create CycloneDX ${cdxId}`, infoAdd)
}
cdxData.orgId = data.session.orgId
cdxData.dependencies = dependencies
files.push(cdxData)
artifact.downloadLink = artifact.downloadLinks.sort((a, b) => b.id - a.id)?.pop()
delete artifact.downloadLinks
artifact.cdx = cdxData
files.push(artifact)

const osvQueries = cdx.components.flatMap(component => {
const queries = [{
Expand Down
24 changes: 13 additions & 11 deletions functions/api/github/repos/[org]/[repo]/spdx.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,21 +159,23 @@ const process = async (prisma, session, repoName, spdx, spdxId, artifactUuid) =>
}
const findingIds = []

const info = await prisma.SPDXInfo.upsert({
const lookup = await prisma.SPDXInfo.findUnique({
where: {
spdxId,
orgId: session.orgId,
},
update: {
comment: spdxData.comment
},
create: {
...spdxData,
artifact: { connect: { uuid: artifactUuid } },
repo: { connect: { fullName_orgId: { fullName: repoName, orgId: session.orgId } } },
org: { connect: { uuid: session.orgId } },
},
}
})
if (!lookup?.spdxId) {
const infoAdd = await prisma.SPDXInfo.create({
data: {
...spdxData,
org: { connect: { uuid: session.orgId } },
repo: { connect: { fullName_orgId: { fullName: repoName, orgId: session.orgId } } },
artifact: { connect: { uuid: artifactUuid } },
}
})
// console.log(`Create SPDX ${spdxId}`, infoAdd)
}

// console.log(`/github/repos/spdx ${repoName} kid=${session.kid}`, info)
const osvQueries = spdx.packages.flatMap(pkg => {
Expand Down
40 changes: 28 additions & 12 deletions functions/api/spdx.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,24 +140,40 @@ export async function onRequestPost(context) {
documentDescribes: spdx?.documentDescribes?.join(','),
comment: spdx.creationInfo?.comment || '',
}
const info = await data.prisma.SPDXInfo.upsert({

const lookup = await data.prisma.SPDXInfo.findUnique({
where: {
spdxId,
orgId: data.session.orgId,
},
update: {
createdAt: spdxData.createdAt,
comment: spdxData.comment
},
create: {
...spdxData,
org: { connect: { uuid: data.session.orgId } },
artifact: { connect: { uuid: artifactUuid } },
}
})
data.logger(`/github/repos/spdx ${spdxId} kid=${data.session.kid}`, info)
if (lookup?.spdxId) {
const infoUpd = await data.prisma.SPDXInfo.update({
where: {
spdxId: lookup.spdxId
},
data: {
createdAt: spdxData.createdAt,
comment: spdxData.comment,
}
})
data.logger(`Update SPDX ${spdxId}`, infoUpd)
} else {
const infoAdd = await data.prisma.SPDXInfo.create({
data: {
...spdxData,
org: { connect: { uuid: data.session.orgId } },
artifact: { connect: { uuid: artifactUuid } },
}
})
data.logger(`Create SPDX ${spdxId}`, infoAdd)
}
spdxData.orgId = data.session.orgId
spdxData.dependencies = dependencies
files.push(spdxData)
artifact.downloadLink = artifact.downloadLinks.sort((a, b) => b.id - a.id)?.pop()
delete artifact.downloadLinks
artifact.spdx = spdxData
files.push(artifact)

const osvQueries = spdx.packages.flatMap(pkg => {
const { version } = parsePackageRef(pkg.SPDXID, pkg.name)
Expand Down
Loading

0 comments on commit 6010118

Please sign in to comment.