feat: add sha384 and sha512 to the SBOM and advisory

ctron · Jul 3, 2024 · bf67cdc · bf67cdc
1 parent 7656e13
commit bf67cdc
Show file tree

Hide file tree

Showing 12 changed files with 124 additions and 6 deletions.
diff --git a/common/src/id.rs b/common/src/id.rs
@@ -27,6 +27,16 @@ pub enum Id {
     Sha512(String),
 }
 
+impl Id {
+    /// Create a `Vec<Id>` from a fields of a document.
+    pub fn build_vec(sha256: String, sha384: Option<String>, sha512: Option<String>) -> Vec<Self> {
+        let mut result = vec![Id::Sha256(sha256)];
+        result.extend(sha384.map(Id::Sha384));
+        result.extend(sha512.map(Id::Sha512));
+        result
+    }
+}
+
 /// Create a filter for an ID
 pub trait TryFilterForId {
     /// Return a condition, filtering for the [`Id`]. Or an `Err(IdError::UnsupportedAlgorithm)` if the ID type is not supported.
@@ -148,7 +158,7 @@ impl Display for Id {
                 write!(f, "sha256:{}", inner)
             }
             Id::Sha384(inner) => {
-                write!(f, "sha385:{}", inner)
+                write!(f, "sha384:{}", inner)
             }
             Id::Sha512(inner) => {
                 write!(f, "sha512:{}", inner)

diff --git a/entity/src/advisory.rs b/entity/src/advisory.rs
@@ -20,6 +20,8 @@ pub struct Model {
     pub identifier: String,
     pub issuer_id: Option<i32>,
     pub sha256: String,
+    pub sha384: Option<String>,
+    pub sha512: Option<String>,
     pub published: Option<OffsetDateTime>,
     pub modified: Option<OffsetDateTime>,
     pub withdrawn: Option<OffsetDateTime>,
@@ -101,6 +103,8 @@ impl TryFilterForId for Entity {
         Ok(match id {
             Id::Uuid(uuid) => Column::Id.eq(uuid).into_condition(),
             Id::Sha256(hash) => Column::Sha256.eq(hash).into_condition(),
+            Id::Sha384(hash) => Column::Sha384.eq(hash).into_condition(),
+            Id::Sha512(hash) => Column::Sha512.eq(hash).into_condition(),
             n => return Err(IdError::UnsupportedAlgorithm(n.prefix().to_string())),
         })
     }

diff --git a/entity/src/sbom.rs b/entity/src/sbom.rs
@@ -13,6 +13,8 @@ pub struct Model {
     pub node_id: String,
 
     pub sha256: String,
+    pub sha384: Option<String>,
+    pub sha512: Option<String>,
     pub document_id: String,
 
     pub published: Option<OffsetDateTime>,
@@ -68,6 +70,8 @@ impl TryFilterForId for Entity {
         Ok(match id {
             Id::Uuid(uuid) => Column::SbomId.eq(uuid).into_condition(),
             Id::Sha256(hash) => Column::Sha256.eq(hash).into_condition(),
+            Id::Sha384(hash) => crate::advisory::Column::Sha384.eq(hash).into_condition(),
+            Id::Sha512(hash) => crate::advisory::Column::Sha512.eq(hash).into_condition(),
             n => return Err(IdError::UnsupportedAlgorithm(n.prefix().to_string())),
         })
     }

diff --git a/migration/src/lib.rs b/migration/src/lib.rs
@@ -47,6 +47,7 @@ mod m0000380_create_package_status_index;
 mod m0000390_rename_package_purl;
 mod m0000395_alter_vulnerability_pk;
 mod m0000410_labels_index;
+mod m0000420_add_digests;
 
 pub struct Migrator;
 
@@ -100,6 +101,7 @@ impl MigratorTrait for Migrator {
             Box::new(m0000390_rename_package_purl::Migration),
             Box::new(m0000395_alter_vulnerability_pk::Migration),
             Box::new(m0000410_labels_index::Migration),
+            Box::new(m0000420_add_digests::Migration),
         ]
     }
 }

diff --git a/migration/src/m0000420_add_digests.rs b/migration/src/m0000420_add_digests.rs
@@ -0,0 +1,70 @@
+use sea_orm_migration::prelude::*;
+
+#[derive(DeriveMigrationName)]
+pub struct Migration;
+
+#[async_trait::async_trait]
+#[allow(deprecated)]
+impl MigrationTrait for Migration {
+    async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Sbom::Table)
+                    .add_column(ColumnDef::new(Sbom::Sha384).string())
+                    .add_column(ColumnDef::new(Sbom::Sha512).string())
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Advisory::Table)
+                    .add_column(ColumnDef::new(Advisory::Sha384).string())
+                    .add_column(ColumnDef::new(Advisory::Sha512).string())
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn down(&self, manager: &SchemaManager) -> Result<(), DbErr> {
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Advisory::Table)
+                    .drop_column(Advisory::Sha384)
+                    .drop_column(Advisory::Sha512)
+                    .to_owned(),
+            )
+            .await?;
+
+        manager
+            .alter_table(
+                Table::alter()
+                    .table(Sbom::Table)
+                    .drop_column(Sbom::Sha384)
+                    .drop_column(Sbom::Sha512)
+                    .to_owned(),
+            )
+            .await?;
+
+        Ok(())
+    }
+}
+
+#[derive(DeriveIden)]
+pub enum Sbom {
+    Table,
+    Sha384,
+    Sha512,
+}
+
+#[derive(DeriveIden)]
+pub enum Advisory {
+    Table,
+    Sha384,
+    Sha512,
+}
diff --git a/modules/fundamental/src/advisory/model/mod.rs b/modules/fundamental/src/advisory/model/mod.rs
@@ -54,7 +54,11 @@ impl AdvisoryHead {
         Ok(Self {
             uuid: entity.id,
             identifier: entity.identifier.clone(),
-            hashes: vec![Id::Sha256(entity.sha256.clone())],
+            hashes: Id::build_vec(
+                entity.sha256.clone(),
+                entity.sha384.clone(),
+                entity.sha512.clone(),
+            ),
             issuer,
             published: entity.published,
             modified: entity.modified,
@@ -82,7 +86,11 @@ impl AdvisoryHead {
             heads.push(Self {
                 uuid: advisory.id,
                 identifier: advisory.identifier.clone(),
-                hashes: vec![Id::Sha256(advisory.sha256.clone())],
+                hashes: Id::build_vec(
+                    advisory.sha256.clone(),
+                    advisory.sha384.clone(),
+                    advisory.sha512.clone(),
+                ),
                 issuer,
                 published: advisory.published,
                 modified: advisory.modified,

diff --git a/modules/fundamental/src/advisory/service/mod.rs b/modules/fundamental/src/advisory/service/mod.rs
@@ -129,6 +129,8 @@ impl AdvisoryService {
                 issuer_id: e.issuer_id,
                 labels: e.labels,
                 sha256: e.sha256,
+                sha384: e.sha384,
+                sha512: e.sha512,
                 published: e.published,
                 modified: e.modified,
                 withdrawn: e.withdrawn,
@@ -205,6 +207,8 @@ impl AdvisoryService {
                 issuer_id: advisory.issuer_id,
                 labels: advisory.labels,
                 sha256: advisory.sha256,
+                sha384: advisory.sha384,
+                sha512: advisory.sha512,
                 published: advisory.published,
                 modified: advisory.modified,
                 withdrawn: advisory.withdrawn,
@@ -302,6 +306,8 @@ struct AdvisoryCatcher {
     pub issuer_id: Option<i32>,
     pub labels: Labels,
     pub sha256: String,
+    pub sha384: Option<String>,
+    pub sha512: Option<String>,
     pub published: Option<OffsetDateTime>,
     pub modified: Option<OffsetDateTime>,
     pub withdrawn: Option<OffsetDateTime>,

diff --git a/modules/fundamental/src/advisory/service/test.rs b/modules/fundamental/src/advisory/service/test.rs
@@ -314,8 +314,10 @@ async fn single_advisory(ctx: TrustifyContext) -> Result<(), anyhow::Error> {
         .await?;
 
     let fetch = AdvisoryService::new(db);
-    let jenny = Id::sha256(&digests.sha256);
-    let fetched = fetch.fetch_advisory(jenny.clone(), ()).await?;
+    let jenny256 = Id::sha256(&digests.sha256);
+    let jenny384 = Id::sha384(&digests.sha384);
+    let jenny512 = Id::sha512(&digests.sha512);
+    let fetched = fetch.fetch_advisory(jenny256.clone(), ()).await?;
 
     assert!(matches!(
             fetched,
@@ -325,7 +327,7 @@ async fn single_advisory(ctx: TrustifyContext) -> Result<(), anyhow::Error> {
 
                 ..
             })
-        if hashes.contains(&jenny) && average_severity == "critical"));
+        if hashes.contains(&jenny256) && hashes.contains(&jenny384) && hashes.contains(&jenny512) && average_severity == "critical"));
 
     Ok(())
 }
diff --git a/modules/graphql/src/advisory.rs b/modules/graphql/src/advisory.rs
@@ -21,6 +21,8 @@ impl AdvisoryQuery {
                 issuer_id: advisory.advisory.issuer_id,
                 labels: advisory.advisory.labels,
                 sha256: advisory.advisory.sha256,
+                sha384: advisory.advisory.sha384,
+                sha512: advisory.advisory.sha512,
                 published: advisory.advisory.published,
                 modified: advisory.advisory.modified,
                 withdrawn: advisory.advisory.withdrawn,
@@ -47,6 +49,8 @@ impl AdvisoryQuery {
                     issuer_id: advisory.advisory.issuer_id,
                     labels: advisory.advisory.labels,
                     sha256: advisory.advisory.sha256,
+                    sha384: advisory.advisory.sha384,
+                    sha512: advisory.advisory.sha512,
                     published: advisory.advisory.published,
                     modified: advisory.advisory.modified,
                     withdrawn: advisory.advisory.withdrawn,

diff --git a/modules/graphql/src/sbom.rs b/modules/graphql/src/sbom.rs
@@ -21,6 +21,8 @@ impl SbomQuery {
                 node_id: sbom_context.sbom.node_id,
                 labels: sbom_context.sbom.labels,
                 sha256: sbom_context.sbom.sha256,
+                sha384: sbom_context.sbom.sha384,
+                sha512: sbom_context.sbom.sha512,
                 document_id: sbom_context.sbom.document_id,
                 published: sbom_context.sbom.published,
                 authors: sbom_context.sbom.authors,
@@ -52,6 +54,8 @@ impl SbomQuery {
                     node_id: sbom.sbom.node_id,
                     labels: sbom.sbom.labels,
                     sha256: sbom.sbom.sha256,
+                    sha384: sbom.sbom.sha384,
+                    sha512: sbom.sbom.sha512,
                     document_id: sbom.sbom.document_id,
                     published: sbom.sbom.published,
                     authors: sbom.sbom.authors,

diff --git a/modules/ingestor/src/graph/advisory/mod.rs b/modules/ingestor/src/graph/advisory/mod.rs
@@ -121,6 +121,8 @@ impl Graph {
             identifier: Set(identifier),
             issuer_id: Set(organization.map(|org| org.organization.id)),
             sha256: Set(sha256),
+            sha384: Set(Some(digests.sha384.encode_hex())),
+            sha512: Set(Some(digests.sha512.encode_hex())),
             title: Set(information.title),
             published: Set(information.published),
             modified: Set(information.modified),

diff --git a/modules/ingestor/src/graph/sbom/mod.rs b/modules/ingestor/src/graph/sbom/mod.rs
@@ -123,6 +123,8 @@ impl Graph {
 
             document_id: Set(document_id.to_string()),
             sha256: Set(sha256),
+            sha384: Set(Some(digests.sha384.encode_hex())),
+            sha512: Set(Some(digests.sha512.encode_hex())),
 
             published: Set(published),
             authors: Set(authors),