From 86adf938e3bb0faf4f3fba444029d3ee1efc71f2 Mon Sep 17 00:00:00 2001
From: Lucie Novotna <lnovotna@redhat.com>
Date: Thu, 31 Oct 2024 16:25:44 +0100
Subject: [PATCH] Update module structure and set up main function

---
 cmd/{ => manager}/main.go                     |  0
 cmd/osv-generator/main.go                     | 21 ++++++++++++++
 go.mod                                        |  2 +-
 .../osv-generator}/csaf_vex_vulnerability.go  |  2 +-
 .../osv-generator}/cve_parser.go              | 28 ++++++-------------
 .../osv-generator}/cve_parser_test.go         |  4 +--
 .../osv-generator}/osv_vulnerability.go       |  2 +-
 7 files changed, 34 insertions(+), 25 deletions(-)
 rename cmd/{ => manager}/main.go (100%)
 create mode 100644 cmd/osv-generator/main.go
 rename {internal/rpm_cve_generator => tools/osv-generator}/csaf_vex_vulnerability.go (97%)
 rename {internal/rpm_cve_generator => tools/osv-generator}/cve_parser.go (87%)
 rename {internal/rpm_cve_generator => tools/osv-generator}/cve_parser_test.go (98%)
 rename {internal/rpm_cve_generator => tools/osv-generator}/osv_vulnerability.go (97%)

diff --git a/cmd/main.go b/cmd/manager/main.go
similarity index 100%
rename from cmd/main.go
rename to cmd/manager/main.go
diff --git a/cmd/osv-generator/main.go b/cmd/osv-generator/main.go
new file mode 100644
index 0000000..bb433d9
--- /dev/null
+++ b/cmd/osv-generator/main.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"flag"
+	"log"
+
+	osv_generator "github.com/konflux-ci/mintmaker/tools/osv-generator"
+)
+
+// A demo which parses RPM CVE data into OSV database format based on input CSAF VEX url
+// TODO: implement the ability to process all updated advisories
+func main() {
+	url := flag.String("url", "", "Url pointing to CSAF VEX file")
+	filename := flag.String("file", "demo.nedb", "Name of the file to store OSV data")
+
+	flag.Parse()
+
+	if err := osv_generator.GenerateOSV(*url, *filename); err != nil {
+		log.Fatalf("Error generating OSV: %v\n", err)
+	}
+}
diff --git a/go.mod b/go.mod
index 839d55b..e209890 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.21
 require (
 	github.com/bradleyfalzon/ghinstallation/v2 v2.10.0
 	github.com/go-logr/logr v1.2.4
+	github.com/google/go-cmp v0.6.0
 	github.com/google/go-github/v45 v45.2.0
 	github.com/konflux-ci/application-api v0.0.0-20240527211352-be061932d497
 	github.com/onsi/ginkgo/v2 v2.11.0
@@ -36,7 +37,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v60 v60.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
diff --git a/internal/rpm_cve_generator/csaf_vex_vulnerability.go b/tools/osv-generator/csaf_vex_vulnerability.go
similarity index 97%
rename from internal/rpm_cve_generator/csaf_vex_vulnerability.go
rename to tools/osv-generator/csaf_vex_vulnerability.go
index f570b01..ca9d4ee 100644
--- a/internal/rpm_cve_generator/csaf_vex_vulnerability.go
+++ b/tools/osv-generator/csaf_vex_vulnerability.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 type VEX struct {
 	Document struct {
diff --git a/internal/rpm_cve_generator/cve_parser.go b/tools/osv-generator/cve_parser.go
similarity index 87%
rename from internal/rpm_cve_generator/cve_parser.go
rename to tools/osv-generator/cve_parser.go
index 087bf31..40c36f9 100644
--- a/internal/rpm_cve_generator/cve_parser.go
+++ b/tools/osv-generator/cve_parser.go
@@ -1,8 +1,7 @@
-package rpm_cve_generator
+package osv_generator
 
 import (
 	"encoding/json"
-	"flag"
 	"fmt"
 	"io"
 	"net/http"
@@ -16,14 +15,14 @@ import (
 // 1. Read CSAF VEX file from given URL
 // 2. For all RPM dependencies, parse CVE data to OSV format
 // 3. Store OSV data to given .nedb file
-func generateOSV(url string, filename string) error {
-	vexVulnerability, err := getVEXFromUrl(url)
+func GenerateOSV(url string, filename string) error {
+	vexVulnerability, err := GetVEXFromUrl(url)
 	if err != nil {
 		return fmt.Errorf("error reading CSAF VEX file: %v", err)
 	}
 
-	convertedVulnerabilities := convertToOSV(vexVulnerability)
-	if err := storeToFile(filename, convertedVulnerabilities); err != nil {
+	convertedVulnerabilities := ConvertToOSV(vexVulnerability)
+	if err := StoreToFile(filename, convertedVulnerabilities); err != nil {
 		return fmt.Errorf("error creating OSV file: %v", err)
 	}
 
@@ -32,7 +31,7 @@ func generateOSV(url string, filename string) error {
 }
 
 // Download CSAF VEX file from given URL and store into a VEX struct
-func getVEXFromUrl(url string) (VEX, error) {
+func GetVEXFromUrl(url string) (VEX, error) {
 	resp, err := http.Get(url)
 	if err != nil {
 		return VEX{}, fmt.Errorf("could not fetch URL: %v", err)
@@ -59,7 +58,7 @@ func getVEXFromUrl(url string) (VEX, error) {
 }
 
 // Convert VEX RPM data to OSV format
-func convertToOSV(vexData VEX) []OSV {
+func ConvertToOSV(vexData VEX) []OSV {
 	// Get list of affected packages
 	affectedList := getAffectedList(vexData)
 
@@ -87,7 +86,7 @@ func convertToOSV(vexData VEX) []OSV {
 }
 
 // Save all CVEs to an OSV file
-func storeToFile(filename string, convertedVulnerabilities []OSV) error {
+func StoreToFile(filename string, convertedVulnerabilities []OSV) error {
 	file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		return fmt.Errorf("error accessing file: %v", err)
@@ -209,14 +208,3 @@ func contains(affectedList []*Affected, affectedPackage Affected) bool {
 	}
 	return false
 }
-
-// An example of this module, saves data from specified url into demo.nedb
-func main() {
-	url := flag.String("url", "", "Url pointing to CSAF VEX file")
-	filename := flag.String("file", "demo.nedb", "Name of the file to store OSV data")
-
-	flag.Parse()
-	if err := generateOSV(*url, *filename); err != nil {
-		fmt.Printf("Error generating OSV: %v\n", err)
-	}
-}
diff --git a/internal/rpm_cve_generator/cve_parser_test.go b/tools/osv-generator/cve_parser_test.go
similarity index 98%
rename from internal/rpm_cve_generator/cve_parser_test.go
rename to tools/osv-generator/cve_parser_test.go
index 54f046d..6df1490 100644
--- a/internal/rpm_cve_generator/cve_parser_test.go
+++ b/tools/osv-generator/cve_parser_test.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 import (
 	"encoding/json"
@@ -191,7 +191,7 @@ func TestConvertToOSV(t *testing.T) {
 		},
 	}
 
-	osv := convertToOSV(vexSampleObject)
+	osv := ConvertToOSV(vexSampleObject)
 	if cmp.Equal(osv, result) {
 		t.Fatalf("expected %+v, got %+v", result, osv)
 	}
diff --git a/internal/rpm_cve_generator/osv_vulnerability.go b/tools/osv-generator/osv_vulnerability.go
similarity index 97%
rename from internal/rpm_cve_generator/osv_vulnerability.go
rename to tools/osv-generator/osv_vulnerability.go
index a0215f5..c6b5457 100644
--- a/internal/rpm_cve_generator/osv_vulnerability.go
+++ b/tools/osv-generator/osv_vulnerability.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 type OSV struct {
 	SchemaVersion    string            `json:"schema_version"`