Update module structure and set up main function

konflux-ci · Oct 31, 2024 · ef335b1 · ef335b1
1 parent b01c540
commit ef335b1
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 26 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,7 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY cmd/main.go cmd/main.go
+COPY cmd/manager/main.go cmd/main.go
 COPY api/ api/
 COPY pkg/ pkg/
 COPY internal/controller/ internal/controller/

diff --git a/cmd/main.go → cmd/manager/main.go b/cmd/main.go → cmd/manager/main.go
diff --git a/cmd/osv-generator/main.go b/cmd/osv-generator/main.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"flag"
+	"log"
+
+	osv_generator "github.com/konflux-ci/mintmaker/tools/osv-generator"
+)
+
+// A demo which parses RPM CVE data into OSV database format based on input CSAF VEX url
+// TODO: implement the ability to process all updated advisories
+func main() {
+	url := flag.String("url", "", "Url pointing to CSAF VEX file")
+	filename := flag.String("file", "demo.nedb", "Name of the file to store OSV data")
+
+	flag.Parse()
+
+	if err := osv_generator.GenerateOSV(*url, *filename); err != nil {
+		log.Fatalf("Error generating OSV: %v\n", err)
+	}
+}
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.21
 require (
 	github.com/bradleyfalzon/ghinstallation/v2 v2.10.0
 	github.com/go-logr/logr v1.2.4
+	github.com/google/go-cmp v0.6.0
 	github.com/google/go-github/v45 v45.2.0
 	github.com/konflux-ci/application-api v0.0.0-20240527211352-be061932d497
 	github.com/onsi/ginkgo/v2 v2.11.0
@@ -36,7 +37,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v60 v60.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect

diff --git a/...m_cve_generator/csaf_vex_vulnerability.go → ...s/osv-generator/csaf_vex_vulnerability.go b/...m_cve_generator/csaf_vex_vulnerability.go → ...s/osv-generator/csaf_vex_vulnerability.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 type VEX struct {
 	Document struct {

diff --git a/internal/rpm_cve_generator/cve_parser.go → tools/osv-generator/cve_parser.go b/internal/rpm_cve_generator/cve_parser.go → tools/osv-generator/cve_parser.go
@@ -1,8 +1,7 @@
-package rpm_cve_generator
+package osv_generator
 
 import (
 	"encoding/json"
-	"flag"
 	"fmt"
 	"io"
 	"net/http"
@@ -16,14 +15,14 @@ import (
 // 1. Read CSAF VEX file from given URL
 // 2. For all RPM dependencies, parse CVE data to OSV format
 // 3. Store OSV data to given .nedb file
-func generateOSV(url string, filename string) error {
-	vexVulnerability, err := getVEXFromUrl(url)
+func GenerateOSV(url string, filename string) error {
+	vexVulnerability, err := GetVEXFromUrl(url)
 	if err != nil {
 		return fmt.Errorf("error reading CSAF VEX file: %v", err)
 	}
 
-	convertedVulnerabilities := convertToOSV(vexVulnerability)
-	if err := storeToFile(filename, convertedVulnerabilities); err != nil {
+	convertedVulnerabilities := ConvertToOSV(vexVulnerability)
+	if err := StoreToFile(filename, convertedVulnerabilities); err != nil {
 		return fmt.Errorf("error creating OSV file: %v", err)
 	}
 
@@ -32,7 +31,7 @@ func generateOSV(url string, filename string) error {
 }
 
 // Download CSAF VEX file from given URL and store into a VEX struct
-func getVEXFromUrl(url string) (VEX, error) {
+func GetVEXFromUrl(url string) (VEX, error) {
 	resp, err := http.Get(url)
 	if err != nil {
 		return VEX{}, fmt.Errorf("could not fetch URL: %v", err)
@@ -59,7 +58,7 @@ func getVEXFromUrl(url string) (VEX, error) {
 }
 
 // Convert VEX RPM data to OSV format
-func convertToOSV(vexData VEX) []OSV {
+func ConvertToOSV(vexData VEX) []OSV {
 	// Get list of affected packages
 	affectedList := getAffectedList(vexData)
 
@@ -87,7 +86,7 @@ func convertToOSV(vexData VEX) []OSV {
 }
 
 // Save all CVEs to an OSV file
-func storeToFile(filename string, convertedVulnerabilities []OSV) error {
+func StoreToFile(filename string, convertedVulnerabilities []OSV) error {
 	file, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0644)
 	if err != nil {
 		return fmt.Errorf("error accessing file: %v", err)
@@ -209,14 +208,3 @@ func contains(affectedList []*Affected, affectedPackage Affected) bool {
 	}
 	return false
 }
-
-// An example of this module, saves data from specified url into demo.nedb
-func main() {
-	url := flag.String("url", "", "Url pointing to CSAF VEX file")
-	filename := flag.String("file", "demo.nedb", "Name of the file to store OSV data")
-
-	flag.Parse()
-	if err := generateOSV(*url, *filename); err != nil {
-		fmt.Printf("Error generating OSV: %v\n", err)
-	}
-}
diff --git a/...rnal/rpm_cve_generator/cve_parser_test.go → tools/osv-generator/cve_parser_test.go b/...rnal/rpm_cve_generator/cve_parser_test.go → tools/osv-generator/cve_parser_test.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 import (
 	"encoding/json"
@@ -191,7 +191,7 @@ func TestConvertToOSV(t *testing.T) {
 		},
 	}
 
-	osv := convertToOSV(vexSampleObject)
+	osv := ConvertToOSV(vexSampleObject)
 	if cmp.Equal(osv, result) {
 		t.Fatalf("expected %+v, got %+v", result, osv)
 	}

diff --git a/...al/rpm_cve_generator/osv_vulnerability.go → tools/osv-generator/osv_vulnerability.go b/...al/rpm_cve_generator/osv_vulnerability.go → tools/osv-generator/osv_vulnerability.go
@@ -1,4 +1,4 @@
-package rpm_cve_generator
+package osv_generator
 
 type OSV struct {
 	SchemaVersion    string            `json:"schema_version"`