From 949a13762f6d864b74d37fc389d9dde568c04771 Mon Sep 17 00:00:00 2001 From: iancardosozup <86669442+iancardosozup@users.noreply.github.com> Date: Tue, 22 Mar 2022 10:11:48 -0300 Subject: [PATCH] vulnHash:feature - add treatment to vuln.deprecatedHashes slice (#569) Signed-off-by: Ian Cardoso Signed-off-by: Wilian Gabriel --- api/go.mod | 30 +- api/go.sum | 93 +++--- api/internal/controllers/analysis/analysis.go | 112 ++++++- .../controllers/analysis/analysis_test.go | 287 ++++++++++++++++++ .../repositories/analysis/analysis.go | 24 ++ .../repositories/analysis/analysis_mock.go | 9 + .../repositories/analysis/analysis_test.go | 20 ++ 7 files changed, 500 insertions(+), 75 deletions(-) diff --git a/api/go.mod b/api/go.mod index b52465894..b028830a6 100644 --- a/api/go.mod +++ b/api/go.mod @@ -3,7 +3,7 @@ module github.com/ZupIT/horusec-platform/api go 1.17 require ( - github.com/ZupIT/horusec-devkit v1.0.21 + github.com/ZupIT/horusec-devkit v1.0.23 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 github.com/go-chi/chi v4.1.2+incompatible github.com/go-chi/cors v1.2.0 @@ -12,8 +12,8 @@ require ( github.com/google/wire v0.5.0 github.com/lib/pq v1.10.4 github.com/stretchr/testify v1.7.0 - github.com/swaggo/swag v1.7.8 - google.golang.org/grpc v1.43.0 + github.com/swaggo/swag v1.7.9 + google.golang.org/grpc v1.44.0 ) require ( @@ -37,33 +37,33 @@ require ( github.com/jackc/pgpassfile v1.0.0 // indirect github.com/jackc/pgproto3/v2 v2.2.0 // indirect github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect - github.com/jackc/pgtype v1.9.0 // indirect - github.com/jackc/pgx/v4 v4.14.0 // indirect + github.com/jackc/pgtype v1.9.1 // indirect + github.com/jackc/pgx/v4 v4.14.1 // indirect github.com/jinzhu/inflection v1.0.0 // indirect - github.com/jinzhu/now v1.1.3 // indirect + github.com/jinzhu/now v1.1.4 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.11.0 // indirect + github.com/prometheus/client_golang v1.12.1 // indirect github.com/prometheus/client_model v0.2.0 // indirect - github.com/prometheus/common v0.31.1 // indirect + github.com/prometheus/common v0.32.1 // indirect github.com/prometheus/procfs v0.7.3 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/streadway/amqp v1.0.0 // indirect github.com/stretchr/objx v0.3.0 // indirect github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 // indirect - github.com/swaggo/http-swagger v1.1.2 // indirect - golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect - golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect - golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e // indirect + github.com/swaggo/http-swagger v1.2.5 // indirect + golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect + golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect + golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect golang.org/x/text v0.3.7 // indirect - golang.org/x/tools v0.1.7 // indirect - google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4 // indirect + golang.org/x/tools v0.1.8 // indirect + google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0 // indirect google.golang.org/protobuf v1.27.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect gorm.io/driver/postgres v1.2.3 // indirect - gorm.io/gorm v1.22.4 // indirect + gorm.io/gorm v1.22.5 // indirect ) diff --git a/api/go.sum b/api/go.sum index 2505ec61c..cc019537f 100644 --- a/api/go.sum +++ b/api/go.sum @@ -44,8 +44,8 @@ github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tN github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= -github.com/ZupIT/horusec-devkit v1.0.21 h1:vAY0/DV+EMdfSae6cu8lF0UpGrJe1uuMW3H/TDznvdE= -github.com/ZupIT/horusec-devkit v1.0.21/go.mod h1:ZNpTXWcN0tG7jHokH12Zi94Y2iiV1qxslElvfSD/kDE= +github.com/ZupIT/horusec-devkit v1.0.23 h1:CBL5ya45zLMXYYgmdAtShAm3VC1F7KQGiRaIU3WGTow= +github.com/ZupIT/horusec-devkit v1.0.23/go.mod h1:01lg6tLZkqwJE/Nn8Prnq7bFjq9Agf4zwbuV47sxMno= github.com/agiledragon/gomonkey/v2 v2.3.1 h1:k+UnUY0EMNYUFUAQVETGY9uUTxjMdnUkP0ARyJS1zzs= github.com/agiledragon/gomonkey/v2 v2.3.1/go.mod h1:ap1AmDzcVOAz1YpeJ3TCzIgstoaWLA6jbbgxfB4w2iY= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -119,19 +119,11 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonreference v0.19.4/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= -github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= -github.com/go-openapi/spec v0.19.14/go.mod h1:gwrgJS15eCUgjLpMjBJmbZezCsw88LmgeEip0M63doA= -github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= -github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg= github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.19.11/go.mod h1:Uc0gKkdR+ojzsEpjh39QChyu92vPgIr72POcgHMAgSY= -github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= -github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-ozzo/ozzo-validation/v4 v4.3.0 h1:byhDUpfEwjsVQb1vBunvIjh2BHQ9ead57VkAEY4V+Es= @@ -183,9 +175,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github/v37 v37.0.0/go.mod h1:LM7in3NmXDrX58GbEHy7FtNLbI2JijX93RnMKvWG3m4= github.com/google/go-github/v40 v40.0.0/go.mod h1:G8wWKTEjUCL0zdbaQvpwDk0hqf6KZgPQH+ssJa+/NVc= -github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= +github.com/google/go-github/v41 v41.0.0/go.mod h1:XgmCA5H323A9rtgExdTcnDkcqp6S30AVACCBDOonIxg= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -253,14 +244,16 @@ github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01C github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc= github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw= github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM= -github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk= github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= +github.com/jackc/pgtype v1.9.1 h1:MJc2s0MFS8C3ok1wQTdQxWuXQcB6+HwAm5x1CzW7mf0= +github.com/jackc/pgtype v1.9.1/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4= github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y= github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM= github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc= github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs= -github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc= github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8= +github.com/jackc/pgx/v4 v4.14.1 h1:71oo1KAGI6mXhLiTMn6iDFcp3e7+zon/capWjl2OEFU= +github.com/jackc/pgx/v4 v4.14.1/go.mod h1:RgDuE4Z34o7XE92RpLsvFiOEfrAUT0Xt2KxvX73W06M= github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk= @@ -268,14 +261,15 @@ github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= -github.com/jinzhu/now v1.1.3 h1:PlHq1bSCSZL9K0wUhbm2pGLoTWs2GwVhsP6emvGV/ZI= -github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/jinzhu/now v1.1.4 h1:tHnRBy1i5F2Dh8BAFxqFzxKqqvezXrL2OW1TnX+Mlas= +github.com/jinzhu/now v1.1.4/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -298,7 +292,7 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/magefile/mage v1.11.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= +github.com/magefile/mage v1.12.1/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= @@ -311,11 +305,12 @@ github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/migueleliasweb/go-github-mock v0.0.5/go.mod h1:gTpcHVcrBxK35OOQP3aGrgQypxvEoFTvtR0VGaEs2VM= +github.com/migueleliasweb/go-github-mock v0.0.7/go.mod h1:mD5w+9J3oBBMLr7uD6owEYlYBAL8tZd+BA7iGjI4EU8= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= @@ -336,8 +331,9 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -346,8 +342,8 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.31.1 h1:d18hG4PkHnNAKNMOmFuXFaiY8Us0nird/2m60uS1AMs= -github.com/prometheus/common v0.31.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= +github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= @@ -389,22 +385,19 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14/go.mod h1:gxQT6pBGRuIGunNf/+tSOB5OHvguWi8Tbt82WOkf35E= github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 h1:+iNTcqQJy0OZ5jk6a5NLib47eqXK8uYcPX+O4+cBpEM= github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w= -github.com/swaggo/http-swagger v1.1.2 h1:ikcSD+EUOx+2oNZ2N6u8IYa8ScOsAvE7Jh+E1dW6i94= -github.com/swaggo/http-swagger v1.1.2/go.mod h1:mX5nhypDmoSt4iw2mc5aKXxRFvp1CLLcCiog2B9M+Ro= -github.com/swaggo/swag v1.7.0/go.mod h1:BdPIL73gvS9NBsdi7M1JOxLvlbfvNRaBP8m6WT6Aajo= -github.com/swaggo/swag v1.7.3/go.mod h1:zD8h6h4SPv7t3l+4BKdRquqW1ASWjKZgT6Qv9z3kNqI= -github.com/swaggo/swag v1.7.8 h1:w249t0l/kc/DKMGlS0fppNJQxKyJ8heNaUWB6nsH3zc= -github.com/swaggo/swag v1.7.8/go.mod h1:gZ+TJ2w/Ve1RwQsA2IRoSOTidHz6DX+PIG8GWvbnoLU= +github.com/swaggo/http-swagger v1.2.5 h1:iDWoHpJMLNo4nwGOPXsOoqlB9wB6M4xgjhws8x3KQcs= +github.com/swaggo/http-swagger v1.2.5/go.mod h1:CcoICgY3yVDk2u1LQUCMHbAj0fjlxIX+873psXlIKNA= +github.com/swaggo/swag v1.7.9 h1:6vCG5mm43ebDzGlZPMGYrYI4zKFfOr5kicQX8qjeDwc= +github.com/swaggo/swag v1.7.9/go.mod h1:gZ+TJ2w/Ve1RwQsA2IRoSOTidHz6DX+PIG8GWvbnoLU= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= @@ -436,8 +429,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI= -golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -468,8 +461,9 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -485,7 +479,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -500,17 +493,15 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20201207224615-747e23833adb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 h1:CIJ76btIcR3eFI5EgSo6k1qKw9KJexJuRLI9G7Hp5wE= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs= +golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -525,7 +516,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -564,9 +554,7 @@ golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -574,8 +562,10 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0= +golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -638,11 +628,9 @@ golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20201120155355-20be4ac4bd6e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.0.0-20201208062317-e652b2f42cc7/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= -golang.org/x/tools v0.1.7 h1:6j8CgantCy3yc8JGBqkDLMKWqZ0RDU2g1HVgacojGWQ= golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo= +golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w= +golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -703,8 +691,8 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4 h1:YXPV/eKW0ZWRdB5tyI6aPoaa2Wxb4OSlFrTREMdwn64= -google.golang.org/genproto v0.0.0-20211007155348-82e027067bd4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0 h1:aCsSLXylHWFno0r4S3joLpiaWayvqd2Mn4iSvx4WZZc= +google.golang.org/genproto v0.0.0-20220114231437-d2e6a121cae0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -720,9 +708,8 @@ google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= -google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM= -google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -760,8 +747,8 @@ gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C gorm.io/driver/postgres v1.2.3 h1:f4t0TmNMy9gh3TU2PX+EppoA6YsgFnyq8Ojtddb42To= gorm.io/driver/postgres v1.2.3/go.mod h1:pJV6RgYQPG47aM1f0QeOzFH9HxQc8JcmAgjRCgS0wjs= gorm.io/gorm v1.22.3/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0= -gorm.io/gorm v1.22.4 h1:8aPcyEJhY0MAt8aY6Dc524Pn+pO29K+ydu+e/cXSpQM= -gorm.io/gorm v1.22.4/go.mod h1:1aeVC+pe9ZmvKZban/gW4QPra7PRoTEssyc922qCAkk= +gorm.io/gorm v1.22.5 h1:lYREBgc02Be/5lSCTuysZZDb6ffL2qrat6fg9CFbvXU= +gorm.io/gorm v1.22.5/go.mod h1:l2lP/RyAtc1ynaTjFksBde/O8v9oOGIApu2/xRitmZk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/api/internal/controllers/analysis/analysis.go b/api/internal/controllers/analysis/analysis.go index ccfe7e72c..7971867ae 100644 --- a/api/internal/controllers/analysis/analysis.go +++ b/api/internal/controllers/analysis/analysis.go @@ -15,8 +15,11 @@ package analysis import ( + "errors" "time" + "github.com/ZupIT/horusec-devkit/pkg/services/database/response" + "github.com/google/uuid" "github.com/ZupIT/horusec-devkit/pkg/entities/analysis" @@ -52,26 +55,34 @@ func NewAnalysisController(broker brokerService.IBroker, appConfig appConfigurat } func (c *Controller) GetAnalysis(analysisID uuid.UUID) (*analysis.Analysis, error) { - response := c.repoAnalysis.FindAnalysisByID(analysisID) - if response.GetError() != nil { - return nil, response.GetError() + res := c.repoAnalysis.FindAnalysisByID(analysisID) + if res.GetError() != nil { + return nil, res.GetError() } - if response.GetData() == nil { + if res.GetData() == nil { return nil, enums.ErrorNotFoundRecords } - return response.GetData().(*analysis.Analysis), nil + return res.GetData().(*analysis.Analysis), nil } +// nolint func (c *Controller) SaveAnalysis(analysisEntity *analysis.Analysis) (uuid.UUID, error) { analysisEntity, err := c.createRepositoryIfNotExists(analysisEntity) if err != nil { return uuid.Nil, err } + + //TODO: REMOVE treatCompatibility IN v2.10.0 VERSION + if err := c.treatCompatibility(analysisEntity); err != nil { + return uuid.Nil, err + } + analysisDecorated, err := c.decorateAnalysisEntityAndSaveOnDatabase(analysisEntity) if err != nil { return uuid.Nil, err } + if err := c.publishInBroker(analysisDecorated.ID); err != nil { return uuid.Nil, err } @@ -147,11 +158,98 @@ func (c *Controller) hasDuplicatedHash( } func (c *Controller) publishInBroker(analysisID uuid.UUID) error { - response, err := c.GetAnalysis(analysisID) + res, err := c.GetAnalysis(analysisID) if err != nil { return err } return c.broker.Publish("", exchange.NewAnalysis, - exchange.Fanout, response.ToBytes()) + exchange.Fanout, res.ToBytes()) +} + +// TODO:REMOVE ALL BELOW AFTER v2.10.0 +// treatCompatibility checks if the field Analysis.AnalysisVulnerabilities[i].DeprecatedHashes exists +// and if so, find them on database and updates it with the correct field Analysis.AnalysisVulnerabilities[i].VulnHash. +// this is only a temporary fix to maintain compatibility between versions, +// it will be deleted when v2.10.0 is released +// nolint +func (c *Controller) treatCompatibility(analysisEntity *analysis.Analysis) error { + if !c.existsDeprecatedHashesSlice(analysisEntity.AnalysisVulnerabilities) { + return nil + } + deprecatedHashes := make([]string, 0) + + for i := range analysisEntity.AnalysisVulnerabilities { + deprecatedHashes = append( + deprecatedHashes, + analysisEntity.AnalysisVulnerabilities[i].Vulnerability.DeprecatedHashes...) + } + + if err := c.saveUpdates(deprecatedHashes, analysisEntity); err != nil { + return err + } + + return nil +} + +func (c *Controller) saveUpdates(hashSlice []string, analysisEntity *analysis.Analysis) error { + res := c.repoAnalysis.FindVulnerabilitiesByHashSliceInRepository(hashSlice, analysisEntity.RepositoryID) + if res.GetError() != nil { + return res.GetError() + } + mapHashToID, err := c.parseResIds(res) + if err != nil { + return err + } + query, values := c.mountUpdateQuery(analysisEntity, mapHashToID) + + if err := c.repoAnalysis.RawQuery(query, values); err != nil { + return err + } + return nil +} + +// mountUpdateQuery iterates over rawAnalysis.AnalysisVulnerabilities and +// checks if some vuln.Vulnerability.DeprecatedHashes is present on +// mapHashToId then creates and update statement to update the +// deprecated Hash value to the new one (that is present in rawAnalysis.Vulnerability.VulnHash field) +func (c *Controller) mountUpdateQuery( + rawAnalysis *analysis.Analysis, mapHashToID map[string]uuid.UUID, +) (string, []string) { + query := "" + values := make([]string, 0) + for i := range rawAnalysis.AnalysisVulnerabilities { + vuln := rawAnalysis.AnalysisVulnerabilities[i] + for _, hash := range vuln.Vulnerability.DeprecatedHashes { + if mapHashToID[hash] != uuid.Nil { + query += "UPDATE vulnerabilities SET vuln_hash =? where vulnerability_id = ? ;\n" + values = append(values, vuln.Vulnerability.VulnHash, mapHashToID[hash].String()) + } + } + } + return query, values +} + +// existsDeprecatedHashesSlice checks if []analysis.AnalysisVulnerabilities.Vulnerability +// has a field called DeprecatedHashes +func (c *Controller) existsDeprecatedHashesSlice(vulns []analysis.AnalysisVulnerabilities) bool { + if len(vulns) > 0 { + if vulns[0].Vulnerability.DeprecatedHashes != nil { + return true + } + } + return false +} + +// parseResIds makes a map[hash] id that already exists on database for further manipulation +func (c *Controller) parseResIds(res response.IResponse) (map[string]uuid.UUID, error) { + if res.GetData() == nil { + return nil, errors.New("nil response.GetData") + } + mapIds := res.GetData().(*[]map[string]interface{}) + mapIDHash := make(map[string]uuid.UUID, len(*mapIds)) + for _, id := range *mapIds { + mapIDHash[id["vuln_hash"].(string)] = uuid.MustParse(id["vulnerability_id"].(string)) + } + return mapIDHash, nil } diff --git a/api/internal/controllers/analysis/analysis_test.go b/api/internal/controllers/analysis/analysis_test.go index 50cac1e45..d5c55ad93 100644 --- a/api/internal/controllers/analysis/analysis_test.go +++ b/api/internal/controllers/analysis/analysis_test.go @@ -552,4 +552,291 @@ func TestController_SaveAnalysis(t *testing.T) { assert.Error(t, err) assert.Equal(t, res, uuid.Nil) }) + t.Run("Should save analysis with success when exists vulnerability with deprecated hash", func(t *testing.T) { + brokerMock := &broker.Mock{} + brokerMock.On("Publish").Return(nil) + appConfigMock := &appConfiguration.Mock{} + repoRepositoryMock := &repository.Mock{} + repoAnalysisMock := &repoAnalysis.Mock{} + repoAnalysisMock.On("RawQuery").Return(nil) + repoAnalysisMock.On("FindVulnerabilitiesByHashSliceInRepository").Return(response.NewResponse( + 1, + nil, + &[]map[string]interface{}{ + { + "vulnerability_id": "47a7807b-ca70-41b1-8ff2-432a5d1752fd", + "vuln_hash": "oldHash", + }, + }, + )) + repoAnalysisMock.On("CreateFullAnalysisResponse").Return(nil) + repoAnalysisMock.On("CreateFullAnalysisArguments").Return(func(any *analysis.Analysis) {}) + repoAnalysisMock.On("FindAnalysisByID").Return(response.NewResponse(0, nil, &analysis.Analysis{ + ID: uuid.New(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + })) + controller := NewAnalysisController( + brokerMock, + appConfigMock, + repoRepositoryMock, + repoAnalysisMock, + ) + res, err := controller.SaveAnalysis(&analysis.Analysis{ + ID: uuid.New(), + WorkspaceID: uuid.New(), + WorkspaceName: uuid.NewString(), + RepositoryID: uuid.New(), + RepositoryName: uuid.NewString(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + AnalysisVulnerabilities: []analysis.AnalysisVulnerabilities{ + { + VulnerabilityID: uuid.New(), + AnalysisID: uuid.New(), + CreatedAt: time.Now(), + Vulnerability: vulnerability.Vulnerability{ + VulnerabilityID: uuid.New(), + Line: "1", + Column: "1", + Confidence: confidence.High, + File: "/deployments/cert.pem", + Code: "-----BEGIN CERTIFICATE-----", + Details: "Asymmetric Private Key \n Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + SecurityTool: "Wrong security tool", + Language: languages.Leaks, + Severity: severities.Critical, + VulnHash: "1234567890", + Type: vulnerabilityEnum.Vulnerability, + CommitAuthor: "Wilian Gabriel", + CommitEmail: "wilian.silva@zup.com.br", + CommitHash: "9876543210", + CommitMessage: "Initial Commit", + CommitDate: "2021-03-31T10:58:42Z", + DeprecatedHashes: []string{"oldHash", "oldHash1"}, + }, + }, + }, + }) + assert.NoError(t, err) + assert.NotEqual(t, res, uuid.Nil) + }) + t.Run("Should save analysis with error when FindVulnerabilitiesByHashSliceInRepository fails", func(t *testing.T) { + brokerMock := &broker.Mock{} + brokerMock.On("Publish").Return(nil) + appConfigMock := &appConfiguration.Mock{} + repoRepositoryMock := &repository.Mock{} + repoAnalysisMock := &repoAnalysis.Mock{} + repoAnalysisMock.On("RawQuery").Return(nil) + repoAnalysisMock.On("FindVulnerabilitiesByHashSliceInRepository").Return(response.NewResponse( + 1, + errors.New("error"), + &[]map[string]interface{}{ + { + "vulnerability_id": "47a7807b-ca70-41b1-8ff2-432a5d1752fd", + "vuln_hash": "oldHash", + }, + }, + )) + repoAnalysisMock.On("CreateFullAnalysisResponse").Return(nil) + repoAnalysisMock.On("CreateFullAnalysisArguments").Return(func(any *analysis.Analysis) {}) + repoAnalysisMock.On("FindAnalysisByID").Return(response.NewResponse(0, nil, &analysis.Analysis{ + ID: uuid.New(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + })) + controller := NewAnalysisController( + brokerMock, + appConfigMock, + repoRepositoryMock, + repoAnalysisMock, + ) + res, err := controller.SaveAnalysis(&analysis.Analysis{ + ID: uuid.New(), + WorkspaceID: uuid.New(), + WorkspaceName: uuid.NewString(), + RepositoryID: uuid.New(), + RepositoryName: uuid.NewString(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + AnalysisVulnerabilities: []analysis.AnalysisVulnerabilities{ + { + VulnerabilityID: uuid.New(), + AnalysisID: uuid.New(), + CreatedAt: time.Now(), + Vulnerability: vulnerability.Vulnerability{ + VulnerabilityID: uuid.New(), + Line: "1", + Column: "1", + Confidence: confidence.High, + File: "/deployments/cert.pem", + Code: "-----BEGIN CERTIFICATE-----", + Details: "Asymmetric Private Key \n Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + SecurityTool: "Wrong security tool", + Language: languages.Leaks, + Severity: severities.Critical, + VulnHash: "1234567890", + Type: vulnerabilityEnum.Vulnerability, + CommitAuthor: "Wilian Gabriel", + CommitEmail: "wilian.silva@zup.com.br", + CommitHash: "9876543210", + CommitMessage: "Initial Commit", + CommitDate: "2021-03-31T10:58:42Z", + DeprecatedHashes: []string{"oldHash", "oldHash1"}, + }, + }, + }, + }) + assert.Error(t, err) + assert.Equal(t, res, uuid.Nil) + }) + t.Run("Should save analysis with error when RawQuery fails", func(t *testing.T) { + brokerMock := &broker.Mock{} + brokerMock.On("Publish").Return(nil) + appConfigMock := &appConfiguration.Mock{} + repoRepositoryMock := &repository.Mock{} + repoAnalysisMock := &repoAnalysis.Mock{} + repoAnalysisMock.On("RawQuery").Return(errors.New("some error")) + repoAnalysisMock.On("FindVulnerabilitiesByHashSliceInRepository").Return(response.NewResponse( + 1, + nil, + &[]map[string]interface{}{ + { + "vulnerability_id": "47a7807b-ca70-41b1-8ff2-432a5d1752fd", + "vuln_hash": "oldHash", + }, + }, + )) + repoAnalysisMock.On("CreateFullAnalysisResponse").Return(nil) + repoAnalysisMock.On("CreateFullAnalysisArguments").Return(func(any *analysis.Analysis) {}) + repoAnalysisMock.On("FindAnalysisByID").Return(response.NewResponse(0, nil, &analysis.Analysis{ + ID: uuid.New(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + })) + controller := NewAnalysisController( + brokerMock, + appConfigMock, + repoRepositoryMock, + repoAnalysisMock, + ) + res, err := controller.SaveAnalysis(&analysis.Analysis{ + ID: uuid.New(), + WorkspaceID: uuid.New(), + WorkspaceName: uuid.NewString(), + RepositoryID: uuid.New(), + RepositoryName: uuid.NewString(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + AnalysisVulnerabilities: []analysis.AnalysisVulnerabilities{ + { + VulnerabilityID: uuid.New(), + AnalysisID: uuid.New(), + CreatedAt: time.Now(), + Vulnerability: vulnerability.Vulnerability{ + VulnerabilityID: uuid.New(), + Line: "1", + Column: "1", + Confidence: confidence.High, + File: "/deployments/cert.pem", + Code: "-----BEGIN CERTIFICATE-----", + Details: "Asymmetric Private Key \n Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + SecurityTool: "Wrong security tool", + Language: languages.Leaks, + Severity: severities.Critical, + VulnHash: "1234567890", + Type: vulnerabilityEnum.Vulnerability, + CommitAuthor: "Wilian Gabriel", + CommitEmail: "wilian.silva@zup.com.br", + CommitHash: "9876543210", + CommitMessage: "Initial Commit", + CommitDate: "2021-03-31T10:58:42Z", + DeprecatedHashes: []string{"oldHash", "oldHash1"}, + }, + }, + }, + }) + assert.Error(t, err) + assert.Equal(t, res, uuid.Nil) + }) + t.Run("Should save analysis with error when nil response.GetData on FindVulnerabilitiesByHashSliceInRepository", func(t *testing.T) { + brokerMock := &broker.Mock{} + brokerMock.On("Publish").Return(nil) + appConfigMock := &appConfiguration.Mock{} + repoRepositoryMock := &repository.Mock{} + repoAnalysisMock := &repoAnalysis.Mock{} + repoAnalysisMock.On("RawQuery").Return(errors.New("some error")) + repoAnalysisMock.On("FindVulnerabilitiesByHashSliceInRepository").Return(response.NewResponse( + 1, + nil, + nil, + )) + repoAnalysisMock.On("CreateFullAnalysisResponse").Return(nil) + repoAnalysisMock.On("CreateFullAnalysisArguments").Return(func(any *analysis.Analysis) {}) + repoAnalysisMock.On("FindAnalysisByID").Return(response.NewResponse(0, nil, &analysis.Analysis{ + ID: uuid.New(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + })) + controller := NewAnalysisController( + brokerMock, + appConfigMock, + repoRepositoryMock, + repoAnalysisMock, + ) + res, err := controller.SaveAnalysis(&analysis.Analysis{ + ID: uuid.New(), + WorkspaceID: uuid.New(), + WorkspaceName: uuid.NewString(), + RepositoryID: uuid.New(), + RepositoryName: uuid.NewString(), + Status: analysisEnum.Success, + Errors: "", + CreatedAt: time.Now(), + FinishedAt: time.Now(), + AnalysisVulnerabilities: []analysis.AnalysisVulnerabilities{ + { + VulnerabilityID: uuid.New(), + AnalysisID: uuid.New(), + CreatedAt: time.Now(), + Vulnerability: vulnerability.Vulnerability{ + VulnerabilityID: uuid.New(), + Line: "1", + Column: "1", + Confidence: confidence.High, + File: "/deployments/cert.pem", + Code: "-----BEGIN CERTIFICATE-----", + Details: "Asymmetric Private Key \n Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + SecurityTool: "Wrong security tool", + Language: languages.Leaks, + Severity: severities.Critical, + VulnHash: "1234567890", + Type: vulnerabilityEnum.Vulnerability, + CommitAuthor: "Wilian Gabriel", + CommitEmail: "wilian.silva@zup.com.br", + CommitHash: "9876543210", + CommitMessage: "Initial Commit", + CommitDate: "2021-03-31T10:58:42Z", + DeprecatedHashes: []string{"oldHash", "oldHash1"}, + }, + }, + }, + }) + assert.Error(t, err) + assert.Equal(t, res, uuid.Nil) + }) } diff --git a/api/internal/repositories/analysis/analysis.go b/api/internal/repositories/analysis/analysis.go index a9cc1fb42..575300a6a 100644 --- a/api/internal/repositories/analysis/analysis.go +++ b/api/internal/repositories/analysis/analysis.go @@ -32,6 +32,8 @@ import ( type IAnalysis interface { FindAnalysisByID(analysisID uuid.UUID) response.IResponse CreateFullAnalysis(newAnalysis *analysis.Analysis) error + FindVulnerabilitiesByHashSliceInRepository(vulnHash []string, repositoryID uuid.UUID) response.IResponse + RawQuery(string string, values ...interface{}) error } type Analysis struct { @@ -62,6 +64,7 @@ func (a *Analysis) CreateFullAnalysis(newAnalysis *analysis.Analysis) error { logger.LogError(enums.ErrorRollbackCreate, tsx.RollbackTransaction().GetError()) return err } + if err := a.createManyToManyAnalysisAndVulnerabilities(newAnalysis, tsx); err != nil { logger.LogError(enums.ErrorRollbackCreate, tsx.RollbackTransaction().GetError()) return err @@ -168,3 +171,24 @@ func (a *Analysis) findVulnerabilityByHashInRepository(vulnHash string, reposito ` return a.databaseRead.Raw(query, map[string]interface{}{}, vulnHash, repositoryID) } + +func (a *Analysis) FindVulnerabilitiesByHashSliceInRepository(vulnHash []string, + repositoryID uuid.UUID) response.IResponse { + query := ` + SELECT DISTINCT vulnerabilities.vulnerability_id as vulnerability_id, + vulnerabilities.vuln_hash as vuln_hash + FROM vulnerabilities + INNER JOIN analysis_vulnerabilities ON vulnerabilities.vulnerability_id = analysis_vulnerabilities.vulnerability_id + INNER JOIN analysis ON analysis_vulnerabilities.analysis_id = analysis.analysis_id + WHERE vulnerabilities.vuln_hash IN ? + AND analysis.repository_id = ? + ` + object := make([]map[string]interface{}, 0) + return a.databaseRead.Raw(query, &object, vulnHash, repositoryID) +} + +// Deprecated: RawQuery starts a transaction and try to execute the raw query into database. +// is not recommended using this and the method will not be available after cli v2.10.0 +func (a *Analysis) RawQuery(rawQuery string, values ...interface{}) error { + return a.databaseWrite.Exec(rawQuery, values) +} diff --git a/api/internal/repositories/analysis/analysis_mock.go b/api/internal/repositories/analysis/analysis_mock.go index 1a716d364..a3aaa6836 100644 --- a/api/internal/repositories/analysis/analysis_mock.go +++ b/api/internal/repositories/analysis/analysis_mock.go @@ -27,6 +27,11 @@ type Mock struct { mock.Mock } +func (m *Mock) RawQuery(_ string, _ ...interface{}) error { + args := m.MethodCalled("RawQuery") + return utilsMock.ReturnNilOrError(args, 0) +} + func (m *Mock) FindAnalysisByID(_ uuid.UUID) response.IResponse { args := m.MethodCalled("FindAnalysisByID") return args.Get(0).(response.IResponse) @@ -36,3 +41,7 @@ func (m *Mock) CreateFullAnalysis(analysisArgument *analysis.Analysis) error { args := m.MethodCalled("CreateFullAnalysisResponse") return utilsMock.ReturnNilOrError(args, 0) } +func (m *Mock) FindVulnerabilitiesByHashSliceInRepository(vulnHash []string, repositoryID uuid.UUID) response.IResponse { + args := m.MethodCalled("FindVulnerabilitiesByHashSliceInRepository") + return args.Get(0).(response.IResponse) +} diff --git a/api/internal/repositories/analysis/analysis_test.go b/api/internal/repositories/analysis/analysis_test.go index 3c3dc4736..8fe455e76 100644 --- a/api/internal/repositories/analysis/analysis_test.go +++ b/api/internal/repositories/analysis/analysis_test.go @@ -438,4 +438,24 @@ func TestAnalysis_CreateFullAnalysis(t *testing.T) { err := NewRepositoriesAnalysis(connectionMock).CreateFullAnalysis(data) assert.Error(t, err) }) + t.Run("Should run FindVulnerabilitiesByHashSliceInRepository", func(t *testing.T) { + mockRead := &database.Mock{} + connectionMock := &database.Connection{ + Write: nil, + Read: mockRead, + } + mockRead.On("Raw").Return(response.NewResponse(1, nil, nil)) + res := NewRepositoriesAnalysis(connectionMock).FindVulnerabilitiesByHashSliceInRepository([]string{"something"}, uuid.New()) + assert.NoError(t, res.GetError()) + }) + t.Run("Should run Exec", func(t *testing.T) { + mockWrite := &database.Mock{} + connectionMock := &database.Connection{ + Write: mockWrite, + Read: nil, + } + mockWrite.On("Exec").Return(nil) + err := NewRepositoriesAnalysis(connectionMock).RawQuery("something") + assert.NoError(t, err) + }) }