issues.go

/*
Copyright 2020 Adevinta
*/

package store

import (
	"context"

	"github.com/jmoiron/sqlx"
	pq "github.com/lib/pq"
)

// Issue represents a security vulnerability.
type Issue struct {
	ID              string
	Summary         string
	CWEID           uint32 `db:"cwe_id"`
	Description     string
	Recommendations pq.StringArray
	ReferenceLinks  pq.StringArray `db:"reference_links"`
}

func (db *psqlxStore) CreateIssueIfNotExists(i Issue) (*Issue, error) {
	_, err := db.DB.Exec("INSERT INTO issues (summary, cwe_id, description, recommendations, reference_links) VALUES ($1, $2, $3, $4, $5)",
		i.Summary, i.CWEID, i.Description, i.Recommendations, i.ReferenceLinks)
	if err != nil && !IsDuplicateErr(err) { // Issue might exist but for a different source.
		return nil, err
	}
	return db.FindIssue(i)
}

func (db *psqlxStore) UpdateIssueLabels(issueID string, labels []string) error {
	ctx := context.Background()
	tx, err := db.DB.BeginTxx(ctx, nil)
	if err != nil {
		return err
	}

	l := pq.Array(labels)
	_, err = tx.Exec("DELETE FROM issue_labels WHERE issue_id = $1 and label <> ANY($2::TEXT[])", issueID, l)
	if err != nil {
		tx.Rollback()
		return err
	}

	_, err = tx.Exec("INSERT INTO issue_labels SELECT $1, unnest($2::TEXT[]) ON CONFLICT DO NOTHING", issueID, l)
	if err != nil {
		tx.Rollback()
		return err
	}
	return tx.Commit()
}

func (db *psqlxStore) CreateIssue(i Issue) (*Issue, error) {
	_, err := db.DB.Exec("INSERT INTO issues (summary, score, cwe_id, description, recommendations, reference_links) VALUES ($1, $2, $3, $4, $5, $6)",
		i.Summary, i.CWEID, i.Description, i.Recommendations, i.ReferenceLinks)
	if err != nil {
		return nil, err
	}
	return db.FindIssue(i)
}

func (db *psqlxStore) FindIssue(i Issue) (*Issue, error) {
	foundIssue := Issue{}
	err := db.DB.Get(&foundIssue, "SELECT * FROM issues WHERE summary = $1 AND description = $2", i.Summary, i.Description)
	if err != nil {
		return nil, err
	}

	return &foundIssue, nil
}

func (db *psqlxStore) FindIssueByID(id string) (*Issue, error) {
	foundIssue := Issue{}
	err := db.DB.Get(&foundIssue, "SELECT * FROM issues WHERE id = $1 ", id)
	if err != nil {
		return nil, err
	}

	return &foundIssue, nil
}

func (db *psqlxStore) createSourceIssue(issueID, sourceID string) error {
	ctx := context.Background()
	tx, err := db.DB.BeginTxx(ctx, nil)
	if err != nil {
		return err
	}
	err = createSourceIssue(ctx, tx, issueID, sourceID)
	if err != nil {
		tx.Rollback()
		return err
	}
	return tx.Commit()
}

func (db *psqlxStore) GetIssuesBySource(sourceID string) ([]*Issue, error) {
	issues := make([]*Issue, 0)
	err := db.DB.Select(&issues, "SELECT i.id, i.summary, i.score, i.cwe_id, i.description, i.recommendations, i.reference_links "+
		"FROM issues i INNER JOIN source_issues si ON si.issue_id = i.id AND si.source_id = $1", sourceID)
	if err != nil && !IsNotFoundErr(err) {
		return nil, err
	}

	return issues, nil
}

func createSourceIssue(ctx context.Context, tx *sqlx.Tx, issueID, sourceID string) error {
	_, err := tx.Exec("INSERT INTO source_issues (source_id, issue_id) VALUES ($1, $2) ON CONFLICT DO NOTHING", sourceID, issueID)
	return err
}