From 08342c22e52f2681dafa0814bc53046dbfb8817e Mon Sep 17 00:00:00 2001 From: vandanrohatgi Date: Mon, 14 Aug 2023 09:21:20 +0530 Subject: [PATCH 01/14] Add support for fetching sboms --- github/dependency_graph.go | 79 ++++++++++++++++++ github/dependency_graph_test.go | 79 ++++++++++++++++++ github/github-accessors.go | 120 ++++++++++++++++++++++++++ github/github-accessors_test.go | 144 ++++++++++++++++++++++++++++++++ github/github-stringify_test.go | 10 +++ github/github.go | 62 +++++++------- 6 files changed, 464 insertions(+), 30 deletions(-) create mode 100644 github/dependency_graph.go create mode 100644 github/dependency_graph_test.go diff --git a/github/dependency_graph.go b/github/dependency_graph.go new file mode 100644 index 00000000000..803245e0703 --- /dev/null +++ b/github/dependency_graph.go @@ -0,0 +1,79 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "fmt" + "time" +) + +type DependencyGraphService service + +// Sbom represents software bill of materials, which descibes the +// packages/libraries that a repository depends on. +type Sbom struct { + Sbom *SbomInfo `json:"sbom,omitempty"` +} + +// When was the SBOM created and who created it +type CreationInfo struct { + Created *time.Time `json:"created,omitempty"` + Creators []*string `json:"creators,omitempty"` +} + +type RepoDependencies struct { + Spdxid *string `json:"SPDXID,omitempty"` + // Package name + Name *string `json:"name,omitempty"` + VersionInfo *string `json:"versionInfo,omitempty"` + DownloadLocation *string `json:"downloadLocation,omitempty"` + FilesAnalyzed *bool `json:"filesAnalyzed,omitempty"` + LicenseConcluded *string `json:"licenseConcluded,omitempty"` + LicenseDeclared *string `json:"licenseDeclared,omitempty"` +} + +// SPDX is an open standard for software bill of materials (SBOM) that +// identifies and catalogs components, licenses, copyrights, security +// references, and other metadata relating to software +type SbomInfo struct { + Spdxid *string `json:"SPDXID,omitempty"` + SpdxVersion *string `json:"spdxVersion,omitempty"` + CreationInfo *CreationInfo `json:"creationInfo,omitempty"` + + // Repo name + Name *string `json:"name,omitempty"` + DataLicense *string `json:"dataLicense,omitempty"` + DocumentDescribes []*string `json:"documentDescribes,omitempty"` + DocumentNamespace *string `json:"documentNamespace,omitempty"` + + // List of packages dependencies + Packages []*RepoDependencies `json:"packages,omitempty"` +} + +func (s Sbom) String() string { + return Stringify(s) +} + +// GetSbom fetches the Software bill of materials for a repository. +// +// GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms +func (s *DependencyGraphService) GetSbom(ctx context.Context, owner string, repo string) (*Sbom, *Response, error) { + u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo) + + req, err := s.client.NewRequest("GET", u, nil) + if err != nil { + return nil, nil, err + } + + var sbom *Sbom + resp, err := s.client.Do(ctx, req, &sbom) + if err != nil { + return nil, resp, err + } + + return sbom, resp, nil +} diff --git a/github/dependency_graph_test.go b/github/dependency_graph_test.go new file mode 100644 index 00000000000..e10d4b59ed7 --- /dev/null +++ b/github/dependency_graph_test.go @@ -0,0 +1,79 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "fmt" + "net/http" + "testing" + "time" + + "github.com/google/go-cmp/cmp" +) + +func TestDependencyGraphService_GetSbom(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/owner/repo/dependency-graph/sbom", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + fmt.Fprint(w, `{ + "sbom":{ + "creationInfo":{ + "created":"2021-09-01T00:00:00Z" + }, + "name":"owner/repo", + "packages":[ + { + "name":"rubygems:rails", + "versionInfo":"1.0.0" + } + ] + } + }`) + }) + + ctx := context.Background() + sbom, _, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + if err != nil { + t.Errorf("DependencyGraph.GetSbom returned error: %v", err) + } + + testTime := time.Date(2021, 9, 1, 0, 0, 0, 0, time.UTC) + want := &Sbom{ + &SbomInfo{ + CreationInfo: &CreationInfo{ + Created: &testTime, + }, + Name: String("owner/repo"), + Packages: []*RepoDependencies{ + { + Name: String("rubygems:rails"), + VersionInfo: String("1.0.0"), + }, + }, + }, + } + + if !cmp.Equal(sbom, want) { + t.Errorf("DependencyGraph.GetSbom returned %+v, want %+v", sbom, want) + } + + const methodName = "GetSbom" + testBadOptions(t, methodName, func() (err error) { + _, _, err = client.DependencyGraph.GetSbom(ctx, "\n", "\n") + return err + }) + + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { + got, resp, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + if got != nil { + t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got) + } + return resp, err + }) +} diff --git a/github/github-accessors.go b/github/github-accessors.go index 3f665ede5cb..92c82e62c2d 100644 --- a/github/github-accessors.go +++ b/github/github-accessors.go @@ -4694,6 +4694,14 @@ func (c *CreateUserProjectOptions) GetBody() string { return *c.Body } +// GetCreated returns the Created field if it's non-nil, zero value otherwise. +func (c *CreationInfo) GetCreated() time.Time { + if c == nil || c.Created == nil { + return time.Time{} + } + return *c.Created +} + // GetAuthorizedCredentialExpiresAt returns the AuthorizedCredentialExpiresAt field if it's non-nil, zero value otherwise. func (c *CredentialAuthorization) GetAuthorizedCredentialExpiresAt() Timestamp { if c == nil || c.AuthorizedCredentialExpiresAt == nil { @@ -17006,6 +17014,62 @@ func (r *RenameOrgResponse) GetURL() string { return *r.URL } +// GetDownloadLocation returns the DownloadLocation field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetDownloadLocation() string { + if r == nil || r.DownloadLocation == nil { + return "" + } + return *r.DownloadLocation +} + +// GetFilesAnalyzed returns the FilesAnalyzed field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetFilesAnalyzed() bool { + if r == nil || r.FilesAnalyzed == nil { + return false + } + return *r.FilesAnalyzed +} + +// GetLicenseConcluded returns the LicenseConcluded field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetLicenseConcluded() string { + if r == nil || r.LicenseConcluded == nil { + return "" + } + return *r.LicenseConcluded +} + +// GetLicenseDeclared returns the LicenseDeclared field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetLicenseDeclared() string { + if r == nil || r.LicenseDeclared == nil { + return "" + } + return *r.LicenseDeclared +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetName() string { + if r == nil || r.Name == nil { + return "" + } + return *r.Name +} + +// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetSpdxid() string { + if r == nil || r.Spdxid == nil { + return "" + } + return *r.Spdxid +} + +// GetVersionInfo returns the VersionInfo field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetVersionInfo() string { + if r == nil || r.VersionInfo == nil { + return "" + } + return *r.VersionInfo +} + // GetBranch returns the Branch field if it's non-nil, zero value otherwise. func (r *RepoMergeUpstreamRequest) GetBranch() string { if r == nil || r.Branch == nil { @@ -19638,6 +19702,62 @@ func (s *SarifID) GetURL() string { return *s.URL } +// GetSbom returns the Sbom field. +func (s *Sbom) GetSbom() *SbomInfo { + if s == nil { + return nil + } + return s.Sbom +} + +// GetCreationInfo returns the CreationInfo field. +func (s *SbomInfo) GetCreationInfo() *CreationInfo { + if s == nil { + return nil + } + return s.CreationInfo +} + +// GetDataLicense returns the DataLicense field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetDataLicense() string { + if s == nil || s.DataLicense == nil { + return "" + } + return *s.DataLicense +} + +// GetDocumentNamespace returns the DocumentNamespace field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetDocumentNamespace() string { + if s == nil || s.DocumentNamespace == nil { + return "" + } + return *s.DocumentNamespace +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetName() string { + if s == nil || s.Name == nil { + return "" + } + return *s.Name +} + +// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetSpdxid() string { + if s == nil || s.Spdxid == nil { + return "" + } + return *s.Spdxid +} + +// GetSpdxVersion returns the SpdxVersion field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetSpdxVersion() string { + if s == nil || s.SpdxVersion == nil { + return "" + } + return *s.SpdxVersion +} + // GetAnalysisKey returns the AnalysisKey field if it's non-nil, zero value otherwise. func (s *ScanningAnalysis) GetAnalysisKey() string { if s == nil || s.AnalysisKey == nil { diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go index 712d8fc94dd..90258fab056 100644 --- a/github/github-accessors_test.go +++ b/github/github-accessors_test.go @@ -5535,6 +5535,16 @@ func TestCreateUserProjectOptions_GetBody(tt *testing.T) { c.GetBody() } +func TestCreationInfo_GetCreated(tt *testing.T) { + var zeroValue time.Time + c := &CreationInfo{Created: &zeroValue} + c.GetCreated() + c = &CreationInfo{} + c.GetCreated() + c = nil + c.GetCreated() +} + func TestCredentialAuthorization_GetAuthorizedCredentialExpiresAt(tt *testing.T) { var zeroValue Timestamp c := &CredentialAuthorization{AuthorizedCredentialExpiresAt: &zeroValue} @@ -19758,6 +19768,76 @@ func TestRenameOrgResponse_GetURL(tt *testing.T) { r.GetURL() } +func TestRepoDependencies_GetDownloadLocation(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{DownloadLocation: &zeroValue} + r.GetDownloadLocation() + r = &RepoDependencies{} + r.GetDownloadLocation() + r = nil + r.GetDownloadLocation() +} + +func TestRepoDependencies_GetFilesAnalyzed(tt *testing.T) { + var zeroValue bool + r := &RepoDependencies{FilesAnalyzed: &zeroValue} + r.GetFilesAnalyzed() + r = &RepoDependencies{} + r.GetFilesAnalyzed() + r = nil + r.GetFilesAnalyzed() +} + +func TestRepoDependencies_GetLicenseConcluded(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{LicenseConcluded: &zeroValue} + r.GetLicenseConcluded() + r = &RepoDependencies{} + r.GetLicenseConcluded() + r = nil + r.GetLicenseConcluded() +} + +func TestRepoDependencies_GetLicenseDeclared(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{LicenseDeclared: &zeroValue} + r.GetLicenseDeclared() + r = &RepoDependencies{} + r.GetLicenseDeclared() + r = nil + r.GetLicenseDeclared() +} + +func TestRepoDependencies_GetName(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{Name: &zeroValue} + r.GetName() + r = &RepoDependencies{} + r.GetName() + r = nil + r.GetName() +} + +func TestRepoDependencies_GetSpdxid(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{Spdxid: &zeroValue} + r.GetSpdxid() + r = &RepoDependencies{} + r.GetSpdxid() + r = nil + r.GetSpdxid() +} + +func TestRepoDependencies_GetVersionInfo(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{VersionInfo: &zeroValue} + r.GetVersionInfo() + r = &RepoDependencies{} + r.GetVersionInfo() + r = nil + r.GetVersionInfo() +} + func TestRepoMergeUpstreamRequest_GetBranch(tt *testing.T) { var zeroValue string r := &RepoMergeUpstreamRequest{Branch: &zeroValue} @@ -22901,6 +22981,70 @@ func TestSarifID_GetURL(tt *testing.T) { s.GetURL() } +func TestSbom_GetSbom(tt *testing.T) { + s := &Sbom{} + s.GetSbom() + s = nil + s.GetSbom() +} + +func TestSbomInfo_GetCreationInfo(tt *testing.T) { + s := &SbomInfo{} + s.GetCreationInfo() + s = nil + s.GetCreationInfo() +} + +func TestSbomInfo_GetDataLicense(tt *testing.T) { + var zeroValue string + s := &SbomInfo{DataLicense: &zeroValue} + s.GetDataLicense() + s = &SbomInfo{} + s.GetDataLicense() + s = nil + s.GetDataLicense() +} + +func TestSbomInfo_GetDocumentNamespace(tt *testing.T) { + var zeroValue string + s := &SbomInfo{DocumentNamespace: &zeroValue} + s.GetDocumentNamespace() + s = &SbomInfo{} + s.GetDocumentNamespace() + s = nil + s.GetDocumentNamespace() +} + +func TestSbomInfo_GetName(tt *testing.T) { + var zeroValue string + s := &SbomInfo{Name: &zeroValue} + s.GetName() + s = &SbomInfo{} + s.GetName() + s = nil + s.GetName() +} + +func TestSbomInfo_GetSpdxid(tt *testing.T) { + var zeroValue string + s := &SbomInfo{Spdxid: &zeroValue} + s.GetSpdxid() + s = &SbomInfo{} + s.GetSpdxid() + s = nil + s.GetSpdxid() +} + +func TestSbomInfo_GetSpdxVersion(tt *testing.T) { + var zeroValue string + s := &SbomInfo{SpdxVersion: &zeroValue} + s.GetSpdxVersion() + s = &SbomInfo{} + s.GetSpdxVersion() + s = nil + s.GetSpdxVersion() +} + func TestScanningAnalysis_GetAnalysisKey(tt *testing.T) { var zeroValue string s := &ScanningAnalysis{AnalysisKey: &zeroValue} diff --git a/github/github-stringify_test.go b/github/github-stringify_test.go index a8a7b6f0b14..b360eb9e6f4 100644 --- a/github/github-stringify_test.go +++ b/github/github-stringify_test.go @@ -1776,6 +1776,16 @@ func TestSSHSigningKey_String(t *testing.T) { } } +func TestSbom_String(t *testing.T) { + v := Sbom{ + Sbom: &SbomInfo{}, + } + want := `github.Sbom{Sbom:github.SbomInfo{}}` + if got := v.String(); got != want { + t.Errorf("Sbom.String = %v, want %v", got, want) + } +} + func TestSecretScanning_String(t *testing.T) { v := SecretScanning{ Status: String(""), diff --git a/github/github.go b/github/github.go index 1b41ffdc0ef..330d47738f0 100644 --- a/github/github.go +++ b/github/github.go @@ -179,36 +179,37 @@ type Client struct { common service // Reuse a single struct instead of allocating one for each service on the heap. // Services used for talking to different parts of the GitHub API. - Actions *ActionsService - Activity *ActivityService - Admin *AdminService - Apps *AppsService - Authorizations *AuthorizationsService - Billing *BillingService - Checks *ChecksService - CodeScanning *CodeScanningService - Codespaces *CodespacesService - Dependabot *DependabotService - Enterprise *EnterpriseService - Gists *GistsService - Git *GitService - Gitignores *GitignoresService - Interactions *InteractionsService - IssueImport *IssueImportService - Issues *IssuesService - Licenses *LicensesService - Marketplace *MarketplaceService - Migrations *MigrationService - Organizations *OrganizationsService - Projects *ProjectsService - PullRequests *PullRequestsService - Reactions *ReactionsService - Repositories *RepositoriesService - SCIM *SCIMService - Search *SearchService - SecretScanning *SecretScanningService - Teams *TeamsService - Users *UsersService + Actions *ActionsService + Activity *ActivityService + Admin *AdminService + Apps *AppsService + Authorizations *AuthorizationsService + Billing *BillingService + Checks *ChecksService + CodeScanning *CodeScanningService + Codespaces *CodespacesService + Dependabot *DependabotService + DependencyGraph *DependencyGraphService + Enterprise *EnterpriseService + Gists *GistsService + Git *GitService + Gitignores *GitignoresService + Interactions *InteractionsService + IssueImport *IssueImportService + Issues *IssuesService + Licenses *LicensesService + Marketplace *MarketplaceService + Migrations *MigrationService + Organizations *OrganizationsService + Projects *ProjectsService + PullRequests *PullRequestsService + Reactions *ReactionsService + Repositories *RepositoriesService + SCIM *SCIMService + Search *SearchService + SecretScanning *SecretScanningService + Teams *TeamsService + Users *UsersService } type service struct { @@ -328,6 +329,7 @@ func NewClient(httpClient *http.Client) *Client { c.CodeScanning = (*CodeScanningService)(&c.common) c.Codespaces = (*CodespacesService)(&c.common) c.Dependabot = (*DependabotService)(&c.common) + c.DependencyGraph = (*DependencyGraphService)(&c.common) c.Enterprise = (*EnterpriseService)(&c.common) c.Gists = (*GistsService)(&c.common) c.Git = (*GitService)(&c.common) From 7de20ac658162c8d4831b1af5faafed124b6da85 Mon Sep 17 00:00:00 2001 From: vandanrohatgi Date: Mon, 14 Aug 2023 09:21:20 +0530 Subject: [PATCH 02/14] Add support for fetching sboms --- github/dependency_graph.go | 79 ++++++++++++++++++ github/dependency_graph_test.go | 79 ++++++++++++++++++ github/github-accessors.go | 120 ++++++++++++++++++++++++++ github/github-accessors_test.go | 144 ++++++++++++++++++++++++++++++++ github/github-stringify_test.go | 10 +++ github/github.go | 62 +++++++------- 6 files changed, 462 insertions(+), 32 deletions(-) create mode 100644 github/dependency_graph.go create mode 100644 github/dependency_graph_test.go diff --git a/github/dependency_graph.go b/github/dependency_graph.go new file mode 100644 index 00000000000..803245e0703 --- /dev/null +++ b/github/dependency_graph.go @@ -0,0 +1,79 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "fmt" + "time" +) + +type DependencyGraphService service + +// Sbom represents software bill of materials, which descibes the +// packages/libraries that a repository depends on. +type Sbom struct { + Sbom *SbomInfo `json:"sbom,omitempty"` +} + +// When was the SBOM created and who created it +type CreationInfo struct { + Created *time.Time `json:"created,omitempty"` + Creators []*string `json:"creators,omitempty"` +} + +type RepoDependencies struct { + Spdxid *string `json:"SPDXID,omitempty"` + // Package name + Name *string `json:"name,omitempty"` + VersionInfo *string `json:"versionInfo,omitempty"` + DownloadLocation *string `json:"downloadLocation,omitempty"` + FilesAnalyzed *bool `json:"filesAnalyzed,omitempty"` + LicenseConcluded *string `json:"licenseConcluded,omitempty"` + LicenseDeclared *string `json:"licenseDeclared,omitempty"` +} + +// SPDX is an open standard for software bill of materials (SBOM) that +// identifies and catalogs components, licenses, copyrights, security +// references, and other metadata relating to software +type SbomInfo struct { + Spdxid *string `json:"SPDXID,omitempty"` + SpdxVersion *string `json:"spdxVersion,omitempty"` + CreationInfo *CreationInfo `json:"creationInfo,omitempty"` + + // Repo name + Name *string `json:"name,omitempty"` + DataLicense *string `json:"dataLicense,omitempty"` + DocumentDescribes []*string `json:"documentDescribes,omitempty"` + DocumentNamespace *string `json:"documentNamespace,omitempty"` + + // List of packages dependencies + Packages []*RepoDependencies `json:"packages,omitempty"` +} + +func (s Sbom) String() string { + return Stringify(s) +} + +// GetSbom fetches the Software bill of materials for a repository. +// +// GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms +func (s *DependencyGraphService) GetSbom(ctx context.Context, owner string, repo string) (*Sbom, *Response, error) { + u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo) + + req, err := s.client.NewRequest("GET", u, nil) + if err != nil { + return nil, nil, err + } + + var sbom *Sbom + resp, err := s.client.Do(ctx, req, &sbom) + if err != nil { + return nil, resp, err + } + + return sbom, resp, nil +} diff --git a/github/dependency_graph_test.go b/github/dependency_graph_test.go new file mode 100644 index 00000000000..e10d4b59ed7 --- /dev/null +++ b/github/dependency_graph_test.go @@ -0,0 +1,79 @@ +// Copyright 2023 The go-github AUTHORS. All rights reserved. +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package github + +import ( + "context" + "fmt" + "net/http" + "testing" + "time" + + "github.com/google/go-cmp/cmp" +) + +func TestDependencyGraphService_GetSbom(t *testing.T) { + client, mux, _, teardown := setup() + defer teardown() + + mux.HandleFunc("/repos/owner/repo/dependency-graph/sbom", func(w http.ResponseWriter, r *http.Request) { + testMethod(t, r, "GET") + fmt.Fprint(w, `{ + "sbom":{ + "creationInfo":{ + "created":"2021-09-01T00:00:00Z" + }, + "name":"owner/repo", + "packages":[ + { + "name":"rubygems:rails", + "versionInfo":"1.0.0" + } + ] + } + }`) + }) + + ctx := context.Background() + sbom, _, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + if err != nil { + t.Errorf("DependencyGraph.GetSbom returned error: %v", err) + } + + testTime := time.Date(2021, 9, 1, 0, 0, 0, 0, time.UTC) + want := &Sbom{ + &SbomInfo{ + CreationInfo: &CreationInfo{ + Created: &testTime, + }, + Name: String("owner/repo"), + Packages: []*RepoDependencies{ + { + Name: String("rubygems:rails"), + VersionInfo: String("1.0.0"), + }, + }, + }, + } + + if !cmp.Equal(sbom, want) { + t.Errorf("DependencyGraph.GetSbom returned %+v, want %+v", sbom, want) + } + + const methodName = "GetSbom" + testBadOptions(t, methodName, func() (err error) { + _, _, err = client.DependencyGraph.GetSbom(ctx, "\n", "\n") + return err + }) + + testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { + got, resp, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + if got != nil { + t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got) + } + return resp, err + }) +} diff --git a/github/github-accessors.go b/github/github-accessors.go index 3f665ede5cb..92c82e62c2d 100644 --- a/github/github-accessors.go +++ b/github/github-accessors.go @@ -4694,6 +4694,14 @@ func (c *CreateUserProjectOptions) GetBody() string { return *c.Body } +// GetCreated returns the Created field if it's non-nil, zero value otherwise. +func (c *CreationInfo) GetCreated() time.Time { + if c == nil || c.Created == nil { + return time.Time{} + } + return *c.Created +} + // GetAuthorizedCredentialExpiresAt returns the AuthorizedCredentialExpiresAt field if it's non-nil, zero value otherwise. func (c *CredentialAuthorization) GetAuthorizedCredentialExpiresAt() Timestamp { if c == nil || c.AuthorizedCredentialExpiresAt == nil { @@ -17006,6 +17014,62 @@ func (r *RenameOrgResponse) GetURL() string { return *r.URL } +// GetDownloadLocation returns the DownloadLocation field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetDownloadLocation() string { + if r == nil || r.DownloadLocation == nil { + return "" + } + return *r.DownloadLocation +} + +// GetFilesAnalyzed returns the FilesAnalyzed field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetFilesAnalyzed() bool { + if r == nil || r.FilesAnalyzed == nil { + return false + } + return *r.FilesAnalyzed +} + +// GetLicenseConcluded returns the LicenseConcluded field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetLicenseConcluded() string { + if r == nil || r.LicenseConcluded == nil { + return "" + } + return *r.LicenseConcluded +} + +// GetLicenseDeclared returns the LicenseDeclared field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetLicenseDeclared() string { + if r == nil || r.LicenseDeclared == nil { + return "" + } + return *r.LicenseDeclared +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetName() string { + if r == nil || r.Name == nil { + return "" + } + return *r.Name +} + +// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetSpdxid() string { + if r == nil || r.Spdxid == nil { + return "" + } + return *r.Spdxid +} + +// GetVersionInfo returns the VersionInfo field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetVersionInfo() string { + if r == nil || r.VersionInfo == nil { + return "" + } + return *r.VersionInfo +} + // GetBranch returns the Branch field if it's non-nil, zero value otherwise. func (r *RepoMergeUpstreamRequest) GetBranch() string { if r == nil || r.Branch == nil { @@ -19638,6 +19702,62 @@ func (s *SarifID) GetURL() string { return *s.URL } +// GetSbom returns the Sbom field. +func (s *Sbom) GetSbom() *SbomInfo { + if s == nil { + return nil + } + return s.Sbom +} + +// GetCreationInfo returns the CreationInfo field. +func (s *SbomInfo) GetCreationInfo() *CreationInfo { + if s == nil { + return nil + } + return s.CreationInfo +} + +// GetDataLicense returns the DataLicense field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetDataLicense() string { + if s == nil || s.DataLicense == nil { + return "" + } + return *s.DataLicense +} + +// GetDocumentNamespace returns the DocumentNamespace field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetDocumentNamespace() string { + if s == nil || s.DocumentNamespace == nil { + return "" + } + return *s.DocumentNamespace +} + +// GetName returns the Name field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetName() string { + if s == nil || s.Name == nil { + return "" + } + return *s.Name +} + +// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetSpdxid() string { + if s == nil || s.Spdxid == nil { + return "" + } + return *s.Spdxid +} + +// GetSpdxVersion returns the SpdxVersion field if it's non-nil, zero value otherwise. +func (s *SbomInfo) GetSpdxVersion() string { + if s == nil || s.SpdxVersion == nil { + return "" + } + return *s.SpdxVersion +} + // GetAnalysisKey returns the AnalysisKey field if it's non-nil, zero value otherwise. func (s *ScanningAnalysis) GetAnalysisKey() string { if s == nil || s.AnalysisKey == nil { diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go index 712d8fc94dd..90258fab056 100644 --- a/github/github-accessors_test.go +++ b/github/github-accessors_test.go @@ -5535,6 +5535,16 @@ func TestCreateUserProjectOptions_GetBody(tt *testing.T) { c.GetBody() } +func TestCreationInfo_GetCreated(tt *testing.T) { + var zeroValue time.Time + c := &CreationInfo{Created: &zeroValue} + c.GetCreated() + c = &CreationInfo{} + c.GetCreated() + c = nil + c.GetCreated() +} + func TestCredentialAuthorization_GetAuthorizedCredentialExpiresAt(tt *testing.T) { var zeroValue Timestamp c := &CredentialAuthorization{AuthorizedCredentialExpiresAt: &zeroValue} @@ -19758,6 +19768,76 @@ func TestRenameOrgResponse_GetURL(tt *testing.T) { r.GetURL() } +func TestRepoDependencies_GetDownloadLocation(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{DownloadLocation: &zeroValue} + r.GetDownloadLocation() + r = &RepoDependencies{} + r.GetDownloadLocation() + r = nil + r.GetDownloadLocation() +} + +func TestRepoDependencies_GetFilesAnalyzed(tt *testing.T) { + var zeroValue bool + r := &RepoDependencies{FilesAnalyzed: &zeroValue} + r.GetFilesAnalyzed() + r = &RepoDependencies{} + r.GetFilesAnalyzed() + r = nil + r.GetFilesAnalyzed() +} + +func TestRepoDependencies_GetLicenseConcluded(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{LicenseConcluded: &zeroValue} + r.GetLicenseConcluded() + r = &RepoDependencies{} + r.GetLicenseConcluded() + r = nil + r.GetLicenseConcluded() +} + +func TestRepoDependencies_GetLicenseDeclared(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{LicenseDeclared: &zeroValue} + r.GetLicenseDeclared() + r = &RepoDependencies{} + r.GetLicenseDeclared() + r = nil + r.GetLicenseDeclared() +} + +func TestRepoDependencies_GetName(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{Name: &zeroValue} + r.GetName() + r = &RepoDependencies{} + r.GetName() + r = nil + r.GetName() +} + +func TestRepoDependencies_GetSpdxid(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{Spdxid: &zeroValue} + r.GetSpdxid() + r = &RepoDependencies{} + r.GetSpdxid() + r = nil + r.GetSpdxid() +} + +func TestRepoDependencies_GetVersionInfo(tt *testing.T) { + var zeroValue string + r := &RepoDependencies{VersionInfo: &zeroValue} + r.GetVersionInfo() + r = &RepoDependencies{} + r.GetVersionInfo() + r = nil + r.GetVersionInfo() +} + func TestRepoMergeUpstreamRequest_GetBranch(tt *testing.T) { var zeroValue string r := &RepoMergeUpstreamRequest{Branch: &zeroValue} @@ -22901,6 +22981,70 @@ func TestSarifID_GetURL(tt *testing.T) { s.GetURL() } +func TestSbom_GetSbom(tt *testing.T) { + s := &Sbom{} + s.GetSbom() + s = nil + s.GetSbom() +} + +func TestSbomInfo_GetCreationInfo(tt *testing.T) { + s := &SbomInfo{} + s.GetCreationInfo() + s = nil + s.GetCreationInfo() +} + +func TestSbomInfo_GetDataLicense(tt *testing.T) { + var zeroValue string + s := &SbomInfo{DataLicense: &zeroValue} + s.GetDataLicense() + s = &SbomInfo{} + s.GetDataLicense() + s = nil + s.GetDataLicense() +} + +func TestSbomInfo_GetDocumentNamespace(tt *testing.T) { + var zeroValue string + s := &SbomInfo{DocumentNamespace: &zeroValue} + s.GetDocumentNamespace() + s = &SbomInfo{} + s.GetDocumentNamespace() + s = nil + s.GetDocumentNamespace() +} + +func TestSbomInfo_GetName(tt *testing.T) { + var zeroValue string + s := &SbomInfo{Name: &zeroValue} + s.GetName() + s = &SbomInfo{} + s.GetName() + s = nil + s.GetName() +} + +func TestSbomInfo_GetSpdxid(tt *testing.T) { + var zeroValue string + s := &SbomInfo{Spdxid: &zeroValue} + s.GetSpdxid() + s = &SbomInfo{} + s.GetSpdxid() + s = nil + s.GetSpdxid() +} + +func TestSbomInfo_GetSpdxVersion(tt *testing.T) { + var zeroValue string + s := &SbomInfo{SpdxVersion: &zeroValue} + s.GetSpdxVersion() + s = &SbomInfo{} + s.GetSpdxVersion() + s = nil + s.GetSpdxVersion() +} + func TestScanningAnalysis_GetAnalysisKey(tt *testing.T) { var zeroValue string s := &ScanningAnalysis{AnalysisKey: &zeroValue} diff --git a/github/github-stringify_test.go b/github/github-stringify_test.go index a8a7b6f0b14..b360eb9e6f4 100644 --- a/github/github-stringify_test.go +++ b/github/github-stringify_test.go @@ -1776,6 +1776,16 @@ func TestSSHSigningKey_String(t *testing.T) { } } +func TestSbom_String(t *testing.T) { + v := Sbom{ + Sbom: &SbomInfo{}, + } + want := `github.Sbom{Sbom:github.SbomInfo{}}` + if got := v.String(); got != want { + t.Errorf("Sbom.String = %v, want %v", got, want) + } +} + func TestSecretScanning_String(t *testing.T) { v := SecretScanning{ Status: String(""), diff --git a/github/github.go b/github/github.go index 799608359be..1b41ffdc0ef 100644 --- a/github/github.go +++ b/github/github.go @@ -179,37 +179,36 @@ type Client struct { common service // Reuse a single struct instead of allocating one for each service on the heap. // Services used for talking to different parts of the GitHub API. - Actions *ActionsService - Activity *ActivityService - Admin *AdminService - Apps *AppsService - Authorizations *AuthorizationsService - Billing *BillingService - Checks *ChecksService - CodeScanning *CodeScanningService - Codespaces *CodespacesService - Dependabot *DependabotService - Enterprise *EnterpriseService - Gists *GistsService - Git *GitService - Gitignores *GitignoresService - Interactions *InteractionsService - IssueImport *IssueImportService - Issues *IssuesService - Licenses *LicensesService - Marketplace *MarketplaceService - Migrations *MigrationService - Organizations *OrganizationsService - Projects *ProjectsService - PullRequests *PullRequestsService - Reactions *ReactionsService - Repositories *RepositoriesService - SCIM *SCIMService - Search *SearchService - SecretScanning *SecretScanningService - SecurityAdvisories *SecurityAdvisoriesService - Teams *TeamsService - Users *UsersService + Actions *ActionsService + Activity *ActivityService + Admin *AdminService + Apps *AppsService + Authorizations *AuthorizationsService + Billing *BillingService + Checks *ChecksService + CodeScanning *CodeScanningService + Codespaces *CodespacesService + Dependabot *DependabotService + Enterprise *EnterpriseService + Gists *GistsService + Git *GitService + Gitignores *GitignoresService + Interactions *InteractionsService + IssueImport *IssueImportService + Issues *IssuesService + Licenses *LicensesService + Marketplace *MarketplaceService + Migrations *MigrationService + Organizations *OrganizationsService + Projects *ProjectsService + PullRequests *PullRequestsService + Reactions *ReactionsService + Repositories *RepositoriesService + SCIM *SCIMService + Search *SearchService + SecretScanning *SecretScanningService + Teams *TeamsService + Users *UsersService } type service struct { @@ -347,7 +346,6 @@ func NewClient(httpClient *http.Client) *Client { c.SCIM = (*SCIMService)(&c.common) c.Search = (*SearchService)(&c.common) c.SecretScanning = (*SecretScanningService)(&c.common) - c.SecurityAdvisories = (*SecurityAdvisoriesService)(&c.common) c.Teams = (*TeamsService)(&c.common) c.Users = (*UsersService)(&c.common) return c From 57e5ce1acbbb7101fcba169029e02d1644cf1541 Mon Sep 17 00:00:00 2001 From: vandanrohatgi Date: Mon, 14 Aug 2023 09:21:20 +0530 Subject: [PATCH 03/14] Add support for fetching sboms --- github/github.go | 62 +++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/github/github.go b/github/github.go index 1b41ffdc0ef..330d47738f0 100644 --- a/github/github.go +++ b/github/github.go @@ -179,36 +179,37 @@ type Client struct { common service // Reuse a single struct instead of allocating one for each service on the heap. // Services used for talking to different parts of the GitHub API. - Actions *ActionsService - Activity *ActivityService - Admin *AdminService - Apps *AppsService - Authorizations *AuthorizationsService - Billing *BillingService - Checks *ChecksService - CodeScanning *CodeScanningService - Codespaces *CodespacesService - Dependabot *DependabotService - Enterprise *EnterpriseService - Gists *GistsService - Git *GitService - Gitignores *GitignoresService - Interactions *InteractionsService - IssueImport *IssueImportService - Issues *IssuesService - Licenses *LicensesService - Marketplace *MarketplaceService - Migrations *MigrationService - Organizations *OrganizationsService - Projects *ProjectsService - PullRequests *PullRequestsService - Reactions *ReactionsService - Repositories *RepositoriesService - SCIM *SCIMService - Search *SearchService - SecretScanning *SecretScanningService - Teams *TeamsService - Users *UsersService + Actions *ActionsService + Activity *ActivityService + Admin *AdminService + Apps *AppsService + Authorizations *AuthorizationsService + Billing *BillingService + Checks *ChecksService + CodeScanning *CodeScanningService + Codespaces *CodespacesService + Dependabot *DependabotService + DependencyGraph *DependencyGraphService + Enterprise *EnterpriseService + Gists *GistsService + Git *GitService + Gitignores *GitignoresService + Interactions *InteractionsService + IssueImport *IssueImportService + Issues *IssuesService + Licenses *LicensesService + Marketplace *MarketplaceService + Migrations *MigrationService + Organizations *OrganizationsService + Projects *ProjectsService + PullRequests *PullRequestsService + Reactions *ReactionsService + Repositories *RepositoriesService + SCIM *SCIMService + Search *SearchService + SecretScanning *SecretScanningService + Teams *TeamsService + Users *UsersService } type service struct { @@ -328,6 +329,7 @@ func NewClient(httpClient *http.Client) *Client { c.CodeScanning = (*CodeScanningService)(&c.common) c.Codespaces = (*CodespacesService)(&c.common) c.Dependabot = (*DependabotService)(&c.common) + c.DependencyGraph = (*DependencyGraphService)(&c.common) c.Enterprise = (*EnterpriseService)(&c.common) c.Gists = (*GistsService)(&c.common) c.Git = (*GitService)(&c.common) From 1157290bc5e3679a6d851263aaa25f4016d8996c Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:28:02 +0530 Subject: [PATCH 04/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 803245e0703..21573f894ca 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -19,7 +19,7 @@ type Sbom struct { Sbom *SbomInfo `json:"sbom,omitempty"` } -// When was the SBOM created and who created it +// CreationInfo represents when the SBOM created and who created it. type CreationInfo struct { Created *time.Time `json:"created,omitempty"` Creators []*string `json:"creators,omitempty"` From 4d1aff4e30f77af816467661cd2f2aa5df91d9aa Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:28:30 +0530 Subject: [PATCH 05/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 1 + 1 file changed, 1 insertion(+) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 21573f894ca..35582e2ada7 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -25,6 +25,7 @@ type CreationInfo struct { Creators []*string `json:"creators,omitempty"` } +// RepoDependencies represents the dependencies of a repo. type RepoDependencies struct { Spdxid *string `json:"SPDXID,omitempty"` // Package name From 06ddb1c9dffd57e2edf97dab7d6be64eb2c9a38e Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:29:11 +0530 Subject: [PATCH 06/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 35582e2ada7..f0d6a24b455 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -27,7 +27,7 @@ type CreationInfo struct { // RepoDependencies represents the dependencies of a repo. type RepoDependencies struct { - Spdxid *string `json:"SPDXID,omitempty"` + SPDXID *string `json:"SPDXID,omitempty"` // Package name Name *string `json:"name,omitempty"` VersionInfo *string `json:"versionInfo,omitempty"` From 5e93a142cb59bb6666e2c3da0e5cef8c754c17c1 Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:29:30 +0530 Subject: [PATCH 07/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index f0d6a24b455..81b912f53be 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -62,7 +62,7 @@ func (s Sbom) String() string { // GetSbom fetches the Software bill of materials for a repository. // // GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms -func (s *DependencyGraphService) GetSbom(ctx context.Context, owner string, repo string) (*Sbom, *Response, error) { +func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) { u := fmt.Sprintf("repos/%v/%v/dependency-graph/sbom", owner, repo) req, err := s.client.NewRequest("GET", u, nil) From f9225cdc1d14c036e619b0d9f633c7633c6ebeb5 Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:30:10 +0530 Subject: [PATCH 08/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 81b912f53be..97eecb00c2b 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -16,7 +16,7 @@ type DependencyGraphService service // Sbom represents software bill of materials, which descibes the // packages/libraries that a repository depends on. type Sbom struct { - Sbom *SbomInfo `json:"sbom,omitempty"` + SBOM *SBOMInfo `json:"sbom,omitempty"` } // CreationInfo represents when the SBOM created and who created it. From a294cffe5ccc13a265e1c38f901042d6799981a2 Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:30:34 +0530 Subject: [PATCH 09/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 97eecb00c2b..ca7f343edf8 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -70,7 +70,7 @@ func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string return nil, nil, err } - var sbom *Sbom + var sbom *SBOM resp, err := s.client.Do(ctx, req, &sbom) if err != nil { return nil, resp, err From ee3ea275be1e314afba554e8536e0fe3f0c9795e Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:31:17 +0530 Subject: [PATCH 10/14] Update github/dependency_graph.go Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index ca7f343edf8..bd0e18bd42f 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -37,10 +37,11 @@ type RepoDependencies struct { LicenseDeclared *string `json:"licenseDeclared,omitempty"` } -// SPDX is an open standard for software bill of materials (SBOM) that +// SBOMInfo represents a software bill of materials (SBOM) using SPDX. +// SPDX is an open standard for SBOMs that // identifies and catalogs components, licenses, copyrights, security -// references, and other metadata relating to software -type SbomInfo struct { +// references, and other metadata relating to software. +type SBOMInfo struct { Spdxid *string `json:"SPDXID,omitempty"` SpdxVersion *string `json:"spdxVersion,omitempty"` CreationInfo *CreationInfo `json:"creationInfo,omitempty"` From f7e6243ca5e4e1cf94cc72d2e0ae67d5b794f77a Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:33:17 +0530 Subject: [PATCH 11/14] Apply suggestions from code review Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index bd0e18bd42f..1af8fc31628 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -42,14 +42,14 @@ type RepoDependencies struct { // identifies and catalogs components, licenses, copyrights, security // references, and other metadata relating to software. type SBOMInfo struct { - Spdxid *string `json:"SPDXID,omitempty"` - SpdxVersion *string `json:"spdxVersion,omitempty"` + SPDXID *string `json:"SPDXID,omitempty"` + SPDXVersion *string `json:"spdxVersion,omitempty"` CreationInfo *CreationInfo `json:"creationInfo,omitempty"` // Repo name Name *string `json:"name,omitempty"` DataLicense *string `json:"dataLicense,omitempty"` - DocumentDescribes []*string `json:"documentDescribes,omitempty"` + DocumentDescribes []string `json:"documentDescribes,omitempty"` DocumentNamespace *string `json:"documentNamespace,omitempty"` // List of packages dependencies @@ -60,7 +60,7 @@ func (s Sbom) String() string { return Stringify(s) } -// GetSbom fetches the Software bill of materials for a repository. +// GetSBOM fetches the software bill of materials for a repository. // // GitHub API docs: https://docs.github.com/en/rest/dependency-graph/sboms func (s *DependencyGraphService) GetSBOM(ctx context.Context, owner, repo string) (*SBOM, *Response, error) { From 7c083bda689ed6818d7e2bd5deed5e1ce87c7261 Mon Sep 17 00:00:00 2001 From: vandanrohatgi Date: Mon, 14 Aug 2023 20:06:01 +0530 Subject: [PATCH 12/14] Fix PR reviews --- github/dependency_graph.go | 17 ++++----- github/dependency_graph_test.go | 20 +++++----- github/github-accessors.go | 42 ++++++++++----------- github/github-accessors_test.go | 66 ++++++++++++++++----------------- github/github-stringify_test.go | 20 +++++----- github/github.go | 64 ++++++++++++++++---------------- 6 files changed, 115 insertions(+), 114 deletions(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 1af8fc31628..d3263a79486 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -8,21 +8,20 @@ package github import ( "context" "fmt" - "time" ) type DependencyGraphService service -// Sbom represents software bill of materials, which descibes the +// SBOM represents software bill of materials, which descibes the // packages/libraries that a repository depends on. -type Sbom struct { +type SBOM struct { SBOM *SBOMInfo `json:"sbom,omitempty"` } // CreationInfo represents when the SBOM created and who created it. type CreationInfo struct { - Created *time.Time `json:"created,omitempty"` - Creators []*string `json:"creators,omitempty"` + Created *Timestamp `json:"created,omitempty"` + Creators []string `json:"creators,omitempty"` } // RepoDependencies represents the dependencies of a repo. @@ -47,16 +46,16 @@ type SBOMInfo struct { CreationInfo *CreationInfo `json:"creationInfo,omitempty"` // Repo name - Name *string `json:"name,omitempty"` - DataLicense *string `json:"dataLicense,omitempty"` + Name *string `json:"name,omitempty"` + DataLicense *string `json:"dataLicense,omitempty"` DocumentDescribes []string `json:"documentDescribes,omitempty"` - DocumentNamespace *string `json:"documentNamespace,omitempty"` + DocumentNamespace *string `json:"documentNamespace,omitempty"` // List of packages dependencies Packages []*RepoDependencies `json:"packages,omitempty"` } -func (s Sbom) String() string { +func (s SBOM) String() string { return Stringify(s) } diff --git a/github/dependency_graph_test.go b/github/dependency_graph_test.go index e10d4b59ed7..73cf07f7161 100644 --- a/github/dependency_graph_test.go +++ b/github/dependency_graph_test.go @@ -15,7 +15,7 @@ import ( "github.com/google/go-cmp/cmp" ) -func TestDependencyGraphService_GetSbom(t *testing.T) { +func TestDependencyGraphService_GetSBOM(t *testing.T) { client, mux, _, teardown := setup() defer teardown() @@ -38,16 +38,16 @@ func TestDependencyGraphService_GetSbom(t *testing.T) { }) ctx := context.Background() - sbom, _, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + sbom, _, err := client.DependencyGraph.GetSBOM(ctx, "owner", "repo") if err != nil { - t.Errorf("DependencyGraph.GetSbom returned error: %v", err) + t.Errorf("DependencyGraph.GetSBOM returned error: %v", err) } testTime := time.Date(2021, 9, 1, 0, 0, 0, 0, time.UTC) - want := &Sbom{ - &SbomInfo{ + want := &SBOM{ + &SBOMInfo{ CreationInfo: &CreationInfo{ - Created: &testTime, + Created: &Timestamp{testTime}, }, Name: String("owner/repo"), Packages: []*RepoDependencies{ @@ -60,17 +60,17 @@ func TestDependencyGraphService_GetSbom(t *testing.T) { } if !cmp.Equal(sbom, want) { - t.Errorf("DependencyGraph.GetSbom returned %+v, want %+v", sbom, want) + t.Errorf("DependencyGraph.GetSBOM returned %+v, want %+v", sbom, want) } - const methodName = "GetSbom" + const methodName = "GetSBOM" testBadOptions(t, methodName, func() (err error) { - _, _, err = client.DependencyGraph.GetSbom(ctx, "\n", "\n") + _, _, err = client.DependencyGraph.GetSBOM(ctx, "\n", "\n") return err }) testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) { - got, resp, err := client.DependencyGraph.GetSbom(ctx, "owner", "repo") + got, resp, err := client.DependencyGraph.GetSBOM(ctx, "owner", "repo") if got != nil { t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got) } diff --git a/github/github-accessors.go b/github/github-accessors.go index 92c82e62c2d..dfcd22d53f0 100644 --- a/github/github-accessors.go +++ b/github/github-accessors.go @@ -4695,9 +4695,9 @@ func (c *CreateUserProjectOptions) GetBody() string { } // GetCreated returns the Created field if it's non-nil, zero value otherwise. -func (c *CreationInfo) GetCreated() time.Time { +func (c *CreationInfo) GetCreated() Timestamp { if c == nil || c.Created == nil { - return time.Time{} + return Timestamp{} } return *c.Created } @@ -17054,12 +17054,12 @@ func (r *RepoDependencies) GetName() string { return *r.Name } -// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. -func (r *RepoDependencies) GetSpdxid() string { - if r == nil || r.Spdxid == nil { +// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise. +func (r *RepoDependencies) GetSPDXID() string { + if r == nil || r.SPDXID == nil { return "" } - return *r.Spdxid + return *r.SPDXID } // GetVersionInfo returns the VersionInfo field if it's non-nil, zero value otherwise. @@ -19702,16 +19702,16 @@ func (s *SarifID) GetURL() string { return *s.URL } -// GetSbom returns the Sbom field. -func (s *Sbom) GetSbom() *SbomInfo { +// GetSBOM returns the SBOM field. +func (s *SBOM) GetSBOM() *SBOMInfo { if s == nil { return nil } - return s.Sbom + return s.SBOM } // GetCreationInfo returns the CreationInfo field. -func (s *SbomInfo) GetCreationInfo() *CreationInfo { +func (s *SBOMInfo) GetCreationInfo() *CreationInfo { if s == nil { return nil } @@ -19719,7 +19719,7 @@ func (s *SbomInfo) GetCreationInfo() *CreationInfo { } // GetDataLicense returns the DataLicense field if it's non-nil, zero value otherwise. -func (s *SbomInfo) GetDataLicense() string { +func (s *SBOMInfo) GetDataLicense() string { if s == nil || s.DataLicense == nil { return "" } @@ -19727,7 +19727,7 @@ func (s *SbomInfo) GetDataLicense() string { } // GetDocumentNamespace returns the DocumentNamespace field if it's non-nil, zero value otherwise. -func (s *SbomInfo) GetDocumentNamespace() string { +func (s *SBOMInfo) GetDocumentNamespace() string { if s == nil || s.DocumentNamespace == nil { return "" } @@ -19735,27 +19735,27 @@ func (s *SbomInfo) GetDocumentNamespace() string { } // GetName returns the Name field if it's non-nil, zero value otherwise. -func (s *SbomInfo) GetName() string { +func (s *SBOMInfo) GetName() string { if s == nil || s.Name == nil { return "" } return *s.Name } -// GetSpdxid returns the Spdxid field if it's non-nil, zero value otherwise. -func (s *SbomInfo) GetSpdxid() string { - if s == nil || s.Spdxid == nil { +// GetSPDXID returns the SPDXID field if it's non-nil, zero value otherwise. +func (s *SBOMInfo) GetSPDXID() string { + if s == nil || s.SPDXID == nil { return "" } - return *s.Spdxid + return *s.SPDXID } -// GetSpdxVersion returns the SpdxVersion field if it's non-nil, zero value otherwise. -func (s *SbomInfo) GetSpdxVersion() string { - if s == nil || s.SpdxVersion == nil { +// GetSPDXVersion returns the SPDXVersion field if it's non-nil, zero value otherwise. +func (s *SBOMInfo) GetSPDXVersion() string { + if s == nil || s.SPDXVersion == nil { return "" } - return *s.SpdxVersion + return *s.SPDXVersion } // GetAnalysisKey returns the AnalysisKey field if it's non-nil, zero value otherwise. diff --git a/github/github-accessors_test.go b/github/github-accessors_test.go index 90258fab056..650b820cadf 100644 --- a/github/github-accessors_test.go +++ b/github/github-accessors_test.go @@ -5536,7 +5536,7 @@ func TestCreateUserProjectOptions_GetBody(tt *testing.T) { } func TestCreationInfo_GetCreated(tt *testing.T) { - var zeroValue time.Time + var zeroValue Timestamp c := &CreationInfo{Created: &zeroValue} c.GetCreated() c = &CreationInfo{} @@ -19818,14 +19818,14 @@ func TestRepoDependencies_GetName(tt *testing.T) { r.GetName() } -func TestRepoDependencies_GetSpdxid(tt *testing.T) { +func TestRepoDependencies_GetSPDXID(tt *testing.T) { var zeroValue string - r := &RepoDependencies{Spdxid: &zeroValue} - r.GetSpdxid() + r := &RepoDependencies{SPDXID: &zeroValue} + r.GetSPDXID() r = &RepoDependencies{} - r.GetSpdxid() + r.GetSPDXID() r = nil - r.GetSpdxid() + r.GetSPDXID() } func TestRepoDependencies_GetVersionInfo(tt *testing.T) { @@ -22981,68 +22981,68 @@ func TestSarifID_GetURL(tt *testing.T) { s.GetURL() } -func TestSbom_GetSbom(tt *testing.T) { - s := &Sbom{} - s.GetSbom() +func TestSBOM_GetSBOM(tt *testing.T) { + s := &SBOM{} + s.GetSBOM() s = nil - s.GetSbom() + s.GetSBOM() } -func TestSbomInfo_GetCreationInfo(tt *testing.T) { - s := &SbomInfo{} +func TestSBOMInfo_GetCreationInfo(tt *testing.T) { + s := &SBOMInfo{} s.GetCreationInfo() s = nil s.GetCreationInfo() } -func TestSbomInfo_GetDataLicense(tt *testing.T) { +func TestSBOMInfo_GetDataLicense(tt *testing.T) { var zeroValue string - s := &SbomInfo{DataLicense: &zeroValue} + s := &SBOMInfo{DataLicense: &zeroValue} s.GetDataLicense() - s = &SbomInfo{} + s = &SBOMInfo{} s.GetDataLicense() s = nil s.GetDataLicense() } -func TestSbomInfo_GetDocumentNamespace(tt *testing.T) { +func TestSBOMInfo_GetDocumentNamespace(tt *testing.T) { var zeroValue string - s := &SbomInfo{DocumentNamespace: &zeroValue} + s := &SBOMInfo{DocumentNamespace: &zeroValue} s.GetDocumentNamespace() - s = &SbomInfo{} + s = &SBOMInfo{} s.GetDocumentNamespace() s = nil s.GetDocumentNamespace() } -func TestSbomInfo_GetName(tt *testing.T) { +func TestSBOMInfo_GetName(tt *testing.T) { var zeroValue string - s := &SbomInfo{Name: &zeroValue} + s := &SBOMInfo{Name: &zeroValue} s.GetName() - s = &SbomInfo{} + s = &SBOMInfo{} s.GetName() s = nil s.GetName() } -func TestSbomInfo_GetSpdxid(tt *testing.T) { +func TestSBOMInfo_GetSPDXID(tt *testing.T) { var zeroValue string - s := &SbomInfo{Spdxid: &zeroValue} - s.GetSpdxid() - s = &SbomInfo{} - s.GetSpdxid() + s := &SBOMInfo{SPDXID: &zeroValue} + s.GetSPDXID() + s = &SBOMInfo{} + s.GetSPDXID() s = nil - s.GetSpdxid() + s.GetSPDXID() } -func TestSbomInfo_GetSpdxVersion(tt *testing.T) { +func TestSBOMInfo_GetSPDXVersion(tt *testing.T) { var zeroValue string - s := &SbomInfo{SpdxVersion: &zeroValue} - s.GetSpdxVersion() - s = &SbomInfo{} - s.GetSpdxVersion() + s := &SBOMInfo{SPDXVersion: &zeroValue} + s.GetSPDXVersion() + s = &SBOMInfo{} + s.GetSPDXVersion() s = nil - s.GetSpdxVersion() + s.GetSPDXVersion() } func TestScanningAnalysis_GetAnalysisKey(tt *testing.T) { diff --git a/github/github-stringify_test.go b/github/github-stringify_test.go index b360eb9e6f4..925e4563c0e 100644 --- a/github/github-stringify_test.go +++ b/github/github-stringify_test.go @@ -1763,6 +1763,16 @@ func TestRepositoryRelease_String(t *testing.T) { } } +func TestSBOM_String(t *testing.T) { + v := SBOM{ + SBOM: &SBOMInfo{}, + } + want := `github.SBOM{SBOM:github.SBOMInfo{}}` + if got := v.String(); got != want { + t.Errorf("SBOM.String = %v, want %v", got, want) + } +} + func TestSSHSigningKey_String(t *testing.T) { v := SSHSigningKey{ ID: Int64(0), @@ -1776,16 +1786,6 @@ func TestSSHSigningKey_String(t *testing.T) { } } -func TestSbom_String(t *testing.T) { - v := Sbom{ - Sbom: &SbomInfo{}, - } - want := `github.Sbom{Sbom:github.SbomInfo{}}` - if got := v.String(); got != want { - t.Errorf("Sbom.String = %v, want %v", got, want) - } -} - func TestSecretScanning_String(t *testing.T) { v := SecretScanning{ Status: String(""), diff --git a/github/github.go b/github/github.go index 330d47738f0..e0e21363f8e 100644 --- a/github/github.go +++ b/github/github.go @@ -179,37 +179,38 @@ type Client struct { common service // Reuse a single struct instead of allocating one for each service on the heap. // Services used for talking to different parts of the GitHub API. - Actions *ActionsService - Activity *ActivityService - Admin *AdminService - Apps *AppsService - Authorizations *AuthorizationsService - Billing *BillingService - Checks *ChecksService - CodeScanning *CodeScanningService - Codespaces *CodespacesService - Dependabot *DependabotService - DependencyGraph *DependencyGraphService - Enterprise *EnterpriseService - Gists *GistsService - Git *GitService - Gitignores *GitignoresService - Interactions *InteractionsService - IssueImport *IssueImportService - Issues *IssuesService - Licenses *LicensesService - Marketplace *MarketplaceService - Migrations *MigrationService - Organizations *OrganizationsService - Projects *ProjectsService - PullRequests *PullRequestsService - Reactions *ReactionsService - Repositories *RepositoriesService - SCIM *SCIMService - Search *SearchService - SecretScanning *SecretScanningService - Teams *TeamsService - Users *UsersService + Actions *ActionsService + Activity *ActivityService + Admin *AdminService + Apps *AppsService + Authorizations *AuthorizationsService + Billing *BillingService + Checks *ChecksService + CodeScanning *CodeScanningService + Codespaces *CodespacesService + Dependabot *DependabotService + DependencyGraph *DependencyGraphService + Enterprise *EnterpriseService + Gists *GistsService + Git *GitService + Gitignores *GitignoresService + Interactions *InteractionsService + IssueImport *IssueImportService + Issues *IssuesService + Licenses *LicensesService + Marketplace *MarketplaceService + Migrations *MigrationService + Organizations *OrganizationsService + Projects *ProjectsService + PullRequests *PullRequestsService + Reactions *ReactionsService + Repositories *RepositoriesService + SCIM *SCIMService + Search *SearchService + SecretScanning *SecretScanningService + SecurityAdvisories *SecurityAdvisoriesService + Teams *TeamsService + Users *UsersService } type service struct { @@ -348,6 +349,7 @@ func NewClient(httpClient *http.Client) *Client { c.SCIM = (*SCIMService)(&c.common) c.Search = (*SearchService)(&c.common) c.SecretScanning = (*SecretScanningService)(&c.common) + c.SecurityAdvisories = (*SecurityAdvisoriesService)(&c.common) c.Teams = (*TeamsService)(&c.common) c.Users = (*UsersService)(&c.common) return c From 024b4a388272fa009044302cf7e9d6c99f97cae7 Mon Sep 17 00:00:00 2001 From: vandan rohatgi <43648786+vandanrohatgi@users.noreply.github.com> Date: Tue, 15 Aug 2023 18:38:03 +0530 Subject: [PATCH 13/14] Apply suggestions from code review Co-authored-by: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> --- github/dependency_graph.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index d3263a79486..31ac2c091e2 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -12,13 +12,13 @@ import ( type DependencyGraphService service -// SBOM represents software bill of materials, which descibes the +// SBOM represents a software bill of materials, which descibes the // packages/libraries that a repository depends on. type SBOM struct { SBOM *SBOMInfo `json:"sbom,omitempty"` } -// CreationInfo represents when the SBOM created and who created it. +// CreationInfo represents when the SBOM was created and who created it. type CreationInfo struct { Created *Timestamp `json:"created,omitempty"` Creators []string `json:"creators,omitempty"` From c48702b14e9a91b688e870e98421c3507e52900d Mon Sep 17 00:00:00 2001 From: Glenn Lewis <6598971+gmlewis@users.noreply.github.com> Date: Wed, 16 Aug 2023 13:05:01 -0400 Subject: [PATCH 14/14] Update github/dependency_graph.go Co-authored-by: Parker77 <20973702+Parker77@users.noreply.github.com> --- github/dependency_graph.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github/dependency_graph.go b/github/dependency_graph.go index 31ac2c091e2..e578965cc12 100644 --- a/github/dependency_graph.go +++ b/github/dependency_graph.go @@ -12,7 +12,7 @@ import ( type DependencyGraphService service -// SBOM represents a software bill of materials, which descibes the +// SBOM represents a software bill of materials, which describes the // packages/libraries that a repository depends on. type SBOM struct { SBOM *SBOMInfo `json:"sbom,omitempty"`