guacsec · nathannaveen · Jul 12, 2024 · Jul 16, 2024 · Jul 16, 2024 · Jul 17, 2024
diff --git a/internal/testing/backend/main_test.go b/internal/testing/backend/main_test.go
@@ -96,9 +96,9 @@ var skipMatrix = map[string]map[string]bool{
 	"TestVEXBulkIngest": {arango: true, redis: true},
 	"TestFindSoftware":  {redis: true, arango: true},
 	// remove these once its implemented for the other backends
-	"TestDeleteCertifyVuln":        {arango: true, memmap: true, redis: true, tikv: true},
-	"TestDeleteHasSBOM":            {arango: true, memmap: true, redis: true, tikv: true},
-	"TestDeleteHasSLSAs":           {arango: true, memmap: true, redis: true, tikv: true},
+	"TestDeleteCertifyVuln":        {arango: true},
+	"TestDeleteHasSBOM":            {arango: true},
+	"TestDeleteHasSLSAs":           {arango: true},
 	"TestQueryPackagesListForScan": {arango: true, redis: true, tikv: true},
 }
 

diff --git a/internal/testing/stablememmap/stablememmap.go b/internal/testing/stablememmap/stablememmap.go
@@ -42,6 +42,10 @@ func (s *store) Set(ctx context.Context, c, k string, v any) error {
 	return s.mm.Set(ctx, c, k, v)
 }
 
+func (s *store) Remove(ctx context.Context, c, k string) error {
+	return s.mm.Remove(ctx, c, k)
+}
+
 func (s *store) Keys(c string) kv.Scanner {
 	return &scanner{mms: s.mm.Keys(c)}
 }

@@ -61,6 +61,55 @@ func (n *certifyVulnerabilityLink) Key() string {
 	}, ":"))
 }
 
+// Helper function to remove vulnerability links. This works by setting all the links expect the specified linkID.
+func (c *demoClient) removeLinks(ctx context.Context, linkID string, links []string, col string, id string) error {
+	var newLinks []string
+	for _, id := range links {
+		if id != linkID {
+			newLinks = append(newLinks, id)
+		}
+	}
+
+	// Update the entity in the KeyValue store
+	return c.kv.Set(ctx, col, id, newLinks)
+}
+
+// DeleteCertifyVuln deletes a specified certifyVuln node along with all associated relationships.
+func (c *demoClient) DeleteCertifyVuln(ctx context.Context, id string) (bool, error) {
+	// Retrieve the certifyVulnerabilityLink by ID
+	link, err := byIDkv[*certifyVulnerabilityLink](ctx, id, c)
+	if err != nil {
+		if errors.Is(err, kv.NotFoundError) {
+			return false, nil // Not found, nothing to delete
+		}
+		return false, gqlerror.Errorf("failed to retrieve certifyVulnerabilityLink by ID: %v", err)
+	}
+
+	// Remove backlinks from associated package and vulnerability
+	foundPackage, err := c.returnFoundPkgVersion(ctx, &model.IDorPkgInput{PackageVersionID: &link.PackageID})
+	if err != nil {
+		return false, gqlerror.Errorf("failed to retrieve package version: %v", err)
+	}
+	if err := c.removeLinks(ctx, link.ThisID, foundPackage.CertifyVulnLinks, "packages", foundPackage.ID()); err != nil {
+		return false, gqlerror.Errorf("failed to remove package backlinks: %v", err)
+	}
+
+	foundVulnNode, err := c.returnFoundVulnerability(ctx, &model.IDorVulnerabilityInput{VulnerabilityNodeID: &link.VulnerabilityID})
+	if err != nil {
+		return false, gqlerror.Errorf("failed to retrieve vulnerability node: %v", err)
+	}
+	if err := c.removeLinks(ctx, link.ThisID, foundVulnNode.CertifyVulnLinks, "vulnerabilities", foundVulnNode.ID()); err != nil {
+		return false, gqlerror.Errorf("failed to remove vulnerability backlinks: %v", err)
+	}
+
+	// Delete the link from the KeyValue store
+	if err := c.kv.Remove(ctx, cVulnCol, link.Key()); err != nil {
+		return false, gqlerror.Errorf("failed to remove certifyVuln link from KeyValue store: %v", err)
+	}
+
+	return true, nil
+}
+
 func (n *certifyVulnerabilityLink) Neighbors(allowedEdges edgeMap) []string {
 	out := make([]string, 0, 2)
 	if allowedEdges[model.EdgeCertifyVulnPackage] {

@@ -67,6 +67,59 @@ func (n *hasSBOMStruct) Key() string {
 	}, ":"))
 }
 
+// DeleteHasSBOM deletes a specified hasSBOM node along with all associated relationships.
+func (c *demoClient) DeleteHasSBOM(ctx context.Context, id string) (bool, error) {
+
+	// Retrieve the hasSBOM link by ID
+	link, err := byIDkv[*hasSBOMStruct](ctx, id, c)
+	if err != nil {
+		if errors.Is(err, kv.NotFoundError) {
+			return false, nil // Not found, nothing to delete
+		}
+		return false, gqlerror.Errorf("failed to retrieve hasSBOM link by ID: %v", err)
+	}
+
+	// Delete associated isDependency nodes
+	for _, depID := range link.IncludedDependencies {
+		if err := c.kv.Remove(ctx, "dependencies", depID); !errors.Is(err, kv.NotFoundError) {
+			return false, gqlerror.Errorf("failed to remove dependency node with ID %s: %v", depID, err)
+		}
+	}
+
+	// Delete associated isOccurrence nodes
+	for _, occurID := range link.IncludedOccurrences {
+		if err := c.kv.Remove(ctx, "occurrences", occurID); !errors.Is(err, kv.NotFoundError) {
+			return false, gqlerror.Errorf("failed to remove occurrence node with ID %s: %v", occurID, err)
+		}
+	}
+
+	// Remove backlinks from associated package or artifact
+	if link.Pkg != "" {
+		foundPkg, err := c.returnFoundPkgVersion(ctx, &model.IDorPkgInput{PackageVersionID: &link.Pkg})
+		if err != nil {
+			return false, gqlerror.Errorf("failed to retrieve package version: %v", err)
+		}
+		if err := c.removeLinks(ctx, link.ThisID, foundPkg.HasSBOMs, "packages", foundPkg.ID()); err != nil {
+			return false, gqlerror.Errorf("failed to remove package backlinks: %v", err)
+		}
+	} else if link.Artifact != "" {
+		foundArtifact, err := c.returnFoundArtifact(ctx, &model.IDorArtifactInput{ArtifactID: &link.Artifact})
+		if err != nil {
+			return false, gqlerror.Errorf("failed to retrieve artifact: %v", err)
+		}
+		if err := c.removeLinks(ctx, link.ThisID, foundArtifact.HasSBOMs, "artifacts", foundArtifact.ID()); err != nil {
+			return false, gqlerror.Errorf("failed to remove artifact backlinks: %v", err)
+		}
+	}
+
+	// Delete the hasSBOM link from the KeyValue store
+	if err := c.kv.Remove(ctx, hasSBOMCol, link.Key()); err != nil {
+		return false, gqlerror.Errorf("failed to remove hasSBOM link from KeyValue store: %v", err)
+	}
+
+	return true, nil
+}
+
 func (n *hasSBOMStruct) Neighbors(allowedEdges edgeMap) []string {
 	var out []string
 	if n.Pkg != "" && allowedEdges[model.EdgeHasSbomPackage] {

@@ -72,6 +72,55 @@ func (n *hasSLSAStruct) Key() string {
 	}, ":"))
 }
 
+// DeleteHasSLSA deletes a specified SLSA node along with all associated relationships.
+func (c *demoClient) DeleteHasSLSA(ctx context.Context, id string) (bool, error) {
+
+	// Retrieve the SLSA link by ID
+	link, err := byIDkv[*hasSLSAStruct](ctx, id, c)
+	if err != nil {
+		if errors.Is(err, kv.NotFoundError) {
+			return false, nil // Not found, nothing to delete
+		}
+		return false, gqlerror.Errorf("Error retrieving SLSA link by ID: %v", err)
+	}
+
+	// Remove backlinks from associated subject
+	foundSubject, err := c.returnFoundArtifact(ctx, &model.IDorArtifactInput{ArtifactID: &link.Subject})
+	if err != nil {
+		return false, gqlerror.Errorf("Error retrieving associated subject: %v", err)
+	}
+	if err := c.removeLinks(ctx, link.ThisID, foundSubject.HasSLSAs, "artifacts", foundSubject.ID()); err != nil {
+		return false, gqlerror.Errorf("Error removing backlinks from associated subject: %v", err)
+	}
+
+	// Remove backlinks from associated builtBy
+	foundBuiltBy, err := c.returnFoundBuilder(ctx, &model.IDorBuilderInput{BuilderID: &link.BuiltBy})
+	if err != nil {
+		return false, gqlerror.Errorf("Error retrieving associated builtBy: %v", err)
+	}
+	if err := c.removeLinks(ctx, link.ThisID, foundBuiltBy.HasSLSAs, "builders", foundBuiltBy.ID()); err != nil {
+		return false, gqlerror.Errorf("Error removing backlinks from associated builtBy: %v", err)
+	}
+
+	// Remove backlinks from associated builtFrom
+	for _, builtFromID := range link.BuiltFrom {
+		foundBuiltFrom, err := c.returnFoundArtifact(ctx, &model.IDorArtifactInput{ArtifactID: &builtFromID})
+		if err != nil {
+			return false, gqlerror.Errorf("Error retrieving associated builtFrom: %v", err)
+		}
+		if err := c.removeLinks(ctx, link.ThisID, foundBuiltFrom.HasSLSAs, "artifacts", foundBuiltFrom.ID()); err != nil {
+			return false, gqlerror.Errorf("Error removing backlinks from associated builtFrom: %v", err)
+		}
+	}
+
+	// Delete the link from the KeyValue store
+	if err := c.kv.Remove(ctx, slsaCol, link.Key()); err != nil {
+		return false, gqlerror.Errorf("failed to remove hasSLSA link from KeyValue store: %v", err)
+	}
+
+	return true, nil
+}
+
 func (n *hasSLSAStruct) Neighbors(allowedEdges edgeMap) []string {
 	out := make([]string, 0, 2+len(n.BuiltFrom))
 	if allowedEdges[model.EdgeHasSlsaSubject] {

@@ -18,6 +18,7 @@ package keyvalue
 import (
 	"context"
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/vektah/gqlparser/v2/gqlerror"
@@ -192,6 +193,41 @@ func (c *demoClient) Nodes(ctx context.Context, ids []string) ([]model.Node, err
 
 // Delete node and all associated relationships. This functionality is only implemented for
 // certifyVuln, HasSBOM and HasSLSA.
-func (c *demoClient) Delete(ctx context.Context, node string) (bool, error) {
-	panic(fmt.Errorf("not implemented: Delete"))
+func (c *demoClient) Delete(ctx context.Context, nodeID string) (bool, error) {
+	// Retrieve the node type based on the node ID
+	var k string
+	if err := c.kv.Get(ctx, indexCol, nodeID, &k); err != nil {
+		return false, fmt.Errorf("%w : id not found in index %q", err, nodeID)
+	}
+
+	sub := strings.SplitN(k, ":", 2)
+	if len(sub) != 2 {
+		return false, fmt.Errorf("Bad value was stored in index map: %v", k)
+	}
+
+	nodeType := sub[0]
+
+	switch nodeType {
+	case "certifyVulns":
+		deleted, err := c.DeleteCertifyVuln(ctx, nodeID)
+		if err != nil {
+			return false, fmt.Errorf("failed to delete CertifyVuln via ID: %s, with error: %w", nodeID, err)
+		}
+		return deleted, nil
+	case "hasSBOMs":
+		deleted, err := c.DeleteHasSBOM(ctx, nodeID)
+		if err != nil {
+			return false, fmt.Errorf("failed to delete HasSBOM via ID: %s, with error: %w", nodeID, err)
+		}
+		return deleted, nil
+	case "hasSLSAs":
+		deleted, err := c.DeleteHasSLSA(ctx, nodeID)
+		if err != nil {
+			return false, fmt.Errorf("failed to delete HasSLSA via ID: %s, with error: %w", nodeID, err)
+		}
+		return deleted, nil
+	default:
+		log.Printf("Unknown node type: %s", nodeType)
+	}
+	return false, nil
 }
@@ -23,14 +23,16 @@ import (
 
 // Store is an interface to define to serve as a keyvalue store
 type Store interface {
-
 	// Retrieve value from store. If not found, returns NotFoundError. Ptr must
 	// be a pointer to the type of value stored.
 	Get(ctx context.Context, collection, key string, ptr any) error
 
 	// Sets a value, creates collection if necessary
 	Set(ctx context.Context, collection, key string, value any) error
 
+	// Delete a value from the store. If not found, returns NotFoundError.
+	Remove(ctx context.Context, collection, key string) error
+
 	// Create a scanner that will be used to get all the keys in a collection.
 	Keys(collection string) Scanner
 }

@@ -56,6 +56,18 @@ func (s *store) Set(_ context.Context, c, k string, v any) error {
 	return nil
 }
 
+func (s *store) Remove(_ context.Context, c, k string) error {
+	col, ok := s.m[c]
+	if !ok {
+		return fmt.Errorf("%w : Collection %q", kv.NotFoundError, c)
+	}
+	if _, ok := col[k]; !ok {
+		return fmt.Errorf("%w : Key %q", kv.NotFoundError, k)
+	}
+	delete(col, k)
+	return nil
+}
+
 func (s *store) Keys(c string) kv.Scanner {
 	return &scanner{
 		collection: c,

@@ -67,6 +67,17 @@ func (s *store) Set(ctx context.Context, c, k string, v any) error {
 	return s.c.HSet(ctx, c, k, string(b)).Err()
 }
 
+func (s *store) Remove(ctx context.Context, c, k string) error {
+	res, err := s.c.HDel(ctx, c, k).Result()
+	if err != nil {
+		return err
+	}
+	if res == 0 {
+		return kv.NotFoundError
+	}
+	return nil
+}
+
 func (s *store) Keys(c string) kv.Scanner {
 	return &scanner{
 		collection: c,

@@ -70,6 +70,24 @@ func (s *store) Set(ctx context.Context, c, k string, v any) error {
 	return s.c.Put(ctx, []byte(ck), bts)
 }
 
+func (s *store) Remove(ctx context.Context, c, k string) error {
+	ck := strings.Join([]string{c, k}, ":")
+	// Check if the key exists
+	bts, err := s.c.Get(ctx, []byte(ck))
+	if err != nil {
+		return err
+	}
+	if len(bts) == 0 {
+		return kv.NotFoundError
+	}
+	// Proceed to delete the key
+	err = s.c.Delete(ctx, []byte(ck))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (s *store) Keys(c string) kv.Scanner {
 	return &scanner{
 		c:      s.c,