Add GraphQL API to provide user required data.

[AmitGupta7580]

RestAPI

GraphQL API

I have executed same query on both types of API and recorded their response time . [Observation] GraphQL API is slightly faster than RestAPI.

FrameWork used : Graphene

[AmitGupta7580]

Rest API Request :

Rest API Response is something like :

GraphQL API query :

{ packagesUrl(purls: ["pkg:pacman/archlinux/spice@0.14.3-3", "pkg:pacman/archlinux/vivaldi@3.7.2218.49-1", "pkg:pacman/archlinux/lib32-libcurl-compat@7.75.0-1", "pkg:pacman/archlinux/libcurl-compat@7.75.0-1", "pkg:pacman/archlinux/lib32-curl@7.75.0-1", "pkg:pacman/archlinux/curl@7.75.0-1", "pkg:pacman/archlinux/opera@74.0.3911.218-1", "pkg:pacman/archlinux/logstash@7.10.1-1", "pkg:pacman/archlinux/kibana@7.10.1-1", "pkg:pacman/archlinux/keycloak@12.0.4-1", "pkg:pacman/archlinux/python-flask-security-too@3.3.3-3", "pkg:pacman/archlinux/inetutils@1.9.4-8", "pkg:pacman/archlinux/openssl-1.0@1.0.2.u-1", "pkg:pacman/archlinux/linux-hardened@5.11.10.hardened1-1", "pkg:pacman/archlinux/lib32-libcurl-gnutls@7.75.0-1", "pkg:pacman/archlinux/libcurl-gnutls@7.75.0-1", "pkg:pacman/archlinux/binutils@2.36.1-2", "pkg:pacman/archlinux/ceph@15.2.8-2", "pkg:pacman/archlinux/elasticsearch@7.10.1-1", "pkg:pacman/archlinux/dnsmasq@2.84-1"]) { id name version type namespace subpath qualifiers vulnerabilities { vulnerabilityId oldVulnerabilityId summary vulnerabilityreferenceSet { url source referenceId vulnerabilityseveritySet { value scoringSystem } } } } }

GraphQL resonse is similar to :

[sbs2001]

graphql doesn't have unresolved_vuln and resolved_vuln

[sbs2001]

you need to do the tests where there are vulnerabilities linked to the package .

[AmitGupta7580]

I have linked the vulnerabilities to packages and now their response sizes are almost equal. Framework : Graphene (CODE, requests and responses) https://gist.github.com/AmitGupta7580/6bb1a91ccf405461fb6c84e991cd3b17

GraphQL wins but the fight is very close :)