Closed BWhitfield closed 1 year ago
Thanks for the bug report @BWhitfield. @shafeeshafee can you look into this more?
yeah, let me take a look. Thanks for the heads up on this @BWhitfield
I checked it out this morning and saw this in the response:
I tried to run graphql-codegen I got the following error.
When I removed the annotations block from the pkg/assembler/graphql/examples/has_sbom.gql file the codegen was successful and the visualizer was no longer tossing 422's.
I checked it out this morning and saw this in the response:
I tried to run graphql-codegen I got the following error.
When I removed the annotations block from the pkg/assembler/graphql/examples/has_sbom.gql file the codegen was successful and the visualizer was no longer tossing 422's.
Yes, good catch! We recently changed the graphQL schema on the main guac project to remove annotations from the HasSBOM node and did not update the codegen here on the visualizer.
@BWhitfield this issue has been fixed with #40
Is there anything additional that needs to be done after cloning for this? I seem to be experiencing the issue on a fresh clone today. I'm using fresh clones of guac, guac-data, and guac-visualizer
{
"errors": [
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 20,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 24,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 28,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 32,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 415,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 419,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 423,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 427,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 453,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 457,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"IsVulnerability\".",
"locations": [
{
"line": 84,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 483,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 487,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 491,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 151,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 158,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\". Did you mean \"SLSA\"?",
"locations": [
{
"line": 164,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 415,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 419,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 423,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 427,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 453,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 457,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"IsVulnerability\". Did you mean \"Vulnerability\", \"VulnerabilityID\", or \"VulnerabilitySpec\"?",
"locations": [
{
"line": 445,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 483,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 487,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 491,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
}
],
"data": null
}
@krumware we just updated the graphQL API that is causing a mismatch between the visualizer and guac (on main). We have open PRs to update the docs to use the released versions so that this does not happen. Please see PR: https://github.com/guacsec/guac-docs/pull/88 and https://github.com/guacsec/guac-docs/pull/89
for how to use the released version of guac and the visualizer
Ah, I just have poor timing. Looks like the docs updates are addressing what got me there as well, with the cloning and making vs using the binary. Thank you!
Describe the bug While running locally requests to
http://localhost:3000/api/graphql
return with a 422 status.To Reproduce Steps to reproduce the behavior:
You should get the 422
Screenshots
GUAC version guac: 30321c71 guac-data: 5f0ddb94 guac-visualizer: 5d174e6e
Additional context Request from inspect element:
fetch("http://localhost:3000/api/graphql", { "headers": { "accept": "*/*", "accept-language": "en-US,en;q=0.9", "cache-control": "no-cache", "content-type": "application/json", "pragma": "no-cache", "sec-ch-ua": "\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"macOS\"", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "cookie": "_ga=GA1.1.1386983528.1673881015; _ga_M43RDNHN7J=GS1.1.1675875418.36.0.1675875418.0.0.0; mp_892341e8387efb088b8844a41e4bcd31_mixpanel=%7B%22distinct_id%22%3A%20%2221aa7b1f-d459-4feb-8162-ee8894aee314%22%2C%22%24device_id%22%3A%20%22185bc75ddef11c9-0898a1772c844f-17525635-2a3000-185bc75ddf09ef%22%2C%22%24initial_referrer%22%3A%20%22http%3A%2F%2Flocalhost%3A3000%2Favalanche%2F0x2f484AE898A0182B46C104C4a7529D5E08e68d68%22%2C%22%24initial_referring_domain%22%3A%20%22localhost%3A3000%22%2C%22app_root%22%3A%20%22http%3A%2F%2Flocalhost%3A3000%22%2C%22environment%22%3A%20%22development%22%2C%22app%22%3A%20%22Chainmail%22%2C%22git_sha%22%3A%20%22LOCAL%22%2C%22%24user_id%22%3A%20%2221aa7b1f-d459-4feb-8162-ee8894aee314%22%7D", "Referer": "http://localhost:3000/", "Referrer-Policy": "strict-origin-when-cross-origin" }, "body": "{\"operationName\":\"GetNeighbors\",\"variables\":{\"nodeId\":\"6\",\"edges\":[]},\"query\":\"query GetNeighbors($nodeId: ID!, $edges: [Edge!]!) {\\n neighbors(node: $nodeId, usingOnly: $edges) {\\n __typename\\n ... on Package {\\n ...allPkgTree\\n __typename\\n }\\n ... on Source {\\n ...allSrcTree\\n __typename\\n }\\n ... on Artifact {\\n ...allArtifactTree\\n __typename\\n }\\n ... on Builder {\\n ...allBuilderTree\\n __typename\\n }\\n ... on OSV {\\n ...allOSVTree\\n __typename\\n }\\n ... on CVE {\\n ...allCveTree\\n __typename\\n }\\n ... on GHSA {\\n ...allGHSATree\\n __typename\\n }\\n ... on NoVuln {\\n id\\n __typename\\n }\\n ... on IsOccurrence {\\n ...allIsOccurrencesTree\\n __typename\\n }\\n ... on IsDependency {\\n ...allIsDependencyTree\\n __typename\\n }\\n ... on IsVulnerability {\\n ...allIsVulnerabilityTree\\n __typename\\n }\\n ... on CertifyVEXStatement {\\n ...allCertifyVEXStatementTree\\n __typename\\n }\\n ... on HashEqual {\\n ...allHashEqualTree\\n __typename\\n }\\n ... on CertifyBad {\\n ...allCertifyBadTree\\n __typename\\n }\\n ... on CertifyGood {\\n ...allCertifyGoodTree\\n __typename\\n }\\n ... on CertifyBad {\\n ...allCertifyBadTree\\n __typename\\n }\\n ... on PkgEqual {\\n ...allPkgEqualTree\\n __typename\\n }\\n ... on CertifyScorecard {\\n ...allCertifyScorecardTree\\n __typename\\n }\\n ... on CertifyVuln {\\n ...allCertifyVulnTree\\n __typename\\n }\\n ... on HasSourceAt {\\n ...allHasSourceAtTree\\n __typename\\n }\\n ... on HasSBOM {\\n ...allHasSBOMTree\\n __typename\\n }\\n ... on HasSLSA {\\n ...allHasSLSATree\\n __typename\\n }\\n }\\n}\\n\\nfragment allSrcTree on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allPkgTree on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allArtifactTree on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n}\\n\\nfragment allBuilderTree on Builder {\\n id\\n uri\\n __typename\\n}\\n\\nfragment allOSVTree on OSV {\\n id\\n osvId\\n __typename\\n}\\n\\nfragment allCveTree on CVE {\\n id\\n year\\n cveId\\n __typename\\n}\\n\\nfragment allGHSATree on GHSA {\\n id\\n ghsaId\\n __typename\\n}\\n\\nfragment allIsOccurrencesTree on IsOccurrence {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n }\\n artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n justification\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allIsDependencyTree on IsDependency {\\n id\\n justification\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n dependentPackage {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n dependencyType\\n versionRange\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allIsVulnerabilityTree on IsVulnerability {\\n id\\n osv {\\n id\\n osvId\\n __typename\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n }\\n justification\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyVEXStatementTree on CertifyVEXStatement {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on OSV {\\n id\\n osvId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n }\\n status\\n vexJustification\\n statement\\n statusNotes\\n knownSince\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHashEqualTree on HashEqual {\\n id\\n justification\\n artifacts {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyBadTree on CertifyBad {\\n id\\n justification\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyGoodTree on CertifyGood {\\n id\\n justification\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allPkgEqualTree on PkgEqual {\\n id\\n justification\\n packages {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyScorecardTree on CertifyScorecard {\\n id\\n source {\\n ...allSrcTree\\n __typename\\n }\\n scorecard {\\n timeScanned\\n aggregateScore\\n checks {\\n check\\n score\\n __typename\\n }\\n scorecardVersion\\n scorecardCommit\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allCertifyVulnTree on CertifyVuln {\\n id\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on OSV {\\n id\\n osvId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n ... on NoVuln {\\n id\\n __typename\\n }\\n }\\n metadata {\\n dbUri\\n dbVersion\\n scannerUri\\n scannerVersion\\n timeScanned\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allHasSourceAtTree on HasSourceAt {\\n id\\n justification\\n knownSince\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHasSBOMTree on HasSBOM {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n uri\\n algorithm\\n digest\\n downloadLocation\\n annotations {\\n key\\n value\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHasSLSATree on HasSLSA {\\n id\\n subject {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n slsa {\\n builtFrom {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n builtBy {\\n id\\n uri\\n __typename\\n }\\n buildType\\n slsaPredicate {\\n key\\n value\\n __typename\\n }\\n slsaVersion\\n startedOn\\n finishedOn\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\"}", "method": "POST" });