pxp928
commented
1 year ago Thanks for the bug report @BWhitfield. @shafeeshafee can you look into this more?
Closed BWhitfield closed 1 year ago
pxp928
commented
1 year ago Thanks for the bug report @BWhitfield. @shafeeshafee can you look into this more?
shafeeshafee
commented
1 year ago yeah, let me take a look. Thanks for the heads up on this @BWhitfield
BWhitfield
commented
1 year ago I checked it out this morning and saw this in the response:
I tried to run graphql-codegen I got the following error.
When I removed the annotations block from the pkg/assembler/graphql/examples/has_sbom.gql file the codegen was successful and the visualizer was no longer tossing 422's.
pxp928
commented
1 year ago I checked it out this morning and saw this in the response:
I tried to run graphql-codegen I got the following error.
When I removed the annotations block from the pkg/assembler/graphql/examples/has_sbom.gql file the codegen was successful and the visualizer was no longer tossing 422's.
Yes, good catch! We recently changed the graphQL schema on the main guac project to remove annotations from the HasSBOM node and did not update the codegen here on the visualizer.
pxp928
commented
1 year ago @BWhitfield this issue has been fixed with #40
krumware
commented
1 year ago Is there anything additional that needs to be done after cloning for this? I seem to be experiencing the issue on a fresh clone today. I'm using fresh clones of guac, guac-data, and guac-visualizer
{
"errors": [
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 20,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 24,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 28,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 32,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 415,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 419,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 423,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 427,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 453,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 457,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"IsVulnerability\".",
"locations": [
{
"line": 84,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 483,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 487,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 491,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 151,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 158,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\". Did you mean \"SLSA\"?",
"locations": [
{
"line": 164,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 415,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 419,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 423,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"NoVuln\".",
"locations": [
{
"line": 427,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 453,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 457,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"IsVulnerability\". Did you mean \"Vulnerability\", \"VulnerabilityID\", or \"VulnerabilitySpec\"?",
"locations": [
{
"line": 445,
"column": 1
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"CVE\".",
"locations": [
{
"line": 483,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"GHSA\".",
"locations": [
{
"line": 487,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
},
{
"message": "Unknown type \"OSV\".",
"locations": [
{
"line": 491,
"column": 9
}
],
"extensions": {
"code": "GRAPHQL_VALIDATION_FAILED"
}
}
],
"data": null
}@krumware we just updated the graphQL API that is causing a mismatch between the visualizer and guac (on main). We have open PRs to update the docs to use the released versions so that this does not happen. Please see PR: https://github.com/guacsec/guac-docs/pull/88 and https://github.com/guacsec/guac-docs/pull/89
for how to use the released version of guac and the visualizer
krumware
commented
1 year ago Ah, I just have poor timing. Looks like the docs updates are addressing what got me there as well, with the cloning and making vs using the binary. Thank you!
Describe the bug While running locally requests to
http://localhost:3000/api/graphqlreturn with a 422 status.To Reproduce Steps to reproduce the behavior:
You should get the 422
Screenshots
GUAC version guac: 30321c71 guac-data: 5f0ddb94 guac-visualizer: 5d174e6e
Additional context Request from inspect element:
fetch("http://localhost:3000/api/graphql", { "headers": { "accept": "*/*", "accept-language": "en-US,en;q=0.9", "cache-control": "no-cache", "content-type": "application/json", "pragma": "no-cache", "sec-ch-ua": "\"Not.A/Brand\";v=\"8\", \"Chromium\";v=\"114\", \"Google Chrome\";v=\"114\"", "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": "\"macOS\"", "sec-fetch-dest": "empty", "sec-fetch-mode": "cors", "sec-fetch-site": "same-origin", "cookie": "_ga=GA1.1.1386983528.1673881015; _ga_M43RDNHN7J=GS1.1.1675875418.36.0.1675875418.0.0.0; mp_892341e8387efb088b8844a41e4bcd31_mixpanel=%7B%22distinct_id%22%3A%20%2221aa7b1f-d459-4feb-8162-ee8894aee314%22%2C%22%24device_id%22%3A%20%22185bc75ddef11c9-0898a1772c844f-17525635-2a3000-185bc75ddf09ef%22%2C%22%24initial_referrer%22%3A%20%22http%3A%2F%2Flocalhost%3A3000%2Favalanche%2F0x2f484AE898A0182B46C104C4a7529D5E08e68d68%22%2C%22%24initial_referring_domain%22%3A%20%22localhost%3A3000%22%2C%22app_root%22%3A%20%22http%3A%2F%2Flocalhost%3A3000%22%2C%22environment%22%3A%20%22development%22%2C%22app%22%3A%20%22Chainmail%22%2C%22git_sha%22%3A%20%22LOCAL%22%2C%22%24user_id%22%3A%20%2221aa7b1f-d459-4feb-8162-ee8894aee314%22%7D", "Referer": "http://localhost:3000/", "Referrer-Policy": "strict-origin-when-cross-origin" }, "body": "{\"operationName\":\"GetNeighbors\",\"variables\":{\"nodeId\":\"6\",\"edges\":[]},\"query\":\"query GetNeighbors($nodeId: ID!, $edges: [Edge!]!) {\\n neighbors(node: $nodeId, usingOnly: $edges) {\\n __typename\\n ... on Package {\\n ...allPkgTree\\n __typename\\n }\\n ... on Source {\\n ...allSrcTree\\n __typename\\n }\\n ... on Artifact {\\n ...allArtifactTree\\n __typename\\n }\\n ... on Builder {\\n ...allBuilderTree\\n __typename\\n }\\n ... on OSV {\\n ...allOSVTree\\n __typename\\n }\\n ... on CVE {\\n ...allCveTree\\n __typename\\n }\\n ... on GHSA {\\n ...allGHSATree\\n __typename\\n }\\n ... on NoVuln {\\n id\\n __typename\\n }\\n ... on IsOccurrence {\\n ...allIsOccurrencesTree\\n __typename\\n }\\n ... on IsDependency {\\n ...allIsDependencyTree\\n __typename\\n }\\n ... on IsVulnerability {\\n ...allIsVulnerabilityTree\\n __typename\\n }\\n ... on CertifyVEXStatement {\\n ...allCertifyVEXStatementTree\\n __typename\\n }\\n ... on HashEqual {\\n ...allHashEqualTree\\n __typename\\n }\\n ... on CertifyBad {\\n ...allCertifyBadTree\\n __typename\\n }\\n ... on CertifyGood {\\n ...allCertifyGoodTree\\n __typename\\n }\\n ... on CertifyBad {\\n ...allCertifyBadTree\\n __typename\\n }\\n ... on PkgEqual {\\n ...allPkgEqualTree\\n __typename\\n }\\n ... on CertifyScorecard {\\n ...allCertifyScorecardTree\\n __typename\\n }\\n ... on CertifyVuln {\\n ...allCertifyVulnTree\\n __typename\\n }\\n ... on HasSourceAt {\\n ...allHasSourceAtTree\\n __typename\\n }\\n ... on HasSBOM {\\n ...allHasSBOMTree\\n __typename\\n }\\n ... on HasSLSA {\\n ...allHasSLSATree\\n __typename\\n }\\n }\\n}\\n\\nfragment allSrcTree on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allPkgTree on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allArtifactTree on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n}\\n\\nfragment allBuilderTree on Builder {\\n id\\n uri\\n __typename\\n}\\n\\nfragment allOSVTree on OSV {\\n id\\n osvId\\n __typename\\n}\\n\\nfragment allCveTree on CVE {\\n id\\n year\\n cveId\\n __typename\\n}\\n\\nfragment allGHSATree on GHSA {\\n id\\n ghsaId\\n __typename\\n}\\n\\nfragment allIsOccurrencesTree on IsOccurrence {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n }\\n artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n justification\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allIsDependencyTree on IsDependency {\\n id\\n justification\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n dependentPackage {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n dependencyType\\n versionRange\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allIsVulnerabilityTree on IsVulnerability {\\n id\\n osv {\\n id\\n osvId\\n __typename\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n }\\n justification\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyVEXStatementTree on CertifyVEXStatement {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on OSV {\\n id\\n osvId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n }\\n status\\n vexJustification\\n statement\\n statusNotes\\n knownSince\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHashEqualTree on HashEqual {\\n id\\n justification\\n artifacts {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyBadTree on CertifyBad {\\n id\\n justification\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyGoodTree on CertifyGood {\\n id\\n justification\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allPkgEqualTree on PkgEqual {\\n id\\n justification\\n packages {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allCertifyScorecardTree on CertifyScorecard {\\n id\\n source {\\n ...allSrcTree\\n __typename\\n }\\n scorecard {\\n timeScanned\\n aggregateScore\\n checks {\\n check\\n score\\n __typename\\n }\\n scorecardVersion\\n scorecardCommit\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allCertifyVulnTree on CertifyVuln {\\n id\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n vulnerability {\\n __typename\\n ... on CVE {\\n id\\n year\\n cveId\\n __typename\\n }\\n ... on OSV {\\n id\\n osvId\\n __typename\\n }\\n ... on GHSA {\\n id\\n ghsaId\\n __typename\\n }\\n ... on NoVuln {\\n id\\n __typename\\n }\\n }\\n metadata {\\n dbUri\\n dbVersion\\n scannerUri\\n scannerVersion\\n timeScanned\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\\n\\nfragment allHasSourceAtTree on HasSourceAt {\\n id\\n justification\\n knownSince\\n package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n source {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n tag\\n commit\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHasSBOMTree on HasSBOM {\\n id\\n subject {\\n __typename\\n ... on Package {\\n id\\n type\\n namespaces {\\n id\\n namespace\\n names {\\n id\\n name\\n versions {\\n id\\n version\\n qualifiers {\\n key\\n value\\n __typename\\n }\\n subpath\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n __typename\\n }\\n ... on Artifact {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n }\\n uri\\n algorithm\\n digest\\n downloadLocation\\n annotations {\\n key\\n value\\n __typename\\n }\\n origin\\n collector\\n __typename\\n}\\n\\nfragment allHasSLSATree on HasSLSA {\\n id\\n subject {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n slsa {\\n builtFrom {\\n id\\n algorithm\\n digest\\n __typename\\n }\\n builtBy {\\n id\\n uri\\n __typename\\n }\\n buildType\\n slsaPredicate {\\n key\\n value\\n __typename\\n }\\n slsaVersion\\n startedOn\\n finishedOn\\n origin\\n collector\\n __typename\\n }\\n __typename\\n}\"}", "method": "POST" });