feat: add expand requirement file endpoint

Author: GermanMT

app/constants.py

@@ -47,10 +47,12 @@ class ResponseCode:
     NO_DEPENDENCIES_PACKAGE = "no_dependencies_package"
     NO_DEPENDENCIES_VERSION = "no_dependencies_version"
     REPOSITORY_PROCESSING_IN_PROGRESS = "repository_processing_in_progress"
+    EXPAND_REQ_FILE_SUCCESS = "expand_req_file_success"
     EXPAND_PACKAGE_SUCCESS = "expand_package_success"
     EXPAND_VERSION_SUCCESS = "expand_version_success"
 
     # Not found errors
+    REQ_FILE_NOT_FOUND = "req_file_not_found"
     PACKAGE_NOT_FOUND = "package_not_found"
     VERSION_NOT_FOUND = "version_not_found"
     DATE_NOT_FOUND = "date_not_found"
@@ -105,12 +107,14 @@ class ResponseMessage:
     NO_DEPENDENCIES_PACKAGE = "The package has no dependencies"
     NO_DEPENDENCIES_VERSION = "The package version has no dependencies"
     REPOSITORY_PROCESSING = "The repository is already being processed"
+    REQ_FILE_EXPANSION_RETRIEVED_SUCCESS = "Requirement file expansion data retrieved successfully"
     PACKAGE_EXPANSION_RETRIEVED_SUCCESS = "Package expansion data retrieved successfully"
     VERSION_EXPANSION_RETRIEVED_SUCCESS = "Version expansion data retrieved successfully"
 
     # Not found errors
+    REQ_FILE_NOT_FOUND = "The requested requirement file was not found"
     PACKAGE_NOT_FOUND = "The requested package was not found"
-    VERSION_NOT_FOUND = "The requested version was not found"
+    VERSION_NOT_FOUND = "The requested version was not found, or don't have dependencies"
 
     # Error messages - General
     VALIDATION_ERROR = "Validation error"

app/controllers/graph_controller.py

@@ -16,14 +16,19 @@
 from app.limiter import limiter
 from app.schemas import (
     ExpandPackageRequest,
+    ExpandReqFileRequest,
     ExpandVersionRequest,
     GetPackageStatusRequest,
     GetVersionStatusRequest,
     InitPackageRequest,
     InitRepositoryRequest,
     PackageMessageSchema,
 )
-from app.services import PackageService, RepositoryService, VersionService
+from app.services import (
+    PackageService,
+    RepositoryService,
+    VersionService,
+)
 from app.utils import JSONEncoder, RedisQueue
 
 router = APIRouter()
@@ -225,7 +230,44 @@ async def init_repository(
             }),
         )
 
-@router.post(
+@router.get(
+    "/graph/expand/req_file",
+    summary="Expand Requirement File",
+    description="Return requirement file info to expand its versions in the graph visualization.",
+    response_description="Requirement file expansion data.",
+    dependencies=[Depends(get_dual_auth_bearer())],
+    tags=["Secure Chain Depex - Graph"]
+)
+@limiter.limit("25/minute")
+async def expand_req_file(
+    request: Request,
+    expand_req_file_request: ExpandReqFileRequest = Depends(),
+    package_service: PackageService = Depends(get_package_service),
+    json_encoder: JSONEncoder = Depends(get_json_encoder),
+) -> JSONResponse:
+    expansion_data = await package_service.read_packages_expansion_by_req_file(
+        expand_req_file_request.requirement_file_id
+    )
+    if expansion_data is None:
+        return JSONResponse(
+            status_code=status.HTTP_404_NOT_FOUND,
+            content=json_encoder.encode(
+                {
+                    "code": ResponseCode.REQ_FILE_NOT_FOUND,
+                    "message": ResponseMessage.REQ_FILE_NOT_FOUND,
+                }
+            ),
+        )
+    return JSONResponse(
+        status_code=status.HTTP_200_OK,
+        content=json_encoder.encode({
+            "code": ResponseCode.EXPAND_REQ_FILE_SUCCESS,
+            "message": ResponseMessage.REQ_FILE_EXPANSION_RETRIEVED_SUCCESS,
+            "data": expansion_data
+        })
+    )
+
+@router.get(
     "/graph/expand/package",
     summary="Expand Package",
     description="Return package info to expand its versions in the graph visualization.",
@@ -236,11 +278,11 @@ async def init_repository(
 @limiter.limit("25/minute")
 async def expand_package(
     request: Request,
-    expand_package_request: ExpandPackageRequest,
+    expand_package_request: ExpandPackageRequest = Depends(),
     version_service: VersionService = Depends(get_version_service),
     json_encoder: JSONEncoder = Depends(get_json_encoder),
 ) -> JSONResponse:
-    expansion_data = await version_service.read_versions_by_package(
+    expansion_data = await version_service.read_versions_expansion_by_package(
         expand_package_request.node_type.value,
         expand_package_request.package_purl,
         expand_package_request.constraints
@@ -264,7 +306,7 @@ async def expand_package(
         })
     )
 
-@router.post(
+@router.get(
     "/graph/expand/version",
     summary="Expand Version",
     description="Return version info to expand its dependencies in the graph visualization.",
@@ -275,11 +317,11 @@ async def expand_package(
 @limiter.limit("25/minute")
 async def expand_version(
     request: Request,
-    expand_version_request: ExpandVersionRequest,
+    expand_version_request: ExpandVersionRequest = Depends(),
     package_service: PackageService = Depends(get_package_service),
     json_encoder: JSONEncoder = Depends(get_json_encoder),
 ) -> JSONResponse:
-    expansion_data = await package_service.read_packages_by_version_and_parent(
+    expansion_data = await package_service.read_packages_expansion_by_version(
         expand_version_request.version_purl
     )
     if expansion_data is None:

app/domain/repo_analyzer/requirement_files/cyclonedx_sbom_analyzer.py

@@ -113,5 +113,7 @@ def extract_dependencies(self, data: dict) -> dict[str, str]:
     def normalize_version_for_type(self, version: str, package_type: str) -> str:
         if package_type == "maven":
             return f"[{version}]"
+        elif package_type == "gem":
+            return f"={version}"
         else:
             return f"=={version}"

app/domain/repo_analyzer/requirement_files/gemfile_analyzer.py

@@ -18,7 +18,7 @@ def parse_file(self, repository_path: str, filename: str) -> dict[str, str]:
                     version.count(".") == 2
                     and not any(op in version for op in ["<", ">", "="])
                 ):
-                    packages[gem] = f"== {version}"
+                    packages[gem] = f"= {version}"
                 else:
                     packages[gem] = version
         return packages

app/domain/repo_analyzer/requirement_files/gemfile_lock_analyzer.py

@@ -18,7 +18,7 @@ def parse_file(self, repository_path: str, filename: str) -> dict[str, str]:
                     version.count(".") == 2
                     and not any(op in version for op in ["<", ">", "="])
                 ):
-                    packages[gem] = f"== {version}"
+                    packages[gem] = f"= {version}"
                 else:
                     packages[gem] = version
         return packages

app/domain/repo_analyzer/requirement_files/spdx_sbom_analyzer.py

@@ -149,5 +149,7 @@ def extract_dependencies(self, data: dict) -> dict[str, str]:
     def normalize_version_for_type(self, version: str, package_type: str) -> str:
         if package_type == "maven":
             return f"[{version}]"
+        elif package_type == "gem":
+            return f"={version}"
         else:
             return f"=={version}"

app/schemas/__init__.py

@@ -1,5 +1,6 @@
 from .graphs import (
     ExpandPackageRequest,
+    ExpandReqFileRequest,
     ExpandVersionRequest,
     GetPackageStatusRequest,
     GetVersionStatusRequest,
@@ -25,6 +26,7 @@
     "CompleteConfigRequest",
     "ConfigByImpactRequest",
     "ExpandPackageRequest",
+    "ExpandReqFileRequest",
     "ExpandVersionRequest",
     "FileInfoRequest",
     "FilterConfigsRequest",

app/schemas/graphs/__init__.py

@@ -1,4 +1,5 @@
 from .expand_package_request import ExpandPackageRequest
+from .expand_req_file_request import ExpandReqFileRequest
 from .expand_version_request import ExpandVersionRequest
 from .get_package_status_request import GetPackageStatusRequest
 from .get_version_status_request import GetVersionStatusRequest
@@ -7,6 +8,7 @@
 
 __all__ = [
     "ExpandPackageRequest",
+    "ExpandReqFileRequest",
     "ExpandVersionRequest",
     "GetPackageStatusRequest",
     "GetVersionStatusRequest",

app/schemas/graphs/expand_req_file_request.py

@@ -0,0 +1,11 @@
+from pydantic import BaseModel, Field
+
+from app.schemas.patterns import NEO4J_ID_PATTERN
+
+
+class ExpandReqFileRequest(BaseModel):
+    requirement_file_id: str = Field(
+        ...,
+        pattern=NEO4J_ID_PATTERN,
+        description="Requirement file ID following the Neo4j ID pattern"
+    )

app/services/package_service.py

@@ -60,13 +60,13 @@ async def read_packages_by_requirement_file(self, requirement_file_id: str) -> d
             record = await result.single()
         return record.get("requirement_files") if record else None
 
-    async def read_packages_by_version_and_parent(
+    async def read_packages_expansion_by_version(
         self,
         version_purl: str,
     ) -> dict[str, Any] | None:
         query = """
-        MATCH (v:Version{purl:$version_purl})-[r:REQUIRE]->(dep)
-        WITH v, r, collect(dep) AS dependencies
+        MATCH (:Version{purl:$version_purl})-[r:REQUIRE]->(dep)
+        WITH r, collect(dep) AS dependencies
         RETURN {
             nodes: [dep IN dependencies | {
                 id: dep.purl,
@@ -96,6 +96,43 @@ async def read_packages_by_version_and_parent(
             record = await result.single()
         return record.get("expansion_data") if record else None
 
+    async def read_packages_expansion_by_req_file(
+        self,
+        requirement_file_id: str,
+    ) -> dict[str, Any] | None:
+        query = """
+        MATCH (rf:RequirementFile)-[r:REQUIRE]->(dep)
+        WHERE elementid(rf) = $requirement_file_id
+        WITH collect({dep: dep, r: r}) AS items
+        RETURN {
+            nodes: [item IN items | {
+                id: item.dep.purl,
+                label: item.dep.name,
+                type: labels(item.dep)[0],
+                props: {
+                    name: item.dep.name,
+                    vendor: item.dep.vendor,
+                    repository_url: item.dep.repository_url,
+                    purl: item.dep.purl
+                }
+            }],
+            edges: [item IN items | {
+                id: 'e-' + $requirement_file_id + '-' + item.dep.purl,
+                source: $requirement_file_id,
+                target: item.dep.purl,
+                type: 'REQUIRE',
+                props: {
+                    constraints: item.r.constraints,
+                    parent_version_name: item.r.parent_version_name
+                }
+            }]
+        } AS expansion_data
+        """
+        async with self.driver.session() as session:
+            result = await session.run(query, requirement_file_id=requirement_file_id)
+            record = await result.single()
+        return record.get("expansion_data") if record else None
+
     async def read_graph_for_package_ssc_info_operation(
         self,
         node_type: str,