feat: add domain model for scan result

Author: tembleking

flake.nix

@@ -40,17 +40,18 @@
             mkShell {
               packages = [
                 cargo
-                rustc
-                rustfmt
                 cargo-audit
-                cargo-watch
-                cargo-nextest
                 cargo-expand
+                cargo-nextest
+                cargo-tarpaulin
+                cargo-watch
                 clippy
                 just
-                rust-analyzer
                 lldb
                 pre-commit
+                rust-analyzer
+                rustc
+                rustfmt
               ];
 
               inputsFrom = [ sysdig-lsp ];

src/domain/mod.rs

@@ -0,0 +1 @@
+pub mod scanresult;

src/domain/scanresult/accepted_risk.rs

@@ -0,0 +1,142 @@
+use crate::domain::scanresult::accepted_risk_reason::AcceptedRiskReason;
+use crate::domain::scanresult::package::Package;
+use crate::domain::scanresult::vulnerability::Vulnerability;
+use crate::domain::scanresult::weak_hash::WeakHash;
+use chrono::{DateTime, Utc};
+use std::collections::HashSet;
+use std::fmt::Debug;
+use std::hash::{Hash, Hasher};
+use std::sync::{Arc, RwLock};
+
+pub struct AcceptedRisk {
+    id: String,
+    reason: AcceptedRiskReason,
+    description: String,
+    expiration_date: Option<DateTime<Utc>>,
+    is_active: bool,
+    created_at: DateTime<Utc>,
+    updated_at: DateTime<Utc>,
+    assigned_to_vulnerabilities: RwLock<HashSet<WeakHash<Vulnerability>>>,
+    assigned_to_packages: RwLock<HashSet<WeakHash<Package>>>,
+}
+
+impl Debug for AcceptedRisk {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("AcceptedRisk")
+            .field("id", &self.id)
+            .field("reason", &self.reason)
+            .field("description", &self.description)
+            .field("expiration_date", &self.expiration_date)
+            .field("is_active", &self.is_active)
+            .field("created_at", &self.created_at)
+            .field("updated_at", &self.updated_at)
+            .finish()
+    }
+}
+
+impl AcceptedRisk {
+    #[allow(clippy::too_many_arguments)]
+    pub(in crate::domain::scanresult) fn new(
+        id: String,
+        reason: AcceptedRiskReason,
+        description: String,
+        expiration_date: Option<DateTime<Utc>>,
+        is_active: bool,
+        created_at: DateTime<Utc>,
+        updated_at: DateTime<Utc>,
+    ) -> Self {
+        Self {
+            id,
+            reason,
+            description,
+            expiration_date,
+            is_active,
+            created_at,
+            updated_at,
+            assigned_to_vulnerabilities: RwLock::new(HashSet::new()),
+            assigned_to_packages: RwLock::new(HashSet::new()),
+        }
+    }
+
+    pub fn id(&self) -> &str {
+        &self.id
+    }
+
+    pub fn reason(&self) -> &AcceptedRiskReason {
+        &self.reason
+    }
+
+    pub fn description(&self) -> &str {
+        &self.description
+    }
+
+    pub fn expiration_date(&self) -> Option<DateTime<Utc>> {
+        self.expiration_date
+    }
+
+    pub fn is_active(&self) -> bool {
+        self.is_active
+    }
+
+    pub fn created_at(&self) -> DateTime<Utc> {
+        self.created_at
+    }
+
+    pub fn updated_at(&self) -> DateTime<Utc> {
+        self.updated_at
+    }
+
+    pub fn add_for_vulnerability(self: &Arc<Self>, vulnerability: Arc<Vulnerability>) {
+        if self
+            .assigned_to_vulnerabilities
+            .write()
+            .unwrap()
+            .insert(WeakHash(Arc::downgrade(&vulnerability)))
+        {
+            vulnerability.add_accepted_risk(self.clone());
+        }
+    }
+
+    pub fn assigned_to_vulnerabilities(self: &Arc<Self>) -> Vec<Arc<Vulnerability>> {
+        self.assigned_to_vulnerabilities
+            .read()
+            .unwrap()
+            .iter()
+            .filter_map(|v| v.0.upgrade())
+            .collect()
+    }
+
+    pub fn add_for_package(self: &Arc<Self>, a_package: Arc<Package>) {
+        if self
+            .assigned_to_packages
+            .write()
+            .unwrap()
+            .insert(WeakHash(Arc::downgrade(&a_package)))
+        {
+            a_package.add_accepted_risk(self.clone());
+        }
+    }
+
+    pub fn assigned_to_packages(self: &Arc<Self>) -> Vec<Arc<Package>> {
+        self.assigned_to_packages
+            .read()
+            .unwrap()
+            .iter()
+            .filter_map(|p| p.0.upgrade())
+            .collect()
+    }
+}
+
+impl PartialEq for AcceptedRisk {
+    fn eq(&self, other: &Self) -> bool {
+        self.id == other.id
+    }
+}
+
+impl Eq for AcceptedRisk {}
+
+impl Hash for AcceptedRisk {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        self.id.hash(state);
+    }
+}

src/domain/scanresult/accepted_risk_reason.rs

@@ -0,0 +1,10 @@
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
+pub enum AcceptedRiskReason {
+    RiskOwned,
+    RiskTransferred,
+    RiskAvoided,
+    RiskMitigated,
+    RiskNotRelevant,
+    Custom,
+    Unknown,
+}

src/domain/scanresult/architecture.rs

@@ -0,0 +1,6 @@
+#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)]
+pub enum Architecture {
+    Amd64,
+    Arm64,
+    Unknown,
+}

src/domain/scanresult/evaluation_result.rs

@@ -0,0 +1,15 @@
+#[derive(PartialEq, Eq, Hash, Clone, Copy, Debug)]
+pub enum EvaluationResult {
+    Passed,
+    Failed,
+}
+
+impl EvaluationResult {
+    pub fn is_failed(&self) -> bool {
+        matches!(self, Self::Failed)
+    }
+
+    pub fn is_passed(&self) -> bool {
+        matches!(self, Self::Passed)
+    }
+}

src/domain/scanresult/layer.rs

@@ -0,0 +1,85 @@
+use crate::domain::scanresult::package::Package;
+use crate::domain::scanresult::vulnerability::Vulnerability;
+use std::collections::HashSet;
+use std::fmt::Debug;
+use std::hash::{Hash, Hasher};
+use std::sync::{Arc, RwLock};
+
+pub struct Layer {
+    digest: String,
+    size: Option<u64>,
+    command: String,
+    packages: RwLock<HashSet<Arc<Package>>>,
+}
+
+impl Debug for Layer {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("Layer")
+            .field("digest", &self.digest)
+            .field("size", &self.size)
+            .field("command", &self.command)
+            .finish()
+    }
+}
+
+impl Layer {
+    pub(in crate::domain::scanresult) fn new(
+        digest: String,
+        size: Option<u64>,
+        command: String,
+    ) -> Self {
+        Self {
+            digest,
+            size,
+            command,
+            packages: RwLock::new(HashSet::new()),
+        }
+    }
+
+    pub fn digest(&self) -> Option<&str> {
+        if self.digest.is_empty() {
+            None
+        } else {
+            Some(&self.digest)
+        }
+    }
+
+    pub fn size(&self) -> Option<&u64> {
+        self.size.as_ref()
+    }
+
+    pub fn command(&self) -> &str {
+        &self.command
+    }
+
+    pub(in crate::domain::scanresult) fn add_package(&self, a_package: Arc<Package>) {
+        self.packages.write().unwrap().insert(a_package);
+    }
+
+    pub fn packages(&self) -> Vec<Arc<Package>> {
+        self.packages.read().unwrap().iter().cloned().collect()
+    }
+
+    pub fn vulnerabilities(&self) -> Vec<Arc<Vulnerability>> {
+        self.packages
+            .read()
+            .unwrap()
+            .iter()
+            .flat_map(|p| p.vulnerabilities())
+            .collect()
+    }
+}
+
+impl PartialEq for Layer {
+    fn eq(&self, other: &Self) -> bool {
+        self.digest == other.digest
+    }
+}
+
+impl Eq for Layer {}
+
+impl Hash for Layer {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        self.digest.hash(state);
+    }
+}

src/domain/scanresult/metadata.rs

@@ -0,0 +1,77 @@
+use crate::domain::scanresult::architecture::Architecture;
+use crate::domain::scanresult::operating_system::OperatingSystem;
+use chrono::{DateTime, Utc};
+use std::collections::HashMap;
+
+#[derive(PartialEq, Eq)]
+pub struct Metadata {
+    pull_string: String,
+    image_id: String,
+    digest: String,
+    base_os: OperatingSystem,
+    size_in_bytes: u64,
+    architecture: Architecture,
+    labels: HashMap<String, String>,
+    created_at: DateTime<Utc>,
+}
+
+impl Metadata {
+    #[allow(clippy::too_many_arguments)]
+    pub(in crate::domain::scanresult) fn new(
+        pull_string: String,
+        image_id: String,
+        digest: String,
+        base_os: OperatingSystem,
+        size_in_bytes: u64,
+        architecture: Architecture,
+        labels: HashMap<String, String>,
+        created_at: DateTime<Utc>,
+    ) -> Self {
+        Self {
+            pull_string,
+            image_id,
+            digest,
+            base_os,
+            size_in_bytes,
+            architecture,
+            labels,
+            created_at,
+        }
+    }
+
+    pub fn pull_string(&self) -> &str {
+        &self.pull_string
+    }
+
+    pub fn image_id(&self) -> &str {
+        &self.image_id
+    }
+
+    pub fn digest(&self) -> Option<&str> {
+        if self.digest.is_empty() {
+            None
+        } else {
+            Some(&self.digest)
+        }
+    }
+
+    pub fn base_os(&self) -> &OperatingSystem {
+        &self.base_os
+    }
+
+    pub fn size_in_bytes(&self) -> &u64 {
+        &self.size_in_bytes
+    }
+
+    pub fn architecture(&self) -> &Architecture {
+        &self.architecture
+    }
+
+    pub fn labels(&self) -> &HashMap<String, String> {
+        &self.labels
+    }
+
+    pub fn created_at(&self) -> DateTime<Utc> {
+        self.created_at
+    }
+}

src/domain/scanresult/mod.rs

@@ -0,0 +1,20 @@
+pub mod accepted_risk;
+pub mod accepted_risk_reason;
+pub mod architecture;
+pub mod evaluation_result;
+pub mod layer;
+pub mod metadata;
+pub mod operating_system;
+pub mod package;
+pub mod package_type;
+pub mod policy;
+pub mod policy_bundle;
+pub mod policy_bundle_rule;
+pub mod policy_bundle_rule_failure;
+pub mod policy_bundle_rule_image_config_failure;
+pub mod policy_bundle_rule_pkg_vuln_failure;
+pub mod scan_result;
+pub mod scan_type;
+pub mod severity;
+pub mod vulnerability;
+pub mod weak_hash;