From 85868eadbf6a287f9bf5f47d355ff944080d3845 Mon Sep 17 00:00:00 2001
From: Robbie Cronin <robert.owen.cronin@gmail.com>
Date: Wed, 6 Nov 2024 22:53:05 +1100
Subject: [PATCH] Add CertifyLegal to query known package (#2254)

Signed-off-by: robert-cronin <robert.owen.cronin@gmail.com>
---
 cmd/guacone/cmd/known.go | 39 ++++++++++++++++++++++++++++-----------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/cmd/guacone/cmd/known.go b/cmd/guacone/cmd/known.go
index 157960f3de..2ace3afb41 100644
--- a/cmd/guacone/cmd/known.go
+++ b/cmd/guacone/cmd/known.go
@@ -41,6 +41,7 @@ const (
 	hasSBOMStr          string = "hasSBOM"
 	hasSLSAStr          string = "hasSLSA"
 	certifyVulnStr      string = "certifyVuln"
+	certifyLegalStr     string = "certifyLegal"
 	vexLinkStr          string = "vexLink"
 	badLinkStr          string = "badLink"
 	goodLinkStr         string = "goodLink"
@@ -61,17 +62,18 @@ type queryKnownOptions struct {
 }
 
 type neighbors struct {
-	hashEquals   []*model.NeighborsNeighborsHashEqual
-	scorecards   []*model.NeighborsNeighborsCertifyScorecard
-	occurrences  []*model.NeighborsNeighborsIsOccurrence
-	hasSrcAt     []*model.NeighborsNeighborsHasSourceAt
-	hasSBOMs     []*model.NeighborsNeighborsHasSBOM
-	hasSLSAs     []*model.NeighborsNeighborsHasSLSA
-	certifyVulns []*model.NeighborsNeighborsCertifyVuln
-	vexLinks     []*model.NeighborsNeighborsCertifyVEXStatement
-	badLinks     []*model.NeighborsNeighborsCertifyBad
-	goodLinks    []*model.NeighborsNeighborsCertifyGood
-	pkgEquals    []*model.NeighborsNeighborsPkgEqual
+	hashEquals    []*model.NeighborsNeighborsHashEqual
+	scorecards    []*model.NeighborsNeighborsCertifyScorecard
+	occurrences   []*model.NeighborsNeighborsIsOccurrence
+	hasSrcAt      []*model.NeighborsNeighborsHasSourceAt
+	hasSBOMs      []*model.NeighborsNeighborsHasSBOM
+	hasSLSAs      []*model.NeighborsNeighborsHasSLSA
+	certifyVulns  []*model.NeighborsNeighborsCertifyVuln
+	certifyLegals []*model.NeighborsNeighborsCertifyLegal
+	vexLinks      []*model.NeighborsNeighborsCertifyVEXStatement
+	badLinks      []*model.NeighborsNeighborsCertifyBad
+	goodLinks     []*model.NeighborsNeighborsCertifyGood
+	pkgEquals     []*model.NeighborsNeighborsPkgEqual
 }
 
 var (
@@ -181,6 +183,8 @@ var queryKnownCmd = &cobra.Command{
 			t.AppendSeparator()
 			t.AppendRows(getOutputBasedOnNode(ctx, gqlclient, pkgVersionNeighbors, certifyVulnStr, packageSubjectType))
 			t.AppendSeparator()
+			t.AppendRows(getOutputBasedOnNode(ctx, gqlclient, pkgVersionNeighbors, certifyLegalStr, artifactSubjectType))
+			t.AppendSeparator()
 			t.AppendRows(getOutputBasedOnNode(ctx, gqlclient, pkgVersionNeighbors, hasSBOMStr, packageSubjectType))
 			t.AppendSeparator()
 			t.AppendRows(getOutputBasedOnNode(ctx, gqlclient, pkgVersionNeighbors, hasSLSAStr, packageSubjectType))
@@ -323,6 +327,9 @@ func queryKnownNeighbors(ctx context.Context, gqlclient graphql.Client, subjectQ
 		case *model.NeighborsNeighborsPkgEqual:
 			collectedNeighbors.pkgEquals = append(collectedNeighbors.pkgEquals, v)
 			path = append(path, v.Id)
+		case *model.NeighborsNeighborsCertifyLegal:
+			collectedNeighbors.certifyLegals = append(collectedNeighbors.certifyLegals, v)
+			path = append(path, v.Id)
 		default:
 			continue
 		}
@@ -449,6 +456,16 @@ func getOutputBasedOnNode(ctx context.Context, gqlclient graphql.Client, collect
 		for _, equal := range collectedNeighbors.pkgEquals {
 			tableRows = append(tableRows, table.Row{pkgEqualStr, equal.Id, ""})
 		}
+	case certifyLegalStr:
+		for _, legal := range collectedNeighbors.certifyLegals {
+			tableRows = append(tableRows, table.Row{
+				certifyLegalStr,
+				legal.Id,
+				"Declared License: " + legal.DeclaredLicense +
+				",\nDiscovered License: " + legal.DiscoveredLicense +
+				",\nOrigin: " + legal.Origin,
+			})
+		}
 	}
 
 	return tableRows