-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathmerge.go
92 lines (75 loc) · 2.45 KB
/
merge.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*
Copyright 2022 The OpenVEX Authors
SPDX-License-Identifier: Apache-2.0
*/
package cmd
import (
"context"
"errors"
"fmt"
"os"
"github.com/spf13/cobra"
"github.com/openvex/vexctl/pkg/ctl"
)
type mergeOptions struct {
vexDocOptions
productsListOption
vulnerabilityListOption
}
func (mo *mergeOptions) AddFlags(cmd *cobra.Command) {
mo.productsListOption.AddFlags(cmd)
mo.vulnerabilityListOption.AddFlags(cmd)
mo.vexDocOptions.AddFlags(cmd)
}
func (mo *mergeOptions) Validate() error {
return errors.Join(
mo.productsListOption.Validate(),
mo.vulnerabilityListOption.Validate(),
mo.vexDocOptions.Validate(),
)
}
func addMerge(parentCmd *cobra.Command) {
opts := mergeOptions{}
mergeCmd := &cobra.Command{
Short: fmt.Sprintf("%s merge: merges two or more VEX documents into one", appname),
Long: fmt.Sprintf(`%s merge: merge one or more documents into one
When composing VEX data out of multiple sources it may be necessary to mix
all statements into a single doc. The merge subcommand mixes the statements
from one or more vex documents into a single, new one.
Examples:
# Merge two documents into one
%s merge document1.vex.json document2.vex.json > new.vex.json
# Merge two documents into one, but only one product
%s merge --product="pkg:apk/wolfi/[email protected]" document1.vex.json document2.vex.json
# Merge vulnerability data from two documents into one
%s merge --vulnerability=CVE-2022-3294 document1.vex.json document2.vex.json
`, appname, appname, appname, appname),
Use: "merge",
SilenceUsage: false,
SilenceErrors: false,
PersistentPreRunE: initLogging,
RunE: func(_ *cobra.Command, args []string) error {
vexctl := ctl.New()
// TODO(puerco): Change this to vex merge options when we move
// the merge logic out of vexctl
newVex, err := vexctl.MergeFiles(context.Background(), &ctl.MergeOptions{
DocumentID: opts.vexDocOptions.DocumentID,
Author: opts.vexDocOptions.Author,
AuthorRole: opts.vexDocOptions.AuthorRole,
Products: opts.Products,
Vulnerabilities: opts.Vulnerabilities,
}, args)
if err != nil {
return fmt.Errorf("merging documents: %w", err)
}
if err := newVex.ToJSON(os.Stdout); err != nil {
return fmt.Errorf("writing new vex document: %w", err)
}
return nil
},
}
opts.productsListOption.AddFlags(mergeCmd)
opts.vulnerabilityListOption.AddFlags(mergeCmd)
opts.vexDocOptions.AddFlags(mergeCmd)
parentCmd.AddCommand(mergeCmd)
}