code simplification

Author: timbastin

controllers/crowdsourced_vexing_controller.go

@@ -1,7 +1,10 @@
 package controllers
 
 import (
+	"errors"
+
 	"github.com/google/uuid"
+	"github.com/l3montree-dev/devguard/crowdsourcevexing"
 	"github.com/l3montree-dev/devguard/shared"
 	"github.com/l3montree-dev/devguard/transformer"
 	"github.com/labstack/echo/v4"
@@ -29,11 +32,12 @@ func (c *CrowdsourcedVexingController) Recommend(ctx shared.Context) error {
 	}
 
 	rule, err := c.crowdsourcedVexingService.Recommend(ctx, nil, dependencyVulnIDParsed)
+
 	if err != nil {
+		if errors.Is(err, crowdsourcevexing.NoRecommendationErr) {
+			return ctx.NoContent(204)
+		}
 		return echo.NewHTTPError(500, "Could not calculate recommendation.").WithInternal(err)
 	}
-	if rule.ID == "" {
-		return ctx.NoContent(204)
-	}
 	return ctx.JSON(200, transformer.VEXRuleToRecommendationDTO(rule))
 }

crowdsourcevexing/crowdsourced_vexing.go

@@ -134,6 +134,8 @@ func findVexRuleFromPath(vexRulePath string, vexRules []VexRule) (VexRule, bool)
 // Some more requirements to consider:
 // Application / Creation of vex rules counts as a vote
 
+var NoRecommendationErr = fmt.Errorf("no recommendation")
+
 func CrowdsourcedVexing(dependencyPath []string, cve CVE, vexRules []VexRule, organizations []Organization, projects []Project, assets []Asset) (VexRule, error) {
 	var adjustedDiminishmentFactor = baseDiminishmentFactor
 	// If there is only one organization, we don't need a diminishmentfactor and therefore it should be set to 1 (no diminishment, value is worth fully)
@@ -267,7 +269,7 @@ func CrowdsourcedVexing(dependencyPath []string, cve CVE, vexRules []VexRule, or
 	// [Mitigation 15] Require a minimum number of voters for a decision; disabling the recommendation when too few voters remain
 	if validVotesCount < minVoterThreshold {
 		slog.Info("not enough valid votes to create a crowdsourced VEX rule", "validVotesCount", validVotesCount)
-		return VexRule{}, nil
+		return VexRule{}, NoRecommendationErr
 	}
 
 	var crowdsourcedVexRule VexRule
@@ -283,14 +285,14 @@ func CrowdsourcedVexing(dependencyPath []string, cve CVE, vexRules []VexRule, or
 	// [Mitigation 31] Use standardized cutoff; test with extreme values; define deterministictie-breaking rules
 	// After the sorting, the VexRule with the highest confidence will be at the end of the sortableVotes slice, so we can compare it with the second to last to check for a tie
 	if len(sortableVotes) == 0 {
-		return VexRule{}, nil
+		return VexRule{}, NoRecommendationErr
 	}
 	if len(sortableVotes) > 1 {
 		if votes[sortableVotes[len(sortableVotes)-1]].Value == votes[sortableVotes[len(sortableVotes)-2]].Value {
 			// Inconclusive result, no clear winner
 			// In this case we don't recommend any VexRule to the user, to encourage manual assessment by the user
 			// to generate more data for a better recommendation in the future
-			return VexRule{}, nil
+			return VexRule{}, NoRecommendationErr
 		} else {
 			// At this point we have a recommendation for a VexRule and want to return the datastructure of the VexRule to the user
 			// For that take any fitting VexRule from the database, since they should all be the same

database/repositories/asset_version_repository.go

@@ -236,47 +236,6 @@ func (repository *assetVersionRepository) GetAssetVersionsByAssetID(ctx context.
 	return assets, err
 }
 
-func (repository *assetVersionRepository) GetAssetVersionsByAssetIDs(ctx context.Context, tx *gorm.DB, assetIDs []uuid.UUID) ([]models.AssetVersion, error) {
-	var assets []models.AssetVersion
-	err := repository.GetDB(ctx, tx).Preload("Asset").Where("asset_id IN ?", assetIDs).Find(&assets).Error
-	return assets, err
-}
-
-func (repository *assetVersionRepository) FindByAssetVersionNameAndAssetIDList(
-	ctx context.Context,
-	tx *gorm.DB,
-	assetPairs []shared.AssetVersionPair,
-) ([]models.AssetVersion, error) {
-
-	var assets []models.AssetVersion
-
-	if len(assetPairs) == 0 {
-		return assets, nil
-	}
-
-	db := repository.GetDB(ctx, tx)
-
-	placeholders := make([]string, 0, len(assetPairs))
-	args := make([]interface{}, 0, len(assetPairs)*2)
-
-	for _, p := range assetPairs {
-		placeholders = append(placeholders, "(?, ?)")
-		args = append(args, p.AssetID, p.Name)
-	}
-
-	query := fmt.Sprintf(
-		"(asset_id, name) IN (%s)",
-		strings.Join(placeholders, ","),
-	)
-
-	err := db.
-		Preload("Asset").
-		Where(query, args...).
-		Find(&assets).Error
-
-	return assets, err
-}
-
 func (repository *assetVersionRepository) GetAssetVersionsByAssetIDWithArtifacts(ctx context.Context, tx *gorm.DB, assetID uuid.UUID) ([]models.AssetVersion, error) {
 	var assetVersion []models.AssetVersion
 	err := repository.GetDB(ctx, tx).Preload("Artifacts").Where("asset_id = ?", assetID).Find(&assetVersion).Error

database/repositories/vex_rule_repository.go

@@ -57,7 +57,7 @@ func (r *vexRuleRepository) All(ctx context.Context, tx *gorm.DB) ([]models.VEXR
 
 func (r *vexRuleRepository) FindByCVE(ctx context.Context, tx *gorm.DB, cveID string) ([]models.VEXRule, error) {
 	var rules []models.VEXRule
-	err := r.GetDB(ctx, tx).Where("cve_id = ? AND enabled = ?", cveID, true).Find(&rules).Error
+	err := r.GetDB(ctx, tx).Preload("Asset").Where("cve_id = ? AND enabled = ?", cveID, true).Find(&rules).Error
 	return rules, err
 }