chore: add custom unmarshal method and use concrete depgraph type

Author: thomasschafer

internal/snykclient/types.go

@@ -1,6 +1,13 @@
 //nolint:tagliatelle // Allowing snake case for API response schemas
 package snykclient
 
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/snyk/cli-extension-dep-graph/internal/depgraph"
+)
+
 type ScanResultTarget struct {
 	RemoteURL string `json:"remoteUrl"`
 }
@@ -12,8 +19,40 @@ type ScanResultIdentity struct {
 }
 
 type ScanResultFact struct {
-	Type string      `json:"type"`
-	Data interface{} `json:"data"`
+	Type string `json:"type"`
+	Data any    `json:"data"`
+}
+
+// UnmarshalJSON implements custom JSON unmarshaling for ScanResultFact.
+// When type is "depGraph", it unmarshals data directly into *depgraph.DepGraph.
+func (f *ScanResultFact) UnmarshalJSON(data []byte) error {
+	var scanResultRaw struct {
+		Type string          `json:"type"`
+		Data json.RawMessage `json:"data"`
+	}
+
+	if err := json.Unmarshal(data, &scanResultRaw); err != nil {
+		return fmt.Errorf("failed to unmarshal ScanResultFact: %w", err)
+	}
+
+	f.Type = scanResultRaw.Type
+
+	switch scanResultRaw.Type {
+	case "depGraph":
+		var depGraph depgraph.DepGraph
+		if err := json.Unmarshal(scanResultRaw.Data, &depGraph); err != nil {
+			return fmt.Errorf("failed to unmarshal depGraph data: %w", err)
+		}
+		f.Data = &depGraph
+	default:
+		var v any
+		if err := json.Unmarshal(scanResultRaw.Data, &v); err != nil {
+			return fmt.Errorf("failed to unmarshal fact data: %w", err)
+		}
+		f.Data = v
+	}
+
+	return nil
 }
 
 type ScanResult struct {

internal/snykclient/types_test.go

@@ -0,0 +1,166 @@
+package snykclient
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/snyk/cli-extension-dep-graph/internal/depgraph"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestScanResultFact_UnmarshalJSON_DepGraph(t *testing.T) {
+	jsonData := `{
+		"type": "depGraph",
+		"data": {
+			"schemaVersion": "1.2.0",
+			"pkgManager": {
+				"name": "npm",
+				"version": "8.0.0",
+				"repositories": [
+					{
+						"alias": "npmjs"
+					}
+				]
+			},
+			"pkgs": [
+				{
+					"id": "[email protected]",
+					"info": {
+						"name": "root",
+						"version": "1.0.0",
+						"purl": "pkg:npm/[email protected]"
+					}
+				},
+				{
+					"id": "[email protected]",
+					"info": {
+						"name": "dep",
+						"version": "2.0.0"
+					}
+				}
+			],
+			"graph": {
+				"rootNodeId": "root-node",
+				"nodes": [
+					{
+						"nodeId": "root-node",
+						"pkgId": "[email protected]",
+						"deps": [
+							{
+								"nodeId": "dep-node"
+							}
+						]
+					},
+					{
+						"nodeId": "dep-node",
+						"pkgId": "[email protected]",
+						"deps": []
+					}
+				]
+			}
+		}
+	}`
+
+	var fact ScanResultFact
+	err := json.Unmarshal([]byte(jsonData), &fact)
+
+	require.NoError(t, err)
+	assert.Equal(t, "depGraph", fact.Type)
+
+	depGraph, ok := fact.Data.(*depgraph.DepGraph)
+	require.True(t, ok, "expected fact.Data to be *depgraph.DepGraph")
+	require.NotNil(t, depGraph)
+
+	assert.Equal(t, "1.2.0", depGraph.SchemaVersion)
+	assert.Equal(t, "npm", depGraph.PkgManager.Name)
+	assert.Equal(t, "8.0.0", depGraph.PkgManager.Version)
+	assert.Len(t, depGraph.PkgManager.Repositories, 1)
+	assert.Equal(t, "npmjs", depGraph.PkgManager.Repositories[0].Alias)
+
+	require.Len(t, depGraph.Pkgs, 2)
+	assert.Equal(t, "[email protected]", depGraph.Pkgs[0].ID)
+	assert.Equal(t, "root", depGraph.Pkgs[0].Info.Name)
+	assert.Equal(t, "1.0.0", depGraph.Pkgs[0].Info.Version)
+	assert.Equal(t, "pkg:npm/[email protected]", depGraph.Pkgs[0].Info.PackageURL)
+	assert.Equal(t, "[email protected]", depGraph.Pkgs[1].ID)
+
+	assert.Equal(t, "root-node", depGraph.Graph.RootNodeID)
+	require.Len(t, depGraph.Graph.Nodes, 2)
+	assert.Equal(t, "root-node", depGraph.Graph.Nodes[0].NodeID)
+	assert.Equal(t, "[email protected]", depGraph.Graph.Nodes[0].PkgID)
+	require.Len(t, depGraph.Graph.Nodes[0].Deps, 1)
+	assert.Equal(t, "dep-node", depGraph.Graph.Nodes[0].Deps[0].NodeID)
+	assert.Equal(t, "dep-node", depGraph.Graph.Nodes[1].NodeID)
+	assert.Empty(t, depGraph.Graph.Nodes[1].Deps)
+}
+
+func TestScanResultFact_UnmarshalJSON_OtherType(t *testing.T) {
+	jsonData := `{
+		"type": "vulnerability",
+		"data": {
+			"severity": "high",
+			"title": "Test vulnerability"
+		}
+	}`
+
+	var fact ScanResultFact
+	err := json.Unmarshal([]byte(jsonData), &fact)
+
+	require.NoError(t, err)
+	assert.Equal(t, "vulnerability", fact.Type)
+
+	dataMap, ok := fact.Data.(map[string]any)
+	require.True(t, ok, "expected fact.Data to be map[string]any")
+	assert.Equal(t, "high", dataMap["severity"])
+	assert.Equal(t, "Test vulnerability", dataMap["title"])
+}
+
+func TestScanResultFact_UnmarshalJSON_MalformedDepGraph(t *testing.T) {
+	jsonData := `{
+		"type": "depGraph",
+		"data": {
+			"schemaVersion": "1.2.0",
+			"pkgs": "this should be an array not a string"
+		}
+	}`
+
+	var fact ScanResultFact
+	err := json.Unmarshal([]byte(jsonData), &fact)
+
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "failed to unmarshal depGraph data")
+}
+
+func TestScanResultFact_UnmarshalJSON_MissingDataField(t *testing.T) {
+	tests := []struct {
+		name           string
+		jsonData       string
+		expectedErrMsg string
+	}{
+		{
+			name: "missing data field for depGraph",
+			jsonData: `{
+				"type": "depGraph"
+			}`,
+			expectedErrMsg: "failed to unmarshal depGraph data",
+		},
+		{
+			name: "missing data field for other type",
+			jsonData: `{
+				"type": "vulnerability"
+			}`,
+			expectedErrMsg: "failed to unmarshal fact data",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var fact ScanResultFact
+			err := json.Unmarshal([]byte(tt.jsonData), &fact)
+
+			require.Error(t, err)
+			assert.Contains(t, err.Error(), tt.expectedErrMsg)
+		})
+	}
+}

pkg/depgraph/sbom_resolution.go

@@ -203,8 +203,16 @@ func extractDepGraphsFromScans(scans []*snykclient.ScanResult, normalisedTargetF
 				continue
 			}
 
-			// Create workflow data with the depgraph
-			data, err := workflowDataFromDepGraph(fact.Data, normalisedTargetFile, scan.Identity.TargetFile)
+			// ScanResultFact.UnmarshalJSON deserializes fact.Data into *depgraph.DepGraph when type is "depGraph".
+			depGraph, ok := fact.Data.(*depgraph.DepGraph)
+			if !ok {
+				return nil, fmt.Errorf("expected fact.Data to be *depgraph.DepGraph, got %T", fact.Data)
+			}
+			if depGraph == nil {
+				return nil, fmt.Errorf("depGraph is nil for fact with type 'depGraph'")
+			}
+
+			data, err := workflowDataFromDepGraph(depGraph, normalisedTargetFile, scan.Identity.TargetFile)
 			if err != nil {
 				return nil, fmt.Errorf("failed to create workflow data: %w", err)
 			}
@@ -216,7 +224,7 @@ func extractDepGraphsFromScans(scans []*snykclient.ScanResult, normalisedTargetF
 	return depGraphList, nil
 }
 
-func workflowDataFromDepGraph(depGraph any, normalisedTargetFile, targetFileFromPlugin string) (workflow.Data, error) {
+func workflowDataFromDepGraph(depGraph *depgraph.DepGraph, normalisedTargetFile, targetFileFromPlugin string) (workflow.Data, error) {
 	depGraphBytes, err := json.Marshal(depGraph)
 	if err != nil {
 		return nil, fmt.Errorf("failed to marshal depgraph data: %w", err)