@@ -107,9 +107,26 @@ where
107107 Ok ( all_resolved_sboms)
108108}
109109
110- /// Get all CPEs of the "describing component" of an SBOM
110+ /// Retrieves the distinct list of CPE (Common Platform Enumeration) UUIDs associated with a specific SBOM,
111+ /// specifically the "describing component" of an SBOM.
111112///
112113/// This means: all CPEs of all nodes which have the SBOM's node ID on the right side of a "describes" relationship
114+ ///
115+ /// This function queries the `sbom_package_cpe_ref` linking table to find all CPEs tied
116+ /// to the given `sbom_id`. It includes validation joins to ensure the SBOM exists and
117+ /// properly contains a "Describes" relationship (indicating a valid root package structure).
118+ ///
119+ /// # Arguments
120+ ///
121+ /// * `connection` - The database connection used to execute the query.
122+ /// * `sbom_id` - The UUID of the SBOM to search within.
123+ ///
124+ /// # Returns
125+ ///
126+ /// Returns a `Result` containing:
127+ /// * `Vec<Uuid>`: A list of unique CPE UUIDs found in the SBOM.
128+ /// * `Error`: If a database error occurs.
129+ ///
113130async fn describing_cpes (
114131 connection : & ( impl ConnectionTrait + Send ) ,
115132 sbom_id : Uuid ,
@@ -130,7 +147,8 @@ async fn describing_cpes(
130147 . await ?)
131148}
132149
133- /// Retrieves lineage (ancestors) of a specific node within an SBOM graph.
150+ /// Retrieves lineage (ancestors) of a specific node within an SBOM graph as represented
151+ /// in sql data (NOT in memory graph).
134152///
135153/// This function performs an iterative upstream traversal starting from the `start_node_id`.
136154/// It walks the `package_relates_to_package` table from Child to Parent until it reaches
@@ -262,13 +280,25 @@ pub async fn resolve_sbom_cpes(
262280 Ok ( matched_sboms)
263281}
264282
265- /// emulate SQL RANK which partitions vec RankedSBOM on cpe_id and date
283+ /// Assigns a rank to SBOMs within their specific CPE groups based on creation date which
284+ /// embodies the latest filter heuristics.
285+ ///
286+ /// This function simulates a SQL Window Function:
287+ /// `DENSE_RANK() OVER (PARTITION BY cpe_id ORDER BY sbom_date DESC)`.
266288///
267- /// The input is a (possibly) unsorted Vec of RankedSboms. The `rank` field may be empty and
268- /// will be filled when the function returns.
289+ /// # Logic
290+ /// 1. **Sort**: The list is sorted primarily by `cpe_id` (to group items) and secondarily
291+ /// by `sbom_date` in descending order (newest first).
292+ /// 2. **Rank**: It iterates through the sorted list:
293+ /// - **New Group**: If the `cpe_id` changes, the rank resets to 1.
294+ /// - **Ties**: If the `sbom_date` is identical to the previous item in the same group,
295+ /// they share the same rank.
296+ /// - **Progression**: If the date is older, the rank increments by 1 (creating a "Dense" rank,
297+ /// meaning no numbers are skipped after ties: 1, 1, 2).
269298///
270- /// As a side effect, the Vec will be sorted by cpe_id, then sbom_date
271- pub fn apply_rank ( items : & mut [ RankedSbom ] ) {
299+ /// # Arguments
300+ /// * `items` - A mutable slice of `RankedSbom` that will be sorted and updated in-place.pub
301+ fn apply_rank ( items : & mut [ RankedSbom ] ) {
272302 items. sort_by ( |a, b| {
273303 a. cpe_id
274304 . cmp ( & b. cpe_id ) // Partition 1
0 commit comments