feat(materials): Add support for ZAP reports #1360
Conversation
| // detection. The order of the list is important as it defines the order of the | ||
| // detection process. Normally from most common one to the least common one and weaker validation method. | ||
| var CraftingMaterialInValidationOrder = []CraftingSchema_Material_MaterialType{ | ||
| CraftingSchema_Material_ZAP_DAST_ZIP, |
There was a problem hiding this comment.
why first? Isn't it too expensive? I'd make sure we order by less expensive to more
There was a problem hiding this comment.
Yes, I don't know why I placed it there, it should be lower on the list.
migmartri
left a comment
migmartri
left a comment
There was a problem hiding this comment.
Awesome Javi. ptal at my comment about the autodetection
|
|
||
| // Craft will extract the ZAP JSON report from the zip file and upload it to the CAS | ||
| func (i *ZAPCrafter) Craft(ctx context.Context, filePath string) (*api.Attestation_Material, error) { | ||
| archive, err := zip.OpenReader(filePath) |
There was a problem hiding this comment.
could we check if it's a zip file?
There was a problem hiding this comment.
That OpenReader checks already that the incoming file is a zip file but we can do a manual check in any case.
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
| } | ||
|
|
||
| // isZipFile checks if the file is a valid zip archive | ||
| func (i *ZAPCrafter) isZipFile(filePath string) error { |
There was a problem hiding this comment.
yeah, it seems that in the end this was not worth it and in fact this is a bad implementation since you are reading the whole file in memory. Imagine that you are providing a 500MB file... https://stackoverflow.com/a/76828828
Could you please remove this?
2 participants
This patch introduces support for a new material type called ZAP_DAST_ZIP, which represents a ZAP DAST report in ZIP format. The crafter will validate the incoming file as a valid ZIP archive and, using the extracted JSON report, ensure that the program used is ZAP.
Refs: #1359