Skip to content

fix(materials): Remove check on zip files #1361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
javirln merged 1 commit into from
Oct 7, 2024
Merged

fix(materials): Remove check on zip files #1361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 1 addition & 44 deletions pkg/attestation/crafter/materials/zap.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@ import (
"encoding/json"
"fmt"
"io"
"net/http"
"os"

schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
"github.com/chainloop-dev/chainloop/internal/casclient"
Expand All @@ -36,8 +34,6 @@ const (
zapReportFileName = "report_json.json"
// zapProgramName is the name of the program that generated the ZAP report
zapProgramName = "ZAP"
// outputFileName is the name of the fixed JSON report file
outputFileName = "zap_dast_report.json"
)

// zapJSON is the structure of the ZAP report JSON with the values being checked
Expand All @@ -63,11 +59,6 @@ func NewZAPCrafter(materialSchema *schemaapi.CraftingSchema_Material, backend *c

// Craft will extract the ZAP JSON report from the zip file and upload it to the CAS
func (i *ZAPCrafter) Craft(ctx context.Context, filePath string) (*api.Attestation_Material, error) {
err := i.isZipFile(filePath)
if err != nil {
return nil, fmt.Errorf("invalid zip file: %w", err)
}

archive, err := zip.OpenReader(filePath)
if err != nil {
return nil, fmt.Errorf("can't open the zip file: %w", err)
Expand Down Expand Up @@ -113,40 +104,6 @@ func (i *ZAPCrafter) Craft(ctx context.Context, filePath string) (*api.Attestati
return nil, fmt.Errorf("invalid ZAP report file: %w", ErrInvalidMaterialType)
}

// Write the raw JSON report to a fixed file name
tempFile, err := os.Create(outputFileName)
if err != nil {
return nil, fmt.Errorf("can't create fixed file: %w", err)
}
// Clean up the fixed file after use
defer os.Remove(outputFileName)

if _, err = tempFile.Write(rawZapReport); err != nil {
return nil, fmt.Errorf("can't write to fixed file: %w", err)
}

// Close the file to ensure the data is written
if err = tempFile.Close(); err != nil {
return nil, fmt.Errorf("can't close the fixed file: %w", err)
}

// Call uploadAndCraft with the path of the JSON report file
return uploadAndCraft(ctx, i.input, i.backend, outputFileName, i.logger)
}

// isZipFile checks if the file is a valid zip archive
func (i *ZAPCrafter) isZipFile(filePath string) error {
// Open the file and check the content type
fileData, err := os.ReadFile(filePath)
if err != nil {
return fmt.Errorf("can't read the file: %w", err)
}

// Detect the content type of the entire file
contentType := http.DetectContentType(fileData)
if contentType != "application/zip" {
return fmt.Errorf("file is not a valid zip archive, detected content type: %s", contentType)
}

return nil
return uploadAndCraft(ctx, i.input, i.backend, filePath, i.logger)
}
11 changes: 5 additions & 6 deletions pkg/attestation/crafter/materials/zap_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (

"github.com/rs/zerolog"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -72,7 +71,7 @@ func TestNewZAPCraft(t *testing.T) {
{
name: "invalid ZAP format",
filePath: "./testdata/sbom.cyclonedx.json",
wantErr: "invalid zip file: file is not a valid zip archive, detected content type",
wantErr: "can't open the zip file",
},
{
name: "invalid path",
Expand All @@ -82,7 +81,7 @@ func TestNewZAPCraft(t *testing.T) {
{
name: "invalid artifact type",
filePath: "./testdata/simple.txt",
wantErr: "invalid zip file: file is not a valid zip archive, detected content type",
wantErr: "can't open the zip file",
},
{
name: "missing ZAP json report",
Expand All @@ -106,10 +105,10 @@ func TestNewZAPCraft(t *testing.T) {
// Mock uploader
uploader := mUploader.NewUploader(t)
if tc.wantErr == "" {
uploader.On("UploadFile", context.TODO(), mock.Anything).
uploader.On("UploadFile", context.TODO(), tc.filePath).
Return(&casclient.UpDownStatus{
Digest: "deadbeef",
Filename: "zap_dast_report.json",
Filename: "zap_scan.zip",
}, nil)
}

Expand All @@ -129,7 +128,7 @@ func TestNewZAPCraft(t *testing.T) {

// // The result includes the digest reference
assert.Equal(got.GetArtifact(), &attestationApi.Attestation_Material_Artifact{
Id: "test", Digest: "sha256:f61aa70510cb53530158c78dd2d50da90ec8190c11020fe4fafb42e1cce47b69", Name: "zap_dast_report.json",
Id: "test", Digest: "sha256:7aa1273cbc367cd13cc7be0e97a939df47f9b35e1fc45b4b81b6152569b3565c", Name: "zap_scan.zip",
})
})
}
Expand Down