Skip to content

Commit

Permalink
pass the provenance whole
Browse files Browse the repository at this point in the history 
Signed-off-by: pxp928 <parth.psu@gmail.com>
  • Loading branch information
@pxp928
pxp928 committed Aug 30, 2022
1 parent 2dd0260 commit feeb4d8
Show file tree
Hide file tree
Showing 7 changed files with 25 additions and 62 deletions.
2 changes: 1 addition & 1 deletion pkg/handler/processor/dsse/dsse.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func (d *DSSEProcessor) Unpack(i *processor.Document) ([]*processor.Document, er
case string(dsseITE6):
doc = &processor.Document{
Blob: decodedPayload,
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: i.SourceInformation,
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/handler/processor/dsse/dsse_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ var (
}
ite6SLSADoc = processor.Document{
Blob: []byte(ite6SLSA),
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Expand Down
4 changes: 2 additions & 2 deletions pkg/handler/processor/guesser/type_ite6.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ func (_ *ite6TypeGuesser) GuessDocumentType(blob []byte, format processor.Format
if json.Unmarshal(blob, &statement) == nil && format == processor.FormatJSON {
if strings.HasPrefix(statement.Type, "https://in-toto.io/Statement") {
if strings.HasPrefix(statement.PredicateType, "https://slsa.dev/provenance") {
return processor.DocumentSLSA
return processor.DocumentITE6SLSA
}
return processor.DocumentITE6
return processor.DocumentITE6SLSA
}
}
return processor.DocumentUnknown
Expand Down
6 changes: 3 additions & 3 deletions pkg/handler/processor/guesser/type_ite6_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@ func Test_Ite6TypeGuesser(t *testing.T) {
}, {
name: "valid ITE6 Document",
blob: []byte(`{"_type": "https://in-toto.io/Statement/v0.1"}`),
expected: processor.DocumentITE6,
expected: processor.DocumentITE6Unknown,
}, {
name: "valid SLSA ITE6 Document",
blob: []byte(`{"_type": "https://in-toto.io/Statement/v0.1", "predicateType": "https://slsa.dev/provenance/v0.2"}`),
expected: processor.DocumentSLSA,
expected: processor.DocumentITE6SLSA,
}, {
name: "valid SLSA ITE6 Document with different versions",
blob: []byte(`{"_type": "https://in-toto.io/Statement/v1.1", "predicateType": "https://slsa.dev/provenance/v1.0"}`),
expected: processor.DocumentSLSA,
expected: processor.DocumentITE6SLSA,
}}

for _, tt := range testCases {
Expand Down
26 changes: 7 additions & 19 deletions pkg/handler/processor/ite6/ite6.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ type ITE6Processor struct {

// ValidateSchema ensures that the document blob can be parsed into a valid data structure
func (e *ITE6Processor) ValidateSchema(i *processor.Document) error {
if i.Type != processor.DocumentITE6 {
return fmt.Errorf("expected document type: %v, actual document type: %v", processor.DocumentITE6, i.Type)
if i.Type != processor.DocumentITE6Unknown {
return fmt.Errorf("expected document type: %v, actual document type: %v", processor.DocumentITE6Unknown, i.Type)
}

_, err := parseStatement(i.Blob)
Expand All @@ -46,30 +46,26 @@ func (e *ITE6Processor) ValidateSchema(i *processor.Document) error {
// Unpack takes in the document and tries to unpack the provenance.
// if the predicate is of SLSA type the predicate is stored in the blob
func (e *ITE6Processor) Unpack(i *processor.Document) ([]*processor.Document, error) {
if i.Type != processor.DocumentITE6 {
return nil, fmt.Errorf("expected document type: %v, actual document type: %v", processor.DocumentITE6, i.Type)
if i.Type != processor.DocumentITE6Unknown {
return nil, fmt.Errorf("expected document type: %v, actual document type: %v", processor.DocumentITE6Unknown, i.Type)
}

statement, err := parseStatement(i.Blob)
if err != nil {
return nil, err
}
var doc *processor.Document
predicatePayload, err := getPredicate(statement)
if err != nil {
return nil, err
}
switch pt := statement.PredicateType; pt {
case string(slsaPredicateType):
doc = &processor.Document{
Blob: predicatePayload,
Type: processor.DocumentSLSA,
Blob: i.Blob,
Type: processor.DocumentITE6SLSA,
Format: processor.FormatJSON,
SourceInformation: i.SourceInformation,
}
default:
doc = &processor.Document{
Blob: predicatePayload,
Blob: i.Blob,
Type: processor.DocumentUnknown,
Format: processor.FormatUnknown,
SourceInformation: i.SourceInformation,
Expand All @@ -86,11 +82,3 @@ func parseStatement(p []byte) (*in_toto.Statement, error) {
}
return &ps, nil
}

func getPredicate(statement *in_toto.Statement) ([]byte, error) {
predicatePayload, err := json.Marshal(statement.Predicate)
if err != nil {
return nil, err
}
return predicatePayload, nil
}
39 changes: 7 additions & 32 deletions pkg/handler/processor/ite6/ite6_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,31 +88,6 @@ var (
]
}
}`

predicate = `{
"builder": { "id": "https://github.com/Attestations/GitHubHostedActions@v1" },
"buildType": "https://github.com/Attestations/GitHubActionsWorkflow@v1",
"invocation": {
"configSource": {
"uri": "git+https://github.com/curl/curl-docker@master",
"digest": { "sha1": "d6525c840a62b398424a78d792f457477135d0cf" },
"entryPoint": "build.yaml:maketgz"
}
},
"metadata": {
"completeness": {
"environment": true
}
},
"materials": [
{
"uri": "git+https://github.com/curl/curl-docker@master",
"digest": { "sha1": "d6525c840a62b398424a78d792f457477135d0cf" }
}, {
"uri": "github_hosted_vm:ubuntu-18.04:20210123.1"
}
]
}`
)

func TestITE6Processor_ValidateSchema(t *testing.T) {
Expand All @@ -124,7 +99,7 @@ func TestITE6Processor_ValidateSchema(t *testing.T) {
name: "ITE6 Doc with unknown payload",
args: &processor.Document{
Blob: []byte(badProvenance),
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Expand All @@ -136,7 +111,7 @@ func TestITE6Processor_ValidateSchema(t *testing.T) {
name: "ITE6 Doc with valid payload",
args: &processor.Document{
Blob: []byte(ite6SLSA),
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Expand Down Expand Up @@ -165,15 +140,15 @@ func TestITE6Processor_Unpack(t *testing.T) {
name: "ITE6 Doc with unknown payload",
args: &processor.Document{
Blob: []byte(unknownProvenance),
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Source: "TestSource",
},
},
want: []*processor.Document{{
Blob: []byte(predicate),
Blob: []byte(unknownProvenance),
Type: processor.DocumentUnknown,
Format: processor.FormatUnknown,
SourceInformation: processor.SourceInformation{
Expand All @@ -186,16 +161,16 @@ func TestITE6Processor_Unpack(t *testing.T) {
name: "ITE6 Doc with valid payload",
args: &processor.Document{
Blob: []byte(ite6SLSA),
Type: processor.DocumentITE6,
Type: processor.DocumentITE6Unknown,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Source: "TestSource",
},
},
want: []*processor.Document{{
Blob: []byte(predicate),
Type: processor.DocumentSLSA,
Blob: []byte(ite6SLSA),
Type: processor.DocumentITE6SLSA,
Format: processor.FormatJSON,
SourceInformation: processor.SourceInformation{
Collector: "TestCollector",
Expand Down
8 changes: 4 additions & 4 deletions pkg/handler/processor/processor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,10 @@ type DocumentType string

// Document* is the enumerables of DocumentType
const (
DocumentSLSA DocumentType = "SLSA"
DocumentITE6 DocumentType = "ITE6"
DocumentDSSE DocumentType = "DSSE"
DocumentUnknown DocumentType = "UNKNOWN"
DocumentITE6SLSA DocumentType = "SLSA"
DocumentITE6Unknown = "ITE6"
DocumentDSSE = "DSSE"
DocumentUnknown = "UNKNOWN"
)

// FormatType describes the document format for malform checks
Expand Down

0 comments on commit feeb4d8

Please sign in to comment.