Refactor materials reading from file to lib

Signed-off-by: Marco Franssen <marco.franssen@philips.com>
philips-labs · Nov 30, 2021 · 75cb706 · 75cb706
1 parent 0d8b360
commit 75cb706
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 26 deletions.
diff --git a/cmd/slsa-provenance/cli/files_test.go b/cmd/slsa-provenance/cli/files_test.go
@@ -91,7 +91,7 @@ func TestGenerateFilesCliOptions(t *testing.T) {
 		},
 		{
 			name: "With broken extra materials",
-			err:  fmt.Errorf("failed retrieving extra materials: invalid JSON in extra materials file %s: unexpected end of JSON input", path.Join(rootDir, "test-data/materials-broken.not-json")),
+			err:  fmt.Errorf("failed retrieving extra materials for %s: unexpected EOF", path.Join(rootDir, "test-data/materials-broken.not-json")),
 			arguments: []string{
 				"--artifact-path",
 				path.Join(rootDir, "bin/slsa-provenance"),
@@ -123,7 +123,7 @@ func TestGenerateFilesCliOptions(t *testing.T) {
 		},
 		{
 			name: "With broken extra materials (no uri)",
-			err:  fmt.Errorf("failed retrieving extra materials: empty or missing \"uri\" field in %s", path.Join(rootDir, "test-data/materials-no-uri.json")),
+			err:  fmt.Errorf("failed retrieving extra materials for %s: empty or missing \"uri\" for material", path.Join(rootDir, "test-data/materials-no-uri.json")),
 			arguments: []string{
 				"--artifact-path",
 				path.Join(rootDir, "bin/slsa-provenance"),
@@ -139,7 +139,7 @@ func TestGenerateFilesCliOptions(t *testing.T) {
 		},
 		{
 			name: "With broken extra materials (no digest)",
-			err:  fmt.Errorf("failed retrieving extra materials: empty or missing \"digest\" in %s", path.Join(rootDir, "test-data/materials-no-digest.json")),
+			err:  fmt.Errorf("failed retrieving extra materials for %s: empty or missing \"digest\" for material", path.Join(rootDir, "test-data/materials-no-digest.json")),
 			arguments: []string{
 				"--artifact-path",
 				path.Join(rootDir, "bin/slsa-provenance"),

diff --git a/cmd/slsa-provenance/cli/github-release.go b/cmd/slsa-provenance/cli/github-release.go
@@ -56,13 +56,11 @@ func GitHubRelease() *cobra.Command {
 			rc := github.NewReleaseClient(tc)
 			env := github.NewReleaseEnvironment(*gh, *runner, tagName, rc)
 
-			stmt, err := env.GenerateProvenanceStatement(cmd.Context(), artifactPath)
+			stmt, err := env.GenerateProvenanceStatement(cmd.Context(), artifactPath, materials...)
 			if err != nil {
 				return fmt.Errorf("failed to generate provenance: %w", err)
 			}
 
-			stmt.Predicate.Materials = append(stmt.Predicate.Materials, materials...)
-
 			fmt.Fprintf(cmd.OutOrStdout(), "Saving provenance to %s\n", outputPath)
 
 			return env.PersistProvenanceStatement(cmd.Context(), stmt, outputPath)

diff --git a/cmd/slsa-provenance/cli/options/generate.go b/cmd/slsa-provenance/cli/options/generate.go
@@ -56,22 +56,17 @@ func (o *GenerateOptions) GetExtraMaterials() ([]intoto.Item, error) {
 	var materials []intoto.Item
 
 	for _, extra := range o.ExtraMaterials {
-		content, err := os.ReadFile(extra)
+		file, err := os.Open(extra)
 		if err != nil {
 			return nil, fmt.Errorf("failed retrieving extra materials: %w", err)
 		}
-		if err = json.Unmarshal(content, &materials); err != nil {
-			return nil, fmt.Errorf("failed retrieving extra materials: invalid JSON in extra materials file %s: %w", extra, err)
-		}
-		for _, material := range materials {
-			if material.URI == "" {
-				return nil, fmt.Errorf("failed retrieving extra materials: empty or missing \"uri\" field in %s", extra)
-			}
-			if len(material.Digest) == 0 {
-				return nil, fmt.Errorf("failed retrieving extra materials: empty or missing \"digest\" in %s", extra)
-			}
-			materials = append(materials, material)
+		defer file.Close()
+
+		m, err := intoto.ReadMaterials(file)
+		if err != nil {
+			return nil, fmt.Errorf("failed retrieving extra materials for %s: %w", extra, err)
 		}
+		materials = append(materials, m...)
 	}
 
 	return materials, nil

diff --git a/lib/intoto/intoto.go b/lib/intoto/intoto.go
@@ -85,13 +85,6 @@ func WithInvocation(buildType, entryPoint string, environment json.RawMessage, p
 	}
 }
 
-// WithMaterials adds additional materials to the predicate
-func WithMaterials(materials []Item) StatementOption {
-	return func(s *Statement) {
-		s.Predicate.Materials = append(s.Predicate.Materials, materials...)
-	}
-}
-
 // Statement The Statement is the middle layer of the attestation, binding it to a particular subject and unambiguously identifying the types of the predicate.
 type Statement struct {
 	Type          string    `json:"_type"`

diff --git a/lib/intoto/materials.go b/lib/intoto/materials.go
@@ -0,0 +1,34 @@
+package intoto
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+)
+
+// WithMaterials adds additional materials to the predicate
+func WithMaterials(materials []Item) StatementOption {
+	return func(s *Statement) {
+		s.Predicate.Materials = append(s.Predicate.Materials, materials...)
+	}
+}
+
+// ReadMaterials reads the material from file
+func ReadMaterials(r io.Reader) ([]Item, error) {
+	var materials []Item
+
+	if err := json.NewDecoder(r).Decode(&materials); err != nil {
+		return nil, err
+	}
+
+	for _, material := range materials {
+		if material.URI == "" {
+			return nil, fmt.Errorf("empty or missing \"uri\" for material")
+		}
+		if len(material.Digest) == 0 {
+			return nil, fmt.Errorf("empty or missing \"digest\" for material")
+		}
+	}
+
+	return materials, nil
+}
diff --git a/lib/intoto/materials_test.go b/lib/intoto/materials_test.go
@@ -0,0 +1,62 @@
+package intoto
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestMaterials(t *testing.T) {
+	assert := assert.New(t)
+
+	validMaterials := strings.NewReader(`[
+	{
+		"uri": "pkg:deb/debian/stunnel4@5.50-3?arch=amd64",
+		"digest": {
+			"sha256": "e1731ae217fcbc64d4c00d707dcead45c828c5f762bcf8cc56d87de511e096fa"
+		}
+	}
+]`)
+
+	nonJSON := strings.NewReader(`[
+	{
+		"uri": "pkg:deb/debian/stunnel4@5.50-3?arch=amd64",
+		"digest": {
+			"sha256": "e1731ae217fcbc64d4c00d707dcead45c828c5f762bcf8cc56d87de511e096fa"
+		}
+	}`)
+
+	withoutDigest := strings.NewReader(`[
+	{
+		"uri": "pkg:deb/debian/stunnel4@5.50-3?arch=amd64",
+		"not-digest": {
+			"sha256": "e1731ae217fcbc64d4c00d707dcead45c828c5f762bcf8cc56d87de511e096fa"
+		}
+	}
+]`)
+
+	withoutURI := strings.NewReader(`[
+{
+	"digest": {
+		"sha256": "e1731ae217fcbc64d4c00d707dcead45c828c5f762bcf8cc56d87de511e096fa"
+	}
+}
+]`)
+
+	m, err := ReadMaterials(validMaterials)
+	assert.NoError(err)
+	assert.Len(m, 1)
+
+	m, err = ReadMaterials(nonJSON)
+	assert.EqualError(err, "unexpected EOF")
+	assert.Nil(m)
+
+	m, err = ReadMaterials(withoutDigest)
+	assert.EqualError(err, "empty or missing \"digest\" for material")
+	assert.Nil(m)
+
+	m, err = ReadMaterials(withoutURI)
+	assert.EqualError(err, "empty or missing \"uri\" for material")
+	assert.Nil(m)
+}
diff --git a/lib/intoto/subjects_test.go b/lib/intoto/subjects_test.go
@@ -38,11 +38,13 @@ func TestSubjects(t *testing.T) {
 	assert.NoError(err)
 	assert.NotNil(s)
 
-	assert.Len(s, 4)
+	assert.Len(s, 6)
 	assertSubject(assert, s, "intoto_test.go", path.Join(".", "intoto_test.go"))
 	assertSubject(assert, s, "intoto.go", path.Join(".", "intoto.go"))
 	assertSubject(assert, s, "subjects_test.go", path.Join(".", "subjects_test.go"))
 	assertSubject(assert, s, "subjects.go", path.Join(".", "subjects.go"))
+	assertSubject(assert, s, "materials_test.go", path.Join(".", "materials_test.go"))
+	assertSubject(assert, s, "materials.go", path.Join(".", "materials.go"))
 }
 
 func assertSubject(assert *assert.Assertions, subject []Subject, binaryName, binaryPath string) {