From 957503105a0ad0bdf3c2b0d1c6d293f3639d65ed Mon Sep 17 00:00:00 2001 From: JoshDaBosh Date: Fri, 16 Aug 2024 08:42:49 -0400 Subject: [PATCH] test: add jenkins and slsa attestor tests --- attestation/jenkins/jenkins_test.go | 38 +++++++++++++++++ attestation/slsa/slsa_test.go | 46 ++++++++++++++++++++ internal/attestors/jenkins.go | 65 +++++++++++++++++++++++++++++ 3 files changed, 149 insertions(+) create mode 100644 attestation/jenkins/jenkins_test.go create mode 100644 internal/attestors/jenkins.go diff --git a/attestation/jenkins/jenkins_test.go b/attestation/jenkins/jenkins_test.go new file mode 100644 index 00000000..e72a0c3b --- /dev/null +++ b/attestation/jenkins/jenkins_test.go @@ -0,0 +1,38 @@ +// Copyright 2024 The Witness Contributors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package jenkins + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestSubjects(t *testing.T) { + attestor := &Attestor{} + + subjects := attestor.Subjects() + assert.NotNil(t, subjects) + assert.Equal(t, 2, len(subjects)) + + expectedSubjects := []string{"pipelineurl:" + attestor.PipelineUrl, "jenkinsurl:" + attestor.JenkinsUrl} + for _, expectedSubject := range expectedSubjects { + _, ok := subjects[expectedSubject] + assert.True(t, ok, "Expected subject not found: %s", expectedSubject) + } + m := attestor.BackRefs() + assert.NotNil(t, m) + assert.Equal(t, 1, len(m)) +} diff --git a/attestation/slsa/slsa_test.go b/attestation/slsa/slsa_test.go index 4eb392bb..e4626ab5 100644 --- a/attestation/slsa/slsa_test.go +++ b/attestation/slsa/slsa_test.go @@ -115,6 +115,11 @@ func TestAttest(t *testing.T) { gl.Data().JWT.Claims["sha"] = "abc123" gl.Data().PipelineUrl = "https://github.com/testifysec/swf/actions/runs/7879307166" + // Setup Jenkins + jks := attestors.NewTestJenkinsAttestor() + jks.Data().JenkinsUrl = "https://localhost:8000/" + jks.Data().PipelineUrl = "https://github.com/testifysec/swf/actions/runs/7879307166" + // Setup Materials m := attestors.NewTestMaterialAttestor() @@ -135,6 +140,7 @@ func TestAttest(t *testing.T) { }{ {"github", []attestation.Attestor{e, g, gh, m, c, p, o}, testGHProvJSON}, {"gitlab", []attestation.Attestor{e, g, gl, m, c, p, o}, testGLProvJSON}, + {"jenkins", []attestation.Attestor{e, g, jks, m, c, p, o}, testJKSProvJSON}, } for _, test := range tests { @@ -316,3 +322,43 @@ const testGLProvJSON = `{ } } }` + +const testJKSProvJSON = `{ + "build_definition": { + "build_type": "https://witness.dev/slsa-build@v0.1", + "external_parameters": { + "command": "touch test.txt" + }, + "internal_parameters": { + "env": { + "SHELL": "/bin/zsh", + "TERM": "xterm-256color", + "TERM_PROGRAM": "iTerm.app" + } + }, + "resolved_dependencies": [ + { + "name": "git@github.com:in-toto/witness.git", + "digest": { + "sha1": "abc123" + } + } + ] + }, + "run_details": { + "builder": { + "id": "https://witness.dev/witness-jenkins-component-builder@v0.1" + }, + "metadata": { + "invocation_id": "https://github.com/testifysec/swf/actions/runs/7879307166", + "started_on": { + "seconds": 1711199861, + "nanos": 560152000 + }, + "finished_on": { + "seconds": 1711199861, + "nanos": 560152000 + } + } + } +}` diff --git a/internal/attestors/jenkins.go b/internal/attestors/jenkins.go new file mode 100644 index 00000000..007a9460 --- /dev/null +++ b/internal/attestors/jenkins.go @@ -0,0 +1,65 @@ +// Copyright 2024 The Witness Contributors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package attestors + +import ( + "github.com/in-toto/go-witness/attestation" + "github.com/in-toto/go-witness/attestation/jenkins" + "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" +) + +var _ jenkins.JenkinsAttestor = &TestJenkinsAttestor{} + +type TestJenkinsAttestor struct { + jenkinsAtt jenkins.Attestor +} + +func NewTestJenkinsAttestor() *TestJenkinsAttestor { + att := jenkins.Attestor{} + return &TestJenkinsAttestor{jenkinsAtt: att} +} + +func (t *TestJenkinsAttestor) Name() string { + return t.jenkinsAtt.Name() +} + +func (t *TestJenkinsAttestor) Type() string { + return t.jenkinsAtt.Type() +} + +func (t *TestJenkinsAttestor) RunType() attestation.RunType { + return t.jenkinsAtt.RunType() +} + +func (t *TestJenkinsAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + +func (t *TestJenkinsAttestor) Attest(ctx *attestation.AttestationContext) error { + return nil +} + +func (t *TestJenkinsAttestor) Data() *jenkins.Attestor { + return &t.jenkinsAtt +} + +func (t *TestJenkinsAttestor) Subjects() map[string]cryptoutil.DigestSet { + return nil +} + +func (t *TestJenkinsAttestor) BackRefs() map[string]cryptoutil.DigestSet { + return nil +}