From ef9a096f202c9bd2160738c913abf41b72163cf4 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 26 Sep 2024 17:35:53 +0100 Subject: [PATCH] feat: adding git remotes to subjects and normalising url Signed-off-by: chaosinthecrd --- attestation/git/git.go | 35 ++++++++++++++++++++++++++++++++++- attestation/git/git_test.go | 19 +++++++++++++++++++ go.mod | 1 + go.sum | 2 ++ 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/attestation/git/git.go b/attestation/git/git.go index e61a0af6..d1bd01dc 100644 --- a/attestation/git/git.go +++ b/attestation/git/git.go @@ -17,6 +17,7 @@ package git import ( "crypto" "fmt" + "path" "strings" "time" @@ -25,7 +26,9 @@ import ( "github.com/go-git/go-git/v5/plumbing/object" "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" + "github.com/in-toto/go-witness/log" "github.com/invopop/jsonschema" + giturl "github.com/whilp/git-urls" ) const ( @@ -156,7 +159,14 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { } for _, remote := range remotes { - a.Remotes = append(a.Remotes, remote.Config().URLs...) + for _, u := range remote.Config().URLs { + nu, err := normaliseRemoteURL(u) + if err != nil { + log.Debug(err.Error()) + } + + a.Remotes = append(a.Remotes, nu) + } } refs, err := repo.References() @@ -326,6 +336,16 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subjects[subjectName] = ds } + // add remotes + for _, remote := range a.Remotes { + subjectName = fmt.Sprintf("remote:%v", remote) + ds, err = cryptoutil.CalculateDigestSetFromBytes([]byte(remote), hashes) + if err != nil { + return nil + } + subjects[subjectName] = ds + } + // add refname short subjectName = fmt.Sprintf("refnameshort:%v", a.RefNameShort) ds, err = cryptoutil.CalculateDigestSetFromBytes([]byte(a.RefNameShort), hashes) @@ -371,3 +391,16 @@ func statusCodeString(statusCode git.StatusCode) string { return string(statusCode) } } + +func normaliseRemoteURL(url string) (string, error) { + rurl, err := giturl.Parse(url) + if err != nil { + return "", fmt.Errorf("failed to parse remote url: %w", err) + } + + if strings.HasSuffix(rurl.Path, ".git") { + rurl.Path = strings.TrimSuffix(rurl.Path, ".git") + } + + return path.Join(rurl.Host, rurl.Path), nil +} diff --git a/attestation/git/git_test.go b/attestation/git/git_test.go index 0c1ce744..96a67b36 100644 --- a/attestation/git/git_test.go +++ b/attestation/git/git_test.go @@ -43,6 +43,25 @@ func TestNameTypeRunType(t *testing.T) { require.Equal(t, RunType, attestor.RunType(), "Expected the attestor's run type") } +func TestNormaliseRemotes(t *testing.T) { + remotes := []string{ + "github.com/in-toto/go-witness", + "github.com/in-toto/go-witness.git", + "https://github.com/in-toto/go-witness", + "https://github.com/in-toto/go-witness.git", + "git@github.com:in-toto/go-witness", + "git@github.com:in-toto/go-witness.git", + } + + for _, r := range remotes { + nr, err := normaliseRemoteURL(r) + require.NoError(t, err, "Expected no error from normaliseRemoteURL") + + require.Equal(t, "github.com/in-toto/go-witness", nr, "normalising failed for %s. Expected 'github.com/in-toto/go-witness', got %s", r, nr) + } + +} + func TestRunWorksWithCommits(t *testing.T) { attestor := New() diff --git a/go.mod b/go.mod index 6ad39eec..14ed3f83 100644 --- a/go.mod +++ b/go.mod @@ -103,6 +103,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/whilp/git-urls v1.0.0 // indirect github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/zclconf/go-cty v1.14.4 // indirect go.opencensus.io v0.24.0 // indirect diff --git a/go.sum b/go.sum index 4e86d0c7..f3a28304 100644 --- a/go.sum +++ b/go.sum @@ -341,6 +341,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU= +github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE= github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=