Skip to content

Commit

Permalink
Merge pull request #11 from in-toto/make-linter-happy
Browse files Browse the repository at this point in the history
Make linter happy
  • Loading branch information
marcelamelara authored Oct 25, 2023
2 parents be5ffe6 + 80dd689 commit fb5d277
Show file tree
Hide file tree
Showing 11 changed files with 129 additions and 138 deletions.
28 changes: 14 additions & 14 deletions scai-gen/cmd/assert.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@ package cmd

import (
"fmt"

"github.com/in-toto/scai-demos/scai-gen/fileio"

ita "github.com/in-toto/attestation/go/v1"
scai "github.com/in-toto/attestation/go/predicates/scai/v0"
ita "github.com/in-toto/attestation/go/v1"
"github.com/spf13/cobra"
"google.golang.org/protobuf/types/known/structpb"
)
Expand All @@ -18,9 +19,9 @@ var assertCmd = &cobra.Command{
}

var (
targetFile string
conditionsFile string
evidenceFile string
targetFile string
conditionsFile string
evidenceFile string
)

func init() {
Expand All @@ -31,8 +32,8 @@ func init() {
"",
"Filename to write out the JSON-encoded object",
)
assertCmd.MarkFlagRequired("out-file")
assertCmd.MarkFlagRequired("out-file") //nolint:errcheck

assertCmd.Flags().StringVarP(
&targetFile,
"target",
Expand All @@ -58,8 +59,7 @@ func init() {
)
}

func genAttrAssertion(cmd *cobra.Command, args []string) error {

func genAttrAssertion(_ *cobra.Command, args []string) error {
attribute := args[0]

var target *ita.ResourceDescriptor
Expand Down Expand Up @@ -88,18 +88,18 @@ func genAttrAssertion(cmd *cobra.Command, args []string) error {
return err
}
}

aa := &scai.AttributeAssertion{
Attribute: attribute,
Target: target,
Attribute: attribute,
Target: target,
Conditions: conditions,
Evidence: evidence,
Evidence: evidence,
}

err := aa.Validate()
if err != nil {
return fmt.Errorf("Invalid SCAI attribute assertion: %w", err)
return fmt.Errorf("invalid SCAI attribute assertion: %w", err)
}

return fileio.WritePbToFile(aa, outFile)
}
80 changes: 39 additions & 41 deletions scai-gen/cmd/check.go
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
package cmd

import (
"path/filepath"
"fmt"
"encoding/json"
"fmt"
"io/fs"
"strings"
"os"
"path/filepath"
"strings"

"github.com/in-toto/scai-demos/scai-gen/fileio"
"github.com/in-toto/scai-demos/scai-gen/policy"

"github.com/in-toto/attestation-verifier/verifier"
ita "github.com/in-toto/attestation/go/v1"
scai "github.com/in-toto/attestation/go/predicates/scai/v0"
ita "github.com/in-toto/attestation/go/v1"
"github.com/secure-systems-lab/go-securesystemslib/dsse"
"github.com/spf13/cobra"
"google.golang.org/protobuf/encoding/protojson"
Expand Down Expand Up @@ -58,18 +59,18 @@ func init() {
"",
"The filename of the YAML-encoded in-toto Layout",
)
layoutCmd.MarkFlagRequired("layout")
layoutCmd.MarkFlagRequired("layout") //nolint:errcheck
}

func init() {
func init() {
evCmd.Flags().StringVarP(
&evidenceDir,
"evidence-dir",
"e",
"",
"The directory containing evidence files",
)
evCmd.MarkFlagRequired("evidence-dir")
evCmd.MarkFlagRequired("evidence-dir") //nolint:errcheck

evCmd.Flags().StringVarP(
&policyFile,
Expand All @@ -78,11 +79,10 @@ func init() {
"",
"The filename of the policy file",
)
evCmd.MarkFlagRequired("policy-file")
evCmd.MarkFlagRequired("policy-file") //nolint:errcheck
}

func checkLayout(cmd *cobra.Command, args []string) error {

func checkLayout(_ *cobra.Command, args []string) error {
layout, err := verifier.LoadLayout(layoutFile)
if err != nil {
return err
Expand All @@ -109,18 +109,17 @@ func checkLayout(cmd *cobra.Command, args []string) error {
return verifier.Verify(layout, attestations, parameters)
}

func checkEvidence(cmd *cobra.Command, args []string) error {

func checkEvidence(_ *cobra.Command, args []string) error {
attestationPath := args[0]
fmt.Println("Reading attestation file", attestationPath)

envBytes, err := os.ReadFile(attestationPath)
if err != nil {
return err
}

fmt.Println("Reading policy file", policyFile)

policyBytes, err := os.ReadFile(policyFile)
if err != nil {
return err
Expand All @@ -134,7 +133,7 @@ func checkEvidence(cmd *cobra.Command, args []string) error {
fmt.Println("Checking attestation matches ID in policy")

if !policy.MatchDigest(evPolicy.AttestationID, envBytes) {
return fmt.Errorf("Attestation does not match attestation ID in policy")
return fmt.Errorf("attestation does not match attestation ID in policy")
}

// now, let's get the Statement
Expand All @@ -144,21 +143,21 @@ func checkEvidence(cmd *cobra.Command, args []string) error {
if err := json.Unmarshal(envBytes, envelope); err != nil {
return err
}

statement, err := getStatementDSSEPayload(envelope)
if err != nil {
return err
}

fmt.Println("Collecting all evidence files")

evidenceFiles, err := getAllEvidenceFiles(evidenceDir)
if err != nil {
return fmt.Errorf("Failed read evidence files in directory %s: %w", evidenceDir, err)
return fmt.Errorf("failed read evidence files in directory %s: %w", evidenceDir, err)
}

if statement.GetPredicateType() != "https://in-toto.io/attestation/scai/attribute-report/v0.2" {
return fmt.Errorf("Evidence checking only supported for SCAI attestations")
return fmt.Errorf("evidence checking only supported for SCAI attestations")
}

report, err := pbStructToSCAI(statement.GetPredicate())
Expand All @@ -168,7 +167,7 @@ func checkEvidence(cmd *cobra.Command, args []string) error {

// validate the report
if err := report.Validate(); err != nil {
return fmt.Errorf("Malformed SCAI Attribute Report: %w", err)
return fmt.Errorf("malformed SCAI Attribute Report: %w", err)
}

// order attribute assertions by evidence name
Expand All @@ -181,28 +180,28 @@ func checkEvidence(cmd *cobra.Command, args []string) error {
}

fmt.Println("Checking policy rules...")

for _, check := range evPolicy.Inspections {
rules := check.ExpectedAttributes
if len(rules) == 0 {
return fmt.Errorf("No rules for check %s", check.Name)
return fmt.Errorf("no rules for check %s", check.Name)
}

attrAssertion, ok := attrAssertions[check.Name]
if !ok {
return fmt.Errorf("Attestation evidence missing %s", check.Name)
return fmt.Errorf("attestation evidence missing %s", check.Name)
}

fmt.Println("Validating attribute assertion format")
if err := attrAssertion.Validate(); err != nil {
return fmt.Errorf("Malformed attribute assertion in attestation: %w", err)
return fmt.Errorf("malformed attribute assertion in attestation: %w", err)
}

ev := attrAssertion.GetEvidence()

evContent, ok := evidenceFiles[ev.GetName()]
if !ok {
return fmt.Errorf("Evidence file to check not found")
return fmt.Errorf("evidence file to check not found")
}

fmt.Println("Checking evidence content according to policy rules...")
Expand All @@ -211,28 +210,27 @@ func checkEvidence(cmd *cobra.Command, args []string) error {
case "text/plain":
err := policy.ApplyPlaintextRules(string(evContent), attrAssertion, rules)
if err != nil {
return fmt.Errorf("Plaintext policy check failed: %w", err)
return fmt.Errorf("plaintext policy check failed: %w", err)
}

case "application/vnd.in-toto+dsse":
evEnv := &dsse.Envelope{}
if err := json.Unmarshal(evContent, evEnv); err != nil {
return err
}

evStatement, err := getStatementDSSEPayload(evEnv)
if err != nil {
return err
}

err = policy.ApplyAttestationRules(evStatement, attrAssertion, rules)
if err != nil {
return fmt.Errorf("Attestation policy check failed: %w", err)
return fmt.Errorf("attestation policy check failed: %w", err)
}

default:
return fmt.Errorf("Evidence type not supported: %s", ev.GetMediaType())

default:
return fmt.Errorf("evidence type not supported: %s", ev.GetMediaType())
}
}

Expand All @@ -241,14 +239,14 @@ func checkEvidence(cmd *cobra.Command, args []string) error {
return nil
}

func pbStructToSCAI(s *structpb.Struct) (*scai.AttributeReport, error) {
structJson, err := protojson.Marshal(s)
func pbStructToSCAI(s *structpb.Struct) (*scai.AttributeReport, error) {
structJSON, err := protojson.Marshal(s)
if err != nil {
return nil, err
}

report := &scai.AttributeReport{}
err = protojson.Unmarshal(structJson, report)
err = protojson.Unmarshal(structJSON, report)
if err != nil {
return nil, err
}
Expand All @@ -259,12 +257,12 @@ func pbStructToSCAI(s *structpb.Struct) (*scai.AttributeReport, error) {
func getStatementDSSEPayload(envelope *dsse.Envelope) (*ita.Statement, error) {
stBytes, err := envelope.DecodeB64Payload()
if err != nil {
return nil, fmt.Errorf("Failed to decode DSSE payload: %w", err)
return nil, fmt.Errorf("failed to decode DSSE payload: %w", err)
}

statement := &ita.Statement{}
if err = protojson.Unmarshal(stBytes, statement); err != nil {
return nil, fmt.Errorf("Failed to unmarshal Statement: %w", err)
return nil, fmt.Errorf("failed to unmarshal Statement: %w", err)
}

return statement, nil
Expand Down
Loading

0 comments on commit fb5d277

Please sign in to comment.