STACKITGit/cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way.

Browse source
This commit is contained in:
Phill MV 2024-10-10 11:22:22 -04:00
parent aaea0166e2
commit 28c2308458
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/cmd/attestation/verification/extensions.go
View file

@ -16,12 +16,19 @@ func VerifyCertExtensions(results []*AttestationProcessingResult, tenant, owner,
return errors.New("no attestations proccessing results")
}
var atLeastOneVerified bool
for _, attestation := range results {
if err := verifyCertExtensions(attestation, tenant, owner, repo, issuer); err != nil {
return err
}
atLeastOneVerified = true
}
if atLeastOneVerified {
return nil
} else {
return ErrNoAttestationsVerified
}
return nil
}
func verifyCertExtensions(attestation *AttestationProcessingResult, tenant, owner, repo, issuer string) error {