From b14e430441f1d78d7fe9c44a6e97d8603d736b89 Mon Sep 17 00:00:00 2001
From: Cody Soyland <codysoyland@github.com>
Date: Fri, 6 Sep 2024 15:22:43 -0400
Subject: [PATCH] Check for nil values to prevent nil dereference panic

Signed-off-by: Cody Soyland <codysoyland@github.com>
---
 pkg/cmd/attestation/verify/verify.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go
index f053240de..055636ad5 100644
--- a/pkg/cmd/attestation/verify/verify.go
+++ b/pkg/cmd/attestation/verify/verify.go
@@ -307,11 +307,19 @@ func buildTableVerifyContent(results []*verification.AttestationProcessingResult
 	content := make([][]string, len(results))
 
 	for i, res := range results {
+		if res.VerificationResult == nil ||
+			res.VerificationResult.Signature == nil ||
+			res.VerificationResult.Signature.Certificate == nil {
+			return nil, fmt.Errorf("bundle missing verification result fields")
+		}
 		builderSignerURI := res.VerificationResult.Signature.Certificate.Extensions.BuildSignerURI
 		repoAndOrg, workflow, err := extractAttestationDetail(builderSignerURI)
 		if err != nil {
 			return nil, err
 		}
+		if res.VerificationResult.Statement == nil {
+			return nil, fmt.Errorf("bundle missing attestation statement (bundle must originate from GitHub Artifact Attestations)")
+		}
 		predicateType := res.VerificationResult.Statement.PredicateType
 		content[i] = []string{repoAndOrg, predicateType, workflow}
 	}