add check for invalid attestation

Signed-off-by: Meredith Lancaster <malancas@github.com>
2025-01-08 08:38:43 -07:00 · 2025-01-08 08:38:43 -07:00 · 8ad877b188
commit 8ad877b188
parent 33d0002d21
2 changed files with 19 additions and 0 deletions
--- a/pkg/cmd/attestation/api/client.go
+++ b/pkg/cmd/attestation/api/client.go
@ -172,6 +172,10 @@ func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([
 	g := errgroup.Group{}
 	for i, a := range attestations {
 		g.Go(func() error {
+			if a.Bundle == nil && a.BundleURL == "" {
+				return fmt.Errorf("attestation has no bundle or bundle URL")
+			}
+
 			// for now, we fallback to the bundle field if the bundle URL is empty
 			if a.BundleURL == "" {
 				c.logger.VerbosePrintf("Bundle URL is empty. Falling back to bundle field\n\n")
@ -181,6 +185,7 @@ func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([
 				return nil
 			}

+			// otherwise fetch the bundle with the provided URL
 			b, err := c.GetBundle(a.BundleURL)
 			if err != nil {
 				return fmt.Errorf("failed to fetch bundle with URL: %w", err)
--- a/pkg/cmd/attestation/api/client_test.go
+++ b/pkg/cmd/attestation/api/client_test.go
@ -197,6 +197,20 @@ func TestFetchBundleFromAttestations(t *testing.T) {
 	httpClient.AssertNumberOfCalls(t, "OnGetSuccess", 2)
 }

+func TestFetchBundleFromAttestations_InvalidAttestation(t *testing.T) {
+	httpClient := &mockHttpClient{}
+	client := LiveClient{
+		httpClient: httpClient,
+		logger:     io.NewTestHandler(),
+	}
+
+	att1 := Attestation{}
+	attestations := []*Attestation{&att1}
+	fetched, err := client.fetchBundleFromAttestations(attestations)
+	require.Error(t, err)
+	require.Nil(t, fetched, 2)
+}
+
 func TestFetchBundleFromAttestations_Fail(t *testing.T) {
 	httpClient := &failAfterOneCallHttpClient{}