From 8ad877b188762e7a613ddc68ce220f4e7144a856 Mon Sep 17 00:00:00 2001 From: Meredith Lancaster Date: Wed, 8 Jan 2025 08:38:43 -0700 Subject: [PATCH] add check for invalid attestation Signed-off-by: Meredith Lancaster --- pkg/cmd/attestation/api/client.go | 5 +++++ pkg/cmd/attestation/api/client_test.go | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/pkg/cmd/attestation/api/client.go b/pkg/cmd/attestation/api/client.go index f8d0509ee..37579b7bc 100644 --- a/pkg/cmd/attestation/api/client.go +++ b/pkg/cmd/attestation/api/client.go @@ -172,6 +172,10 @@ func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([ g := errgroup.Group{} for i, a := range attestations { g.Go(func() error { + if a.Bundle == nil && a.BundleURL == "" { + return fmt.Errorf("attestation has no bundle or bundle URL") + } + // for now, we fallback to the bundle field if the bundle URL is empty if a.BundleURL == "" { c.logger.VerbosePrintf("Bundle URL is empty. Falling back to bundle field\n\n") @@ -181,6 +185,7 @@ func (c *LiveClient) fetchBundleFromAttestations(attestations []*Attestation) ([ return nil } + // otherwise fetch the bundle with the provided URL b, err := c.GetBundle(a.BundleURL) if err != nil { return fmt.Errorf("failed to fetch bundle with URL: %w", err) diff --git a/pkg/cmd/attestation/api/client_test.go b/pkg/cmd/attestation/api/client_test.go index fcceb33d7..65f8d59ca 100644 --- a/pkg/cmd/attestation/api/client_test.go +++ b/pkg/cmd/attestation/api/client_test.go @@ -197,6 +197,20 @@ func TestFetchBundleFromAttestations(t *testing.T) { httpClient.AssertNumberOfCalls(t, "OnGetSuccess", 2) } +func TestFetchBundleFromAttestations_InvalidAttestation(t *testing.T) { + httpClient := &mockHttpClient{} + client := LiveClient{ + httpClient: httpClient, + logger: io.NewTestHandler(), + } + + att1 := Attestation{} + attestations := []*Attestation{&att1} + fetched, err := client.fetchBundleFromAttestations(attestations) + require.Error(t, err) + require.Nil(t, fetched, 2) +} + func TestFetchBundleFromAttestations_Fail(t *testing.T) { httpClient := &failAfterOneCallHttpClient{}