From af90403ecbad145d6bccda61c46db61651ca7893 Mon Sep 17 00:00:00 2001
From: Meredith Lancaster <malancas@github.com>
Date: Tue, 5 Mar 2024 09:53:36 -0700
Subject: [PATCH] check user's GH host for compatibility

Signed-off-by: Meredith Lancaster <malancas@github.com>
---
 pkg/cmd/attestation/auth/host.go                | 17 +++++++++++++++++
 pkg/cmd/attestation/download/download.go        |  7 ++++++-
 pkg/cmd/attestation/inspect/inspect.go          |  5 +++++
 pkg/cmd/attestation/logging/logger.go           |  4 ++--
 pkg/cmd/attestation/verify/verify.go            |  5 +++++
 .../verifytufroot/verify-tuf-root.go            |  7 +++++++
 6 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 pkg/cmd/attestation/auth/host.go

diff --git a/pkg/cmd/attestation/auth/host.go b/pkg/cmd/attestation/auth/host.go
new file mode 100644
index 000000000..998dcb7f5
--- /dev/null
+++ b/pkg/cmd/attestation/auth/host.go
@@ -0,0 +1,17 @@
+package auth
+
+import (
+	"errors"
+
+	"github.com/cli/go-gh/v2/pkg/auth"
+)
+
+var ErrUnsupportedHost = errors.New("The GH_HOST environment variable is set to a custom GitHub host. gh attestation does not currently support custom GitHub Enterprise hosts")
+
+func IsHostSupported() error {
+	host, _ := auth.DefaultHost()
+	if host != "github.com" {
+		return ErrUnsupportedHost
+	}
+	return nil
+}
diff --git a/pkg/cmd/attestation/download/download.go b/pkg/cmd/attestation/download/download.go
index e399977b8..d859ba906 100644
--- a/pkg/cmd/attestation/download/download.go
+++ b/pkg/cmd/attestation/download/download.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/cli/cli/v2/pkg/cmd/attestation/api"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
+	"github.com/cli/cli/v2/pkg/cmd/attestation/auth"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/logging"
 	"github.com/cli/cli/v2/pkg/cmdutil"
 
@@ -75,8 +76,12 @@ func NewDownloadCmd(f *cmdutil.Factory) *cobra.Command {
 		// when RunE is used, the command usage will be printed
 		// We only want to print the error, not usage
 		Run: func(cmd *cobra.Command, args []string) {
+			if err := auth.IsHostSupported(); err != nil {
+				opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
+				os.Exit(1)
+			}
 			if err := RunDownload(opts); err != nil {
-				opts.Logger.Println(opts.Logger.IO.Out, opts.Logger.ColorScheme.Redf("Failed to download the artifact's trusted metadata: %s", err.Error()))
+				opts.Logger.Println(opts.Logger.ColorScheme.Redf("Failed to download the artifact's trusted metadata: %s", err.Error()))
 				os.Exit(1)
 			}
 		},
diff --git a/pkg/cmd/attestation/inspect/inspect.go b/pkg/cmd/attestation/inspect/inspect.go
index cd8432ef9..e35f68f19 100644
--- a/pkg/cmd/attestation/inspect/inspect.go
+++ b/pkg/cmd/attestation/inspect/inspect.go
@@ -6,6 +6,7 @@ import (
 	"os"
 
 	"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
+	"github.com/cli/cli/v2/pkg/cmd/attestation/auth"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/logging"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
 	"github.com/cli/cli/v2/pkg/cmdutil"
@@ -69,6 +70,10 @@ func NewInspectCmd(f *cmdutil.Factory) *cobra.Command {
 		// when RunE is used, the command usage will be printed
 		// We only want to print the error, not usage
 		Run: func(cmd *cobra.Command, args []string) {
+			if err := auth.IsHostSupported(); err != nil {
+				opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
+				os.Exit(1)
+			}
 			if err := RunInspect(opts); err != nil {
 				opts.Logger.Println(opts.Logger.ColorScheme.Redf("Failed to inspect the artifact and bundle: %s", err.Error()))
 				os.Exit(1)
diff --git a/pkg/cmd/attestation/logging/logger.go b/pkg/cmd/attestation/logging/logger.go
index c9719d95f..3afd41a4f 100644
--- a/pkg/cmd/attestation/logging/logger.go
+++ b/pkg/cmd/attestation/logging/logger.go
@@ -36,7 +36,7 @@ func NewSystemLogger() *Logger {
 	return NewDefaultLogger(iostreams.System())
 }
 
-// Printf writes the formatted arguments to the stdout writer.
+// Printf writes the formatted arguments to the stderr writer.
 func (l *Logger) Printf(f string, v ...interface{}) (int, error) {
 	if l.quiet || !l.IO.IsStdoutTTY() {
 		return 0, nil
@@ -44,7 +44,7 @@ func (l *Logger) Printf(f string, v ...interface{}) (int, error) {
 	return fmt.Fprintf(l.IO.ErrOut, f, v...)
 }
 
-// Println writes the arguments to the stdout writer with a newline at the end.
+// Println writes the arguments to the stderr writer with a newline at the end.
 func (l *Logger) Println(v ...interface{}) (int, error) {
 	if l.quiet || !l.IO.IsStdoutTTY() {
 		return 0, nil
diff --git a/pkg/cmd/attestation/verify/verify.go b/pkg/cmd/attestation/verify/verify.go
index a5a71feb2..d6b668cce 100644
--- a/pkg/cmd/attestation/verify/verify.go
+++ b/pkg/cmd/attestation/verify/verify.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/cli/cli/v2/pkg/cmd/attestation/api"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/artifact"
+	"github.com/cli/cli/v2/pkg/cmd/attestation/auth"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/logging"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
 	"github.com/cli/cli/v2/pkg/cmdutil"
@@ -96,6 +97,10 @@ func NewVerifyCmd(f *cmdutil.Factory) *cobra.Command {
 		// when RunE is used, the command usage will be printed
 		// We only want to print the error, not usage
 		Run: func(cmd *cobra.Command, args []string) {
+			if err := auth.IsHostSupported(); err != nil {
+				opts.Logger.Println(opts.Logger.ColorScheme.Red(err.Error()))
+				os.Exit(1)
+			}
 			if err := RunVerify(opts); err != nil {
 				opts.Logger.Println(opts.Logger.ColorScheme.Redf("Failed to verify the artifact: %s", err.Error()))
 				os.Exit(1)
diff --git a/pkg/cmd/attestation/verifytufroot/verify-tuf-root.go b/pkg/cmd/attestation/verifytufroot/verify-tuf-root.go
index 2ba068cac..09c3fa992 100644
--- a/pkg/cmd/attestation/verifytufroot/verify-tuf-root.go
+++ b/pkg/cmd/attestation/verifytufroot/verify-tuf-root.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/cli/cli/v2/pkg/cmd/attestation/auth"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/logging"
 	"github.com/cli/cli/v2/pkg/cmd/attestation/verification"
 	"github.com/cli/cli/v2/pkg/cmdutil"
@@ -35,6 +36,12 @@ func NewVerifyTUFRootCmd(f *cmdutil.Factory) *cobra.Command {
 		`),
 		Run: func(cmd *cobra.Command, args []string) {
 			logger := logging.NewDefaultLogger(f.IOStreams)
+
+			if err := auth.IsHostSupported(); err != nil {
+				fmt.Sprintln(logger.IO.Out, logger.ColorScheme.Red(err.Error()))
+				os.Exit(1)
+			}
+
 			if err := verifyTUFRoot(mirror, root); err != nil {
 				fmt.Sprintln(logger.IO.Out, logger.ColorScheme.Redf("Failed to verify the TUF repository: %s", err))
 				os.Exit(1)