167 lines
5.1 KiB
Go
167 lines
5.1 KiB
Go
package verification
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
|
|
dsse "github.com/sigstore/protobuf-specs/gen/pb-go/dsse"
|
|
"github.com/sigstore/sigstore-go/pkg/bundle"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/cli/cli/v2/pkg/cmd/attestation/api"
|
|
)
|
|
|
|
func TestLoadBundlesFromJSONLinesFile(t *testing.T) {
|
|
t.Run("with original file", func(t *testing.T) {
|
|
path := "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl"
|
|
attestations, err := loadBundlesFromJSONLinesFile(path)
|
|
require.NoError(t, err)
|
|
require.Len(t, attestations, 2)
|
|
})
|
|
|
|
t.Run("with extra lines", func(t *testing.T) {
|
|
// Create a temporary file with extra lines
|
|
tempDir := t.TempDir()
|
|
tempFile := filepath.Join(tempDir, "test_with_extra_lines.jsonl")
|
|
|
|
originalContent, err := os.ReadFile("../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl")
|
|
require.NoError(t, err)
|
|
|
|
extraLines := []byte("\n\n")
|
|
newContent := append(originalContent, extraLines...)
|
|
|
|
err = os.WriteFile(tempFile, newContent, 0644)
|
|
require.NoError(t, err)
|
|
|
|
// Test the function with the new file
|
|
attestations, err := loadBundlesFromJSONLinesFile(tempFile)
|
|
require.NoError(t, err)
|
|
require.Len(t, attestations, 2, "Should still load 2 valid attestations")
|
|
})
|
|
}
|
|
|
|
func TestLoadBundlesFromJSONLinesFile_RejectEmptyJSONLFile(t *testing.T) {
|
|
// Create a temporary file
|
|
emptyJSONL, err := os.CreateTemp("", "empty.jsonl")
|
|
require.NoError(t, err)
|
|
err = emptyJSONL.Close()
|
|
require.NoError(t, err)
|
|
|
|
attestations, err := loadBundlesFromJSONLinesFile(emptyJSONL.Name())
|
|
|
|
require.ErrorIs(t, err, ErrEmptyBundleFile)
|
|
require.Nil(t, attestations)
|
|
}
|
|
|
|
func TestLoadBundleFromJSONFile(t *testing.T) {
|
|
path := "../test/data/sigstore-js-2.1.0-bundle.json"
|
|
attestations, err := loadBundleFromJSONFile(path)
|
|
|
|
require.NoError(t, err)
|
|
require.Len(t, attestations, 1)
|
|
}
|
|
|
|
func TestGetLocalAttestations(t *testing.T) {
|
|
t.Run("with JSON file containing one bundle", func(t *testing.T) {
|
|
path := "../test/data/sigstore-js-2.1.0-bundle.json"
|
|
attestations, err := GetLocalAttestations(path)
|
|
|
|
require.NoError(t, err)
|
|
require.Len(t, attestations, 1)
|
|
})
|
|
|
|
t.Run("with JSON lines file containing multiple bundles", func(t *testing.T) {
|
|
path := "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl"
|
|
attestations, err := GetLocalAttestations(path)
|
|
|
|
require.NoError(t, err)
|
|
require.Len(t, attestations, 2)
|
|
})
|
|
|
|
t.Run("with file with unrecognized extension", func(t *testing.T) {
|
|
path := "../test/data/sigstore-js-2.1.0-bundles.tgz"
|
|
attestations, err := GetLocalAttestations(path)
|
|
|
|
require.ErrorIs(t, err, ErrUnrecognisedBundleExtension)
|
|
require.Nil(t, attestations)
|
|
})
|
|
|
|
t.Run("with non-existent bundle file and JSON file", func(t *testing.T) {
|
|
path := "../test/data/not-found-bundle.json"
|
|
attestations, err := GetLocalAttestations(path)
|
|
|
|
require.ErrorContains(t, err, "could not load content from file path")
|
|
require.Nil(t, attestations)
|
|
})
|
|
|
|
t.Run("with non-existent bundle file and JSON lines file", func(t *testing.T) {
|
|
path := "../test/data/not-found-bundle.jsonl"
|
|
attestations, err := GetLocalAttestations(path)
|
|
|
|
require.ErrorContains(t, err, "could not load content from file path")
|
|
require.Nil(t, attestations)
|
|
})
|
|
|
|
t.Run("with missing verification material", func(t *testing.T) {
|
|
path := "../test/data/github_provenance_demo-0.0.12-py3-none-any-bundle-missing-verification-material.jsonl"
|
|
_, err := GetLocalAttestations(path)
|
|
require.ErrorIs(t, err, bundle.ErrMissingVerificationMaterial)
|
|
})
|
|
|
|
t.Run("with missing verification certificate", func(t *testing.T) {
|
|
path := "../test/data/github_provenance_demo-0.0.12-py3-none-any-bundle-missing-cert.jsonl"
|
|
_, err := GetLocalAttestations(path)
|
|
require.ErrorIs(t, err, bundle.ErrMissingBundleContent)
|
|
})
|
|
}
|
|
|
|
func TestFilterAttestations(t *testing.T) {
|
|
attestations := []*api.Attestation{
|
|
{
|
|
Bundle: &bundle.Bundle{
|
|
Bundle: &protobundle.Bundle{
|
|
Content: &protobundle.Bundle_DsseEnvelope{
|
|
DsseEnvelope: &dsse.Envelope{
|
|
PayloadType: "application/vnd.in-toto+json",
|
|
Payload: []byte("{\"predicateType\": \"https://slsa.dev/provenance/v1\"}"),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Bundle: &bundle.Bundle{
|
|
Bundle: &protobundle.Bundle{
|
|
Content: &protobundle.Bundle_DsseEnvelope{
|
|
DsseEnvelope: &dsse.Envelope{
|
|
PayloadType: "application/vnd.something-other-than-in-toto+json",
|
|
Payload: []byte("{\"predicateType\": \"https://slsa.dev/provenance/v1\"}"),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Bundle: &bundle.Bundle{
|
|
Bundle: &protobundle.Bundle{
|
|
Content: &protobundle.Bundle_DsseEnvelope{
|
|
DsseEnvelope: &dsse.Envelope{
|
|
PayloadType: "application/vnd.in-toto+json",
|
|
Payload: []byte("{\"predicateType\": \"https://spdx.dev/Document/v2.3\"}"),
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
|
|
filtered, err := api.FilterAttestations("https://slsa.dev/provenance/v1", attestations)
|
|
require.Len(t, filtered, 1)
|
|
require.NoError(t, err)
|
|
|
|
filtered, err = api.FilterAttestations("NonExistentPredicate", attestations)
|
|
require.Nil(t, filtered)
|
|
require.Error(t, err)
|
|
}
|