diff --git a/policy/policy_handler/legacy/builder.go b/policy/policy_handler/legacy/builder.go index e41a465..b5750f9 100644 --- a/policy/policy_handler/legacy/builder.go +++ b/policy/policy_handler/legacy/builder.go @@ -7,8 +7,10 @@ import ( ) func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.RawMessage { + log.Info("Building local evaluation mocks") m := map[edn.Keyword]edn.RawMessage{} if sb == nil { + log.Info("No SBOM provided, returning empty map") return m } @@ -18,6 +20,7 @@ func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.R m[GetUserQueryName], _ = edn.Marshal(MockGetUserForLocalEval(sb.Source.Image.Config.Config.User)) } + log.Infof("SBOM has %d attestations", len(sb.Attestations)) if len(sb.Attestations) > 0 { m[GetInTotoAttestationsQueryName], _ = edn.Marshal(MockGetInTotoAttestationsForLocalEval(sb, log)) } diff --git a/policy/policy_handler/legacy/ssc_metadata.go b/policy/policy_handler/legacy/ssc_metadata.go index 2e80bcc..0abc0d0 100644 --- a/policy/policy_handler/legacy/ssc_metadata.go +++ b/policy/policy_handler/legacy/ssc_metadata.go @@ -74,6 +74,7 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima if statement.PredicateType == ProvenancePredicateType && sb.Source.Provenance != nil && sb.Source.Provenance.SourceMap != nil { for _, i := range sb.Source.Provenance.SourceMap.Instructions { if i.Instruction == "FROM_RUNTIME" { + log.Infof("Found max-mode provenance instruction: %+v", i) subject.Predicates = []Predicate{{StartLine: &i.StartLine}} break } @@ -83,6 +84,8 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima subjects = append(subjects, subject) } + log.Infof("Subjects: %+v", subjects) + return ImageAttestationQueryResult{ Digest: &sb.Source.Image.Digest, Subjects: subjects, diff --git a/policy/policy_handler/local.go b/policy/policy_handler/local.go index d3b00b3..f1d1b10 100644 --- a/policy/policy_handler/local.go +++ b/policy/policy_handler/local.go @@ -2,6 +2,7 @@ package policy_handler import ( "context" + "encoding/base64" "fmt" "github.com/atomist-skills/go-skill" @@ -18,7 +19,7 @@ type SyncRequestMetadata struct { QueryResults map[edn.Keyword]edn.RawMessage `edn:"fixedQueryResults"` Packages []legacy.Package `edn:"packages"` // todo remove when no longer used User string `edn:"imgConfigUser"` // The user from the image config blob // todo remove when no longer used - SBOM *types.SBOM `edn:"sbom"` + SBOM string `edn:"sbom"` } func WithLocal() Opt { @@ -59,8 +60,20 @@ func buildLocalDataSources(ctx context.Context, req skill.RequestContext, _ goal return nil, fmt.Errorf("failed to unmarshal SyncRequest metadata: %w", err) } - if srMeta.SBOM != nil { - srMeta.QueryResults = legacy.BuildLocalEvalMocks(srMeta.SBOM, req.Log) + req.Log.Infof("SBOM from SyncRequest metadata: %+v", srMeta.SBOM) + if srMeta.SBOM != "" { + req.Log.Infof("Base64-decoding SBOM from SyncRequest metadata") + decodedSBOM, err := base64.StdEncoding.DecodeString(srMeta.SBOM) + if err != nil { + return nil, fmt.Errorf("failed to base64-decode SBOM: %w", err) + } + req.Log.Infof("Unmarshalling SBOM from SyncRequest metadata") + var sbom *types.SBOM + if err := edn.Unmarshal(decodedSBOM, &sbom); err != nil { + return nil, fmt.Errorf("failed to unmarshal SBOM: %w", err) + } + srMeta.QueryResults = legacy.BuildLocalEvalMocks(sbom, req.Log) + req.Log.Infof("mocked query results: %+v", srMeta.QueryResults) } fixedQueryResults := map[string][]byte{}