From 9cb2e0064bca64b19c0a5cc21f3f56261ea222cd Mon Sep 17 00:00:00 2001 From: felipecruz91 Date: Tue, 30 Jan 2024 08:48:49 +0100 Subject: [PATCH] feat: mock in-toto attestations query Signed-off-by: felipecruz91 --- policy/policy_handler/legacy/builder.go | 4 ++++ policy/policy_handler/legacy/ssc_metadata.go | 25 ++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 policy/policy_handler/legacy/ssc_metadata.go diff --git a/policy/policy_handler/legacy/builder.go b/policy/policy_handler/legacy/builder.go index ade24e1..5073083 100644 --- a/policy/policy_handler/legacy/builder.go +++ b/policy/policy_handler/legacy/builder.go @@ -17,6 +17,10 @@ func BuildLocalEvalMocks(sb *types.SBOM) map[edn.Keyword]edn.RawMessage { m[GetUserQueryName], _ = edn.Marshal(MockGetUserForLocalEval(sb.Source.Image.Config.Config.User)) } + if sb.Source.Provenance != nil { + m[GetInTotoAttestationsQueryName], _ = edn.Marshal(MockGetInTotoAttestationsForLocalEval(sb)) + } + return m } diff --git a/policy/policy_handler/legacy/ssc_metadata.go b/policy/policy_handler/legacy/ssc_metadata.go new file mode 100644 index 0000000..e163e78 --- /dev/null +++ b/policy/policy_handler/legacy/ssc_metadata.go @@ -0,0 +1,25 @@ +package legacy + +import "github.com/atomist-skills/go-skill/policy/types" + +const ( + GetInTotoAttestationsQueryName = "get-intoto-attestations" +) + +type ImageAttestationQueryResult struct { + Digest *string `edn:"docker.image/digest"` + Subjects []Subject `edn:"intoto.attestation/_subject"` +} + +type Subject struct { + PredicateType *string `edn:"intoto.predicate/type"` + Predicates []Predicate `edn:"intoto.predicate/_attestation"` +} + +type Predicate struct { + StartLine *int `edn:"slsa.provenance.from/start-line"` // if field is present then provenance is max-mode +} + +func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM) ImageAttestationQueryResult { + return ImageAttestationQueryResult{} // incompatible with local evaluation until SBOM includes the raw attestations +}