Base64-decode SBOM

Signed-off-by: felipecruz91 <[email protected]>
atomist-skills · Feb 2, 2024 · ea627da · ea627da
1 parent 5851fe9
commit ea627da
Show file tree

Hide file tree

Showing 6 changed files with 20,148 additions and 3 deletions.
diff --git a/policy/policy_handler/base64_massive_payload.txt b/policy/policy_handler/base64_massive_payload.txt
diff --git a/policy/policy_handler/legacy/builder.go b/policy/policy_handler/legacy/builder.go
@@ -7,8 +7,10 @@ import (
 )
 
 func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.RawMessage {
+	log.Info("Building local evaluation mocks")
 	m := map[edn.Keyword]edn.RawMessage{}
 	if sb == nil {
+		log.Info("No SBOM provided, returning empty map")
 		return m
 	}
 
@@ -18,6 +20,7 @@ func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.R
 		m[GetUserQueryName], _ = edn.Marshal(MockGetUserForLocalEval(sb.Source.Image.Config.Config.User))
 	}
 
+	log.Infof("SBOM has %d attestations", len(sb.Attestations))
 	if len(sb.Attestations) > 0 {
 		m[GetInTotoAttestationsQueryName], _ = edn.Marshal(MockGetInTotoAttestationsForLocalEval(sb, log))
 	}

diff --git a/policy/policy_handler/legacy/ssc_metadata.go b/policy/policy_handler/legacy/ssc_metadata.go
@@ -74,6 +74,7 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima
 		if statement.PredicateType == ProvenancePredicateType && sb.Source.Provenance != nil && sb.Source.Provenance.SourceMap != nil {
 			for _, i := range sb.Source.Provenance.SourceMap.Instructions {
 				if i.Instruction == "FROM_RUNTIME" {
+					log.Infof("Found max-mode provenance instruction: %+v", i)
 					subject.Predicates = []Predicate{{StartLine: &i.StartLine}}
 					break
 				}
@@ -83,6 +84,8 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima
 		subjects = append(subjects, subject)
 	}
 
+	log.Infof("Subjects: %+v", subjects)
+
 	return ImageAttestationQueryResult{
 		Digest:   &sb.Source.Image.Digest,
 		Subjects: subjects,

diff --git a/policy/policy_handler/local.go b/policy/policy_handler/local.go
@@ -2,6 +2,8 @@ package policy_handler
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 
 	"github.com/atomist-skills/go-skill"
@@ -18,7 +20,7 @@ type SyncRequestMetadata struct {
 	QueryResults map[edn.Keyword]edn.RawMessage `edn:"fixedQueryResults"`
 	Packages     []legacy.Package               `edn:"packages"`      // todo remove when no longer used
 	User         string                         `edn:"imgConfigUser"` // The user from the image config blob // todo remove when no longer used
-	SBOM         *types.SBOM                    `edn:"sbom"`
+	SBOM         string                         `edn:"sbom"`
 }
 
 func WithLocal() Opt {
@@ -59,8 +61,22 @@ func buildLocalDataSources(ctx context.Context, req skill.RequestContext, _ goal
 		return nil, fmt.Errorf("failed to unmarshal SyncRequest metadata: %w", err)
 	}
 
-	if srMeta.SBOM != nil {
-		srMeta.QueryResults = legacy.BuildLocalEvalMocks(srMeta.SBOM, req.Log)
+	req.Log.Infof("SBOM from SyncRequest metadata: %+v", srMeta.SBOM)
+	if srMeta.SBOM != "" {
+		req.Log.Infof("Base64-decoding SBOM from SyncRequest metadata")
+		decodedSBOM, err := base64.StdEncoding.DecodeString(srMeta.SBOM)
+		if err != nil {
+			return nil, fmt.Errorf("failed to base64-decode SBOM: %w", err)
+		}
+		req.Log.Infof("Unmarshalling SBOM from SyncRequest metadata: %s", string(decodedSBOM))
+		var sbom *types.SBOM
+		// THE SBOM is a JSON here, not edn?!!
+		if err := json.Unmarshal(decodedSBOM, &sbom); err != nil {
+			req.Log.Infof("failed to unmarshal SBOM: %s", err)
+			return nil, fmt.Errorf("failed to unmarshal SBOM: %w", err)
+		}
+		srMeta.QueryResults = legacy.BuildLocalEvalMocks(sbom, req.Log)
+		req.Log.Infof("mocked query results: %+v", srMeta.QueryResults)
 	}
 
 	fixedQueryResults := map[string][]byte{}

diff --git a/policy/policy_handler/local_test.go b/policy/policy_handler/local_test.go
@@ -2,10 +2,14 @@ package policy_handler
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
+	"os"
 	"testing"
 
 	"github.com/atomist-skills/go-skill"
 	"github.com/atomist-skills/go-skill/policy/goals"
+	"github.com/atomist-skills/go-skill/policy/types"
 	"github.com/stretchr/testify/assert"
 	"olympos.io/encoding/edn"
 )
@@ -75,3 +79,57 @@ func Test_buildLocalDataSources_preservesQueryResultsCorrectly(t *testing.T) {
 
 	assert.Equal(t, expected, actual)
 }
+
+func TestFoo(t *testing.T) {
+	b, err := os.ReadFile("payload.edn")
+	if err != nil {
+		t.Fatal(err)
+	}
+	syncReq := skill.EventContextSyncRequest{}
+	if err := edn.Unmarshal(b, &syncReq); err != nil {
+		t.Fatal(err)
+	}
+
+	req := skill.RequestContext{
+		Event: skill.EventIncoming{
+			Context: skill.EventContext{
+				SyncRequest: syncReq,
+			},
+		},
+	}
+	md := req.Event.Context.SyncRequest.Metadata
+
+	var srMeta SyncRequestMetadata
+	if err := edn.Unmarshal(md, &srMeta); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFoo2(t *testing.T) {
+	decodedSBOM, err := os.ReadFile("massive_payload.json")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var sbom *types.SBOM
+	if err := json.Unmarshal(decodedSBOM, &sbom); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestFoo3(t *testing.T) {
+	raw, err := os.ReadFile("base64_massive_payload.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	decodedSBOM, err := base64.StdEncoding.DecodeString(string(raw))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var sbom *types.SBOM
+	if err := json.Unmarshal(decodedSBOM, &sbom); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/policy/policy_handler/massive_payload.json b/policy/policy_handler/massive_payload.json