Base64-decode SBOM

Signed-off-by: felipecruz91 <[email protected]>
atomist-skills · Feb 2, 2024 · fe2e5b9 · fe2e5b9
1 parent 5851fe9
commit fe2e5b9
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/policy/policy_handler/legacy/builder.go b/policy/policy_handler/legacy/builder.go
@@ -7,8 +7,10 @@ import (
 )
 
 func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.RawMessage {
+	log.Info("Building local evaluation mocks")
 	m := map[edn.Keyword]edn.RawMessage{}
 	if sb == nil {
+		log.Info("No SBOM provided, returning empty map")
 		return m
 	}
 
@@ -18,6 +20,7 @@ func BuildLocalEvalMocks(sb *types.SBOM, log skill.Logger) map[edn.Keyword]edn.R
 		m[GetUserQueryName], _ = edn.Marshal(MockGetUserForLocalEval(sb.Source.Image.Config.Config.User))
 	}
 
+	log.Infof("SBOM has %d attestations", len(sb.Attestations))
 	if len(sb.Attestations) > 0 {
 		m[GetInTotoAttestationsQueryName], _ = edn.Marshal(MockGetInTotoAttestationsForLocalEval(sb, log))
 	}

diff --git a/policy/policy_handler/legacy/ssc_metadata.go b/policy/policy_handler/legacy/ssc_metadata.go
@@ -74,6 +74,7 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima
 		if statement.PredicateType == ProvenancePredicateType && sb.Source.Provenance != nil && sb.Source.Provenance.SourceMap != nil {
 			for _, i := range sb.Source.Provenance.SourceMap.Instructions {
 				if i.Instruction == "FROM_RUNTIME" {
+					log.Infof("Found max-mode provenance instruction: %+v", i)
 					subject.Predicates = []Predicate{{StartLine: &i.StartLine}}
 					break
 				}
@@ -83,6 +84,8 @@ func MockGetInTotoAttestationsForLocalEval(sb *types.SBOM, log skill.Logger) Ima
 		subjects = append(subjects, subject)
 	}
 
+	log.Infof("Subjects: %+v", subjects)
+
 	return ImageAttestationQueryResult{
 		Digest:   &sb.Source.Image.Digest,
 		Subjects: subjects,

diff --git a/policy/policy_handler/local.go b/policy/policy_handler/local.go
@@ -2,6 +2,7 @@ package policy_handler
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 
 	"github.com/atomist-skills/go-skill"
@@ -18,7 +19,7 @@ type SyncRequestMetadata struct {
 	QueryResults map[edn.Keyword]edn.RawMessage `edn:"fixedQueryResults"`
 	Packages     []legacy.Package               `edn:"packages"`      // todo remove when no longer used
 	User         string                         `edn:"imgConfigUser"` // The user from the image config blob // todo remove when no longer used
-	SBOM         *types.SBOM                    `edn:"sbom"`
+	SBOM         string                         `edn:"sbom"`
 }
 
 func WithLocal() Opt {
@@ -59,8 +60,21 @@ func buildLocalDataSources(ctx context.Context, req skill.RequestContext, _ goal
 		return nil, fmt.Errorf("failed to unmarshal SyncRequest metadata: %w", err)
 	}
 
-	if srMeta.SBOM != nil {
-		srMeta.QueryResults = legacy.BuildLocalEvalMocks(srMeta.SBOM, req.Log)
+	req.Log.Infof("SBOM from SyncRequest metadata: %+v", srMeta.SBOM)
+	if srMeta.SBOM != "" {
+		req.Log.Infof("Base64-decoding SBOM from SyncRequest metadata")
+		decodedSBOM, err := base64.StdEncoding.DecodeString(srMeta.SBOM)
+		if err != nil {
+			return nil, fmt.Errorf("failed to base64-decode SBOM: %w", err)
+		}
+		req.Log.Infof("Unmarshalling SBOM from SyncRequest metadata: %s", string(decodedSBOM))
+		var sbom *types.SBOM
+		if err := edn.Unmarshal(decodedSBOM, &sbom); err != nil {
+			req.Log.Infof("failed to unmarshal SBOM: %s", err)
+			return nil, fmt.Errorf("failed to unmarshal SBOM: %w", err)
+		}
+		srMeta.QueryResults = legacy.BuildLocalEvalMocks(sbom, req.Log)
+		req.Log.Infof("mocked query results: %+v", srMeta.QueryResults)
 	}
 
 	fixedQueryResults := map[string][]byte{}