github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 00:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow slsa-framework/slsa-github-generator provenances from other branches in testing mode

Browse Source 
Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
This commit is contained in:
Ramon Petgrave
2024-08-08 18:53:31 +00:00
parent 489e79138b
commit a702bf7bd2
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
verifiers/internal/gha/provenance.go
View File

@@ -330,6 +330,13 @@ func isValidDelegatorBuilderID(prov iface.Provenance) error {
}
}
// Exception for slsa-framework/slsa-github-generator branches during testing mode
// to allow provenance from non-main to be verified, such as during development.
normalizedSLSAGithubGeneratorRepoURI := utils.NormalizeGitURI(httpsGithubCom + trustedBuilderRepository)
if options.TestingEnabled() && normalizedURI == utils.NormalizeGitURI(normalizedSLSAGithubGeneratorRepoURI) {
return nil
}
return utils.IsValidBuilderTag(builderRef, false)
}

12
verifiers/internal/gha/provenance_test.go
View File

@@ -471,6 +471,18 @@ func Test_isValidDelegatorBuilderID(t *testing.T) {
builderID: "some/builderID@refs/heads/main",
testingEnabled: true,
},
{
name: "invalid builder: ref slsa-github-generator repo: testing enabled",
sourceURI: gitPrefix + httpsGithubCom + "slsa-framework/slsa-github-generator",
builderID: "some/builderID@refs/heads/anybranch",
testingEnabled: true,
},
{
name: "invalid builder: ref slsa-github-generator repo: testing disabled",
sourceURI: gitPrefix + httpsGithubCom + "slsa-framework/slsa-github-generator",
builderID: "some/builderID@refs/heads/anybranch",
err: serrors.ErrorInvalidRef,
},
{
name: "invalid builder ref e2e repo",
sourceURI: gitPrefix + httpsGithubCom + e2eTestRepository,