slsa-verifier

github/slsa-verifier

Fork 0

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-08 01:27:04 +00:00

Commit Graph

Author	SHA1	Message	Date
Ian Lewis	965f5784c1	refactor: Add more git utils (#645 ) Adds the functions `NormalizeGitURI`, `ParseGitURIAndRef`, and `ValidateGitRef`. `ParseGitRef` was updated to be permissive of the ref type whereas `ValidateGitRef` validates that the type is of a given type. Code extracted from #641 Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-07-01 09:03:52 +09:00
Ian Lewis	9bfbc91c5b	refactor: Provenance tests (#628 ) Refactors GHA provenance tests to use `testProvenance` which makes it clearer what is actually being tested. This will also make it easier to support `buildType` as a way to have different verification logic as the tests no longer rely on testdata with the `"https://github.com/Attestations/GitHubActionsWorkflow@v1"` build type, which isn't used by any supported builders. A couple of updates to utilities: - `VerifyTag` will now validate the ref returned by the `Provenance` instance. - `VerifyBranch` will now validate the ref returned by the `Provenance` instance. - `VerifyDigest` now supports the 160 bit `"sha1"` algo (FWIW) and will now search all subject entries even if one subject entry's algorithm does not match the expected algorithm. --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-02 13:34:56 +09:00

Author

SHA1

Message

Date

Ian Lewis

965f5784c1

refactor: Add more git utils (#645 )

Adds the functions `NormalizeGitURI`, `ParseGitURIAndRef`, and
`ValidateGitRef`. `ParseGitRef` was updated to be permissive of the ref
type whereas `ValidateGitRef` validates that the type is of a given
type.

Code extracted from #641

Signed-off-by: Ian Lewis <ianlewis@google.com>

2023-07-01 09:03:52 +09:00

Ian Lewis

9bfbc91c5b

refactor: Provenance tests (#628 )

Refactors GHA provenance tests to use `testProvenance` which makes it clearer what is actually being tested. This will also make it easier to support `buildType` as a way to have different verification logic as the tests no longer rely on testdata with the `"https://github.com/Attestations/GitHubActionsWorkflow@v1"` build type, which isn't used by any supported builders.

A couple of updates to utilities:
- `VerifyTag` will now validate the ref returned by the `Provenance` instance.
- `VerifyBranch` will now validate the ref returned by the `Provenance` instance.
- `VerifyDigest` now supports the 160 bit `"sha1"` algo (FWIW) and will now search all subject entries even if one subject entry's algorithm does not match the expected algorithm.

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>

2023-06-02 13:34:56 +09:00

2 Commits