mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-14 04:26:41 +00:00
9bfbc91c5b
Refactors GHA provenance tests to use `testProvenance` which makes it clearer what is actually being tested. This will also make it easier to support `buildType` as a way to have different verification logic as the tests no longer rely on testdata with the `"https://github.com/Attestations/GitHubActionsWorkflow@v1"` build type, which isn't used by any supported builders. A couple of updates to utilities: - `VerifyTag` will now validate the ref returned by the `Provenance` instance. - `VerifyBranch` will now validate the ref returned by the `Provenance` instance. - `VerifyDigest` now supports the 160 bit `"sha1"` algo (FWIW) and will now search all subject entries even if one subject entry's algorithm does not match the expected algorithm. --------- Signed-off-by: Ian Lewis <ianlewis@google.com>
34 lines
951 B
Go
34 lines
951 B
Go
package utils
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
|
|
)
|
|
|
|
// ParseGitRef validates that the given git ref is a valid ref of the given type and returns its name.
|
|
func ParseGitRef(refType, ref string) (string, error) {
|
|
refPrefix := fmt.Sprintf("refs/%s/", refType)
|
|
if !strings.HasPrefix(ref, refPrefix) {
|
|
return "", fmt.Errorf("%w: %s: not of the form '%s<name>'", serrors.ErrorInvalidRef, ref, refPrefix)
|
|
}
|
|
|
|
name := strings.TrimPrefix(ref, refPrefix)
|
|
if strings.TrimSpace(name) == "" {
|
|
return "", fmt.Errorf("%w: %s: not of the form '%s<name>'", serrors.ErrorInvalidRef, ref, refPrefix)
|
|
}
|
|
|
|
return name, nil
|
|
}
|
|
|
|
// TagFromGitRef returns the tagname from a tag ref.
|
|
func TagFromGitRef(ref string) (string, error) {
|
|
return ParseGitRef("tags", ref)
|
|
}
|
|
|
|
// BranchFromGitRef returns the tagname from a tag ref.
|
|
func BranchFromGitRef(ref string) (string, error) {
|
|
return ParseGitRef("heads", ref)
|
|
}
|