github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 17:17:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v0.0.1
slsa-verifier/main_test.go
laurentsimon f9e31da2a5 Allow main branch only for trusted builder and e2e tests repos (#63) 
* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Fix unit tests

* unit tests

* updates

* updates

* updates

* updates

* updates
2022-05-26 15:31:05 +00:00

311 lines
10 KiB
Go
Raw Permalink Blame History

package main
import (
"errors"
"testing"
"github.com/slsa-framework/slsa-verifier/pkg"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
)
func errCmp(e1, e2 error) bool {
return errors.Is(e1, e2) || errors.Is(e2, e1)
}
func pString(s string) *string {
return &s
}
func Test_runVerify(t *testing.T) {
t.Parallel()
tests := []struct {
name string
artifact string
source string
branch string
ptag *string
pversiontag *string
err error
}{
{
name: "valid main branch default",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
},
{
name: "valid main branch set",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
branch: "main",
},
{
name: "wrong branch master",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
branch: "master",
err: pkg.ErrorMismatchBranch,
},
{
name: "wrong source append A",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-genA",
err: pkg.ErrorMismatchRepository,
},
{
name: "wrong source prepend A",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "Agithub.com/laurentsimon/slsa-verifier-test-gen",
err: pkg.ErrorMismatchRepository,
},
{
name: "wrong source middle A",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/Alaurentsimon/slsa-verifier-test-gen",
err: pkg.ErrorMismatchRepository,
},
{
name: "tag no match empty tag workflow_dispatch",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
ptag: pString("v1.2.3"),
err: pkg.ErrorMismatchTag,
},
{
name: "versioned tag no match empty tag workflow_dispatch",
artifact: "./testdata/binary-linux-amd64-workflow_dispatch",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1"),
err: pkg.ErrorInvalidSemver,
},
{
name: "tag v1.2.3 no match v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
ptag: pString("v1.2.3"),
err: pkg.ErrorMismatchTag,
},
{
name: "tag v1.2 no match v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
ptag: pString("v1.2"),
err: pkg.ErrorMismatchTag,
},
{
name: "tag v1 no match v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
ptag: pString("v1"),
err: pkg.ErrorMismatchTag,
},
// Provenance contains tag = v1.2.4.
{
name: "versioned v1.2.4 match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.2.4"),
},
{
name: "versioned v1.2 match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.2"),
},
{
name: "versioned v1 match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1"),
},
{
name: "versioned v2 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v0 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v0"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1.3 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1.1 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1.2.3 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.2.3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1.2.5 no match push-v1.2.4",
artifact: "./testdata/binary-linux-amd64-push-v1.2.4",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.2.5"),
err: pkg.ErrorMismatchVersionedTag,
},
// Provenance contains tag = v2.
{
name: "versioned v2 match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2"),
},
{
name: "versioned v2.0 match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.0"),
},
{
name: "versioned v2.1 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v3 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1.2 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1.2"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v3 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v0 no match push-v2",
artifact: "./testdata/binary-linux-amd64-push-v2",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v0"),
err: pkg.ErrorMismatchVersionedTag,
},
// Provenance contains tag = v2.5.
{
name: "versioned v2.5 match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.5"),
},
{
name: "versioned v2.5.1 match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.5.1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v2.5.3 match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.5.3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v2 match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2"),
},
{
name: "versioned v2.4 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.4"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v2.4.1 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.4.1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v2.4.5 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v2.4.5"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v1 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v1"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v3 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v3"),
err: pkg.ErrorMismatchVersionedTag,
},
{
name: "versioned v3.1 no match push-v2.5",
artifact: "./testdata/binary-linux-amd64-push-v2.5",
source: "github.com/laurentsimon/slsa-verifier-test-gen",
pversiontag: pString("v3.1"),
err: pkg.ErrorMismatchVersionedTag,
},
// TODO(laurent): add tests for special cases of buidlers' ref.
}
for _, tt := range tests {
tt := tt // Re-initializing variable so it is not changed while executing the closure below
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
branch := tt.branch
if branch == "" {
branch = "main"
}
err := runVerify(tt.artifact,
tt.artifact+".intoto.jsonl",
tt.source, branch,
tt.ptag, tt.pversiontag)
if !errCmp(err, tt.err) {
t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors()))
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink