From 3d887a49e304d73a723ee6cf7589c76071853abc Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 28 Mar 2024 12:32:22 +0000 Subject: [PATCH 01/21] testing out json schema Signed-off-by: chaosinthecrd --- docs/attestors/aws-iid.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/attestors/aws-iid.md b/docs/attestors/aws-iid.md index f3cc447f..0ffb782d 100644 --- a/docs/attestors/aws-iid.md +++ b/docs/attestors/aws-iid.md @@ -14,3 +14,8 @@ GovCloud regions. | `accountid` | ID of the account that owns the AWS instance | | `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution | | `privateip` | IP address of the instance at time of execution | + +## Attestation Schema +```json +[aws-iid.json](https://raw.githubusercontent.com/chaosinthecrd/go-witness/attestor-json-schema/schemagen/aws.json)) +``` From 447d9143e1d18e939e6714eb1f284a164ae38dff Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 28 Mar 2024 12:44:14 +0000 Subject: [PATCH 02/21] lets see Signed-off-by: chaosinthecrd --- docs/attestors/{aws-iid.md => aws-iid.mdx} | 7 +++---- docs/attestors/json.jsx | 24 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 4 deletions(-) rename docs/attestors/{aws-iid.md => aws-iid.mdx} (85%) create mode 100644 docs/attestors/json.jsx diff --git a/docs/attestors/aws-iid.md b/docs/attestors/aws-iid.mdx similarity index 85% rename from docs/attestors/aws-iid.md rename to docs/attestors/aws-iid.mdx index 0ffb782d..7a6b728d 100644 --- a/docs/attestors/aws-iid.md +++ b/docs/attestors/aws-iid.mdx @@ -1,3 +1,5 @@ +import JSONRenderer from './json'; + # AWS Instance Identity Attestor The AWS (Amazon Web Services) Instance Identity Attestor communicates with the AWS Instance Metadata to collect @@ -15,7 +17,4 @@ GovCloud regions. | `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution | | `privateip` | IP address of the instance at time of execution | -## Attestation Schema -```json -[aws-iid.json](https://raw.githubusercontent.com/chaosinthecrd/go-witness/attestor-json-schema/schemagen/aws.json)) -``` + diff --git a/docs/attestors/json.jsx b/docs/attestors/json.jsx new file mode 100644 index 00000000..d08d7592 --- /dev/null +++ b/docs/attestors/json.jsx @@ -0,0 +1,24 @@ +import React, { useState, useEffect } from 'react'; + +const JSONRenderer = ({ url }) => { + const [jsonData, setJsonData] = useState(null); + + useEffect(() => { + fetch(url) + .then(response => response.json()) + .then(data => setJsonData(data)) + .catch(error => console.error('Error fetching JSON:', error)); + }, [url]); + + if (!jsonData) { + return
Loading JSON data...
; + } + + return ( + 
+            {JSON.stringify(jsonData, null, 2)}
+
+ ); +}; + +export default JSONRenderer; From 9fcecae19bd14cec44dde1491cfa9d6c0edff060 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 28 Mar 2024 12:47:18 +0000 Subject: [PATCH 03/21] trying this Signed-off-by: chaosinthecrd --- docs/attestors/aws-iid.mdx | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/attestors/aws-iid.mdx b/docs/attestors/aws-iid.mdx index 7a6b728d..2d03c1a1 100644 --- a/docs/attestors/aws-iid.mdx +++ b/docs/attestors/aws-iid.mdx @@ -17,4 +17,7 @@ GovCloud regions. | `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution | | `privateip` | IP address of the instance at time of execution | +## Schema + +The original schema of the AWS Instance Identity attestor is available [here](https://raw.githubusercontent.com/chaosinthecrd/go-witness/attestor-json-schema/schemagen/aws.json). From 8b49aa20309507e725189e1eeb26e4562323bc36 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 28 Mar 2024 16:47:03 +0000 Subject: [PATCH 04/21] moving to mdx Signed-off-by: chaosinthecrd --- docs/attestors/{commandrun.md => commandrun.mdx} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/attestors/{commandrun.md => commandrun.mdx} (100%) diff --git a/docs/attestors/commandrun.md b/docs/attestors/commandrun.mdx similarity index 100% rename from docs/attestors/commandrun.md rename to docs/attestors/commandrun.mdx From 1ba8ffdcbda7e65463e8d6c20495d17da2664bed Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 12 Apr 2024 13:30:09 +0100 Subject: [PATCH 05/21] saving changes to client Signed-off-by: chaosinthecrd --- cmd/verify.go | 33 ++++++++++++----- go.mod | 46 +++++++++++------------ go.sum | 100 ++++++++++++++++++++++++-------------------------- 3 files changed, 95 insertions(+), 84 deletions(-) diff --git a/cmd/verify.go b/cmd/verify.go index 00a73bcf..b9a03ac2 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -126,7 +126,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt collectionSource = source.NewMultiSource(collectionSource, source.NewArchvistSource(archivista.New(vo.ArchivistaOptions.Url))) } - verifiedEvidence, err := witness.Verify( + result, verifiedEvidence, err := witness.Verify( ctx, policyEnvelope, verifiers, @@ -137,15 +137,30 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt return fmt.Errorf("failed to verify policy: %w", err) } - log.Info("Verification succeeded") - log.Info("Evidence:") - num := 0 - for _, stepEvidence := range verifiedEvidence { - for _, e := range stepEvidence { - log.Info(fmt.Sprintf("%d: %s", num, e.Reference)) - num++ + if result { + log.Info("Verification succeeded") + log.Info("Evidence:") + num := 0 + for step, result := range verifiedEvidence { + log.Info("Step: ", step) + for _, p := range result.Passed { + log.Info(fmt.Sprintf("%d: %s", num, p.Reference)) + num++ + } + } + } else { + log.Error("Verification failed") + log.Error("Evidence:") + for step, result := range verifiedEvidence { + log.Error("Step: ", step) + for _, p := range result.Rejected { + if p.Collection.Collection.Name != "" { + log.Errorf("Collection Rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason) + } else { + log.Errorf("Verification Failure: Reason: %s", p.Reason) + } + } } } - return nil } diff --git a/go.mod b/go.mod index aeef302b..74743793 100644 --- a/go.mod +++ b/go.mod @@ -31,28 +31,28 @@ require ( cloud.google.com/go/compute v1.24.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v1.1.6 // indirect - cloud.google.com/go/kms v1.15.7 // indirect + cloud.google.com/go/kms v1.15.8 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/agnivade/levenshtein v1.1.1 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/aws/aws-sdk-go v1.50.27 // indirect - github.com/aws/aws-sdk-go-v2 v1.25.2 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.4 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect + github.com/aws/aws-sdk-go v1.50.38 // indirect + github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.10 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.10 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 // indirect - github.com/aws/smithy-go v1.20.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect + github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect @@ -81,7 +81,7 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.1 // indirect + github.com/googleapis/gax-go/v2 v2.12.2 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect @@ -115,7 +115,7 @@ require ( github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/sigstore/fulcio v1.4.4 // indirect - github.com/sigstore/sigstore v1.8.1 // indirect + github.com/sigstore/sigstore v1.8.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect @@ -129,8 +129,8 @@ require ( github.com/yashtewari/glob-intersection v0.2.0 // indirect github.com/zeebo/errs v1.3.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect go.opentelemetry.io/otel v1.24.0 // indirect go.opentelemetry.io/otel/metric v1.24.0 // indirect go.opentelemetry.io/otel/sdk v1.24.0 // indirect @@ -146,11 +146,11 @@ require ( golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect - google.golang.org/api v0.167.0 // indirect + google.golang.org/api v0.169.0 // indirect google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c // indirect - google.golang.org/grpc v1.62.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 // indirect + google.golang.org/grpc v1.62.1 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index c2a32f78..6308d742 100644 --- a/go.sum +++ b/go.sum @@ -7,8 +7,8 @@ cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGB cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= -cloud.google.com/go/kms v1.15.7 h1:7caV9K3yIxvlQPAcaFffhlT7d1qpxjB1wHBtjWa13SM= -cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI= +cloud.google.com/go/kms v1.15.8 h1:szIeDCowID8th2i8XE4uRev5PMxQFqW+JjwYxL9h6xs= +cloud.google.com/go/kms v1.15.8/go.mod h1:WoUHcDjD9pluCg7pNds131awnH429QGvRM3N/4MyoVs= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= @@ -32,36 +32,36 @@ github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go v1.50.27 h1:96ifhrSuja+AzdP3W/T2337igqVQ2FcSIJYkk+0rCeA= -github.com/aws/aws-sdk-go v1.50.27/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w= -github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo= -github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M= -github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g= -github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM= +github.com/aws/aws-sdk-go v1.50.38 h1:h8wxaLin7sFGK4sKassc1VpNcDbgAAEQJ5PHjqLAvXQ= +github.com/aws/aws-sdk-go v1.50.38/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= +github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro= +github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10= +github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.1 h1:OdjJjUWFlMZLAMl54ASxIpZdGEesY4BH3/c0HAPSFdI= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.1/go.mod h1:Cbx2uxEX0bAB7SlSY+ys05ZBkEb8IbmuAOcGVmDfJFs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA= -github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= -github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= +github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 h1:3UaqodPQqPh5XowXJ9fWM4TQqwuftYYFvej+RI5uIO8= +github.com/aws/aws-sdk-go-v2/service/kms v1.29.2/go.mod h1:elLDaj+1RNl9Ovn3dB6dWLVo5WQ+VLSUMKegl7N96fY= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= @@ -79,8 +79,6 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= -github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= @@ -114,8 +112,6 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= -github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= @@ -145,8 +141,8 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-rod/rod v0.114.5 h1:1x6oqnslwFVuXJbJifgxspJUd3O4ntaGhRLHt+4Er9c= -github.com/go-rod/rod v0.114.5/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= +github.com/go-rod/rod v0.114.7 h1:h4pimzSOUnw7Eo41zdJA788XsawzHjJMyzCE3BrBww0= +github.com/go-rod/rod v0.114.7/go.mod h1:aiedSEFg5DwG/fnNbUOTPMTTWX3MRj6vIs/a684Mthw= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= @@ -201,8 +197,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM= -github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= +github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= +github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= @@ -305,8 +301,8 @@ github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sigstore/fulcio v1.4.4 h1:RjfymVe5t3a2CUBfLYo+7xEYuBusZa/XmFGxiYTsAqI= github.com/sigstore/fulcio v1.4.4/go.mod h1:yYtN6mvEFMSS/m7IM6+3rosUa30+0kgn4hIFbzZARZA= -github.com/sigstore/sigstore v1.8.1 h1:mAVposMb14oplk2h/bayPmIVdzbq2IhCgy4g6R0ZSjo= -github.com/sigstore/sigstore v1.8.1/go.mod h1:02SL1158BSj15bZyOFz7m+/nJzLZfFd9A8ab3Kz7w/E= +github.com/sigstore/sigstore v1.8.3 h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4= +github.com/sigstore/sigstore v1.8.3/go.mod h1:mqbTEariiGA94cn6G3xnDiV6BD8eSLdL/eA7bvJ0fVs= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -377,10 +373,10 @@ github.com/zeebo/errs v1.3.0 h1:hmiaKqgYZzcVgRL1Vkc1Mn2914BbzB0IBxs+ebeutGs= github.com/zeebo/errs v1.3.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= @@ -513,8 +509,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE= -google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= +google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= +google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= @@ -525,17 +521,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c h1:Zmyn5CV/jxzKnF+3d+xzbomACPwLQqVpLTpyXN5uTaQ= google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c h1:9g7erC9qu44ks7UK4gDNlnk4kOxZG707xKm4jVniy6o= -google.golang.org/genproto/googleapis/api v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c h1:NUsgEN92SQQqzfA+YtqYNqYmB3DMMYLlIwUZAQFVFbo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 99706303341c99db69ac43311586270711a1cb9c Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Tue, 30 Apr 2024 18:16:48 +0100 Subject: [PATCH 06/21] switching error logs to be error returns (should ensure exit 1 is exit status) Signed-off-by: chaosinthecrd --- cmd/verify.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/verify.go b/cmd/verify.go index b9a03ac2..18065485 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -155,9 +155,9 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt log.Error("Step: ", step) for _, p := range result.Rejected { if p.Collection.Collection.Name != "" { - log.Errorf("Collection Rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason) + return fmt.Errorf("collection Rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason) } else { - log.Errorf("Verification Failure: Reason: %s", p.Reason) + return fmt.Errorf("verification Failure: Reason: %s", p.Reason) } } } From be848b583c2022ab781d9ec2f33fa94f88f7c44a Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 8 May 2024 13:27:10 +0100 Subject: [PATCH 07/21] changing failure statement to match changes in go-witness Signed-off-by: chaosinthecrd --- cmd/verify.go | 47 +++++++++++++++++++++++------------------------ 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/cmd/verify.go b/cmd/verify.go index 18065485..fc4b56e9 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -126,7 +126,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt collectionSource = source.NewMultiSource(collectionSource, source.NewArchvistSource(archivista.New(vo.ArchivistaOptions.Url))) } - result, verifiedEvidence, err := witness.Verify( + verifiedEvidence, err := witness.Verify( ctx, policyEnvelope, verifiers, @@ -134,32 +134,31 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt witness.VerifyWithCollectionSource(collectionSource), ) if err != nil { + if verifiedEvidence != nil { + log.Error("Verification failed") + log.Error("Evidence:") + for step, result := range verifiedEvidence { + log.Error("Step: ", step) + for _, p := range result.Rejected { + if p.Collection.Collection.Name != "" { + return fmt.Errorf("collection rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason) + } else { + return fmt.Errorf("verification failure: Reason: %s", p.Reason) + } + } + } + } return fmt.Errorf("failed to verify policy: %w", err) } - if result { - log.Info("Verification succeeded") - log.Info("Evidence:") - num := 0 - for step, result := range verifiedEvidence { - log.Info("Step: ", step) - for _, p := range result.Passed { - log.Info(fmt.Sprintf("%d: %s", num, p.Reference)) - num++ - } - } - } else { - log.Error("Verification failed") - log.Error("Evidence:") - for step, result := range verifiedEvidence { - log.Error("Step: ", step) - for _, p := range result.Rejected { - if p.Collection.Collection.Name != "" { - return fmt.Errorf("collection Rejected: %s, Reason: %s ", p.Collection.Collection.Name, p.Reason) - } else { - return fmt.Errorf("verification Failure: Reason: %s", p.Reason) - } - } + log.Info("Verification succeeded") + log.Info("Evidence:") + num := 0 + for step, result := range verifiedEvidence { + log.Info("Step: ", step) + for _, p := range result.Passed { + log.Info(fmt.Sprintf("%d: %s", num, p.Reference)) + num++ } } return nil From ec353c24e0033a832c3b0ff93dc20c5320948da7 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 8 May 2024 13:28:21 +0100 Subject: [PATCH 08/21] fixing go mod Signed-off-by: chaosinthecrd --- go.mod | 55 ++++++++++++------------- go.sum | 124 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 88 insertions(+), 91 deletions(-) diff --git a/go.mod b/go.mod index 74743793..90e5c5bd 100644 --- a/go.mod +++ b/go.mod @@ -12,26 +12,26 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.9.0 - k8s.io/apimachinery v0.29.3 + k8s.io/apimachinery v0.29.4 ) require ( - github.com/coreos/go-oidc/v3 v3.9.0 // indirect + github.com/coreos/go-oidc/v3 v3.10.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/segmentio/ksuid v1.0.4 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect github.com/zclconf/go-cty v1.14.2 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - google.golang.org/appengine v1.6.8 // indirect + golang.org/x/oauth2 v0.19.0 // indirect ) require ( - cloud.google.com/go/compute v1.24.0 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.1.6 // indirect - cloud.google.com/go/kms v1.15.8 // indirect + cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect + cloud.google.com/go/iam v1.1.7 // indirect + cloud.google.com/go/kms v1.15.9 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/OneOfOne/xxhash v1.2.8 // indirect @@ -40,16 +40,16 @@ require ( github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/aws/aws-sdk-go v1.50.38 // indirect github.com/aws/aws-sdk-go-v2 v1.26.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.10 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.10 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.11 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.11 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect - github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect + github.com/aws/aws-sdk-go-v2/service/kms v1.31.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect @@ -70,6 +70,7 @@ require ( github.com/go-git/go-git/v5 v5.11.0 // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gobwas/glob v0.2.3 // indirect @@ -81,14 +82,14 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.2 // indirect + github.com/googleapis/gax-go/v2 v2.12.3 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect github.com/in-toto/archivista v0.4.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/jellydator/ttlcache/v3 v3.1.1 // indirect + github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect @@ -106,7 +107,7 @@ require ( github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.0 // indirect - github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/common v0.51.1 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -114,7 +115,7 @@ require ( github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect - github.com/sigstore/fulcio v1.4.4 // indirect + github.com/sigstore/fulcio v1.4.5 // indirect github.com/sigstore/sigstore v1.8.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/sourcegraph/conc v0.3.0 // indirect @@ -136,22 +137,22 @@ require ( go.opentelemetry.io/otel/sdk v1.24.0 // indirect go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.20.0 // indirect + golang.org/x/crypto v0.22.0 // indirect golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.18.0 // indirect - google.golang.org/api v0.169.0 // indirect - google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 // indirect - google.golang.org/grpc v1.62.1 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/api v0.177.0 // indirect + google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/grpc v1.63.2 // indirect + google.golang.org/protobuf v1.34.0 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 6308d742..8ddac05b 100644 --- a/go.sum +++ b/go.sum @@ -1,14 +1,16 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= -cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= -cloud.google.com/go/compute v1.24.0 h1:phWcR2eWzRJaL/kOiJwfFsPs4BaKq1j6vnpZrc1YlVg= -cloud.google.com/go/compute v1.24.0/go.mod h1:kw1/T+h/+tK2LJK0wiPPx1intgdAM3j/g3hFDlscY40= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -cloud.google.com/go/iam v1.1.6 h1:bEa06k05IO4f4uJonbB5iAgKTPpABy1ayxaIZV/GHVc= -cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= -cloud.google.com/go/kms v1.15.8 h1:szIeDCowID8th2i8XE4uRev5PMxQFqW+JjwYxL9h6xs= -cloud.google.com/go/kms v1.15.8/go.mod h1:WoUHcDjD9pluCg7pNds131awnH429QGvRM3N/4MyoVs= +cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= +cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= +cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= +cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= +cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= +cloud.google.com/go/kms v1.15.9 h1:ouZjTxCqDNEdxWfaAAbRzG22s/2iewRw6JPARQL+0vc= +cloud.google.com/go/kms v1.15.9/go.mod h1:5v/R/RRuBUVO+eJioGcqENr3syh8ZqNn1y1Wc9DjM+4= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= @@ -36,10 +38,10 @@ github.com/aws/aws-sdk-go v1.50.38 h1:h8wxaLin7sFGK4sKassc1VpNcDbgAAEQJ5PHjqLAvX github.com/aws/aws-sdk-go v1.50.38/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro= -github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10= -github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI= +github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= +github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= @@ -52,10 +54,10 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.2 h1:3UaqodPQqPh5XowXJ9fWM4TQqwuftYYFvej+RI5uIO8= -github.com/aws/aws-sdk-go-v2/service/kms v1.29.2/go.mod h1:elLDaj+1RNl9Ovn3dB6dWLVo5WQ+VLSUMKegl7N96fY= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= +github.com/aws/aws-sdk-go-v2/service/kms v1.31.0 h1:yl7wcqbisxPzknJVfWTLnK83McUvXba+pz2+tPbIUmQ= +github.com/aws/aws-sdk-go-v2/service/kms v1.31.0/go.mod h1:2snWQJQUKsbN66vAawJuOGX7dr37pfOq9hb0tZDGIqQ= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU= @@ -79,8 +81,8 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo= -github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4= +github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= +github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac= github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= @@ -136,6 +138,8 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -167,8 +171,6 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= @@ -181,7 +183,6 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -197,8 +198,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA= -github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= @@ -207,14 +208,12 @@ github.com/hashicorp/hcl v1.0.1-vault-3 h1:V95v5KSTu6DB5huDSKiq4uAfILEuNigK/+qPE github.com/hashicorp/hcl v1.0.1-vault-3/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0p4I= github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8= -github.com/in-toto/go-witness v0.3.1 h1:Z2GSjGJ0o6FZ+mySSnz+Gc7JQ160/O5eeihMIpiTz8U= -github.com/in-toto/go-witness v0.3.1/go.mod h1:xPxYQ+G37T+tHqW460iGAgdpF6c2EnUZiQJj+PFqxFY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jellydator/ttlcache/v3 v3.1.1 h1:RCgYJqo3jgvhl+fEWvjNW8thxGWsgxi+TPhRir1Y9y8= -github.com/jellydator/ttlcache/v3 v3.1.1/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= +github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= +github.com/jellydator/ttlcache/v3 v3.2.0/go.mod h1:hi7MGFdMAwZna5n2tuvh63DvFLzVKySzCVW6+0gA2n4= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -279,8 +278,8 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.51.1 h1:eIjN50Bwglz6a/c3hAgSMcofL3nD+nFQkV6Dd4DsQCw= +github.com/prometheus/common v0.51.1/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= @@ -299,8 +298,8 @@ github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE= github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= -github.com/sigstore/fulcio v1.4.4 h1:RjfymVe5t3a2CUBfLYo+7xEYuBusZa/XmFGxiYTsAqI= -github.com/sigstore/fulcio v1.4.4/go.mod h1:yYtN6mvEFMSS/m7IM6+3rosUa30+0kgn4hIFbzZARZA= +github.com/sigstore/fulcio v1.4.5 h1:WWNnrOknD0DbruuZWCbN+86WRROpEl3Xts+WT2Ek1yc= +github.com/sigstore/fulcio v1.4.5/go.mod h1:oz3Qwlma8dWcSS/IENR/6SjbW4ipN0cxpRVfgdsjMU8= github.com/sigstore/sigstore v1.8.3 h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4= github.com/sigstore/sigstore v1.8.3/go.mod h1:mqbTEariiGA94cn6G3xnDiV6BD8eSLdL/eA7bvJ0fVs= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= @@ -391,8 +390,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.step.sm/crypto v0.43.1 h1:18Z/M49SnFDPXvFbfoN/ugE1i0J7phLWARhSQs/XSDI= -go.step.sm/crypto v0.43.1/go.mod h1:9n90D/SWjH1hTyQn1hgviUGyK8YRv743S8UZHYbt4BU= +go.step.sm/crypto v0.44.8 h1:jDSHL6FdB1UTA0d56ECNx9XtLVkewzeg38Vy3HWB3N8= +go.step.sm/crypto v0.44.8/go.mod h1:QEmu4T9YewrDuaJnrV1I0zWZ15aJ/mqRUfL5w3R2WgU= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -405,8 +404,8 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg= -golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -437,11 +436,11 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= +golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -449,8 +448,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -468,23 +467,24 @@ golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= @@ -509,29 +509,27 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY= -google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= +google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= +google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c h1:Zmyn5CV/jxzKnF+3d+xzbomACPwLQqVpLTpyXN5uTaQ= -google.golang.org/genproto v0.0.0-20240221002015-b0ce06bbee7c/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 h1:DTJM0R8LECCgFeUwApvcEJHz85HLagW8uRENYxHh1ww= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= -google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -541,10 +539,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= +google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -569,8 +565,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/apimachinery v0.29.4 h1:RaFdJiDmuKs/8cm1M6Dh1Kvyh59YQFDcFuFTSmXes6Q= +k8s.io/apimachinery v0.29.4/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= From 5e3ed0f59a081cf401a37e0a8b621b9a112bbe20 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 8 May 2024 15:32:24 +0100 Subject: [PATCH 09/21] adding check for a source Signed-off-by: chaosinthecrd --- cmd/verify.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/verify.go b/cmd/verify.go index fc4b56e9..71dfe584 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -68,6 +68,10 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt return fmt.Errorf("must supply either a public key, CA certificates or a verifier") } + if vo.ArchivistaOptions.Enable == false && len(vo.AttestationFilePaths) == 0 { + return fmt.Errorf("must either specify attestation file paths or enable archivista as an attestation source") + } + if vo.KeyPath != "" { keyFile, err := os.Open(vo.KeyPath) if err != nil { From 2f1e173636c4f09e31cab990102affe73507078a Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Wed, 8 May 2024 15:34:35 +0100 Subject: [PATCH 10/21] adding changes to appropriately inspect evidence Signed-off-by: chaosinthecrd --- cmd/run.go | 2 +- cmd/verify.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/run.go b/cmd/run.go index 0a51073f..f34b52c5 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -135,7 +135,7 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers . defer out.Close() result, err := witness.Run( ro.StepName, - signers[0], + witness.RunWithSigners(signers...), witness.RunWithAttestors(attestors), witness.RunWithAttestationOpts(attestation.WithWorkingDir(ro.WorkingDir), attestation.WithHashes(roHashes)), witness.RunWithTimestampers(timestampers...), diff --git a/cmd/verify.go b/cmd/verify.go index 71dfe584..267c765d 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -138,10 +138,10 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt witness.VerifyWithCollectionSource(collectionSource), ) if err != nil { - if verifiedEvidence != nil { + if verifiedEvidence.StepResults != nil { log.Error("Verification failed") log.Error("Evidence:") - for step, result := range verifiedEvidence { + for step, result := range verifiedEvidence.StepResults { log.Error("Step: ", step) for _, p := range result.Rejected { if p.Collection.Collection.Name != "" { @@ -158,7 +158,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt log.Info("Verification succeeded") log.Info("Evidence:") num := 0 - for step, result := range verifiedEvidence { + for step, result := range verifiedEvidence.StepResults { log.Info("Step: ", step) for _, p := range result.Passed { log.Info(fmt.Sprintf("%d: %s", num, p.Reference)) From f18e8dca98c9df8bba46649618ffd01bfd5beb87 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 9 May 2024 15:00:01 +0100 Subject: [PATCH 11/21] adding changes for json schemas Signed-off-by: chaosinthecrd --- cmd/attestors.go | 65 ++- docgen/docs.go | 74 +++ docs/attestors/aws-iid.mdx | 23 - docs/attestors/aws.json | 97 ++++ docs/attestors/aws.md | 115 +++++ docs/attestors/command-run.json | 87 ++++ docs/attestors/command-run.md | 97 ++++ docs/attestors/commandrun.mdx | 8 - docs/attestors/environment.json | 33 ++ docs/attestors/environment.md | 35 ++ docs/attestors/gcp-iit.json | 66 +++ docs/attestors/gcp-iit.md | 68 +++ docs/attestors/git.json | 126 +++++ docs/attestors/git.md | 128 ++++++ docs/attestors/github.json | 58 +++ docs/attestors/github.md | 70 +++ docs/attestors/gitlab.json | 70 +++ docs/attestors/gitlab.md | 72 +++ docs/attestors/jwt.json | 485 ++++++++++++++++++++ docs/attestors/jwt.md | 487 ++++++++++++++++++++ docs/attestors/material.json | 12 + docs/attestors/material.md | 14 + docs/attestors/maven.json | 62 +++ docs/attestors/maven.md | 64 +++ docs/attestors/oci.json | 85 ++++ docs/attestors/oci.md | 87 ++++ docs/attestors/product.json | 12 + docs/attestors/product.md | 13 + docs/attestors/sarif.json | 786 +++++++++++++++++++++++++++++++ docs/attestors/sarif.md | 791 ++++++++++++++++++++++++++++++++ 30 files changed, 4156 insertions(+), 34 deletions(-) delete mode 100644 docs/attestors/aws-iid.mdx create mode 100644 docs/attestors/aws.json create mode 100644 docs/attestors/aws.md create mode 100644 docs/attestors/command-run.json create mode 100644 docs/attestors/command-run.md delete mode 100644 docs/attestors/commandrun.mdx create mode 100644 docs/attestors/environment.json create mode 100644 docs/attestors/gcp-iit.json create mode 100644 docs/attestors/git.json create mode 100644 docs/attestors/github.json create mode 100644 docs/attestors/github.md create mode 100644 docs/attestors/gitlab.json create mode 100644 docs/attestors/jwt.json create mode 100644 docs/attestors/material.json create mode 100644 docs/attestors/maven.json create mode 100644 docs/attestors/oci.json create mode 100644 docs/attestors/product.json create mode 100644 docs/attestors/sarif.json create mode 100644 docs/attestors/sarif.md diff --git a/cmd/attestors.go b/cmd/attestors.go index 91c4590e..cc3e9e35 100644 --- a/cmd/attestors.go +++ b/cmd/attestors.go @@ -15,7 +15,9 @@ package cmd import ( + "bytes" "context" + "encoding/json" "fmt" "os" @@ -27,21 +29,48 @@ import ( func AttestorsCmd() *cobra.Command { cmd := &cobra.Command{ - Use: "attestors", + Use: "attestors", + Short: "Get information about available attestors", + Long: "Get information about all the available attestors in Witness", + } + + cmd.AddCommand(SchemaCmd()) + cmd.AddCommand(ListCmd()) + + return cmd +} + +func ListCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "list", Short: "List all available attestors", Long: "Lists all the available attestors in Witness with supporting information", SilenceErrors: true, SilenceUsage: true, DisableAutoGenTag: true, RunE: func(cmd *cobra.Command, args []string) error { - return runAttestors(cmd.Context()) + return runList(cmd.Context()) }, } + return cmd +} +func SchemaCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "schema", + Short: "Show the JSON schema of a specific attestor", + Long: "Print the JSON schema of the predicate that the specified attestor generates", + SilenceErrors: true, + SilenceUsage: true, + DisableAutoGenTag: true, + RunE: func(cmd *cobra.Command, args []string) error { + return runSchema(cmd.Context(), args) + }, + } return cmd } -func runAttestors(ctx context.Context) error { +func runList(ctx context.Context) error { items := [][]string{} entries := attestation.RegistrationEntries() for _, entry := range entries { @@ -73,3 +102,33 @@ func runAttestors(ctx context.Context) error { return nil } + +func runSchema(ctx context.Context, args []string) error { + if len(args) == 0 { + return fmt.Errorf("You must specify an attestor to view the schema of. Use 'witness attestors' for a list of available attestors.") + } else if len(args) > 1 { + return fmt.Errorf("You can only get one attestor schema at a time.") + } + + attestor, err := attestation.GetAttestor(args[0]) + if err != nil { + return fmt.Errorf("Error getting attestor: %w", err) + } + + schema := attestor.Schema() + schemaJson, err := schema.MarshalJSON() + if err != nil { + return fmt.Errorf("Error marshalling JSON schema: %w", err) + } + + var indented bytes.Buffer + err = json.Indent(&indented, schemaJson, "", " ") + if err != nil { + fmt.Println("Error marshalling JSON schema:", err) + os.Exit(1) + } + + fmt.Print(indented.String()) + + return nil +} diff --git a/docgen/docs.go b/docgen/docs.go index 2e1fc4e7..12041c68 100644 --- a/docgen/docs.go +++ b/docgen/docs.go @@ -16,12 +16,31 @@ package main import ( "bytes" + "encoding/json" "flag" "fmt" + "log" "os" + "strings" "github.com/in-toto/witness/cmd" "github.com/spf13/cobra/doc" + + "github.com/in-toto/go-witness/attestation" + // this feels like an annoying way of importing them as it will need edited for each attestor added + _ "github.com/in-toto/go-witness/attestation/aws-iid" + _ "github.com/in-toto/go-witness/attestation/commandrun" + _ "github.com/in-toto/go-witness/attestation/environment" + _ "github.com/in-toto/go-witness/attestation/gcp-iit" + _ "github.com/in-toto/go-witness/attestation/git" + _ "github.com/in-toto/go-witness/attestation/github" + _ "github.com/in-toto/go-witness/attestation/gitlab" + _ "github.com/in-toto/go-witness/attestation/jwt" + _ "github.com/in-toto/go-witness/attestation/material" + _ "github.com/in-toto/go-witness/attestation/maven" + _ "github.com/in-toto/go-witness/attestation/oci" + _ "github.com/in-toto/go-witness/attestation/product" + _ "github.com/in-toto/go-witness/attestation/sarif" ) var directory string @@ -32,6 +51,7 @@ func init() { } func main() { + log.Println("Generating CLI Reference documentation") mdContent := "# Witness CLI Reference\n\nThis is the reference for the Witness command line tool, generated by [Cobra](https://cobra.dev/).\n\n" // Generate markdown content for all commands for _, command := range cmd.New().Commands() { @@ -55,4 +75,58 @@ func main() { fmt.Println("Error writing to file:", err) os.Exit(1) } + + log.Println("Documentation generated successfully") + + entries := attestation.RegistrationEntries() + for _, entry := range entries { + att := entry.Factory() + schema := att.Schema() + schemaJson, err := schema.MarshalJSON() + if err != nil { + fmt.Println("Error marshalling JSON schema:", err) + os.Exit(1) + } + + var indented bytes.Buffer + err = json.Indent(&indented, schemaJson, "", " ") + if err != nil { + fmt.Println("Error marshalling JSON schema:", err) + os.Exit(1) + } + + schemaContent := "## Schema" + "\n```json\n" + indented.String() + "```\n" + os.WriteFile(fmt.Sprintf("%s/attestors/%s.json", directory, att.Name()), []byte(indented.String()+"\n "), 0644) + f, err := os.ReadFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name())) + if err != nil { + fmt.Println("Error reading file:", err) + os.Exit(1) + } + log.Println(string(f)) + + // Find the index of "## Schema" string + index := strings.Index(string(f), "## Schema") + if index == -1 { + f = append(f, schemaContent...) + + err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name()), f, 0644) + if err != nil { + fmt.Println("Error writing to file:", err) + os.Exit(1) + } + continue + } + + // Truncate the content to remove everything after "## Schema" + f = f[:index] + + f = append(f, schemaContent...) + + err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name()), f, 0644) + if err != nil { + fmt.Println("Error writing to file:", err) + os.Exit(1) + } + + } } diff --git a/docs/attestors/aws-iid.mdx b/docs/attestors/aws-iid.mdx deleted file mode 100644 index 2d03c1a1..00000000 --- a/docs/attestors/aws-iid.mdx +++ /dev/null @@ -1,23 +0,0 @@ -import JSONRenderer from './json'; - -# AWS Instance Identity Attestor - -The AWS (Amazon Web Services) Instance Identity Attestor communicates with the AWS Instance Metadata to collect -information about the AWS instance Witness on which executing. The document signature is -verified with the AWS RSA public certificate available [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html). -This verification method currently does not work for the Hong Kong, Bahrain, Cape Town, Milan, China, or -GovCloud regions. - -## Subjects - -| Subject | Description | -| ------- | ----------- | -| `instanceid` | The ID of the AWS instance where Witness was executed | -| `accountid` | ID of the account that owns the AWS instance | -| `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution | -| `privateip` | IP address of the instance at time of execution | - -## Schema - - -The original schema of the AWS Instance Identity attestor is available [here](https://raw.githubusercontent.com/chaosinthecrd/go-witness/attestor-json-schema/schemagen/aws.json). diff --git a/docs/attestors/aws.json b/docs/attestors/aws.json new file mode 100644 index 00000000..2c3987b6 --- /dev/null +++ b/docs/attestors/aws.json @@ -0,0 +1,97 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "devpayProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "marketplaceProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "availabilityZone": { + "type": "string" + }, + "privateIp": { + "type": "string" + }, + "version": { + "type": "string" + }, + "region": { + "type": "string" + }, + "instanceId": { + "type": "string" + }, + "billingProducts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceType": { + "type": "string" + }, + "accountId": { + "type": "string" + }, + "pendingTime": { + "type": "string", + "format": "date-time" + }, + "imageId": { + "type": "string" + }, + "kernelId": { + "type": "string" + }, + "ramdiskId": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "rawiid": { + "type": "string" + }, + "rawsig": { + "type": "string" + }, + "publickey": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "devpayProductCodes", + "marketplaceProductCodes", + "availabilityZone", + "privateIp", + "version", + "region", + "instanceId", + "billingProducts", + "instanceType", + "accountId", + "pendingTime", + "imageId", + "kernelId", + "ramdiskId", + "architecture", + "rawiid", + "rawsig", + "publickey" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/aws.md b/docs/attestors/aws.md new file mode 100644 index 00000000..92e4e873 --- /dev/null +++ b/docs/attestors/aws.md @@ -0,0 +1,115 @@ +# AWS Instance Identity Attestor + +The AWS (Amazon Web Services) Instance Identity Attestor communicates with the AWS Instance Metadata to collect +information about the AWS instance Witness on which executing. The document signature is +verified with the AWS RSA public certificate available [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/verify-signature.html). +This verification method currently does not work for the Hong Kong, Bahrain, Cape Town, Milan, China, or +GovCloud regions. + +## Subjects + +| Subject | Description | +| ------- | ----------- | +| `instanceid` | The ID of the AWS instance where Witness was executed | +| `accountid` | ID of the account that owns the AWS instance | +| `imageid` | ID of the AMI ([Amazon Machine Image](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html)) the instance was running at time of execution | +| `privateip` | IP address of the instance at time of execution | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "devpayProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "marketplaceProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "availabilityZone": { + "type": "string" + }, + "privateIp": { + "type": "string" + }, + "version": { + "type": "string" + }, + "region": { + "type": "string" + }, + "instanceId": { + "type": "string" + }, + "billingProducts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceType": { + "type": "string" + }, + "accountId": { + "type": "string" + }, + "pendingTime": { + "type": "string", + "format": "date-time" + }, + "imageId": { + "type": "string" + }, + "kernelId": { + "type": "string" + }, + "ramdiskId": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "rawiid": { + "type": "string" + }, + "rawsig": { + "type": "string" + }, + "publickey": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "devpayProductCodes", + "marketplaceProductCodes", + "availabilityZone", + "privateIp", + "version", + "region", + "instanceId", + "billingProducts", + "instanceType", + "accountId", + "pendingTime", + "imageId", + "kernelId", + "ramdiskId", + "architecture", + "rawiid", + "rawsig", + "publickey" + ] + } + } +}``` diff --git a/docs/attestors/command-run.json b/docs/attestors/command-run.json new file mode 100644 index 00000000..665fb032 --- /dev/null +++ b/docs/attestors/command-run.json @@ -0,0 +1,87 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/CommandRun", + "$defs": { + "CommandRun": { + "properties": { + "cmd": { + "items": { + "type": "string" + }, + "type": "array" + }, + "stdout": { + "type": "string" + }, + "stderr": { + "type": "string" + }, + "exitcode": { + "type": "integer" + }, + "processes": { + "items": { + "$ref": "#/$defs/ProcessInfo" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "cmd", + "exitcode" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ProcessInfo": { + "properties": { + "program": { + "type": "string" + }, + "processid": { + "type": "integer" + }, + "parentpid": { + "type": "integer" + }, + "programdigest": { + "$ref": "#/$defs/DigestSet" + }, + "comm": { + "type": "string" + }, + "cmdline": { + "type": "string" + }, + "exedigest": { + "$ref": "#/$defs/DigestSet" + }, + "openedfiles": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + }, + "environ": { + "type": "string" + }, + "specbypassisvuln": { + "type": "boolean" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "processid", + "parentpid" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/command-run.md b/docs/attestors/command-run.md new file mode 100644 index 00000000..8f76500e --- /dev/null +++ b/docs/attestors/command-run.md @@ -0,0 +1,97 @@ +# Command Attestor + +The Command Attestor collects information about a command that TestifySec Witness executes and observes. +The command arguments, exit code, stdout, and stderr will be collected and added to the attestation. + +Witness can optionally trace the command which will record all subprocesses started by the parent process +as well as all files opened by all processes. Please note that tracing is currently supported only on +Linux operating systems and is considered experimental. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/CommandRun", + "$defs": { + "CommandRun": { + "properties": { + "cmd": { + "items": { + "type": "string" + }, + "type": "array" + }, + "stdout": { + "type": "string" + }, + "stderr": { + "type": "string" + }, + "exitcode": { + "type": "integer" + }, + "processes": { + "items": { + "$ref": "#/$defs/ProcessInfo" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "cmd", + "exitcode" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ProcessInfo": { + "properties": { + "program": { + "type": "string" + }, + "processid": { + "type": "integer" + }, + "parentpid": { + "type": "integer" + }, + "programdigest": { + "$ref": "#/$defs/DigestSet" + }, + "comm": { + "type": "string" + }, + "cmdline": { + "type": "string" + }, + "exedigest": { + "$ref": "#/$defs/DigestSet" + }, + "openedfiles": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + }, + "environ": { + "type": "string" + }, + "specbypassisvuln": { + "type": "boolean" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "processid", + "parentpid" + ] + } + } +}``` diff --git a/docs/attestors/commandrun.mdx b/docs/attestors/commandrun.mdx deleted file mode 100644 index 57547417..00000000 --- a/docs/attestors/commandrun.mdx +++ /dev/null @@ -1,8 +0,0 @@ -# Command Attestor - -The Command Attestor collects information about a command that TestifySec Witness executes and observes. -The command arguments, exit code, stdout, and stderr will be collected and added to the attestation. - -Witness can optionally trace the command which will record all subprocesses started by the parent process -as well as all files opened by all processes. Please note that tracing is currently supported only on -Linux operating systems and is considered experimental. diff --git a/docs/attestors/environment.json b/docs/attestors/environment.json new file mode 100644 index 00000000..f7dd135f --- /dev/null +++ b/docs/attestors/environment.json @@ -0,0 +1,33 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "os": { + "type": "string" + }, + "hostname": { + "type": "string" + }, + "username": { + "type": "string" + }, + "variables": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "os", + "hostname", + "username" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/environment.md b/docs/attestors/environment.md index 1743071b..30503db7 100644 --- a/docs/attestors/environment.md +++ b/docs/attestors/environment.md @@ -3,3 +3,38 @@ The Environment Attestor records the OS, hostname, username, and all environment variables set by TestifySec Witness at execution time. Currently there is no means to block specific environment variables so take care to not leak secrets stored in environment variables. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "os": { + "type": "string" + }, + "hostname": { + "type": "string" + }, + "username": { + "type": "string" + }, + "variables": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "os", + "hostname", + "username" + ] + } + } +}``` diff --git a/docs/attestors/gcp-iit.json b/docs/attestors/gcp-iit.json new file mode 100644 index 00000000..2561ba03 --- /dev/null +++ b/docs/attestors/gcp-iit.json @@ -0,0 +1,66 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "project_id": { + "type": "string" + }, + "project_number": { + "type": "string" + }, + "zone": { + "type": "string" + }, + "instance_id": { + "type": "string" + }, + "instance_hostname": { + "type": "string" + }, + "instance_creation_timestamp": { + "type": "string" + }, + "instance_confidentiality": { + "type": "string" + }, + "licence_id": { + "items": { + "type": "string" + }, + "type": "array" + }, + "cluster_name": { + "type": "string" + }, + "cluster_uid": { + "type": "string" + }, + "cluster_location": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwt", + "project_id", + "project_number", + "zone", + "instance_id", + "instance_hostname", + "instance_creation_timestamp", + "instance_confidentiality", + "licence_id", + "cluster_name", + "cluster_uid", + "cluster_location" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/gcp-iit.md b/docs/attestors/gcp-iit.md index 51c217af..60bca307 100644 --- a/docs/attestors/gcp-iit.md +++ b/docs/attestors/gcp-iit.md @@ -13,3 +13,71 @@ against Google's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/j | `projectid` | The ID of the project to which the instance belonged | | `projectnumber` | Number of the project to which the instance belonged | | `clusteruid` | UID of the cluster if the execution environment was a [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine) (GKE) cluster | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "project_id": { + "type": "string" + }, + "project_number": { + "type": "string" + }, + "zone": { + "type": "string" + }, + "instance_id": { + "type": "string" + }, + "instance_hostname": { + "type": "string" + }, + "instance_creation_timestamp": { + "type": "string" + }, + "instance_confidentiality": { + "type": "string" + }, + "licence_id": { + "items": { + "type": "string" + }, + "type": "array" + }, + "cluster_name": { + "type": "string" + }, + "cluster_uid": { + "type": "string" + }, + "cluster_location": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwt", + "project_id", + "project_number", + "zone", + "instance_id", + "instance_hostname", + "instance_creation_timestamp", + "instance_confidentiality", + "licence_id", + "cluster_name", + "cluster_uid", + "cluster_location" + ] + } + } +}``` diff --git a/docs/attestors/git.json b/docs/attestors/git.json new file mode 100644 index 00000000..60949efc --- /dev/null +++ b/docs/attestors/git.json @@ -0,0 +1,126 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "commithash": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authoremail": { + "type": "string" + }, + "committername": { + "type": "string" + }, + "committeremail": { + "type": "string" + }, + "commitdate": { + "type": "string" + }, + "commitmessage": { + "type": "string" + }, + "status": { + "additionalProperties": { + "$ref": "#/$defs/Status" + }, + "type": "object" + }, + "commitdigest": { + "$ref": "#/$defs/DigestSet" + }, + "signature": { + "type": "string" + }, + "parenthashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "treehash": { + "type": "string" + }, + "refs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tags": { + "items": { + "$ref": "#/$defs/Tag" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "commithash", + "author", + "authoremail", + "committername", + "committeremail", + "commitdate", + "commitmessage" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Status": { + "properties": { + "staging": { + "type": "string" + }, + "worktree": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Tag": { + "properties": { + "name": { + "type": "string" + }, + "taggername": { + "type": "string" + }, + "taggeremail": { + "type": "string" + }, + "when": { + "type": "string" + }, + "pgpsignature": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "taggername", + "taggeremail", + "when", + "pgpsignature", + "message" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/git.md b/docs/attestors/git.md index 636e1bd4..a7a10ce2 100644 --- a/docs/attestors/git.md +++ b/docs/attestors/git.md @@ -7,3 +7,131 @@ Both staged and unstaged states are recorded. ## Subjects The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.org/wiki/SHA-1)) git commit hash as a subject. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "commithash": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authoremail": { + "type": "string" + }, + "committername": { + "type": "string" + }, + "committeremail": { + "type": "string" + }, + "commitdate": { + "type": "string" + }, + "commitmessage": { + "type": "string" + }, + "status": { + "additionalProperties": { + "$ref": "#/$defs/Status" + }, + "type": "object" + }, + "commitdigest": { + "$ref": "#/$defs/DigestSet" + }, + "signature": { + "type": "string" + }, + "parenthashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "treehash": { + "type": "string" + }, + "refs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tags": { + "items": { + "$ref": "#/$defs/Tag" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "commithash", + "author", + "authoremail", + "committername", + "committeremail", + "commitdate", + "commitmessage" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Status": { + "properties": { + "staging": { + "type": "string" + }, + "worktree": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Tag": { + "properties": { + "name": { + "type": "string" + }, + "taggername": { + "type": "string" + }, + "taggeremail": { + "type": "string" + }, + "when": { + "type": "string" + }, + "pgpsignature": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "taggername", + "taggeremail", + "when", + "pgpsignature", + "message" + ] + } + } +}``` diff --git a/docs/attestors/github.json b/docs/attestors/github.json new file mode 100644 index 00000000..f85ab6e3 --- /dev/null +++ b/docs/attestors/github.json @@ -0,0 +1,58 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "ciconfigpath": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelinename": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + }, + "runnerarch": { + "type": "string" + }, + "runneros": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "pipelineid", + "pipelinename", + "pipelineurl", + "projecturl", + "runnerid", + "cihost", + "ciserverurl", + "runnerarch", + "runneros" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/github.md b/docs/attestors/github.md new file mode 100644 index 00000000..a532c95c --- /dev/null +++ b/docs/attestors/github.md @@ -0,0 +1,70 @@ +# Github Attestor + +The [Github](https://github.com/about) Attestor records information about the [GitHub Actions](https://docs.github.com/en/actions) workflow execution in which Witness was run. Witness verifies the JWT ([JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token)) provided by the token service (configured with the `ACTIONS_ID_TOKEN_REQUEST_URL` environment variable) against the Github's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets)) to ensure authenticity at execution time. + +## Subjects + +| Subject | Description | +| ------- | ----------- | +| `pipelineurl` | URL of the CI/CD pipeline to which this job belonged | +| `projecturl` | URL of the project that owns the CI/CD pipeline and job | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "ciconfigpath": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelinename": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + }, + "runnerarch": { + "type": "string" + }, + "runneros": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "pipelineid", + "pipelinename", + "pipelineurl", + "projecturl", + "runnerid", + "cihost", + "ciserverurl", + "runnerarch", + "runneros" + ] + } + } +}``` diff --git a/docs/attestors/gitlab.json b/docs/attestors/gitlab.json new file mode 100644 index 00000000..ebdf3563 --- /dev/null +++ b/docs/attestors/gitlab.json @@ -0,0 +1,70 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "ciconfigpath": { + "type": "string" + }, + "jobid": { + "type": "string" + }, + "jobimage": { + "type": "string" + }, + "jobname": { + "type": "string" + }, + "jobstage": { + "type": "string" + }, + "joburl": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projectid": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "jobid", + "jobimage", + "jobname", + "jobstage", + "joburl", + "pipelineid", + "pipelineurl", + "projectid", + "projecturl", + "runnerid", + "cihost", + "ciserverurl" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/gitlab.md b/docs/attestors/gitlab.md index a183cc25..1005d1e1 100644 --- a/docs/attestors/gitlab.md +++ b/docs/attestors/gitlab.md @@ -11,3 +11,75 @@ instance's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-we | `pipelineurl` | URL of the CI/CD pipeline to which this job belonged | | `joburl` | URL of the CI/CD job that this attestor describes | | `projecturl` | URL of the project that owns the CI/CD pipeline and job | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$ref": "#/$defs/Attestor" + }, + "ciconfigpath": { + "type": "string" + }, + "jobid": { + "type": "string" + }, + "jobimage": { + "type": "string" + }, + "jobname": { + "type": "string" + }, + "jobstage": { + "type": "string" + }, + "joburl": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projectid": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "jobid", + "jobimage", + "jobname", + "jobstage", + "joburl", + "pipelineid", + "pipelineurl", + "projectid", + "projecturl", + "runnerid", + "cihost", + "ciserverurl" + ] + } + } +}``` diff --git a/docs/attestors/jwt.json b/docs/attestors/jwt.json new file mode 100644 index 00000000..15e6e211 --- /dev/null +++ b/docs/attestors/jwt.json @@ -0,0 +1,485 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/jwt.md b/docs/attestors/jwt.md index 992ae9f3..7e8c55e1 100644 --- a/docs/attestors/jwt.md +++ b/docs/attestors/jwt.md @@ -2,3 +2,490 @@ The JWT ([JSON Web Token](https://en.wikipedia.org/wiki/JSON_Web_Token)) Attestor verifies a JWT against a JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets)) and records information about the claims of the JWT. The JWK that was used to verify the JWT is also recorded. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } +}``` diff --git a/docs/attestors/material.json b/docs/attestors/material.json new file mode 100644 index 00000000..a3a06f4a --- /dev/null +++ b/docs/attestors/material.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": {}, + "additionalProperties": false, + "type": "object" + } + } +} + \ No newline at end of file diff --git a/docs/attestors/material.md b/docs/attestors/material.md index bf165a27..d2afb7d5 100644 --- a/docs/attestors/material.md +++ b/docs/attestors/material.md @@ -3,3 +3,17 @@ The Material Attestor records the digests of all files in the working directory of TestifySec Witness at exection time, but before any command is run. This recording provides information about the state of all files before any changes are made by a command. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": {}, + "additionalProperties": false, + "type": "object" + } + } +}``` diff --git a/docs/attestors/maven.json b/docs/attestors/maven.json new file mode 100644 index 00000000..fe041001 --- /dev/null +++ b/docs/attestors/maven.json @@ -0,0 +1,62 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "projectname": { + "type": "string" + }, + "dependencies": { + "items": { + "$ref": "#/$defs/MavenDependency" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "projectname", + "dependencies" + ] + }, + "MavenDependency": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "scope" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/maven.md b/docs/attestors/maven.md index 1fb48210..43018732 100644 --- a/docs/attestors/maven.md +++ b/docs/attestors/maven.md @@ -8,3 +8,67 @@ The [Maven](https://maven.apache.org/) Attestor records project and dependency i | ------- | ----------- | | `project:group/artifact@version` | The group, artifact, and version of the project to which the pom.xml belongs | | `dependency:group/artifact@version` | The group, artifact, and verion of each dependency in the pom.xml | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "projectname": { + "type": "string" + }, + "dependencies": { + "items": { + "$ref": "#/$defs/MavenDependency" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "projectname", + "dependencies" + ] + }, + "MavenDependency": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "scope" + ] + } + } +}``` diff --git a/docs/attestors/oci.json b/docs/attestors/oci.json new file mode 100644 index 00000000..17f56a0b --- /dev/null +++ b/docs/attestors/oci.json @@ -0,0 +1,85 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "tardigest": { + "$ref": "#/$defs/DigestSet" + }, + "manifest": { + "items": { + "$ref": "#/$defs/Manifest" + }, + "type": "array" + }, + "imagetags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "diffids": { + "items": { + "$ref": "#/$defs/DigestSet" + }, + "type": "array" + }, + "imageid": { + "$ref": "#/$defs/DigestSet" + }, + "manifestraw": { + "type": "string", + "contentEncoding": "base64" + }, + "manifestdigest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tardigest", + "manifest", + "imagetags", + "diffids", + "imageid", + "manifestraw", + "manifestdigest" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Manifest": { + "properties": { + "Config": { + "type": "string" + }, + "RepoTags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Layers": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Config", + "RepoTags", + "Layers" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/oci.md b/docs/attestors/oci.md index 51898cbf..0c70c096 100644 --- a/docs/attestors/oci.md +++ b/docs/attestors/oci.md @@ -11,3 +11,90 @@ attestation. | `tardigest` | Digest of the tarred image | | `imageid` | ID of the image | | `layerdiffid` | Layer diff IDs of the image | + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "tardigest": { + "$ref": "#/$defs/DigestSet" + }, + "manifest": { + "items": { + "$ref": "#/$defs/Manifest" + }, + "type": "array" + }, + "imagetags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "diffids": { + "items": { + "$ref": "#/$defs/DigestSet" + }, + "type": "array" + }, + "imageid": { + "$ref": "#/$defs/DigestSet" + }, + "manifestraw": { + "type": "string", + "contentEncoding": "base64" + }, + "manifestdigest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tardigest", + "manifest", + "imagetags", + "diffids", + "imageid", + "manifestraw", + "manifestdigest" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Manifest": { + "properties": { + "Config": { + "type": "string" + }, + "RepoTags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Layers": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Config", + "RepoTags", + "Layers" + ] + } + } +}``` diff --git a/docs/attestors/product.json b/docs/attestors/product.json new file mode 100644 index 00000000..a3a06f4a --- /dev/null +++ b/docs/attestors/product.json @@ -0,0 +1,12 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": {}, + "additionalProperties": false, + "type": "object" + } + } +} + \ No newline at end of file diff --git a/docs/attestors/product.md b/docs/attestors/product.md index e3fd59a5..9bdbf393 100644 --- a/docs/attestors/product.md +++ b/docs/attestors/product.md @@ -6,3 +6,16 @@ products in the command. Digests and MIME types of any changed or created files ## Subjects All subjects are reported as subjects. +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": {}, + "additionalProperties": false, + "type": "object" + } + } +}``` diff --git a/docs/attestors/sarif.json b/docs/attestors/sarif.json new file mode 100644 index 00000000..d44409de --- /dev/null +++ b/docs/attestors/sarif.json @@ -0,0 +1,786 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Address": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "absoluteAddress": { + "type": "integer" + }, + "relativeAddress": { + "type": "integer" + }, + "offsetFromParent": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Artifact": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "location": { + "$ref": "#/$defs/ArtifactLocation" + }, + "parentIndex": { + "type": "integer" + }, + "offset": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mimeType": { + "type": "string" + }, + "contents": { + "$ref": "#/$defs/ArtifactContent" + }, + "encoding": { + "type": "string" + }, + "sourceLanguage": { + "type": "string" + }, + "hashes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "lastModifiedTimeUtc": { + "type": "string" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "length" + ] + }, + "ArtifactChange": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "replacements": { + "items": { + "$ref": "#/$defs/Replacement" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactLocation", + "replacements" + ] + }, + "ArtifactContent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "binary": { + "type": "string" + }, + "rendered": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ArtifactLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "uri": { + "type": "string" + }, + "uriBaseId": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Attestor": { + "properties": { + "report": { + "$ref": "#/$defs/Report" + }, + "reportFileName": { + "type": "string" + }, + "reportDigestSet": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "report", + "reportFileName", + "reportDigestSet" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Fix": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "description": { + "$ref": "#/$defs/Message" + }, + "artifactChanges": { + "items": { + "$ref": "#/$defs/ArtifactChange" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactChanges" + ] + }, + "Invocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startTimeUtc": { + "type": "string", + "format": "date-time" + }, + "endTimeUtc": { + "type": "string", + "format": "date-time" + }, + "executionSuccessful": { + "type": "boolean" + }, + "workingDirectory": { + "$ref": "#/$defs/ArtifactLocation" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "executionSuccessful" + ] + }, + "Location": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "integer" + }, + "physicalLocation": { + "$ref": "#/$defs/PhysicalLocation" + }, + "logicalLocations": { + "items": { + "$ref": "#/$defs/LogicalLocation" + }, + "type": "array" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "annotations": { + "items": { + "$ref": "#/$defs/Region" + }, + "type": "array" + }, + "relationships": { + "items": { + "$ref": "#/$defs/LocationRelationship" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "LocationRelationship": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "target": { + "type": "integer" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "target" + ] + }, + "LogicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "decoratedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Message": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + }, + "id": { + "type": "string" + }, + "arguments": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "MultiformatMessageString": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "PhysicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "region": { + "$ref": "#/$defs/Region" + }, + "contextRegion": { + "$ref": "#/$defs/Region" + }, + "address": { + "$ref": "#/$defs/Address" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Properties": { + "type": "object" + }, + "PropertyBag": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Region": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startLine": { + "type": "integer" + }, + "startColumn": { + "type": "integer" + }, + "endLine": { + "type": "integer" + }, + "endColumn": { + "type": "integer" + }, + "charOffset": { + "type": "integer" + }, + "charLength": { + "type": "integer" + }, + "byteOffset": { + "type": "integer" + }, + "byteLength": { + "type": "integer" + }, + "snippet": { + "$ref": "#/$defs/ArtifactContent" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "sourceLanguage": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Replacement": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "deletedRegion": { + "$ref": "#/$defs/Region" + }, + "insertedContent": { + "$ref": "#/$defs/ArtifactContent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "deletedRegion" + ] + }, + "Report": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "version": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "runs": { + "items": { + "$ref": "#/$defs/Run" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "version", + "$schema", + "runs" + ] + }, + "ReportingConfiguration": { + "properties": { + "enabled": { + "type": "boolean" + }, + "level": true, + "parameters": { + "$ref": "#/$defs/PropertyBag" + }, + "properties": { + "$ref": "#/$defs/PropertyBag" + }, + "rank": { + "type": "number" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ReportingDescriptor": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "shortDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "fullDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "defaultConfiguration": { + "$ref": "#/$defs/ReportingConfiguration" + }, + "helpUri": { + "type": "string" + }, + "help": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id", + "shortDescription" + ] + }, + "ReportingDescriptorReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + }, + "toolComponent": { + "$ref": "#/$defs/ToolComponentReference" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Result": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "guid": { + "type": "string" + }, + "correlationGuid": { + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "ruleIndex": { + "type": "integer" + }, + "rule": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "level": { + "type": "string" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "locations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "analysisTarget": { + "$ref": "#/$defs/ArtifactLocation" + }, + "fingerprints": { + "type": "object" + }, + "partialFingerprints": { + "type": "object" + }, + "relatedLocations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "suppressions": { + "items": { + "$ref": "#/$defs/Suppression" + }, + "type": "array" + }, + "baselineState": { + "type": "string" + }, + "rank": { + "type": "number" + }, + "workItemUris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "hostedViewerUri": { + "type": "string" + }, + "fixes": { + "items": { + "$ref": "#/$defs/Fix" + }, + "type": "array" + }, + "occurrenceCount": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "message" + ] + }, + "Run": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "tool": { + "$ref": "#/$defs/Tool" + }, + "invocations": { + "items": { + "$ref": "#/$defs/Invocation" + }, + "type": "array" + }, + "artifacts": { + "items": { + "$ref": "#/$defs/Artifact" + }, + "type": "array" + }, + "results": { + "items": { + "$ref": "#/$defs/Result" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tool", + "results" + ] + }, + "Suppression": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "kind": { + "type": "string" + }, + "status": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Location" + }, + "guid": { + "type": "string" + }, + "justification": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "status", + "location", + "guid", + "justification" + ] + }, + "Tool": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "driver": { + "$ref": "#/$defs/ToolComponent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ] + }, + "ToolComponent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "informationUri": { + "type": "string" + }, + "notifications": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "rules": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "informationUri" + ] + }, + "ToolComponentReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "index", + "guid" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/sarif.md b/docs/attestors/sarif.md new file mode 100644 index 00000000..75216656 --- /dev/null +++ b/docs/attestors/sarif.md @@ -0,0 +1,791 @@ +# Sarif Attestor + +The Sarif attestor records the contents of any [products](./product.md) that are valid [SARIF](https://sarifweb.azurewebsites.net/) files. The SARIF file is parsed and the contents are recorded in the attestation. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Address": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "absoluteAddress": { + "type": "integer" + }, + "relativeAddress": { + "type": "integer" + }, + "offsetFromParent": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Artifact": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "location": { + "$ref": "#/$defs/ArtifactLocation" + }, + "parentIndex": { + "type": "integer" + }, + "offset": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mimeType": { + "type": "string" + }, + "contents": { + "$ref": "#/$defs/ArtifactContent" + }, + "encoding": { + "type": "string" + }, + "sourceLanguage": { + "type": "string" + }, + "hashes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "lastModifiedTimeUtc": { + "type": "string" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "length" + ] + }, + "ArtifactChange": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "replacements": { + "items": { + "$ref": "#/$defs/Replacement" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactLocation", + "replacements" + ] + }, + "ArtifactContent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "binary": { + "type": "string" + }, + "rendered": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ArtifactLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "uri": { + "type": "string" + }, + "uriBaseId": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Attestor": { + "properties": { + "report": { + "$ref": "#/$defs/Report" + }, + "reportFileName": { + "type": "string" + }, + "reportDigestSet": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "report", + "reportFileName", + "reportDigestSet" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Fix": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "description": { + "$ref": "#/$defs/Message" + }, + "artifactChanges": { + "items": { + "$ref": "#/$defs/ArtifactChange" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactChanges" + ] + }, + "Invocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startTimeUtc": { + "type": "string", + "format": "date-time" + }, + "endTimeUtc": { + "type": "string", + "format": "date-time" + }, + "executionSuccessful": { + "type": "boolean" + }, + "workingDirectory": { + "$ref": "#/$defs/ArtifactLocation" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "executionSuccessful" + ] + }, + "Location": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "integer" + }, + "physicalLocation": { + "$ref": "#/$defs/PhysicalLocation" + }, + "logicalLocations": { + "items": { + "$ref": "#/$defs/LogicalLocation" + }, + "type": "array" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "annotations": { + "items": { + "$ref": "#/$defs/Region" + }, + "type": "array" + }, + "relationships": { + "items": { + "$ref": "#/$defs/LocationRelationship" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "LocationRelationship": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "target": { + "type": "integer" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "target" + ] + }, + "LogicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "decoratedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Message": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + }, + "id": { + "type": "string" + }, + "arguments": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "MultiformatMessageString": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "PhysicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "region": { + "$ref": "#/$defs/Region" + }, + "contextRegion": { + "$ref": "#/$defs/Region" + }, + "address": { + "$ref": "#/$defs/Address" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Properties": { + "type": "object" + }, + "PropertyBag": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Region": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startLine": { + "type": "integer" + }, + "startColumn": { + "type": "integer" + }, + "endLine": { + "type": "integer" + }, + "endColumn": { + "type": "integer" + }, + "charOffset": { + "type": "integer" + }, + "charLength": { + "type": "integer" + }, + "byteOffset": { + "type": "integer" + }, + "byteLength": { + "type": "integer" + }, + "snippet": { + "$ref": "#/$defs/ArtifactContent" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "sourceLanguage": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Replacement": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "deletedRegion": { + "$ref": "#/$defs/Region" + }, + "insertedContent": { + "$ref": "#/$defs/ArtifactContent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "deletedRegion" + ] + }, + "Report": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "version": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "runs": { + "items": { + "$ref": "#/$defs/Run" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "version", + "$schema", + "runs" + ] + }, + "ReportingConfiguration": { + "properties": { + "enabled": { + "type": "boolean" + }, + "level": true, + "parameters": { + "$ref": "#/$defs/PropertyBag" + }, + "properties": { + "$ref": "#/$defs/PropertyBag" + }, + "rank": { + "type": "number" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ReportingDescriptor": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "shortDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "fullDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "defaultConfiguration": { + "$ref": "#/$defs/ReportingConfiguration" + }, + "helpUri": { + "type": "string" + }, + "help": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id", + "shortDescription" + ] + }, + "ReportingDescriptorReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + }, + "toolComponent": { + "$ref": "#/$defs/ToolComponentReference" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Result": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "guid": { + "type": "string" + }, + "correlationGuid": { + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "ruleIndex": { + "type": "integer" + }, + "rule": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "level": { + "type": "string" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "locations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "analysisTarget": { + "$ref": "#/$defs/ArtifactLocation" + }, + "fingerprints": { + "type": "object" + }, + "partialFingerprints": { + "type": "object" + }, + "relatedLocations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "suppressions": { + "items": { + "$ref": "#/$defs/Suppression" + }, + "type": "array" + }, + "baselineState": { + "type": "string" + }, + "rank": { + "type": "number" + }, + "workItemUris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "hostedViewerUri": { + "type": "string" + }, + "fixes": { + "items": { + "$ref": "#/$defs/Fix" + }, + "type": "array" + }, + "occurrenceCount": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "message" + ] + }, + "Run": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "tool": { + "$ref": "#/$defs/Tool" + }, + "invocations": { + "items": { + "$ref": "#/$defs/Invocation" + }, + "type": "array" + }, + "artifacts": { + "items": { + "$ref": "#/$defs/Artifact" + }, + "type": "array" + }, + "results": { + "items": { + "$ref": "#/$defs/Result" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tool", + "results" + ] + }, + "Suppression": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "kind": { + "type": "string" + }, + "status": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Location" + }, + "guid": { + "type": "string" + }, + "justification": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "status", + "location", + "guid", + "justification" + ] + }, + "Tool": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "driver": { + "$ref": "#/$defs/ToolComponent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ] + }, + "ToolComponent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "informationUri": { + "type": "string" + }, + "notifications": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "rules": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "informationUri" + ] + }, + "ToolComponentReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "index", + "guid" + ] + } + } +}``` From 5807ce8b75a9f00ce2e06a87bc412dbb673450ad Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 9 May 2024 18:21:45 +0100 Subject: [PATCH 12/21] changing schemas Signed-off-by: chaosinthecrd --- docs/attestors/git.json | 6 ++++++ docs/attestors/git.md | 6 ++++++ docs/attestors/jwt.json | 14 +++++++++++++- docs/attestors/jwt.md | 14 +++++++++++++- docs/commands.md | 12 ++++++------ go.mod | 2 ++ 6 files changed, 46 insertions(+), 8 deletions(-) diff --git a/docs/attestors/git.json b/docs/attestors/git.json index 60949efc..ae8acfc4 100644 --- a/docs/attestors/git.json +++ b/docs/attestors/git.json @@ -52,6 +52,12 @@ }, "type": "array" }, + "remotes": { + "items": { + "type": "string" + }, + "type": "array" + }, "tags": { "items": { "$ref": "#/$defs/Tag" diff --git a/docs/attestors/git.md b/docs/attestors/git.md index a7a10ce2..af5922b2 100644 --- a/docs/attestors/git.md +++ b/docs/attestors/git.md @@ -64,6 +64,12 @@ The attestor returns the SHA1 ([Secure Hash Algorithm 1](https://en.wikipedia.or }, "type": "array" }, + "remotes": { + "items": { + "type": "string" + }, + "type": "array" + }, "tags": { "items": { "$ref": "#/$defs/Tag" diff --git a/docs/attestors/jwt.json b/docs/attestors/jwt.json index 15e6e211..0f8a9e79 100644 --- a/docs/attestors/jwt.json +++ b/docs/attestors/jwt.json @@ -237,6 +237,12 @@ "$ref": "#/$defs/ObjectIdentifier" }, "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" } }, "additionalProperties": false, @@ -285,7 +291,8 @@ "PermittedURIDomains", "ExcludedURIDomains", "CRLDistributionPoints", - "PolicyIdentifiers" + "PolicyIdentifiers", + "Policies" ] }, "Extension": { @@ -458,6 +465,11 @@ "ExtraNames" ] }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, "ObjectIdentifier": { "items": { "type": "integer" diff --git a/docs/attestors/jwt.md b/docs/attestors/jwt.md index 7e8c55e1..c14e0604 100644 --- a/docs/attestors/jwt.md +++ b/docs/attestors/jwt.md @@ -244,6 +244,12 @@ claims of the JWT. The JWK that was used to verify the JWT is also recorded. "$ref": "#/$defs/ObjectIdentifier" }, "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" } }, "additionalProperties": false, @@ -292,7 +298,8 @@ claims of the JWT. The JWK that was used to verify the JWT is also recorded. "PermittedURIDomains", "ExcludedURIDomains", "CRLDistributionPoints", - "PolicyIdentifiers" + "PolicyIdentifiers", + "Policies" ] }, "Extension": { @@ -465,6 +472,11 @@ claims of the JWT. The JWK that was used to verify the JWT is also recorded. "ExtraNames" ] }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, "ObjectIdentifier": { "items": { "type": "integer" diff --git a/docs/commands.md b/docs/commands.md index 9964e5b6..c44cbc32 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -4,15 +4,11 @@ This is the reference for the Witness command line tool, generated by [Cobra](ht ## witness attestors -List all available attestors +Get information about available attestors ### Synopsis -Lists all the available attestors in Witness with supporting information - -``` -witness attestors [flags] -``` +Get information about all the available attestors in Witness ### Options @@ -30,6 +26,8 @@ witness attestors [flags] ### SEE ALSO * [witness](witness.md) - Collect and verify attestations about your build environments +* [witness attestors list](witness_attestors_list.md) - List all available attestors +* [witness attestors schema](witness_attestors_schema.md) - Show the JSON schema of a specific attestor ## witness run @@ -44,9 +42,11 @@ witness run [cmd] [flags] ``` --archivista-server string URL of the Archivista server to store or retrieve attestations (default "https://archivista.testifysec.io") -a, --attestations strings Attestations to record ('product' and 'material' are always recorded) (default [environment,git]) + --attestor-link-export Export the Link predicate in its own attestation --attestor-maven-pom-path string The path to the Project Object Model (POM) XML file used for task being attested (default "pom.xml"). (default "pom.xml") --attestor-product-exclude-glob string Pattern to use when recording products. Files that match this pattern will be excluded as subjects on the attestation. --attestor-product-include-glob string Pattern to use when recording products. Files that match this pattern will be included as subjects on the attestation. (default "*") + --attestor-slsa-export Export the SLSA provenance predicate in its own attestation --enable-archivista Use Archivista to store or retrieve attestations --hashes strings Hashes selected for digest calculation. Defaults to SHA256 (default [sha256]) -h, --help help for run diff --git a/go.mod b/go.mod index cdb378d0..1bc6ab01 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,8 @@ go 1.22.0 toolchain go1.22.2 +replace github.com/in-toto/go-witness => ../go-witness + require ( github.com/in-toto/go-witness v0.3.1 github.com/olekukonko/tablewriter v0.0.5 From 55917efe2069f740412069a9429c420202ce086f Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Thu, 9 May 2024 18:22:30 +0100 Subject: [PATCH 13/21] adding schema for link, policyverify, slsa Signed-off-by: chaosinthecrd --- docs/attestors/link.json | 88 +++++++++++++++++ docs/attestors/link.md | 93 +++++++++++++++++ docs/attestors/policyverify.json | 73 ++++++++++++++ docs/attestors/policyverify.md | 80 +++++++++++++++ docs/attestors/slsa.json | 160 ++++++++++++++++++++++++++++++ docs/attestors/slsa.md | 165 +++++++++++++++++++++++++++++++ 6 files changed, 659 insertions(+) create mode 100644 docs/attestors/link.json create mode 100644 docs/attestors/link.md create mode 100644 docs/attestors/policyverify.json create mode 100644 docs/attestors/policyverify.md create mode 100644 docs/attestors/slsa.json create mode 100644 docs/attestors/slsa.md diff --git a/docs/attestors/link.json b/docs/attestors/link.json new file mode 100644 index 00000000..2279bd21 --- /dev/null +++ b/docs/attestors/link.json @@ -0,0 +1,88 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link", + "$ref": "#/$defs/Link", + "$defs": { + "Link": { + "properties": { + "name": { + "type": "string" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "materials": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "byproducts": { + "$ref": "#/$defs/Struct" + }, + "environment": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/link.md b/docs/attestors/link.md new file mode 100644 index 00000000..9ed13e23 --- /dev/null +++ b/docs/attestors/link.md @@ -0,0 +1,93 @@ +# Link Attestor + +The Link Attestor generates an [in-toto Link attestation](https://in-toto.readthedocs.io/en/latest/in-toto-spec.html#link) for the step that it is invoked on. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link", + "$ref": "#/$defs/Link", + "$defs": { + "Link": { + "properties": { + "name": { + "type": "string" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "materials": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "byproducts": { + "$ref": "#/$defs/Struct" + }, + "environment": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +}``` diff --git a/docs/attestors/policyverify.json b/docs/attestors/policyverify.json new file mode 100644 index 00000000..45cdcd35 --- /dev/null +++ b/docs/attestors/policyverify.json @@ -0,0 +1,73 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "verifier": { + "$ref": "#/$defs/Verifier" + }, + "timeVerified": { + "type": "string", + "format": "date-time" + }, + "policy": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "inputAttestations": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "verificationResult": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "verifier", + "timeVerified", + "policy", + "inputAttestations", + "verificationResult" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "uri": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "uri", + "digest" + ] + }, + "Verifier": { + "properties": { + "id": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/policyverify.md b/docs/attestors/policyverify.md new file mode 100644 index 00000000..b22b65f5 --- /dev/null +++ b/docs/attestors/policyverify.md @@ -0,0 +1,80 @@ +# Policy Verify (Verification Summary) Attestor + +The Policy Verify Attestor generates a [verification summary attestation](https://slsa.dev/spec/v1.0/verification_summary) for `witness verify` invocations, providing information about the verification that took place. + +**NOTE:** This attestor cannot be used during `witness run` (e.g., `witness run --attestors policyverify`). + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "verifier": { + "$ref": "#/$defs/Verifier" + }, + "timeVerified": { + "type": "string", + "format": "date-time" + }, + "policy": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "inputAttestations": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "verificationResult": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "verifier", + "timeVerified", + "policy", + "inputAttestations", + "verificationResult" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "uri": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "uri", + "digest" + ] + }, + "Verifier": { + "properties": { + "id": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id" + ] + } + } +}``` diff --git a/docs/attestors/slsa.json b/docs/attestors/slsa.json new file mode 100644 index 00000000..f9900612 --- /dev/null +++ b/docs/attestors/slsa.json @@ -0,0 +1,160 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/provenance/v1/provenance", + "$ref": "#/$defs/Provenance", + "$defs": { + "BuildDefinition": { + "properties": { + "build_type": { + "type": "string" + }, + "external_parameters": { + "$ref": "#/$defs/Struct" + }, + "internal_parameters": { + "$ref": "#/$defs/Struct" + }, + "resolved_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "BuildMetadata": { + "properties": { + "invocation_id": { + "type": "string" + }, + "started_on": { + "$ref": "#/$defs/Timestamp" + }, + "finished_on": { + "$ref": "#/$defs/Timestamp" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Builder": { + "properties": { + "id": { + "type": "string" + }, + "version": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "builder_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Provenance": { + "properties": { + "build_definition": { + "$ref": "#/$defs/BuildDefinition" + }, + "run_details": { + "$ref": "#/$defs/RunDetails" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RunDetails": { + "properties": { + "builder": { + "$ref": "#/$defs/Builder" + }, + "metadata": { + "$ref": "#/$defs/BuildMetadata" + }, + "byproducts": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Timestamp": { + "properties": { + "seconds": { + "type": "integer" + }, + "nanos": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +} + \ No newline at end of file diff --git a/docs/attestors/slsa.md b/docs/attestors/slsa.md new file mode 100644 index 00000000..7e60b36b --- /dev/null +++ b/docs/attestors/slsa.md @@ -0,0 +1,165 @@ +# SLSA Attestor + +The SLSA Attestor generates a [SLSA Provenance](https://slsa.dev/spec/v1.0/provenance) attestation for the step that it is invoked on. + +## Schema +```json +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/provenance/v1/provenance", + "$ref": "#/$defs/Provenance", + "$defs": { + "BuildDefinition": { + "properties": { + "build_type": { + "type": "string" + }, + "external_parameters": { + "$ref": "#/$defs/Struct" + }, + "internal_parameters": { + "$ref": "#/$defs/Struct" + }, + "resolved_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "BuildMetadata": { + "properties": { + "invocation_id": { + "type": "string" + }, + "started_on": { + "$ref": "#/$defs/Timestamp" + }, + "finished_on": { + "$ref": "#/$defs/Timestamp" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Builder": { + "properties": { + "id": { + "type": "string" + }, + "version": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "builder_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Provenance": { + "properties": { + "build_definition": { + "$ref": "#/$defs/BuildDefinition" + }, + "run_details": { + "$ref": "#/$defs/RunDetails" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RunDetails": { + "properties": { + "builder": { + "$ref": "#/$defs/Builder" + }, + "metadata": { + "$ref": "#/$defs/BuildMetadata" + }, + "byproducts": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Timestamp": { + "properties": { + "seconds": { + "type": "integer" + }, + "nanos": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +}``` From ce45f1f143e2b3fa037a5f01410c681e7f2f9ce3 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 10 May 2024 09:30:34 +0100 Subject: [PATCH 14/21] weird I thought I did this yesterday Signed-off-by: chaosinthecrd --- docgen/docs.go | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/docgen/docs.go b/docgen/docs.go index 12041c68..93097df2 100644 --- a/docgen/docs.go +++ b/docgen/docs.go @@ -27,20 +27,7 @@ import ( "github.com/spf13/cobra/doc" "github.com/in-toto/go-witness/attestation" - // this feels like an annoying way of importing them as it will need edited for each attestor added - _ "github.com/in-toto/go-witness/attestation/aws-iid" - _ "github.com/in-toto/go-witness/attestation/commandrun" - _ "github.com/in-toto/go-witness/attestation/environment" - _ "github.com/in-toto/go-witness/attestation/gcp-iit" - _ "github.com/in-toto/go-witness/attestation/git" - _ "github.com/in-toto/go-witness/attestation/github" - _ "github.com/in-toto/go-witness/attestation/gitlab" - _ "github.com/in-toto/go-witness/attestation/jwt" - _ "github.com/in-toto/go-witness/attestation/material" - _ "github.com/in-toto/go-witness/attestation/maven" - _ "github.com/in-toto/go-witness/attestation/oci" - _ "github.com/in-toto/go-witness/attestation/product" - _ "github.com/in-toto/go-witness/attestation/sarif" + _ "github.com/in-toto/witness" ) var directory string From d29c928a01231089e254d15035ad6473018bd3eb Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 10 May 2024 18:11:29 +0100 Subject: [PATCH 15/21] making final changes Signed-off-by: chaosinthecrd --- docgen/docs.go | 6 +- docs/attestors/gcp-iit.json | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/gcp-iit.md | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/github.json | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/github.md | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/gitlab.json | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/gitlab.md | 495 ++++++++++++++++++++++++++++++++++- docs/attestors/material.json | 23 +- docs/attestors/material.md | 23 +- docs/attestors/product.json | 37 ++- docs/attestors/product.md | 37 ++- go.mod | 12 +- go.sum | 31 ++- 13 files changed, 3100 insertions(+), 39 deletions(-) diff --git a/docgen/docs.go b/docgen/docs.go index 93097df2..d79d63c0 100644 --- a/docgen/docs.go +++ b/docgen/docs.go @@ -26,8 +26,8 @@ import ( "github.com/in-toto/witness/cmd" "github.com/spf13/cobra/doc" + _ "github.com/in-toto/go-witness" "github.com/in-toto/go-witness/attestation" - _ "github.com/in-toto/witness" ) var directory string @@ -84,12 +84,12 @@ func main() { schemaContent := "## Schema" + "\n```json\n" + indented.String() + "```\n" os.WriteFile(fmt.Sprintf("%s/attestors/%s.json", directory, att.Name()), []byte(indented.String()+"\n "), 0644) + log.Printf("Schema for %s written to %s/attestors/%s.json\n", att.Name(), directory, att.Name()) f, err := os.ReadFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name())) if err != nil { fmt.Println("Error reading file:", err) os.Exit(1) } - log.Println(string(f)) // Find the index of "## Schema" string index := strings.Index(string(f), "## Schema") @@ -115,5 +115,7 @@ func main() { os.Exit(1) } + log.Printf("Schema for %s written to %s/attestors/%s.md\n", att.Name(), directory, att.Name()) + } } diff --git a/docs/attestors/gcp-iit.json b/docs/attestors/gcp-iit.json index 2561ba03..5e277278 100644 --- a/docs/attestors/gcp-iit.json +++ b/docs/attestors/gcp-iit.json @@ -5,7 +5,500 @@ "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "project_id": { "type": "string" diff --git a/docs/attestors/gcp-iit.md b/docs/attestors/gcp-iit.md index 60bca307..ba228bc3 100644 --- a/docs/attestors/gcp-iit.md +++ b/docs/attestors/gcp-iit.md @@ -23,7 +23,500 @@ against Google's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/j "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "project_id": { "type": "string" diff --git a/docs/attestors/github.json b/docs/attestors/github.json index f85ab6e3..2c21a352 100644 --- a/docs/attestors/github.json +++ b/docs/attestors/github.json @@ -5,7 +5,500 @@ "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "ciconfigpath": { "type": "string" diff --git a/docs/attestors/github.md b/docs/attestors/github.md index a532c95c..1da80a3b 100644 --- a/docs/attestors/github.md +++ b/docs/attestors/github.md @@ -18,7 +18,500 @@ The [Github](https://github.com/about) Attestor records information about the [G "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "ciconfigpath": { "type": "string" diff --git a/docs/attestors/gitlab.json b/docs/attestors/gitlab.json index ebdf3563..373bb3c4 100644 --- a/docs/attestors/gitlab.json +++ b/docs/attestors/gitlab.json @@ -5,7 +5,500 @@ "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "ciconfigpath": { "type": "string" diff --git a/docs/attestors/gitlab.md b/docs/attestors/gitlab.md index 1005d1e1..f6c289e7 100644 --- a/docs/attestors/gitlab.md +++ b/docs/attestors/gitlab.md @@ -21,7 +21,500 @@ instance's JWKS ([JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-we "Attestor": { "properties": { "jwt": { - "$ref": "#/$defs/Attestor" + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "Policies": { + "items": { + "$ref": "#/$defs/OID" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers", + "Policies" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "OID": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } }, "ciconfigpath": { "type": "string" diff --git a/docs/attestors/material.json b/docs/attestors/material.json index a3a06f4a..5edcff17 100644 --- a/docs/attestors/material.json +++ b/docs/attestors/material.json @@ -1,12 +1,25 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$ref": "#/$defs/Attestor", "$defs": { - "Attestor": { - "properties": {}, - "additionalProperties": false, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, "type": "object" } - } + }, + "properties": { + "Materials": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Materials" + ] } \ No newline at end of file diff --git a/docs/attestors/material.md b/docs/attestors/material.md index d2afb7d5..be2abddf 100644 --- a/docs/attestors/material.md +++ b/docs/attestors/material.md @@ -8,12 +8,25 @@ of all files before any changes are made by a command. ```json { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$ref": "#/$defs/Attestor", "$defs": { - "Attestor": { - "properties": {}, - "additionalProperties": false, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, "type": "object" } - } + }, + "properties": { + "Materials": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Materials" + ] }``` diff --git a/docs/attestors/product.json b/docs/attestors/product.json index a3a06f4a..8a3b18f9 100644 --- a/docs/attestors/product.json +++ b/docs/attestors/product.json @@ -1,12 +1,41 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$ref": "#/$defs/Attestor", "$defs": { - "Attestor": { - "properties": {}, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Product": { + "properties": { + "mime_type": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, "additionalProperties": false, + "type": "object", + "required": [ + "mime_type", + "digest" + ] + } + }, + "properties": { + "Products": { + "additionalProperties": { + "$ref": "#/$defs/Product" + }, "type": "object" } - } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Products" + ] } \ No newline at end of file diff --git a/docs/attestors/product.md b/docs/attestors/product.md index 9bdbf393..afb4acd2 100644 --- a/docs/attestors/product.md +++ b/docs/attestors/product.md @@ -10,12 +10,41 @@ All subjects are reported as subjects. ```json { "$schema": "https://json-schema.org/draft/2020-12/schema", - "$ref": "#/$defs/Attestor", "$defs": { - "Attestor": { - "properties": {}, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Product": { + "properties": { + "mime_type": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, "additionalProperties": false, + "type": "object", + "required": [ + "mime_type", + "digest" + ] + } + }, + "properties": { + "Products": { + "additionalProperties": { + "$ref": "#/$defs/Product" + }, "type": "object" } - } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Products" + ] }``` diff --git a/go.mod b/go.mod index 1bc6ab01..04fd375b 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/buger/jsonparser v1.1.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect @@ -89,13 +91,16 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect github.com/in-toto/archivista v0.4.0 // indirect + github.com/in-toto/attestation v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/invopop/jsonschema v0.12.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect github.com/magiconair/properties v1.8.7 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -127,6 +132,7 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect @@ -141,15 +147,15 @@ require ( go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect - golang.org/x/mod v0.15.0 // indirect + golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect + golang.org/x/mod v0.16.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/tools v0.19.0 // indirect google.golang.org/api v0.177.0 // indirect google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect diff --git a/go.sum b/go.sum index f07de58a..8ef17f8a 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,12 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -208,10 +212,12 @@ github.com/hashicorp/hcl v1.0.1-vault-3 h1:V95v5KSTu6DB5huDSKiq4uAfILEuNigK/+qPE github.com/hashicorp/hcl v1.0.1-vault-3/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0p4I= github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8= -github.com/in-toto/go-witness v0.3.1 h1:Z2GSjGJ0o6FZ+mySSnz+Gc7JQ160/O5eeihMIpiTz8U= -github.com/in-toto/go-witness v0.3.1/go.mod h1:xPxYQ+G37T+tHqW460iGAgdpF6c2EnUZiQJj+PFqxFY= +github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+uI3WY= +github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -222,6 +228,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -241,6 +248,8 @@ github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01Ff github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= @@ -348,6 +357,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -394,8 +405,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk= -go.step.sm/crypto v0.44.2/go.mod h1:x1439EnFhadzhkuaGX7sz03LEMQ+jV4gRamf5LCZJQQ= +go.step.sm/crypto v0.44.8 h1:jDSHL6FdB1UTA0d56ECNx9XtLVkewzeg38Vy3HWB3N8= +go.step.sm/crypto v0.44.8/go.mod h1:QEmu4T9YewrDuaJnrV1I0zWZ15aJ/mqRUfL5w3R2WgU= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= @@ -411,8 +422,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= -golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw= +golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -420,8 +431,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= +golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -507,8 +518,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= +golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From dca71ac486567ba4afa82f4ab69dd987489dbfc4 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Fri, 10 May 2024 18:11:50 +0100 Subject: [PATCH 16/21] removed replcae Signed-off-by: chaosinthecrd --- go.mod | 8 -------- go.sum | 19 ++++--------------- 2 files changed, 4 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index 04fd375b..b09b3445 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,6 @@ go 1.22.0 toolchain go1.22.2 -replace github.com/in-toto/go-witness => ../go-witness - require ( github.com/in-toto/go-witness v0.3.1 github.com/olekukonko/tablewriter v0.0.5 @@ -55,9 +53,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect - github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/buger/jsonparser v1.1.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect @@ -91,16 +87,13 @@ require ( github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect github.com/hashicorp/hcl v1.0.1-vault-3 // indirect github.com/in-toto/archivista v0.4.0 // indirect - github.com/in-toto/attestation v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect - github.com/invopop/jsonschema v0.12.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -132,7 +125,6 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect - github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 8ef17f8a..012d5e6e 100644 --- a/go.sum +++ b/go.sum @@ -64,12 +64,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= -github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -212,12 +208,10 @@ github.com/hashicorp/hcl v1.0.1-vault-3 h1:V95v5KSTu6DB5huDSKiq4uAfILEuNigK/+qPE github.com/hashicorp/hcl v1.0.1-vault-3/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0p4I= github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8= -github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+uI3WY= -github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw= +github.com/in-toto/go-witness v0.3.1 h1:Z2GSjGJ0o6FZ+mySSnz+Gc7JQ160/O5eeihMIpiTz8U= +github.com/in-toto/go-witness v0.3.1/go.mod h1:xPxYQ+G37T+tHqW460iGAgdpF6c2EnUZiQJj+PFqxFY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= -github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -228,7 +222,6 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -248,8 +241,6 @@ github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01Ff github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= @@ -357,8 +348,6 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= -github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= @@ -405,8 +394,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.step.sm/crypto v0.44.8 h1:jDSHL6FdB1UTA0d56ECNx9XtLVkewzeg38Vy3HWB3N8= -go.step.sm/crypto v0.44.8/go.mod h1:QEmu4T9YewrDuaJnrV1I0zWZ15aJ/mqRUfL5w3R2WgU= +go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk= +go.step.sm/crypto v0.44.2/go.mod h1:x1439EnFhadzhkuaGX7sz03LEMQ+jV4gRamf5LCZJQQ= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= From ec0e91a6d83ede5c3b2c02e115b841579a63d5ac Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 13 May 2024 13:16:25 +0100 Subject: [PATCH 17/21] updating go mod to pin go-witness to recent merge Signed-off-by: chaosinthecrd --- go.mod | 7 ++++++- go.sum | 13 +++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 4af7873b..4beff78e 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.0 toolchain go1.22.2 require ( - github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0 + github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53 github.com/olekukonko/tablewriter v0.0.5 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 @@ -53,7 +53,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/buger/jsonparser v1.1.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect @@ -89,12 +91,14 @@ require ( github.com/in-toto/archivista v0.4.0 // indirect github.com/in-toto/attestation v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/invopop/jsonschema v0.12.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect github.com/magiconair/properties v1.8.7 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -126,6 +130,7 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 3259eb9f..da3e0637 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,12 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -212,8 +216,12 @@ github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+u github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw= github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0 h1:8HhlzOFtPbF0dwHbR/IkJqMfMJb7U9oeNk+K1NCz4+Y= github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0/go.mod h1:inBxgdAup1od08yUYWEMdGVOIRy3hnPVRCkKrtBArTg= +github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53 h1:fzbV4Bs6iwsriN15ju3wbx62TQhp7lYCZ2UdpmfKFS8= +github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53/go.mod h1:c5GaQylUaNE7qbFXZy8Oc3j8Zou+iGyAaWwqGQzOlS0= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -224,6 +232,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -243,6 +252,8 @@ github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01Ff github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= @@ -350,6 +361,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= From 858b8f25a78e47fc6c7b014577f52583b122bf77 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 13 May 2024 13:19:31 +0100 Subject: [PATCH 18/21] updating go mod Signed-off-by: chaosinthecrd --- go.mod | 7 ++++++- go.sum | 15 +++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4af7873b..4beff78e 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.22.0 toolchain go1.22.2 require ( - github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0 + github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53 github.com/olekukonko/tablewriter v0.0.5 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 @@ -53,7 +53,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/buger/jsonparser v1.1.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect @@ -89,12 +91,14 @@ require ( github.com/in-toto/archivista v0.4.0 // indirect github.com/in-toto/attestation v1.0.1 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/invopop/jsonschema v0.12.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/jellydator/ttlcache/v3 v3.2.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect github.com/magiconair/properties v1.8.7 // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -126,6 +130,7 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect diff --git a/go.sum b/go.sum index 3259eb9f..4421380d 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,12 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -210,10 +214,12 @@ github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0 github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8= github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+uI3WY= github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw= -github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0 h1:8HhlzOFtPbF0dwHbR/IkJqMfMJb7U9oeNk+K1NCz4+Y= -github.com/in-toto/go-witness v0.3.2-0.20240509152614-87975b4168e0/go.mod h1:inBxgdAup1od08yUYWEMdGVOIRy3hnPVRCkKrtBArTg= +github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53 h1:fzbV4Bs6iwsriN15ju3wbx62TQhp7lYCZ2UdpmfKFS8= +github.com/in-toto/go-witness v0.3.2-0.20240510181827-f346f85d8c53/go.mod h1:c5GaQylUaNE7qbFXZy8Oc3j8Zou+iGyAaWwqGQzOlS0= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -224,6 +230,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -243,6 +250,8 @@ github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01Ff github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= @@ -350,6 +359,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= From 35b3f14d72021c6f16e56b873bfb09550a330e7d Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 13 May 2024 13:34:54 +0100 Subject: [PATCH 19/21] updating verify.sh for docgen Signed-off-by: chaosinthecrd --- docgen/verify.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docgen/verify.sh b/docgen/verify.sh index 8943a1e9..0d7874e7 100755 --- a/docgen/verify.sh +++ b/docgen/verify.sh @@ -20,6 +20,10 @@ set -e tmpdir=$(mktemp -d) tmpdir2=$(mktemp -d) cp docs/commands.md "$tmpdir2/" +mkdir "$tmpdir2/attestors" +mkdir "$tmpdir/attestors" +cp docs/attestors/* "$tmpdir2/attestors/" +cp docs/attestors/*.md "$tmpdir/attestors/" go run ./docgen --dir "$tmpdir" echo "###########################################" echo "If diffs are found, run: make docgen" From 96754f50c279f8ed87ff636d3bfcc390768c2b62 Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 13 May 2024 14:17:04 +0100 Subject: [PATCH 20/21] missed err handle Signed-off-by: chaosinthecrd --- docgen/docs.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docgen/docs.go b/docgen/docs.go index d79d63c0..80a1c0a1 100644 --- a/docgen/docs.go +++ b/docgen/docs.go @@ -83,7 +83,11 @@ func main() { } schemaContent := "## Schema" + "\n```json\n" + indented.String() + "```\n" - os.WriteFile(fmt.Sprintf("%s/attestors/%s.json", directory, att.Name()), []byte(indented.String()+"\n "), 0644) + err = os.WriteFile(fmt.Sprintf("%s/attestors/%s.json", directory, att.Name()), []byte(indented.String()+"\n "), 0644) + if err != nil { + fmt.Println("Error writing to file:", err) + os.Exit(1) + } log.Printf("Schema for %s written to %s/attestors/%s.json\n", att.Name(), directory, att.Name()) f, err := os.ReadFile(fmt.Sprintf("%s/attestors/%s.md", directory, att.Name())) if err != nil { From b419b8e072a6d12e32ababe071551e1b85139edc Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 13 May 2024 14:26:02 +0100 Subject: [PATCH 21/21] fixing linter Signed-off-by: chaosinthecrd --- cmd/verify.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/verify.go b/cmd/verify.go index 8f1dbf42..28d06461 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -80,7 +80,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions, verifiers ...crypt return fmt.Errorf("must supply either a public key, CA certificates or a verifier") } - if vo.ArchivistaOptions.Enable == false && len(vo.AttestationFilePaths) == 0 { + if !vo.ArchivistaOptions.Enable && len(vo.AttestationFilePaths) == 0 { return fmt.Errorf("must either specify attestation file paths or enable archivista as an attestation source") }