feat(materials): Add support for CSAF 2.0 and 2.1 schemas and remaining CSAF_* materials #749
Conversation
internal/attestation/crafter/materials/csaf_security_indicent_response.go
Outdated
Show resolved
Hide resolved
javirln
changed the title
javirln
changed the title
javirln
changed the title
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
javirln
changed the title
|
On another note, let's not forget to document these new material types in the readme and the docs before release. Probably better in another patch, thanks! |
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
internal/attestation/crafter/materials/testdata/csaf_security_advisory.json
Show resolved
Hide resolved
Signed-off-by: Javier Rodriguez <[email protected]>
Signed-off-by: Javier Rodriguez <[email protected]>
| } | ||
|
|
||
| // Validate the CSAF file against the specified category. | ||
| document, docExists := v.(map[string]interface{})["document"] |
There was a problem hiding this comment.
it would have been more clear if we use a custom struct with only the document and category objects.
There was a problem hiding this comment.
hmm but the custom struct won't have the remaining fields to be passed down to the validator no? Maybe I'm missing something :/
There was a problem hiding this comment.
it will not, that's why I mentioned doing this validation after the other one. You might require another marshall process though.
Anyways, not a big deal, feel free to merge it :)
|
|
||
| // Validate the CSAF file against the specified category. | ||
| document, docExists := v.(map[string]interface{})["document"] | ||
| if docExists { |
There was a problem hiding this comment.
if you use a custom struct I do not think you would have needed to do all these if checks and castings.
| documentMap, docMapOk := document.(map[string]interface{}) | ||
| category, categoryExists := documentMap["category"].(string) | ||
|
|
||
| if docMapOk && categoryExists && category != "" && category != i.category { |
There was a problem hiding this comment.
I'd have done this validation after you do the base validation, that way you can guarantee that it's a base doc, and then use a custom struct to do a custom validation.
Does it make sense?
| } | ||
|
|
||
| // Validate the CSAF file against the specified category. | ||
| document, docExists := v.(map[string]interface{})["document"] |
There was a problem hiding this comment.
it will not, that's why I mentioned doing this validation after the other one. You might require another marshall process though.
Anyways, not a big deal, feel free to merge it :)
Signed-off-by: Javier Rodriguez <[email protected]>
This pull request builds upon the changes introduced in PR #751 to implement CSAF version 2.0 and 2.1 support within Chainloop. This update incorporates three new CSAF Chainloop materials, expanding upon the existing CSAF VEX profile:
This implementation adheres to the CSAF 2.0 and 2.1 JSON schema verification standards, accessible here. Furthermore, it refactors the
CSAFVEXCrafterto a more generalizedCSAFCrafter, aligning with the JSON specification 2.0 and 2.1.With this update, Chainloop contracts can now process the newly introduced materials, ensuring validation against the schema. Notably, there is no requirement to specify the
csaf_versionwithin the file, as Chainloop dynamically determines the appropriate schema for validation.References: #635
This update enhances the versatility and compatibility of Chainloop with the latest CSAF standards.