Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error message when using invalid trust policy is not user friendly #462

Closed
jeremyrickard opened this issue Dec 2, 2022 · 3 comments
Closed

Error message when using invalid trust policy is not user friendly #462

jeremyrickard opened this issue Dec 2, 2022 · 3 comments
Assignees
@patrickzheng200
Labels
bug Something isn't working triage Need to triage
Milestone
RC-2

Comments

@jeremyrickard
Copy link
Contributor

What is the areas you experience the issue in?

Notation CLI

What is not working as expected?

I created a trust policy like:

{
    "version": "1.0",
    "trustPolicies": [
        {
            "name": "upstream",
            "registryScopes": [ "*" ],
            "signatureVerification": {
                "level" : "strict"
            },
            "trustStores": [ "blah" ],
            "trustedIdentities": [
                "*"
            ]
        }
    ]
}

After attempting to verify an image with this policy, I encountered the following error:

$ notation verify <image>
panic: runtime error: slice bounds out of range [:-1]

goroutine 1 [running]:
github.com/notaryproject/notation-go/verification.validateTrustStore({{0xc0003953a8, 0x8}, {0xc000032a00, 0x1, 0x4}, {{0xc0003953c0, 0x6}, 0x0}, {0xc000032a80, 0x1, ...}, ...})
        /home/runner/go/pkg/mod/github.com/notaryproject/[email protected]/verification/policy.go:135 +0x1d2
github.com/notaryproject/notation-go/verification.(*PolicyDocument).ValidatePolicyDocument(0xc0005b3050)
        /home/runner/go/pkg/mod/github.com/notaryproject/[email protected]/verification/policy.go:185 +0x418
github.com/notaryproject/notation-go/verification.NewVerifier({0x92cdc0?, 0xc0005b4180})
        /home/runner/go/pkg/mod/github.com/notaryproject/[email protected]/verification/verifier.go:34 +0x53
main.getVerifier(0xc0002e4900?, {{0x7ffdc0036943, 0x13}, {0x7ffdc0036957, 0xf}, {0xc0003801e1, 0x47}})
        /home/runner/work/notation/notation/cmd/notation/verify.go:82 +0x13a
main.runVerify(0xc0002e4900, 0xc00007a1e0)
        /home/runner/work/notation/notation/cmd/notation/verify.go:55 +0xcf
main.verifyCommand.func2(0xc0002e4900?, {0xc0003bc9e0?, 0x1?, 0x1?})
        /home/runner/work/notation/notation/cmd/notation/verify.go:39 +0x1d
github.com/spf13/cobra.(*Command).execute(0xc0002e4900, {0xc0003bc9b0, 0x1, 0x1})
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:916 +0x862
github.com/spf13/cobra.(*Command).ExecuteC(0xc0002e4300)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1044 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:968
main.main()
        /home/runner/work/notation/notation/cmd/notation/main.go:27 +0x176

The error was caused by not having the trust store in the form "ca:blah". This error message is extremely unfriendly and the notation client should do more validation of the trust policy to provide a better user experience. I figured out my issue by reading the notation-go code, which should not be required.

What did you expect to happen?

An informative error message would be provided.

How can we reproduce it?

Create a trust policy like the example above

Describe your environment

WSL + Windows 11

What is the version of your Notation CLI or Notation Library?

notation version
Notation: Notary v2, A tool to sign, store, and verify artifacts.

Version: 0.12.0-beta.1
Go version: go1.19.2
Git commit: 965a0b7
@jeremyrickard jeremyrickard added bug Something isn't working triage Need to triage labels Dec 2, 2022
@yizha1
Copy link
Contributor

yizha1 commented Dec 5, 2022

@jeremyrickard Thanks for reporting the issue. we did some improvements on output messages in upcoming rc.1 release. Besides that, new options --debug and --verbose will be added in rc.1 for notation sign and notation verify command, so that user can view more logs for information and troubleshooting.

@patrickzheng200 patrickzheng200 added this to the RC-2 milestone Dec 14, 2022
@patrickzheng200
Copy link
Contributor

patrickzheng200 commented Dec 19, 2022
edited
Loading

This issue is resolved in the RC-1 version. And the error message will be improved in RC-2 by this PR in notation-go.

@patrickzheng200 patrickzheng200 mentioned this issue Dec 19, 2022
Merged
priteshbandi pushed a commit to notaryproject/notation-go that referenced this issue Dec 20, 2022
@Two-Hearts
update: logs and error messages (#235)
6c88d3d 
This PR adds more logs to the library and improves error messages.

This PR intends to resolve following issues:
notaryproject/notation#462
notaryproject/notation#128 -> comments related
to trust policy

Signed-off-by: Patrick Zheng <[email protected]>
@patrickzheng200
Copy link
Contributor

Closing this issue as it's resolved.

Repository owner moved this from Todo to Done in Notary Project Planning Board Dec 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@patrickzheng200 patrickzheng200

Labels
bug Something isn't working triage Need to triage
Projects
Notary Project Planning Board
Status: Done
Milestone
RC-2
Development

No branches or pull requests
3 participants
@jeremyrickard @patrickzheng200 @yizha1