Skip to content

Commit

Permalink
fix: validate plugin version for ratify cli (#1604)
Browse files Browse the repository at this point in the history
Signed-off-by: Susan Shi <[email protected]>
  • Loading branch information
susanshi authored Jul 15, 2024
1 parent db07f8f commit b2535b9
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 3 deletions.
6 changes: 5 additions & 1 deletion pkg/verifier/factory/factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,11 @@ func CreateVerifierFromConfig(verifierConfig config.VerifierConfig, configVersio
return nil, re.ErrorCodePluginNotFound.NewError(re.Verifier, "", re.EmptyLink, err, "plugin not found", re.HideStackTrace)
}

return plugin.NewVerifier(configVersion, verifierConfig, pluginBinDir)
pluginVersion := configVersion
if value, ok := verifierConfig[types.Version]; ok {
pluginVersion = value.(string)
}
return plugin.NewVerifier(pluginVersion, verifierConfig, pluginBinDir)
}

// TODO pointer to avoid copy
Expand Down
5 changes: 3 additions & 2 deletions pkg/verifier/factory/factory_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,9 @@ func TestCreateVerifiersFromConfig_PluginVerifiers_ReturnsExpected(t *testing.T)
defer os.RemoveAll(dirPath)

verifierConfig := map[string]interface{}{
"name": "plugin-verifier-0",
"type": "sample",
"name": "plugin-verifier-0",
"type": "sample",
"version": "1.0.0",
}
verifiersConfig := config.VerifiersConfig{
Verifiers: []config.VerifierConfig{verifierConfig},
Expand Down
4 changes: 4 additions & 0 deletions test/bats/cli-test.bats
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,10 @@ load helpers
}

@test "sbom verifier test" {
# run with mismatch plugin version config should fail
run bin/ratify verify -c $RATIFY_DIR/sbom_version_mismatch.json -s $TEST_REGISTRY/sbom:v0
assert_cmd_verify_failure

# run with deny license config should fail
run bin/ratify verify -c $RATIFY_DIR/sbom_denylist_config_licensematch.json -s $TEST_REGISTRY/sbom:v0
assert_cmd_verify_failure
Expand Down
31 changes: 31 additions & 0 deletions test/bats/tests/config/sbom_version_mismatch.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"store": {
"version": "1.0.0",
"plugins": [
{
"name": "oras",
"useHttp": true
}
]
},
"policy": {
"version": "1.0.0",
"plugin": {
"name": "configPolicy",
"artifactVerificationPolicies": {
"application/spdx+json": "all"
}
}
},
"verifier": {
"version": "1.0.0",
"plugins": [
{
"version": "3.0.0",
"name": "sbom",
"artifactTypes": "application/spdx+json",
"disallowedLicenses": ["NOASSERTION"]
}
]
}
}

0 comments on commit b2535b9

Please sign in to comment.