From afd7bcc0fe5934be61d2d1a819863a1f898572f1 Mon Sep 17 00:00:00 2001
From: Nick Miyake <nmiyake@palantir.com>
Date: Fri, 11 Mar 2022 10:23:54 -0800
Subject: [PATCH] Ensure that EnvelopeVerifier.Verify does not panic on nil
 envelope

Fixes #13
---
 dsse/verify.go      | 4 ++++
 dsse/verify_test.go | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/dsse/verify.go b/dsse/verify.go
index 16ba82c..423d991 100644
--- a/dsse/verify.go
+++ b/dsse/verify.go
@@ -32,6 +32,10 @@ type AcceptedKey struct {
 }
 
 func (ev *EnvelopeVerifier) Verify(e *Envelope) ([]AcceptedKey, error) {
+	if e == nil {
+		return nil, errors.New("cannot verify a nil envelope")
+	}
+
 	if len(e.Signatures) == 0 {
 		return nil, ErrNoSignature
 	}
diff --git a/dsse/verify_test.go b/dsse/verify_test.go
index 7c6d370..b01e887 100644
--- a/dsse/verify_test.go
+++ b/dsse/verify_test.go
@@ -8,6 +8,15 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
+func TestEnvelopeVerifier_Verify_HandlesNil(t *testing.T) {
+	verifier, err := NewEnvelopeVerifier(&mockVerifier{})
+	assert.NoError(t, err)
+
+	acceptedKeys, err := verifier.Verify(nil)
+	assert.Empty(t, acceptedKeys)
+	assert.EqualError(t, err, "cannot verify a nil envelope")
+}
+
 type mockVerifier struct {
 	returnErr error
 }