From 6020532c1dae0b16c6854bf68566dfc4a9a2a4df Mon Sep 17 00:00:00 2001 From: Hayden B Date: Wed, 20 Dec 2023 08:22:41 -0800 Subject: [PATCH] Fix panic for DSSE canonicalization (#1923) Handles if the array of signatures contains missing data. Signed-off-by: Hayden Blauzvern --- pkg/types/dsse/v0.0.1/entry.go | 6 ++++++ pkg/types/dsse/v0.0.1/entry_test.go | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/pkg/types/dsse/v0.0.1/entry.go b/pkg/types/dsse/v0.0.1/entry.go index fb62a22f5..7d4c1f1e6 100644 --- a/pkg/types/dsse/v0.0.1/entry.go +++ b/pkg/types/dsse/v0.0.1/entry.go @@ -276,6 +276,12 @@ func (v *V001Entry) Canonicalize(_ context.Context) ([]byte, error) { ProposedContent: nil, // this is explicitly done as we don't want to canonicalize the envelope } + for _, s := range canonicalEntry.Signatures { + if s.Signature == nil { + return nil, errors.New("canonical entry missing required signature") + } + } + sort.Slice(canonicalEntry.Signatures, func(i, j int) bool { return *canonicalEntry.Signatures[i].Signature < *canonicalEntry.Signatures[j].Signature }) diff --git a/pkg/types/dsse/v0.0.1/entry_test.go b/pkg/types/dsse/v0.0.1/entry_test.go index 77cfe66ea..61ca3ffe3 100644 --- a/pkg/types/dsse/v0.0.1/entry_test.go +++ b/pkg/types/dsse/v0.0.1/entry_test.go @@ -529,3 +529,12 @@ func TestInsertable(t *testing.T) { }) } } + +func TestCanonicalizeHandlesInvalidInput(t *testing.T) { + v := &V001Entry{} + v.DSSEObj.Signatures = []*models.DSSEV001SchemaSignaturesItems0{{Signature: nil}, {Signature: nil}} + _, err := v.Canonicalize(context.TODO()) + if err == nil { + t.Fatalf("expected error canonicalizing invalid input") + } +}