Fix panic for DSSE canonicalization (#1923)

haydentherapper · web-flow · commit 6020532c1dae · 2023-12-20T08:22:41.000-08:00
Handles if the array of signatures contains missing data.

Signed-off-by: Hayden Blauzvern &lt;hblauzvern@google.com&gt;
diff --git a/pkg/types/dsse/v0.0.1/entry.go b/pkg/types/dsse/v0.0.1/entry.go
@@ -276,6 +276,12 @@ func (v *V001Entry) Canonicalize(_ context.Context) ([]byte, error) {
 		ProposedContent: nil, // this is explicitly done as we don't want to canonicalize the envelope
 	}
 
+	for _, s := range canonicalEntry.Signatures {
+		if s.Signature == nil {
+			return nil, errors.New("canonical entry missing required signature")
+		}
+	}
+
 	sort.Slice(canonicalEntry.Signatures, func(i, j int) bool {
 		return *canonicalEntry.Signatures[i].Signature < *canonicalEntry.Signatures[j].Signature
 	})
diff --git a/pkg/types/dsse/v0.0.1/entry_test.go b/pkg/types/dsse/v0.0.1/entry_test.go
@@ -529,3 +529,12 @@ func TestInsertable(t *testing.T) {
 		})
 	}
 }
+
+func TestCanonicalizeHandlesInvalidInput(t *testing.T) {
+	v := &V001Entry{}
+	v.DSSEObj.Signatures = []*models.DSSEV001SchemaSignaturesItems0{{Signature: nil}, {Signature: nil}}
+	_, err := v.Canonicalize(context.TODO())
+	if err == nil {
+		t.Fatalf("expected error canonicalizing invalid input")
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -529,3 +529,12 @@ func TestInsertable(t *testing.T) {`
`529`	`529`	`})`
`530`	`530`	`}`
`531`	`531`	`}`
	`532`	`+`
	`533`	`+func TestCanonicalizeHandlesInvalidInput(t *testing.T) {`
	`534`	`+ v := &V001Entry{}`
	`535`	`+ v.DSSEObj.Signatures = []*models.DSSEV001SchemaSignaturesItems0{{Signature: nil}, {Signature: nil}}`
	`536`	`+ _, err := v.Canonicalize(context.TODO())`
	`537`	`+ if err == nil {`
	`538`	`+ t.Fatalf("expected error canonicalizing invalid input")`
	`539`	`+ }`
	`540`	`+}`