Skip to content

Commit

Permalink
Improve mime-type detection, enable exporting attestations, and add t…
Browse files Browse the repository at this point in the history
…esting

Signed-off-by: John Kjell <[email protected]>
  • Loading branch information
jkjell committed Jun 8, 2024
1 parent cd4b5b4 commit 4e0e56e
Show file tree
Hide file tree
Showing 10 changed files with 8,583 additions and 84 deletions.
80 changes: 24 additions & 56 deletions attestation/product/product.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,8 @@ import (
"bytes"
"encoding/json"
"fmt"
"io"
"mime"
"net/http"
"os"
"path/filepath"

"github.com/gabriel-vasile/mimetype"
"github.com/gobwas/glob"
"github.com/in-toto/go-witness/attestation"
"github.com/in-toto/go-witness/attestation/file"
Expand Down Expand Up @@ -119,17 +115,14 @@ type Attestor struct {
compiledExcludeGlob glob.Glob
}

func fromDigestMap(digestMap map[string]cryptoutil.DigestSet) map[string]attestation.Product {
func fromDigestMap(workingDir string, digestMap map[string]cryptoutil.DigestSet) map[string]attestation.Product {
products := make(map[string]attestation.Product)
for fileName, digestSet := range digestMap {
mimeType := "unknown"

Check failure on line 121 in attestation/product/product.go

View workflow job for this annotation

GitHub Actions / lint

ineffectual assignment to mimeType (ineffassign)
f, err := os.OpenFile(fileName, os.O_RDONLY, 0666)
if err == nil {
mimeType, err = getFileContentType(f)
if err != nil {
mimeType = "unknown"
}
f.Close()
filePath := workingDir + fileName
mimeType, err := getFileContentType(filePath)
if err != nil {
mimeType = "unknown"
}

products[fileName] = attestation.Product{
Expand Down Expand Up @@ -193,7 +186,7 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error {
return err
}

a.products = fromDigestMap(products)
a.products = fromDigestMap(ctx.WorkingDir(), products)
return nil
}

Expand Down Expand Up @@ -232,51 +225,26 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet {
return subjects
}

func getFileContentType(file *os.File) (string, error) {
// Read up to 512 bytes from the file.
buffer := make([]byte, 512)
_, err := file.Read(buffer)
if err != nil && err != io.EOF {
return "", err
}
func getFileContentType(fileName string) (string, error) {
// Add SPDX JSON detector
mimetype.Lookup("application/json").Extend(func(buf []byte, limit uint32) bool {
return bytes.HasPrefix(buf, []byte(`{"spdxVersion": "SPDX-`))
}, "application/spdx+json", ".spdx.json")

// Try to detect the content type using http.DetectContentType().
contentType := http.DetectContentType(buffer)

// If the content type is application/octet-stream, try to detect the content type using a file signature.
if contentType == "application/octet-stream" {
contentType = detectFileSignature(buffer)
if contentType == "application/octet-stream" {
if extension := filepath.Ext(file.Name()); extension != "" {
contentType = mime.TypeByExtension(extension)
}
}
}
// Add CycloneDx JSON detector
mimetype.Lookup("application/json").Extend(func(buf []byte, limit uint32) bool {
return bytes.HasPrefix(buf, []byte(`{"$schema": "http://cyclonedx.org/schema/bom-`))
}, "application/vnd.cyclonedx+json", ".cdx.json")

return contentType, nil
}
// Add CycloneDx XML detector
mimetype.Lookup("text/xml").Extend(func(buf []byte, limit uint32) bool {
return bytes.HasPrefix(buf, []byte(`<?xml version="1.0" encoding="UTF-8"?><bom xmlns="http://cyclonedx.org/schema/bom/`))
}, "application/vnd.cyclonedx+xml", ".cdx.xml")

// detectFileSignature tries to match the file signature to a content type.
func detectFileSignature(buffer []byte) string {
// Create a new buffer with a length of 512 bytes and copy the data from the input buffer into the new buffer to prevent out of bounds errors.
newBuffer := make([]byte, 512)
copy(newBuffer, buffer)

var signature string
switch {
// https://en.wikipedia.org/wiki/List_of_file_signatures
case buffer[257] == 0x75 && buffer[258] == 0x73 && buffer[259] == 0x74 && buffer[260] == 0x61 && buffer[261] == 0x72:
signature = "application/x-tar"
case buffer[0] == 0x25 && buffer[1] == 0x50 && buffer[2] == 0x44 && buffer[3] == 0x46 && buffer[4] == 0x2D:
signature = "application/pdf"
case bytes.HasPrefix(buffer, []byte(`{"spdxVersion":"SPDX-`)):
signature = "application/spdx+json"
case bytes.HasPrefix(buffer, []byte(`{"$schema":"http://cyclonedx.org/schema/bom-`)):
signature = "application/vnd.cyclonedx+json"
default:
// If the file signature is not recognized, return application/octet-stream by default
signature = "application/octet-stream"
contentType, err := mimetype.DetectFile(fileName)
if err != nil {
return "", err
}

return signature
return contentType.String(), nil
}
4 changes: 2 additions & 2 deletions attestation/product/product_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ func TestFromDigestMap(t *testing.T) {
assert.NoError(t, err)
testDigestSet := make(map[string]cryptoutil.DigestSet)
testDigestSet["test"] = testDigest
result := fromDigestMap(testDigestSet)
result := fromDigestMap("", testDigestSet)
assert.Len(t, result, 1)
digest := result["test"].Digest
assert.True(t, digest.Equal(testDigest))
Expand Down Expand Up @@ -126,7 +126,7 @@ func TestGetFileContentType(t *testing.T) {
// Run the test cases.
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
contentType, err := getFileContentType(test.file)
contentType, err := getFileContentType(test.file.Name())
require.NoError(t, err)
require.Equal(t, test.expected, contentType)
})
Expand Down
Loading

0 comments on commit 4e0e56e

Please sign in to comment.