diff --git a/.github/workflows/verify-schemagen.yaml b/.github/workflows/verify-schemagen.yaml new file mode 100644 index 00000000..0e346fdb --- /dev/null +++ b/.github/workflows/verify-schemagen.yaml @@ -0,0 +1,20 @@ +name: Docgen +on: + workflow_dispatch: + push: + branches: ["main", "release-*"] + pull_request: +permissions: + contents: read + +jobs: + docgen: + name: Verify Docgen + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 + - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + with: + go-version: "1.21.x" + - run: ./schemagen/verify.sh diff --git a/Makefile b/Makefile index bc9258ae..1b61e8ac 100644 --- a/Makefile +++ b/Makefile @@ -23,5 +23,9 @@ $(CONTROLLER_GEN): $(LOCALBIN) test: ## Run the go unit tests go test -v -coverprofile=profile.cov -covermode=atomic ./... +.PHONY: schema +schema: ## Generate the attestor schema json files + go run ./schemagen/schema.go + help: ## Display this help screen @grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' diff --git a/attestation/aws-iid/aws-iid.go b/attestation/aws-iid/aws-iid.go index 5aacbe16..ac1cf24a 100644 --- a/attestation/aws-iid/aws-iid.go +++ b/attestation/aws-iid/aws-iid.go @@ -30,6 +30,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" ) const ( @@ -99,7 +100,6 @@ func New() *Attestor { session: *sess, conf: conf, } - } func (a *Attestor) Name() string { @@ -114,6 +114,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { a.hashes = ctx.Hashes() diff --git a/attestation/commandrun/commandrun.go b/attestation/commandrun/commandrun.go index c148544e..5fc2007e 100644 --- a/attestation/commandrun/commandrun.go +++ b/attestation/commandrun/commandrun.go @@ -23,6 +23,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/environment" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) const ( @@ -123,6 +124,10 @@ type CommandRun struct { environmentBlockList map[string]struct{} } +func (a *CommandRun) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (rc *CommandRun) Attest(ctx *attestation.AttestationContext) error { if len(rc.Cmd) == 0 { return attestation.ErrAttestor{ diff --git a/attestation/environment/environment.go b/attestation/environment/environment.go index 8def421c..e0d6c6af 100644 --- a/attestation/environment/environment.go +++ b/attestation/environment/environment.go @@ -21,6 +21,7 @@ import ( "strings" "github.com/in-toto/go-witness/attestation" + "github.com/invopop/jsonschema" ) const ( @@ -92,6 +93,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { a.OS = runtime.GOOS a.Variables = make(map[string]string) diff --git a/attestation/factory.go b/attestation/factory.go index 9b237380..c0d97b5c 100644 --- a/attestation/factory.go +++ b/attestation/factory.go @@ -19,6 +19,7 @@ import ( "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/registry" + "github.com/invopop/jsonschema" ) var ( @@ -32,6 +33,7 @@ type Attestor interface { Type() string RunType() RunType Attest(ctx *AttestationContext) error + Schema() *jsonschema.Schema } // Subjecter allows attestors to expose bits of information that will be added to @@ -110,7 +112,7 @@ func GetAttestor(nameOrType string) (Attestor, error) { return attestors[0], nil } -// Deprecated: use AddAttestors instead +// Deprecated: use GetAttestors instead func Attestors(nameOrTypes []string) ([]Attestor, error) { return GetAttestors(nameOrTypes) } diff --git a/attestation/factory_test.go b/attestation/factory_test.go index 5d92afe0..13036fcb 100644 --- a/attestation/factory_test.go +++ b/attestation/factory_test.go @@ -17,6 +17,7 @@ package attestation import ( "testing" + "github.com/invopop/jsonschema" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -27,7 +28,8 @@ func TestRegistry(t *testing.T) { name: "prerun", predicateType: "https://witness.dev/test/prerun", runType: PreMaterialRunType, - }, { + }, + { name: "execute", predicateType: "https://witness.dev/test/execute", runType: ExecuteRunType, @@ -70,6 +72,10 @@ func (a *dummyAttestor) RunType() RunType { return a.runType } +func (a *dummyAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *dummyAttestor) Attest(*AttestationContext) error { return nil } diff --git a/attestation/gcp-iit/gcp-iit.go b/attestation/gcp-iit/gcp-iit.go index 99691859..02a9c402 100644 --- a/attestation/gcp-iit/gcp-iit.go +++ b/attestation/gcp-iit/gcp-iit.go @@ -26,6 +26,7 @@ import ( "github.com/in-toto/go-witness/attestation/jwt" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -98,6 +99,14 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + schema := jsonschema.Reflect(&a) + schema.Definitions["Attestor"].Properties.Set("jwt", jsonschema.Reflect(&a.JWT)) + return schema +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { tokenURL := identityTokenURL(defaultIdentityTokenHost, defaultServiceAccount) identityToken, err := getMetadata(tokenURL) @@ -171,7 +180,6 @@ func (a *Attestor) getInstanceData() { a.ProjectID = projID a.ProjectNumber = projNum - } func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { diff --git a/attestation/git/git.go b/attestation/git/git.go index 3b39df29..68a0c564 100644 --- a/attestation/git/git.go +++ b/attestation/git/git.go @@ -25,6 +25,7 @@ import ( "github.com/go-git/go-git/v5/plumbing/object" "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) const ( @@ -113,11 +114,14 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { repo, err := git.PlainOpenWithOptions(ctx.WorkingDir(), &git.PlainOpenOptions{ DetectDotGit: true, }) - if err != nil { return err } @@ -151,20 +155,19 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { a.Remotes = append(a.Remotes, remote.Config().URLs...) } - //get all the refs for the repo refs, err := repo.References() if err != nil { return err } - //iterate over the refs and add them to the attestor + // iterate over the refs and add them to the attestor err = refs.ForEach(func(ref *plumbing.Reference) error { - //only add the ref if it points to the head + // only add the ref if it points to the head if ref.Hash() != head.Hash() { return nil } - //add the ref name to the attestor + // add the ref name to the attestor a.Refs = append(a.Refs, ref.Name().String()) return nil @@ -194,8 +197,7 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { var tagList []Tag err = tags.ForEach(func(t *object.Tag) error { - - //check if the tag points to the head + // check if the tag points to the head if t.Target.String() != head.Hash().String() { return nil } @@ -210,7 +212,6 @@ func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { }) return nil }) - if err != nil { return fmt.Errorf("iterate tags error: %s", err) } @@ -260,7 +261,7 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { }: a.CommitHash, } - //add author email + // add author email subjectName = fmt.Sprintf("authoremail:%v", a.AuthorEmail) ds, err := cryptoutil.CalculateDigestSetFromBytes([]byte(a.AuthorEmail), hashes) if err != nil { @@ -269,7 +270,7 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subjects[subjectName] = ds - //add committer email + // add committer email subjectName = fmt.Sprintf("committeremail:%v", a.CommitterEmail) ds, err = cryptoutil.CalculateDigestSetFromBytes([]byte(a.CommitterEmail), hashes) if err != nil { @@ -278,7 +279,7 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subjects[subjectName] = ds - //add parent hashes + // add parent hashes for _, parentHash := range a.ParentHashes { subjectName = fmt.Sprintf("parenthash:%v", parentHash) ds, err = cryptoutil.CalculateDigestSetFromBytes([]byte(parentHash), hashes) diff --git a/attestation/github/github.go b/attestation/github/github.go index 02a0aea2..7f60c1b3 100644 --- a/attestation/github/github.go +++ b/attestation/github/github.go @@ -29,6 +29,7 @@ import ( "github.com/in-toto/go-witness/attestation/jwt" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" ) const ( @@ -124,6 +125,14 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + schema := jsonschema.Reflect(&a) + schema.Definitions["Attestor"].Properties.Set("jwt", jsonschema.Reflect(&a.JWT)) + return schema +} + // Attest performs the attestation for the github environment. func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { if os.Getenv("GITHUB_ACTIONS") != "true" { diff --git a/attestation/gitlab/gitlab.go b/attestation/gitlab/gitlab.go index f4be947b..dcd7795e 100644 --- a/attestation/gitlab/gitlab.go +++ b/attestation/gitlab/gitlab.go @@ -24,6 +24,7 @@ import ( "github.com/in-toto/go-witness/attestation/jwt" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" ) const ( @@ -101,6 +102,14 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + schema := jsonschema.Reflect(&a) + schema.Definitions["Attestor"].Properties.Set("jwt", jsonschema.Reflect(&a.JWT)) + return schema +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { if os.Getenv("GITLAB_CI") != "true" { return ErrNotGitlab{} diff --git a/attestation/jwt/jwt.go b/attestation/jwt/jwt.go index 02986308..94561f05 100644 --- a/attestation/jwt/jwt.go +++ b/attestation/jwt/jwt.go @@ -20,6 +20,7 @@ import ( "net/http" "github.com/in-toto/go-witness/attestation" + "github.com/invopop/jsonschema" "gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2/jwt" ) @@ -86,6 +87,10 @@ func New(opts ...Option) *Attestor { return a } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { if a.token == "" { return ErrInvalidToken(a.token) diff --git a/attestation/link/link.go b/attestation/link/link.go index 8b9852d4..f145dca3 100644 --- a/attestation/link/link.go +++ b/attestation/link/link.go @@ -27,6 +27,7 @@ import ( "github.com/in-toto/go-witness/attestation/product" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/registry" + "github.com/invopop/jsonschema" "google.golang.org/protobuf/types/known/structpb" ) @@ -94,6 +95,12 @@ func (l *Link) RunType() attestation.RunType { return RunType } +func (l *Link) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + return jsonschema.Reflect(&v0.Link{}) +} + func (l *Link) Export() bool { return l.export } diff --git a/attestation/material/material.go b/attestation/material/material.go index 10125918..74f047c0 100644 --- a/attestation/material/material.go +++ b/attestation/material/material.go @@ -20,6 +20,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/file" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) const ( @@ -80,6 +81,14 @@ func New(opts ...Option) *Attestor { return attestor } +func (a *Attestor) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `a` + // TODO: Fix this later + return jsonschema.Reflect(struct { + Materials map[string]cryptoutil.DigestSet + }{}) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { materials, err := file.RecordArtifacts(ctx.WorkingDir(), nil, ctx.Hashes(), map[string]struct{}{}) if err != nil { diff --git a/attestation/maven/maven.go b/attestation/maven/maven.go index 326535a9..b9b75ae1 100644 --- a/attestation/maven/maven.go +++ b/attestation/maven/maven.go @@ -25,6 +25,7 @@ import ( "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" "github.com/in-toto/go-witness/registry" + "github.com/invopop/jsonschema" ) const ( @@ -112,6 +113,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { pomFile, err := os.Open(a.pomPath) if err != nil { diff --git a/attestation/oci/oci.go b/attestation/oci/oci.go index 34b895b9..47f6ddf6 100644 --- a/attestation/oci/oci.go +++ b/attestation/oci/oci.go @@ -29,6 +29,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" ) const ( @@ -137,6 +138,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { if err := a.getCandidate(ctx); err != nil { log.Debugf("(attestation/oci) error getting candidate: %w", err) @@ -196,7 +201,6 @@ func (a *Attestor) getCandidate(ctx *attestation.AttestationContext) error { } func (a *Attestor) parseMaifest(ctx *attestation.AttestationContext) error { - f, err := os.Open(a.tarFilePath) if err != nil { err = fmt.Errorf("error opening tar file: %w", err) @@ -249,7 +253,7 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subj[fmt.Sprintf("tardigest:%s", a.TarDigest[cryptoutil.DigestValue{Hash: crypto.SHA256}])] = a.TarDigest subj[fmt.Sprintf("imageid:%s", a.ImageID[cryptoutil.DigestValue{Hash: crypto.SHA256}])] = a.ImageID - //image tags + // image tags for _, tag := range a.ImageTags { hash, err := cryptoutil.CalculateDigestSetFromBytes([]byte(tag), hashes) if err != nil { @@ -259,7 +263,7 @@ func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subj[fmt.Sprintf("imagetag:%s", tag)] = hash } - //diff ids + // diff ids for layer := range a.LayerDiffIDs { subj[fmt.Sprintf("layerdiffid%02d:%s", layer, a.LayerDiffIDs[layer][cryptoutil.DigestValue{Hash: crypto.SHA256}])] = a.LayerDiffIDs[layer] } @@ -322,7 +326,6 @@ func (m *Manifest) getLayerDIFFIDs(ctx *attestation.AttestationContext, tarFileP } } - } } return layerDiffIDs, nil diff --git a/attestation/oci/oci_test.go b/attestation/oci/oci_test.go index 4068e2d9..22b72294 100644 --- a/attestation/oci/oci_test.go +++ b/attestation/oci/oci_test.go @@ -22,6 +22,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" "github.com/stretchr/testify/require" ) @@ -41,6 +42,10 @@ func (testProducter) RunType() attestation.RunType { return attestation.PreMaterialRunType } +func (testProducter) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&testProducter{}) +} + func (testProducter) Attest(ctx *attestation.AttestationContext) error { return nil } @@ -62,7 +67,6 @@ func TestNew(t *testing.T) { if a.RunType() != RunType { t.Errorf("expected RunType to be %s, got %s", RunType, a.RunType()) } - } func SetupTest(t *testing.T, b64tarFile string) *os.File { @@ -82,8 +86,8 @@ func SetupTest(t *testing.T, b64tarFile string) *os.File { } return file - } + func TestAttestor_Attest(t *testing.T) { a := New() @@ -122,9 +126,11 @@ func TestAttestor_Attest(t *testing.T) { require.NoError(t, err) } -const imageID = "c294e5406766e579a59a04260b9dc22917fd21929114beeef2eda63536d35c82" -const diffID = "84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652" -const manifestDigest = "5445fcd1d6274180325653c40ad113c2b4bda0682f3650ce50284f74f9305c4c" +const ( + imageID = "c294e5406766e579a59a04260b9dc22917fd21929114beeef2eda63536d35c82" + diffID = "84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652" + manifestDigest = "5445fcd1d6274180325653c40ad113c2b4bda0682f3650ce50284f74f9305c4c" +) const testTar = ` ODI5Y2NhODhlZTYzNTAzMzBlMmVlYTAwOWRkNmVjNjcxMjA3OGU5Y2U0ZGFhY2FmNjhhM2VkMDI5NjUz diff --git a/attestation/policyverify/policyverify.go b/attestation/policyverify/policyverify.go index 7266a660..004bab24 100644 --- a/attestation/policyverify/policyverify.go +++ b/attestation/policyverify/policyverify.go @@ -30,6 +30,7 @@ import ( "github.com/in-toto/go-witness/slsa" "github.com/in-toto/go-witness/source" "github.com/in-toto/go-witness/timestamp" + "github.com/invopop/jsonschema" ) const ( @@ -116,6 +117,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Subjects() map[string]cryptoutil.DigestSet { subjects := map[string]cryptoutil.DigestSet{} for _, digest := range a.subjectDigests { diff --git a/attestation/product/product.go b/attestation/product/product.go index 61b9f511..e1899986 100644 --- a/attestation/product/product.go +++ b/attestation/product/product.go @@ -28,6 +28,7 @@ import ( "github.com/in-toto/go-witness/attestation/file" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/registry" + "github.com/invopop/jsonschema" ) const ( @@ -164,6 +165,14 @@ func New(opts ...Option) *Attestor { return a } +func (a *Attestor) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + return jsonschema.Reflect(struct { + Products map[string]attestation.Product + }{}) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { compiledIncludeGlob, err := glob.Compile(a.includeGlob) if err != nil { diff --git a/attestation/sarif/sarif.go b/attestation/sarif/sarif.go index 1dac7d87..f72ad855 100644 --- a/attestation/sarif/sarif.go +++ b/attestation/sarif/sarif.go @@ -24,6 +24,7 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" + "github.com/invopop/jsonschema" "github.com/owenrumney/go-sarif/sarif" ) @@ -69,6 +70,10 @@ func (a *Attestor) RunType() attestation.RunType { return RunType } +func (a *Attestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&a) +} + func (a *Attestor) Attest(ctx *attestation.AttestationContext) error { if err := a.getCandidate(ctx); err != nil { log.Debugf("(attestation/sarif) error getting candidate: %w", err) diff --git a/attestation/slsa/slsa.go b/attestation/slsa/slsa.go index bbf2b9e0..12b86213 100644 --- a/attestation/slsa/slsa.go +++ b/attestation/slsa/slsa.go @@ -33,6 +33,7 @@ import ( "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/log" "github.com/in-toto/go-witness/registry" + "github.com/invopop/jsonschema" "golang.org/x/exp/maps" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/timestamppb" @@ -106,6 +107,12 @@ func (p *Provenance) RunType() attestation.RunType { return RunType } +func (p *Provenance) Schema() *jsonschema.Schema { + // NOTE: This isn't ideal. For some reason the reflect function is return an empty schema when passing in `p` + // TODO: Fix this later + return jsonschema.Reflect(prov.Provenance{}) +} + func (p *Provenance) Export() bool { return p.export } diff --git a/go.mod b/go.mod index fc82b410..5ba023c8 100644 --- a/go.mod +++ b/go.mod @@ -14,6 +14,7 @@ require ( github.com/go-jose/go-jose/v3 v3.0.3 github.com/in-toto/archivista v0.4.0 github.com/in-toto/attestation v1.0.1 + github.com/invopop/jsonschema v0.12.0 github.com/jellydator/ttlcache/v3 v3.2.0 github.com/mattn/go-isatty v0.0.20 github.com/mitchellh/go-homedir v1.1.0 @@ -50,7 +51,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect github.com/aws/smithy-go v1.20.2 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/buger/jsonparser v1.1.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/coreos/go-oidc/v3 v3.10.0 // indirect @@ -75,6 +78,7 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e // indirect + github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect @@ -91,6 +95,7 @@ require ( github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect github.com/zclconf/go-cty v1.14.2 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect diff --git a/go.sum b/go.sum index 607c6c1d..666a34f3 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,12 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= @@ -202,6 +206,8 @@ github.com/in-toto/archivista v0.4.0 h1:5g79iqmyXblnnwuD+768lrEbeoE0V5H7URYJFnr0 github.com/in-toto/archivista v0.4.0/go.mod h1:HgqAu7az0Ql0Jf844Paf0Ji5PdUMKxO5JIBh4hOjMs8= github.com/in-toto/attestation v1.0.1 h1:DgX1XuBkryTpj1Piq8AiMK3CMfEcec3Qv6+Ku+uI3WY= github.com/in-toto/attestation v1.0.1/go.mod h1:hCR5COCuENh5+VfojEkJnt7caOymbEgvyZdKifD6pOw= +github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= +github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -212,6 +218,7 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -229,6 +236,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e h1:0YcEneR01FfQAfP/OlniqnE+NMLLGuJ/RTJmlamX2EY= github.com/letsencrypt/boulder v0.0.0-20240226214708-a97e074b5a3e/go.mod h1:qY5wBgmaPwKkhGd2gNWZcoJBe9c76gsHm4OTc/N12+g= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= @@ -309,6 +318,8 @@ github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= diff --git a/internal/attestors/commandrun.go b/internal/attestors/commandrun.go index d7d255af..d16335c6 100644 --- a/internal/attestors/commandrun.go +++ b/internal/attestors/commandrun.go @@ -18,11 +18,10 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/commandrun" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ commandrun.CommandRunAttestor = &TestCommandRunAttestor{} -) +var _ commandrun.CommandRunAttestor = &TestCommandRunAttestor{} type TestCommandRunAttestor struct { comAtt commandrun.CommandRun @@ -45,6 +44,10 @@ func (t *TestCommandRunAttestor) RunType() attestation.RunType { return t.comAtt.RunType() } +func (t *TestCommandRunAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestCommandRunAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/environment.go b/internal/attestors/environment.go index 9ea5298a..b0f62efa 100644 --- a/internal/attestors/environment.go +++ b/internal/attestors/environment.go @@ -17,11 +17,10 @@ package attestors import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/environment" + "github.com/invopop/jsonschema" ) -var ( - _ environment.EnvironmentAttestor = &TestEnvironmentAttestor{} -) +var _ environment.EnvironmentAttestor = &TestEnvironmentAttestor{} type TestEnvironmentAttestor struct { environmentAtt environment.Attestor @@ -44,6 +43,10 @@ func (t *TestEnvironmentAttestor) RunType() attestation.RunType { return t.environmentAtt.RunType() } +func (t *TestEnvironmentAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestEnvironmentAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/git.go b/internal/attestors/git.go index bb47e37c..a262b96a 100644 --- a/internal/attestors/git.go +++ b/internal/attestors/git.go @@ -18,11 +18,10 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/git" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ git.GitAttestor = &TestGitAttestor{} -) +var _ git.GitAttestor = &TestGitAttestor{} type TestGitAttestor struct { gitAtt git.Attestor @@ -45,6 +44,10 @@ func (t *TestGitAttestor) RunType() attestation.RunType { return t.gitAtt.RunType() } +func (t *TestGitAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestGitAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/github.go b/internal/attestors/github.go index 38286083..838e8891 100644 --- a/internal/attestors/github.go +++ b/internal/attestors/github.go @@ -19,11 +19,10 @@ import ( "github.com/in-toto/go-witness/attestation/github" "github.com/in-toto/go-witness/attestation/jwt" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ github.GitHubAttestor = &TestGitHubAttestor{} -) +var _ github.GitHubAttestor = &TestGitHubAttestor{} type TestGitHubAttestor struct { githubAtt github.Attestor @@ -47,6 +46,10 @@ func (t *TestGitHubAttestor) RunType() attestation.RunType { return t.githubAtt.RunType() } +func (t *TestGitHubAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestGitHubAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/gitlab.go b/internal/attestors/gitlab.go index 0127a1f6..959cb21b 100644 --- a/internal/attestors/gitlab.go +++ b/internal/attestors/gitlab.go @@ -19,11 +19,10 @@ import ( "github.com/in-toto/go-witness/attestation/gitlab" "github.com/in-toto/go-witness/attestation/jwt" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ gitlab.GitLabAttestor = &TestGitLabAttestor{} -) +var _ gitlab.GitLabAttestor = &TestGitLabAttestor{} type TestGitLabAttestor struct { gitlabAtt gitlab.Attestor @@ -47,6 +46,10 @@ func (t *TestGitLabAttestor) RunType() attestation.RunType { return t.gitlabAtt.RunType() } +func (t *TestGitLabAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestGitLabAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/material.go b/internal/attestors/material.go index 57fc66b0..25ac1feb 100644 --- a/internal/attestors/material.go +++ b/internal/attestors/material.go @@ -18,11 +18,10 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/material" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ material.MaterialAttestor = &TestMaterialAttestor{} -) +var _ material.MaterialAttestor = &TestMaterialAttestor{} type TestMaterialAttestor struct { matAtt *material.Attestor @@ -47,6 +46,10 @@ func (t *TestMaterialAttestor) RunType() attestation.RunType { return t.matAtt.RunType() } +func (t *TestMaterialAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestMaterialAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/oci.go b/internal/attestors/oci.go index 6f92841e..5981d5c8 100644 --- a/internal/attestors/oci.go +++ b/internal/attestors/oci.go @@ -18,11 +18,10 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/oci" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ oci.OCIAttestor = &TestOCIAttestor{} -) +var _ oci.OCIAttestor = &TestOCIAttestor{} type TestOCIAttestor struct { ociAtt oci.Attestor @@ -45,6 +44,10 @@ func (t *TestOCIAttestor) RunType() attestation.RunType { return t.ociAtt.RunType() } +func (t *TestOCIAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestOCIAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/internal/attestors/product.go b/internal/attestors/product.go index 93299bd7..7c8a80bc 100644 --- a/internal/attestors/product.go +++ b/internal/attestors/product.go @@ -18,11 +18,10 @@ import ( "github.com/in-toto/go-witness/attestation" "github.com/in-toto/go-witness/attestation/product" "github.com/in-toto/go-witness/cryptoutil" + "github.com/invopop/jsonschema" ) -var ( - _ product.ProductAttestor = &TestProductAttestor{} -) +var _ product.ProductAttestor = &TestProductAttestor{} type TestProductAttestor struct { prodAtt product.ProductAttestor @@ -45,6 +44,10 @@ func (t *TestProductAttestor) RunType() attestation.RunType { return t.prodAtt.RunType() } +func (t *TestProductAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&t) +} + func (t *TestProductAttestor) Attest(ctx *attestation.AttestationContext) error { return nil } diff --git a/policy/policy_test.go b/policy/policy_test.go index 53e0a34d..c57fda3e 100644 --- a/policy/policy_test.go +++ b/policy/policy_test.go @@ -32,6 +32,7 @@ import ( "github.com/in-toto/go-witness/cryptoutil" "github.com/in-toto/go-witness/intoto" "github.com/in-toto/go-witness/source" + "github.com/invopop/jsonschema" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -367,6 +368,10 @@ func (DummyMaterialer) RunType() attestation.RunType { return attestation.PreMaterialRunType } +func (DummyMaterialer) Schema() *jsonschema.Schema { + return jsonschema.Reflect(DummyMaterialer{}) +} + func (DummyMaterialer) Attest(*attestation.AttestationContext) error { return nil } @@ -391,6 +396,10 @@ func (DummyProducer) RunType() attestation.RunType { return attestation.PostProductRunType } +func (DummyProducer) Schema() *jsonschema.Schema { + return jsonschema.Reflect(DummyProducer{}) +} + func (DummyProducer) Attest(*attestation.AttestationContext) error { return nil } diff --git a/schemagen/aws.json b/schemagen/aws.json new file mode 100644 index 00000000..6872c348 --- /dev/null +++ b/schemagen/aws.json @@ -0,0 +1,96 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "devpayProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "marketplaceProductCodes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "availabilityZone": { + "type": "string" + }, + "privateIp": { + "type": "string" + }, + "version": { + "type": "string" + }, + "region": { + "type": "string" + }, + "instanceId": { + "type": "string" + }, + "billingProducts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "instanceType": { + "type": "string" + }, + "accountId": { + "type": "string" + }, + "pendingTime": { + "type": "string", + "format": "date-time" + }, + "imageId": { + "type": "string" + }, + "kernelId": { + "type": "string" + }, + "ramdiskId": { + "type": "string" + }, + "architecture": { + "type": "string" + }, + "rawiid": { + "type": "string" + }, + "rawsig": { + "type": "string" + }, + "publickey": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "devpayProductCodes", + "marketplaceProductCodes", + "availabilityZone", + "privateIp", + "version", + "region", + "instanceId", + "billingProducts", + "instanceType", + "accountId", + "pendingTime", + "imageId", + "kernelId", + "ramdiskId", + "architecture", + "rawiid", + "rawsig", + "publickey" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/command-run.json b/schemagen/command-run.json new file mode 100644 index 00000000..d4269f7b --- /dev/null +++ b/schemagen/command-run.json @@ -0,0 +1,86 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/CommandRun", + "$defs": { + "CommandRun": { + "properties": { + "cmd": { + "items": { + "type": "string" + }, + "type": "array" + }, + "stdout": { + "type": "string" + }, + "stderr": { + "type": "string" + }, + "exitcode": { + "type": "integer" + }, + "processes": { + "items": { + "$ref": "#/$defs/ProcessInfo" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "cmd", + "exitcode" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ProcessInfo": { + "properties": { + "program": { + "type": "string" + }, + "processid": { + "type": "integer" + }, + "parentpid": { + "type": "integer" + }, + "programdigest": { + "$ref": "#/$defs/DigestSet" + }, + "comm": { + "type": "string" + }, + "cmdline": { + "type": "string" + }, + "exedigest": { + "$ref": "#/$defs/DigestSet" + }, + "openedfiles": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + }, + "environ": { + "type": "string" + }, + "specbypassisvuln": { + "type": "boolean" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "processid", + "parentpid" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/environment.json b/schemagen/environment.json new file mode 100644 index 00000000..cab7a68c --- /dev/null +++ b/schemagen/environment.json @@ -0,0 +1,32 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "os": { + "type": "string" + }, + "hostname": { + "type": "string" + }, + "username": { + "type": "string" + }, + "variables": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "os", + "hostname", + "username" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/gcp-iit.json b/schemagen/gcp-iit.json new file mode 100644 index 00000000..324210c1 --- /dev/null +++ b/schemagen/gcp-iit.json @@ -0,0 +1,546 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } + }, + "project_id": { + "type": "string" + }, + "project_number": { + "type": "string" + }, + "zone": { + "type": "string" + }, + "instance_id": { + "type": "string" + }, + "instance_hostname": { + "type": "string" + }, + "instance_creation_timestamp": { + "type": "string" + }, + "instance_confidentiality": { + "type": "string" + }, + "licence_id": { + "items": { + "type": "string" + }, + "type": "array" + }, + "cluster_name": { + "type": "string" + }, + "cluster_uid": { + "type": "string" + }, + "cluster_location": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwt", + "project_id", + "project_number", + "zone", + "instance_id", + "instance_hostname", + "instance_creation_timestamp", + "instance_confidentiality", + "licence_id", + "cluster_name", + "cluster_uid", + "cluster_location" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/git.json b/schemagen/git.json new file mode 100644 index 00000000..49b89a6c --- /dev/null +++ b/schemagen/git.json @@ -0,0 +1,131 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "commithash": { + "type": "string" + }, + "author": { + "type": "string" + }, + "authoremail": { + "type": "string" + }, + "committername": { + "type": "string" + }, + "committeremail": { + "type": "string" + }, + "commitdate": { + "type": "string" + }, + "commitmessage": { + "type": "string" + }, + "status": { + "additionalProperties": { + "$ref": "#/$defs/Status" + }, + "type": "object" + }, + "commitdigest": { + "$ref": "#/$defs/DigestSet" + }, + "signature": { + "type": "string" + }, + "parenthashes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "treehash": { + "type": "string" + }, + "refs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "remotes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tags": { + "items": { + "$ref": "#/$defs/Tag" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "commithash", + "author", + "authoremail", + "committername", + "committeremail", + "commitdate", + "commitmessage" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Status": { + "properties": { + "staging": { + "type": "string" + }, + "worktree": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Tag": { + "properties": { + "name": { + "type": "string" + }, + "taggername": { + "type": "string" + }, + "taggeremail": { + "type": "string" + }, + "when": { + "type": "string" + }, + "pgpsignature": { + "type": "string" + }, + "message": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "taggername", + "taggeremail", + "when", + "pgpsignature", + "message" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/github.json b/schemagen/github.json new file mode 100644 index 00000000..e95b314f --- /dev/null +++ b/schemagen/github.json @@ -0,0 +1,538 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } + }, + "ciconfigpath": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelinename": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + }, + "runnerarch": { + "type": "string" + }, + "runneros": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "pipelineid", + "pipelinename", + "pipelineurl", + "projecturl", + "runnerid", + "cihost", + "ciserverurl", + "runnerarch", + "runneros" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/gitlab.json b/schemagen/gitlab.json new file mode 100644 index 00000000..d46cea95 --- /dev/null +++ b/schemagen/gitlab.json @@ -0,0 +1,550 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "jwt": { + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } + }, + "ciconfigpath": { + "type": "string" + }, + "jobid": { + "type": "string" + }, + "jobimage": { + "type": "string" + }, + "jobname": { + "type": "string" + }, + "jobstage": { + "type": "string" + }, + "joburl": { + "type": "string" + }, + "pipelineid": { + "type": "string" + }, + "pipelineurl": { + "type": "string" + }, + "projectid": { + "type": "string" + }, + "projecturl": { + "type": "string" + }, + "runnerid": { + "type": "string" + }, + "cihost": { + "type": "string" + }, + "ciserverurl": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "ciconfigpath", + "jobid", + "jobimage", + "jobname", + "jobstage", + "joburl", + "pipelineid", + "pipelineurl", + "projectid", + "projecturl", + "runnerid", + "cihost", + "ciserverurl" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/jwt.json b/schemagen/jwt.json new file mode 100644 index 00000000..9d72efc6 --- /dev/null +++ b/schemagen/jwt.json @@ -0,0 +1,484 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "claims": { + "type": "object" + }, + "verifiedBy": { + "$ref": "#/$defs/VerificationInfo" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "claims" + ] + }, + "AttributeTypeAndValue": { + "properties": { + "Type": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Value": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Type", + "Value" + ] + }, + "Certificate": { + "properties": { + "Raw": { + "type": "string", + "contentEncoding": "base64" + }, + "RawTBSCertificate": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubjectPublicKeyInfo": { + "type": "string", + "contentEncoding": "base64" + }, + "RawSubject": { + "type": "string", + "contentEncoding": "base64" + }, + "RawIssuer": { + "type": "string", + "contentEncoding": "base64" + }, + "Signature": { + "type": "string", + "contentEncoding": "base64" + }, + "SignatureAlgorithm": { + "type": "integer" + }, + "PublicKeyAlgorithm": { + "type": "integer" + }, + "PublicKey": true, + "Version": { + "type": "integer" + }, + "SerialNumber": { + "$ref": "#/$defs/Int" + }, + "Issuer": { + "$ref": "#/$defs/Name" + }, + "Subject": { + "$ref": "#/$defs/Name" + }, + "NotBefore": { + "type": "string", + "format": "date-time" + }, + "NotAfter": { + "type": "string", + "format": "date-time" + }, + "KeyUsage": { + "type": "integer" + }, + "Extensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "ExtraExtensions": { + "items": { + "$ref": "#/$defs/Extension" + }, + "type": "array" + }, + "UnhandledCriticalExtensions": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "ExtKeyUsage": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "UnknownExtKeyUsage": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + }, + "BasicConstraintsValid": { + "type": "boolean" + }, + "IsCA": { + "type": "boolean" + }, + "MaxPathLen": { + "type": "integer" + }, + "MaxPathLenZero": { + "type": "boolean" + }, + "SubjectKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "AuthorityKeyId": { + "type": "string", + "contentEncoding": "base64" + }, + "OCSPServer": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IssuingCertificateURL": { + "items": { + "type": "string" + }, + "type": "array" + }, + "DNSNames": { + "items": { + "type": "string" + }, + "type": "array" + }, + "EmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "IPAddresses": { + "items": { + "type": "string", + "format": "ipv4" + }, + "type": "array" + }, + "URIs": { + "items": { + "type": "string", + "format": "uri" + }, + "type": "array" + }, + "PermittedDNSDomainsCritical": { + "type": "boolean" + }, + "PermittedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedDNSDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "ExcludedIPRanges": { + "items": { + "$ref": "#/$defs/IPNet" + }, + "type": "array" + }, + "PermittedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedEmailAddresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PermittedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ExcludedURIDomains": { + "items": { + "type": "string" + }, + "type": "array" + }, + "CRLDistributionPoints": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PolicyIdentifiers": { + "items": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Raw", + "RawTBSCertificate", + "RawSubjectPublicKeyInfo", + "RawSubject", + "RawIssuer", + "Signature", + "SignatureAlgorithm", + "PublicKeyAlgorithm", + "PublicKey", + "Version", + "SerialNumber", + "Issuer", + "Subject", + "NotBefore", + "NotAfter", + "KeyUsage", + "Extensions", + "ExtraExtensions", + "UnhandledCriticalExtensions", + "ExtKeyUsage", + "UnknownExtKeyUsage", + "BasicConstraintsValid", + "IsCA", + "MaxPathLen", + "MaxPathLenZero", + "SubjectKeyId", + "AuthorityKeyId", + "OCSPServer", + "IssuingCertificateURL", + "DNSNames", + "EmailAddresses", + "IPAddresses", + "URIs", + "PermittedDNSDomainsCritical", + "PermittedDNSDomains", + "ExcludedDNSDomains", + "PermittedIPRanges", + "ExcludedIPRanges", + "PermittedEmailAddresses", + "ExcludedEmailAddresses", + "PermittedURIDomains", + "ExcludedURIDomains", + "CRLDistributionPoints", + "PolicyIdentifiers" + ] + }, + "Extension": { + "properties": { + "Id": { + "$ref": "#/$defs/ObjectIdentifier" + }, + "Critical": { + "type": "boolean" + }, + "Value": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Id", + "Critical", + "Value" + ] + }, + "IPMask": { + "type": "string", + "contentEncoding": "base64" + }, + "IPNet": { + "properties": { + "IP": { + "type": "string", + "format": "ipv4" + }, + "Mask": { + "$ref": "#/$defs/IPMask" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "IP", + "Mask" + ] + }, + "Int": { + "properties": {}, + "additionalProperties": false, + "type": "object" + }, + "JSONWebKey": { + "properties": { + "Key": true, + "KeyID": { + "type": "string" + }, + "Algorithm": { + "type": "string" + }, + "Use": { + "type": "string" + }, + "Certificates": { + "items": { + "$ref": "#/$defs/Certificate" + }, + "type": "array" + }, + "CertificatesURL": { + "type": "string", + "format": "uri" + }, + "CertificateThumbprintSHA1": { + "type": "string", + "contentEncoding": "base64" + }, + "CertificateThumbprintSHA256": { + "type": "string", + "contentEncoding": "base64" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Key", + "KeyID", + "Algorithm", + "Use", + "Certificates", + "CertificatesURL", + "CertificateThumbprintSHA1", + "CertificateThumbprintSHA256" + ] + }, + "Name": { + "properties": { + "Country": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Organization": { + "items": { + "type": "string" + }, + "type": "array" + }, + "OrganizationalUnit": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Locality": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Province": { + "items": { + "type": "string" + }, + "type": "array" + }, + "StreetAddress": { + "items": { + "type": "string" + }, + "type": "array" + }, + "PostalCode": { + "items": { + "type": "string" + }, + "type": "array" + }, + "SerialNumber": { + "type": "string" + }, + "CommonName": { + "type": "string" + }, + "Names": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + }, + "ExtraNames": { + "items": { + "$ref": "#/$defs/AttributeTypeAndValue" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Country", + "Organization", + "OrganizationalUnit", + "Locality", + "Province", + "StreetAddress", + "PostalCode", + "SerialNumber", + "CommonName", + "Names", + "ExtraNames" + ] + }, + "ObjectIdentifier": { + "items": { + "type": "integer" + }, + "type": "array" + }, + "VerificationInfo": { + "properties": { + "jwksUrl": { + "type": "string" + }, + "jwk": { + "$ref": "#/$defs/JSONWebKey" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "jwksUrl", + "jwk" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/link.json b/schemagen/link.json new file mode 100644 index 00000000..a3725db1 --- /dev/null +++ b/schemagen/link.json @@ -0,0 +1,87 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/link/v0/link", + "$ref": "#/$defs/Link", + "$defs": { + "Link": { + "properties": { + "name": { + "type": "string" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array" + }, + "materials": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "byproducts": { + "$ref": "#/$defs/Struct" + }, + "environment": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/material.json b/schemagen/material.json new file mode 100644 index 00000000..04798d87 --- /dev/null +++ b/schemagen/material.json @@ -0,0 +1,24 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$defs": { + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "properties": { + "Materials": { + "additionalProperties": { + "$ref": "#/$defs/DigestSet" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Materials" + ] +} \ No newline at end of file diff --git a/schemagen/maven.json b/schemagen/maven.json new file mode 100644 index 00000000..f2e9b854 --- /dev/null +++ b/schemagen/maven.json @@ -0,0 +1,61 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "projectname": { + "type": "string" + }, + "dependencies": { + "items": { + "$ref": "#/$defs/MavenDependency" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "projectname", + "dependencies" + ] + }, + "MavenDependency": { + "properties": { + "groupid": { + "type": "string" + }, + "artifactid": { + "type": "string" + }, + "version": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "groupid", + "artifactid", + "version", + "scope" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/oci.json b/schemagen/oci.json new file mode 100644 index 00000000..e1b946f5 --- /dev/null +++ b/schemagen/oci.json @@ -0,0 +1,84 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "tardigest": { + "$ref": "#/$defs/DigestSet" + }, + "manifest": { + "items": { + "$ref": "#/$defs/Manifest" + }, + "type": "array" + }, + "imagetags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "diffids": { + "items": { + "$ref": "#/$defs/DigestSet" + }, + "type": "array" + }, + "imageid": { + "$ref": "#/$defs/DigestSet" + }, + "manifestraw": { + "type": "string", + "contentEncoding": "base64" + }, + "manifestdigest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tardigest", + "manifest", + "imagetags", + "diffids", + "imageid", + "manifestraw", + "manifestdigest" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Manifest": { + "properties": { + "Config": { + "type": "string" + }, + "RepoTags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Layers": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Config", + "RepoTags", + "Layers" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/policyverify.json b/schemagen/policyverify.json new file mode 100644 index 00000000..942f1aea --- /dev/null +++ b/schemagen/policyverify.json @@ -0,0 +1,72 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "verifier": { + "$ref": "#/$defs/Verifier" + }, + "timeVerified": { + "type": "string", + "format": "date-time" + }, + "policy": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "inputAttestations": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + }, + "verificationResult": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "verifier", + "timeVerified", + "policy", + "inputAttestations", + "verificationResult" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "uri": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "uri", + "digest" + ] + }, + "Verifier": { + "properties": { + "id": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/product.json b/schemagen/product.json new file mode 100644 index 00000000..a8aa2f52 --- /dev/null +++ b/schemagen/product.json @@ -0,0 +1,40 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$defs": { + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Product": { + "properties": { + "mime_type": { + "type": "string" + }, + "digest": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "mime_type", + "digest" + ] + } + }, + "properties": { + "Products": { + "additionalProperties": { + "$ref": "#/$defs/Product" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Products" + ] +} \ No newline at end of file diff --git a/schemagen/sarif.json b/schemagen/sarif.json new file mode 100644 index 00000000..8d5ba037 --- /dev/null +++ b/schemagen/sarif.json @@ -0,0 +1,785 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Address": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "absoluteAddress": { + "type": "integer" + }, + "relativeAddress": { + "type": "integer" + }, + "offsetFromParent": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Artifact": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "location": { + "$ref": "#/$defs/ArtifactLocation" + }, + "parentIndex": { + "type": "integer" + }, + "offset": { + "type": "integer" + }, + "length": { + "type": "integer" + }, + "roles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "mimeType": { + "type": "string" + }, + "contents": { + "$ref": "#/$defs/ArtifactContent" + }, + "encoding": { + "type": "string" + }, + "sourceLanguage": { + "type": "string" + }, + "hashes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "lastModifiedTimeUtc": { + "type": "string" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "length" + ] + }, + "ArtifactChange": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "replacements": { + "items": { + "$ref": "#/$defs/Replacement" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactLocation", + "replacements" + ] + }, + "ArtifactContent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "binary": { + "type": "string" + }, + "rendered": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ArtifactLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "uri": { + "type": "string" + }, + "uriBaseId": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Attestor": { + "properties": { + "report": { + "$ref": "#/$defs/Report" + }, + "reportFileName": { + "type": "string" + }, + "reportDigestSet": { + "$ref": "#/$defs/DigestSet" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "report", + "reportFileName", + "reportDigestSet" + ] + }, + "DigestSet": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "Fix": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "description": { + "$ref": "#/$defs/Message" + }, + "artifactChanges": { + "items": { + "$ref": "#/$defs/ArtifactChange" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "artifactChanges" + ] + }, + "Invocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startTimeUtc": { + "type": "string", + "format": "date-time" + }, + "endTimeUtc": { + "type": "string", + "format": "date-time" + }, + "executionSuccessful": { + "type": "boolean" + }, + "workingDirectory": { + "$ref": "#/$defs/ArtifactLocation" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "executionSuccessful" + ] + }, + "Location": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "integer" + }, + "physicalLocation": { + "$ref": "#/$defs/PhysicalLocation" + }, + "logicalLocations": { + "items": { + "$ref": "#/$defs/LogicalLocation" + }, + "type": "array" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "annotations": { + "items": { + "$ref": "#/$defs/Region" + }, + "type": "array" + }, + "relationships": { + "items": { + "$ref": "#/$defs/LocationRelationship" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "LocationRelationship": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "target": { + "type": "integer" + }, + "kinds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "description": { + "$ref": "#/$defs/Message" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "target" + ] + }, + "LogicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "index": { + "type": "integer" + }, + "name": { + "type": "string" + }, + "fullyQualifiedName": { + "type": "string" + }, + "decoratedName": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "parentIndex": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Message": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + }, + "id": { + "type": "string" + }, + "arguments": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "MultiformatMessageString": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "text": { + "type": "string" + }, + "markdown": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "PhysicalLocation": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "artifactLocation": { + "$ref": "#/$defs/ArtifactLocation" + }, + "region": { + "$ref": "#/$defs/Region" + }, + "contextRegion": { + "$ref": "#/$defs/Region" + }, + "address": { + "$ref": "#/$defs/Address" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Properties": { + "type": "object" + }, + "PropertyBag": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Region": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "startLine": { + "type": "integer" + }, + "startColumn": { + "type": "integer" + }, + "endLine": { + "type": "integer" + }, + "endColumn": { + "type": "integer" + }, + "charOffset": { + "type": "integer" + }, + "charLength": { + "type": "integer" + }, + "byteOffset": { + "type": "integer" + }, + "byteLength": { + "type": "integer" + }, + "snippet": { + "$ref": "#/$defs/ArtifactContent" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "sourceLanguage": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Replacement": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "deletedRegion": { + "$ref": "#/$defs/Region" + }, + "insertedContent": { + "$ref": "#/$defs/ArtifactContent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "deletedRegion" + ] + }, + "Report": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "version": { + "type": "string" + }, + "$schema": { + "type": "string" + }, + "runs": { + "items": { + "$ref": "#/$defs/Run" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "version", + "$schema", + "runs" + ] + }, + "ReportingConfiguration": { + "properties": { + "enabled": { + "type": "boolean" + }, + "level": true, + "parameters": { + "$ref": "#/$defs/PropertyBag" + }, + "properties": { + "$ref": "#/$defs/PropertyBag" + }, + "rank": { + "type": "number" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ReportingDescriptor": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "shortDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "fullDescription": { + "$ref": "#/$defs/MultiformatMessageString" + }, + "defaultConfiguration": { + "$ref": "#/$defs/ReportingConfiguration" + }, + "helpUri": { + "type": "string" + }, + "help": { + "$ref": "#/$defs/MultiformatMessageString" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "id", + "shortDescription" + ] + }, + "ReportingDescriptorReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "id": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + }, + "toolComponent": { + "$ref": "#/$defs/ToolComponentReference" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Result": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "guid": { + "type": "string" + }, + "correlationGuid": { + "type": "string" + }, + "ruleId": { + "type": "string" + }, + "ruleIndex": { + "type": "integer" + }, + "rule": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptorReference" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "level": { + "type": "string" + }, + "message": { + "$ref": "#/$defs/Message" + }, + "locations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "analysisTarget": { + "$ref": "#/$defs/ArtifactLocation" + }, + "fingerprints": { + "type": "object" + }, + "partialFingerprints": { + "type": "object" + }, + "relatedLocations": { + "items": { + "$ref": "#/$defs/Location" + }, + "type": "array" + }, + "suppressions": { + "items": { + "$ref": "#/$defs/Suppression" + }, + "type": "array" + }, + "baselineState": { + "type": "string" + }, + "rank": { + "type": "number" + }, + "workItemUris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "hostedViewerUri": { + "type": "string" + }, + "fixes": { + "items": { + "$ref": "#/$defs/Fix" + }, + "type": "array" + }, + "occurrenceCount": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "message" + ] + }, + "Run": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "tool": { + "$ref": "#/$defs/Tool" + }, + "invocations": { + "items": { + "$ref": "#/$defs/Invocation" + }, + "type": "array" + }, + "artifacts": { + "items": { + "$ref": "#/$defs/Artifact" + }, + "type": "array" + }, + "results": { + "items": { + "$ref": "#/$defs/Result" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "tool", + "results" + ] + }, + "Suppression": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "kind": { + "type": "string" + }, + "status": { + "type": "string" + }, + "location": { + "$ref": "#/$defs/Location" + }, + "guid": { + "type": "string" + }, + "justification": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "kind", + "status", + "location", + "guid", + "justification" + ] + }, + "Tool": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "driver": { + "$ref": "#/$defs/ToolComponent" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "driver" + ] + }, + "ToolComponent": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "version": { + "type": "string" + }, + "informationUri": { + "type": "string" + }, + "notifications": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "rules": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + }, + "taxa": { + "items": { + "$ref": "#/$defs/ReportingDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "informationUri" + ] + }, + "ToolComponentReference": { + "properties": { + "properties": { + "$ref": "#/$defs/Properties" + }, + "name": { + "type": "string" + }, + "index": { + "type": "integer" + }, + "guid": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "name", + "index", + "guid" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/schema.go b/schemagen/schema.go new file mode 100644 index 00000000..574b0a06 --- /dev/null +++ b/schemagen/schema.go @@ -0,0 +1,60 @@ +// Copyright 2021 The Witness Contributors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "encoding/json" + "flag" + "fmt" + "log" + "os" + + // import all the attestation types + _ "github.com/in-toto/go-witness" + "github.com/in-toto/go-witness/attestation" +) + +var directory string + +func init() { + flag.StringVar(&directory, "dir", "schemagen", "Directory to store the generated docs") + flag.Parse() +} + +func main() { + entries := attestation.RegistrationEntries() + for _, entry := range entries { + att := entry.Factory() + schema := att.Schema() + schemaJson, err := schema.MarshalJSON() + if err != nil { + log.Fatal(err) + } + + var indented bytes.Buffer + err = json.Indent(&indented, schemaJson, "", " ") + if err != nil { + fmt.Println("Error marshalling JSON schema:", err) + os.Exit(1) + } + + log.Printf("Writing schema for attestor %s to %s/%s.json", att.Name(), directory, att.Name()) + err = os.WriteFile(fmt.Sprintf("%s/%s.json", directory, att.Name()), indented.Bytes(), 0644) + if err != nil { + log.Fatal("Error writing to file:", err) + } + } +} diff --git a/schemagen/slsa.json b/schemagen/slsa.json new file mode 100644 index 00000000..a7d60e42 --- /dev/null +++ b/schemagen/slsa.json @@ -0,0 +1,159 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://github.com/in-toto/attestation/go/predicates/provenance/v1/provenance", + "$ref": "#/$defs/Provenance", + "$defs": { + "BuildDefinition": { + "properties": { + "build_type": { + "type": "string" + }, + "external_parameters": { + "$ref": "#/$defs/Struct" + }, + "internal_parameters": { + "$ref": "#/$defs/Struct" + }, + "resolved_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "BuildMetadata": { + "properties": { + "invocation_id": { + "type": "string" + }, + "started_on": { + "$ref": "#/$defs/Timestamp" + }, + "finished_on": { + "$ref": "#/$defs/Timestamp" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Builder": { + "properties": { + "id": { + "type": "string" + }, + "version": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "builder_dependencies": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Provenance": { + "properties": { + "build_definition": { + "$ref": "#/$defs/BuildDefinition" + }, + "run_details": { + "$ref": "#/$defs/RunDetails" + } + }, + "additionalProperties": false, + "type": "object" + }, + "ResourceDescriptor": { + "properties": { + "name": { + "type": "string" + }, + "uri": { + "type": "string" + }, + "digest": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "content": { + "type": "string", + "contentEncoding": "base64" + }, + "download_location": { + "type": "string" + }, + "media_type": { + "type": "string" + }, + "annotations": { + "$ref": "#/$defs/Struct" + } + }, + "additionalProperties": false, + "type": "object" + }, + "RunDetails": { + "properties": { + "builder": { + "$ref": "#/$defs/Builder" + }, + "metadata": { + "$ref": "#/$defs/BuildMetadata" + }, + "byproducts": { + "items": { + "$ref": "#/$defs/ResourceDescriptor" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Struct": { + "properties": { + "fields": { + "additionalProperties": { + "$ref": "#/$defs/Value" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Timestamp": { + "properties": { + "seconds": { + "type": "integer" + }, + "nanos": { + "type": "integer" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Value": { + "properties": { + "Kind": true + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Kind" + ] + } + } +} \ No newline at end of file diff --git a/schemagen/verify.sh b/schemagen/verify.sh new file mode 100755 index 00000000..9269ef30 --- /dev/null +++ b/schemagen/verify.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +# Copyright 2021 The Witness Contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Verify that generated Markdown docs are up-to-date. +tmpdir=$(mktemp -d) +tmpdir2=$(mktemp -d) +cp ./schemagen/*.json "$tmpdir2/" +go run ./schemagen --dir "$tmpdir" +echo "###########################################" +echo "If diffs are found, run: make docgen" +echo "###########################################" +diff -Nau "$tmpdir" "$tmpdir2" +rm -rf "$tmpdir" "$tmpdir2"