From 44af296be97bf97d0bdbd0512679b84d8e1be858 Mon Sep 17 00:00:00 2001 From: Frederick Kautz Date: Tue, 21 May 2024 13:13:49 -0400 Subject: [PATCH 1/4] feat: adding omnitrail attestor Signed-off-by: Frederick Kautz --- attestation/omnitrail/omnitrail.go | 58 ++++++++++++++++++++++++++++++ go.mod | 2 ++ go.sum | 4 +++ imports.go | 1 + 4 files changed, 65 insertions(+) create mode 100644 attestation/omnitrail/omnitrail.go diff --git a/attestation/omnitrail/omnitrail.go b/attestation/omnitrail/omnitrail.go new file mode 100644 index 00000000..52ca26c9 --- /dev/null +++ b/attestation/omnitrail/omnitrail.go @@ -0,0 +1,58 @@ +package omnitrail + +import ( + ot "github.com/fkautz/omnitrail-go" + "github.com/in-toto/go-witness/attestation" + "github.com/invopop/jsonschema" +) + +const ( + Name = "omnitrail" + Type = "https://witness.dev/attestations/omnitrail/v0.1" + RunType = attestation.PreMaterialRunType +) + +func init() { + attestation.RegisterAttestation(Name, Type, RunType, func() attestation.Attestor { + return NewOmnitrailAttestor() + }) +} + +func NewOmnitrailAttestor() *OmnitrailAttestor { + return &OmnitrailAttestor{} +} + +type OmnitrailAttestor struct { + Envelope *ot.Envelope `json:"trail"` +} + +// Attest implements attestation.Attestor. +func (o *OmnitrailAttestor) Attest(ctx *attestation.AttestationContext) error { + trail := ot.NewTrail() + err := trail.Add(ctx.WorkingDir()) + if err != nil { + return err + } + o.Envelope = trail.Envelope() + return nil +} + +// Name implements attestation.Attestor. +func (o *OmnitrailAttestor) Name() string { + return Name +} + +// RunType implements attestation.Attestor. +func (o *OmnitrailAttestor) RunType() attestation.RunType { + return RunType +} + +// // Schema implements attestation.Attestor. +func (o *OmnitrailAttestor) Schema() *jsonschema.Schema { + return jsonschema.Reflect(&o) +} + +// Type implements attestation.Attestor. +func (o *OmnitrailAttestor) Type() string { + return Type +} diff --git a/go.mod b/go.mod index 598f114f..1de0802c 100644 --- a/go.mod +++ b/go.mod @@ -61,6 +61,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d // indirect github.com/go-ini/ini v1.67.0 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/logr v1.4.1 // indirect @@ -83,6 +84,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index 077b4bdc..35229b25 100644 --- a/go.sum +++ b/go.sum @@ -118,6 +118,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d h1:p4DOjnN5IAuUhtksK+RuwR2q3VclzeI1+zh+AfNFFjw= +github.com/fkautz/omnitrail-go v0.0.0-20230808061951-37d34c23539d/go.mod h1:To+426All36lUwebm2u5Qptl3daW1Nnk+LHrkTFhiWQ= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= @@ -251,6 +253,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd h1:25EpGVgctk6V3DUa1gqFHvjVbmdWqM+jBZAed7p/krQ= +github.com/omnibor/omnibor-go v0.0.0-20230521145532-a77de61a16cd/go.mod h1:ArlQivzDQvZnFe8itjlA3ndPTXd9iWOgqzF31OyIEFQ= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/open-policy-agent/opa v0.61.0 h1:nhncQ2CAYtQTV/SMBhDDPsCpCQsUW+zO/1j+T5V7oZg= diff --git a/imports.go b/imports.go index 3edfafc0..291ce869 100644 --- a/imports.go +++ b/imports.go @@ -29,6 +29,7 @@ import ( _ "github.com/in-toto/go-witness/attestation/material" _ "github.com/in-toto/go-witness/attestation/maven" _ "github.com/in-toto/go-witness/attestation/oci" + _ "github.com/in-toto/go-witness/attestation/omnitrail" _ "github.com/in-toto/go-witness/attestation/policyverify" _ "github.com/in-toto/go-witness/attestation/product" _ "github.com/in-toto/go-witness/attestation/sarif" From 4a46c6d6d54cb91247f03b37d00f92ca2cf61de0 Mon Sep 17 00:00:00 2001 From: Frederick Kautz Date: Tue, 21 May 2024 13:45:25 -0400 Subject: [PATCH 2/4] chore: align top level attestation objects to naming scheme as seen in other attestors Signed-off-by: Frederick Kautz --- attestation/omnitrail/omnitrail.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/attestation/omnitrail/omnitrail.go b/attestation/omnitrail/omnitrail.go index 52ca26c9..00fdbf0f 100644 --- a/attestation/omnitrail/omnitrail.go +++ b/attestation/omnitrail/omnitrail.go @@ -18,16 +18,16 @@ func init() { }) } -func NewOmnitrailAttestor() *OmnitrailAttestor { - return &OmnitrailAttestor{} +type Attestor struct { + Envelope *ot.Envelope `json:"Envelope"` } -type OmnitrailAttestor struct { - Envelope *ot.Envelope `json:"trail"` +func NewOmnitrailAttestor() *Attestor { + return &Attestor{} } // Attest implements attestation.Attestor. -func (o *OmnitrailAttestor) Attest(ctx *attestation.AttestationContext) error { +func (o *Attestor) Attest(ctx *attestation.AttestationContext) error { trail := ot.NewTrail() err := trail.Add(ctx.WorkingDir()) if err != nil { @@ -38,21 +38,21 @@ func (o *OmnitrailAttestor) Attest(ctx *attestation.AttestationContext) error { } // Name implements attestation.Attestor. -func (o *OmnitrailAttestor) Name() string { +func (o *Attestor) Name() string { return Name } // RunType implements attestation.Attestor. -func (o *OmnitrailAttestor) RunType() attestation.RunType { +func (o *Attestor) RunType() attestation.RunType { return RunType } // // Schema implements attestation.Attestor. -func (o *OmnitrailAttestor) Schema() *jsonschema.Schema { +func (o *Attestor) Schema() *jsonschema.Schema { return jsonschema.Reflect(&o) } // Type implements attestation.Attestor. -func (o *OmnitrailAttestor) Type() string { +func (o *Attestor) Type() string { return Type } From 7fd41a9c71b40dc0e2a835e0a3794ce1f71639fe Mon Sep 17 00:00:00 2001 From: Frederick Kautz Date: Tue, 21 May 2024 14:12:09 -0400 Subject: [PATCH 3/4] chore: add license to omnitrail attestor Signed-off-by: Frederick Kautz --- attestation/omnitrail/omnitrail.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/attestation/omnitrail/omnitrail.go b/attestation/omnitrail/omnitrail.go index 00fdbf0f..4fa358ed 100644 --- a/attestation/omnitrail/omnitrail.go +++ b/attestation/omnitrail/omnitrail.go @@ -1,3 +1,17 @@ +// Copyright 2024 The Witness Contributors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package omnitrail import ( From 31fa5ff9eb66b5d5587c11ee39d684d81bae1305 Mon Sep 17 00:00:00 2001 From: Frederick Kautz Date: Tue, 21 May 2024 14:25:20 -0400 Subject: [PATCH 4/4] chore: run schemagen for omnitrail Signed-off-by: Frederick Kautz --- schemagen/omnitrail.json | 145 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 schemagen/omnitrail.json diff --git a/schemagen/omnitrail.json b/schemagen/omnitrail.json new file mode 100644 index 00000000..cdf19987 --- /dev/null +++ b/schemagen/omnitrail.json @@ -0,0 +1,145 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$ref": "#/$defs/Attestor", + "$defs": { + "Attestor": { + "properties": { + "Envelope": { + "$ref": "#/$defs/Envelope" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "Envelope" + ] + }, + "Element": { + "properties": { + "type": { + "type": "string" + }, + "sha1": { + "type": "string" + }, + "sha256": { + "type": "string" + }, + "gitoid:sha1": { + "type": "string" + }, + "gitoid:sha256": { + "type": "string" + }, + "posix": { + "$ref": "#/$defs/Posix" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "type" + ] + }, + "Envelope": { + "properties": { + "header": { + "$ref": "#/$defs/Header" + }, + "mapping": { + "additionalProperties": { + "$ref": "#/$defs/Element" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "header", + "mapping" + ] + }, + "Feature": { + "properties": { + "algorithms": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "additionalProperties": false, + "type": "object" + }, + "Header": { + "properties": { + "features": { + "additionalProperties": { + "$ref": "#/$defs/Feature" + }, + "type": "object" + } + }, + "additionalProperties": false, + "type": "object", + "required": [ + "features" + ] + }, + "Posix": { + "properties": { + "atime": { + "type": "string" + }, + "ctime": { + "type": "string" + }, + "creation_time": { + "type": "string" + }, + "extended_attributes": { + "type": "string" + }, + "file_device_id": { + "type": "string" + }, + "file_flags": { + "type": "string" + }, + "file_inode": { + "type": "string" + }, + "file_system_id": { + "type": "string" + }, + "file_type": { + "type": "string" + }, + "hard_link_count": { + "type": "string" + }, + "mtime": { + "type": "string" + }, + "metadata_ctime": { + "type": "string" + }, + "owner_gid": { + "type": "string" + }, + "owner_uid": { + "type": "string" + }, + "permissions": { + "type": "string" + }, + "size": { + "type": "string" + } + }, + "additionalProperties": false, + "type": "object" + } + } +} \ No newline at end of file