From 5e3647539e6ddb4b6fbba7e4551e87c92c2f5547 Mon Sep 17 00:00:00 2001 From: Ben Selwyn-Smith Date: Wed, 17 Jul 2024 15:14:47 +1000 Subject: [PATCH] chore: remove check of discovered commit against provenance commit; fix more integration test related issues Signed-off-by: Ben Selwyn-Smith --- src/macaron/slsa_analyzer/analyzer.py | 6 ++---- .../check_results_policy.dl | 2 +- .../cases/slsa-framework_slsa-verifier/policy.dl | 4 ++-- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py index 76232cada..74c53736c 100644 --- a/src/macaron/slsa_analyzer/analyzer.py +++ b/src/macaron/slsa_analyzer/analyzer.py @@ -346,7 +346,7 @@ def run_single( ): return Record( record_id=repo_id, - description="Input mismatch between repo/commit and provenance.", + description="Input mismatch between repo and provenance.", pre_config=config, status=SCMStatus.ANALYSIS_FAILED, ) @@ -440,9 +440,7 @@ def run_single( provenance_payload = ProvenanceFinder().find_provenance_from_ci(analyze_ctx, git_obj) # If found, verify analysis target against new provenance if provenance_payload: - # If the digest and repository URL were not provided as input, check those found during analysis. - if not digest_input and component.repository: - digest_input = component.repository.commit_sha + # If repository URL was not provided as input, check the one found during analysis. if not repo_path_input and component.repository: repo_path_input = component.repository.remote_path diff --git a/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl b/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl index 90410bdf4..0210abf11 100644 --- a/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl +++ b/tests/integration/cases/micronaut-projects_micronaut-core/check_results_policy.dl @@ -8,8 +8,8 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_script_1"), check_passed(component_id, "mcn_build_service_1"), check_passed(component_id, "mcn_version_control_system_1"), + check_passed(component_id, "mcn_provenance_derived_repo_1"), check_failed(component_id, "mcn_provenance_derived_commit_1"), - check_failed(component_id, "mcn_provenance_derived_repo_1"), check_failed(component_id, "mcn_trusted_builder_level_three_1"), is_repo_url(component_id, "https://github.com/micronaut-projects/micronaut-core"). diff --git a/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl b/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl index e27522f1a..82f005281 100644 --- a/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl +++ b/tests/integration/cases/slsa-framework_slsa-verifier/policy.dl @@ -7,10 +7,10 @@ Policy("test_policy", component_id, "") :- check_passed(component_id, "mcn_build_as_code_1"), check_passed(component_id, "mcn_build_script_1"), check_passed(component_id, "mcn_build_service_1"), - check_passed(component_id, "mcn_provenance_available_1"), - check_passed(component_id, "mcn_provenance_expectation_1"), check_passed(component_id, "mcn_trusted_builder_level_three_1"), check_passed(component_id, "mcn_version_control_system_1"), + check_failed(component_id, "mcn_provenance_available_1"), + check_failed(component_id, "mcn_provenance_expectation_1"), check_failed(component_id, "mcn_infer_artifact_pipeline_1"), check_failed(component_id, "mcn_provenance_derived_commit_1"), check_failed(component_id, "mcn_provenance_derived_repo_1"),