Add schema validation for slsa attestations

st3penta · st3penta · commit 58ea404d578d · 2025-12-18T14:50:54.000+01:00
Add schema validation to SLSA v0.2 and v1.0 attestation parsers to ensure incoming attestations conform to their respective schemas before being accepted. Co-authored-by: Claude Code <noreply@anthropic.com> Ref: https://issues.redhat.com/browse/EC-1581
diff --git a/internal/attestation/slsa_provenance_02.go b/internal/attestation/slsa_provenance_02.go
@@ -25,6 +25,7 @@ import (
 	"github.com/sigstore/cosign/v2/pkg/oci"
 
 	"github.com/conforma/cli/internal/signature"
+	"github.com/conforma/cli/pkg/schema"
 )
 
 const (
@@ -64,6 +65,14 @@ func SLSAProvenanceFromSignature(sig oci.Signature) (Attestation, error) {
 		return nil, fmt.Errorf("cannot create signed entity: %w", err)
 	}
 
+	// Validate against SLSA v0.2 schema
+	var schemaValidation any
+	if err := json.Unmarshal(embedded, &schemaValidation); err == nil {
+		if err := schema.SLSA_Provenance_v0_2.Validate(schemaValidation); err != nil {
+			return nil, fmt.Errorf("attestation does not conform to SLSA v0.2 schema: %w", err)
+		}
+	}
+
 	return slsaProvenance{statement: statement, data: embedded, signatures: signatures}, nil
 }
 
diff --git a/internal/attestation/slsa_provenance_02_test.go b/internal/attestation/slsa_provenance_02_test.go
@@ -22,7 +22,6 @@ import (
 	"bytes"
 	"crypto/x509"
 	"encoding/base64"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -233,18 +232,53 @@ func TestSLSAProvenanceFromSignature(t *testing.T) {
 			},
 			err: errors.New("unsupported attestation predicate type: kaboom"),
 		},
+		{
+			name: "schema validation fails - missing subject",
+			setup: func(l *mockSignature) {
+				payload := encode(`{
+					"_type": "https://in-toto.io/Statement/v0.1",
+					"predicateType": "https://slsa.dev/provenance/v0.2",
+					"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
+				}`)
+				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
+				l.On("Uncompressed").Return(buffy(fmt.Sprintf(`{"payload":"%s"}`, payload)), nil)
+				l.On("Base64Signature").Return("", nil)
+				l.On("Cert").Return(&x509.Certificate{}, nil)
+				l.On("Chain").Return([]*x509.Certificate{}, nil)
+			},
+			err: errors.New("attestation does not conform to SLSA v0.2 schema: jsonschema: '' does not validate with https://slsa.dev/provenance/v0.2#/required: missing properties: 'subject'"),
+		},
+		{
+			name: "schema validation fails - missing builder",
+			setup: func(l *mockSignature) {
+				payload := encode(`{
+					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
+					"predicateType": "https://slsa.dev/provenance/v0.2",
+					"predicate": {"buildType": "https://my.build.type"}
+				}`)
+				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
+				l.On("Uncompressed").Return(buffy(fmt.Sprintf(`{"payload":"%s"}`, payload)), nil)
+				l.On("Base64Signature").Return("", nil)
+				l.On("Cert").Return(&x509.Certificate{}, nil)
+				l.On("Chain").Return([]*x509.Certificate{}, nil)
+			},
+			err: errors.New("attestation does not conform to SLSA v0.2 schema: jsonschema: '/predicate' does not validate with https://slsa.dev/provenance/v0.2#/properties/predicate/required: missing properties: 'builder'"),
+		},
 		{
 			name: "cannot create entity signature",
 			data: `{
 				"_type": "https://in-toto.io/Statement/v0.1",
+				"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 				"predicateType": "https://slsa.dev/provenance/v0.2",
-				"predicate": {"buildType": "https://my.build.type"}
+				"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
 			}`,
 			setup: func(l *mockSignature) {
 				payload := encode(`{
 					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 					"predicateType": "https://slsa.dev/provenance/v0.2",
-					"predicate": {"buildType":"https://my.build.type"}
+					"predicate": {"builder": {"id": "https://my.builder"}, "buildType":"https://my.build.type"}
 				}`)
 				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
 				l.On("Uncompressed").Return(buffy(fmt.Sprintf(`{"payload":"%s"}`, payload)), nil)
@@ -256,16 +290,18 @@ func TestSLSAProvenanceFromSignature(t *testing.T) {
 			name: "valid with signature from payload",
 			data: `{
 				"_type": "https://in-toto.io/Statement/v0.1",
+				"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 				"predicateType": "https://slsa.dev/provenance/v0.2",
-				"predicate": {"buildType": "https://my.build.type"}
+				"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
 			}`,
 			setup: func(l *mockSignature) {
 				sig1 := `{"keyid": "key-id-1", "sig": "sig-1"}`
 				sig2 := `{"keyid": "key-id-2", "sig": "sig-2"}`
 				payload := encode(`{
 					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 					"predicateType": "https://slsa.dev/provenance/v0.2",
-					"predicate": {"buildType": "https://my.build.type"}
+					"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
 				}`)
 				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
 				l.On("Uncompressed").Return(buffy(
@@ -280,16 +316,18 @@ func TestSLSAProvenanceFromSignature(t *testing.T) {
 			name: "valid with signature from certificate",
 			data: `{
 				"_type": "https://in-toto.io/Statement/v0.1",
+				"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 				"predicateType": "https://slsa.dev/provenance/v0.2",
-				"predicate": {"buildType": "https://my.build.type"}
+				"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
 			}`,
 			setup: func(l *mockSignature) {
 				sig1 := `{"keyid": "ignored-1", "sig": "ignored-1"}`
 				sig2 := `{"keyid": "ignored-2", "sig": "ignored-2"}`
 				payload := encode(`{
 					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 					"predicateType": "https://slsa.dev/provenance/v0.2",
-					"predicate": {"buildType": "https://my.build.type"}
+					"predicate": {"builder": {"id": "https://my.builder"}, "buildType": "https://my.build.type"}
 				}`)
 				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
 				l.On("Uncompressed").Return(buffy(
diff --git a/internal/attestation/slsa_provenance_v1.go b/internal/attestation/slsa_provenance_v1.go
@@ -25,6 +25,7 @@ import (
 	"github.com/sigstore/cosign/v2/pkg/oci"
 
 	"github.com/conforma/cli/internal/signature"
+	"github.com/conforma/cli/pkg/schema"
 )
 
 const (
@@ -64,6 +65,14 @@ func SLSAProvenanceFromSignatureV1(sig oci.Signature) (Attestation, error) {
 		return nil, fmt.Errorf("cannot create signed entity: %w", err)
 	}
 
+	// Validate against SLSA v1 schema
+	var schemaValidation any
+	if err := json.Unmarshal(embedded, &schemaValidation); err == nil {
+		if err := schema.SLSA_Provenance_v1.Validate(schemaValidation); err != nil {
+			return nil, fmt.Errorf("attestation does not conform to SLSA v1.0 schema: %w", err)
+		}
+	}
+
 	return slsaProvenanceV1{statement: statement, data: embedded, signatures: signatures}, nil
 }
 
diff --git a/internal/attestation/slsa_provenance_v1_test.go b/internal/attestation/slsa_provenance_v1_test.go
@@ -19,7 +19,6 @@
 package attestation
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"testing"
@@ -140,10 +139,56 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) {
 			},
 			err: errors.New("unsupported attestation predicate type: kaboom"),
 		},
+		{
+			name: "schema validation fails - missing subject",
+			setup: func(l *mockSignature) {
+				payload := encode(`{
+					"_type": "https://in-toto.io/Statement/v0.1",
+					"predicateType": "https://slsa.dev/provenance/v1",
+					"predicate": {
+						"buildDefinition": {
+							"buildType": "https://my.build.type",
+							"externalParameters": {}
+						},
+						"runDetails": {
+							"builder": {"id": "https://my.builder"}
+						}
+					}
+				}`)
+				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
+				l.On("Uncompressed").Return(buffy(fmt.Sprintf(`{"payload":"%s"}`, payload)), nil)
+				l.On("Base64Signature").Return("", nil)
+				l.On("Cert").Return(signature.ParseChainguardReleaseCert(), nil)
+				l.On("Chain").Return(signature.ParseSigstoreChainCert(), nil)
+			},
+			err: errors.New("attestation does not conform to SLSA v1.0 schema: jsonschema: '' does not validate with https://slsa.dev/provenance/v1#/required: missing properties: 'subject'"),
+		},
+		{
+			name: "schema validation fails - missing buildDefinition",
+			setup: func(l *mockSignature) {
+				payload := encode(`{
+					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
+					"predicateType": "https://slsa.dev/provenance/v1",
+					"predicate": {
+						"runDetails": {
+							"builder": {"id": "https://my.builder"}
+						}
+					}
+				}`)
+				l.On("MediaType").Return(types.MediaType(ct.DssePayloadType), nil)
+				l.On("Uncompressed").Return(buffy(fmt.Sprintf(`{"payload":"%s"}`, payload)), nil)
+				l.On("Base64Signature").Return("", nil)
+				l.On("Cert").Return(signature.ParseChainguardReleaseCert(), nil)
+				l.On("Chain").Return(signature.ParseSigstoreChainCert(), nil)
+			},
+			err: errors.New("attestation does not conform to SLSA v1.0 schema: jsonschema: '/predicate' does not validate with https://slsa.dev/provenance/v1#/properties/predicate/required: missing properties: 'buildDefinition'"),
+		},
 		{
 			name: "cannot create entity signature",
 			data: `{
 				"_type": "https://in-toto.io/Statement/v0.1",
+				"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 				"predicateType": "https://slsa.dev/provenance/v1",
 				"predicate": {
 					"buildDefinition": {
@@ -158,6 +203,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) {
 			setup: func(l *mockSignature) {
 				payload := encode(`{
 					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 					"predicateType": "https://slsa.dev/provenance/v1",
 					"predicate": {
 						"buildDefinition": {
@@ -179,6 +225,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) {
 			name: "valid with signature from payload",
 			data: `{
 				"_type": "https://in-toto.io/Statement/v0.1",
+				"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 				"predicateType": "https://slsa.dev/provenance/v1",
 				"predicate": {
 					"buildDefinition": {
@@ -195,6 +242,7 @@ func TestSLSAProvenanceFromSignatureV1(t *testing.T) {
 				sig2 := `{"keyid": "key-id-2", "sig": "sig-2"}`
 				payload := encode(`{
 					"_type": "https://in-toto.io/Statement/v0.1",
+					"subject": [{"name": "example.com/test", "digest": {"sha256": "abc123"}}],
 					"predicateType": "https://slsa.dev/provenance/v1",
 					"predicate": {
 						"buildDefinition": {

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ import (`
`25`	`25`	`"github.com/sigstore/cosign/v2/pkg/oci"`
`26`	`26`
`27`	`27`	`"github.com/conforma/cli/internal/signature"`
	`28`	`+ "github.com/conforma/cli/pkg/schema"`
`28`	`29`	`)`
`29`	`30`
`30`	`31`	`const (`
`@@ -64,6 +65,14 @@ func SLSAProvenanceFromSignature(sig oci.Signature) (Attestation, error) {`
`64`	`65`	`return nil, fmt.Errorf("cannot create signed entity: %w", err)`
`65`	`66`	`}`
`66`	`67`
	`68`	`+ // Validate against SLSA v0.2 schema`
	`69`	`+ var schemaValidation any`
	`70`	`+ if err := json.Unmarshal(embedded, &schemaValidation); err == nil {`
	`71`	`+ if err := schema.SLSA_Provenance_v0_2.Validate(schemaValidation); err != nil {`
	`72`	`+ return nil, fmt.Errorf("attestation does not conform to SLSA v0.2 schema: %w", err)`
	`73`	`+ }`
	`74`	`+ }`
	`75`	`+`
`67`	`76`	`return slsaProvenance{statement: statement, data: embedded, signatures: signatures}, nil`
`68`	`77`	`}`
`69`	`78`