Merge pull request #326 from wking/signature-config-map-valid-keys

openshift-merge-robot · web-flow · commit 0bb7a28e64a4 · 2020-02-18T16:11:31.000+01:00
Bug 1782982: pkg/verify/verifyconfigmap: Use {algo}-{hash} prefixes
diff --git a/pkg/verify/verifyconfigmap/store.go b/pkg/verify/verifyconfigmap/store.go
@@ -85,10 +85,17 @@ func (s *Store) DigestSignatures(ctx context.Context, digest string) ([][]byte,
 		s.rememberMostRecentConfigMaps(configMaps.Items)
 	}
 
+	parts := strings.SplitN(digest, ":", 3)
+	if len(parts) != 2 || len(parts[0]) == 0 || len(parts[1]) == 0 {
+		return nil, fmt.Errorf("the provided digest must be of the form ALGO:HASH")
+	}
+	algo, hash := parts[0], parts[1]
+	prefix := fmt.Sprintf("%s-%s", algo, hash)
+
 	var signatures [][]byte
 	for _, cm := range items {
 		for k, v := range cm.BinaryData {
-			if strings.HasPrefix(k, digest) {
+			if strings.HasPrefix(k, prefix) {
 				signatures = append(signatures, v)
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -85,10 +85,17 @@ func (s *Store) DigestSignatures(ctx context.Context, digest string) ([][]byte,`
`85`	`85`	`s.rememberMostRecentConfigMaps(configMaps.Items)`
`86`	`86`	`}`
`87`	`87`
	`88`	`+ parts := strings.SplitN(digest, ":", 3)`
	`89`	`+ if len(parts) != 2 \|\| len(parts[0]) == 0 \|\| len(parts[1]) == 0 {`
	`90`	`+ return nil, fmt.Errorf("the provided digest must be of the form ALGO:HASH")`
	`91`	`+ }`
	`92`	`+ algo, hash := parts[0], parts[1]`
	`93`	`+ prefix := fmt.Sprintf("%s-%s", algo, hash)`
	`94`	`+`
`88`	`95`	`var signatures [][]byte`
`89`	`96`	`for _, cm := range items {`
`90`	`97`	`for k, v := range cm.BinaryData {`
`91`		`- if strings.HasPrefix(k, digest) {`
	`98`	`+ if strings.HasPrefix(k, prefix) {`
`92`	`99`	`signatures = append(signatures, v)`
`93`	`100`	`}`
`94`	`101`	`}`