Add cosign verify-manifest command

Signed-off-by: Joshua Hansen <j4ah4n@gmail.com> add allowed extension check Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
sigstore · Jul 27, 2021 · 22c4fe0 · 22c4fe0
1 parent 36c8e1e
commit 22c4fe0
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/cmd/cosign/cli/verify_manifest.go b/cmd/cosign/cli/verify_manifest.go
@@ -89,16 +89,17 @@ func (c *VerifyManifestCommand) Exec(ctx context.Context, args []string) error {
 
 	manifestPath := args[0]
 
-	if filepath.Ext(strings.TrimSpace(manifestPath)) != ".yaml" {
-		return fmt.Errorf("only yaml manifests are supported at this time")
+	err := isExtensionAllowed(manifestPath)
+	if err != nil {
+		return errors.Wrap(err, "check if extension is valid")
 	}
 
 	manifest, err := ioutil.ReadFile(manifestPath)
 	if err != nil {
 		return fmt.Errorf("could not read manifest: %v", err)
 	}
 
-	images, err := getImagesFromYamlManifest(string(manifest))
+	images, err := getImagesFromManifest(string(manifest))
 	if err != nil {
 		return fmt.Errorf("failed extracting images from manifest: %v", err)
 	}
@@ -110,11 +111,25 @@ func (c *VerifyManifestCommand) Exec(ctx context.Context, args []string) error {
 	return c.VerifyCommand.Exec(ctx, images)
 }
 
-func getImagesFromYamlManifest(manifest string) ([]string, error) {
+func getImagesFromManifest(manifest string) ([]string, error) {
 	var images []string
 	re := regexp.MustCompile(`image:\s?(?P<Image>.*)\s?`)
 	for _, s := range re.FindAllStringSubmatch(manifest, -1) {
 		images = append(images, s[1])
 	}
 	return images, nil
 }
+
+func isExtensionAllowed(ext string) error {
+	allowedExtensions := allowedExtensionsForManifest()
+	for _, v := range allowedExtensions {
+		if strings.EqualFold(filepath.Ext(strings.TrimSpace(ext)), v) {
+			return nil
+		}
+	}
+	return fmt.Errorf("only %v manifests are supported at this time", allowedExtensions)
+}
+
+func allowedExtensionsForManifest() []string {
+	return []string{".yaml", ".yml"}
+}
diff --git a/cmd/cosign/cli/verify_manifest_test.go b/cmd/cosign/cli/verify_manifest_test.go
@@ -80,12 +80,12 @@ func TestGetImagesFromYamlManifest(t *testing.T) {
 	}
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			got, err := getImagesFromYamlManifest(tc.fileContents)
+			got, err := getImagesFromManifest(tc.fileContents)
 			if err != nil {
-				t.Fatalf("getImagesFromYamlManifest returned error: %v", err)
+				t.Fatalf("getImagesFromManifest returned error: %v", err)
 			}
 			if !reflect.DeepEqual(tc.expected, got) {
-				t.Errorf("getImagesFromYamlManifest returned %v, wanted %v", got, tc.expected)
+				t.Errorf("getImagesFromManifest returned %v, wanted %v", got, tc.expected)
 			}
 		})
 	}