nil check

Signed-off-by: Asra Ali <asraa@google.com>
sigstore · Nov 1, 2022 · 912089f · 912089f
1 parent a7e0bcb
commit 912089f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/pkg/cosign/tlog.go b/pkg/cosign/tlog.go
@@ -423,6 +423,10 @@ func VerifyTLogEntry(e *models.LogEntryAnon, rekorPubKeys *TrustedRekorPubKeys)
 		return errors.New("inclusion proof not provided")
 	}
 
+	if rekorPubKeys == nil || rekorPubKeys.Keys == nil {
+		return errors.New("no trusted rekor public keys provided")
+	}
+
 	hashes := [][]byte{}
 	for _, h := range e.Verification.InclusionProof.Hashes {
 		hb, _ := hex.DecodeString(h)

diff --git a/pkg/cosign/verify_test.go b/pkg/cosign/verify_test.go
@@ -250,15 +250,15 @@ func TestVerifyImageSignatureWithNoChain(t *testing.T) {
 	opts := []static.Option{static.WithCertChain(pemLeaf, []byte{}), static.WithBundle(rekorBundle)}
 	ociSig, _ := static.NewSignature(payload, base64.StdEncoding.EncodeToString(signature), opts...)
 
-	logId, _ := getLogID(sv.Public)
+	logID, _ := getLogID(sv.Public)
 	ecdsaKey, _ := sv.PublicKey()
 
 	// TODO(asraa): Re-enable passing test when Rekor public keys can be set in CheckOpts,
 	// instead of relying on the singleton TUF instance.
 	verified, err := VerifyImageSignature(context.TODO(), ociSig, v1.Hash{}, &CheckOpts{
 		RootCerts: rootPool,
 		RekorPubKeys: &TrustedRekorPubKeys{
-			Keys: map[string]RekorPubKey{logId: {PubKey: ecdsaKey.(*ecdsa.PublicKey), Status: tuf.Active}},
+			Keys: map[string]RekorPubKey{logID: {PubKey: ecdsaKey.(*ecdsa.PublicKey), Status: tuf.Active}},
 		},
 	})
 	if err == nil {