Move subjects logic into intoto package

lib/slsa/subjects.go → lib/intoto/subjects.go

@@ -1,18 +1,16 @@
-package slsa
+package intoto
 
 import (
 	"crypto/sha256"
 	"encoding/hex"
 	"io/fs"
 	"os"
 	"path/filepath"
-
-	"github.com/philips-labs/slsa-provenance-action/lib/intoto"
 )
 
-// subjects walks the file or directory at "root" and hashes all files.
-func subjects(root string) ([]intoto.Subject, error) {
-	var s []intoto.Subject
+// Subjects walks the file or directory at "root" and hashes all files.
+func Subjects(root string) ([]Subject, error) {
+	var s []Subject
 	return s, filepath.Walk(root, func(abspath string, info fs.FileInfo, err error) error {
 		if err != nil {
 			return err
@@ -36,7 +34,7 @@ func subjects(root string) ([]intoto.Subject, error) {
 
 		shaHex := ShaSum256HexEncoded(binary)
 
-		s = append(s, intoto.Subject{Name: relpath, Digest: intoto.DigestSet{"sha256": shaHex}})
+		s = append(s, Subject{Name: relpath, Digest: DigestSet{"sha256": shaHex}})
 		return nil
 	})
 }

lib/intoto/subjects_test.go

@@ -0,0 +1,56 @@
+package intoto
+
+import (
+	"os"
+	"path"
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSubjects(t *testing.T) {
+	assert := assert.New(t)
+
+	s, err := Subjects("/invalid-path")
+	assert.Error(err)
+	assert.Nil(s)
+
+	_, filename, _, _ := runtime.Caller(0)
+	rootDir := path.Join(path.Dir(filename), "../..")
+	artifactPath := path.Join(rootDir, "bin")
+	binaryName := "slsa-provenance"
+	binaryPath := path.Join(artifactPath, binaryName)
+
+	s, err = Subjects(artifactPath)
+	assert.NoError(err)
+	assert.NotNil(s)
+	assert.Len(s, 1)
+	assertSubject(assert, s, binaryName, binaryPath)
+
+	s, err = Subjects(binaryPath)
+	assert.NoError(err)
+	assert.NotNil(s)
+	assert.Len(s, 1)
+	assertSubject(assert, s, binaryName, binaryPath)
+
+	s, err = Subjects(".")
+	assert.NoError(err)
+	assert.NotNil(s)
+
+	assert.Len(s, 4)
+	assertSubject(assert, s, "intoto_test.go", path.Join(".", "intoto_test.go"))
+	assertSubject(assert, s, "intoto.go", path.Join(".", "intoto.go"))
+	assertSubject(assert, s, "subjects_test.go", path.Join(".", "subjects_test.go"))
+	assertSubject(assert, s, "subjects.go", path.Join(".", "subjects.go"))
+}
+
+func assertSubject(assert *assert.Assertions, subject []Subject, binaryName, binaryPath string) {
+	binary, err := os.ReadFile(binaryPath)
+	if !assert.NoError(err) {
+		return
+	}
+
+	shaHex := ShaSum256HexEncoded(binary)
+	assert.Contains(subject, Subject{Name: binaryName, Digest: DigestSet{"sha256": shaHex}})
+}

lib/slsa/provenance.go

@@ -33,7 +33,7 @@ func builderID(repoURI string) string {
 
 // GenerateProvenanceStatement generates a in-toto provenance statement based on the github context
 func GenerateProvenanceStatement(ctx context.Context, gh github.Context, runner github.RunnerContext, artifactPath string) (*intoto.Statement, error) {
-	subjects, err := subjects(artifactPath)
+	subjects, err := intoto.Subjects(artifactPath)
 	if os.IsNotExist(err) {
 		return nil, fmt.Errorf("resource path not found: [provided=%s]", artifactPath)
 	} else if err != nil {

lib/slsa/provenance_test.go

@@ -260,7 +260,7 @@ func TestGenerateProvenance(t *testing.T) {
 	binaryPath := path.Join(artifactPath, binaryName)
 
 	assert.Len(stmt.Subject, 1)
-	slsa.AssertSubject(assert, stmt.Subject, binaryName, binaryPath)
+	assertSubject(assert, stmt.Subject, binaryName, binaryPath)
 
 	assert.Equal(intoto.SlsaPredicateType, stmt.PredicateType)
 	assert.Equal(intoto.StatementType, stmt.Type)
@@ -292,3 +292,13 @@ func assertMetadata(assert *assert.Assertions, meta intoto.Metadata, gh github.C
 	assert.Equal(false, meta.Completeness.Materials)
 	assert.Equal(false, meta.Reproducible)
 }
+
+func assertSubject(assert *assert.Assertions, subject []intoto.Subject, binaryName, binaryPath string) {
+	binary, err := os.ReadFile(binaryPath)
+	if !assert.NoError(err) {
+		return
+	}
+
+	shaHex := intoto.ShaSum256HexEncoded(binary)
+	assert.Contains(subject, intoto.Subject{Name: binaryName, Digest: intoto.DigestSet{"sha256": shaHex}})
+}