Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implement detached signature factory, tests and helper extension methods. #47

Merged
merged 12 commits into from
Oct 3, 2023
Merged

implement detached signature factory, tests and helper extension methods. #47

merged 12 commits into from
Oct 3, 2023

Conversation

JeromySt
Copy link
Collaborator

Implements the detached signature factory work in CoseSign1 to facilitate a detached signature embedded CoseSign1 object for use in various *BOM scenarios to be used with Azure CTS.

@Jstatia
implement detached signature factory, tests and helper extension meth…
68ed14b 
…ods for validaiton of detached signature objects
@JeromySt JeromySt requested a review from lemccomb September 29, 2023 21:56
@JeromySt
Copy link
Collaborator Author

JeromySt commented Sep 29, 2023
edited
Loading

@microsoft-github-policy-service agree company="Microsoft"

@lemccomb lemccomb closed this Oct 2, 2023
@lemccomb lemccomb reopened this Oct 2, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2023
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 3, 2023
View reviewed changes
CoseSignTool/CoseSign1/Extensions/CoseSign1MessageDetachedSignatureExtensions.cs
/// <returns>True if the detached signature in the CoseSign1Message matches the signature of the artifact bytes; False otherwise.</returns>
private static bool SignatureMatchesInternal(this CoseSign1Message? @this, ReadOnlyMemory<byte>? artifactBytes = null, Stream? artifactStream = null)
{
if (!@this.TryGetHashAlgorithm(out HashAlgorithm? hasher))

Check warning

Code scanning / CodeQL

Dereferenced variable may be null

Variable [this](1) may be null at this access as suggested by [this](2) null check.
CoseSignTool/CoseSign1.Tests/CoseSign1MessageDetachedSignatureExtensionsTests.cs

// test null object case
detachedSignature = null;
CoseSign1MessageDetachedSignatureExtensions.SignatureMatches(detachedSignature, stream2).Should().BeFalse();

Check failure

Code scanning / CodeQL

Dereferenced variable is always null

Variable [detachedSignature](1) is always null at this dereference.
CoseSignTool/CoseSign1.Tests/CoseSign1MessageDetachedSignatureExtensionsTests.cs

// test null object case
detachedSignature = null;
CoseSign1MessageDetachedSignatureExtensions.SignatureMatches(detachedSignature, randomBytes).Should().BeFalse();

Check failure

Code scanning / CodeQL

Dereferenced variable is always null

Variable [detachedSignature](1) is always null at this dereference.
CoseSignTool/CoseSign1.Tests/CoseSign1MessageDetachedSignatureExtensionsTests.cs

// test null object case
detachedSignature = null;
CoseSign1MessageDetachedSignatureExtensions.TryGetHashAlgorithm(detachedSignature, out hashAlgorithm).Should().BeFalse();

Check failure

Code scanning / CodeQL

Dereferenced variable is always null

Variable [detachedSignature](1) is always null at this dereference.
CoseSignTool/CoseSign1/Extensions/CoseSign1MessageDetachedSignatureExtensions.cs
{
hasher = null;

if (!TryGetDetachedSignatureAlgorithm(@this, out HashAlgorithmName algorithmName))

Check warning

Code scanning / CodeQL

Dereferenced variable may be null

Variable [this](1) may be null at this access as suggested by [this](2) null check.
@JeromySt JeromySt requested a review from nileshbh October 3, 2023 21:43
@JeromySt JeromySt merged commit 274539d into main Oct 3, 2023
@JeromySt JeromySt deleted the user/jstatia/detachedsignature branch October 3, 2023 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lemccomb lemccomb lemccomb approved these changes

@nileshbh nileshbh nileshbh approved these changes

Assignees

@JeromySt JeromySt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@JeromySt @nileshbh @lemccomb @Jstatia @actions-user