From 4a6c5b1677755f87afcdb7f7c0fa437d209d8326 Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Mon, 5 Dec 2022 13:31:58 -0800 Subject: [PATCH] feat: add more tests for GCB verification (#389) * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon * update Signed-off-by: laurentsimon Signed-off-by: laurentsimon --- cli/slsa-verifier/main_test.go | 99 +++++- .../v0.2/gcloud-container-empty-keyid.json | 94 ++++++ ...loud-container-empty-signature-region.json | 95 ++++++ .../gcloud-container-empty-signature.json | 95 ++++++ .../v0.2/gcloud-container-invalid-keyid.json | 95 ++++++ ...-container-invalid-signature-encoding.json | 95 ++++++ ...ud-container-invalid-signature-region.json | 95 ++++++ ...container-multiple-invalid-provenance.json | 259 +++++++++++++++ ...container-multiple-invalid-signatures.json | 103 ++++++ ...ontainer-multiple-provenance-2ndvalid.json | 259 +++++++++++++++ ...ontainer-multiple-provenance-3rdvalid.json | 259 +++++++++++++++ ...ontainer-multiple-signatures-2ndvalid.json | 103 ++++++ ...ontainer-multiple-signatures-3rdvalid.json | 103 ++++++ .../v0.2/gcloud-container-no-keyid.json | 94 ++++++ .../v0.2/gcloud-container-no-signature.json | 94 ++++++ .../v0.3/gcloud-container-empty-keyid.json | 109 +++++++ ...loud-container-empty-signature-region.json | 109 +++++++ .../gcloud-container-empty-signature.json | 109 +++++++ .../v0.3/gcloud-container-invalid-keyid.json | 109 +++++++ ...-container-invalid-signature-encoding.json | 109 +++++++ ...ud-container-invalid-signature-region.json | 109 +++++++ ...container-multiple-invalid-provenance.json | 301 ++++++++++++++++++ ...container-multiple-invalid-signatures.json | 117 +++++++ ...ontainer-multiple-provenance-2ndvalid.json | 301 ++++++++++++++++++ ...ontainer-multiple-provenance-3rdvalid.json | 301 ++++++++++++++++++ ...ontainer-multiple-signatures-2ndvalid.json | 117 +++++++ ...ontainer-multiple-signatures-3rdvalid.json | 117 +++++++ .../v0.3/gcloud-container-no-keyid.json | 108 +++++++ .../v0.3/gcloud-container-no-signature.json | 103 ++++++ errors/errors.go | 1 + verifiers/internal/gcb/provenance.go | 22 +- verifiers/internal/gcb/provenance_test.go | 146 ++++++++- .../gcloud-container-empty-keyid.json | 109 +++++++ .../gcloud-container-empty-payload.json | 109 +++++++ .../gcloud-container-empty-provenance.json | 12 + ...loud-container-empty-signature-region.json | 109 +++++++ .../gcloud-container-empty-signature.json | 109 +++++++ .../gcloud-container-invalid-keyid.json | 109 +++++++ ...ud-container-invalid-payload-encoding.json | 109 +++++++ ...ntainer-invalid-signature-encodingv03.json | 109 +++++++ ...ud-container-invalid-signature-region.json | 109 +++++++ ...container-multiple-invalid-signatures.json | 117 +++++++ ...ontainer-multiple-signatures-2ndvalid.json | 117 +++++++ ...ontainer-multiple-signatures-3rdvalid.json | 117 +++++++ .../testdata/gcloud-container-no-keyid.json | 108 +++++++ .../testdata/gcloud-container-no-payload.json | 108 +++++++ .../gcloud-container-no-provenance.json | 9 + .../gcloud-container-no-signature.json | 103 ++++++ 48 files changed, 5774 insertions(+), 19 deletions(-) create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature-region.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-encoding.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-region.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-provenance.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-signatures.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-2ndvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-3rdvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-2ndvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-3rdvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-signature.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature-region.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-encoding.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-region.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-provenance.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-signatures.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-2ndvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-3rdvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-2ndvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-3rdvalid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-keyid.json create mode 100644 cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-signature.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-empty-keyid.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-empty-payload.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-empty-provenance.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-empty-signature-region.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-empty-signature.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-invalid-keyid.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-invalid-payload-encoding.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-encodingv03.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-region.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-multiple-invalid-signatures.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-2ndvalid.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-3rdvalid.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-no-keyid.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-no-payload.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-no-provenance.json create mode 100644 verifiers/internal/gcb/testdata/gcloud-container-no-signature.json diff --git a/cli/slsa-verifier/main_test.go b/cli/slsa-verifier/main_test.go index 4fd201d2a..782c0551f 100644 --- a/cli/slsa-verifier/main_test.go +++ b/cli/slsa-verifier/main_test.go @@ -583,7 +583,8 @@ func Test_runVerifyGHAArtifactPath(t *testing.T) { args := []string{ artifactPath, "--source-uri", tt.source, - "--provenance-path", provenancePath} + "--provenance-path", provenancePath, + } if bid != nil { args = append(args, "--builder-id", *bid) } @@ -953,6 +954,102 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) { source: "github.com/laurentsimon/gcb-tests", err: serrors.ErrorMismatchHash, }, + { + name: "invalid signature encoding", + artifact: "gcloud-container-github", + provenance: "gcloud-container-invalid-signature-encoding.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid signature empty", + artifact: "gcloud-container-github", + provenance: "gcloud-container-empty-signature.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid signature none", + artifact: "gcloud-container-github", + provenance: "gcloud-container-no-signature.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorInvalidDssePayload, + }, + { + name: "invalid region", + artifact: "gcloud-container-github", + provenance: "gcloud-container-invalid-signature-region.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid empty region", + artifact: "gcloud-container-github", + provenance: "gcloud-container-empty-signature-region.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid", + artifact: "gcloud-container-github", + provenance: "gcloud-container-invalid-keyid.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid empty", + artifact: "gcloud-container-github", + provenance: "gcloud-container-empty-keyid.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid none", + artifact: "gcloud-container-github", + provenance: "gcloud-container-no-keyid.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "invalid signature multiple", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-invalid-signatures.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + { + name: "signature multiple 2nd valid", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-signatures-2ndvalid.json", + source: "github.com/laurentsimon/gcb-tests", + }, + { + name: "signature multiple 3rd valid", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-signatures-3rdvalid.json", + source: "github.com/laurentsimon/gcb-tests", + }, + { + name: "invalid multiple provenance", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-invalid-provenance.json", + source: "github.com/laurentsimon/gcb-tests", + err: serrors.ErrorNoValidSignature, + }, + // TODO(388): verify the correct provenance is returned. + // This should also be done for all other entries in this test. + { + name: "multiple provenance 2nd valid", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-provenance-2ndvalid.json", + source: "github.com/laurentsimon/gcb-tests", + }, + { + name: "multiple provenance 3rd valid", + artifact: "gcloud-container-github", + provenance: "gcloud-container-multiple-provenance-3rdvalid.json", + source: "github.com/laurentsimon/gcb-tests", + }, { name: "oci valid with tag", // Image re-tagged and pushed to docker hub. This image is public. diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-keyid.json new file mode 100644 index 000000000..8e1020461 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-keyid.json @@ -0,0 +1,94 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature-region.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature-region.json new file mode 100644 index 000000000..21b5c4219 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature-region.json @@ -0,0 +1,95 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations//keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature.json new file mode 100644 index 000000000..e4f4bdbc6 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-empty-signature.json @@ -0,0 +1,95 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-keyid.json new file mode 100644 index 000000000..d25077d73 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-keyid.json @@ -0,0 +1,95 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/invalid-field/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-encoding.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-encoding.json new file mode 100644 index 000000000..a079b271b --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-encoding.json @@ -0,0 +1,95 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "invalid encoding" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-region.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-region.json new file mode 100644 index 000000000..9c5bdd504 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-invalid-signature-region.json @@ -0,0 +1,95 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/invalid-region/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-provenance.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-provenance.json new file mode 100644 index 000000000..a5d90d0b0 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-provenance.json @@ -0,0 +1,259 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-signatures.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-signatures.json new file mode 100644 index 000000000..f1e204098 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-invalid-signatures.json @@ -0,0 +1,103 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-2ndvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-2ndvalid.json new file mode 100644 index 000000000..71489f052 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-2ndvalid.json @@ -0,0 +1,259 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-3rdvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-3rdvalid.json new file mode 100644 index 000000000..250bcba19 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-provenance-3rdvalid.json @@ -0,0 +1,259 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-2ndvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-2ndvalid.json new file mode 100644 index 000000000..69c7cee73 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-2ndvalid.json @@ -0,0 +1,103 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-3rdvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-3rdvalid.json new file mode 100644 index 000000000..8e5ee99df --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-multiple-signatures-3rdvalid.json @@ -0,0 +1,103 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3A" + }, + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-keyid.json new file mode 100644 index 000000000..8e1020461 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-keyid.json @@ -0,0 +1,94 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-signature.json b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-signature.json new file mode 100644 index 000000000..75b10d68f --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.2/gcloud-container-no-signature.json @@ -0,0 +1,94 @@ +{ + "image_summary": { + "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + }, + "materials": [ + { + "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" + } + ], + "metadata": { + "buildFinishedOn": "2022-08-15T22:43:34.366498Z", + "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "buildStartedOn": "2022-08-15T22:43:18.700638187Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-08-15T22:43:21.662016533Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-08-15T22:43:27.056377441Z", + "startTime": "2022-08-15T22:43:21.657262492Z" + } + } + ] + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" + } + }, + "subject": [ + { + "digest": { + "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" + } + ] + } + }, + "createTime": "2022-08-15T22:43:35.649016Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIn0sIm1hdGVyaWFscyI6W3sidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDgtMTVUMjI6NDM6MzQuMzY2NDk4WiIsImJ1aWxkSW52b2NhdGlvbklkIjoiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwic3RhcnRUaW1lIjoiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjcuMDU2Mzc3NDQxWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9fV19LCJlbnRyeVBvaW50IjoiY2xvdWRidWlsZC55YW1sIiwidHlwZSI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9fSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MC4xIiwic2xzYVByb3ZlbmFuY2UiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiJ9LCJtYXRlcmlhbHMiOlt7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzL2NvbW1pdC9mYmJiOTg3NjVlODVhZDQ2NDMwMmRjNTk3Nzk2ODEwNGQzNmU0NTVlIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLCJidWlsZEludm9jYXRpb25JZCI6ImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOC0xNVQyMjo0MzoxOC43MDA2MzgxODdaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiJiNmUwNTJhNy01YWE0LTQxYmYtYTU2Yi05YmM0ZTRmMzA1OGIiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInN1YnN0aXR1dGlvbk9wdGlvbiI6IkFMTE9XX0xPT1NFIn0sInNvdXJjZVByb3ZlbmFuY2UiOnt9LCJzdGVwcyI6W3siYXJncyI6WyJidWlsZCIsIi10IiwidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwiLiJdLCJuYW1lIjoiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsInB1bGxUaW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsInN0YXJ0VGltZSI6IjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiJ9LCJzdGF0dXMiOiJTVUNDRVNTIiwidGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLCJzdGFydFRpbWUiOiIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloifX1dfSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIifX0sInN1YmplY3QiOlt7ImRpZ2VzdCI6eyJzaGEyNTYiOiIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIn0sIm5hbWUiOiJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCJ9XX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", + "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", + "updateTime": "2022-08-15T22:43:35.649016Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-keyid.json new file mode 100644 index 000000000..b2cc2f061 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-keyid.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature-region.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature-region.json new file mode 100644 index 000000000..84af6a993 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature-region.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations//keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature.json new file mode 100644 index 000000000..2a43a0f1f --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-empty-signature.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-keyid.json new file mode 100644 index 000000000..c3cb76fa2 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-keyid.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/invalid-field/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-encoding.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-encoding.json new file mode 100644 index 000000000..6d40a722b --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-encoding.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "invalid encoding" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-region.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-region.json new file mode 100644 index 000000000..2a60c8ba2 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-invalid-signature-region.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/invalid-region/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-provenance.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-provenance.json new file mode 100644 index 000000000..e9687b43f --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-provenance.json @@ -0,0 +1,301 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-signatures.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-signatures.json new file mode 100644 index 000000000..3d2e6a596 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-invalid-signatures.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-2ndvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-2ndvalid.json new file mode 100644 index 000000000..d36d4730a --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-2ndvalid.json @@ -0,0 +1,301 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-3rdvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-3rdvalid.json new file mode 100644 index 000000000..dbad572b6 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-provenance-3rdvalid.json @@ -0,0 +1,301 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + }, + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-2ndvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-2ndvalid.json new file mode 100644 index 000000000..d7cb8ad20 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-2ndvalid.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-3rdvalid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-3rdvalid.json new file mode 100644 index 000000000..65f0155e5 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-multiple-signatures-3rdvalid.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-keyid.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-keyid.json new file mode 100644 index 000000000..c25e8c3c9 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-keyid.json @@ -0,0 +1,108 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-signature.json b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-signature.json new file mode 100644 index 000000000..3302b8187 --- /dev/null +++ b/cli/slsa-verifier/testdata/gcb_container/v0.3/gcloud-container-no-signature.json @@ -0,0 +1,103 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/errors/errors.go b/errors/errors.go index 72ea09494..582a6f184 100644 --- a/errors/errors.go +++ b/errors/errors.go @@ -29,5 +29,6 @@ var ( ErrorNoValidSignature = errors.New("no valid signature") ErrorMutableImage = errors.New("the image is mutable") ErrorImageHash = errors.New("cannot retrieve sha256 of image") + ErrorInvalidEncoding = errors.New("invalid encoding") ErrorInternal = errors.New("internal error") ) diff --git a/verifiers/internal/gcb/provenance.go b/verifiers/internal/gcb/provenance.go index 0dc55267b..9a0065f89 100644 --- a/verifiers/internal/gcb/provenance.go +++ b/verifiers/internal/gcb/provenance.go @@ -71,7 +71,7 @@ func ProvenanceFromBytes(payload []byte) (*Provenance, error) { var prov gloudProvenance err := json.Unmarshal(payload, &prov) if err != nil { - return nil, fmt.Errorf("json.Unmarshal gcloud provenance: %w", err) + return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidDssePayload, err) } return &Provenance{ @@ -84,6 +84,9 @@ func payloadFromEnvelope(env *dsselib.Envelope) ([]byte, error) { if err != nil { return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) } + if payload == nil { + return nil, fmt.Errorf("%w: empty payload", serrors.ErrorInvalidFormat) + } return payload, nil } @@ -410,7 +413,7 @@ func (self *Provenance) VerifyVersionedTag(tag string) error { return fmt.Errorf("%w: GCB versioned-tag verification", serrors.ErrorNotSupported) } -func decodeSignature(s string) ([]byte, []error) { +func decodeSignature(s string) ([]byte, error) { var errs []error // First try the std decoding. rsig, err := base64.StdEncoding.DecodeString(s) @@ -432,7 +435,7 @@ func decodeSignature(s string) ([]byte, []error) { } errs = append(errs, err) - return nil, errs + return nil, fmt.Errorf("%w: %v", serrors.ErrorInvalidEncoding, errs) } // verifySignatures iterates over all the signatures in the DSSE and verifies them. @@ -451,9 +454,13 @@ func (self *Provenance) verifySignatures(prov *provenance) error { payloadHash := sha256.Sum256(payload) + // Verify the signatures. + if len(prov.Envelope.Signatures) == 0 { + return fmt.Errorf("%w: no signatures found in envelope", serrors.ErrorNoValidSignature) + } + var errs []error regex := regexp.MustCompile(`^projects\/verified-builder\/locations\/(.*)\/keyRings\/attestor\/cryptoKeys\/builtByGCB\/cryptoKeyVersions\/1$`) - for _, sig := range prov.Envelope.Signatures { match := regex.FindStringSubmatch(sig.KeyID) if len(match) == 2 { @@ -466,9 +473,9 @@ func (self *Provenance) verifySignatures(prov *provenance) error { } // Decode the signature. - rsig, es := decodeSignature(sig.Sig) - if len(es) != 0 { - errs = append(errs, es...) + rsig, err := decodeSignature(sig.Sig) + if err != nil { + errs = append(errs, err) continue } @@ -498,6 +505,7 @@ func (self *Provenance) VerifySignature() error { if len(self.gcloudProv.ProvenanceSummary.Provenance) == 0 { return fmt.Errorf("%w: no provenance found", serrors.ErrorInvalidDssePayload) } + // Iterate over all provenances available. var errs []error for i := range self.gcloudProv.ProvenanceSummary.Provenance { diff --git a/verifiers/internal/gcb/provenance_test.go b/verifiers/internal/gcb/provenance_test.go index dd5013f1f..dea08f9e7 100644 --- a/verifiers/internal/gcb/provenance_test.go +++ b/verifiers/internal/gcb/provenance_test.go @@ -75,7 +75,7 @@ func Test_VerifyIntotoHeaders(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifyIntotoHeaders() @@ -216,7 +216,7 @@ func Test_VerifyBuilder(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } var builderOpts options.BuilderOpts @@ -311,6 +311,51 @@ func Test_validateRecipeType(t *testing.T) { } } +func Test_decodeSignature(t *testing.T) { + t.Parallel() + tests := []struct { + name string + encoded string + decoded string + expected error + }{ + { + name: "std encoding", + encoded: "YWJjMTIzIT8kKiYoKSctPUB+", + decoded: "abc123!?$*&()'-=@~", + }, + { + name: "URL encoding", + encoded: "YWJjMTIzIT8kKiYoKSctPUB-", + decoded: "abc123!?$*&()'-=@~", + }, + { + name: "invalid", + encoded: "invalid encoding", + expected: serrors.ErrorInvalidEncoding, + }, + } + + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + c, err := decodeSignature(tt.encoded) + if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) { + t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors())) + } + if err != nil { + return + } + cs := string(c) + if cs != tt.decoded { + t.Errorf(cmp.Diff(cs, tt.decoded)) + } + }) + } +} + func Test_VerifySourceURI(t *testing.T) { t.Parallel() tests := []struct { @@ -480,7 +525,7 @@ func Test_VerifySourceURI(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } builderID, err := utils.TrustedBuilderIDNew(tt.builderID) @@ -516,6 +561,49 @@ func Test_VerifySignature(t *testing.T) { path: "./testdata/gcloud-container-invalid-signature-payloadtype.json", expected: serrors.ErrorNoValidSignature, }, + { + name: "invalid signature empty", + path: "./testdata/gcloud-container-empty-signature.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid region", + path: "./testdata/gcloud-container-invalid-signature-region.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid region empty", + path: "./testdata/gcloud-container-empty-signature-region.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid", + path: "./testdata/gcloud-container-invalid-keyid.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid empty", + path: "./testdata/gcloud-container-empty-keyid.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid keyid none", + path: "./testdata/gcloud-container-no-keyid.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "invalid signature multiple", + path: "./testdata/gcloud-container-multiple-invalid-signatures.json", + expected: serrors.ErrorNoValidSignature, + }, + { + name: "signature multiple 2nd valid", + path: "./testdata/gcloud-container-multiple-signatures-2ndvalid.json", + }, + { + name: "signature multiple 3rd valid", + path: "./testdata/gcloud-container-multiple-signatures-3rdvalid.json", + }, } for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below @@ -533,7 +621,7 @@ func Test_VerifySignature(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifySignature() @@ -544,6 +632,42 @@ func Test_VerifySignature(t *testing.T) { } } +func Test_ProvenanceFromBytes(t *testing.T) { + t.Parallel() + tests := []struct { + name string + path string + expected error + }{ + { + name: "invalid signature none", + path: "./testdata/gcloud-container-no-signature.json", + expected: serrors.ErrorInvalidDssePayload, + }, + { + name: "invalid provenance empty", + path: "./testdata/gcloud-container-empty-provenance.json", + expected: serrors.ErrorInvalidDssePayload, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + content, err := os.ReadFile(tt.path) + if err != nil { + panic(fmt.Errorf("os.ReadFile: %w", err)) + } + + _, err = ProvenanceFromBytes(content) + if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) { + t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors())) + } + }) + } +} + func Test_VerifySubjectDigest(t *testing.T) { t.Parallel() tests := []struct { @@ -580,7 +704,7 @@ func Test_VerifySubjectDigest(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifySubjectDigest(tt.hash) @@ -638,7 +762,7 @@ func Test_VerifySummary(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } provenanceOpts := options.ProvenanceOpts{ @@ -694,7 +818,7 @@ func Test_VerifyMetadata(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } provenanceOpts := options.ProvenanceOpts{ @@ -743,7 +867,7 @@ func Test_VerifyTextProvenance(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } if !tt.alter { @@ -857,7 +981,7 @@ func Test_VerifyBranch(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifyBranch(tt.branch) @@ -899,7 +1023,7 @@ func Test_VerifyTag(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifyTag(tt.tag) @@ -941,7 +1065,7 @@ func Test_VerifyVersionedTag(t *testing.T) { } if err := setStatement(prov); err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) + panic(fmt.Errorf("setStatement: %w", err)) } err = prov.VerifyVersionedTag(tt.tag) diff --git a/verifiers/internal/gcb/testdata/gcloud-container-empty-keyid.json b/verifiers/internal/gcb/testdata/gcloud-container-empty-keyid.json new file mode 100644 index 000000000..b2cc2f061 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-empty-keyid.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-empty-payload.json b/verifiers/internal/gcb/testdata/gcloud-container-empty-payload.json new file mode 100644 index 000000000..031140a95 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-empty-payload.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-empty-provenance.json b/verifiers/internal/gcb/testdata/gcloud-container-empty-provenance.json new file mode 100644 index 000000000..2aed70be0 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-empty-provenance.json @@ -0,0 +1,12 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": {} + } +} + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-empty-signature-region.json b/verifiers/internal/gcb/testdata/gcloud-container-empty-signature-region.json new file mode 100644 index 000000000..84af6a993 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-empty-signature-region.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations//keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-empty-signature.json b/verifiers/internal/gcb/testdata/gcloud-container-empty-signature.json new file mode 100644 index 000000000..2a43a0f1f --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-empty-signature.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-keyid.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-keyid.json new file mode 100644 index 000000000..c3cb76fa2 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-invalid-keyid.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/invalid-field/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-payload-encoding.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-payload-encoding.json new file mode 100644 index 000000000..87a4f1afc --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-invalid-payload-encoding.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "invalid payload encoding", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-encodingv03.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-encodingv03.json new file mode 100644 index 000000000..6d40a722b --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-encodingv03.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "invalid encoding" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-region.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-region.json new file mode 100644 index 000000000..2a60c8ba2 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-invalid-signature-region.json @@ -0,0 +1,109 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/invalid-region/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-multiple-invalid-signatures.json b/verifiers/internal/gcb/testdata/gcloud-container-multiple-invalid-signatures.json new file mode 100644 index 000000000..3d2e6a596 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-multiple-invalid-signatures.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-2ndvalid.json b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-2ndvalid.json new file mode 100644 index 000000000..d7cb8ad20 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-2ndvalid.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-3rdvalid.json b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-3rdvalid.json new file mode 100644 index 000000000..65f0155e5 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-multiple-signatures-3rdvalid.json @@ -0,0 +1,117 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJA==" + }, + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-no-keyid.json b/verifiers/internal/gcb/testdata/gcloud-container-no-keyid.json new file mode 100644 index 000000000..c25e8c3c9 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-no-keyid.json @@ -0,0 +1,108 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-no-payload.json b/verifiers/internal/gcb/testdata/gcloud-container-no-payload.json new file mode 100644 index 000000000..3efa73003 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-no-payload.json @@ -0,0 +1,108 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "keyid": "projects/verified-builder/locations/us-west2/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", + "sig": "MEQCID2DrzUtVIv55nSl0FdoYdaaayxrjOOF2i35yadBIvFdAiAZhG4k1dC2RmSbIBVctPQ10bTzeN4XKU7Vm9E5oMJAJQ==" + } + ] + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-no-provenance.json b/verifiers/internal/gcb/testdata/gcloud-container-no-provenance.json new file mode 100644 index 000000000..a512fd50e --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-no-provenance.json @@ -0,0 +1,9 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + } +} + \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-no-signature.json b/verifiers/internal/gcb/testdata/gcloud-container-no-signature.json new file mode 100644 index 000000000..3302b8187 --- /dev/null +++ b/verifiers/internal/gcb/testdata/gcloud-container-no-signature.json @@ -0,0 +1,103 @@ +{ + "image_summary": { + "digest": "sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "registry": "us-west2-docker.pkg.dev", + "repository": "quickstart-docker-repo" + }, + "provenance_summary": { + "provenance": [ + { + "build": { + "intotoStatement": { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.1", + "slsaProvenance": { + "builder": { + "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3" + }, + "materials": [ + { + "digest": { + "sha1": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae" + }, + "uri": "https://github.com/laurentsimon/gcb-tests" + } + ], + "metadata": { + "buildFinishedOn": "2022-09-06T17:54:22.169342Z", + "buildInvocationId": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "buildStartedOn": "2022-09-06T17:54:10.226833361Z" + }, + "recipe": { + "arguments": { + "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", + "id": "11f6c682-3451-4f72-ac2a-8e386eab66af", + "options": { + "dynamicSubstitutions": true, + "logging": "LEGACY", + "pool": {}, + "requestedVerifyOption": "VERIFIED", + "substitutionOption": "ALLOW_LOOSE" + }, + "sourceProvenance": {}, + "steps": [ + { + "args": [ + "build", + "-t", + "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39", + "." + ], + "name": "gcr.io/cloud-builders/docker", + "pullTiming": { + "endTime": "2022-09-06T17:54:13.240503649Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + }, + "status": "SUCCESS", + "timing": { + "endTime": "2022-09-06T17:54:20.155242044Z", + "startTime": "2022-09-06T17:54:13.237138056Z" + } + } + ], + "substitutions": { + "COMMIT_SHA": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "REF_NAME": "v39", + "REPO_NAME": "gcb-tests", + "REVISION_ID": "01ce393d04eb6df2a7b2b3e95d4126e687afb7ae", + "SHORT_SHA": "01ce393", + "TAG_NAME": "v39", + "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild.yaml", + "TRIGGER_NAME": "Tag" + } + }, + "entryPoint": "cloudbuild.yaml", + "type": "https://cloudbuild.googleapis.com/CloudBuildYaml@v0.1" + } + }, + "subject": [ + { + "digest": { + "sha256": "f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7" + }, + "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v39" + } + ] + } + }, + "createTime": "2022-09-06T17:54:23.761540Z", + "envelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4zIn0sIm1hdGVyaWFscyI6W3siZGlnZXN0Ijp7InNoYTEiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIn0sInVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vZ2NiLXRlc3RzIn1dLCJtZXRhZGF0YSI6eyJidWlsZEZpbmlzaGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjIyLjE2OTM0MloiLCJidWlsZEludm9jYXRpb25JZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsImJ1aWxkU3RhcnRlZE9uIjoiMjAyMi0wOS0wNlQxNzo1NDoxMC4yMjY4MzMzNjFaIn0sInJlY2lwZSI6eyJhcmd1bWVudHMiOnsiQHR5cGUiOiJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwiaWQiOiIxMWY2YzY4Mi0zNDUxLTRmNzItYWMyYS04ZTM4NmVhYjY2YWYiLCJvcHRpb25zIjp7ImR5bmFtaWNTdWJzdGl0dXRpb25zIjp0cnVlLCJsb2dnaW5nIjoiTEVHQUNZIiwicG9vbCI6e30sInJlcXVlc3RlZFZlcmlmeU9wdGlvbiI6IlZFUklGSUVEIiwic3Vic3RpdHV0aW9uT3B0aW9uIjoiQUxMT1dfTE9PU0UifSwic291cmNlUHJvdmVuYW5jZSI6e30sInN0ZXBzIjpbeyJhcmdzIjpbImJ1aWxkIiwiLXQiLCJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MzkiLCIuIl0sIm5hbWUiOiJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwicHVsbFRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yNDA1MDM2NDlaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn0sInN0YXR1cyI6IlNVQ0NFU1MiLCJ0aW1pbmciOnsiZW5kVGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MjAuMTU1MjQyMDQ0WiIsInN0YXJ0VGltZSI6IjIwMjItMDktMDZUMTc6NTQ6MTMuMjM3MTM4MDU2WiJ9fV0sInN1YnN0aXR1dGlvbnMiOnsiQ09NTUlUX1NIQSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUiLCJSRUZfTkFNRSI6InYzOSIsIlJFUE9fTkFNRSI6ImdjYi10ZXN0cyIsIlJFVklTSU9OX0lEIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlNIT1JUX1NIQSI6IjAxY2UzOTMiLCJUQUdfTkFNRSI6InYzOSIsIlRSSUdHRVJfQlVJTERfQ09ORklHX1BBVEgiOiJjbG91ZGJ1aWxkLnlhbWwiLCJUUklHR0VSX05BTUUiOiJUYWcifX0sImVudHJ5UG9pbnQiOiJjbG91ZGJ1aWxkLnlhbWwiLCJ0eXBlIjoiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0Nsb3VkQnVpbGRZYW1sQHYwLjEifX0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsInNsc2FQcm92ZW5hbmNlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjMifSwibWF0ZXJpYWxzIjpbeyJkaWdlc3QiOnsic2hhMSI6IjAxY2UzOTNkMDRlYjZkZjJhN2IyYjNlOTVkNDEyNmU2ODdhZmI3YWUifSwidXJpIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMifV0sIm1ldGFkYXRhIjp7ImJ1aWxkRmluaXNoZWRPbiI6IjIwMjItMDktMDZUMTc6NTQ6MjIuMTY5MzQyWiIsImJ1aWxkSW52b2NhdGlvbklkIjoiMTFmNmM2ODItMzQ1MS00ZjcyLWFjMmEtOGUzODZlYWI2NmFmIiwiYnVpbGRTdGFydGVkT24iOiIyMDIyLTA5LTA2VDE3OjU0OjEwLjIyNjgzMzM2MVoifSwicmVjaXBlIjp7ImFyZ3VtZW50cyI6eyJAdHlwZSI6InR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLmRldnRvb2xzLmNsb3VkYnVpbGQudjEuQnVpbGQiLCJpZCI6IjExZjZjNjgyLTM0NTEtNGY3Mi1hYzJhLThlMzg2ZWFiNjZhZiIsIm9wdGlvbnMiOnsiZHluYW1pY1N1YnN0aXR1dGlvbnMiOnRydWUsImxvZ2dpbmciOiJMRUdBQ1kiLCJwb29sIjp7fSwicmVxdWVzdGVkVmVyaWZ5T3B0aW9uIjoiVkVSSUZJRUQiLCJzdWJzdGl0dXRpb25PcHRpb24iOiJBTExPV19MT09TRSJ9LCJzb3VyY2VQcm92ZW5hbmNlIjp7fSwic3RlcHMiOlt7ImFyZ3MiOlsiYnVpbGQiLCItdCIsInVzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYzOSIsIi4iXSwibmFtZSI6Imdjci5pby9jbG91ZC1idWlsZGVycy9kb2NrZXIiLCJwdWxsVGltaW5nIjp7ImVuZFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjI0MDUwMzY0OVoiLCJzdGFydFRpbWUiOiIyMDIyLTA5LTA2VDE3OjU0OjEzLjIzNzEzODA1NloifSwic3RhdHVzIjoiU1VDQ0VTUyIsInRpbWluZyI6eyJlbmRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoyMC4xNTUyNDIwNDRaIiwic3RhcnRUaW1lIjoiMjAyMi0wOS0wNlQxNzo1NDoxMy4yMzcxMzgwNTZaIn19XSwic3Vic3RpdHV0aW9ucyI6eyJDT01NSVRfU0hBIjoiMDFjZTM5M2QwNGViNmRmMmE3YjJiM2U5NWQ0MTI2ZTY4N2FmYjdhZSIsIlJFRl9OQU1FIjoidjM5IiwiUkVQT19OQU1FIjoiZ2NiLXRlc3RzIiwiUkVWSVNJT05fSUQiOiIwMWNlMzkzZDA0ZWI2ZGYyYTdiMmIzZTk1ZDQxMjZlNjg3YWZiN2FlIiwiU0hPUlRfU0hBIjoiMDFjZTM5MyIsIlRBR19OQU1FIjoidjM5IiwiVFJJR0dFUl9CVUlMRF9DT05GSUdfUEFUSCI6ImNsb3VkYnVpbGQueWFtbCIsIlRSSUdHRVJfTkFNRSI6IlRhZyJ9fSwiZW50cnlQb2ludCI6ImNsb3VkYnVpbGQueWFtbCIsInR5cGUiOiJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vQ2xvdWRCdWlsZFlhbWxAdjAuMSJ9fSwic3ViamVjdCI6W3siZGlnZXN0Ijp7InNoYTI1NiI6ImY0NzJjYTRiNjg4OThjOTUxYWMzYjQ3NmNiYTkxOWQwZDU2ZmNhNGNlZDYzMWZhYmNlYWQ1MWU0YjJiNjkwZTcifSwibmFtZSI6Imh0dHBzOi8vdXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djM5In1dfQ==", + "payloadType": "application/vnd.in-toto+json", + }, + "kind": "BUILD", + "name": "projects/gosst-scare-sandbox/occurrences/768ee56d-2064-4ed9-9cd4-8232df1a1792", + "noteName": "projects/verified-builder/notes/intoto_11f6c682-3451-4f72-ac2a-8e386eab66af", + "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:f472ca4b68898c951ac3b476cba919d0d56fca4ced631fabcead51e4b2b690e7", + "updateTime": "2022-09-06T17:54:23.761540Z" + } + ] + } + } + \ No newline at end of file