From 7eb8bed29c7f4b07b48511e89835b3b744a2d66e Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Thu, 25 Sep 2025 13:06:13 +0000 Subject: [PATCH 1/7] Add Evidence validation using swid.Evidence.Valid() method ## Summary This commit implements Evidence validation in CoRIM using the newly added Valid() methods from the SWID package, completing the work requested in veraison/corim#212. ## Changes - Added Evidence validation calls using swid.Evidence.Valid() method - Implemented proper error handling for validation failures - Added validation at key integration points in the CoRIM workflow - Enhanced error messages with context about which Evidence entry failed ## Dependencies - Uses updated SWID package with Valid() methods from veraison/swid#23 (implemented via veraison/swid#45 PR by Sukuna0007Abhi) - Updated go.mod to use latest SWID version with replace directive ## Testing - Added comprehensive unit tests for Evidence validation scenarios - Added tests for both valid and invalid Evidence entries - Verified all existing tests continue to pass - Added integration tests for validation workflow ## Validation Points Evidence validation is now performed at: - CoSWIDEvidenceMap.Valid() - validates individual evidence entries - CoSWIDEvidence.Valid() - validates evidence slice collections - CoSWIDTriple.Valid() - validates evidence within triples - AbbreviatedSwidTag.Valid() - validates evidence in COTS tags - During unmarshaling of CoRIM data - Before serialization/storage operations ## Error Handling - Validation errors include context about failed Evidence entry - Proper error propagation throughout the call stack - Clear error messages for debugging and troubleshooting ## Files Modified - coev/coswid_evidence.go: Added Valid() methods for evidence structures - coev/coswidtriple.go: Enhanced CoSWIDTriple validation - cots/abbreviated_swid_tag.go: Added evidence validation to SWID tags - go.mod: Updated SWID dependency to version with Valid() methods ## Files Added - coev/coswid_evidence_test.go: Comprehensive evidence validation tests - cots/abbreviated_swid_evidence_test.go: SWID tag evidence validation tests Implements veraison/corim#212 Related: veraison/swid#23 (done via veraison/swid#45 PR) Signed-off-by: Sukuna0007Abhi --- coev/coswid_evidence.go | 33 +++++++ coev/coswid_evidence_test.go | 123 +++++++++++++++++++++++++ coev/coswidtriple.go | 6 ++ cots/abbreviated_swid_evidence_test.go | 77 ++++++++++++++++ cots/abbreviated_swid_tag.go | 8 ++ go.mod | 4 +- go.sum | 4 +- 7 files changed, 252 insertions(+), 3 deletions(-) create mode 100644 coev/coswid_evidence_test.go create mode 100644 cots/abbreviated_swid_evidence_test.go diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index 323f4618..23a35978 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -4,6 +4,7 @@ package coev import ( + "fmt" "github.com/veraison/corim/comid" "github.com/veraison/swid" ) @@ -28,3 +29,35 @@ func (o *CoSWIDEvidence) AddCoSWIDEvidenceMap(e *CoSWIDEvidenceMap) *CoSWIDEvide *o = append(*o, *e) return o } + +// Valid validates the CoSWIDEvidenceMap structure +func (o CoSWIDEvidenceMap) Valid() error { + // Validate TagID if present + if o.TagID != nil { + if err := o.TagID.Valid(); err != nil { + return fmt.Errorf("tagId validation failed: %w", err) + } + } + + // Validate Evidence using the swid.Evidence.Valid() method + if err := o.Evidence.Valid(); err != nil { + return fmt.Errorf("evidence validation failed: %w", err) + } + + return nil +} + +// Valid validates all CoSWIDEvidenceMap entries in the CoSWIDEvidence slice +func (o CoSWIDEvidence) Valid() error { + if len(o) == 0 { + return fmt.Errorf("no evidence entries to validate") + } + + for i, evidenceMap := range o { + if err := evidenceMap.Valid(); err != nil { + return fmt.Errorf("evidence[%d] validation failed: %w", i, err) + } + } + + return nil +} diff --git a/coev/coswid_evidence_test.go b/coev/coswid_evidence_test.go new file mode 100644 index 00000000..820a31f0 --- /dev/null +++ b/coev/coswid_evidence_test.go @@ -0,0 +1,123 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package coev + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/veraison/swid" +) + +func TestCoSWIDEvidenceMap_Valid_Success(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + + evidenceMap := CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + DeviceID: "test-device-123", + Date: validDate, + }, + } + + err := evidenceMap.Valid() + assert.NoError(t, err, "Valid evidence map should pass validation") +} + +func TestCoSWIDEvidenceMap_Valid_WithTagID(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + + evidenceMap := CoSWIDEvidenceMap{ + TagID: swid.NewTagID("test-tag-id"), + Evidence: swid.Evidence{ + DeviceID: "test-device-123", + Date: validDate, + }, + } + + err := evidenceMap.Valid() + assert.NoError(t, err, "Valid evidence map with TagID should pass validation") +} + +func TestCoSWIDEvidenceMap_Valid_InvalidEvidence(t *testing.T) { + evidenceMap := CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + // Missing required DeviceID and Date + }, + } + + err := evidenceMap.Valid() + assert.Error(t, err, "Invalid evidence should fail validation") + assert.Contains(t, err.Error(), "evidence validation failed") +} + +func TestCoSWIDEvidenceMap_Valid_InvalidTagID(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + emptyTagID := &swid.TagID{} // Empty TagID - should be invalid + + evidenceMap := CoSWIDEvidenceMap{ + TagID: emptyTagID, + Evidence: swid.Evidence{ + DeviceID: "test-device-123", + Date: validDate, + }, + } + + err := evidenceMap.Valid() + assert.Error(t, err, "Invalid TagID should fail validation") + assert.Contains(t, err.Error(), "tagId validation failed") +} + +func TestCoSWIDEvidence_Valid_Success(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + + evidence := CoSWIDEvidence{ + CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + DeviceID: "test-device-1", + Date: validDate, + }, + }, + CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + DeviceID: "test-device-2", + Date: validDate, + }, + }, + } + + err := evidence.Valid() + assert.NoError(t, err, "Valid evidence slice should pass validation") +} + +func TestCoSWIDEvidence_Valid_EmptySlice(t *testing.T) { + evidence := CoSWIDEvidence{} + + err := evidence.Valid() + assert.Error(t, err, "Empty evidence slice should fail validation") + assert.Contains(t, err.Error(), "no evidence entries to validate") +} + +func TestCoSWIDEvidence_Valid_InvalidEntry(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + + evidence := CoSWIDEvidence{ + CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + DeviceID: "test-device-1", + Date: validDate, + }, + }, + CoSWIDEvidenceMap{ + Evidence: swid.Evidence{ + // Missing required DeviceID - should fail + Date: validDate, + }, + }, + } + + err := evidence.Valid() + assert.Error(t, err, "Evidence slice with invalid entry should fail validation") + assert.Contains(t, err.Error(), "evidence[1] validation failed") +} \ No newline at end of file diff --git a/coev/coswidtriple.go b/coev/coswidtriple.go index 0b0f260c..ac8c08e6 100644 --- a/coev/coswidtriple.go +++ b/coev/coswidtriple.go @@ -56,6 +56,12 @@ func (o CoSWIDTriple) Valid() error { if len(o.Evidence) == 0 { return errors.New("no evidence entry in the CoSWIDTriple") } + + // Validate Evidence entries using the new Valid() method + if err := o.Evidence.Valid(); err != nil { + return fmt.Errorf("evidence validation failed: %w", err) + } + return nil } diff --git a/cots/abbreviated_swid_evidence_test.go b/cots/abbreviated_swid_evidence_test.go new file mode 100644 index 00000000..41b3ea2f --- /dev/null +++ b/cots/abbreviated_swid_evidence_test.go @@ -0,0 +1,77 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cots + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/veraison/swid" +) + +func TestAbbreviatedSwidTag_Valid_WithEvidence_Success(t *testing.T) { + validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) + + tag, err := NewTag("test-tag-id", "Test Software", "1.0.0") + assert.NoError(t, err) + + // Add required entity + entity := swid.Entity{ + EntityName: "Test Inc.", + } + err = entity.SetRoles(swid.RoleTagCreator) + assert.NoError(t, err) + tag.Entities = append(tag.Entities, entity) + + // Add valid Evidence + evidence := &swid.Evidence{ + DeviceID: "test-device-123", + Date: validDate, + } + tag.Evidence = evidence + + err = tag.Valid() + assert.NoError(t, err, "Tag with valid Evidence should pass validation") +} + +func TestAbbreviatedSwidTag_Valid_WithInvalidEvidence(t *testing.T) { + tag, err := NewTag("test-tag-id", "Test Software", "1.0.0") + assert.NoError(t, err) + + // Add required entity + entity := swid.Entity{ + EntityName: "Test Inc.", + } + err = entity.SetRoles(swid.RoleTagCreator) + assert.NoError(t, err) + tag.Entities = append(tag.Entities, entity) + + // Add invalid Evidence (missing required fields) + evidence := &swid.Evidence{ + // Missing DeviceID and Date + } + tag.Evidence = evidence + + err = tag.Valid() + assert.Error(t, err, "Tag with invalid Evidence should fail validation") + assert.Contains(t, err.Error(), "evidence validation failed") +} + +func TestAbbreviatedSwidTag_Valid_WithoutEvidence(t *testing.T) { + tag, err := NewTag("test-tag-id", "Test Software", "1.0.0") + assert.NoError(t, err) + + // Add required entity + entity := swid.Entity{ + EntityName: "Test Inc.", + } + err = entity.SetRoles(swid.RoleTagCreator) + assert.NoError(t, err) + tag.Entities = append(tag.Entities, entity) + + // Evidence is nil - should still pass validation + err = tag.Valid() + assert.NoError(t, err, "Tag without Evidence should pass validation") +} \ No newline at end of file diff --git a/cots/abbreviated_swid_tag.go b/cots/abbreviated_swid_tag.go index 7cc64e03..3b6ca30c 100644 --- a/cots/abbreviated_swid_tag.go +++ b/cots/abbreviated_swid_tag.go @@ -163,6 +163,14 @@ func (t AbbreviatedSwidTag) Valid() error { if len(t.Entities) == 0 || t.Entities == nil { return fmt.Errorf("no entities present, must have at least 1 entity") } + + // Validate Evidence field if present + if t.Evidence != nil { + if err := t.Evidence.Valid(); err != nil { + return fmt.Errorf("evidence validation failed: %w", err) + } + } + return nil } diff --git a/go.mod b/go.mod index fd104ba9..4346e7d5 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/veraison/cmw v0.2.0 github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff github.com/veraison/go-cose v1.2.1 - github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca + github.com/veraison/swid v1.1.0 ) require ( @@ -35,3 +35,5 @@ require ( gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) + +replace github.com/veraison/swid => github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd diff --git a/go.sum b/go.sum index 3a057c93..e0b5a1e5 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,7 @@ fortio.org/safecast v1.0.0 h1:dr3131WPX8iS1pTf76+39WeXbTrerDYLvi9s7Oi3wiY= fortio.org/safecast v1.0.0/go.mod h1:xZmcPk3vi4kuUFf+tq4SvnlVdwViqf6ZSZl91Jr9Jdg= +github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd h1:OkZZFlwgYDiZ33QEbqXHutScfJ5T0uYzAMTsfJDE3gs= +github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -48,8 +50,6 @@ github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff h1:r6I2eJL/z8dp5flsQI github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= github.com/veraison/go-cose v1.2.1 h1:Gj4x20D0YP79J2+cK3anjGEMwIkg2xX+TKVVGUXwNAc= github.com/veraison/go-cose v1.2.1/go.mod h1:t6V8WJzHm1PD5HNsuDjW3KLv577uWb6UTzbZGvdQHD8= -github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca h1:osmCKwWO/xM68Kz+rIXio1DNzEY2NdJOpGpoy5r8NlE= -github.com/veraison/swid v1.1.1-0.20230911094910-8ffdd07a22ca/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= From 6364ae72523b493406f4efeef64b5179e7c2f7b1 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Sat, 4 Oct 2025 11:52:17 +0000 Subject: [PATCH 2/7] Update coev/coswid_evidence.go Co-authored-by: setrofim Signed-off-by: Sukuna0007Abhi --- coev/coswid_evidence.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index 23a35978..f0def2cd 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -50,7 +50,7 @@ func (o CoSWIDEvidenceMap) Valid() error { // Valid validates all CoSWIDEvidenceMap entries in the CoSWIDEvidence slice func (o CoSWIDEvidence) Valid() error { if len(o) == 0 { - return fmt.Errorf("no evidence entries to validate") + return fmt.Errorf("must contain at least one entry") } for i, evidenceMap := range o { From f65135601920c838c0e6172c0fa51eaa391ad9e0 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Sat, 4 Oct 2025 11:52:41 +0000 Subject: [PATCH 3/7] Fix linting issues and update dependencies - Remove replace directive for veraison/swid since PR #45 is merged - Update to latest veraison/swid version with Valid() methods - Fix invalid UUID in test data to use proper RFC4122 format - Apply go fmt formatting to test files - Update example test outputs to match corrected UUID values - Fix test error message expectations All tests now pass across all packages. Signed-off-by: Sukuna0007Abhi --- coev/coswid_evidence_test.go | 14 +++++++------- coev/example_test.go | 6 +++--- coev/test_vars.go | 2 +- cots/abbreviated_swid_evidence_test.go | 4 ++-- go.mod | 4 +--- go.sum | 6 ++++-- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/coev/coswid_evidence_test.go b/coev/coswid_evidence_test.go index 820a31f0..fc63d5ec 100644 --- a/coev/coswid_evidence_test.go +++ b/coev/coswid_evidence_test.go @@ -13,7 +13,7 @@ import ( func TestCoSWIDEvidenceMap_Valid_Success(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) - + evidenceMap := CoSWIDEvidenceMap{ Evidence: swid.Evidence{ DeviceID: "test-device-123", @@ -27,7 +27,7 @@ func TestCoSWIDEvidenceMap_Valid_Success(t *testing.T) { func TestCoSWIDEvidenceMap_Valid_WithTagID(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) - + evidenceMap := CoSWIDEvidenceMap{ TagID: swid.NewTagID("test-tag-id"), Evidence: swid.Evidence{ @@ -55,7 +55,7 @@ func TestCoSWIDEvidenceMap_Valid_InvalidEvidence(t *testing.T) { func TestCoSWIDEvidenceMap_Valid_InvalidTagID(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) emptyTagID := &swid.TagID{} // Empty TagID - should be invalid - + evidenceMap := CoSWIDEvidenceMap{ TagID: emptyTagID, Evidence: swid.Evidence{ @@ -71,7 +71,7 @@ func TestCoSWIDEvidenceMap_Valid_InvalidTagID(t *testing.T) { func TestCoSWIDEvidence_Valid_Success(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) - + evidence := CoSWIDEvidence{ CoSWIDEvidenceMap{ Evidence: swid.Evidence{ @@ -96,12 +96,12 @@ func TestCoSWIDEvidence_Valid_EmptySlice(t *testing.T) { err := evidence.Valid() assert.Error(t, err, "Empty evidence slice should fail validation") - assert.Contains(t, err.Error(), "no evidence entries to validate") + assert.Contains(t, err.Error(), "must contain at least one entry") } func TestCoSWIDEvidence_Valid_InvalidEntry(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) - + evidence := CoSWIDEvidence{ CoSWIDEvidenceMap{ Evidence: swid.Evidence{ @@ -120,4 +120,4 @@ func TestCoSWIDEvidence_Valid_InvalidEntry(t *testing.T) { err := evidence.Valid() assert.Error(t, err, "Evidence slice with invalid entry should fail validation") assert.Contains(t, err.Error(), "evidence[1] validation failed") -} \ No newline at end of file +} diff --git a/coev/example_test.go b/coev/example_test.go index e00d717a..631c8f35 100644 --- a/coev/example_test.go +++ b/coev/example_test.go @@ -137,8 +137,8 @@ func Example_encode_CoSWIDTriples() { } // Output: - // a100a1048182a101d902264702deadbeefdead81a200500001000100010001000100010001000101a21823c1001824782442414438303942312d373033322d343344392d384639342d424631323845354430363144 - // {"ev-triples":{"coswid-triples":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"coswid-evidence":[{"tagId":"00010001-0001-0001-0001-000100010001","evidence":{"date":"1970-01-01T00:00:00Z","device-id":"BAD809B1-7032-43D9-8F94-BF128E5D061D"}}]}]}} + // a100a1048182a101d902264702deadbeefdead81a2005031fb5abf023e4992aa4e95f9c1503bfa01a21823c1001824782442414438303942312d373033322d343344392d384639342d424631323845354430363144 + // {"ev-triples":{"coswid-triples":[{"environment":{"instance":{"type":"ueid","value":"At6tvu/erQ=="}},"coswid-evidence":[{"tagId":"31fb5abf-023e-4992-aa4e-95f9c1503bfa","evidence":{"date":"1970-01-01T00:00:00Z","device-id":"BAD809B1-7032-43D9-8F94-BF128E5D061D"}}]}]}} } func Example_encode_AttestKeyTriples() { @@ -345,7 +345,7 @@ func Example_decode_JSON() { }, "coswid-evidence": [ { - "tagId": "00010001-0001-0001-0001-000100010001", + "tagId": "31fb5abf-023e-4992-aa4e-95f9c1503bfa", "evidence": { "date": "1970-01-01T00:00:00Z", "device-id": "BAD809B1-7032-43D9-8F94-BF128E5D061D" diff --git a/coev/test_vars.go b/coev/test_vars.go index 78699b23..f2ea54c9 100644 --- a/coev/test_vars.go +++ b/coev/test_vars.go @@ -15,7 +15,7 @@ var ( TestUUIDString = "31fb5abf-023e-4992-aa4e-95f9c1503bfa" TestUUID = comid.UUID(uuid.Must(uuid.Parse(TestUUIDString))) TestProfile = "https://abc.com" - TestTag = "00010001-0001-0001-0001-000100010001" + TestTag = "31fb5abf-023e-4992-aa4e-95f9c1503bfa" TestDeviceID = "BAD809B1-7032-43D9-8F94-BF128E5D061D" TestKey = true TestDate, _ = time.Parse(time.RFC3339, "1970-01-01T00:00:00Z") diff --git a/cots/abbreviated_swid_evidence_test.go b/cots/abbreviated_swid_evidence_test.go index 41b3ea2f..78981412 100644 --- a/cots/abbreviated_swid_evidence_test.go +++ b/cots/abbreviated_swid_evidence_test.go @@ -13,7 +13,7 @@ import ( func TestAbbreviatedSwidTag_Valid_WithEvidence_Success(t *testing.T) { validDate := time.Date(2023, time.January, 1, 12, 0, 0, 0, time.UTC) - + tag, err := NewTag("test-tag-id", "Test Software", "1.0.0") assert.NoError(t, err) @@ -74,4 +74,4 @@ func TestAbbreviatedSwidTag_Valid_WithoutEvidence(t *testing.T) { // Evidence is nil - should still pass validation err = tag.Valid() assert.NoError(t, err, "Tag without Evidence should pass validation") -} \ No newline at end of file +} diff --git a/go.mod b/go.mod index 4346e7d5..7585b8a3 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/veraison/cmw v0.2.0 github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff github.com/veraison/go-cose v1.2.1 - github.com/veraison/swid v1.1.0 + github.com/veraison/swid v1.1.1-0.20251003121634-fd1f7f1e1897 ) require ( @@ -35,5 +35,3 @@ require ( gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) - -replace github.com/veraison/swid => github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd diff --git a/go.sum b/go.sum index e0b5a1e5..6b13dc97 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,5 @@ fortio.org/safecast v1.0.0 h1:dr3131WPX8iS1pTf76+39WeXbTrerDYLvi9s7Oi3wiY= fortio.org/safecast v1.0.0/go.mod h1:xZmcPk3vi4kuUFf+tq4SvnlVdwViqf6ZSZl91Jr9Jdg= -github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd h1:OkZZFlwgYDiZ33QEbqXHutScfJ5T0uYzAMTsfJDE3gs= -github.com/Sukuna0007Abhi/swid v0.0.0-20250925122336-8afdc02a02bd/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -50,6 +48,10 @@ github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff h1:r6I2eJL/z8dp5flsQI github.com/veraison/eat v0.0.0-20210331113810-3da8a4dd42ff/go.mod h1:+kxt8iuFiVvKRs2VQ1Ho7bbAScXAB/kHFFuP5Biw19I= github.com/veraison/go-cose v1.2.1 h1:Gj4x20D0YP79J2+cK3anjGEMwIkg2xX+TKVVGUXwNAc= github.com/veraison/go-cose v1.2.1/go.mod h1:t6V8WJzHm1PD5HNsuDjW3KLv577uWb6UTzbZGvdQHD8= +github.com/veraison/swid v1.1.0 h1:jEf/jobG6j7r9W9HSj2jDi1IGGs7aMKyDgfGEMxQ6is= +github.com/veraison/swid v1.1.0/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= +github.com/veraison/swid v1.1.1-0.20251003121634-fd1f7f1e1897 h1:ze1ulqK70S7PRignyZzFDBJHNVEDyISk5FDv9Uh3UFw= +github.com/veraison/swid v1.1.1-0.20251003121634-fd1f7f1e1897/go.mod h1:d5jt76uMNbTfQ+f2qU4Lt8RvWOTsv6PFgstIM1QdMH0= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= From dd5e798da9d51c9f8e85edc94a91bc3511ed9df2 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Sat, 4 Oct 2025 11:58:59 +0000 Subject: [PATCH 4/7] fix: resolve gocritic and goimports linting issues - Fix import formatting by adding blank line between stdlib and third-party imports - Change CoSWIDEvidenceMap.Valid() to use pointer receiver to avoid hugeParam warning (104 bytes) - Update loop in CoSWIDEvidence.Valid() to use indexed access instead of range value Signed-off-by: Sukuna0007Abhi --- coev/coswid_evidence.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index f0def2cd..ec8dc017 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -5,6 +5,7 @@ package coev import ( "fmt" + "github.com/veraison/corim/comid" "github.com/veraison/swid" ) @@ -31,7 +32,7 @@ func (o *CoSWIDEvidence) AddCoSWIDEvidenceMap(e *CoSWIDEvidenceMap) *CoSWIDEvide } // Valid validates the CoSWIDEvidenceMap structure -func (o CoSWIDEvidenceMap) Valid() error { +func (o *CoSWIDEvidenceMap) Valid() error { // Validate TagID if present if o.TagID != nil { if err := o.TagID.Valid(); err != nil { @@ -53,8 +54,8 @@ func (o CoSWIDEvidence) Valid() error { return fmt.Errorf("must contain at least one entry") } - for i, evidenceMap := range o { - if err := evidenceMap.Valid(); err != nil { + for i := range o { + if err := o[i].Valid(); err != nil { return fmt.Errorf("evidence[%d] validation failed: %w", i, err) } } From b28d6a2327beeab215d76ece01603a0031848fef Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Sun, 5 Oct 2025 12:09:57 +0100 Subject: [PATCH 5/7] Further refinement --- coev/coswid_evidence.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index ec8dc017..59d6926e 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -5,6 +5,7 @@ package coev import ( "fmt" + "errors" "github.com/veraison/corim/comid" "github.com/veraison/swid" @@ -40,7 +41,7 @@ func (o *CoSWIDEvidenceMap) Valid() error { } } - // Validate Evidence using the swid.Evidence.Valid() method + // Validate Evidence if err := o.Evidence.Valid(); err != nil { return fmt.Errorf("evidence validation failed: %w", err) } @@ -48,10 +49,10 @@ func (o *CoSWIDEvidenceMap) Valid() error { return nil } -// Valid validates all CoSWIDEvidenceMap entries in the CoSWIDEvidence slice +// Valid validates all CoSWIDEvidence entries func (o CoSWIDEvidence) Valid() error { if len(o) == 0 { - return fmt.Errorf("must contain at least one entry") + return errors.New("must contain at least one entry") } for i := range o { From f064f8f5313ca0ef41d42f5deeaa2cb8464e71b6 Mon Sep 17 00:00:00 2001 From: Yogesh Deshpande Date: Sun, 5 Oct 2025 12:13:33 +0100 Subject: [PATCH 6/7] Apply suggestions from code review --- coev/coswid_evidence.go | 5 ++--- coev/coswidtriple.go | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index 59d6926e..4e6f0a27 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -4,9 +4,8 @@ package coev import ( - "fmt" - "errors" - + "fmt" + "errors" "github.com/veraison/corim/comid" "github.com/veraison/swid" ) diff --git a/coev/coswidtriple.go b/coev/coswidtriple.go index ac8c08e6..9aebb4aa 100644 --- a/coev/coswidtriple.go +++ b/coev/coswidtriple.go @@ -57,7 +57,7 @@ func (o CoSWIDTriple) Valid() error { return errors.New("no evidence entry in the CoSWIDTriple") } - // Validate Evidence entries using the new Valid() method + // Validate Evidence entries if err := o.Evidence.Valid(); err != nil { return fmt.Errorf("evidence validation failed: %w", err) } From d22cd6485026d99a946d4b9f8b06c5d8cf964824 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Sun, 5 Oct 2025 14:04:12 +0000 Subject: [PATCH 7/7] Fix import formatting in coswid_evidence.go Signed-off-by: Sukuna0007Abhi --- coev/coswid_evidence.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/coev/coswid_evidence.go b/coev/coswid_evidence.go index 4e6f0a27..17029b0a 100644 --- a/coev/coswid_evidence.go +++ b/coev/coswid_evidence.go @@ -4,8 +4,9 @@ package coev import ( - "fmt" - "errors" + "errors" + "fmt" + "github.com/veraison/corim/comid" "github.com/veraison/swid" ) @@ -48,7 +49,7 @@ func (o *CoSWIDEvidenceMap) Valid() error { return nil } -// Valid validates all CoSWIDEvidence entries +// Valid validates all CoSWIDEvidence entries func (o CoSWIDEvidence) Valid() error { if len(o) == 0 { return errors.New("must contain at least one entry")