83 lines
3.5 KiB
Diff
83 lines
3.5 KiB
Diff
Backported from moby buildkit upstream:
|
|
https://github.com/moby/buildkit/commit/1981eb123dc979fc71d097adeb5bbb84110aa9f4
|
|
|
|
Modified to apply to vendored code by: corvus-callidus <108946721+corvus-callidus@users.noreply.github.com>
|
|
- Adjusted paths
|
|
- Removed reference to files not present in the vendored version
|
|
|
|
From 8dfaf014d7f9721b501f99ab0aeb9f0ed957948d Mon Sep 17 00:00:00 2001
|
|
From: Tonis Tiigi <tonistiigi@gmail.com>
|
|
Date: Sun, 17 Dec 2023 20:43:57 -0800
|
|
Subject: [PATCH 3/5] exporter: add validation for platforms key value
|
|
|
|
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
|
|
(cherry picked from commit 432ece72ae124ce8a29ced6854a08206f09f3a73)
|
|
---
|
|
vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go | 14 +++
|
|
1 files changed, 14 insertions(+)
|
|
|
|
diff --git a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go
|
|
index 293a24ed0772..e8d9b7f0cb73 100644
|
|
--- a/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go
|
|
+++ b/vendor/github.com/moby/buildkit/exporter/containerimage/exptypes/parse.go
|
|
@@ -17,6 +17,18 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) {
|
|
return Platforms{}, errors.Wrapf(err, "failed to parse platforms passed to provenance processor")
|
|
}
|
|
}
|
|
+ if len(ps.Platforms) == 0 {
|
|
+ return Platforms{}, errors.Errorf("invalid empty platforms index for exporter")
|
|
+ }
|
|
+ for i, p := range ps.Platforms {
|
|
+ if p.ID == "" {
|
|
+ return Platforms{}, errors.Errorf("invalid empty platform key for exporter")
|
|
+ }
|
|
+ if p.Platform.OS == "" || p.Platform.Architecture == "" {
|
|
+ return Platforms{}, errors.Errorf("invalid platform value %v for exporter", p.Platform)
|
|
+ }
|
|
+ ps.Platforms[i].Platform = platforms.Normalize(p.Platform)
|
|
+ }
|
|
return ps, nil
|
|
}
|
|
|
|
@@ -36,6 +48,8 @@ func ParsePlatforms(meta map[string][]byte) (Platforms, error) {
|
|
OSFeatures: img.OSFeatures,
|
|
Variant: img.Variant,
|
|
}
|
|
+ } else if img.OS != "" || img.Architecture != "" {
|
|
+ return Platforms{}, errors.Errorf("invalid image config: os and architecture must be specified together")
|
|
}
|
|
}
|
|
p = platforms.Normalize(p)
|
|
|
|
From 5d7d85f5a0388bb0faa0d9250f96b35814cff1f9 Mon Sep 17 00:00:00 2001
|
|
From: Tonis Tiigi <tonistiigi@gmail.com>
|
|
Date: Sun, 17 Dec 2023 23:39:51 -0800
|
|
Subject: [PATCH 5/5] pb: add extra validation to protobuf types
|
|
|
|
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
|
|
(cherry picked from commit 838635998dcae34bbde59e3eab129ab85bd37bef)
|
|
---
|
|
vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go | 6 ++++++
|
|
|
|
1 files changed, 6 insertions(+)
|
|
|
|
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go b/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go
|
|
index 5ffe67233c50..c5112db9db64 100644
|
|
--- a/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go
|
|
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/client/attestation.go
|
|
@@ -30,8 +30,14 @@ func AttestationToPB[T any](a *result.Attestation[T]) (*pb.Attestation, error) {
|
|
}
|
|
|
|
func AttestationFromPB[T any](a *pb.Attestation) (*result.Attestation[T], error) {
|
|
+ if a == nil {
|
|
+ return nil, errors.Errorf("invalid nil attestation")
|
|
+ }
|
|
subjects := make([]result.InTotoSubject, len(a.InTotoSubjects))
|
|
for i, subject := range a.InTotoSubjects {
|
|
+ if subject == nil {
|
|
+ return nil, errors.Errorf("invalid nil attestation subject")
|
|
+ }
|
|
subjects[i] = result.InTotoSubject{
|
|
Kind: subject.Kind,
|
|
Name: subject.Name,
|