Skip to content

Commit dfc6fd9

Browse files
aledbfaledbf
committed
Check symbolic links
1 parent 036b3ab commit dfc6fd9

File tree

1 file changed

+38
-15
lines changed

1 file changed

+38
-15
lines changed

pkg/leeway/provenance.go

Lines changed: 38 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -295,28 +295,15 @@ type provenanceEnvironment struct {
295295
func (p *Package) inTotoMaterials() ([]in_toto.ProvenanceMaterial, error) {
296296
res := make([]in_toto.ProvenanceMaterial, 0, len(p.Sources))
297297
for _, src := range p.Sources {
298-
stat, err := os.Lstat(src)
298+
skip, err := shouldSkipSource(src)
299299
if err != nil {
300300
return nil, err
301301
}
302302

303-
if stat.Mode().IsDir() || !stat.Mode().IsRegular() {
303+
if skip {
304304
continue
305305
}
306306

307-
// in case of symlinks, we need to resolve the link and check the target
308-
if stat.Mode()&os.ModeSymlink == os.ModeSymlink {
309-
targetSrc, _ := os.Readlink(src)
310-
stat, err := os.Lstat(targetSrc)
311-
if err != nil {
312-
return nil, err
313-
}
314-
315-
if stat.Mode().IsDir() || !stat.Mode().IsRegular() {
316-
continue
317-
}
318-
}
319-
320307
hash, err := sha256Hash(src)
321308
if err != nil {
322309
return nil, err
@@ -398,6 +385,15 @@ func (fset fileset) Subjects(base string) ([]in_toto.Subject, error) {
398385
return nil, xerrors.Errorf("cannot compute hash of %s: %w", src, err)
399386
}
400387

388+
skip, err := shouldSkipSource(f.Name())
389+
if err != nil {
390+
return nil, xerrors.Errorf("cannot compute hash of %s: %w", src, err)
391+
}
392+
393+
if skip {
394+
continue
395+
}
396+
401397
hash := sha256.New()
402398
_, err = io.Copy(hash, f)
403399
if err != nil {
@@ -493,3 +489,30 @@ func (a *AttestationBundle) AddFromBundle(other io.Reader) error {
493489
}
494490

495491
func (a *AttestationBundle) Len() int { return len(a.keys) }
492+
493+
func shouldSkipSource(src string) (bool, error) {
494+
stat, err := os.Lstat(src)
495+
if err != nil {
496+
return false, err
497+
}
498+
499+
if stat.Mode().IsDir() || !stat.Mode().IsRegular() {
500+
return true, nil
501+
}
502+
503+
// in case of symlinks, we need to resolve the link and check the target
504+
if stat.Mode()&os.ModeSymlink == os.ModeSymlink {
505+
targetSrc, _ := os.Readlink(src)
506+
stat, err := os.Lstat(targetSrc)
507+
if err != nil {
508+
return false, err
509+
}
510+
511+
if stat.Mode().IsDir() || !stat.Mode().IsRegular() {
512+
return true, nil
513+
}
514+
}
515+
516+
return false, nil
517+
518+
}

0 commit comments

Comments
 (0)