fix: enhance Tag validation to detect schema issues in signedcorim_test #234
+54
−25
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes veraison#104 - signedcorim_test has outdated schema for serialized payload This commit implements enhanced tag validation as suggested by @deeglaze in issue veraison#104. The changes include: 1. Enhanced Tag.Valid() method to properly validate tag content based on tag number (CoMID tag 506, CoSWID tag 505, and generic CBOR for others) 2. Added validateComidTag() method that unmarshals and validates CoMID content using the existing comid.Comid.Valid() method 3. Added validateCoswidTag() method that validates CoSWID content by attempting to unmarshal to swid.SoftwareIdentity 4. Added validateGenericCBOR() method for unknown tag types to ensure the content is at least valid CBOR 5. Updated TestSignedCorim_TaggedFromCOSE_ok to expect validation failure for the outdated test payload, which correctly identifies the schema mismatch described in the issue 6. Added TestSignedCorim_TaggedFromCOSE_enhanced_validation test to explicitly document the enhanced validation behavior The outdated test payload had a schema mismatch where PSA impl-id (tag 600) was being confused with PSA refval-id structures, causing unmarshaling errors when trying to unmarshal maps into TaggedImplID fields. The enhanced validation now properly detects such schema issues instead of silently accepting invalid tag content. All existing tests continue to pass, ensuring backward compatibility while providing better validation for CoRIM tag content. Signed-off-by: Kallal Mukherjee <[email protected]>
Signed-off-by: Kallal Mukherjee <[email protected]>
7908837174
force-pushed
the
fix-signedcorim-schema-validation
branch
from
3f67c8a to
c31e67d
Compare
Contributor
Author
|
Hi , sir @yogeshbdeshpande, sir @setrofim, sir @thomas-fossati, |
setrofim
requested changes
Dec 1, 2025
Contributor
setrofim
left a comment
setrofim
left a comment
There was a problem hiding this comment.
The commenting in the changes is excessive. Pease remove superflous comments (hint: it's most of them).
corim/signedcorim_test.go
Outdated
| assert.Nil(t, err) | ||
| // With enhanced tag validation, this should now fail due to outdated schema | ||
| // The error indicates the payload has an incorrect schema for PSA impl-id vs refval-id | ||
| assert.NotNil(t, err) |
Contributor
There was a problem hiding this comment.
This test case is supposed to test correct unmarshalling of a valid CoRIM. Rather than changing the expected error to be non-nil, the input needs to be amended with a valide signed CoRIM.
corim/signedcorim_test.go
Outdated
|
|
||
| // TestSignedCorim_TaggedFromCOSE_enhanced_validation tests that our enhanced | ||
| // tag validation correctly identifies schema problems with outdated payloads | ||
| func TestSignedCorim_TaggedFromCOSE_enhanced_validation(t *testing.T) { |
Contributor
There was a problem hiding this comment.
TestSignedCorim_TaggedFromCOSE_nok or TestSignedCorim_TaggedFromCOSE_bad
nexpectArpit
pushed a commit
to 7908837174/corim-kallal
that referenced
this pull request
Dec 4, 2025
- Remove excessive comments from unsignedcorim.go validation methods - Fix TestSignedCorim_TaggedFromCOSE_ok to use valid signed CoRIM test data - Rename TestSignedCorim_TaggedFromCOSE_enhanced_validation to _bad - Remove excessive comments from _bad test Addresses maintainer feedback from @setrofim
- Remove excessive comments from unsignedcorim.go validation methods - Fix TestSignedCorim_TaggedFromCOSE_ok to use valid signed CoRIM test data - Rename TestSignedCorim_TaggedFromCOSE_enhanced_validation to _bad - Remove excessive comments from _bad test Addresses maintainer feedback from @setrofim Signed-off-by: Kallal Mukherjee <[email protected]>
Add proper godoc comments to Tag validation methods: - Valid(): Documents tag content validation strategy - validateComidTag(): Describes CoMID tag validation - validateCoswidTag(): Describes CoSWID tag validation - validateGenericCBOR(): Describes generic CBOR validation These comments improve code documentation and help future maintainers understand the validation flow for different tag types. Signed-off-by: 7908837174 <[email protected]> Signed-off-by: Kallal Mukherjee <[email protected]>
nexpectArpit
force-pushed
the
fix-signedcorim-schema-validation
branch
from
64e4f5d to
4efe108
Compare
Contributor
Author
|
Hi , sir @yogeshbdeshpande, sir @setrofim, sir @thomas-fossati, |
setrofim
reviewed
Dec 5, 2025
Comment on lines
+201
to
+202
| assert.NotNil(t, err) | ||
| assert.Contains(t, err.Error(), "tag validation failed") |
Contributor
There was a problem hiding this comment.
Suggested change
| assert.NotNil(t, err) | |
| assert.Contains(t, err.Error(), "tag validation failed") | |
| assert.ErrorContains(t, err, "tag validation failed") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #104 - signedcorim_test has outdated schema for serialized payload
This commit implements enhanced tag validation as suggested by @deeglaze in issue #104. The changes include:
Enhanced Tag.Valid() method to properly validate tag content based on tag number (CoMID tag 506, CoSWID tag 505, and generic CBOR for others)
Added validateComidTag() method that unmarshals and validates CoMID content using the existing comid.Comid.Valid() method
Added validateCoswidTag() method that validates CoSWID content by attempting to unmarshal to swid.SoftwareIdentity
Added validateGenericCBOR() method for unknown tag types to ensure the content is at least valid CBOR
Updated TestSignedCorim_TaggedFromCOSE_ok to expect validation failure for the outdated test payload, which correctly identifies the schema mismatch described in the issue
Added TestSignedCorim_TaggedFromCOSE_enhanced_validation test to explicitly document the enhanced validation behavior
The outdated test payload had a schema mismatch where PSA impl-id (tag 600) was being confused with PSA refval-id structures, causing unmarshaling errors when trying to unmarshal maps into TaggedImplID fields. The enhanced validation now properly detects such schema issues instead of silently accepting invalid tag content.
All existing tests continue to pass, ensuring backward compatibility while providing better validation for CoRIM tag content.