Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Commit

Permalink
Improve package names (#230)
Browse files Browse the repository at this point in the history
* Merge package types into package model
* Rename package amber to claims
* Remove all occurrences of amber
  • Loading branch information
rbehjati authored May 11, 2023
1 parent d956eec commit 0b728a4
Show file tree
Hide file tree
Showing 15 changed files with 99 additions and 105 deletions.
3 changes: 1 addition & 2 deletions cmd/verifier/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (

"github.com/project-oak/transparent-release/internal/model"
"github.com/project-oak/transparent-release/internal/verification"
"github.com/project-oak/transparent-release/pkg/types"
)

func main() {
Expand All @@ -35,7 +34,7 @@ func main() {
log.Fatalf("couldn't load the provenance bytes from %s: %v", *provenancePath, err)
}
// Parse into a validated provenance to get the predicate/build type of the provenance.
validatedProvenance, err := types.ParseStatementData(provenanceBytes)
validatedProvenance, err := model.ParseStatementData(provenanceBytes)
if err != nil {
log.Fatalf("couldn't parse bytes from %s into a validated provenance: %v", *provenancePath, err)
}
Expand Down
21 changes: 10 additions & 11 deletions internal/endorser/endorser.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,8 @@ import (

"github.com/project-oak/transparent-release/internal/model"
"github.com/project-oak/transparent-release/internal/verification"
"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
"github.com/project-oak/transparent-release/pkg/intoto"
"github.com/project-oak/transparent-release/pkg/types"
)

// ParsedProvenance contains a provenance in the internal ProvenanceIR format,
Expand All @@ -41,34 +40,34 @@ import (
// the DSSE document, while `Provenance` contains the provenance itself.
type ParsedProvenance struct {
Provenance model.ProvenanceIR
SourceMetadata amber.ProvenanceData
SourceMetadata claims.ProvenanceData
}

// GenerateEndorsement generates an endorsement statement for the given validity duration, using
// the given provenances as evidence and reference values to verify them. At least one provenance
// must be provided. The endorsement statement is generated only if the provenance statements are
// valid.
func GenerateEndorsement(referenceValues *verification.ReferenceValues, validityDuration amber.ClaimValidity, provenances []ParsedProvenance) (*intoto.Statement, error) {
func GenerateEndorsement(referenceValues *verification.ReferenceValues, validityDuration claims.ClaimValidity, provenances []ParsedProvenance) (*intoto.Statement, error) {
verifiedProvenances, err := verifyAndSummarizeProvenances(referenceValues, provenances)
if err != nil {
return nil, fmt.Errorf("could not verify and summarize provenances: %v", err)
}

return amber.GenerateEndorsementStatement(validityDuration, *verifiedProvenances), nil
return claims.GenerateEndorsementStatement(validityDuration, *verifiedProvenances), nil
}

// Returns an instance of amber.VerifiedProvenanceSet, containing metadata about a set of verified
// Returns an instance of claims.VerifiedProvenanceSet, containing metadata about a set of verified
// provenances, or an error. An error is returned if any of the following conditions is met:
// (1) The list of provenances is empty,
// (2) Any of the provenances is invalid (see verifyProvenances for details on validity),
// (3) Provenances do not match (e.g., have different binary names).
func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues, provenances []ParsedProvenance) (*amber.VerifiedProvenanceSet, error) {
func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues, provenances []ParsedProvenance) (*claims.VerifiedProvenanceSet, error) {
if len(provenances) == 0 {
return nil, fmt.Errorf("at least one provenance file must be provided")
}

provenanceIRs := make([]model.ProvenanceIR, 0, len(provenances))
provenancesData := make([]amber.ProvenanceData, 0, len(provenances))
provenancesData := make([]claims.ProvenanceData, 0, len(provenances))
for _, p := range provenances {
provenanceIRs = append(provenanceIRs, p.Provenance)
provenancesData = append(provenancesData, p.SourceMetadata)
Expand All @@ -79,7 +78,7 @@ func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues
return nil, fmt.Errorf("failed while verifying of provenances: %v", errs)
}

verifiedProvenances := amber.VerifiedProvenanceSet{
verifiedProvenances := claims.VerifiedProvenanceSet{
BinaryDigest: provenanceIRs[0].BinarySHA256Digest(),
BinaryName: provenanceIRs[0].BinaryName(),
Provenances: provenancesData,
Expand Down Expand Up @@ -155,7 +154,7 @@ func LoadProvenance(provenanceURI string) (*ParsedProvenance, error) {
return nil, fmt.Errorf("couldn't load the provenance bytes from %s: %v", provenanceURI, err)
}
// Parse into a validated provenance to get the predicate/build type of the provenance.
validatedProvenance, err := types.ParseStatementData(provenanceBytes)
validatedProvenance, err := model.ParseStatementData(provenanceBytes)
if err != nil {
return nil, fmt.Errorf("couldn't parse bytes from %s into a validated provenance: %v", provenanceURI, err)
}
Expand All @@ -167,7 +166,7 @@ func LoadProvenance(provenanceURI string) (*ParsedProvenance, error) {
sum256 := sha256.Sum256(provenanceBytes)
return &ParsedProvenance{
Provenance: *provenanceIR,
SourceMetadata: amber.ProvenanceData{
SourceMetadata: claims.ProvenanceData{
URI: provenanceURI,
SHA256Digest: hex.EncodeToString(sum256[:]),
},
Expand Down
10 changes: 5 additions & 5 deletions internal/endorser/endorser_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (

"github.com/project-oak/transparent-release/internal/testutil"
"github.com/project-oak/transparent-release/internal/verification"
"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
)

const (
Expand All @@ -35,7 +35,7 @@ const (
func TestGenerateEndorsement_SingleValidEndorsement(t *testing.T) {
tomorrow := time.Now().AddDate(0, 0, 1)
nextWeek := time.Now().AddDate(0, 0, 7)
validity := amber.ClaimValidity{
validity := claims.ClaimValidity{
NotBefore: &tomorrow,
NotAfter: &nextWeek,
}
Expand Down Expand Up @@ -63,7 +63,7 @@ func TestGenerateEndorsement_SingleValidEndorsement(t *testing.T) {
testutil.AssertEq(t, "binary hash", statement.Subject[0].Digest["sha256"], binaryHash)
testutil.AssertEq(t, "binary name", statement.Subject[0].Name, binaryName)

predicate := statement.Predicate.(amber.ClaimPredicate)
predicate := statement.Predicate.(claims.ClaimPredicate)

testutil.AssertEq(t, "notBefore date", predicate.Validity.NotBefore, &tomorrow)
testutil.AssertEq(t, "notAfter date", predicate.Validity.NotAfter, &nextWeek)
Expand Down Expand Up @@ -97,7 +97,7 @@ func TestLoadAndVerifyProvenances_MultipleValidEndorsement(t *testing.T) {
}

func TestLoadProvenances_FailingSingleRemoteProvenanceEndorsement(t *testing.T) {
_, err := LoadProvenances([]string{"https://github.com/project-oak/transparent-release/blob/main/testdata/amber_provenance.json"})
_, err := LoadProvenances([]string{"https://github.com/project-oak/transparent-release/blob/main/testdata/missing_provenance.json"})
want := "couldn't load the provenance"
if err == nil || !strings.Contains(err.Error(), want) {
t.Fatalf("got %q, want error message containing %q,", err, want)
Expand Down Expand Up @@ -222,7 +222,7 @@ func copyToTemp(path string) (string, error) {
return "", err
}

tmpfile, err := os.CreateTemp("", "amber_provenance.json")
tmpfile, err := os.CreateTemp("", "provenance.json")
if err != nil {
return "", fmt.Errorf("couldn't create tempfile: %v", err)
}
Expand Down
26 changes: 13 additions & 13 deletions internal/fuzzbinder/fuzzclaim.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
package fuzzbinder

// This file provides a custom `ClaimSpec` type, FuzzClaimSpec, to be used
// for fuzzing claims within the ClaimPredicate (defined in amber package).
// for fuzzing claims within the ClaimPredicate (defined in claims package).
// FuzzClaimSpec is intended to be used for providing the user with the
// needed elements to characterize the security of a revision of the source
// code based on fuzzing.
Expand All @@ -27,12 +27,12 @@ import (
"fmt"
"os"

"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
"github.com/project-oak/transparent-release/pkg/intoto"
)

// FuzzClaimV1 is the URI that should be used as the ClaimType in V1 Amber
// Claim representing a V1 Fuzz Claim.
// FuzzClaimV1 is the URI that should be used as the ClaimType in ClaimV1
// representing a V1 Fuzz Claim.
const FuzzClaimV1 = "https://github.com/project-oak/transparent-release/fuzz_claim/v1"

// FuzzClaimSpec gives the `ClaimSpec` definition. It will be included in a
Expand Down Expand Up @@ -71,12 +71,12 @@ type FuzzStats struct {
NumberFuzzTests int `json:"numberFuzzTests,omitempty"`
}

// ValidateFuzzClaim validates that an Amber Claim is a Fuzz Claim with a valid ClaimType.
// ValidateFuzzClaim validates that a Claim is a Fuzz Claim with a valid ClaimType.
// If valid, the ClaimPredicate object is returned. Otherwise an error is returned.
func ValidateFuzzClaim(statement intoto.Statement) (*amber.ClaimPredicate, error) {
predicate, err := amber.ValidateAmberClaim(statement)
func ValidateFuzzClaim(statement intoto.Statement) (*claims.ClaimPredicate, error) {
predicate, err := claims.ValidateClaim(statement)
if err != nil {
return nil, fmt.Errorf("could not validate the fuzzing AmberClaim: %v", err)
return nil, fmt.Errorf("could not validate the fuzzing Claim: %v", err)
}
if predicate.ClaimType != FuzzClaimV1 {
return nil, fmt.Errorf(
Expand All @@ -97,7 +97,7 @@ func ValidateFuzzClaim(statement intoto.Statement) (*amber.ClaimPredicate, error
}

// validateFuzzClaimSpec validates details about the FuzzClaimSpec.
func validateFuzzClaimSpec(predicate amber.ClaimPredicate) (*amber.ClaimPredicate, error) {
func validateFuzzClaimSpec(predicate claims.ClaimPredicate) (*claims.ClaimPredicate, error) {
// validate that perProject.fuzzTimeSeconds is the sum of fuzzTimeSeconds for all fuzz-targets
// and perProject.numberFuzzTests is the sum of numberFuzzTests for all fuzz-targets.
sumTargetsTimeSeconds := 0.0
Expand Down Expand Up @@ -132,8 +132,8 @@ func validateFuzzClaimSpec(predicate amber.ClaimPredicate) (*amber.ClaimPredicat
}

// ParseFuzzClaimFile reads a JSON file from a path, and parses it into an
// instance of intoto.Statement, with AmberClaimV1 as the PredicateType
// and FuzzClaimV1 as the ClaimType.
// instance of intoto.Statement, with ClaimV1 as the PredicateType and
// FuzzClaimV1 as the ClaimType.
func ParseFuzzClaimFile(path string) (*intoto.Statement, error) {
statementBytes, err := os.ReadFile(path)
if err != nil {
Expand All @@ -143,7 +143,7 @@ func ParseFuzzClaimFile(path string) (*intoto.Statement, error) {
}

// ParseFuzzClaimBytes parses a statementBytes into an instance of intoto.Statement,
// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType.
// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType.
func parseFuzzClaimBytes(statementBytes []byte) (*intoto.Statement, error) {
var statement intoto.Statement
if err := json.Unmarshal(statementBytes, &statement); err != nil {
Expand All @@ -155,7 +155,7 @@ func parseFuzzClaimBytes(statementBytes []byte) (*intoto.Statement, error) {
return nil, fmt.Errorf("could not marshal Predicate map into JSON bytes: %v", err)
}

var predicate amber.ClaimPredicate
var predicate claims.ClaimPredicate
if err = json.Unmarshal(predicateBytes, &predicate); err != nil {
return nil, fmt.Errorf("could not unmarshal JSON bytes into a ClaimPredicate: %v", err)
}
Expand Down
20 changes: 10 additions & 10 deletions internal/fuzzbinder/fuzzclaim_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import (
"testing"

"github.com/project-oak/transparent-release/internal/testutil"
"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
)

const (
Expand All @@ -39,13 +39,13 @@ func TestParseFuzzClaimFile(t *testing.T) {
// Verify that the fuzzclaim JSON file parses correctly
testutil.AssertEq(t, "subject[0].name", statement.Subject[0].Name, "https://github.com/project-oak/oak")
testutil.AssertEq(t, "commitHash length", len(statement.Subject[0].Digest["sha1"]), wantSHA1HexDigitLength)
testutil.AssertNonEmpty(t, "perProject.branchCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.BranchCoverage)
testutil.AssertNonEmpty(t, "perProject.lineCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.LineCoverage)
testutil.AssertNonEmpty(t, "perTarget[0].name", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Name)
testutil.AssertNonEmpty(t, "perTarget[0].path", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Path)
testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.branchCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.BranchCoverage)
testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.lineCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.LineCoverage)
testutil.AssertNonEmpty(t, "evidence[0].role", statement.Predicate.(*amber.ClaimPredicate).Evidence[0].Role)
testutil.AssertNonEmpty(t, "evidence[0].uri", statement.Predicate.(*amber.ClaimPredicate).Evidence[0].URI)
testutil.AssertEq(t, "evidence[0].digest length", len(statement.Predicate.(*amber.ClaimPredicate).Evidence[0].Digest["sha256"]), wantSHA256HexDigitLength)
testutil.AssertNonEmpty(t, "perProject.branchCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.BranchCoverage)
testutil.AssertNonEmpty(t, "perProject.lineCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.LineCoverage)
testutil.AssertNonEmpty(t, "perTarget[0].name", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Name)
testutil.AssertNonEmpty(t, "perTarget[0].path", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Path)
testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.branchCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.BranchCoverage)
testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.lineCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.LineCoverage)
testutil.AssertNonEmpty(t, "evidence[0].role", statement.Predicate.(*claims.ClaimPredicate).Evidence[0].Role)
testutil.AssertNonEmpty(t, "evidence[0].uri", statement.Predicate.(*claims.ClaimPredicate).Evidence[0].URI)
testutil.AssertEq(t, "evidence[0].digest length", len(statement.Predicate.(*claims.ClaimPredicate).Evidence[0].Digest["sha256"]), wantSHA256HexDigitLength)
}
14 changes: 7 additions & 7 deletions internal/fuzzbinder/fuzzgenerator.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@ package fuzzbinder
// This file provides the generator module that helps to generate
// fuzzing claims using the extracted data from the fuzzing reports.
// The generated fuzzing claims are an instance of intoto.Statement
// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType.
// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType.

import (
"fmt"
"time"

"github.com/project-oak/transparent-release/internal/gcsutil"
"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
"github.com/project-oak/transparent-release/pkg/intoto"
)

Expand Down Expand Up @@ -104,10 +104,10 @@ func generateFuzzClaimSpec(client *gcsutil.Client, revisionDigest intoto.DigestS
}

// GenerateFuzzClaim generates a fuzzing claim (an instance of intoto.Statement,
// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType) using the
// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType) using the
// fuzzing reports of OSS-Fuzz and ClusterFuzz.

func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, validity amber.ClaimValidity) (*intoto.Statement, error) {
func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, validity claims.ClaimValidity) (*intoto.Statement, error) {
revisionDigest, err := GetCoverageRevision(client, fuzzParameters)

if err != nil {
Expand All @@ -131,8 +131,8 @@ func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, v
}
// Current time in UTC time zone since it is used by OSS-Fuzz.
currentTime := time.Now().UTC()
// Generate Amber predicate
predicate := amber.ClaimPredicate{
// Generate claim predicate
predicate := claims.ClaimPredicate{
ClaimType: FuzzClaimV1,
ClaimSpec: *fuzzClaimSpec,
IssuedOn: &currentTime,
Expand All @@ -146,7 +146,7 @@ func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, v
}
statementHeader := intoto.StatementHeader{
Type: intoto.StatementInTotoV01,
PredicateType: amber.AmberClaimV1,
PredicateType: claims.ClaimV1,
Subject: []intoto.Subject{subject},
}
statement := intoto.Statement{
Expand Down
10 changes: 5 additions & 5 deletions internal/fuzzbinder/fuzzscraper.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ import (
"strings"

"github.com/project-oak/transparent-release/internal/gcsutil"
"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
"github.com/project-oak/transparent-release/pkg/intoto"
)

Expand Down Expand Up @@ -396,13 +396,13 @@ func GetFuzzTargets(client *gcsutil.Client, fuzzParameters *FuzzParameters) ([]s
}

// addClaimEvidence adds an evidence to the list of the evidence files used by the fuzzscraper.
func addClaimEvidence(client *gcsutil.Client, evidences []amber.ClaimEvidence, blobName string, role string) ([]amber.ClaimEvidence, error) {
func addClaimEvidence(client *gcsutil.Client, evidences []claims.ClaimEvidence, blobName string, role string) ([]claims.ClaimEvidence, error) {
fileBytes, err := client.GetBlobData(CoverageBucket, blobName)
if err != nil {
return nil, fmt.Errorf("could not get data in evidence file: %v", err)
}
digest := getGCSFileDigest(fileBytes)
evidence := amber.ClaimEvidence{
evidence := claims.ClaimEvidence{
Role: role,
URI: fmt.Sprintf("gs://%s/%s", CoverageBucket, blobName),
Digest: *digest,
Expand All @@ -412,8 +412,8 @@ func addClaimEvidence(client *gcsutil.Client, evidences []amber.ClaimEvidence, b
}

// GetEvidences gets the list of the evidence files used by the fuzzscraper.
func GetEvidences(client *gcsutil.Client, fuzzParameters *FuzzParameters, fuzzTargets []string) ([]amber.ClaimEvidence, error) {
evidences := make([]amber.ClaimEvidence, 0, len(fuzzTargets)+2)
func GetEvidences(client *gcsutil.Client, fuzzParameters *FuzzParameters, fuzzTargets []string) ([]claims.ClaimEvidence, error) {
evidences := make([]claims.ClaimEvidence, 0, len(fuzzTargets)+2)
// TODO(#174): Replace GCS path by Ent path in evidences URI.
// The GCS absolute path of the file containing the revision hash of the source code used
// in the coverage build on a given day.
Expand Down
8 changes: 4 additions & 4 deletions internal/fuzzbinder/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
"fmt"
"time"

"github.com/project-oak/transparent-release/pkg/amber"
"github.com/project-oak/transparent-release/pkg/claims"
)

const (
Expand Down Expand Up @@ -70,7 +70,7 @@ func ValidateFuzzingDate(date string, referenceTime time.Time) error {

// GetValidFuzzClaimValidity gets the fuzzing claim validity using
// the values entered for notBeforeStr and notAfterStr.
func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, notAfterStr *string) (*amber.ClaimValidity, error) {
func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, notAfterStr *string) (*claims.ClaimValidity, error) {
notAfter, err := parseDate(*notAfterStr)
if err != nil {
return nil, fmt.Errorf(
Expand All @@ -81,7 +81,7 @@ func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, no
return nil, fmt.Errorf(
"could not parse notBefore to *time.Time: %v", err)
}
validity := amber.ClaimValidity{
validity := claims.ClaimValidity{
NotBefore: notBefore,
NotAfter: notAfter,
}
Expand All @@ -95,7 +95,7 @@ func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, no

// validateFuzzClaimValidity validates the fuzzing claim validity to make
// sure that NotBefore is after referenceTime and NotAfter is after NotBefore.
func validateFuzzClaimValidity(validity amber.ClaimValidity, referenceTime time.Time) error {
func validateFuzzClaimValidity(validity claims.ClaimValidity, referenceTime time.Time) error {
if validity.NotBefore.Before(referenceTime) {
return fmt.Errorf(
"notBefore (%v) is not after referenceTime (%v)", validity.NotBefore, referenceTime)
Expand Down
Loading

0 comments on commit 0b728a4

Please sign in to comment.