macaron.slsa_analyzer.provenance.expectations package

Subpackages

• macaron.slsa_analyzer.provenance.expectations.cue package

Submodules

macaron.slsa_analyzer.provenance.expectations.expectation module

This module provides a base class for provenance expectation verifiers.

class macaron.slsa_analyzer.provenance.expectations.expectation.Expectation(*args, **kwargs)

Bases: CheckFacts

An intermediate abstract SQLAlchemy mapping for the expectation used to validate a target provenance.

description: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The description.

path: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The path to the expectation file.

target: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The full repository name this expectation applies to.

text: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The full text content of the expectation.

sha: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The sha256sum digest of the expectation.

expectation_type: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The kind of expectation, e.g., CUE.

asset_url: Mapped[str] = <sqlalchemy.orm.properties.MappedColumn object>

The URL for the provenance asset that the expectation is verified against.

__init__(*args, **kwargs)

Create an instance provenance expectation.

abstract classmethod make_expectation(expectation_path)

Generate an expectation instance from an expectation file.

Parameters:

expectation_path (str) – The path to the expectation file.

Returns:

The instantiated expectation object.

Return type:

Self | None

validate(prov)

Validate the provenance against this expectation.

Parameters:

prov (Any) – The provenance to validate.

Return type:

bool

Raises:

ExpectationRuntimeError – If there are errors happened during the validation process.

macaron.slsa_analyzer.provenance.expectations.expectation_registry module

The provenance expectation module manages expectations that will be provided to checks.

class macaron.slsa_analyzer.provenance.expectations.expectation_registry.ExpectationRegistry(expectation_paths)

Bases: object

The expectation registry class stores expectations and their results.

Parameters:

• macaron_path (str) – The path to the macaron module

• expectation_paths (list[str]) – The list of expectation file paths. all((os.isfile(path) for path in expectation_paths)) must be True.

__init__(expectation_paths)

expectations: dict[str, Expectation]

evaluated: bool

get_expectation_for_target(repo_complete_name)

Get the expectation that applies to a repository.

Parameters:

repo_complete_name (str) – The complete name of the repository, formatted “git_host/organization/repo-name”

Returns:

An expectation if one is found, otherwise None.

Return type:

Expectation | None