macaron.slsa_analyzer.provenance.intoto package
In-toto provenance schemas and validation.
- class macaron.slsa_analyzer.provenance.intoto.InTotoV01Payload(statement: v01.InTotoV01Statement)
Bases:
NamedTuple
The provenance payload following in-toto v0.1 schema.
The payload is a field within a DSSE envelope, having the type “Statement”.
In-toto spec (v0.1): - In-toto attestation layers: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#attestation-spec - Envelope layer: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#envelope - Statement layer: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement
-
statement:
InTotoV01Statement
Alias for field number 0
-
statement:
- class macaron.slsa_analyzer.provenance.intoto.InTotoV1Payload(statement: v1.InTotoV1Statement)
Bases:
NamedTuple
The provenance payload following in-toto v1 schema.
The payload is a field within a DSSE envelope, having the type “Statement”.
In-toto spec (v1): - In-toto attestation layers: https://github.com/in-toto/attestation/tree/main/spec/v1#specification-for-in-toto-attestation-layers - Envelope layer: https://github.com/in-toto/attestation/blob/main/spec/v1/envelope.md - Statement layer: https://github.com/in-toto/attestation/blob/main/spec/v1/statement.md
-
statement:
InTotoV1Statement
Alias for field number 0
-
statement:
- macaron.slsa_analyzer.provenance.intoto.validate_intoto_payload(payload)
Validate the schema of an in-toto provenance payload.
- Parameters:
- Returns:
The validated in-toto payload.
- Return type:
InTotoPayload
- Raises:
ValidateInTotoPayloadError – When there is an error validating the payload.
- class macaron.slsa_analyzer.provenance.intoto.ProvenanceSubjectPURLMatcher(*args, **kwargs)
Bases:
Protocol
Interface for a matcher that matches a PURL to a subject in the provenance.
- static get_subject_in_provenance_matching_purl(provenance_payload, purl)
Obtain the subject in the provenance payload matching the given PackageURL.
This function assumes there is only one such subject. If there are multiple such subjects, the first matching subject is returned. However, this should not happen since the PackageURL should be specific enough to identify a single subject.
- Parameters:
provenance_payload (InTotoPayload) – The provenance payload.
purl (PackageURL) – The PackageURL identifying the matching subject.
- Returns:
The subject in the provenance matching the given PURL.
- Return type:
- __init__(*args, **kwargs)
Subpackages
Submodules
macaron.slsa_analyzer.provenance.intoto.errors module
Error types related to in-toto attestations.
- exception macaron.slsa_analyzer.provenance.intoto.errors.InTotoAttestationError
Bases:
MacaronError
The base error type for all in-toto related errors.
- exception macaron.slsa_analyzer.provenance.intoto.errors.ValidateInTotoPayloadError
Bases:
InTotoAttestationError
Happens when there is an issue validating an in-toto payload, usually against a schema.
- exception macaron.slsa_analyzer.provenance.intoto.errors.UnsupportedInTotoVersionError
Bases:
InTotoAttestationError
Happens when encountering a provenance under an unsupported in-toto version.
- exception macaron.slsa_analyzer.provenance.intoto.errors.LoadIntotoAttestationError
Bases:
InTotoAttestationError
Happens when there is an issue decoding and loading the payload of an in-toto provenance.