macaron.slsa_analyzer.provenance.intoto.v01 package

This module handles in-toto version 0.1 attestations.

class macaron.slsa_analyzer.provenance.intoto.v01.InTotoV01Statement

An in-toto version 0.1 statement.

This is the type of the payload in an in-toto version 0.1 attestation. Specification: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement.

predicate: dict[str, int | float | str | None | bool | list[int | float | str | None | bool | list[JsonType] | dict[str, JsonType]] | dict[str, int | float | str | None | bool | list[JsonType] | dict[str, JsonType]]] | None

class macaron.slsa_analyzer.provenance.intoto.v01.InTotoV01Subject

An in-toto subject.

macaron.slsa_analyzer.provenance.intoto.v01.validate_intoto_statement(payload)

Validate the statement of an in-toto attestation.

Parameters:: payload (dict[str, JsonType]) – The JSON statement after being base64-decoded.
Returns:: True if the attestation statement is valid, in which case its type is narrowed to an InTotoStatement; False otherwise.
Return type:: TypeGuard[InTotoStatement]
Raises:: ValidateInTotoPayloadError – When the payload does not follow the expected schema.

macaron.slsa_analyzer.provenance.intoto.v01.validate_intoto_subject(subject)

Validate a single subject in the in-toto statement.

Parameters:: subject (JsonType) – The JSON element representing a single subject.
Returns:: True if the subject element is valid, in which case its type is narrowed to an InTotoSubject; False otherwise.
Return type:: TypeGuard[InTotoSubject]
Raises:: ValidateInTotoPayloadError – When the payload does not follow the expecting schema.

macaron.slsa_analyzer.provenance.intoto.v01.is_valid_digest_set(digest)

Validate the digest set.

Parameters:: digest (dict[str, JsonType]) – The digest set.
Returns:: True if the digest set is valid according to the spec, in which case its type is narrowed to a dict[str, str]; False otherwise.
Return type:: TypeGuard[dict[str, str]]