macaron.slsa_analyzer.provenance.intoto.v01 package
This module handles in-toto version 0.1 attestations.
- class macaron.slsa_analyzer.provenance.intoto.v01.InTotoV01Statement
Bases:
TypedDict
An in-toto version 0.1 statement.
This is the type of the payload in an in-toto version 0.1 attestation. Specification: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement.
-
subject:
list
[InTotoV01Subject
]
-
subject:
- class macaron.slsa_analyzer.provenance.intoto.v01.InTotoV01Subject
Bases:
TypedDict
An in-toto subject.
Specification: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement.
- macaron.slsa_analyzer.provenance.intoto.v01.validate_intoto_statement(payload)
Validate the statement of an in-toto attestation.
Specification: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement.
- Parameters:
payload (dict[str, JsonType]) – The JSON statement after being base64-decoded.
- Returns:
True
if the attestation statement is valid, in which case its type is narrowed to anInTotoStatement
;False
otherwise.- Return type:
TypeGuard[InTotoStatement]
- Raises:
ValidateInTotoPayloadError – When the payload does not follow the expected schema.
- macaron.slsa_analyzer.provenance.intoto.v01.validate_intoto_subject(subject)
Validate a single subject in the in-toto statement.
See specification: https://github.com/in-toto/attestation/tree/main/spec/v0.1.0#statement.
- Parameters:
subject (JsonType) – The JSON element representing a single subject.
- Returns:
True
if the subject element is valid, in which case its type is narrowed to anInTotoSubject
;False
otherwise.- Return type:
TypeGuard[InTotoSubject]
- Raises:
ValidateInTotoPayloadError – When the payload does not follow the expecting schema.
- macaron.slsa_analyzer.provenance.intoto.v01.is_valid_digest_set(digest)
Validate the digest set.
Specification for the digest set: https://github.com/in-toto/attestation/blob/main/spec/v0.1.0/field_types.md#DigestSet.