adding tests

Signed-off-by: chaosinthecrd <[email protected]>

cmd/run.go

@@ -86,19 +86,23 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
 	}
 
 	for _, a := range ro.Attestations {
+		duplicate := false
 		for _, att := range attestors {
-			if a == att.Name() {
-				log.Warnf("Attestator %s already declared, skipping", a)
-				break
+			if a != att.Name() {
 			} else {
-				attestor, err := attestation.GetAttestor(a)
-				if err != nil {
-					return fmt.Errorf("failed to create attestor: %w", err)
-				}
-				attestors = append(attestors, attestor)
+				log.Warnf("Attestator %s already declared, skipping", a)
+				duplicate = true
 				break
 			}
 		}
+
+		if !duplicate {
+			attestor, err := attestation.GetAttestor(a)
+			if err != nil {
+				return fmt.Errorf("failed to create attestor: %w", err)
+			}
+			attestors = append(attestors, attestor)
+		}
 	}
 
 	for _, attestor := range attestors {

cmd/run_test.go

@@ -20,15 +20,20 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/in-toto/go-witness/cryptoutil"
 	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/go-witness/signer"
 	"github.com/in-toto/go-witness/signer/file"
 	"github.com/in-toto/witness/options"
+	"github.com/sirupsen/logrus"
+	"github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -171,3 +176,73 @@ func TestRunHashesOptions(t *testing.T) {
 		})
 	}
 }
+
+func TestRunDuplicateAttestors(t *testing.T) {
+	tests := []struct {
+		name       string
+		attestors  []string
+		expectWarn int
+	}{
+		{
+			name:       "No duplicate attestors",
+			attestors:  []string{"environment"},
+			expectWarn: 0,
+		},
+		{
+			name:       "duplicate attestors",
+			attestors:  []string{"environment", "environment"},
+			expectWarn: 1,
+		},
+		{
+			name:       "duplicate attestor due to default",
+			attestors:  []string{"product"},
+			expectWarn: 1,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fmt.Println(tt.name)
+			testLogger, hook := test.NewNullLogger()
+			log.SetLogger(testLogger)
+
+			privatekey, err := rsa.GenerateKey(rand.Reader, keybits)
+			require.NoError(t, err)
+			signer := cryptoutil.NewRSASigner(privatekey, crypto.SHA256)
+
+			workingDir := t.TempDir()
+			attestationPath := filepath.Join(workingDir, "outfile.txt")
+			runOptions := options.RunOptions{
+				WorkingDir:   workingDir,
+				Attestations: tt.attestors,
+				OutFilePath:  attestationPath,
+				StepName:     "teststep",
+				Tracing:      false,
+			}
+
+			args := []string{
+				"bash",
+				"-c",
+				"echo 'test' > test.txt",
+			}
+
+			err = runRun(context.Background(), runOptions, args, signer)
+			if tt.expectWarn > 0 {
+				c := 0
+				for _, entry := range hook.AllEntries() {
+					fmt.Println(tt.name, "log:", entry.Message)
+					if entry.Level == logrus.WarnLevel && strings.Contains(entry.Message, "already declared, skipping") {
+						c++
+					}
+				}
+				assert.Equal(t, tt.expectWarn, c)
+			} else {
+				require.NoError(t, err)
+				attestationBytes, err := os.ReadFile(attestationPath)
+				require.NoError(t, err)
+				env := dsse.Envelope{}
+				require.NoError(t, json.Unmarshal(attestationBytes, &env))
+			}
+		})
+	}
+}

docs/witness_run.md

@@ -10,7 +10,7 @@ witness run [cmd] [flags]
 
 ```
       --archivista-server string                      URL of the Archivista server to store or retrieve attestations (default "https://archivista.testifysec.io")
-  -a, --attestations strings                          Attestations to record (default [environment,git])
+  -a, --attestations strings                          Attestations to record (default [product,material])
       --attestor-product-exclude-glob string          Pattern to use when recording products. Files that match this pattern will be excluded as subjects on the attestation.
       --attestor-product-include-glob string          Pattern to use when recording products. Files that match this pattern will be included as subjects on the attestation. (default "*")
       --enable-archivista                             Use Archivista to store or retrieve attestations

go.sum

@@ -220,8 +220,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/in-toto/archivista v0.2.0 h1:FViuHMVVETborvOqlmSYdROY8RmX3CO0V0MOhU/Rl20=
 github.com/in-toto/archivista v0.2.0/go.mod h1:qt9uN4TkHWUgR5A2wxRqQIBizSl32P2nI2AjESskkr0=
-github.com/in-toto/go-witness v0.2.0 h1:lxp3+Kc4Der2C1jV9ZePjSCEHUr2NsB4sImXI5sZHu4=
-github.com/in-toto/go-witness v0.2.0/go.mod h1:Jr6ZlYoVfTS3hjUSmJ10J8qiHjpF1cfSE4NLAIJpbLw=
 github.com/in-toto/go-witness v0.2.1 h1:eAxMBWUPbz3oPU3lsfEYi/Kdj6weej2umm59bOXPJSU=
 github.com/in-toto/go-witness v0.2.1/go.mod h1:xURJVj4QRD3xnzOJps7gT0pMCFPpAHcPqDC3EyuLuUE=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
@@ -751,8 +749,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/apimachinery v0.26.11 h1:w//840HHdwSRKqD15j9YX9HLlU6RPlfrvW0xEhLk2+0=
-k8s.io/apimachinery v0.26.11/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y=
 k8s.io/apimachinery v0.26.12 h1:y+OgufxqLIZtyXIydRhjLBGzrYLF+qwiDdCFXYOjeN4=
 k8s.io/apimachinery v0.26.12/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y=
 k8s.io/klog/v2 v2.90.0 h1:VkTxIV/FjRXn1fgNNcKGM8cfmL1Z33ZjXRTVxKCoF5M=