Skip to content

Commit 95cb000

Browse files
committed
fix(signature): Prevent setting signature algorithm if no verification
Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
1 parent 09023f8 commit 95cb000

1 file changed

Lines changed: 5 additions & 4 deletions

File tree

  • pkg/attestation/renderer/chainloop

pkg/attestation/renderer/chainloop/v02.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -144,11 +144,12 @@ func commitAnnotations(c *v1.Commit) (*structpb.Struct, error) {
144144
annotationsRaw[subjectGitAnnotationSignature] = c.GetSignature()
145145
}
146146

147-
// add author verification only if exists
148-
if c.GetPlatformVerification() != nil {
149-
pv := c.GetPlatformVerification()
147+
// add verification only if exists as well as its fields
148+
if pv := c.GetPlatformVerification(); pv != nil {
150149
annotationsRaw[subjectGitAnnotationAuthorVerificationStatus] = pv.GetStatus().String()
151-
annotationsRaw[subjectGitAnnotationSignatureAlgorithm] = pv.GetSignatureAlgorithm()
150+
if sig := pv.GetSignatureAlgorithm(); sig != "" {
151+
annotationsRaw[subjectGitAnnotationSignatureAlgorithm] = sig
152+
}
152153
}
153154

154155
if remotes := c.GetRemotes(); len(remotes) > 0 {

0 commit comments

Comments
 (0)