Affected by GO-2024-2718 and 1 other vulnerabilities

GO-2024-2718: Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign

GO-2024-2719: Cosign malicious artifacts can cause machine-wide DoS in github.com/sigstore/cosign

The highest tagged major version is v2.

sign

package

v1.5.0 Latest Latest Go to latest Published: Jan 21, 2022 License: Apache-2.0 Imports: 43 Imported by: 19

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/sigstore/cosign

Links

Open Source Insights

Documentation ¶

Index ¶

func GetAttachedImageRef(ref name.Reference, attachment string, opts ...ociremote.Option) (name.Reference, error)
func ShouldUploadToTlog(ctx context.Context, ref name.Reference, force bool, url string) bool
func SignBlobCmd(ctx context.Context, ko KeyOpts, regOpts options.RegistryOptions, ...) ([]byte, error)
func SignCmd(ctx context.Context, ko KeyOpts, regOpts options.RegistryOptions, ...) error
type KeyOpts
type SignerVerifier
- func SignerFromKeyOpts(ctx context.Context, certPath string, ko KeyOpts) (*SignerVerifier, error)
- func (c *SignerVerifier) Bytes(ctx context.Context) ([]byte, error)
- func (c *SignerVerifier) Close()

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetAttachedImageRef ¶

func GetAttachedImageRef(ref name.Reference, attachment string, opts ...ociremote.Option) (name.Reference, error)

func ShouldUploadToTlog ¶

func ShouldUploadToTlog(ctx context.Context, ref name.Reference, force bool, url string) bool

func SignBlobCmd ¶

func SignBlobCmd(ctx context.Context, ko KeyOpts, regOpts options.RegistryOptions, payloadPath string, b64 bool, outputSignature string, outputCertificate string, timeout time.Duration) ([]byte, error)

nolint

func SignCmd ¶

func SignCmd(ctx context.Context, ko KeyOpts, regOpts options.RegistryOptions, annotations map[string]interface{},
	imgs []string, certPath string, upload bool, outputSignature, outputCertificate string, payloadPath string, force bool, recursive bool, attachment string) error

nolint

Types ¶

type KeyOpts ¶

type KeyOpts struct {
	Sk               bool
	Slot             string
	KeyRef           string
	FulcioURL        string
	RekorURL         string
	IDToken          string
	PassFunc         cosign.PassFunc
	OIDCIssuer       string
	OIDCClientID     string
	OIDCClientSecret string
	BundlePath       string

	// Modeled after InsecureSkipVerify in tls.Config, this disables
	// verifying the SCT.
	InsecureSkipFulcioVerify bool
}

type SignerVerifier ¶ added in v1.4.0

type SignerVerifier struct {
	Cert  []byte
	Chain []byte
	signature.SignerVerifier
	// contains filtered or unexported fields
}

func SignerFromKeyOpts ¶

func SignerFromKeyOpts(ctx context.Context, certPath string, ko KeyOpts) (*SignerVerifier, error)

func (*SignerVerifier) Bytes ¶ added in v1.4.0

func (c *SignerVerifier) Bytes(ctx context.Context) ([]byte, error)

func (*SignerVerifier) Close ¶ added in v1.4.0

func (c *SignerVerifier) Close()

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL