slsa-framework · ianlewis · Apr 10, 2022 · Apr 6, 2022
@@ -15,6 +15,7 @@
 package main
 
 import (
+	"bufio"
 	"context"
 	"errors"
 	"fmt"
@@ -36,38 +37,36 @@ var (
 	// shaCheck verifies a hash is has only hexidecimal digits and is 64
 	// characters long.
 	shaCheck = regexp.MustCompile(`^[a-fA-F0-9]{64}$`)
+
+	// wsSplit is used to split lines in the subjects input.
+	wsSplit = regexp.MustCompile(`[\t ]`)
 )
 
 // parseSubjects parses the value given to the subjects option.
 func parseSubjects(subjectsStr string) ([]intoto.Subject, error) {
 	var parsed []intoto.Subject
 
-	subjects := strings.Split(subjectsStr, "\n")
-	for _, s := range subjects {
+	scanner := bufio.NewScanner(strings.NewReader(subjectsStr))
+	for scanner.Scan() {
 		// Split by whitespace, and get values.
-		fields := strings.Fields(s)
+		parts := wsSplit.Split(strings.TrimSpace(scanner.Text()), 2)
 
-		// Check for the sha256 digest.
-		if len(fields) == 0 {
-			// NOTE: Ignore blank or whitespace only lines.
+		// Lowercase the sha digest to comply with the SLSA spec.
+		shaDigest := strings.ToLower(strings.TrimSpace(parts[0]))
+		if shaDigest == "" {
+			// Ignore empty lines.
 			continue
 		}
-		// Lowercase the sha digest to comply with the SLSA spec.
-		shaDigest := strings.ToLower(fields[0])
 		// Do a sanity check on the SHA to make sure it's a proper hex digest.
 		if !shaCheck.MatchString(shaDigest) {
 			return nil, fmt.Errorf("unexpected sha256 hash %q", shaDigest)
 		}
 
 		// Check for the subject name.
-		if len(fields) == 1 {
+		if len(parts) == 1 {
 			return nil, fmt.Errorf("expected subject name for hash %q", shaDigest)
 		}
-		name := fields[1]
-
-		if len(fields) > 2 {
-			return nil, fmt.Errorf("unexpected extra values: %v", fields[2:])
-		}
+		name := strings.TrimSpace(parts[1])
 
 		parsed = append(parsed, intoto.Subject{
 			Name: name,
@@ -76,6 +75,10 @@ func parseSubjects(subjectsStr string) ([]intoto.Subject, error) {
 			},
 		})
 	}
+	if err := scanner.Err(); err != nil {
+		return nil, err
+	}
+
 	return parsed, nil
 }
 

@@ -28,6 +28,31 @@ func TestParseSubjects(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "name has spaces",
+			str:  "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2 hoge fuga",
+			expected: []intoto.Subject{
+				{
+					Name: "hoge fuga",
+					Digest: slsav02.DigestSet{
+						"sha256": "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2",
+					},
+				},
+			},
+		},
+		{
+			name: "extra whitespace",
+			str:  "\t  2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2 \t hoge fuga  \t  ",
+			expected: []intoto.Subject{
+				{
+					Name: "hoge fuga",
+					Digest: slsav02.DigestSet{
+						"sha256": "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2",
+					},
+				},
+			},
+		},
+
 		{
 			name: "multiple",
 			str: `2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2 hoge
@@ -77,11 +102,6 @@ e712aff3705ac314b9a890e0ec208faa20054eee514d86ab913d768f94e01279 fuga`,
 			str:  "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2",
 			err:  true,
 		},
-		{
-			name: "extra fields",
-			str:  "2e0390eb024a52963db7b95e84a9c2b12c004054a7bad9a97ec0c7c89d4681d2 hoge   extra    fields",
-			err:  true,
-		},
 		{
 			name: "invalid hash",
 			str:  "abcdef hoge",