Segmentation Fault on Attestation Verification with Local Bundle in `gh attestation verify`

[ei-grad]

Description

When attempting to verify the attestation for the flask_shell_ipython-0.5.3-py3-none-any.whl package using gh attestation verify, a segmentation violation occurs, leading to a panic and a nil pointer dereference error.

The attestation bundle is passed as a local file using the -b argument because it was not uploaded to GitHub attestations. The bundle was generated by sigstore/gh-action-sigstore-python@v3.0.0 action in this job.

Command executed:

GH_DEBUG=true gh attestation verify flask_shell_ipython-0.5.3-py3-none-any.whl \
    --owner ei-grad \
    -b flask_shell_ipython-0.5.3-py3-none-any.whl.sigstore.json

Output:

Loaded digest sha256:c0a1905671ba7223d36e59854e7900832a0febf127e5c01793377af878560ebd for file://flask_shell_ipython-0.5.3-py3-none-any.whl
Loaded 1 attestation from flask_shell_ipython-0.5.3-py3-none-any.whl.sigstore.json
Verifying attestation 1/1 against the configured Sigstore trust roots
Attempting verification against issuer "sigstore.dev"
SUCCESS - attestation signature verified with "sigstore.dev"

✓ Verification succeeded!

sha256:c0a1905671ba7223d36e59854e7900832a0febf127e5c01793377af878560ebd was attested by:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x5d7bce4362b7]

goroutine 1 [running]:
github.com/cli/cli/v2/pkg/cmd/attestation/verify.buildTableVerifyContent({0xc00073a8a8, 0x1, 0x14?})
	github.com/cli/cli/v2/pkg/cmd/attestation/verify/verify.go:307 +0xd7
github.com/cli/cli/v2/pkg/cmd/attestation/verify.runVerify(0xc000776140)
	github.com/cli/cli/v2/pkg/cmd/attestation/verify/verify.go:259 +0xb0b
github.com/cli/cli/v2/pkg/cmd/attestation/verify.NewVerifyCmd.func2(0xc000774608?, {0xc0000cb040?, 0x4?, 0x5d7bce6938f9?})
	github.com/cli/cli/v2/pkg/cmd/attestation/verify/verify.go:143 +0x1e5
github.com/spf13/cobra.(*Command).execute(0xc000774608, {0xc0000caff0, 0x5, 0x5})
	github.com/spf13/cobra@v1.8.1/command.go:985 +0xaaa
github.com/spf13/cobra.(*Command).ExecuteC(0xc000664608)
	github.com/spf13/cobra@v1.8.1/command.go:1117 +0x3ff
github.com/spf13/cobra.(*Command).ExecuteContextC(...)
	github.com/spf13/cobra@v1.8.1/command.go:1050
main.mainRun()
	github.com/cli/cli/v2/cmd/gh/main.go:119 +0x53b
main.main()
	github.com/cli/cli/v2/cmd/gh/main.go:46 +0x13

Steps to reproduce

1. Download the necessary files (flask_shell_ipython-0.5.3-py3-none-any.whl and flask_shell_ipython-0.5.3-py3-none-any.whl.sigstore.json) from the releases page.
2. Run the following command:

   GH_DEBUG=true gh attestation verify flask_shell_ipython-0.5.3-py3-none-any.whl --owner ei-grad -b flask_shell_ipython-0.5.3-py3-none-any.whl.sigstore.json
   

Version

gh version 2.55.0 (2024-08-20)

uname -a
Linux ei-grad-x1 6.10.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 19 Aug 2024 17:02:39 +0000 x86_64 GNU/Linux

[williammartin]

This nil pointer dereference is occurring here:

cli/pkg/cmd/attestation/verify/verify.go

Line 315 in 82b5099

predicateType := res.VerificationResult.Statement.PredicateType

on the Statement field which has type *in_toto.Statement. How can this be nil? Well, in sigstore-go when we are using the SignedEntityVerifier.Verify, it only sets .Statement if the SignatureContent is an Envelope., and the zero value of a pointer is nil:

	if envelope := sigContent.EnvelopeContent(); envelope != nil {
		stmt, err := envelope.Statement()
		if err != nil {
			return nil, fmt.Errorf("failed to fetch envelope statement: %w", err)
		}

		result.Statement = stmt
	}

It seems like we're missing some logic to handle this distinction on the verification.AttestationProcessingResult result.

Will let @cli/package-security take it from here.

[trevrosen]

Thanks, @williammartin!

@ei-grad we'll have a look at this, but just to set expectations gh attestation verify isn't really envisioned as a general-purpose tool for verifying Sigstore bundles created outside of GitHub Actions' official workflow. Sigstore Cosign is that tool and full bundle support is forthcoming.

cc @codysoyland @malancas @steiza