Skip to content

Fix: the wrong hostname was being passed in to the API client #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
malancas merged 1 commit into from
Mar 25, 2024
Merged

Fix: the wrong hostname was being passed in to the API client #1

malancas merged 1 commit into from
Mar 25, 2024

Conversation

@phillmv
Copy link

@phillmv phillmv commented Mar 22, 2024

Hi!

I wonder why wasn't this caught by our test suite / could you please add a test that fails and or would catch this?

The issue I experienced boiled down to LiveClient.host expecting a FQDN ("github.com"), and not a URL ("https://github.com").

Before:

$ make && GH_DEBUG=1 ./bin/gh attestation verify ~/Downloads/gh-attestation-darwin-amd64 --owner github
Verifying attestations for the artifact found at file:///Users/phillmv/Downloads/gh-attestation-darwin-amd64
Fetching attestations for artifact digest sha256:85cd8648c262697d9a0beb7e4c934839f65677f74263f2f5e1584ff0b2098c38

* Request at 2024-03-22 15:41:53.223129 -0400 EDT m=+0.166123962
* Request to https://https//github.com/api/v3/orgs/github/attestations/sha256:85cd8648c262697d9a0beb7e4c934839f65677f74263f2f5e1584ff0b2098c38?per_page=30
* dial tcp: lookup https: no such host
* Request took 4.577123ms
Failed to verify the artifact: failed to fetch attestations for subject: sha256:85cd8648c262697d9a0beb7e4c934839f65677f74263f2f5e1584ff0b2098c38

after:

$ make && GH_DEBUG=1 ./bin/gh attestation verify ~/Downloads/gh-attestation-darwin-amd64 --owner github
go build -trimpath -ldflags "-X github.com/cli/cli/v2/internal/build.Date=2024-03-22 -X github.com/cli/cli/v2/internal/build.Version=c16406b6 " -o bin/gh ./cmd/gh
Verifying attestations for the artifact found at file:///Users/phillmv/Downloads/gh-attestation-darwin-amd64
Fetching attestations for artifact digest sha256:85cd8648c262697d9a0beb7e4c934839f65677f74263f2f5e1584ff0b2098c38

* Request at 2024-03-22 15:42:34.047832 -0400 EDT m=+0.131718995
* Request to https://api.github.com/orgs/github/attestations/sha256:85cd8648c262697d9a0beb7e4c934839f65677f74263f2f5e1584ff0b2098c38?per_page=30
* Request took 287.862655ms
Verifying attestation 1/1 against the configured Sigstore trust roots
Attempting verification against issuer "GitHub, Inc."
SUCCESS - attestation signature verified with "GitHub, Inc."

Successfully verified all attestations against Sigstore!

Evaluating attestations have valid SLSA predicate type
Successfully verified the SLSA predicate type of all attestations!

All attestations have been successfully verified!

@malancas malancas merged commit 64c3fd0 into malancas:gh-attestation-cmd Mar 25, 2024
malancas pushed a commit that referenced this pull request Apr 9, 2024
@Ebonsignori
Merge pull request #1 from cli/8761/allow-multiple-items-in-nested-array
b43a287 
Add tests for non-happy field paths
malancas pushed a commit that referenced this pull request Jan 6, 2025
@jtmcg
Add test for permissions check for security and analysis edits (#1)
576fa8a
malancas pushed a commit that referenced this pull request Jan 6, 2025
@aryanbhosale
Merge pull request #1 from cli/jtmcg/fix-tests-10158
c7d444d 
Fixed test for stdout in non-tty use case of repo fork
malancas pushed a commit that referenced this pull request Feb 24, 2025
@jtmcg
Add test cases for succeed on no cache and api errors for --all (#1)
2f0f387
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@malancas malancas malancas approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@phillmv @malancas