search

grafeas / grafeas

Artifact Metadata API
http://grafeas.io
Apache License 2.0
1.52k stars 291 forks source link

json: cannot unmarshal object when trying to create in toto occurrence #485

Open omerlh opened 3 years ago

omerlh commented 3 years ago

Expected Behavior

Occurrence created as expected

Actual Behavior

Getting the following error:

{
    "error": "json: cannot unmarshal object into Go value of type []json.RawMessage",
    "message": "json: cannot unmarshal object into Go value of type []json.RawMessage",
    "code": 3,
    "details": []
}

Steps to Reproduce the Problem

POST /v1beta1/projects/provider_example/occurrences HTTP/1.1
Host: localhost:8080
Content-Type: application/json
Content-Length: 1930

{
    "resource": {
        "name": "docker image",
        "uri": "https://gcr.io/scanning-customer/dockerimage@sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b",
        "contentHash": {
            "type": "SHA256",
            "value": "244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b"
        }
    },
    "noteName": "clone",
    "kind": "INTOTO",
    "intoto": {
        "signatures": [
            {
                "keyid": "<>",
                "sig": "<>"
            }
        ],
        "signed": {
            "command": [
                "git",
                "clone",
                "<>"
            ],
            "materials": [
            ],
            "products": {
                "<>": {
                    "sha256": "<>"
                },
                "<>": {
                    "sha256": "<>"
                },
                "<>": {
                    "sha256": "<>"
                }
            },
            "byproducts": {
            },
            "environment": {
            }
        }
    }
}

I used the Swagger to find the relevant endpoint, and created it based on existing in toto link. Prior to this APi call, I successfully created a matching note with the same name and kinda, and created a project.

Additional info

The server is running using the following docker command:

docker run -p 8080:8080 us.gcr.io/grafeas/grafeas-server:v0.1.6
aysylu commented 3 years ago

Hi @omerlh,

Could you please confirm that the supplied Occurrence is a valid protobuf?

Thanks, Aysylu

omerlh commented 3 years ago

How can I do that? It was very hard to find out how to call the server, had to hack around with the Swagger / Postman collection

aysylu commented 3 years ago

For the instructions on how to call the server, I'm assuming you saw these ones already?

For the format, it looks like it's not well-formed:

"resource": {
        "name": "docker image",
        "uri": "https://gcr.io/scanning-customer/dockerimage@sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b",
        "contentHash": {
            "type": "SHA256",
            "value": "244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b"
        }
    },

should be

"name": "docker image",
"resource": {
        "uri": "https://gcr.io/scanning-customer/dockerimage@sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b",
    },

Also, the use of contentHash and name inside Resource is discouraged per spec. There may be a few other issues in the current current being passed, but these immediately jumped out.

Hope this helps!

omerlh commented 3 years ago

Ohh thanks - this indeed should help. I hope to find some time to test it out.