From 0187552c13b153f1ee14f07a8d7519fb106024bc Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Tue, 10 Oct 2023 16:48:41 -0400
Subject: [PATCH] VerificationResult now has a proper mediaType field. (#14)

* VerificationResult now has a proper mediaType field.

Signed-off-by: Phill MV <phillmv@github.com>

* Linting.

I actually find the switch statement here MORE confusing than the if else,
so I have taken the liberty to disable gocritic for this particular if.

Signed-off-by: Phill MV <phillmv@github.com>

* Moved VerificationResult mediaType value to a const.

Signed-off-by: Phill MV <phillmv@github.com>

---------

Signed-off-by: Phill MV <phillmv@github.com>
---
 cmd/sigstore-go/main.go     |  8 +++++---
 pkg/verify/signed_entity.go | 12 +++++++++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/cmd/sigstore-go/main.go b/cmd/sigstore-go/main.go
index 620e9074..3e6ef65c 100644
--- a/cmd/sigstore-go/main.go
+++ b/cmd/sigstore-go/main.go
@@ -166,19 +166,21 @@ func run() error {
 		return err
 	}
 
-	if *artifactDigest != "" {
+	if *artifactDigest != "" { //nolint:gocritic
 		artifactDigestBytes, err := hex.DecodeString(*artifactDigest)
 		if err != nil {
 			return err
 		}
 		artifactPolicy = verify.WithArtifactDigest(*artifactDigestAlgorithm, artifactDigestBytes)
-	}
-	if *artifact != "" {
+	} else if *artifact != "" {
 		file, err := os.Open(*artifact)
 		if err != nil {
 			return err
 		}
 		artifactPolicy = verify.WithArtifact(file)
+	} else {
+		artifactPolicy = verify.WithoutArtifactUnsafe()
+		fmt.Fprintf(os.Stderr, "No artifact provided, skipping artifact verification. This is unsafe!\n")
 	}
 
 	res, err := sev.Verify(b, verify.NewPolicy(artifactPolicy, identityPolicies...))
diff --git a/pkg/verify/signed_entity.go b/pkg/verify/signed_entity.go
index b1bfcdfb..bb3efc10 100644
--- a/pkg/verify/signed_entity.go
+++ b/pkg/verify/signed_entity.go
@@ -25,6 +25,10 @@ import (
 	"github.com/sigstore/sigstore-go/pkg/root"
 )
 
+const (
+	VerificationResultMediaType01 = "application/vnd.dev.sigstore.verificationresult+json;version=0.1"
+)
+
 type SignedEntityVerifier struct {
 	trustedMaterial root.TrustedMaterial
 	config          VerifierConfig
@@ -154,7 +158,7 @@ func (c *VerifierConfig) Validate() error {
 }
 
 type VerificationResult struct {
-	Version            int                           `json:"version"`
+	MediaType          string                        `json:"mediaType"`
 	Statement          *in_toto.Statement            `json:"statement,omitempty"`
 	Signature          *SignatureVerificationResult  `json:"signature,omitempty"`
 	VerifiedTimestamps []TimestampVerificationResult `json:"verifiedTimestamps"`
@@ -174,7 +178,7 @@ type TimestampVerificationResult struct {
 
 func NewVerificationResult() *VerificationResult {
 	return &VerificationResult{
-		Version: 20230823,
+		MediaType: VerificationResultMediaType01,
 	}
 }
 
@@ -193,9 +197,11 @@ func (pc PolicyBuilder) Options() []PolicyOption {
 }
 
 func (pc PolicyBuilder) BuildConfig() (*PolicyConfig, error) {
+	var err error
+
 	policy := &PolicyConfig{}
 	for _, applyOption := range pc.Options() {
-		err := applyOption(policy)
+		err = applyOption(policy)
 		if err != nil {
 			return nil, err
 		}