diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go index f41e0ecc..e4316754 100644 --- a/cli/slsa-verifier/verify.go +++ b/cli/slsa-verifier/verify.go @@ -72,6 +72,7 @@ func verifyArtifactCmd() *cobra.Command { o.AddFlags(cmd) // --provenance-path must be supplied when verifying an artifact. cmd.MarkFlagRequired("provenance-path") + cmd.MarkFlagFilename("provenance-path", verify.CommonFilenameExtensions...) return cmd } @@ -137,6 +138,12 @@ func verifyNpmPackageCmd() *cobra.Command { } return nil }, + ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + if len(args) != 0 { + return nil, cobra.ShellCompDirectiveNoFileComp + } + return []string{"tgz"}, cobra.ShellCompDirectiveFilterFileExt + }, Short: "Verifies SLSA provenance for an npm package tarball [experimental]", Run: func(cmd *cobra.Command, args []string) { v := verify.VerifyNpmPackageCommand{ diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go index ef1cf65c..73f9b9ca 100644 --- a/cli/slsa-verifier/verify/options.go +++ b/cli/slsa-verifier/verify/options.go @@ -45,6 +45,8 @@ type VerifyOptions struct { var _ Interface = (*VerifyOptions)(nil) +var CommonFilenameExtensions = []string{"sigstore", "intoto", "intoto.jsonl", "json"} + // AddFlags implements Interface. func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { /* Builder options */ @@ -73,6 +75,7 @@ func (o *VerifyOptions) AddFlags(cmd *cobra.Command) { /* Other options */ cmd.Flags().StringVar(&o.ProvenancePath, "provenance-path", "", "path to a provenance file") + cmd.MarkFlagFilename("provenance-path", CommonFilenameExtensions...) cmd.Flags().StringVar(&o.ProvenanceRepository, "provenance-repository", "", "image repository for provenance with format: /") @@ -123,6 +126,7 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "", "path to a file containing the attestations") + cmd.MarkFlagFilename("attestations-path", CommonFilenameExtensions...) cmd.Flags().StringVar(&o.PackageName, "package-name", "", "the package name") @@ -164,6 +168,7 @@ func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.AttestationPath, "attestation-path", "", "path to a file containing the attestation") + cmd.MarkFlagFilename("attestation-path", CommonFilenameExtensions...) cmd.Flags().StringVar(&o.VerifierID, "verifier-id", "", "the unique verifier ID who created the attestation") @@ -182,6 +187,7 @@ func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) { cmd.Flags().StringVar(&o.PublicKeyPath, "public-key-path", "", "path to a public key file") + cmd.MarkFlagFilename("public-key-path", "pem") cmd.Flags().StringVar(&o.PublicKeyID, "public-key-id", "", "[optional] the ID of the public key, defaults to the SHA256 digest of the base64-encoded public key")