chore: store provenance as String type

benmss · benmss · commit 3f6d9e47cdcb · 2025-01-23T17:01:19.000+10:00
Signed-off-by: Ben Selwyn-Smith &lt;benselwynsmith@googlemail.com&gt;
diff --git a/src/macaron/database/db_custom_types.py b/src/macaron/database/db_custom_types.py
@@ -4,6 +4,7 @@
 """This module implements SQLAlchemy type for converting date format to RFC3339 string representation."""
 
 import datetime
+import json
 from typing import Any
 
 from sqlalchemy import JSON, String, TypeDecorator
@@ -105,16 +106,16 @@ class ProvenancePayload(TypeDecorator):  # pylint: disable=W0223
     """SQLAlchemy column type to serialize InTotoProvenance."""
 
     # It is stored in the database as a json value.
-    impl = JSON
+    impl = String
 
     # To prevent Sphinx from rendering the docstrings for `cache_ok`, make this docstring private.
     #: :meta private:
     cache_ok = True
 
-    def process_bind_param(self, value: None | InTotoPayload, dialect: Any) -> None | dict:
+    def process_bind_param(self, value: None | InTotoPayload, dialect: Any) -> str | None:
         """Process when storing an InTotoPayload object to the SQLite db.
 
-        value: None | InTotoPayload
+        value: InTotoPayload | None
             The value being stored.
         """
         if value is None:
@@ -124,27 +125,33 @@ def process_bind_param(self, value: None | InTotoPayload, dialect: Any) -> None
             raise TypeError("ProvenancePayload type expects an InTotoPayload.")
 
         payload_type = value.__class__.__name__
-        return {"payload_type": payload_type, "payload": value.statement}
+        payload_dict = {"payload_type": payload_type, "payload": value.statement}
+        return json.dumps(payload_dict)
 
-    def process_result_value(self, value: None | dict, dialect: Any) -> None | InTotoPayload:
+    def process_result_value(self, value: str | None, dialect: Any) -> InTotoPayload | None:
         """Process when loading an InTotoPayload object from the SQLite db.
 
-        value: None | dict
+        value: str | None
             The value being loaded.
         """
         if value is None:
             return None
 
-        if not isinstance(value, dict):
-            raise TypeError("ProvenancePayload type expects a dict.")
+        try:
+            payload_dict = json.loads(value)
+        except ValueError as error:
+            raise TypeError(f"Error parsing str as JSON: {error}") from error
+
+        if not isinstance(payload_dict, dict):
+            raise TypeError("Parsed data is not a dict.")
 
-        if "payload_type" not in value or "payload" not in value:
+        if "payload_type" not in payload_dict or "payload" not in payload_dict:
             raise TypeError("Missing keys in dict for ProvenancePayload type.")
 
-        payload = value["payload"]
-        if value["payload_type"] == "InTotoV01Payload":
+        payload = payload_dict["payload"]
+        if payload["payload_type"] == "InTotoV01Payload":
             return InTotoV01Payload(statement=payload)
-        if value["payload_type"] == "InTotoV1Payload":
+        if payload["payload_type"] == "InTotoV1Payload":
             return InTotoV1Payload(statement=payload)
 
-        return validate_intoto_payload(value)
+        return validate_intoto_payload(payload)
diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py
@@ -485,25 +485,24 @@ def run_single(
                     if verified and all(verified):
                         provenance_l3_verified = True
 
-        slsa_version = None
         if provenance_payload:
             analyze_ctx.dynamic_data["is_inferred_prov"] = False
             slsa_version = extract_predicate_version(provenance_payload)
 
-        slsa_level = determine_provenance_slsa_level(
-            analyze_ctx, provenance_payload, provenance_is_verified, provenance_l3_verified
-        )
+            slsa_level = determine_provenance_slsa_level(
+                analyze_ctx, provenance_payload, provenance_is_verified, provenance_l3_verified
+            )
 
-        analyze_ctx.dynamic_data["provenance_info"] = table_definitions.Provenance(
-            component=component,
-            repository_url=provenance_repo_url,
-            commit_sha=provenance_commit_digest,
-            verified=provenance_is_verified,
-            provenance_payload=provenance_payload,
-            slsa_level=slsa_level,
-            slsa_version=slsa_version,
-            # TODO Add release tag, release digest.
-        )
+            analyze_ctx.dynamic_data["provenance_info"] = table_definitions.Provenance(
+                component=component,
+                repository_url=provenance_repo_url,
+                commit_sha=provenance_commit_digest,
+                verified=provenance_is_verified,
+                provenance_payload=provenance_payload,
+                slsa_level=slsa_level,
+                slsa_version=slsa_version,
+                # TODO Add release tag, release digest.
+            )
 
         analyze_ctx.dynamic_data["validate_malware_switch"] = validate_malware_switch
 
