Use Bad Request for invalid inputs in /chares

cowbon · cowbon · commit 04891f8eef96 · 2025-10-20T16:04:03.000-04:00
Use HTTP 400 Bad Request when the subattester fail to parse the input
JSON tsructure, or the expcted length of the nonce doesn't match.

Signed-off-by: Ian Chin Wang &lt;ian.chin.wang@oracle.com&gt;
diff --git a/api/server.go b/api/server.go
@@ -28,6 +28,18 @@ type Server struct {
 	options string
 }
 
+func responseCodeToHTTP(responseCode uint32) int {
+	// Plugin should return 200 on success, 400 for caller input errors, and 500 for everything else.
+	switch responseCode {
+	case 200:
+		return http.StatusOK
+	case 400:
+		return http.StatusBadRequest
+	default:
+		return http.StatusInternalServerError
+	}
+}
+
 func NewServer(logger *zap.SugaredLogger, manager plugin.IManager, options string) *Server {
 	return &Server{
 		logger:  logger,
@@ -215,7 +227,7 @@ func (s *Server) RatsdChares(w http.ResponseWriter, r *http.Request, param Ratsd
 		if !out.Status.Result {
 			errMsg := fmt.Sprintf(
 				"failed to get attestation report from %s: %s ", pn, out.Status.Error)
-			p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
+			p := problems.NewDetailedProblem(responseCodeToHTTP(out.StatusCode), errMsg)
 			s.reportProblem(w, p)
 			return false
 		}
diff --git a/attesters/mocktsm/mocktsm.go b/attesters/mocktsm/mocktsm.go
@@ -5,6 +5,7 @@ package mocktsm
 import (
 	"encoding/json"
 	"fmt"
+	"net/http"
 	"strconv"
 
 	"github.com/google/go-configfs-tsm/configfs/configfsi"
@@ -39,11 +40,12 @@ type MockPlugin struct {
 	client *faketsm.Client
 }
 
-func getEvidenceError(e error) *compositor.EvidenceOut {
+func getEvidenceError(e error, statusCode uint32) *compositor.EvidenceOut {
 	return &compositor.EvidenceOut{
 		Status: &compositor.Status{
 			Result: false, Error: e.Error(),
 		},
+		StatusCode: statusCode,
 	}
 }
 
@@ -78,13 +80,13 @@ func (m *MockPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.Evidence
 		errMsg := fmt.Errorf(
 			"nonce size of the mockTSM attester should be %d, got %d",
 			nonceSize, uint32(len(in.Nonce)))
-		return getEvidenceError(errMsg)
+		return getEvidenceError(errMsg, http.StatusBadRequest)
 	}
 
 	if in.ContentType != mediaType {
 		errMsg := fmt.Errorf(
 			"no supported format in mock TSM plugin matches the requested format")
-		return getEvidenceError(errMsg)
+		return getEvidenceError(errMsg, http.StatusBadRequest)
 	}
 	req := &report.Request{
 		InBlob:     in.Nonce,
@@ -96,7 +98,7 @@ func (m *MockPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.Evidence
 		if err := json.Unmarshal(in.Options, &options); err != nil {
 			errMsg := fmt.Errorf(
 				"failed to parse %s: %v", in.Options, err)
-			return getEvidenceError(errMsg)
+			return getEvidenceError(errMsg, http.StatusBadRequest)
 		}
 	}
 
@@ -105,15 +107,15 @@ func (m *MockPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.Evidence
 		if err != nil || level < 0 {
 			errMsg := fmt.Errorf("privilege_level %s is invalid",
 			privlevel)
-			return getEvidenceError(errMsg)
+			return getEvidenceError(errMsg, http.StatusBadRequest)
 		}
 		req.Privilege = &report.Privilege{Level: uint(level)}
 	}
 
 	resp, err := report.Get(m.client, req)
 	if err != nil {
 		errMsg := fmt.Errorf("failed to get mock TSM report: %v", err)
-		return getEvidenceError(errMsg)
+		return getEvidenceError(errMsg, http.StatusInternalServerError)
 	}
 
 	out := &tokens.TSMReport{
@@ -125,12 +127,13 @@ func (m *MockPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.Evidence
 	outEncoded, err := out.ToJSON()
 	if err != nil {
 		errMsg := fmt.Errorf("failed to JSON encode mock TSM report: %v", err)
-		return getEvidenceError(errMsg)
+		return getEvidenceError(errMsg, http.StatusInternalServerError)
 	}
 
 	return &compositor.EvidenceOut{
 		Status:   statusSucceeded,
 		Evidence: outEncoded,
+		StatusCode: http.StatusOK,
 	}
 }
 
diff --git a/attesters/mocktsm/mocktsm_test.go b/attesters/mocktsm/mocktsm_test.go
@@ -5,6 +5,7 @@ package mocktsm
 import (
 	"encoding/hex"
 	"fmt"
+	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -65,6 +66,7 @@ func Test_GetEvidence_wrong_nonce_size(t *testing.T) {
 			Result: false,
 			Error:  errMsg,
 		},
+		StatusCode: http.StatusBadRequest,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
@@ -82,6 +84,7 @@ func Test_GetEvidence_invalid_format(t *testing.T) {
 			Result: false,
 			Error:  "no supported format in mock TSM plugin matches the requested format",
 		},
+		StatusCode: http.StatusBadRequest,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
@@ -106,6 +109,7 @@ func Test_GetEvidence_No_Options(t *testing.T) {
 	expected := &compositor.EvidenceOut{
 		Status:   statusSucceeded,
 		Evidence: outEncoded,
+		StatusCode: http.StatusOK,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
@@ -134,6 +138,7 @@ func TestGetEvidence_With_Invalid_Options(t *testing.T) {
 					Result: false,
 					Error:  tt.msg,
 				},
+				StatusCode: http.StatusBadRequest,
 			}
 
 			assert.Equal(t, expected, p.GetEvidence(in))
@@ -161,6 +166,7 @@ func Test_GetEvidence_With_Valid_Privilege_level(t *testing.T) {
 	expected := &compositor.EvidenceOut{
 		Status:   statusSucceeded,
 		Evidence: outEncoded,
+		StatusCode: http.StatusOK,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
diff --git a/attesters/tsm/tsm.go b/attesters/tsm/tsm.go
@@ -5,6 +5,7 @@ package tsm
 import (
 	"encoding/json"
 	"fmt"
+	"net/http"
 	"strconv"
 
 	"github.com/google/go-configfs-tsm/configfs/linuxtsm"
@@ -41,11 +42,12 @@ var (
 
 type TSMPlugin struct{}
 
-func getEvidenceError(e error) *compositor.EvidenceOut {
+func getEvidenceError(e error, statusCode uint32) *compositor.EvidenceOut {
 	return &compositor.EvidenceOut{
 		Status: &compositor.Status{
 			Result: false, Error: e.Error(),
 		},
+		StatusCode: statusCode,
 	}
 }
 
@@ -88,7 +90,7 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 		errMsg := fmt.Errorf(
 			"nonce size of the TSM attester should be %d, got %d",
 			tsmNonceSize, uint32(len(in.Nonce)))
-		return getEvidenceError(errMsg)
+		return getEvidenceError(errMsg, http.StatusBadRequest)
 	}
 
 	for _, format := range supportedFormats {
@@ -103,7 +105,7 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 				if err := json.Unmarshal(in.Options, &options); err != nil {
 					errMsg := fmt.Errorf(
 						"failed to parse %s: %v", in.Options, err)
-					return getEvidenceError(errMsg)
+					return getEvidenceError(errMsg, http.StatusBadRequest)
 				}
 			}
 
@@ -112,21 +114,21 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 				if err != nil || level < 0 {
 					errMsg := fmt.Errorf("privilege_level %s is invalid",
 						privlevel)
-					return getEvidenceError(errMsg)
+					return getEvidenceError(errMsg, http.StatusBadRequest)
 				}
 				req.Privilege = &report.Privilege{Level: uint(level)}
 			}
 
 			client, err := linuxtsm.MakeClient()
 			if err != nil {
 				errMsg := fmt.Errorf("failed to create config TSM client: %v", err)
-				return getEvidenceError(errMsg)
+				return getEvidenceError(errMsg, http.StatusInternalServerError)
 			}
 
 			resp, err := report.Get(client, req)
 			if err != nil {
 				errMsg := fmt.Errorf("failed to get TSM report: %v", err)
-				return getEvidenceError(errMsg)
+				return getEvidenceError(errMsg, http.StatusInternalServerError)
 			}
 
 			out := &tokens.TSMReport{
@@ -148,16 +150,17 @@ func (t *TSMPlugin) GetEvidence(in *compositor.EvidenceIn) *compositor.EvidenceO
 			outEncoded, err := encodeOp()
 			if err != nil {
 				errMsg := fmt.Errorf("failed to encode TSM report as %s: %v", encodeAs, err)
-				return getEvidenceError(errMsg)
+				return getEvidenceError(errMsg, http.StatusInternalServerError)
 			}
 
 			return &compositor.EvidenceOut{
 				Status:   statusSucceeded,
 				Evidence: outEncoded,
+				StatusCode: http.StatusOK,
 			}
 		}
 	}
 
 	errMsg := fmt.Errorf("no supported format in tsm plugin matches the requested format")
-	return getEvidenceError(errMsg)
+	return getEvidenceError(errMsg, http.StatusBadRequest)
 }
diff --git a/attesters/tsm/tsm_test.go b/attesters/tsm/tsm_test.go
@@ -4,6 +4,7 @@ package tsm
 
 import (
 	"fmt"
+	"net/http"
 	"testing"
 
 	"github.com/google/go-configfs-tsm/configfs/linuxtsm"
@@ -20,15 +21,19 @@ var (
 )
 
 func Test_getEvidenceError(t *testing.T) {
-	e := fmt.Errorf("sample error")
+	tests := []uint32 {http.StatusBadRequest, http.StatusBadRequest}
+	for _, tt := range tests {
+		e := fmt.Errorf("sample error")
 
-	expected := &compositor.EvidenceOut{
-		Status: &compositor.Status{
-			Result: false, Error: "sample error",
-		},
-	}
+		expected := &compositor.EvidenceOut{
+			Status: &compositor.Status{
+				Result: false, Error: "sample error",
+			},
+			StatusCode: tt,
+		}
 
-	assert.Equal(t, expected, getEvidenceError(e))
+		assert.Equal(t, expected, getEvidenceError(e, tt))
+	}
 }
 
 func Test_GetOptions(t *testing.T) {
@@ -87,6 +92,7 @@ func Test_GetEvidence_wrong_nonce_size(t *testing.T) {
 			Result: false,
 			Error:  errMsg,
 		},
+		StatusCode: http.StatusBadRequest,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
@@ -104,6 +110,7 @@ func Test_GetEvidence_invalid_format(t *testing.T) {
 			Result: false,
 			Error:  "no supported format in tsm plugin matches the requested format",
 		},
+		StatusCode: http.StatusBadRequest,
 	}
 
 	assert.Equal(t, expected, p.GetEvidence(in))
@@ -133,6 +140,7 @@ func TestGetEvidence_With_Invalid_Options(t *testing.T) {
 					Result: false,
 					Error:  tt.msg,
 				},
+				StatusCode: http.StatusBadRequest,
 			}
 
 			assert.Equal(t, expected, p.GetEvidence(in))
diff --git a/proto/compositor.proto b/proto/compositor.proto
@@ -60,5 +60,6 @@ message EvidenceIn {
 
 message EvidenceOut {
   Status status = 1;
-  bytes evidence = 2;
+  uint32 statusCode = 2;
+  bytes evidence = 3;
 }
diff --git a/proto/compositor/compositor.pb.go b/proto/compositor/compositor.pb.go

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ package mocktsm`
`5`	`5`	`import (`
`6`	`6`	`"encoding/json"`
`7`	`7`	`"fmt"`
	`8`	`+ "net/http"`
`8`	`9`	`"strconv"`
`9`	`10`
`10`	`11`	`"github.com/google/go-configfs-tsm/configfs/configfsi"`
`@@ -39,11 +40,12 @@ type MockPlugin struct {`
`39`	`40`	`client *faketsm.Client`
`40`	`41`	`}`
`41`	`42`
`42`		`-func getEvidenceError(e error) *compositor.EvidenceOut {`
	`43`	`+func getEvidenceError(e error, statusCode uint32) *compositor.EvidenceOut {`
`43`	`44`	`return &compositor.EvidenceOut{`
`44`	`45`	`Status: &compositor.Status{`
`45`	`46`	`Result: false, Error: e.Error(),`
`46`	`47`	`},`
	`48`	`+ StatusCode: statusCode,`
`47`	`49`	`}`
`48`	`50`	`}`
`49`	`51`
`@@ -78,13 +80,13 @@ func (m MockPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.Evidence`
`78`	`80`	`errMsg := fmt.Errorf(`
`79`	`81`	`"nonce size of the mockTSM attester should be %d, got %d",`
`80`	`82`	`nonceSize, uint32(len(in.Nonce)))`
`81`		`- return getEvidenceError(errMsg)`
	`83`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`82`	`84`	`}`
`83`	`85`
`84`	`86`	`if in.ContentType != mediaType {`
`85`	`87`	`errMsg := fmt.Errorf(`
`86`	`88`	`"no supported format in mock TSM plugin matches the requested format")`
`87`		`- return getEvidenceError(errMsg)`
	`89`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`88`	`90`	`}`
`89`	`91`	`req := &report.Request{`
`90`	`92`	`InBlob: in.Nonce,`
`@@ -96,7 +98,7 @@ func (m MockPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.Evidence`
`96`	`98`	`if err := json.Unmarshal(in.Options, &options); err != nil {`
`97`	`99`	`errMsg := fmt.Errorf(`
`98`	`100`	`"failed to parse %s: %v", in.Options, err)`
`99`		`- return getEvidenceError(errMsg)`
	`101`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`100`	`102`	`}`
`101`	`103`	`}`
`102`	`104`
`@@ -105,15 +107,15 @@ func (m MockPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.Evidence`
`105`	`107`	`if err != nil \|\| level < 0 {`
`106`	`108`	`errMsg := fmt.Errorf("privilege_level %s is invalid",`
`107`	`109`	`privlevel)`
`108`		`- return getEvidenceError(errMsg)`
	`110`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`109`	`111`	`}`
`110`	`112`	`req.Privilege = &report.Privilege{Level: uint(level)}`
`111`	`113`	`}`
`112`	`114`
`113`	`115`	`resp, err := report.Get(m.client, req)`
`114`	`116`	`if err != nil {`
`115`	`117`	`errMsg := fmt.Errorf("failed to get mock TSM report: %v", err)`
`116`		`- return getEvidenceError(errMsg)`
	`118`	`+ return getEvidenceError(errMsg, http.StatusInternalServerError)`
`117`	`119`	`}`
`118`	`120`
`119`	`121`	`out := &tokens.TSMReport{`
`@@ -125,12 +127,13 @@ func (m MockPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.Evidence`
`125`	`127`	`outEncoded, err := out.ToJSON()`
`126`	`128`	`if err != nil {`
`127`	`129`	`errMsg := fmt.Errorf("failed to JSON encode mock TSM report: %v", err)`
`128`		`- return getEvidenceError(errMsg)`
	`130`	`+ return getEvidenceError(errMsg, http.StatusInternalServerError)`
`129`	`131`	`}`
`130`	`132`
`131`	`133`	`return &compositor.EvidenceOut{`
`132`	`134`	`Status: statusSucceeded,`
`133`	`135`	`Evidence: outEncoded,`
	`136`	`+ StatusCode: http.StatusOK,`
`134`	`137`	`}`
`135`	`138`	`}`
`136`	`139`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ package tsm`
`5`	`5`	`import (`
`6`	`6`	`"encoding/json"`
`7`	`7`	`"fmt"`
	`8`	`+ "net/http"`
`8`	`9`	`"strconv"`
`9`	`10`
`10`	`11`	`"github.com/google/go-configfs-tsm/configfs/linuxtsm"`
`@@ -41,11 +42,12 @@ var (`
`41`	`42`
`42`	`43`	`type TSMPlugin struct{}`
`43`	`44`
`44`		`-func getEvidenceError(e error) *compositor.EvidenceOut {`
	`45`	`+func getEvidenceError(e error, statusCode uint32) *compositor.EvidenceOut {`
`45`	`46`	`return &compositor.EvidenceOut{`
`46`	`47`	`Status: &compositor.Status{`
`47`	`48`	`Result: false, Error: e.Error(),`
`48`	`49`	`},`
	`50`	`+ StatusCode: statusCode,`
`49`	`51`	`}`
`50`	`52`	`}`
`51`	`53`
`@@ -88,7 +90,7 @@ func (t TSMPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.EvidenceO`
`88`	`90`	`errMsg := fmt.Errorf(`
`89`	`91`	`"nonce size of the TSM attester should be %d, got %d",`
`90`	`92`	`tsmNonceSize, uint32(len(in.Nonce)))`
`91`		`- return getEvidenceError(errMsg)`
	`93`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`92`	`94`	`}`
`93`	`95`
`94`	`96`	`for _, format := range supportedFormats {`
`@@ -103,7 +105,7 @@ func (t TSMPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.EvidenceO`
`103`	`105`	`if err := json.Unmarshal(in.Options, &options); err != nil {`
`104`	`106`	`errMsg := fmt.Errorf(`
`105`	`107`	`"failed to parse %s: %v", in.Options, err)`
`106`		`- return getEvidenceError(errMsg)`
	`108`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`107`	`109`	`}`
`108`	`110`	`}`
`109`	`111`
`@@ -112,21 +114,21 @@ func (t TSMPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.EvidenceO`
`112`	`114`	`if err != nil \|\| level < 0 {`
`113`	`115`	`errMsg := fmt.Errorf("privilege_level %s is invalid",`
`114`	`116`	`privlevel)`
`115`		`- return getEvidenceError(errMsg)`
	`117`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`116`	`118`	`}`
`117`	`119`	`req.Privilege = &report.Privilege{Level: uint(level)}`
`118`	`120`	`}`
`119`	`121`
`120`	`122`	`client, err := linuxtsm.MakeClient()`
`121`	`123`	`if err != nil {`
`122`	`124`	`errMsg := fmt.Errorf("failed to create config TSM client: %v", err)`
`123`		`- return getEvidenceError(errMsg)`
	`125`	`+ return getEvidenceError(errMsg, http.StatusInternalServerError)`
`124`	`126`	`}`
`125`	`127`
`126`	`128`	`resp, err := report.Get(client, req)`
`127`	`129`	`if err != nil {`
`128`	`130`	`errMsg := fmt.Errorf("failed to get TSM report: %v", err)`
`129`		`- return getEvidenceError(errMsg)`
	`131`	`+ return getEvidenceError(errMsg, http.StatusInternalServerError)`
`130`	`132`	`}`
`131`	`133`
`132`	`134`	`out := &tokens.TSMReport{`
`@@ -148,16 +150,17 @@ func (t TSMPlugin) GetEvidence(in compositor.EvidenceIn) *compositor.EvidenceO`
`148`	`150`	`outEncoded, err := encodeOp()`
`149`	`151`	`if err != nil {`
`150`	`152`	`errMsg := fmt.Errorf("failed to encode TSM report as %s: %v", encodeAs, err)`
`151`		`- return getEvidenceError(errMsg)`
	`153`	`+ return getEvidenceError(errMsg, http.StatusInternalServerError)`
`152`	`154`	`}`
`153`	`155`
`154`	`156`	`return &compositor.EvidenceOut{`
`155`	`157`	`Status: statusSucceeded,`
`156`	`158`	`Evidence: outEncoded,`
	`159`	`+ StatusCode: http.StatusOK,`
`157`	`160`	`}`
`158`	`161`	`}`
`159`	`162`	`}`
`160`	`163`
`161`	`164`	`errMsg := fmt.Errorf("no supported format in tsm plugin matches the requested format")`
`162`		`- return getEvidenceError(errMsg)`
	`165`	`+ return getEvidenceError(errMsg, http.StatusBadRequest)`
`163`	`166`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,5 +60,6 @@ message EvidenceIn {`
`60`	`60`
`61`	`61`	`message EvidenceOut {`
`62`	`62`	`Status status = 1;`
`63`		`- bytes evidence = 2;`
	`63`	`+ uint32 statusCode = 2;`
	`64`	`+ bytes evidence = 3;`
`64`	`65`	`}`