From d260c7bc16e2ef605ee3539b0ab21de9e39bdacc Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Thu, 10 Aug 2023 11:57:53 -0400
Subject: [PATCH] selftest: add checks to selftest-glob (#75)

---
 .github/workflows/selftest.yml | 55 ++++++++++++++++++++++++++++++++++
 README.md                      |  4 +++
 action.py                      | 12 ++++++--
 test/another1.txt              |  1 +
 test/another2.txt              |  1 +
 test/subdir/hello1.txt         |  0
 test/subdir/hello2.txt         |  0
 test/subdir/hello3.txt         |  0
 8 files changed, 71 insertions(+), 2 deletions(-)
 create mode 100644 test/another1.txt
 create mode 100644 test/another2.txt
 create mode 100644 test/subdir/hello1.txt
 create mode 100644 test/subdir/hello2.txt
 create mode 100644 test/subdir/hello3.txt

diff --git a/.github/workflows/selftest.yml b/.github/workflows/selftest.yml
index 1a2910c..d213d33 100644
--- a/.github/workflows/selftest.yml
+++ b/.github/workflows/selftest.yml
@@ -94,6 +94,60 @@ jobs:
           inputs: ./test/*.txt
           staging: true
           internal-be-careful-debug: true
+      - name: Check outputs
+        run: |
+          [[ -f ./test/artifact.txt.sigstore ]] || exit 1
+          [[ -f ./test/artifact1.txt.sigstore ]] || exit 1
+          [[ -f ./test/artifact2.txt.sigstore ]] || exit 1
+
+  selftest-xfail-glob-input-expansion:
+    runs-on: ubuntu-latest
+    env:
+      TEST_DIR: test
+    if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork
+    steps:
+      - uses: actions/checkout@v3
+      - name: Sign artifacts and publish signatures
+        continue-on-error: true
+        uses: ./
+        id: sigstore-python
+        with:
+          # This should fail since we should never directly expand ${TEST_DIR};
+          # the user should have to pre-expand it for us.
+          inputs: ./${TEST_DIR}/*.txt
+          staging: true
+          internal-be-careful-debug: true
+      - name: Check failure
+        env:
+          XFAIL: ${{ steps.sigstore-python.outcome == 'failure' }}
+          JOB_NAME: ${{ github.job }}
+        run: |
+          echo "xfail ${JOB_NAME}: ${XFAIL}"
+
+          [[ "${XFAIL}" == "true" ]] || { >&2 echo "expected step to fail"; exit 1; }
+
+  selftest-glob-multiple:
+    runs-on: ubuntu-latest
+    if: (github.event_name != 'pull_request') || !github.event.pull_request.head.repo.fork
+    steps:
+      - uses: actions/checkout@v3
+      - name: Sign artifacts and publish signatures
+        uses: ./
+        id: sigstore-python
+        with:
+          inputs: ./test/artifact*.txt ./test/another*.txt ./test/subdir/*.txt
+          staging: true
+          internal-be-careful-debug: true
+      - name: Check outputs
+        run: |
+          [[ -f ./test/artifact.txt.sigstore ]] || exit 1
+          [[ -f ./test/artifact1.txt.sigstore ]] || exit 1
+          [[ -f ./test/artifact2.txt.sigstore ]] || exit 1
+          [[ -f ./test/another1.txt.sigstore ]] || exit 1
+          [[ -f ./test/another2.txt.sigstore ]] || exit 1
+          [[ -f ./test/subdir/hello1.txt.sigstore ]] || exit 1
+          [[ -f ./test/subdir/hello2.txt.sigstore ]] || exit 1
+          [[ -f ./test/subdir/hello3.txt.sigstore ]] || exit 1
 
   selftest-upload-artifacts:
     runs-on: ubuntu-latest
@@ -234,6 +288,7 @@ jobs:
       - selftest-xfail-invalid-inputs
       - selftest-staging
       - selftest-glob
+      - selftest-glob-multiple
       - selftest-upload-artifacts
       - selftest-custom-paths
       - selftest-verify
diff --git a/README.md b/README.md
index ce986a7..962ad80 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,10 @@ The `inputs` argument also supports file globbing:
     inputs: ./path/to/inputs/*.txt
 ```
 
+> [!NOTE]\
+> In versions of this action before 2.0.0, the `inputs` setting allowed for shell expansion.
+> This was unintentional, and was removed with 2.0.0.
+
 ### `identity-token`
 
 **Default**: Empty (the GitHub Actions credential will be used)
diff --git a/action.py b/action.py
index 23044f5..2374c82 100755
--- a/action.py
+++ b/action.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/usr/bin/env python
 
 # Copyright 2022 The Sigstore Authors
 #
@@ -201,7 +201,15 @@ def _fatal_help(msg):
     if input_.startswith("-"):
         _fatal_help(f"input {input_} looks like a flag")
 
-    files = [Path(f).resolve() for f in glob(input_)]
+    # NOTE: We use a set here to deduplicate inputs, in case a glob expands
+    # to the same input multiple times.
+    files = {Path(f).resolve() for f in glob(input_)}
+
+    # Prevent empty glob expansions, rather than silently allowing them.
+    # Either behavior is technically correct but an empty glob indicates
+    # user confusion, so we fail for them.
+    if not files:
+        _fatal_help(f"input {input_} doesn't expand to one or more filenames")
 
     for file_ in files:
         if not file_.is_file():
diff --git a/test/another1.txt b/test/another1.txt
new file mode 100644
index 0000000..730100b
--- /dev/null
+++ b/test/another1.txt
@@ -0,0 +1 @@
+Another input.
diff --git a/test/another2.txt b/test/another2.txt
new file mode 100644
index 0000000..666e074
--- /dev/null
+++ b/test/another2.txt
@@ -0,0 +1 @@
+Yet another input.
diff --git a/test/subdir/hello1.txt b/test/subdir/hello1.txt
new file mode 100644
index 0000000..e69de29
diff --git a/test/subdir/hello2.txt b/test/subdir/hello2.txt
new file mode 100644
index 0000000..e69de29
diff --git a/test/subdir/hello3.txt b/test/subdir/hello3.txt
new file mode 100644
index 0000000..e69de29