From d002238a2eb72cd36f487acd242ff93e9770b5c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Batuhan=20Apayd=C4=B1n?= <batuhan.apaydin@trendyol.com>
Date: Tue, 3 Aug 2021 20:28:35 +0300
Subject: [PATCH] fix for reading sbom file from stdin
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
---
 cmd/cosign/cli/attach/sbom.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/cmd/cosign/cli/attach/sbom.go b/cmd/cosign/cli/attach/sbom.go
index e666abde3ee..73a10c339da 100644
--- a/cmd/cosign/cli/attach/sbom.go
+++ b/cmd/cosign/cli/attach/sbom.go
@@ -17,10 +17,12 @@ package attach
 
 import (
 	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"io/ioutil"
 	"os"
+	"path/filepath"
 
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/types"
@@ -73,7 +75,7 @@ func SBOMCmd(ctx context.Context, sbomRef, sbomType, imageRef string) error {
 		return err
 	}
 
-	b, err := ioutil.ReadFile(sbomRef)
+	b, err := sbomBytes(sbomRef)
 	if err != nil {
 		return err
 	}
@@ -88,3 +90,17 @@ func SBOMCmd(ctx context.Context, sbomRef, sbomType, imageRef string) error {
 
 	return nil
 }
+
+func sbomBytes(sbomRef string) ([]byte, error) {
+	// sbomRef can be "-", a string or a file.
+	switch signatureType(sbomRef) {
+	case StdinSignature:
+		return ioutil.ReadAll(os.Stdin)
+	case RawSignature:
+		return []byte(sbomRef), nil
+	case FileSignature:
+		return ioutil.ReadFile(filepath.Clean(sbomRef))
+	default:
+		return nil, errors.New("unknown SBOM arg type")
+	}
+}