veraison · yogeshbdeshpande · Oct 3, 2025 · Sep 25, 2025 · Sep 29, 2025 · Oct 2, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -13,9 +13,13 @@ jobs:
         os: [macos-latest, ubuntu-latest]
     steps:
     - name: Checkout code
-      uses: actions/checkout@v1
+      uses: actions/checkout@v4
       with:
         fetch-depth: 1
+    - name: Setup Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
     - name: Get dependencies
       run: go get -v -t -d ./...
     - name: Build project

diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
@@ -8,13 +8,16 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
+    - uses: actions/setup-go@v5
+      with:
+        go-version: '1.24'
     - name: Checkout code
-      uses: actions/checkout@v2
-    - name: Install golangci-lint 
+      uses: actions/checkout@v4
+    - name: Install golangci-lint
       run: |
         go version
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.52.2
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.5.0
     - name: Run required linters in .golangci.yml plus hard-coded ones here
       run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m
     - name: Run optional linters (not required to pass)
-      run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m --issues-exit-code=0 -E dupl -E gocritic -E gosimple -E lll -E prealloc
+      run: $(go env GOPATH)/bin/golangci-lint run --timeout=3m --issues-exit-code=0 -E dupl -E gocritic -E lll -E prealloc
diff --git a/.golangci.yml b/.golangci.yml
@@ -1,5 +1,10 @@
 # Do not delete linter settings. Linters like gocritic can be enabled on the command line.
 
+version: 2
+
+run:
+  timeout: 3m
+
 linters-settings:
   dupl:
     threshold: 100
@@ -26,38 +31,30 @@ linters-settings:
   gofmt:
     simplify: false
   goimports:
-  golint:
+  revive:
     min-confidence: 0
   govet:
-    check-shadowing: true
+    enable:
+      - shadow
   lll:
     line-length: 140
-  maligned:
-    suggest-new: true
   misspell:
     locale: US
 
 linters:
   disable-all: true
   enable:
-    - deadcode
     - errcheck
     - goconst
     - gocyclo
-    - gofmt
-    - goimports
-    - golint
+    - revive
     - gosec
     - govet
     - ineffassign
-    - maligned
     - misspell
     - staticcheck
-    - structcheck
-    - typecheck
     - unconvert
     - unused
-    - varcheck
 
 
 issues:

diff --git a/Makefile b/Makefile
@@ -12,7 +12,7 @@ ifeq ($(MAKECMDGOALS),lint)
 GOLINT_ARGS ?= run --timeout=3m
 else
   ifeq ($(MAKECMDGOALS),lint-extra)
-  GOLINT_ARGS ?= run --timeout=3m --issues-exit-code=0 -E dupl -E gocritic -E gosimple -E lll -E prealloc
+  GOLINT_ARGS ?= run --timeout=3m --issues-exit-code=0 -E dupl -E gocritic -E lll -E prealloc
   endif
 endif
 

diff --git a/evidence.go b/evidence.go
@@ -1,9 +1,13 @@
-// Copyright 2020 Contributors to the Veraison project.
+// Copyright 2020-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package swid
 
-import "time"
+import (
+	"errors"
+	"fmt"
+	"time"
+)
 
 // Evidence models a evidence-entry
 type Evidence struct {
@@ -53,3 +57,34 @@ func (e *Evidence) AddProcess(p Process) error {
 
 	return nil
 }
+
+// Valid validates the Evidence receiver to ensure it has valid required fields
+func (e Evidence) Valid() error {
+	if e.DeviceID == "" {
+		return errors.New("evidence device-id is empty")
+	}
+
+	if e.Date.IsZero() {
+		return errors.New("evidence date is zero")
+	}
+
+	// Validate Files if present
+	if e.Files != nil {
+		for i, file := range *e.Files {
+			if err := file.Valid(); err != nil {
+				return fmt.Errorf("evidence file[%d] invalid: %w", i, err)
+			}
+		}
+	}
+
+	// Validate Processes if present
+	if e.Processes != nil {
+		for i, process := range *e.Processes {
+			if process.ProcessName == "" {
+				return fmt.Errorf("evidence process[%d] process-name is empty", i)
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/evidence_test.go b/evidence_test.go
@@ -1,4 +1,4 @@
-// Copyright 2020 Contributors to the Veraison project.
+// Copyright 2020-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package swid
@@ -24,7 +24,7 @@
 	         00                                # unsigned(0)
 	      18 24                                # unsigned(36)
 	      78 24                                # text(36)
 	         42414438303942312d373033322d343344392d384639342d424631323845354430363144 # "BAD809B1-7032-43D9-8F94-BF128E5D061D"
 	*/
 	expectedCBOR := []byte{
 		0xa2, 0x18, 0x23, 0xc1, 0x00, 0x18, 0x24, 0x78, 0x24, 0x42, 0x41,
@@ -47,3 +47,171 @@
 	assert.Equal(t, tv.Date.UTC(), actual.Date.UTC()) // compare as UTC
 	assert.Equal(t, tv.DeviceID, actual.DeviceID)
 }
+
+func TestEvidence_Valid_empty_device_id(t *testing.T) {
+	evidence := Evidence{
+		DeviceID: "",
+		Date:     time.Now(),
+	}
+
+	err := evidence.Valid()
+
+	assert.EqualError(t, err, "evidence device-id is empty")
+}
+
+func TestEvidence_Valid_zero_date(t *testing.T) {
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Time{},
+	}
+
+	err := evidence.Valid()
+
+	assert.EqualError(t, err, "evidence date is zero")
+}
+
+func TestEvidence_Valid_simple_valid(t *testing.T) {
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+	}
+
+	err := evidence.Valid()
+
+	assert.NoError(t, err)
+}
+
+func TestEvidence_Valid_with_valid_files(t *testing.T) {
+	files := Files{
+		File{
+			FileSystemItem: FileSystemItem{
+				FsName: "test.exe",
+			},
+		},
+		File{
+			FileSystemItem: FileSystemItem{
+				FsName: "config.ini",
+			},
+		},
+	}
+
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+		ResourceCollection: ResourceCollection{
+			PathElements: PathElements{
+				Files: &files,
+			},
+		},
+	}
+
+	err := evidence.Valid()
+
+	assert.NoError(t, err)
+}
+
+func TestEvidence_Valid_with_invalid_files(t *testing.T) {
+	files := Files{
+		File{
+			FileSystemItem: FileSystemItem{
+				FsName: "test.exe",
+			},
+		},
+		File{
+			FileSystemItem: FileSystemItem{
+				FsName: "", // empty fs-name
+			},
+		},
+	}
+
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+		ResourceCollection: ResourceCollection{
+			PathElements: PathElements{
+				Files: &files,
+			},
+		},
+	}
+
+	err := evidence.Valid()
+
+	assert.EqualError(t, err, "evidence file[1] invalid: file fs-name is empty")
+}
+
+func TestEvidence_Valid_with_valid_processes(t *testing.T) {
+	processes := Processes{
+		Process{
+			ProcessName: "test.exe",
+		},
+		Process{
+			ProcessName: "service.exe",
+		},
+	}
+
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+		ResourceCollection: ResourceCollection{
+			Processes: &processes,
+		},
+	}
+
+	err := evidence.Valid()
+
+	assert.NoError(t, err)
+}
+
+func TestEvidence_Valid_with_invalid_processes(t *testing.T) {
+	processes := Processes{
+		Process{
+			ProcessName: "test.exe",
+		},
+		Process{
+			ProcessName: "", // empty process name
+		},
+	}
+
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+		ResourceCollection: ResourceCollection{
+			Processes: &processes,
+		},
+	}
+
+	err := evidence.Valid()
+
+	assert.EqualError(t, err, "evidence process[1] process-name is empty")
+}
+
+func TestEvidence_Valid_with_mixed_valid_resources(t *testing.T) {
+	files := Files{
+		File{
+			FileSystemItem: FileSystemItem{
+				FsName: "test.exe",
+			},
+		},
+	}
+
+	processes := Processes{
+		Process{
+			ProcessName: "service.exe",
+		},
+	}
+
+	evidence := Evidence{
+		DeviceID: "test-device",
+		Date:     time.Now(),
+		ResourceCollection: ResourceCollection{
+			PathElements: PathElements{
+				Files: &files,
+			},
+			Processes: &processes,
+		},
+	}
+
+	err := evidence.Valid()
+
+	assert.NoError(t, err)
+}