From d3c612bb53701f46dd4ff4900d9942d36f5b2d6c Mon Sep 17 00:00:00 2001
From: Teodora Sechkova <tsechkova@vmware.com>
Date: Thu, 16 Jul 2020 11:23:11 +0300
Subject: [PATCH] Raise error on empty 'signatures' list

Modify  check_signable_object_format() to raise an error
if signable has an empty 'signatures' list.

Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
---
 tuf/formats.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tuf/formats.py b/tuf/formats.py
index d289ddb0..da0dc25c 100755
--- a/tuf/formats.py
+++ b/tuf/formats.py
@@ -938,6 +938,9 @@ def check_signable_object_format(signable):
     securesystemslib.exceptions.FormatError, if 'signable' does not have the
     correct format.
 
+    tuf.exceptions.UnsignedMetadataError, if 'signable' does not have any
+    signatures
+
   <Side Effects>
     None.
 
@@ -965,6 +968,10 @@ def check_signable_object_format(signable):
     six.raise_from(securesystemslib.exceptions.FormatError(
         'Unrecognized type ' + repr(role_type)), error)
 
+  if not signable['signatures']:
+    raise tuf.exceptions.UnsignedMetadataError('Signable object of type ' +
+        repr(role_type) + ' has no signatures ', signable)
+
   # 'securesystemslib.exceptions.FormatError' raised if 'signable' does not
   # have a properly formatted role schema.
   schema.check_match(signable['signed'])