Skip to content

Validate digests of data downloaded while fetching sigstore attachments#2689

Merged
cgwalters merged 1 commit intocontainers:mainfrom
mtrmac:validate-sigstore-digests
Jan 21, 2025
Merged

Validate digests of data downloaded while fetching sigstore attachments#2689
cgwalters merged 1 commit intocontainers:mainfrom
mtrmac:validate-sigstore-digests

Conversation

@mtrmac
Copy link
Collaborator

@mtrmac mtrmac commented Jan 21, 2025

This is not a security vulnerability because the registry can just as well send a manifest modified to match, but doing this correctly protects us in case this function were used for other purposes in the future.

Fixes #2687.

@mtrmac
Validate digests of data downloaded while fetching sigstore attachments
ccd291e 
This is not a security vulnerability because the registry can just as well
send a manifest modified to match, but doing this correctly protects us
in case this function were used for other purposes in the future.

Fixes containers#2687.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
cgwalters
cgwalters approved these changes Jan 21, 2025
View reviewed changes
docker/docker_client.go
return nil, fmt.Errorf("invalid digest %q: unsupported digest algorithm %q", desc.Digest.String(), digestAlgorithm.String())
}

reader, _, err := c.getBlob(ctx, ref, manifest.BlobInfoFromOCI1Descriptor(desc), cache)
Copy link
Contributor

@cgwalters cgwalters Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine, but I think it'd be even clearer to merge getBlob and this function. Or at a minimum, rename getBlob to getRawBlobNoChecksumVerification or something...

Copy link
Collaborator Author

@mtrmac mtrmac Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getBlob is primarily used by the public dockerImageSource.GetBlob, which must support streaming very large objects, and inherits both its interface and its (non-digesting) semantics.

And GetBlob is (sadly?) a public stable API. Having it automatically digest the contents would be interesting in the abstract, but all existing callers would should already be digesting it themselves, and doing that twice is rather costly, so I don’t think it makes sense to change the behavior of the existing function.

Copy link
Contributor

@cgwalters cgwalters Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK sorry, I thought it was only called here.

Copy link
Collaborator Author

@mtrmac mtrmac Jan 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

… another point, we don’t want every single transport to implement the digest validation itself; centralizing that in c/image/copy makes it easier to prove that the validation is always happening.

But at least the naming point is very apt; if we were ever redesigning the ImageSource API (it should be an object with methods, not an interface), GetBlob should be definitely renamed to something that emphasizes the caller needs to validate the contents — or maybe this should be centralized into the ImageSource-replacing wrapper object.

@cgwalters cgwalters merged commit a45ebe0 into containers:main Jan 21, 2025
10 checks passed
@mtrmac mtrmac deleted the validate-sigstore-digests branch January 21, 2025 23:18
@mtrmac mtrmac added the kind/bug A defect in an existing functionality (or a PR fixing it) label Jan 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cgwalters cgwalters cgwalters approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

kind/bug A defect in an existing functionality (or a PR fixing it)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

dockerClient.getOCIDescriptorContents does not validate the contents against the digest

2 participants

@mtrmac @cgwalters