FileProductStorage Signature Verification Improvements
-
Determine if files written to storage are executable - If they are executable, make them non executable
-
Determine if signatures may be verified before storing - Quantify performance impact if any, e.g., are product contents downloaded twice?
-
Implement change to move verification before storage if possible (depends on above)
Current Behavior
The FileProductStorage
class currently stores the product contents to disk and then attempts to verify the product (including its contents). If the signature is not verified, then the product is removed from storage and an exception is thrown.
Expected Behavior
The FileProductStorage
should verify the signature before storing the content to disk. In this way, if the signature is not valid, nothing is written to disk and attack surface is reduced.
Caveat - It is unclear if this is possible or if the content bytes are necessary to be available for this to work.
Clearly document any conditions or breaking changes introduced by this change. e.g., must have sha hashes for content etc.
Edited by Cloutet, Zachary J