fix(verifier): fail closed on invalid attestation; unify allowlist#1607
Conversation
|
@CodeRabbit full review |
✅ Action performedFull review finished. |
Recipe evidence checkNo leaf overlays affected by this PR. This gate is warning-only and never blocks merge. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Enterprise Run ID: 📒 Files selected for processing (18)
📝 WalkthroughWalkthroughThe verifier now routes binary-attestation handling through Estimated code review effort: 4 (Complex) | ~60 minutes Related issues: Suggested labels: verifier, allowlist, documentation, testing Suggested reviewers: Reviewers familiar with Poem 🚥 Pre-merge checks | ✅ 3 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (3 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/user/cli-reference.md`:
- Around line 2524-2526: The user-facing verification table is inconsistent
because the `unknown` row in the CLI reference includes an inline issue
reference that should not appear in docs. Update the table entry in the
`attested`/`unverified`/`unknown` section so `unknown` matches the wording used
in `docs/user/artifact-verification.md`, and remove the `(`#1550`)` suffix while
keeping the semantic meaning unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: a47de9b8-5267-474a-9988-a6d551013e67
📒 Files selected for processing (18)
.github/workflows/evidence-dashboard-publish.yamldocs/contributor/evidence-dashboard-publish.mddocs/contributor/evidence-ingest.mddocs/user/artifact-verification.mddocs/user/cli-reference.mdpkg/bundler/verifier/trust.gopkg/bundler/verifier/verifier.gopkg/bundler/verifier/verifier_test.gopkg/cli/bundle_verify.gopkg/corroborate/classify.gopkg/corroborate/classify_test.gopkg/corroborate/generate.gopkg/corroborate/generate_test.gopkg/corroborate/meta.gopkg/corroborate/meta_test.gopkg/corroborate/testdata/allowlist.yamlpkg/evidence/project/classify.gopkg/evidence/project/classify_test.go
Coverage Report ✅
Coverage BadgeMerging this branch changes the coverage (2 decrease, 1 increase)
Coverage by fileChanged files (no unit tests)
Please note that the "Total", "Covered", and "Missed" counts above refer to code statements instead of lines of code. The value in brackets refers to the test coverage of that file in the old version of the code. |
…list A binary attestation that is present but fails verification (or whose binary digest cannot be extracted from the bundle attestation) now yields trust level 'unknown' instead of degrading to 'attested'. A missing binary attestation still reports 'attested' (incomplete chain). Docs and CLI help updated to match. Retire the hand-rolled issuer+identity allowlist loaders in pkg/corroborate (GP4) and pkg/evidence/project (GP2) in favor of the shared pkg/evidence/allowlist parser, so both read the canonical identityPattern/source schema of recipes/evidence/allowlist.yaml. Re-enable -allowlist in the evidence-dashboard-publish workflow and update the contributor docs to the real schema. Fixes: #1550 Fixes: #1505 Signed-off-by: Mark Chmarny <[email protected]>
c599b1e to
1d7835e
Compare
|
Re CodeRabbit's "Out of Scope Changes" warning on |
Summary
aicr verifynow fails closed: a binary attestation that is present but fails verification yields trust levelunknowninstead of degrading toattested. Also retires the two stale hand-rolled allowlist loaders (GP2/GP4) in favor of the sharedpkg/evidence/allowlistschema so the realrecipes/evidence/allowlist.yamlparses everywhere.Motivation / Context
A tampered or invalid binary attestation was treated the same as a legitimately missing one (
attested), hiding an active verification failure (P1 security correctness). Separately, the GP2 producer and GP4 consumer loaders still expected the outdatedissuer+identityschema, so neither could parse the canonicalidentityPattern/sourceallowlist — forcing the dashboard publish workflow to drop-allowlist.Fixes: #1550
Fixes: #1505
Type of Change
Component(s) Affected
pkg/bundler,pkg/component/*)docs/,examples/)pkg/corroborate,pkg/evidence/project,pkg/clihelp text,.github/workflows/evidence-dashboard-publish.yamlImplementation Notes
attested(incomplete chain — nothing claims more). Present-but-unverifiable (digest extraction failure orVerifyBinaryAttestationerror) now reportsunknown— a claim exists and could not be substantiated.MaxAchievableTrustLevelis unchanged (computed from contents), so--min-trust-level maxcorrectly fails such bundles; a regression test pins this interaction. Steps 4–5 were extracted intoverifyBinaryStepfor network-free testability.corroborate.Allowlistis now a type alias toallowlist.AllowlistwithLoadAllowlistdelegating to the shared loader;project.Allowlistis a thin wrapper (not an alias) to preserve the documented nil-receiver first-party heuristic used when-allowlistis absent. Unlisted signers still classify as (community, allowlisted=false). Testdata rewritten to the canonical schema; both packages gained a test loading the realrecipes/evidence/allowlist.yaml.-allowlist recipes/evidence/allowlist.yamlre-enabled on both corroborate invocations in the publish workflow (defense in depth over the class baked intometa.jsonat ingest).docs/user/artifact-verification.mdanddocs/user/cli-reference.mdupdated (failed verify →unknown);docs/contributor/evidence-ingest.mdclassification section now documents the real schema;evidence-dashboard-publish.mddeferral note replaced.Testing
make qualifypassed locally (unit tests with-race, golangci-lint + yamllint, e2e incl. chainsaw 23/23, grype scan clean, license headers). Acceptance from #1505 verified:corroborate -allowlist recipes/evidence/allowlist.yamlloads and classifies the canonical file. New tests:TestVerifyBinaryStep(missing→attested, invalid→unknown, no-digest→unknown),TestVerifyBinaryStep_FailedVerifyMaxStaysVerified, rewrittenclassify_test.goin both packages (precedence, unlisted→reported, fail-closed on malformed/legacy-schema files).Coverage (pkg/corroborate + pkg/evidence/project + pkg/bundler/verifier combined): 85.1% → 85.3% (+0.2%).
Risk Assessment
Rollout notes: Bundles with a valid or absent binary attestation are unaffected. Bundles whose binary attestation fails verification now report
unknown, so policies pinned to--min-trust-level attestedwill (correctly) start rejecting them.Checklist
make testwith-race)make lint)git commit -S) — GPG signing info