Skip to content

Reject unsupported qualifiers in Remote Asset API#807

Open
malt3 wants to merge 4 commits intobuchgr:masterfrom
malt3:remote_asset_reject_unsupported_qualifiers
Open

Reject unsupported qualifiers in Remote Asset API#807
malt3 wants to merge 4 commits intobuchgr:masterfrom
malt3:remote_asset_reject_unsupported_qualifiers

Conversation

@malt3
Copy link
Copy Markdown

@malt3 malt3 commented Mar 7, 2025

malt3 added 4 commits March 7, 2025 15:03
@malt3
remote asset: return rpc errors when encountering invalid arguments
1e115ff 
See also: https://github.com/bazelbuild/remote-apis/blob/7f922028fcfac63bdd8431e68de152d9e7a9e2a0/build/bazel/remote/asset/v1/remote_asset.proto#L123-L125
@malt3
remote asset: reject unusable checksum.sri qualifier
f72adac 
Ignoring unusable checksums is insecure: The server has to reject any qualifiers that it cannot understand. Otherwise, clients cannot rely on the validation performed by the server.

See: https://github.com/bazelbuild/remote-apis/blob/7f922028fcfac63bdd8431e68de152d9e7a9e2a0/build/bazel/remote/asset/v1/remote_asset.proto#L109-L115
@malt3
remote asset: reformat
3ffab32
@malt3
remote asset: reject unsupported Qualifiers
1fe6a80 
The specification requires that any `Fetch` requests containing
unsupported qualifiers are rejected with an `INVALID_ARGUMENT`
rpc error:
 - https://github.com/bazelbuild/remote-apis/blob/7f922028fcfac63bdd8431e68de152d9e7a9e2a0/build/bazel/remote/asset/v1/remote_asset.proto#L109-L112
 - https://github.com/bazelbuild/remote-apis/blob/7f922028fcfac63bdd8431e68de152d9e7a9e2a0/build/bazel/remote/asset/v1/remote_asset.proto#L127-L128
Additionally, the status returned should include a `BadRequest`
error detail with `FieldViolation`s indicating the names of
unsupported qualifiers:
- https://github.com/bazelbuild/remote-apis/blob/7f922028fcfac63bdd8431e68de152d9e7a9e2a0/build/bazel/remote/asset/v1/remote_asset.proto#L139-L143
@malt3 malt3 force-pushed the remote_asset_reject_unsupported_qualifiers branch from 7ca839f to 1fe6a80 Compare March 7, 2025 14:50
@mostynb
Copy link
Copy Markdown
Collaborator

mostynb commented Mar 9, 2025

Hi, thanks for the contribution.

I think the spec is too strict here- for example what if the client provides two cryptographically secure hash qualifiers, and the server only supports one of them. In that scenario I think the server should be allowed to decide if the supported qualifiers are sufficient. I created a spec change PR here: bazelbuild/remote-apis#329

@malt3
Copy link
Copy Markdown
Author

malt3 commented Mar 10, 2025
edited
Loading

As mentioned in my comment on your PR, I don't think the spec allows for more than one expected checksum right now. Additionally, bazel-remote only understands checksum.sri with sha256 at the moment, so my change shouldn't have any impact on well-formed requests.

EDIT: @peterebden noted that checksum.sri can already support multiple, equivalent checksums.

@malt3
Copy link
Copy Markdown
Author

malt3 commented Apr 8, 2025

@mostynb I can update this PR to support parsing checksum.sri qualifiers containing more than one checksum separated by spaces (where only sha256 is selected for now). Does that make sense to you, or are there other issues with the PR in the current state you would like me to address?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@malt3 @mostynb