asf-tooling opened a new issue, #980:
URL: https://github.com/apache/tooling-trusted-releases/issues/980
**ASVS Level(s):** [L2-only]
**Description:**
### Summary
The signature provenance endpoint performs unbounded directory traversal and
file I/O operations within a single HTTP request handler. For users associated
with many committees, this triggers traversal of potentially thousands of
files, reading each matching file and computing SHA3-256 hashes—all
synchronously within the HTTP request context. Code comments acknowledge this
is resource-intensive but no controls are applied. Rate limiting (10
requests/hour) and JWT authentication provide some protection, but each
individual request can still cause significant resource consumption.
### Details
**Affected Files and Lines:**
- `atr/api/__init__.py:signature_provenance()` - Unbounded traversal
- `atr/api/__init__.py:_match_committee_keys()` - File iteration
- `atr/api/__init__.py:_match_unfinished()` - File iteration
The endpoint performs unbounded operations within HTTP request context,
risking timeout and resource exhaustion.
### Recommended Remediation
**Offload to task queue (recommended approach):**
Convert to async task that returns task ID for polling status, benefiting
from worker resource limits:
```python
@app.route('/api/signature/provenance')
async def signature_provenance(...):
# Create task
task_id = create_task('signature_provenance', fingerprint=fingerprint)
return {'task_id': task_id, 'status': 'pending'}
```
**Alternative:** Add limits with early termination:
```python
_MAX_FILES_TO_SCAN = 10000
_MAX_COMMITTEES_TO_SCAN = 100
# Implement early termination after first match found
# Add file scan counter and abort if exceeded
```
Task queue approach aligns with application's existing architecture and
provides consistent user experience.
### Acceptance Criteria
- [ ] Task queue implementation OR limits added
- [ ] Resource consumption bounded
- [ ] Timeout protection implemented
- [ ] Early termination on match
- [ ] Integration test verifies limits
- [ ] Unit test verifying the fix
### References
- Source reports: L2:15.1.3.md
- Related findings: FINDING-052
- ASVS sections: 15.1.3
### Priority
High
---
---
**Triage notes:** long-term - possibly remove code
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
