asf-tooling opened a new issue, #1002:
URL: https://github.com/apache/tooling-trusted-releases/issues/1002
**ASVS Level(s):** [L2-only]
**Description:**
### Summary
Several API argument models accept related fields but perform no cross-field
validation at the model level. This forces callers to rely on undocumented
downstream logic to catch inconsistent combined inputs. Examples include:
`VoteStartArgs` (email_to not validated against project, vote_duration not
validated against policy, revision not validated against release) and
`DistributionRecordArgs` (distribution_owner_namespace not validated per
platform, no relationship validation between fields).
### Details
Affected location: `atr/models/api.py` lines 100-400
Multiple API models accept related fields without validating their
relationships:
- `VoteStartArgs`: No validation that email_to domain is appropriate,
vote_duration is positive, or revision belongs to release
- `DistributionRecordArgs`: No validation of distribution_owner_namespace
requirements based on platform
This forces validation into downstream code, making it unclear what
combinations are valid.
### Recommended Remediation
Add Pydantic `@model_validator` decorators to API models to enforce
cross-field rules:
```python
@pydantic.model_validator(mode='after')
def validate_vote_args(self) -> 'VoteStartArgs':
# Validate vote_duration is positive
if self.vote_duration <= 0:
raise ValueError("vote_duration must be positive")
# Validate email_to domain
if '@' not in self.email_to:
raise ValueError("email_to must be valid email")
return self
@pydantic.model_validator(mode='after')
def validate_distribution_args(self) -> 'DistributionRecordArgs':
# Validate distribution_owner_namespace based on platform
if self.platform == 'maven' and not self.distribution_owner_namespace:
raise ValueError("Maven distributions require owner namespace")
return self
```
Add comprehensive API documentation describing cross-field validation rules.
### Acceptance Criteria
- [ ] API models enforce cross-field validation rules
- [ ] Invalid field combinations are rejected at model level
- [ ] Documentation describes validation rules
- [ ] Test cases verify cross-field validation
- [ ] Unit test verifying the fix
### References
- Source reports: L2:2.1.2.md
- Related findings: FINDING-100
- ASVS sections: 2.1.2
### Priority
Medium
---
---
**Triage notes:** review API for drift compared to the web site
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
