Throw Exception on broken signature

This is related to issue #1562 With a fresh installation of Composer I had the following message: > The contents of https://packagist.org/p/providers-latest.json do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. > Try running composer again and please report it if it still persists. This was *probably* a temporary glitch, as the error did not appear again, even after a full reinstallation of all packages. *However* Composer had no way to differentiate a man-in-the-middle attack and a temporary glitch. The installation / update did continue despite the problem and files where installed / updates with no easy rollback. These files may have been corrupted with malicious code and I have no way to check they don't. This is a *serious* security issue. The code in [ComposerRepository line 434](https://github.com/composer/composer/blob/master/src/Composer/Repos itory/ComposerRepository.php#L434) states ```php // TODO throw SecurityException and abort once we are sure this can not happen accidentally ```` Even if the broken signature may happen in accidentally in a standard process, if it may be a security issue, we have to abort the procedure, or at least ask for confirmation to the user. If it helps continuing despite the temporary glitch, it may be possible to add a command line switch like `--ignore-signature` to force the process to continue. Proposed : Send a RepositorySecurityException instead of the warning, even if this may happen accidentally
12 years ago · 59f8be3b92
parent 2b36f61596
commit 59f8be3b92
2 changed files with 23 additions and 1 deletions
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@ -431,8 +431,8 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
                        continue;
                    }

-                    // TODO throw SecurityException and abort once we are sure this can not happen accidentally
                    $this->io->write('<warning>The contents of '.$filename.' do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. Try running composer again and please report it if it still persists.</warning>');
+                    throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature');
                }
                $this->cache->write($cacheKey, $encoded);

--- a/src/Composer/Repository/RepositorySecurityException.php
+++ b/src/Composer/Repository/RepositorySecurityException.php
@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) 
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Repository;
+
+/**
+ * Thrown when a security problem, like a broken or missing signature
+ *
+ * @author Eric Daspet <edaspet@survol.fr>
+ */
+class Repository\RepositorySecurityException extends \Exception
+{
+	// nothing more, standard Exception
+}