From 59f8be3b9237efea6b4e51b18ae143f69ef50882 Mon Sep 17 00:00:00 2001 From: Eric Daspet Date: Thu, 14 Feb 2013 15:53:40 +0100 Subject: [PATCH 1/2] Throw Exception on broken signature This is related to issue #1562 With a fresh installation of Composer I had the following message: > The contents of https://packagist.org/p/providers-latest.json do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. > Try running composer again and please report it if it still persists. This was *probably* a temporary glitch, as the error did not appear again, even after a full reinstallation of all packages. *However* Composer had no way to differentiate a man-in-the-middle attack and a temporary glitch. The installation / update did continue despite the problem and files where installed / updates with no easy rollback. These files may have been corrupted with malicious code and I have no way to check they don't. This is a *serious* security issue. The code in [ComposerRepository line 434](https://github.com/composer/composer/blob/master/src/Composer/Repos itory/ComposerRepository.php#L434) states ```php // TODO throw SecurityException and abort once we are sure this can not happen accidentally ```` Even if the broken signature may happen in accidentally in a standard process, if it may be a security issue, we have to abort the procedure, or at least ask for confirmation to the user. If it helps continuing despite the temporary glitch, it may be possible to add a command line switch like `--ignore-signature` to force the process to continue. Proposed : Send a RepositorySecurityException instead of the warning, even if this may happen accidentally --- .../Repository/ComposerRepository.php | 2 +- .../RepositorySecurityException.php | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 src/Composer/Repository/RepositorySecurityException.php diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php index fdb7fa5cb..72a392641 100644 --- a/src/Composer/Repository/ComposerRepository.php +++ b/src/Composer/Repository/ComposerRepository.php @@ -431,8 +431,8 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository continue; } - // TODO throw SecurityException and abort once we are sure this can not happen accidentally $this->io->write('The contents of '.$filename.' do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. Try running composer again and please report it if it still persists.'); + throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature'); } $this->cache->write($cacheKey, $encoded); diff --git a/src/Composer/Repository/RepositorySecurityException.php b/src/Composer/Repository/RepositorySecurityException.php new file mode 100644 index 000000000..fbb33fadc --- /dev/null +++ b/src/Composer/Repository/RepositorySecurityException.php @@ -0,0 +1,22 @@ + + */ +class Repository\RepositorySecurityException extends \Exception +{ + // nothing more, standard Exception +} \ No newline at end of file From a8a99cee24fbe5f91d1d2810b389b3f49c188f48 Mon Sep 17 00:00:00 2001 From: Eric Daspet Date: Fri, 15 Feb 2013 09:52:31 +0100 Subject: [PATCH 2/2] Fix RepositorySecurityException class name --- src/Composer/Repository/RepositorySecurityException.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Repository/RepositorySecurityException.php b/src/Composer/Repository/RepositorySecurityException.php index fbb33fadc..4a49f11f2 100644 --- a/src/Composer/Repository/RepositorySecurityException.php +++ b/src/Composer/Repository/RepositorySecurityException.php @@ -16,7 +16,7 @@ namespace Composer\Repository; * * @author Eric Daspet */ -class Repository\RepositorySecurityException extends \Exception +class RepositorySecurityException extends \Exception { // nothing more, standard Exception } \ No newline at end of file