diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-05 13:42:43 -0400 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2021-05-05 13:42:43 -0400 |
commit | 275685dd0adfad175cbbd2e10937014fe3505a95 (patch) | |
tree | c752881ec4a8f5e06cde409cf4dfc1aa58f10fbe | |
parent | 111c56cbe7a6b7a1b425f23681fd39b2296c4a39 (diff) | |
download | patatt-275685dd0adfad175cbbd2e10937014fe3505a95.tar.gz |
Implement support for trim_body
Most of the time we ignore l= fields, because there is a way to abuse
this by appending additional unsigned content beneath attested data.
However, for lists that add footer info to bodies we want to be able to
enable this configurable, so turn it on by setting:
[patatt]
trimbody = yes
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r-- | patatt/__init__.py | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/patatt/__init__.py b/patatt/__init__.py index a0cbb7d..2cf283f 100644 --- a/patatt/__init__.py +++ b/patatt/__init__.py @@ -36,7 +36,6 @@ DEVKEY_HDR = b'X-Developer-Key' REQ_HDRS = [b'from', b'subject'] DEFAULT_CONFIG = { 'publickeypath': ['ref::.keys', 'ref::.local-keys'], - 'gpgusedefaultkeyring': 'yes', } # Quick cache for key info @@ -428,7 +427,7 @@ class PatattMessage: ds = DevsigHeader() ds.set_headers(self.canon_headers) ds.set_body(self.canon_body) - ds.set_field('l', str(len(self.body))) + ds.set_field('l', str(len(self.canon_body))) if identity and identity != self.canon_identity: ds.set_field('i', identity) if selector: @@ -828,7 +827,7 @@ def cmd_sign(cmdargs, config: dict) -> None: sys.exit(1) -def validate_message(msgdata: bytes, sources: list) -> list: +def validate_message(msgdata: bytes, sources: list, trim_body: bool = False) -> list: errors = list() goodsigs = list() success = False @@ -865,7 +864,7 @@ def validate_message(msgdata: bytes, sources: list) -> list: continue try: - signtime = pm.validate(i, pkey) + signtime = pm.validate(i, pkey, trim_body=trim_body) success = True except ValidationError: errors.append('%s/%s failed to validate using a=%s, pkey=%s' % (i, s, a, keysrc)) @@ -901,10 +900,15 @@ def cmd_validate(cmdargs, config: dict): if pdir not in sources: sources.append(pdir) + if config.get('trimbody', 'no') == 'yes': + trim_body = True + else: + trim_body = False + allgood = True for fn, msgdata in messages.items(): try: - goodsigs = validate_message(msgdata, sources) + goodsigs = validate_message(msgdata, sources, trim_body=trim_body) for identity, signtime, keysrc, algo in goodsigs: logger.critical('PASS | %s | %s', identity, fn) if keysrc: |