PR#4444: additional validation for sigkey value

Merges #4444 https://pagure.io/koji/pull-request/4444 Fixes: #4443 https://pagure.io/koji/issue/4443 Don't allow slash in sigkey value
2025-08-22 11:07:29 -04:00 · 2025-08-22 11:07:29 -04:00 · fb3fd87966
commit fb3fd87966
parent 67cc2cdbac 2734d5276f
2 changed files with 30 additions and 7 deletions
--- a/kojihub/kojihub.py
+++ b/kojihub/kojihub.py
@ -8273,7 +8273,7 @@ def add_rpm_sig(an_rpm, sighdr, sigkey=None):
    if not os.path.isdir(builddir):
        raise koji.GenericError("No such directory: %s" % builddir)
    if sigkey is not None:
-        verify_name_internal(sigkey)
+        validate_sigkey_value(sigkey)

    # verify sigmd5 matches rpm and pick sigkey if needed
    rawhdr = koji.RawHeader(sighdr)
@ -8324,10 +8324,25 @@ def add_rpm_sig(an_rpm, sighdr, sigkey=None):
                              sigkey=sigkey, sighash=sighash, build=binfo, rpm=rinfo)


+def validate_sigkey_value(sigkey):
+    convert_value(sigkey, cast=str, check_only=True)
+    if sigkey == '':
+        # special case for the unsigned sig header
+        return
+    if '/' in sigkey or sigkey.startswith('.'):
+        # not allowed because the value is used in a path
+        raise koji.GenericError("Invalid sigkey value")
+    if sigkey != sigkey.lower():
+        # we require lowercase because koji has historically forced lowercase for this value
+        # e.g. in query_rpm_sigs
+        raise koji.GenericError("Invalid sigkey value. Must be lowercase")
+    verify_name_internal(sigkey)
+
+
 def rename_rpm_sig(rpminfo, oldkey, newkey):
    """Change the sigkey for an rpm signature"""

-    verify_name_internal(newkey)
+    validate_sigkey_value(newkey)
    rinfo = get_rpm(rpminfo, strict=True)
    nvra = "%(name)s-%(version)s-%(release)s.%(arch)s" % rinfo
    if rinfo['external_repo_id']:
--- a/tests/test_hub/test_add_rpm_sig.py
+++ b/tests/test_hub/test_add_rpm_sig.py
@ -146,15 +146,23 @@ class TestAddRPMSig(unittest.TestCase):
    def test_add_rpm_sig_bad_sigkey(self):
        """bad sigkey failure case"""
        sighdr = 'SIG HEADER 99'
-        self.isdir.side_effect = [True]
-        self.get_rpm.side_effect = [{'build_id': 100, 'external_repo_id': None}]
+        self.isdir.return_value = True
+        self.get_rpm.return_value = {'build_id': 100, 'external_repo_id': None}

+        badkeys = [
+            'white space',
+            'badchar!',
+            '.hidden',
+            'sub/dir',
+            'hasUPPERcase',
+        ]
+        for sigkey in badkeys:
            with self.assertRaises(koji.GenericError):
-            kojihub.add_rpm_sig(1, sighdr, sigkey='foo/bar !')
+                kojihub.add_rpm_sig(1, sighdr, sigkey=sigkey)

        self.assertEqual(len(self.inserts), 0)
        self.open.assert_not_called()
-        self.isdir.assert_called_once()
+        self.isdir.assert_called()


 class TestScanHeaderOnly(unittest.TestCase):