search

JacksonQu / Software-Supply-Chain-Security-Assignment1

GNU General Public License v3.0
0 stars 0 forks source link

Filepath validation for artifact_filepath #5

Open Samkit-shah opened 1 month ago

Samkit-shah commented 1 month ago

https://github.com/JacksonQu/Software-Supply-Chain-Security-Assignment1/blob/d446488fdbda84f8264478efa141aa9ba9dba792/main.py#L50

There is currently no check to verify whether the artifact_filepath actually points to a valid file. It's important to add this validation because, in theverify_artifact_signature function from the util file, the file is directly opened without checking if it exists or is accessible. This could result in the function breaking if the file is invalid or missing.

JacksonQu commented 1 month ago

Fixed in branch origin/fix-issue-5