Closed mensfeld closed 3 years ago
Hi Maciej 👋 You are correct that we download resources from GitHub to execute:
And you are correct that we could hardcode and md5 hash (for example) into our codebase to verify the integrity of SwiftLint. We haven't done so because it hasn't been a priority; we rely on HTTPS to provide reasonable-ish security. For a tool that runs on CI servers, this has been sufficient.
That said, it would not be difficult to add an integrity check (and corresponding unit test). I'm going to leave this issue open in case anyone would like to add this.
Thank you. Much appreciated.
Hey,
My name is Maciej Mensfeld and I run a research security project called diffend.io.
I've noticed, that this library downloads some external resources and uses them. While it's a totally common pattern, what is lacking here is integrity verification.
You could verify the integrity of the downloaded file before using it by comparing the file hash to a hardcoded, expected file hash.
This is essentially what package managers do to verify the integrity of downloaded packages.
Doing this would prevent attack scenarios in which
SwiftLint
is manipulated.Have a great day :)