Do not download invalid WASM modules

kubewarden / policy-fetcher

Crate used by Kubewarden that is able to pull policies from OCI registries and HTTP servers.

https://kubewarden.io

Apache License 2.0

8 stars 8 forks source link

Do not download invalid WASM modules #15

Closed ereslibre closed 2 years ago

ereslibre commented 3 years ago

When an HTTP server or OCI registry does not report an error, and instead returns a 200 HTTP status when downloading the Wasm module, contents are downloaded blindly and put into the store.

This should not happen, and we should double check that what we downloaded is a valid Wasm module, and error out if it's not the case.

raulcabello commented 2 years ago

This also happens when the http server returns a not found error 404. Therefore users who made a typo in the url will experience this problem.

Steps to reproduce:

kwctl pull https://github.com/kubewarden/pod-privileged-policy/releases/download/v0.1.9/policynotfound
Then kwctl policies
Error: Bad magic number (at offset 0)