Verify that marksdb verify URL starts with ry.marksdb.org#3115
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
CydeWeys
left a comment
CydeWeys
left a comment
There was a problem hiding this comment.
It sounds like the hostname shouldn't be configurable at all then? Just make the configuration option be the path?
@CydeWeys made 1 comment.
Reviewable status: 0 of 8 files reviewed, all discussions resolved.
gbrodman
left a comment
gbrodman
left a comment
There was a problem hiding this comment.
Kinda yeah, but that'd require chopping apart the URL that we're provided by marksdb in the NordnUploadTask just to put it back together again here.
@gbrodman made 1 comment.
Reviewable status: 0 of 8 files reviewed, all discussions resolved.
CydeWeys
left a comment
CydeWeys
left a comment
There was a problem hiding this comment.
@CydeWeys made 1 comment.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on gbrodman).
core/src/main/java/google/registry/tmch/NordnVerifyAction.java line 112 at r2 (raw file):
LordnLog verify() throws IOException, GeneralSecurityException { String host = Ascii.toLowerCase(url.getHost()); checkArgument(host.startsWith(MARKSDB_URL_BEGINNING), "Bad URL: %s", url);
Expand on the error message here, and/or add comments?
Under what scenario would the host not start with what it's supposed to?
gbrodman
left a comment
gbrodman
left a comment
There was a problem hiding this comment.
@gbrodman made 1 comment.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on CydeWeys).
core/src/main/java/google/registry/tmch/NordnVerifyAction.java line 112 at r2 (raw file):
Previously, CydeWeys (Ben McIlwain) wrote…
Expand on the error message here, and/or add comments?
Under what scenario would the host not start with what it's supposed to?
if someone manages to do an attack that makes it through the other layers of security, basically. It's not likely.
CydeWeys
left a comment
CydeWeys
left a comment
There was a problem hiding this comment.
@CydeWeys made 1 comment.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on gbrodman).
core/src/main/java/google/registry/tmch/NordnVerifyAction.java line 112 at r2 (raw file):
Previously, gbrodman wrote…
if someone manages to do an attack that makes it through the other layers of security, basically. It's not likely.
What kind of attack? What's the threat model exactly?
gbrodman
left a comment
gbrodman
left a comment
There was a problem hiding this comment.
@gbrodman made 1 comment.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on CydeWeys).
core/src/main/java/google/registry/tmch/NordnVerifyAction.java line 112 at r2 (raw file):
Previously, CydeWeys (Ben McIlwain) wrote…
What kind of attack? What's the threat model exactly?
If someone manages to spoof our auth successfully they could spoof a URL to which we'd send our marksdb credentials
CydeWeys
left a comment
CydeWeys
left a comment
There was a problem hiding this comment.
@CydeWeys made 2 comments.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on gbrodman).
core/src/main/java/google/registry/tmch/NordnVerifyAction.java line 112 at r2 (raw file):
Previously, gbrodman wrote…
If someone manages to spoof our auth successfully they could spoof a URL to which we'd send our marksdb credentials
Or presumably if they partially compromised Marksdb's servers, they could use this to then compromise clients' credentials as well?
3 participants
This change is