If a trusted_root with no tlog entries is provided, the verfier crashes with a standard python error.
See:
|
# this is an ugly hack needed for verifying "detached" materials |
|
# In reality we should be choosing the rekor instance based on the logid |
|
url = trusted_root._inner.tlogs[0].base_url |
Since the verifier documents its failures as VerificationError, a caller catching only VerificationError gets an uncaught crash. It's not security relevant both because the crash is blocking, and because it assume a likely malformed trusted_root (or is it supported to do a private sigstore deploy with no logs?).
The other verifiers (js/rs/go) seem to throw different failed verification errors for the same test case.
If a
trusted_rootwith no tlog entries is provided, the verfier crashes with a standard python error.See:
sigstore-python/sigstore/verify/verifier.py
Lines 89 to 91 in 2c74d8f
Since the verifier documents its failures as VerificationError, a caller catching only VerificationError gets an uncaught crash. It's not security relevant both because the crash is blocking, and because it assume a likely malformed trusted_root (or is it supported to do a private sigstore deploy with no logs?).
The other verifiers (js/rs/go) seem to throw different failed verification errors for the same test case.