Refactor checking of hashes embedded in user-provided URLs #11923
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sbidoul
force-pushed
the
refactor-link-hash-checking
branch
from
d4d195a to
54a90b8
Compare
1 task
This better reflects the purpose.
sbidoul
force-pushed
the
refactor-link-hash-checking
branch
from
54a90b8 to
87a4991
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some URLs can contain hashes, like so: https://example.com/archive-1.0.tar.gz#sha256=abcdef...
Such URLs can be provided by the user, in which case the hash must be considered good, and the dowloaded resource verified against that hash.
Such URLs can also be obtained from indexes, in which case the hash must be verified, but not trusted.
The
hashes()method ofInstallRequirementsis extremely sensitive to whether original_link is set or not.It is also very hard (to me) to understand when and why
trust_internetmust be True or False.While working on #11897 I found that it was very easy to break hash checking just by trying to preserve
req.original_linkafter obtaining a cache entry.So I propose this refactoring that achieves the same behaviour in a more robust way, by extending hash_options with the hash passed in the link URL when we are certain that such a link is user provided.
Creating as draft to check tests pass and I'm still sane of mind... Not ready to review.