Skip to content

Commit 0ad2121

Browse files
fioan89fioan89
committed
impl: prompt user for allowing unverified binaries to run
This happens in the following cases: - if the deployment did not have any signatures and user decided to fallback on releases.coder.com but the fallback did not have any signature or we failed to download it. - similarly if the user does not want to fallback we still ask him if he wants to run the unverified cli
1 parent a8767d2 commit 0ad2121

File tree

1 file changed

+35
-24
lines changed

1 file changed

+35
-24
lines changed

src/main/kotlin/com/coder/toolbox/cli/CoderCLIManager.kt

Lines changed: 35 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -182,33 +182,44 @@ class CoderCLIManager(
182182
downloader.downloadSignature(showTextProgress)
183183
}
184184

185-
if (signatureResult.isNotDownloaded()) {
186-
context.logger.info("Trying to download signature file from releases.coder.com")
187-
signatureResult = withContext(Dispatchers.IO) {
188-
downloader.downloadReleasesSignature(buildVersion, showTextProgress)
189-
}
190-
}
191-
192-
// if we could not find any signature (404 or error) and the user wants to explicitly
193-
// confirm whether we run an unsigned cli
194185
if (signatureResult.isNotDownloaded()) {
195186
if (context.settingsStore.fallbackOnCoderForSignatures == ALLOW) {
196-
context.logger.warn("Running unsigned CLI from ${cliResult.source}")
197-
downloader.commit()
198-
return true
199-
} else {
200-
val acceptsUnsignedBinary = context.ui.showYesNoPopup(
201-
context.i18n.ptrl("Security Warning"),
202-
context.i18n.pnotr("Can't verify the integrity of the Coder CLI pulled from ${cliResult.source}"),
203-
context.i18n.ptrl("Accept"),
204-
context.i18n.ptrl("Abort"),
205-
)
206-
207-
if (acceptsUnsignedBinary) {
208-
downloader.commit()
209-
return true
187+
context.logger.info("Trying to download signature file from releases.coder.com")
188+
signatureResult = withContext(Dispatchers.IO) {
189+
downloader.downloadReleasesSignature(buildVersion, showTextProgress)
190+
}
191+
192+
// if we could still not download it, ask the user if he accepts the risk
193+
if (signatureResult.isNotDownloaded()) {
194+
val acceptsUnsignedBinary = context.ui.showYesNoPopup(
195+
context.i18n.ptrl("Security Warning"),
196+
context.i18n.pnotr("Could not fetch any signatures for ${cliResult.source} from releases.coder.com. Would you like to run it anyway?"),
197+
context.i18n.ptrl("Accept"),
198+
context.i18n.ptrl("Abort"),
199+
)
200+
201+
if (acceptsUnsignedBinary) {
202+
downloader.commit()
203+
return true
204+
} else {
205+
throw UnsignedBinaryExecutionDeniedException("Running unsigned CLI from ${cliResult.source} was denied by the user")
206+
}
210207
} else {
211-
throw UnsignedBinaryExecutionDeniedException("Running unsigned CLI from ${cliResult.source} was denied by the user")
208+
// we could not fetch signatures from releases.coder.com
209+
// so we will ask the user if he wants to continue
210+
val acceptsUnsignedBinary = context.ui.showYesNoPopup(
211+
context.i18n.ptrl("Security Warning"),
212+
context.i18n.pnotr("No signatures were found for ${cliResult.source} and fallback to releases.coder.com is not allowed. Would you like to run it anyway?"),
213+
context.i18n.ptrl("Accept"),
214+
context.i18n.ptrl("Abort"),
215+
)
216+
217+
if (acceptsUnsignedBinary) {
218+
downloader.commit()
219+
return true
220+
} else {
221+
throw UnsignedBinaryExecutionDeniedException("Running unsigned CLI from ${cliResult.source} was denied by the user")
222+
}
212223
}
213224
}
214225
}

0 commit comments

Comments
 (0)