impl: prompt the user if when signature verification fails

fioan89 · fioan89 · commit aeb79e582ee9 · 2025-07-16T00:39:13.000+03:00
Ask the user if he wants to accept the risk of running a potentially tampered
CLI when signature verification failed (i.e. we downloaded the signatures but either
it doesn't match or there were some error while computing the signature.
diff --git a/src/main/kotlin/com/coder/toolbox/cli/CoderCLIManager.kt b/src/main/kotlin/com/coder/toolbox/cli/CoderCLIManager.kt
@@ -9,6 +9,7 @@ import com.coder.toolbox.cli.ex.MissingVersionException
 import com.coder.toolbox.cli.ex.SSHConfigFormatException
 import com.coder.toolbox.cli.ex.UnsignedBinaryExecutionDeniedException
 import com.coder.toolbox.cli.gpg.GPGVerifier
+import com.coder.toolbox.cli.gpg.VerificationResult
 import com.coder.toolbox.cli.gpg.VerificationResult.Failed
 import com.coder.toolbox.cli.gpg.VerificationResult.Invalid
 import com.coder.toolbox.sdk.v2.models.Workspace
@@ -221,26 +222,21 @@ class CoderCLIManager(
                     }
 
                     else -> {
-                        val exception = when {
-                            result.isInvalid() -> {
-                                val reason = (result as Invalid).reason
-                                UnsignedBinaryExecutionDeniedException(
-                                    "Signature of ${cliResult.dst} is invalid." + reason?.let { " Reason: $it" }
-                                        .orEmpty()
-                                )
-                            }
-
-                            result.signatureIsNotFound() -> {
-                                UnsignedBinaryExecutionDeniedException(
-                                    "Can't verify signature of ${cliResult.dst} because ${signatureResult.dst} does not exist"
-                                )
-                            }
-
-                            else -> {
-                                UnsignedBinaryExecutionDeniedException((result as Failed).error.message)
-                            }
+                        logFailure(result, cliResult, signatureResult)
+                        // prompt the user if he wants to accept the risk
+                        val shouldRunAnyway = context.ui.showYesNoPopup(
+                            context.i18n.ptrl("Security Warning"),
+                            context.i18n.pnotr("Could not verify the authenticity of the ${cliResult.source}, it may be tampered with. Would you like to run it anyway?"),
+                            context.i18n.ptrl("Run anyway"),
+                            context.i18n.ptrl("Abort"),
+                        )
+
+                        if (shouldRunAnyway) {
+                            downloader.commit()
+                            return true
+                        } else {
+                            throw UnsignedBinaryExecutionDeniedException("Running unverified CLI from ${cliResult.source} was denied by the user")
                         }
-                        throw exception
                     }
                 }
             }
@@ -249,6 +245,30 @@ class CoderCLIManager(
         }
     }
 
+    private fun logFailure(
+        result: VerificationResult,
+        cliResult: Downloaded,
+        signatureResult: Downloaded
+    ) {
+        when {
+            result.isInvalid() -> {
+                val reason = (result as Invalid).reason
+                context.logger.error("Signature of ${cliResult.dst} is invalid." + reason?.let { " Reason: $it" }
+                    .orEmpty())
+            }
+
+            result.signatureIsNotFound() -> {
+                context.logger.error("Can't verify signature of ${cliResult.dst} because ${signatureResult.dst} does not exist")
+            }
+
+            else -> {
+                UnsignedBinaryExecutionDeniedException((result as Failed).error.message)
+                val failure = result as DownloadResult.Failed
+                context.logger.error(failure.error, "Failed to verify signature for ${cliResult.dst}")
+            }
+        }
+    }
+
     /**
      * Use the provided token to initializeSession the CLI.
      */
diff --git a/src/main/kotlin/com/coder/toolbox/cli/downloader/DownloadResult.kt b/src/main/kotlin/com/coder/toolbox/cli/downloader/DownloadResult.kt
@@ -19,7 +19,5 @@ sealed class DownloadResult {
 
     fun isFailed(): Boolean = this is Failed
 
-    fun isDownloaded(): Boolean = this is Downloaded
-
     fun isNotDownloaded(): Boolean = this !is Downloaded
 }
diff --git a/src/main/resources/localization/defaultMessages.po b/src/main/resources/localization/defaultMessages.po
@@ -161,4 +161,7 @@ msgid "Accept"
 msgstr ""
 
 msgid "Abort"
+msgstr ""
+
+msgid "Run anyway"
 msgstr ""

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,5 @@ sealed class DownloadResult {`
`19`	`19`
`20`	`20`	`fun isFailed(): Boolean = this is Failed`
`21`	`21`
`22`		`- fun isDownloaded(): Boolean = this is Downloaded`
`23`		`-`
`24`	`22`	`fun isNotDownloaded(): Boolean = this !is Downloaded`
`25`	`23`	`}`