security: Fix ancestry validation to fail safely

vaind · vaind · commit e0b5a399b381 · 2025-09-18T23:07:44.000+02:00
- Return false instead of true when ancestry validation fails
- Change warning to error message for clarity
- Prevents potentially incorrect updates when validation is uncertain
- Follows fail-safe principle for security-critical operations
diff --git a/updater/scripts/cmake-functions.ps1 b/updater/scripts/cmake-functions.ps1
@@ -83,9 +83,9 @@ function Test-HashAncestry($repo, $oldHash, $newHash) {
         }
     }
     catch {
-        Write-Host "Warning: Could not validate ancestry for $oldHash -> $newHash : $_"
-        # When in doubt, allow the update (safer for automation)
-        return $true
+        Write-Host "Error: Could not validate ancestry for $oldHash -> $newHash : $_"
+        # When in doubt, fail safely to prevent incorrect updates
+        return $false
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -83,9 +83,9 @@ function Test-HashAncestry($repo, $oldHash, $newHash) {`
`83`	`83`	`}`
`84`	`84`	`}`
`85`	`85`	`catch {`
`86`		`- Write-Host "Warning: Could not validate ancestry for $oldHash -> $newHash : $_"`
`87`		`- # When in doubt, allow the update (safer for automation)`
`88`		`- return $true`
	`86`	`+ Write-Host "Error: Could not validate ancestry for $oldHash -> $newHash : $_"`
	`87`	`+ # When in doubt, fail safely to prevent incorrect updates`
	`88`	`+ return $false`
`89`	`89`	`}`
`90`	`90`	`}`
`91`	`91`