Fix (high): bind applyUpdate to the reviewed manifest hash#797
Open
Rigidity wants to merge 1 commit into
Open
Conversation
appUpdate.applyUpdate re-read whatever pending update was currently staged on the app and applied the user's reviewed permission grants to it. Between appUpdate.getReviewContext and applyUpdate the background update checker can replace the pending update with a newer manifest that requests different permissions, so the grants the user reviewed could be applied to a manifest they never saw. Require applyUpdate callers to pass the reviewed manifest hash and refuse to apply if the current pending update no longer matches it. The automatic/background apply paths pass None and are unaffected. The update review builtin app now forwards the pending update's manifest hash.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Severity: High (H4)
Problem
appUpdate.applyUpdatere-reads whatever pending update is currently staged on the app (preflight.pending) and applies the user's reviewed permission grants (additionalGrantedPermissions) to it. BetweenappUpdate.getReviewContext(what the user reviews) andapplyUpdate(what runs), the background update checker can replace the pending update with a newer manifest requesting different permissions. The grants the user reviewed then get applied to a manifest they never saw — a review/apply TOCTOU.Fix
AppUpdateApplyUpdateParamsgainsreviewed_manifest_hash.apply_app_update_innertakes anexpected_manifest_hash: Option<String>and, when set, refuses to apply ifpreflight.pending.manifest_hash()no longer matches (error asks the user to re-check).try_auto_apply_pending_update,apps_apply_app_updatecommand) passNoneand are unaffected.state.app.pendingUpdate.manifestHash(the manifest whose decision/permissions it displayed).Files
crates/sage-apps/src/lifecycle/update/apply.rs,.../update/commands.rscrates/sage-apps/src/bridge/methods/system/app_update/apply_update.rsbuiltin-apps/src/system/apps/app-update/src/components/UpdateReviewBody.tsxNo local build (per request); relying on CI. (SDK
generated-types.tsis gitignored and regenerated from the Rust types.)Note
Medium Risk
Touches permission-granting update apply logic, but the change tightens security (hash binding) and leaves non-interactive apply paths unchanged.
Overview
Closes a review/apply TOCTOU: user-confirmed permission grants could be applied to a newer pending manifest if the background update checker swapped the staged update between review and
applyUpdate.appUpdate.applyUpdatenow requiresreviewedManifestHash.apply_app_update_innercompares it to the current pending update’s manifest hash and fails with a message to re-check when they differ. The update-review UI sendsstate.app.pendingUpdate.manifestHashon confirm.Auto-apply paths (
try_auto_apply_pending_update,apps_apply_app_update) passNonefor the hash and behave as before.Reviewed by Cursor Bugbot for commit 0554b49. Bugbot is set up for automated code reviews on this repo. Configure here.