Skip to content

fix: validate exact D3 preview bundle members#58

Merged
Pigbibi merged 2 commits into
mainfrom
codex/qar-d3-exact-bundle-validator
Jul 15, 2026
Merged

fix: validate exact D3 preview bundle members#58
Pigbibi merged 2 commits into
mainfrom
codex/qar-d3-exact-bundle-validator

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Scope

Fresh reslice after frozen PR #57. Evidence-only representative daily fixture workflow; no production trust, Pages, publisher, weekly/monthly, legacy, identity, store, or migration behavior.

Contract

A single pure validate_exact_bundle helper is used by both builder-side evidence generation and downloaded verifier before any member read/hash/acceptance. It requires exactly manifest.json, report.html, and report.json; each must be an lstat regular file with one link. Extra/missing files, hidden/normal extras, symlinks, hardlinks, directories, FIFOs, and devices fail closed.

PR #57 capabilities are retained: tool-agnostic ordinary CI, deterministic PR/dispatch inputs, real base/head SHA binding, locked uv/dependency evidence, PEP 503 distributions, private workspace, explicit artifact paths, and upload/download/readback.

Source-of-truth: /Users/lisiyi/Documents/Codex/2026-07-14/ba-2/outputs/qar_d3_exact_bundle_validator_reslice_design_v1_2026-07-15.md

Co-Authored-By: Codex <noreply@openai.com>
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

🤖 Codex PR Review

Merge allowed: blocking findings were cleared by independent Codex arbitration

⚖️ Codex Review Arbitration

clear: The prior blocking issue is demonstrably fixed by the current source-of-truth diff. scripts/d3_evidence.py no longer returns validated path names from validate_exact_bundle(): it opens the bundle directory with O_DIRECTORY|O_NOFOLLOW, opens each required member with O_NOFOLLOW relative to that directory FD, verifies each file with fstat, reads the bytes immediately from the opened FD, and returns an immutable BundleSnapshot containing member bytes and hashes. The current callers in scripts/d3_build_daily_preview.py and scripts/d3_verify_daily_preview.py then operate on those in-memory snapshot bytes via validate_preview_snapshot() and _bundle_hashes()/_hashes(), rather than reopening filesystem paths after validation. That removes the specific validate-then-reopen TOCTOU/symlink swap vulnerability described in the prior blocking finding.

ℹ️ Other Findings

1. 🟡 [MEDIUM] Reliability in scripts/d3_evidence.py

validate_exact_bundle reads each bundle member into a chunks list and then builds a second full in-memory copy with b"".join(chunks). If report.html or report.json is unexpectedly large, the builder and verifier can each consume roughly twice the file size in RAM while validating, which is enough to OOM the 2 GB GitHub runner and fail the workflow instead of cleanly rejecting the artifact. (line 77)

Suggestion: Add an explicit maximum allowed size for each bundle member before buffering, or switch to a bounded streaming approach that hashes and stores bytes without creating duplicate full-size in-memory copies.


Review by Codex PR Review bot • PR

Co-Authored-By: Codex <noreply@openai.com>
@Pigbibi Pigbibi merged commit ff915ae into main Jul 15, 2026
5 checks passed
@Pigbibi Pigbibi deleted the codex/qar-d3-exact-bundle-validator branch July 15, 2026 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant