Handle invalid base64 in SRI #23410

benjaminp · 2024-08-22T23:47:38Z

Previously, invalid base64 would crash the Bazel server.

fmeum · 2024-08-23T07:20:44Z

src/main/java/com/google/devtools/build/lib/bazel/repository/downloader/Checksum.java

+    try {
+      return Base64.getDecoder().decode(data);
+    } catch (IllegalArgumentException e) {
+      throw new InvalidChecksumException("Invalid base64 " + data, e);


Suggested change

throw new InvalidChecksumException("Invalid base64 " + data, e);

throw new InvalidChecksumException("Invalid base64: " + data, e);

Clarifies where the invalid base64 starts as it might be very invalid.

I will put the value in quotes since that's what the other error messages in this file do.

Previously, invalid base64 would crash the Bazel server.

meteorcloudy

Thanks for the fix!

fmeum · 2024-08-26T07:44:19Z

@bazel-io fork 7.4.0

Previously, invalid base64 would crash the Bazel server. Closes bazelbuild#23410. PiperOrigin-RevId: 667624565 Change-Id: I7b6b834fd291e9a3dae59df88b29bb378e7663a3

Previously, invalid base64 would crash the Bazel server. Closes #23410. PiperOrigin-RevId: 667624565 Change-Id: I7b6b834fd291e9a3dae59df88b29bb378e7663a3 Commit 1b0ed28 --------- Co-authored-by: Benjamin Peterson <[email protected]> Co-authored-by: Yun Peng <[email protected]>

iancha1992 · 2024-10-11T21:17:16Z

The changes in this PR have been included in Bazel 7.4.0 RC1. Please test out the release candidate and report any issues as soon as possible.
If you're using Bazelisk, you can point to the latest RC by setting USE_BAZEL_VERSION=7.4.0rc1. Thanks!

github-actions bot added team-ExternalDeps External dependency handling, remote repositiories, WORKSPACE file. awaiting-review PR is awaiting review from an assigned reviewer labels Aug 22, 2024

fmeum requested a review from meteorcloudy August 23, 2024 07:18

fmeum approved these changes Aug 23, 2024

View reviewed changes

Handle invalid base64 in SRI

3322d6d

Previously, invalid base64 would crash the Bazel server.

benjaminp force-pushed the checksum-invalid-base64 branch from ccf0907 to 3322d6d Compare August 23, 2024 13:56

meteorcloudy approved these changes Aug 26, 2024

View reviewed changes

meteorcloudy added awaiting-PR-merge PR has been approved by a reviewer and is ready to be merge internally and removed awaiting-review PR is awaiting review from an assigned reviewer labels Aug 26, 2024

bazel-io mentioned this pull request Aug 26, 2024

[7.4.0] Handle invalid base64 in SRI #23419

Closed

copybara-service bot closed this in 1b0ed28 Aug 26, 2024

github-actions bot removed the awaiting-PR-merge PR has been approved by a reviewer and is ready to be merge internally label Aug 26, 2024

bazel-io pushed a commit to bazel-io/bazel that referenced this pull request Aug 26, 2024

Handle invalid base64 in SRI

c87d804

Previously, invalid base64 would crash the Bazel server. Closes bazelbuild#23410. PiperOrigin-RevId: 667624565 Change-Id: I7b6b834fd291e9a3dae59df88b29bb378e7663a3

bazel-io mentioned this pull request Aug 26, 2024

[7.4.0] Handle invalid base64 in SRI #23425

Merged

benjaminp deleted the checksum-invalid-base64 branch August 26, 2024 17:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle invalid base64 in SRI #23410

Handle invalid base64 in SRI #23410

benjaminp commented Aug 22, 2024

fmeum Aug 23, 2024

benjaminp Aug 23, 2024

meteorcloudy left a comment

fmeum commented Aug 26, 2024

iancha1992 commented Oct 11, 2024

	throw new InvalidChecksumException("Invalid base64 " + data, e);
	throw new InvalidChecksumException("Invalid base64: " + data, e);

Handle invalid base64 in SRI #23410

Handle invalid base64 in SRI #23410

Conversation

benjaminp commented Aug 22, 2024

fmeum Aug 23, 2024

Choose a reason for hiding this comment

benjaminp Aug 23, 2024

Choose a reason for hiding this comment

meteorcloudy left a comment

Choose a reason for hiding this comment

fmeum commented Aug 26, 2024

iancha1992 commented Oct 11, 2024