Open Bug 1511507 Opened 4 years ago

Content verification for partial clone data fetching code in robustcheckout

Categories

(Developer Services :: Mercurial: hg.mozilla.org, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: gps, Assigned: gps)

References

(Blocks 1 open bug)

Details

robustcheckout is performing Mercurial wire protocol requests to retrieve raw file data for specific revisions (e.g. to resolve the set of files in a sparse profile). Per discussions with kang, we need to validate the hashes of retrieved data before operating on the data in order to preserve existing content integrity protections of Mercurial.

(Mercurial validates hashes on store reads. But since we're fetching data from the wire protocol without going through the store APIs, there is the potential for the data to be corrupted over the wire.)

As part of implementing this, we should have a test that ensures that tampered data is detected and the client refuses to operate on it.
You need to log in before you can comment on or make changes to this bug.