Verify hashes when serving a file. Closes #532

inmanta · Oct 23, 2019 · a798438 · a798438
1 parent c1d6c42
commit a798438
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/inmanta/agent/handler.py b/src/inmanta/agent/handler.py
@@ -35,6 +35,7 @@
 from inmanta.data.model import AttributeStateChange
 from inmanta.protocol import Result
 from inmanta.types import SimpleTypes
+from inmanta.util import hash_file
 
 if typing.TYPE_CHECKING:
     import inmanta.agent.agent
@@ -710,7 +711,10 @@ def call() -> Result:
         if result.code == 404:
             return None
         elif result.code == 200:
-            return base64.b64decode(result.result["content"])
+            file_contents = base64.b64decode(result.result["content"])
+            if hash_id != hash_file(file_contents):
+                raise Exception(f"File hash verification failed, expected: {hash_id} but got {hash_file(file_contents)}")
+            return file_contents
         else:
             raise Exception("An error occurred while retrieving file %s" % hash_id)