[Nix#8982] Nix accepts invalid SRI hashes (MD5 and SHA-1) #114

New issue

Open

opened 2024-03-16 06:44:58 +00:00 by lix-bot · 3 comments

lix-bot commented

2024-03-16 06:44:58 +00:00

Member

Upstream-Issue: NixOS/nix#8982

Describe the bug

Nix accepts outputHash values that resemble the SRI hash format but use invalid hash-algo values, such as md5 or sha1. (hash-algo refering to the term in the SRI grammar)

Steps To Reproduce

Evaluate the following expressions:

fetchurl {
  url = "https://www.perdu.com";
  hash = "md5-rrdBU2a35b2PM2ZO+n/zGw==";
}

Expected behavior

Nix should error out, probably with something like « 'md5' is not an SRI hash algorithm. »

`nix-env --version` output

nix-env (Nix) 2.17.0

Additional context

The SRI hash format's specification refers to “CSP Level 2” for the definition of hash-algo and base64-value, as used in its grammar. In turn, the CSP spec defines hash-algo to be one of sha256, sha384 or sha512.
Furthermore, the SRI spec explicitly disallows MD5 and SHA-1:

User agents SHOULD refuse to support known-weak hashing functions like MD5 or SHA-1 and SHOULD restrict supported hashing functions to those known to be collision-resistant.

Priorities

Add 👍 to issues you find important.

Upstream-Issue: https://git.lix.systems/NixOS/nix/issues/8982 ## Describe the bug Nix accepts `outputHash` values that resemble the [SRI hash format] but use invalid `hash-algo` values, such as `md5` or `sha1`. (`hash-algo` refering to the term in the SRI grammar) [SRI hash format]: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute ## Steps To Reproduce Evaluate the following expressions: ```nix fetchurl { url = "https://www.perdu.com"; hash = "md5-rrdBU2a35b2PM2ZO+n/zGw=="; } ``` ## Expected behavior Nix should error out, probably with something like « 'md5' is not an SRI hash algorithm. » ## `nix-env --version` output nix-env (Nix) 2.17.0 ## Additional context - The [SRI hash format]'s specification refers to “CSP Level 2” for the definition of `hash-algo` and `base64-value`, as used in its grammar. In turn, the [CSP spec] defines `hash-algo` to be one of `sha256`, `sha384` or `sha512`. - Furthermore, the SRI spec [explicitly disallows] MD5 and SHA-1: >User agents SHOULD refuse to support known-weak hashing functions like MD5 or SHA-1 and SHOULD restrict supported hashing functions to those known to be collision-resistant. [CSP spec]: https://www.w3.org/TR/CSP2/#source-list-valid-hashes [explicitly disallows]: https://w3c.github.io/webappsec-subresource-integrity/#hash-functions ## Priorities Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

lix-bot added the

bug

imported

labels 2024-03-16 06:44:58 +00:00

jade added the

E/easy

E/help wanted

labels 2024-03-18 16:21:47 +00:00

jade commented

2024-03-25 05:09:02 +00:00

Owner

We don't think these have any usage, even though they are in principle accepted. Nixpkgs rejects them, for instance: 1cabb1c445/pkgs/test/stdenv/default.nix (L145-L152)

We don't think these have any usage, even though they are in principle accepted. Nixpkgs rejects them, for instance: https://github.com/nixos/nixpkgs/blob/1cabb1c445f8d535f66fa949362b973832f2ea2f/pkgs/test/stdenv/default.nix#L145-L152

lix-bot commented

2024-10-25 18:46:05 +00:00

Author

Member

This issue was mentioned on Gerrit on the following CLs:

commit message in cl/2110 ("Reject weak hash algorithms as SRIs, and warn in any other cases")
comment in cl/2110 ("Reject weak hash algorithms as SRIs, and warn in any other cases")

This issue was mentioned on Gerrit on the following CLs: * commit message in [cl/2110](https://gerrit.lix.systems/c/lix/+/2110) ("Reject weak hash algorithms as SRIs, and warn in any other cases") * comment in [cl/2110](https://gerrit.lix.systems/c/lix/+/2110) ("Reject weak hash algorithms as SRIs, and warn in any other cases")