This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch arm
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/arm by this push:
new baaf563f #676 Validate exp and nbp when loading pydantic model for
Github token.
baaf563f is described below
commit baaf563f607fc2a0a0aedec86bb925ca9c207b25
Author: Alastair McFarlane <[email protected]>
AuthorDate: Thu Mar 12 14:32:51 2026 +0000
#676 Validate exp and nbp when loading pydantic model for Github token.
---
atr/models/github.py | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/atr/models/github.py b/atr/models/github.py
index d20ac73f..e31cdd42 100644
--- a/atr/models/github.py
+++ b/atr/models/github.py
@@ -17,6 +17,10 @@
from __future__ import annotations
+import time
+
+import pydantic
+
from . import schema
@@ -51,3 +55,19 @@ class TrustedPublisherPayload(schema.Subset):
workflow: str
workflow_ref: str
workflow_sha: str
+
+ @pydantic.field_validator("exp")
+ @classmethod
+ def _validate_exp(cls, value: int) -> int:
+ now = int(time.time())
+ if now > value:
+ raise pydantic.ValidationError("Token has expired")
+ return value
+
+ @pydantic.field_validator("nbf")
+ @classmethod
+ def _validate_nbf(cls, value: int | None) -> int | None:
+ now = int(time.time())
+ if value and now < value:
+ raise pydantic.ValidationError("Token not yet valid")
+ return value
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
