asf-tooling opened a new issue, #1041:
URL: https://github.com/apache/tooling-trusted-releases/issues/1041
**ASVS Level(s):** [L1]
**Description:**
### Summary
The admin route for regenerating KEYS files across all committees uses
`as_committee_member_outcome()` instead of `as_committee_admin_outcome()`,
causing the operation to silently skip committees where the admin is not a PMC
member. This undermines the admin's ability to perform security-critical
operations across all committees and provides no error indication of incomplete
operations. This results in incomplete KEYS file regeneration when an admin
(who should have authority over all committees) is not a member of specific
committees.
### Details
Affected locations:
- `atr/admin/__init__.py` line 411: Uses as_committee_member_outcome()
- `atr/admin/__init__.py` line 392: delete_test_openpgp_keys_get uses same
pattern
The admin route uses committee member authorization instead of admin
authorization, causing silent failures for committees where admin is not a
member.
### Recommended Remediation
Replace `write.as_committee_member_outcome(committee_key)` with
`write.as_committee_admin_outcome(committee_key)` and report authorization
failures in the outcomes list instead of silently skipping:
```python
async def keys_regenerate_all_post():
outcomes = []
for committee_key in all_committees:
async with write.as_committee_admin_outcome(committee_key) as
outcome:
# Regenerate KEYS file
await regenerate_keys_file(committee_key)
outcome.success = True
# Report outcome (success or authorization failure)
outcomes.append({
'committee': committee_key,
'success': outcome.success,
'error': outcome.error if not outcome.success else None
})
return outcomes
```
Add detailed status reporting to indicate which committees were successfully
regenerated and which failed. This matches the pattern used in other admin
routes like `delete_release_post` at line 180.
### Acceptance Criteria
- [ ] Admin routes use admin authorization context
- [ ] Authorization failures are reported, not silently skipped
- [ ] All committees are processed with clear success/failure status
- [ ] Test cases verify admin authorization
- [ ] Unit test verifying the fix
### References
- Source reports: L1:8.2.1.md, L1:8.2.2.md
- Related findings: FINDING-145
- ASVS sections: 8.2.1, 8.2.2
### Priority
Medium
---
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
