asf-tooling opened a new issue, #1058:
URL: https://github.com/apache/tooling-trusted-releases/issues/1058
**ASVS Level(s):** L2-only
**Description:**
### Summary
Workflow SSH keys are temporary credentials valid for 20 minutes. The
WorkflowSSHKey table includes an `expires` field that is checked during
authentication but never used to purge expired entries from the database.
Without auto-purging, the database accumulates expired key material that could
be exposed through database compromise or admin data browser. This violates the
requirement to "securely purge data after use".
### Details
The issue exists in `atr/storage/writers/ssh.py` lines 82-86 and the
`atr/models/sql.py` WorkflowSSHKey model. Expired keys remain in the database
indefinitely despite being functionally invalid.
### Recommended Remediation
Add periodic cleanup task to delete expired WorkflowSSHKey entries:
```python
# In atr/storage/writers/ssh.py or atr/tasks/cleanup.py
async def purge_expired_workflow_ssh_keys():
"""Delete expired WorkflowSSHKey entries from database."""
from datetime import datetime, timezone
from atr.models import sql
from atr.storage import db
now = datetime.now(timezone.utc)
async with db.session() as session:
result = await session.execute(
sql.delete(sql.WorkflowSSHKey).where(
sql.WorkflowSSHKey.expires < now
)
)
await session.commit()
deleted_count = result.rowcount
if deleted_count > 0:
log.info(f"Purged {deleted_count} expired workflow SSH keys")
# Schedule in task worker or add to before_serving hook
# In atr/server.py:
@app.before_serving
async def schedule_cleanup_tasks():
async def periodic_cleanup():
while True:
await asyncio.sleep(5 * 60) # Run every 5 minutes
await purge_expired_workflow_ssh_keys()
asyncio.create_task(periodic_cleanup())
```
### Acceptance Criteria
- [ ] Periodic cleanup task implemented for expired WorkflowSSHKey entries
- [ ] Task scheduled to run every 5 minutes
- [ ] Unit tests verify expired keys are deleted
- [ ] Unit tests verify non-expired keys are retained
- [ ] Integration tests verify cleanup task execution
- [ ] Logging added for cleanup operations
- [ ] Documentation updated with cleanup policy
### References
- Source reports: L2:14.2.2.md
- Related findings: None
- ASVS sections: 14.2.2
- CWE: CWE-459
### Priority
Medium
---
---
**Triage notes:** low - consider all-purpose daily tidy task
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
