forked from open-policy-agent/opa
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bundle: Roundtrip manifest before hashing
When OPA verifies the content of the manifest file, it first parses it into a JSON structure and then recursively orders the fields of all objects alphabetically and then applies the hash function. The same process was not followed while generating the hash for the manifest content which would result in a digest mismatch during verification. This can be observed with a manifest that contains metadata. Fixes: open-policy-agent#4233 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
- Loading branch information
1 parent
a75b74d
commit e011c15
Showing
2 changed files
with
17 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters