Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault #4098

Merged
merged 4 commits into from
May 30, 2024
Merged

[PM-5938] Prevent permanent vault coruption on key-rotation with desycned vault #4098

merged 4 commits into from
May 30, 2024
+70 −25

Conversation

quexten
Copy link
Contributor

@quexten quexten commented May 17, 2024

Type of change

- [x] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Under specific circumstances, the local vault of the web client can be desynced (no full sync, or cipher decryption errors). Rotating keys in this state permanently corrupts the vault (Reproduction steps bitwarden/clients#7709). This PR adds a basic check to vault rotation that ensures if the update request has an obviously bad state (no ciphers at all in the request, but there are ciphers in the DB), the key rotation request is rejected.

Code changes

  • file.ext: Description of what was changed and why

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@quexten quexten requested a review from a team as a code owner May 17, 2024 12:37
@quexten quexten requested a review from jlf0dev May 17, 2024 12:37
@codecov Codecov
Copy link

codecov bot commented May 17, 2024
edited

Codecov Report

Attention: Patch coverage is 0% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 39.31%. Comparing base (fd173e8) to head (067ff5b).
Report is 4 commits behind head on main.

Files Patch % Lines
...le/Validators/OrganizationUserRotationValidator.cs 0.00% 0 Missing and 1 partial ⚠️
...uth/Validators/EmergencyAccessRotationValidator.cs 0.00% 0 Missing and 1 partial ⚠️
src/Api/Tools/Validators/SendRotationValidator.cs 0.00% 0 Missing and 1 partial ⚠️
...rc/Api/Vault/Validators/CipherRotationValidator.cs 0.00% 0 Missing and 1 partial ⚠️
...rc/Api/Vault/Validators/FolderRotationValidator.cs 0.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4098      +/-   ##
==========================================
+ Coverage   38.66%   39.31%   +0.65%     
==========================================
  Files        1209     1200       -9     
  Lines       58561    57973     -588     
  Branches     5594     5332     -262     
==========================================
+ Hits        22643    22794     +151     
+ Misses      34863    34127     -736     
+ Partials     1055     1052       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@quexten quexten mentioned this pull request May 17, 2024
Merged
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 17, 2024
edited

Logo
Checkmarx One – Scan Summary & Details5545d015-14cb-4713-a99a-01d023c1dd43

No New Or Fixed Issues Found

@quexten quexten requested review from a team as code owners May 17, 2024 14:53
@quexten
Copy link
Contributor Author

quexten commented May 30, 2024

Passed QA

@quexten quexten merged commit 0189952 into main May 30, 2024
49 checks passed
@quexten quexten deleted the auth/pm-5938/prevent-vault-coruption-on-desycned-vault branch May 30, 2024 09:08
cyprain-okeke pushed a commit that referenced this pull request May 31, 2024
@quexten @cyprain-okeke
[PM-5938] Prevent permanent vault coruption on key-rotation with desy…
dc33a6b 
…cned vault (#4098)

* Add check to verify the vault state for rotation is not obviously desynced (empty)

* Add unit test for key rotation guardrail

* Move de-synced vault detection to validators

* Add tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djsmith85 djsmith85 djsmith85 approved these changes

@LRNcardozoWDF LRNcardozoWDF LRNcardozoWDF approved these changes

@jlf0dev jlf0dev jlf0dev approved these changes

@r-tome r-tome r-tome approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@quexten @djsmith85 @LRNcardozoWDF @jlf0dev @r-tome