Skip to content

fix(plugins): reject declared signatures when signing key is missing #1783#1987

Open
NaitikVerma6776 wants to merge 1 commit into
utksh1:mainfrom
NaitikVerma6776:issue-#1783
Open

fix(plugins): reject declared signatures when signing key is missing #1783#1987
NaitikVerma6776 wants to merge 1 commit into
utksh1:mainfrom
NaitikVerma6776:issue-#1783

Conversation

@NaitikVerma6776

Copy link
Copy Markdown
Contributor

Summary

  • Closes a security gap where plugins declaring a signature were accepted when SECUSCAN_PLUGIN_SIGNATURE_KEY was unset and global enforcement was off.
  • _verify_plugin_integrity now always requires the signing key when a signature is present.
  • Adds a regression test covering the enforcement-off path.

Closes #1783

Test plan

  • python -m pytest testing/backend/unit/test_plugin_validator.py::TestSecurityNegativeTests::test_declared_signature_requires_key_even_when_enforcement_off -v
  • python -m pytest testing/backend/unit/test_plugin_integrity.py -v
  • Existing plugin load tests still pass (no bundled plugins declare signatures today)

Require SECUSCAN_PLUGIN_SIGNATURE_KEY whenever a plugin declares a
signature, even if signature enforcement is disabled globally.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[#10] Signature declared but unverified is accepted at exec time

1 participant