Merge commit from fork

jku · web-flow · commit 5e77497fe8f0 · 2026-01-26T09:16:18.000-05:00
* Add state validation to OIDC flow to prevent CSRF

The OIDC flow in did not verify the `state` parameter returned by the
identity provider against the state sent in the request. This could
allow tricking the user into using an authorization code obtained by
the attacker.

All of the response parsing should arguably be moved to
_OAuthRedirectServer (to hide the details from `sigstore.oidc`) but
I wanted to keep this fix minimal.

Test generated by AI.

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;

* CHANGELOG: Mention CSRF fix

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;

---------

Signed-off-by: Jussi Kukkonen &lt;jkukkonen@google.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,9 @@ All versions prior to 0.9.0 are untracked.
 
 ### Fixed
 
+* Add state validation to OIDC flow to prevent Cross-site request forgery
+  during OIDC authorization
+  ([GHSA-hm8f-75xx-w2vr](https://github.com/sigstore/sigstore-python/security/advisories/GHSA-hm8f-75xx-w2vr))
 * verification now ensures that artifact digest documented in bundle and the real digest match
   (this is a bundle consistency check: bundle signature was always verified over real digest)
   ([#1652](https://github.com/sigstore/sigstore-python/pull/1652))
diff --git a/sigstore/_internal/oidc/oauth.py b/sigstore/_internal/oidc/oauth.py
@@ -182,6 +182,10 @@ def __init__(self, client_id: str, client_secret: str, issuer: Issuer):
             base64.urlsafe_b64encode(os.urandom(32)).rstrip(b"=").decode()
         )
 
+    @property
+    def state(self) -> str:
+        return self._state
+
     @property
     def code_challenge(self) -> str:
         return B64Str(
diff --git a/sigstore/oidc.py b/sigstore/oidc.py
@@ -312,6 +312,10 @@ def identity_token(  # nosec: B107
                     raise IdentityError(
                         f"Error response from auth endpoint: {auth_error[0]}"
                     )
+
+                if server.auth_response["state"][0] != server.oauth_session.state:
+                    raise IdentityError("OAuth state mismatch")
+
                 code = server.auth_response["code"][0]
             else:
                 # In the out-of-band case, we wait until the user provides the code
diff --git a/test/unit/internal/oidc/test_issuer.py b/test/unit/internal/oidc/test_issuer.py
@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from unittest.mock import MagicMock, patch
+
 import pytest
 
 from sigstore.oidc import IdentityError, Issuer, IssuerError
@@ -34,3 +36,59 @@ def test_get_identity_token_bad_code(monkeypatch):
     monkeypatch.setattr("builtins.input", lambda _: "hunter2")
     with pytest.raises(IdentityError, match=r"^Token request failed with .+$"):
         Issuer("https://oauth2.sigstage.dev/auth").identity_token(force_oob=True)
+
+
+def test_identity_token_csrf_protection():
+    """
+    Verify that identity_token() raises IdentityError when the returned state
+    does not match the session state (CSRF protection).
+    """
+    with (
+        patch("sigstore.oidc.webbrowser.open"),
+        patch("sigstore._internal.oidc.oauth._OAuthFlow") as MockOAuthFlow,
+        patch("sigstore.oidc.requests.Session") as MockSession,
+        patch("sigstore.oidc.IdentityToken"),
+    ):
+        # Setup the mock server returned by _OAuthFlow context manager
+        mock_server = MagicMock()
+        MockOAuthFlow.return_value.__enter__.return_value = mock_server
+
+        # Simulate a mismatching state
+        original_state = "original-secure-state"
+        malicious_state = "malicious-state"
+
+        # The session has the original state (we mock the property access)
+        # Since we added a property 'state', we need to make sure the mock returns it.
+        # But here we are mocking the whole server object.
+        # server.oauth_session.state
+        mock_server.oauth_session.state = original_state
+
+        mock_server.is_oob.return_value = False
+        mock_server.base_uri = "http://localhost:12345"
+        mock_server.redirect_uri = "http://localhost:12345/callback"
+
+        # The auth response simulates what the redirect handler receives
+        mock_server.auth_response = {
+            "code": ["fake-code"],
+            "state": [malicious_state],
+        }
+
+        # Mock responses for Issuer initialization and token exchange
+        mock_session_instance = MockSession.return_value
+
+        # Mock .well-known/openid-configuration response
+        mock_config_response = MagicMock()
+        mock_config_response.json.return_value = {
+            "authorization_endpoint": "https://auth.example.com",
+            "token_endpoint": "https://token.example.com",
+        }
+        mock_config_response.raise_for_status.return_value = None
+
+        mock_session_instance.get.side_effect = [mock_config_response]
+
+        # Initialize Issuer
+        issuer = Issuer("https://issuer.example.com")
+
+        # Call identity_token() and expect IdentityError due to state mismatch
+        with pytest.raises(IdentityError, match="OAuth state mismatch"):
+            issuer.identity_token()
