-
Notifications
You must be signed in to change notification settings - Fork 148
Security: policy_checks.py silently bypasses enforcement on malformed YAML #936
Copy link
Copy link
Open
Labels
area/audit-policyapm-policy.yml schema, custom_checks, install-time enforcement.apm-policy.yml schema, custom_checks, install-time enforcement.area/docs-sitedocs/src/content (Starlight), README, doc generation.docs/src/content (Starlight), README, doc generation.priority/highShips in current or next milestoneShips in current or next milestonequalitysecurityDeprecated: use theme/security. Kept for issue history; will be removed in milestone 0.10.0.Deprecated: use theme/security. Kept for issue history; will be removed in milestone 0.10.0.status/acceptedDirection approved, safe to start work.Direction approved, safe to start work.status/triagedInitial agentic triage complete; pending maintainer ratification (silence = approval).Initial agentic triage complete; pending maintainer ratification (silence = approval).theme/securitySecure by default. Content scanning, lockfile integrity, MCP trust boundaries.Secure by default. Content scanning, lockfile integrity, MCP trust boundaries.type/bugSomething does not work as documented.Something does not work as documented.
Milestone
Description
Metadata
Metadata
Assignees
Labels
area/audit-policyapm-policy.yml schema, custom_checks, install-time enforcement.apm-policy.yml schema, custom_checks, install-time enforcement.area/docs-sitedocs/src/content (Starlight), README, doc generation.docs/src/content (Starlight), README, doc generation.priority/highShips in current or next milestoneShips in current or next milestonequalitysecurityDeprecated: use theme/security. Kept for issue history; will be removed in milestone 0.10.0.Deprecated: use theme/security. Kept for issue history; will be removed in milestone 0.10.0.status/acceptedDirection approved, safe to start work.Direction approved, safe to start work.status/triagedInitial agentic triage complete; pending maintainer ratification (silence = approval).Initial agentic triage complete; pending maintainer ratification (silence = approval).theme/securitySecure by default. Content scanning, lockfile integrity, MCP trust boundaries.Secure by default. Content scanning, lockfile integrity, MCP trust boundaries.type/bugSomething does not work as documented.Something does not work as documented.
Type
Projects
Status
Todo
Summary
src/apm_cli/policy/policy_checks.pyat approximately line 30 silently bypasses policy enforcement when the YAML policy file is malformed. Instead of raising an error or warning, the function returns a permissive default, effectively disabling all policy checks.Context
Identified during Round 2 of the APM codebase quality audit (PR #918 discussion). The APM CEO flagged this as a supply-chain security concern: a malformed policy file (whether accidental or crafted) should NOT result in all checks being silently skipped.
Expected behaviour
When a policy YAML file fails to parse, the system should:
Current behaviour
A malformed YAML file causes the parser to return a default/empty policy object, which passes all checks. No warning is emitted.
Security impact
An attacker who can introduce a subtly malformed policy file (e.g., via a PR to a shared policy repo) could disable all policy enforcement for downstream consumers without any visible indication.
Recommended approach
logger.debug) when falling back to permissive defaultsRelated