TOCTOU in pipelines
Definition
TOCTOU (Time-of-Check to Time-of-Use) is a race condition vulnerability that occurs when a system checks a condition and then uses the result of that check, but the state of the system changes between the check and the use. In CI/CD pipelines, this can manifest when a security check is performed on a codebase or dependency, but the code or dependency is altered before it is deployed or executed, potentially introducing vulnerabilities.
Secure Settings Example
# Example of a secure CI/CD pipeline configuration using checksums
stages:
- build
- test
- deploy
build:
script:
- echo "Building application..."
- CHECKSUM=$(sha256sum application.tar.gz)
- echo "$CHECKSUM" > checksum.txt
test:
script:
- echo "Testing application..."
- CHECKSUM=$(sha256sum application.tar.gz)
- diff <(echo "$CHECKSUM") checksum.txt || exit 1
deploy:
script:
- echo "Deploying application..."
- CHECKSUM=$(sha256sum application.tar.gz)
- diff <(echo "$CHECKSUM") checksum.txt || exit 1
- ./deploy.sh
Insecure Settings Example
# Example of an insecure CI/CD pipeline configuration without integrity checks
stages:
- build
- test
- deploy
build:
script:
- echo "Building application..."
- tar -czf application.tar.gz .
test:
script:
- echo "Testing application..."
- ./test.sh
deploy:
script:
- echo "Deploying application..."
- ./deploy.sh