Summary
policyengine-us downloads and executes the Taxsim binary without integrity verification.
Severity
Medium
Impact
If the upstream download or mirror is compromised, arbitrary code executes in developer or CI environments.
Affected code
policyengine_us/tools/taxsim/generate_taxsim_tests.py:119-127,147-152
Details
The executable is fetched over the network, written to disk, made executable, and then executed with no checksum or signature verification.
Expected behavior
Downloaded executables should be pinned to an expected digest or signature before execution.
Suggested remediation
- Require a pinned SHA-256 digest or signature verification step
- Refuse execution if verification metadata is missing or mismatched
- Add tests covering verification failure paths
Summary
policyengine-usdownloads and executes the Taxsim binary without integrity verification.Severity
Medium
Impact
If the upstream download or mirror is compromised, arbitrary code executes in developer or CI environments.
Affected code
policyengine_us/tools/taxsim/generate_taxsim_tests.py:119-127,147-152Details
The executable is fetched over the network, written to disk, made executable, and then executed with no checksum or signature verification.
Expected behavior
Downloaded executables should be pinned to an expected digest or signature before execution.
Suggested remediation