[runtime-threat-scan] install_antigravity_cli.sh: checksum bypass on 404 creates supply chain integrity gap

[github-actions]

Summary

setup/sh/install_antigravity_cli.sh downloads the Antigravity CLI binary from Google Cloud Storage and verifies it against a checksums.txt file fetched from the same bucket. When checksums.txt returns HTTP 404 the script emits a warning and proceeds to install the unverified binary anyway (lines 86-92).

Two compounding weaknesses

1. Same-source checksum: Both the tarball and its checksum file are fetched from (storage.googleapis.com/redacted) A bucket compromise that substitutes the binary can trivially also substitute a matching checksums.txt`, defeating the verification entirely.

2. 404 bypass installs without any check: If checksums.txt does not exist for the requested version, the script sets VERIFY_CHECKSUM=false and installs the binary with no integrity guarantee beyond HTTPS transport.

Affected code

# setup/sh/install_antigravity_cli.sh  lines 85-122
VERIFY_CHECKSUM=true
if [ "${CHECKSUMS_DOWNLOAD_STATUS}" = "404" ]; then
  echo "WARNING: checksums.txt not found ... skipping checksum verification."
  rm -f "${TEMP_DIR}/checksums.txt"
  VERIFY_CHECKSUM=false          # ← proceeds to install
elif ...

Recommended mitigations

• Short-term: Change the 404 path to exit 1 (fail closed). If a version ships without a checksums file, do not install.
• Long-term: Publish checksums (or a cosign signature) from an independent source (e.g., a GitHub release artifact on github/gh-aw-actions) rather than the same GCS bucket as the binary. Verify a detached signature instead of, or in addition to, the same-source checksum.

Generated by Daily Runtime Threat Scan for issue #150 · ● 44.5M · ◷