Skip to content

Moving Away from SHA1 to SHA512 (Security)#527

Closed
shantanubansal wants to merge 9 commits into
stakater:masterfrom
shantanubansal:master
Closed

Moving Away from SHA1 to SHA512 (Security)#527
shantanubansal wants to merge 9 commits into
stakater:masterfrom
shantanubansal:master

Conversation

@shantanubansal

Copy link
Copy Markdown

No description provided.

@shantanubansal

Copy link
Copy Markdown
Author

@stakater-user @faizanahmad055 Can you please review this?

@github-actions

Copy link
Copy Markdown

@shantanubansal Yikes! You better fix it before anyone else finds out! Build has Failed!

@shantanubansal shantanubansal changed the title Moving Away from SHA1 to SHA512 (Security) Moving Away from SHA1 to SHA512 (Security) and Other Dependency Updates Sep 14, 2023
@github-actions

Copy link
Copy Markdown

@shantanubansal Yikes! You better fix it before anyone else finds out! Build has Failed!

@shantanubansal shantanubansal changed the title Moving Away from SHA1 to SHA512 (Security) and Other Dependency Updates Moving Away from SHA1 to SHA512 (Security) Sep 14, 2023
@github-actions

Copy link
Copy Markdown

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-91e5ad5a

@github-actions

Copy link
Copy Markdown

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-f40824d9

@shantanubansal

Copy link
Copy Markdown
Author

@karl-johan-grahn Can you please approve this PR?

@shantanubansal

Copy link
Copy Markdown
Author

@waseem-h @ahmedwaleedmalik @stakater-user @faizanahmad055 @karl-johan-grahn Can anyone of you please approve or review the PR?

@ravi-k8

ravi-k8 commented Sep 15, 2023

Copy link
Copy Markdown

/lgtm

@ahmedwaleedmalik

Copy link
Copy Markdown
Contributor

@shantanubansal please refrain from tagging individuals directly. I'm no longer working on this project.

@faizanahmad055

faizanahmad055 commented Sep 20, 2023

Copy link
Copy Markdown
Contributor

@shantanubansal Thank you for the PR, Can you please pull the upstream changes from the master and I can then review it? Also, at this point, I am unsure of the performance impact. We used SHA1 because it was efficient as the only purpose was to identify the objects. I am leaning towards making it configurable from a list of hashing algorithms. What do you think @MuneebAijaz ?

@shantanubansal

shantanubansal commented Sep 20, 2023

Copy link
Copy Markdown
Author

@faizanahmad055 I feel we can make it configurable, if we can have a go-boring compatibility that will be awesome. But Can you please elaborate whats the performance impact?
If comparison is an issue can we use subtle.ConstantTimeCompare for string match? It will highly optimize the string comparison.

@github-actions

Copy link
Copy Markdown

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-2ec1fafa

@github-actions

Copy link
Copy Markdown

@shantanubansal Image is available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-79eb1871

@faizanahmad055

Copy link
Copy Markdown
Contributor

@faizanahmad055 I feel we can make it configurable, if we can have a go-boring compatibility that will be awesome. But Can you please elaborate whats the performance impact?

It can hit computationally harder to calculate and compare the hash specially when there is going to be too much load. I think making it an optional and choosing from the list of algorithms with default of SHA1 would be the way to go.

@github-actions

Copy link
Copy Markdown

@karl-johan-grahn Images are available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-e8b409b2\ndocker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-UBI-e8b409b2

@github-actions

github-actions Bot commented Dec 6, 2023

Copy link
Copy Markdown

@karl-johan-grahn Images are available for testing. docker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-70b58a43\ndocker pull ghcr.io/stakater/reloader:SNAPSHOT-PR-527-UBI-70b58a43

@MuneebAijaz

Copy link
Copy Markdown
Contributor

@shantanubansal can we cater the feedback @faizanahmad055 has suggested above so this can be merged?

@IdanAdar

Copy link
Copy Markdown
Contributor

Any chance this PR can be looked at by a dev team member?

@halkeye

halkeye commented Sep 10, 2024

Copy link
Copy Markdown
Contributor

I would recommend fixing the issue you have in the build, and to actually give details in the description as to what problem it solves, and such. It helps reviewers prioritize when they have time.

Like why is switching from sha1 to sha512 a security thing? are you worried about collisions? what are the drawbacks to this solution? what are the benifits over the current implementation.

@shantanubansal

Copy link
Copy Markdown
Author

@CodiumAI-Agent /improve

@QodoAI-Agent

Copy link
Copy Markdown

PR Code Suggestions ✨

CategorySuggestion                                                                                                                                    Impact
Possible issue
Return early on write error

After logging a write error, return immediately to avoid producing an invalid or
partial hash. This ensures that on failure, the function does not continue and
generate an incorrect value.

internal/pkg/crypto/sha.go [14-17]

 _, err := io.WriteString(hasher, data)
 if err != nil {
     logrus.Errorf("Unable to write data in hash writer %v", err)
+    return ""
 }
Suggestion importance[1-10]: 7

__

Why: After logging the write error, without a return the function continues and may produce an invalid hash; returning early prevents this.

Medium
General
Show expected versus actual

Include the expected and actual hash values in the error message to make test
failures easier to diagnose. This provides clear context when the assertion fails.

internal/pkg/crypto/sha_test.go [12-14]

 if result != sha {
-    t.Errorf("Failed to generate SHA")
+    t.Errorf("GenerateSHA(%q) = %s; want %s", data, result, sha)
 }
Suggestion importance[1-10]: 5

__

Why: Including the actual and expected hash in the error message greatly improves test diagnosability, though it's a non-critical enhancement.

Low

@faizanahmad055

Copy link
Copy Markdown
Contributor

Should be solved by #1086

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

9 participants