arno/clair
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ext: Use SHA256 instead of SHA1 for fingerprinting

Browse Source 
To make static analysis tools happy.

The current use of SHA1 for fingerprinting is safe. However, there is very
little downside to switching to SHA256.
This commit is contained in:
Kate Murphy 2018-10-12 15:57:41 -04:00
parent ddaf19b3a6
commit 8d5a0131c4
No known key found for this signature in database
GPG Key ID: DE24040826F4BD73
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ext/vulnsrc/debian/debian.go
View File

@ -17,7 +17,7 @@
package debian
import (
"crypto/sha1"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
@ -67,7 +67,7 @@ func (u *updater) Update(datastore database.Datastore) (resp vulnsrc.UpdateRespo
return resp, err
}
// Get the SHA-1 of the latest update's JSON data
// Get the hash of the latest update's JSON data
latestHash, ok, err := tx.FindKeyValue(updaterFlag)
if err != nil {
return resp, err
@ -119,9 +119,9 @@ func buildResponse(jsonReader io.Reader, latestKnownHash string) (resp vulnsrc.U
}
}()
// Create a TeeReader so that we can unmarshal into JSON and write to a SHA-1
// Create a TeeReader so that we can unmarshal into JSON and write to a hash
// digest at the same time.
jsonSHA := sha1.New()
jsonSHA := sha256.New()
teedJSONReader := io.TeeReader(jsonReader, jsonSHA)
// Unmarshal JSON.