ext: Use SHA256 instead of SHA1 for fingerprinting

To make static analysis tools happy.

The current use of SHA1 for fingerprinting is safe. However, there is very
little downside to switching to SHA256.
This commit is contained in:
Kate Murphy 2018-10-12 15:57:41 -04:00
parent ddaf19b3a6
commit 8d5a0131c4
No known key found for this signature in database
GPG Key ID: DE24040826F4BD73

View File

@ -17,7 +17,7 @@
package debian package debian
import ( import (
"crypto/sha1" "crypto/sha256"
"encoding/hex" "encoding/hex"
"encoding/json" "encoding/json"
"fmt" "fmt"
@ -67,7 +67,7 @@ func (u *updater) Update(datastore database.Datastore) (resp vulnsrc.UpdateRespo
return resp, err return resp, err
} }
// Get the SHA-1 of the latest update's JSON data // Get the hash of the latest update's JSON data
latestHash, ok, err := tx.FindKeyValue(updaterFlag) latestHash, ok, err := tx.FindKeyValue(updaterFlag)
if err != nil { if err != nil {
return resp, err return resp, err
@ -119,9 +119,9 @@ func buildResponse(jsonReader io.Reader, latestKnownHash string) (resp vulnsrc.U
} }
}() }()
// Create a TeeReader so that we can unmarshal into JSON and write to a SHA-1 // Create a TeeReader so that we can unmarshal into JSON and write to a hash
// digest at the same time. // digest at the same time.
jsonSHA := sha1.New() jsonSHA := sha256.New()
teedJSONReader := io.TeeReader(jsonReader, jsonSHA) teedJSONReader := io.TeeReader(jsonReader, jsonSHA)
// Unmarshal JSON. // Unmarshal JSON.