ext: Use SHA256 instead of SHA1 for fingerprinting
To make static analysis tools happy. The current use of SHA1 for fingerprinting is safe. However, there is very little downside to switching to SHA256.
This commit is contained in:
parent
ddaf19b3a6
commit
8d5a0131c4
@ -17,7 +17,7 @@
|
|||||||
package debian
|
package debian
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/sha1"
|
"crypto/sha256"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
@ -67,7 +67,7 @@ func (u *updater) Update(datastore database.Datastore) (resp vulnsrc.UpdateRespo
|
|||||||
return resp, err
|
return resp, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the SHA-1 of the latest update's JSON data
|
// Get the hash of the latest update's JSON data
|
||||||
latestHash, ok, err := tx.FindKeyValue(updaterFlag)
|
latestHash, ok, err := tx.FindKeyValue(updaterFlag)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return resp, err
|
return resp, err
|
||||||
@ -119,9 +119,9 @@ func buildResponse(jsonReader io.Reader, latestKnownHash string) (resp vulnsrc.U
|
|||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
// Create a TeeReader so that we can unmarshal into JSON and write to a SHA-1
|
// Create a TeeReader so that we can unmarshal into JSON and write to a hash
|
||||||
// digest at the same time.
|
// digest at the same time.
|
||||||
jsonSHA := sha1.New()
|
jsonSHA := sha256.New()
|
||||||
teedJSONReader := io.TeeReader(jsonReader, jsonSHA)
|
teedJSONReader := io.TeeReader(jsonReader, jsonSHA)
|
||||||
|
|
||||||
// Unmarshal JSON.
|
// Unmarshal JSON.
|
||||||
|
Loading…
Reference in New Issue
Block a user