-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Warn if SSH fingerprint is obviously bad #3300
Warn if SSH fingerprint is obviously bad #3300
Conversation
In particular this catches double-encoding
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we get a unit test for this? I think I get the logic change, but a test would make it easier for me to understand.
Thoughts?
if len(id) < 2 { | ||
buf.WriteString(id) | ||
if len(remaining) < 2 { | ||
glog.Warningf("unexpected format for SSH public key id: %q", id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we just err here? Do we have a use case where this should work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This mostly catches instances where I was double-encoding, and warns the developer. The fingerprint comes from code, and I didn't want to change the method signature just for a nice-to-have.
The other change is to rename id to remaining.
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrislovecnm The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
In particular this catches double-encoding