-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up DefaultServerTLSConfig & an unnecessary md5 #990
Conversation
3adeb8e
to
04fa024
Compare
115c89c
to
c17b645
Compare
Codecov Report
@@ Coverage Diff @@
## master #990 +/- ##
==========================================
- Coverage 54.81% 54.81% -0.01%
==========================================
Files 277 277
Lines 18548 18548
==========================================
- Hits 10168 10167 -1
- Misses 7005 7006 +1
Partials 1375 1375
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
5dff768
to
c5ce172
Compare
Sister PR at onflow/flow#575 (update will be needed after this merges to update the console print at bootstrap) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes look good to me 👌 but I let the team members involved in the operations side make sure there are no other impacts to these changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good
@@ -89,7 +89,7 @@ func (d Delta) MarshalJSON() ([]byte, error) { | |||
return json.Marshal(m) | |||
} | |||
|
|||
func (d Delta) UnmarshalJSON(data []byte) error { | |||
func (d *Delta) UnmarshalJSON(data []byte) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why changing this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as the commit message indicates, the assigment at line 106 occurs on an immediately-lost copy of the Delta otherwise.
b821192
to
01d5b47
Compare
Do not merge before onflow/flow-go#990 is merged. This PR updates our file-based user-visible hashes from MD5 to SHA256, a better, yet widely available hash function. The present PR does the same for the doc, at least in the format of the displayed hashes, rather than actual content: the doc is not updated at every Spork, and the output updated in this PR is here for demonstration only.
Dependent PR up at onflow/flow#585 |
9055135
to
d66600f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
780f8cf
to
b6bfbdd
Compare
Followup of onflow#944: DefaultServerTLSConfig is unused, but will be in a further PR (onflow#989) Fix an insecurity, allowing for a TLS [MinVersion == 1.0](https://github.com/golang/go/blob/e3176bbc3ec7ab3889f02432f6fd088c90fc12dd/src/crypto/tls/common.go#L685) (CWE 295) Use gosec (through golang-ci) to prohibit that error.
The function was using an MD5 for checking, whereas a more secure option like SHA-256 would be preferred. See https://www.iacr.org/cryptodb/data/paper.php?pubkey=23903 (for example) for the (in-)security. SHA256 was chosen over Blake2 because there's a widely deployed CLI sha256sum on unix systems, and performance is not an issue here. Activates gosec G401 to fix such an issue, activates G501, G502, G503, G505 to tie up loose ends on less-secure hash functions..
This allows us to pick up golangci/golangci-lint#1930
The error SA4005: ineffective assignment to field Delta.Data was taken by taking a copy of the receiver
This impacts the check of the
rootsnapshot
file: CLI users would have to run thesha256sum
command-line utility on it instead ofmd5sum