Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue with snapshot integrity verification #3729

Open
wants to merge 1 commit into
base: release/v1.6
Choose a base branch
from
Open

Security issue with snapshot integrity verification #3729

wants to merge 1 commit into from

Conversation

guilherme-dsantos
Copy link

Issue #3669

MD5 is not secure for file integrity verification: https://docs.datadoghq.com/code_analysis/static_analysis_rules/go-security/import-md5/

Changes:
Replaced md5sum with sha256sum for calculating snapshot checksums

@guilherme-dsantos
etcd: switch from md5sum to sha256sum for snapshot checksums
3d05359 
Changes checksum calculation in GetEtcdSnapshotChecksum from md5sum to
sha256sum to provide stronger cryptographic verification of etcd snapshots.
SHA-256 is cryptographically more secure and resistant to collision attacks
compared to MD5.

Note: This changes the checksum length from 32 to 64 characters. The command
execution and output parsing remain unchanged as both commands use the same
output format.

Technical details:
- Changed command from md5sum to sha256sum in shell execution
- Output format remains "<hash>  <filename>"
- Post-processing with cut and tr commands unaffected
@guilherme-dsantos guilherme-dsantos requested a review from a team as a code owner October 26, 2024 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@guilherme-dsantos