Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use FIPS-approved SHA256 instead of weak MD5 #8379

Merged
merged 2 commits into from
Sep 14, 2020
Merged

Use FIPS-approved SHA256 instead of weak MD5 #8379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f071134
Update Tasks IDs generation to avoid using crypto node module
azatsarynnyy Sep 9, 2020
604de71
Make plugin storage path FIPS-compliant
azatsarynnyy Sep 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions packages/plugin-ext/src/main/node/paths/plugin-paths-service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ export class PluginPathsServiceImpl implements PluginPathsService {
// if workspace is temporary
// then let create a storage path for each set of workspace roots
const rootsStr = rootUris.sort().join(',');
return crypto.createHash('md5').update(rootsStr).digest('hex');
return this.createHash(rootsStr);
} else {
let stat;
try {
Expand All @@ -95,10 +95,28 @@ export class PluginPathsServiceImpl implements PluginPathsService {
displayName = displayName.slice(0, displayName.lastIndexOf('.'));
}

return crypto.createHash('md5').update(workspaceUri).digest('hex');
return this.createHash(workspaceUri);
}
}

/**
* Creates a hash digest of the given string.
*/
protected createHash(str: string): string {
try {
// md5 is not FIPS-approved but we have to continue use it as there're existing storage folders based on it
return crypto.createHash('md5').update(str).digest('hex');
} catch (e) {
if (e.message.indexOf('disabled for FIPS') > -1) {
// SHA256 is FIPS-compliant
return crypto.createHash('sha256').update(str).digest('hex');
} else {
throw e;
}
}
// see more details in the issues 8378
}

/**
* Generate time folder name in format: YYYYMMDDTHHMMSS, for example: 20181205T093828
*/
Expand Down
31 changes: 19 additions & 12 deletions packages/plugin-ext/src/plugin/types-impl.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import { UUID } from '@phosphor/coreutils/lib/uuid';
import { illegalArgument } from '../common/errors';
import * as theia from '@theia/plugin';
import * as crypto from 'crypto';
import { URI } from 'vscode-uri';
import { relative } from '../common/paths-util';
import { startsWithIgnoreCase } from '@theia/core/lib/common/strings';
Expand Down Expand Up @@ -1401,6 +1400,14 @@ export enum ProgressLocation {
Notification = 15
}

function computeTaskExecutionId(values: string[]): string {
let id: string = '';
for (let i = 0; i < values.length; i++) {
id += values[i].replace(/,/g, ',,') + ',';
}
return id;
}

export class ProcessExecution {
private executionProcess: string;
private arguments: string[];
Expand Down Expand Up @@ -1457,17 +1464,17 @@ export class ProcessExecution {
}

public computeId(): string {
const hash = crypto.createHash('md5');
hash.update('process');
const props: string[] = [];
props.push('process');
if (this.executionProcess !== undefined) {
hash.update(this.executionProcess);
props.push(this.executionProcess);
}
if (this.arguments && this.arguments.length > 0) {
for (const arg of this.arguments) {
hash.update(arg);
props.push(arg);
}
}
return hash.digest('hex');
return computeTaskExecutionId(props);
}

public static is(value: theia.ShellExecution | theia.ProcessExecution): boolean {
Expand Down Expand Up @@ -1562,20 +1569,20 @@ export class ShellExecution {
}

public computeId(): string {
const hash = crypto.createHash('md5');
hash.update('shell');
const props: string[] = [];
props.push('shell');
if (this.shellCommandLine !== undefined) {
hash.update(this.shellCommandLine);
props.push(this.shellCommandLine);
}
if (this.shellCommand !== undefined) {
hash.update(typeof this.shellCommand === 'string' ? this.shellCommand : this.shellCommand.value);
props.push(typeof this.shellCommand === 'string' ? this.shellCommand : this.shellCommand.value);
}
if (this.arguments && this.arguments.length > 0) {
for (const arg of this.arguments) {
hash.update(typeof arg === 'string' ? arg : arg.value);
props.push(typeof arg === 'string' ? arg : arg.value);
}
}
return hash.digest('hex');
return computeTaskExecutionId(props);
}

public static is(value: theia.ShellExecution | theia.ProcessExecution): boolean {
Expand Down