-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use FIPS-approved SHA256 instead of weak MD5 #8379
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Is it a breaking change for all workspace and plugin storages out there? All data will be lost? We need a migration? |
I've noticed also that we bogusly encode workspace roots into workspace id leading to bugs like #7472 I think the proper solution will be to align with VS Code implementation, maybe it does not even require usage of crypto. There is not a real security concern in affected code. It seems to be misusage of crypto to generate identifiers. Plus we should make sure that data are not lost, but migrated. |
@@ -1457,7 +1457,7 @@ export class ProcessExecution { | |||
} | |||
|
|||
public computeId(): string { | |||
const hash = crypto.createHash('md5'); | |||
const hash = crypto.createHash('sha256'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about backward computability consequences of changing this file. Do we store them somewhere and should read again or it is pure runtime thing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As I see, it's used at runtime only.
BTW I've found that it has been reworked in VS Code to generate IDs based on the command line instead of hashes.
microsoft/vscode@36d9d04
We need to update it in Theia correspondingly. I'll take a look at whether it can be done within this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've changed the IDs generation according to the current VS Code state. Now, it doesn't require crypto
Node module.
I can reproduce both issues (mentioned above) on master branch as well. They are randomly reproducible and are not related to the PR changes. |
I'm restarting travis job that failed on macos |
@azatsarynnyy it is good, but we cannot switch algorithm for global and plugin state without providing migrations for old state. It will wipe out all state for VS Code extensions for existing installations. |
@akosyakov I agree that we should migrate the plugins' data. |
What would happen if someone migrated from 1.0.0 to 1.8.0? user data will be erased? Probably it is just should stay in codebase forever in the same way since it touches end user data. |
You are right @akosyakov. Thanks. I'll look for another way to fix #8378 |
// md5 is not FIPS-approved but we have to continue use it as there're existing storage folders based on it | ||
return crypto.createHash('md5').update(str).digest('hex'); | ||
} catch (e) { | ||
// FIPS-compliant |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we narrow down the error and log in all other cases? to avoid false positively creating sha256 hashes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
Signed-off-by: Artem Zatsarynnyi <[email protected]>
Signed-off-by: Artem Zatsarynnyi <[email protected]>
f23730d
to
604de71
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code wise looks good to me, but someone has to try it out
Signed-off-by: Artem Zatsarynnyi [email protected]
What it does
Fixes #8378 by removing MD5 usage.
How to test
The simplest variant to test it is to run Theia and see that there's no unusual error logged, frontend is loaded as usual and Task of types
process/shell
works as expected.If it's possible, you can check the same in an OS with FIPS mode enabled. E.g. here's the instructions for Red Hat Enterprise Linux 7.
Review checklist
Reminder for reviewers