Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1524257 Implement GCM encryption #1191

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SNOW-1524257 Implement GCM encryption #1191

wants to merge 1 commit into from
+245 −49

Conversation

sfc-gh-pfus
Copy link
Collaborator

Description

SNOW-1524257 Implemented GCM encryption to be ready for CSP integrations.

Checklist

  • Created tests which fail without the change (if possible)
  • Extended the README / documentation, if necessary

@gitguardian GitGuardian
Copy link

gitguardian bot commented Aug 1, 2024
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

@sfc-gh-pfus sfc-gh-pfus marked this pull request as ready for review August 2, 2024 05:25
@sfc-gh-pfus sfc-gh-pfus requested a review from a team as a code owner August 2, 2024 05:25
@codecov Codecov
Copy link

codecov bot commented Oct 15, 2024

Codecov Report

Attention: Patch coverage is 64.96350% with 48 lines in your changes missing coverage. Please review.

Project coverage is 82.41%. Comparing base (c2e6db0) to head (8cdec9a).
Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
encrypt_util.go 63.90% 48 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1191      +/-   ##
==========================================
- Coverage   82.61%   82.41%   -0.21%     
==========================================
  Files          54       54              
  Lines       12909    13034     +125     
==========================================
+ Hits        10665    10742      +77     
- Misses       2244     2292      +48

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

sfc-gh-astachowski
sfc-gh-astachowski reviewed Oct 16, 2024
View reviewed changes
encrypt_util.go
filename string,
tmpDir string) (
*gcmEncryptMetadata, string, error) {
tmpOutputFile, err := os.CreateTemp(tmpDir, baseName(filename)+"#")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we add "#" here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest - I don't know, but we do the same in CBC encryption. The case is that such magic things might have solved some problems on some specific OSes or something in the past and I'm afraid to replace it.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After trying to figure this out for some time I guess it's just a way to prevent collisions in filenames. The tempfile uses the same filename as the infile so I guess it's to prevent overriding the infile in case the tmpDir is empty or something

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I generally agree, but whether it has to be that way or not is another question. I think that in 99% we can replace it with .bak or anything, but I'd leave it as is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will most likely not cause any problems, but in case some one, for god only know what reason, has files called my_file and my_file# it might cause a collision?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It feels like we should at least check if a file of this name exists

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sfc-gh-astachowski sfc-gh-astachowski sfc-gh-astachowski left review comments

@sfc-gh-mkubik sfc-gh-mkubik sfc-gh-mkubik approved these changes

@sfc-gh-dheyman-1 sfc-gh-dheyman-1 sfc-gh-dheyman-1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sfc-gh-pfus @sfc-gh-dheyman-1 @sfc-gh-astachowski @sfc-gh-mkubik