-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNOW-1524257 Implement GCM encryption #1191
base: master
Are you sure you want to change the base?
Conversation
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
7a48f8c
to
8cdec9a
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1191 +/- ##
==========================================
- Coverage 82.61% 82.41% -0.21%
==========================================
Files 54 54
Lines 12909 13034 +125
==========================================
+ Hits 10665 10742 +77
- Misses 2244 2292 +48 ☔ View full report in Codecov by Sentry. |
filename string, | ||
tmpDir string) ( | ||
*gcmEncryptMetadata, string, error) { | ||
tmpOutputFile, err := os.CreateTemp(tmpDir, baseName(filename)+"#") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we add "#" here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest - I don't know, but we do the same in CBC encryption. The case is that such magic things might have solved some problems on some specific OSes or something in the past and I'm afraid to replace it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After trying to figure this out for some time I guess it's just a way to prevent collisions in filenames. The tempfile uses the same filename as the infile so I guess it's to prevent overriding the infile in case the tmpDir is empty or something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I generally agree, but whether it has to be that way or not is another question. I think that in 99% we can replace it with .bak
or anything, but I'd leave it as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It will most likely not cause any problems, but in case some one, for god only know what reason, has files called my_file and my_file# it might cause a collision?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It feels like we should at least check if a file of this name exists
Description
SNOW-1524257 Implemented GCM encryption to be ready for CSP integrations.
Checklist