Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: adds large file support to bufferToSha1 method #569

Merged
merged 1 commit into from
Feb 20, 2024
Merged

fix: adds large file support to bufferToSha1 method #569

merged 1 commit into from
Feb 20, 2024

Conversation

pecodez
Copy link
Contributor

@pecodez pecodez commented Feb 15, 2024

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Adds large file support to bufferToSha1 method.

Where should the reviewer start?

The bufferToSha1 method was failing as the update method of the Crypto.Hash object uses Buffer.alloc which has a limitation of 2G. Any JARs bigger than this would cause a RangeError in Node.

This fix uses the stream interface of Crypto.Hash to stream data for large files in order to generate the Sha1 digest.

How should this be manually tested?

Scan any container with a Maven project that contains one or more JAR over 2G in size.

What are the relevant tickets?

https://snyksec.atlassian.net/browse/SUP-1997

@ChristinaDara ChristinaDara marked this pull request as ready for review February 20, 2024 11:17
@ChristinaDara ChristinaDara requested a review from a team as a code owner February 20, 2024 11:17
@ChristinaDara ChristinaDara self-requested a review February 20, 2024 11:17
jonnyowenpowell
jonnyowenpowell approved these changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@jonnyowenpowell jonnyowenpowell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ChristinaDara ChristinaDara merged commit 4828b28 into main Feb 20, 2024
15 checks passed
@ChristinaDara ChristinaDara deleted the fix/large-file-support branch February 20, 2024 11:22
@team-lumos
Copy link
Collaborator

🎉 This PR is included in version 6.10.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

This was referenced Feb 25, 2024
Closed
Closed
Closed
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristinaDara ChristinaDara ChristinaDara approved these changes

@jonnyowenpowell jonnyowenpowell jonnyowenpowell approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pecodez @team-lumos @jonnyowenpowell @ChristinaDara