exceptionfactory commented on code in PR #6375: URL: https://github.com/apache/nifi/pull/6375#discussion_r965958209
########## c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java: ########## @@ -62,6 +69,12 @@ public class C2HeartbeatFactory { public C2HeartbeatFactory(C2ClientConfig clientConfig, FlowIdHolder flowIdHolder) { this.clientConfig = clientConfig; this.flowIdHolder = flowIdHolder; + + try { + messageDigest = MessageDigest.getInstance("SHA-512"); Review Comment: Good choice of SHA-512. ########## c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java: ########## @@ -225,4 +242,14 @@ private File getConfDirectory() { return confDirectory; } + + public String calculateManifestHash(List<Bundle> loadedBundles) { + byte[] bytes = messageDigest.digest(loadedBundles.stream() Review Comment: Although this specific use of `MessageDigest.digest(byte[] bytes)` should be safe, other reuse of the `MessageDigest` instance is not safe. It would be better to construct a new instance of `MessageDigest` for each invocation of `calculateManifestHash`. ########## c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java: ########## @@ -225,4 +242,14 @@ private File getConfDirectory() { return confDirectory; } + + public String calculateManifestHash(List<Bundle> loadedBundles) { + byte[] bytes = messageDigest.digest(loadedBundles.stream() + .map(bundle -> bundle.getGroup() + bundle.getArtifact() + bundle.getVersion()) + .sorted() + .collect(Collectors.joining(",")) + .getBytes(StandardCharsets.UTF_8)); + + return UUID.nameUUIDFromBytes(bytes).toString(); Review Comment: The `UUID.nameUUIDFromBytes()` leverages MD5 hashing internally, which effectively reduces precision of the SHA-512 hash. It would be better to use hexadecimal encoding of the SHA-512 digest bytes. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org