[GitHub] [nifi] exceptionfactory commented on a diff in pull request #6375: NIFI-10458 Add support for the DESCRIBE/MANIFEST Operation

Thu, 08 Sep 2022 06:18:41 -0700 


exceptionfactory commented on code in PR #6375:
URL: https://github.com/apache/nifi/pull/6375#discussion_r965958209


##########
c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java:
##########
@@ -62,6 +69,12 @@ public class C2HeartbeatFactory {
     public C2HeartbeatFactory(C2ClientConfig clientConfig, FlowIdHolder 
flowIdHolder) {
         this.clientConfig = clientConfig;
         this.flowIdHolder = flowIdHolder;
+
+        try {
+            messageDigest = MessageDigest.getInstance("SHA-512");

Review Comment:
   Good choice of SHA-512.



##########
c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java:
##########
@@ -225,4 +242,14 @@ private File getConfDirectory() {
 
         return confDirectory;
     }
+
+    public String calculateManifestHash(List<Bundle> loadedBundles) {
+        byte[] bytes = messageDigest.digest(loadedBundles.stream()

Review Comment:
   Although this specific use of `MessageDigest.digest(byte[] bytes)` should be 
safe, other reuse of the `MessageDigest` instance is not safe. It would be 
better to construct a new instance of `MessageDigest` for each invocation of 
`calculateManifestHash`.



##########
c2/c2-client-bundle/c2-client-service/src/main/java/org/apache/nifi/c2/client/service/C2HeartbeatFactory.java:
##########
@@ -225,4 +242,14 @@ private File getConfDirectory() {
 
         return confDirectory;
     }
+
+    public String calculateManifestHash(List<Bundle> loadedBundles) {
+        byte[] bytes = messageDigest.digest(loadedBundles.stream()
+            .map(bundle -> bundle.getGroup() + bundle.getArtifact() + 
bundle.getVersion())
+            .sorted()
+            .collect(Collectors.joining(","))
+            .getBytes(StandardCharsets.UTF_8));
+
+        return UUID.nameUUIDFromBytes(bytes).toString();

Review Comment:
   The `UUID.nameUUIDFromBytes()` leverages MD5 hashing internally, which 
effectively reduces precision of the SHA-512 hash. It would be better to use 
hexadecimal encoding of the SHA-512 digest bytes.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to