-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added support for truncating crypto-hashed values to a max length #207
Conversation
🦙 MegaLinter status:
|
Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
---|---|---|---|---|---|
✅ ACTION | actionlint | 5 | 0 | 0.14s | |
✅ BASH | bash-exec | 1 | 0 | 0.03s | |
✅ BASH | shellcheck | 1 | 0 | 0.03s | |
✅ BASH | shfmt | 1 | 0 | 0.04s | |
✅ CSHARP | csharpier | 95 | 0 | 7.0s | |
roslynator | 3 | 2 | 48.26s | ||
✅ DOCKERFILE | hadolint | 1 | 0 | 0.24s | |
✅ EDITORCONFIG | editorconfig-checker | 184 | 0 | 2.55s | |
✅ JSON | jsonlint | 29 | 0 | 0.64s | |
✅ JSON | prettier | 29 | 0 | 3.84s | |
✅ JSON | v8r | 29 | 0 | 16.42s | |
✅ MARKDOWN | markdownlint | 4 | 0 | 1.39s | |
✅ PROTOBUF | protolint | 4 | 0 | 4.31s | |
✅ REPOSITORY | checkov | yes | no | 14.4s | |
✅ REPOSITORY | dustilock | yes | no | 0.01s | |
✅ REPOSITORY | gitleaks | yes | no | 0.35s | |
✅ REPOSITORY | git_diff | yes | no | 0.07s | |
✅ REPOSITORY | grype | yes | no | 14.75s | |
✅ REPOSITORY | kics | yes | no | 21.74s | |
✅ REPOSITORY | secretlint | yes | no | 1.42s | |
✅ REPOSITORY | syft | yes | no | 0.34s | |
✅ REPOSITORY | trivy | yes | no | 10.3s | |
✅ REPOSITORY | trivy-sbom | yes | no | 0.64s | |
✅ REPOSITORY | trufflehog | yes | no | 6.13s | |
✅ XML | xmllint | 2 | 0 | 0.01s | |
✅ YAML | prettier | 30 | 0 | 1.58s | |
✅ YAML | v8r | 30 | 0 | 43.13s | |
✅ YAML | yamllint | 30 | 0 | 1.13s |
See detailed report in MegaLinter reports
You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.
Trivy image scan report
|
Package | ID | Severity | Installed Version | Fixed Version |
---|---|---|---|---|
Microsoft.AspNetCore.App.Runtime.linux-x64 |
CVE-2024-38229 | HIGH | 8.0.8 | 9.0.0-rc.2.24474.3, 8.0.10 |
No Misconfigurations found
usr/share/dotnet/shared/Microsoft.NETCore.App/8.0.8/Microsoft.NETCore.App.deps.json
No Vulnerabilities found
No Misconfigurations found
Minimum allowed line rate is iter8 reportExperiment summary:
*******************
Experiment completed: true
No task failures: true
Total number of tasks: 7
Number of completed tasks: 7
Number of completed loops: 1
Whether or not service level objectives (SLOs) are satisfied:
*************************************************************
SLO Conditions | Satisfied
-------------- | ---------
http/error-count <= 0 | true
http/latency-mean (msec) <= 25 | true
http/latency-p99 (msec) <= 85 | true
Latest observed values for metrics:
***********************************
Metric | value
------- | -----
http/error-count | 0.00
http/error-rate | 0.00
http/latency-max (msec) | 979.73
http/latency-mean (msec) | 15.32
http/latency-min (msec) | 2.16
http/latency-p50 (msec) | 8.39
http/latency-p75 (msec) | 19.62
http/latency-p90 (msec) | 40.54
http/latency-p95 (msec) | 48.46
http/latency-p99 (msec) | 72.87
http/latency-p99.9 (msec) | 112.80
http/latency-stddev (msec) | 20.32
http/request-count | 25000.00
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ich bin leider in C# noch wesentlich weniger fit, als ich selbst dachte. Daher ist mein Approval vielleicht nicht ganz so viel wert. Auf den ersten oberflächlichen Blick sieht es gut aus. Musste CRYTOHASH googeln, weil es wie ein Tippfehler aussieht ;)
Die einzige Frage, die bei mir bleibt ist, ob die bereits durch die Stream Processors gehashten IDs/Referenzen durch den Pseudonymizer NOCHMAL gehasht werden, und ob das nötig und gewollt ist?
input, | ||
_cryptoHashFunction | ||
); | ||
var newReference = ReferenceUtility.TransformReferenceId(input, cryptoHashFunction); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Heißt das, die Hashes, die aus dem Streamprozessor kommen, werden nochmal gehasht?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ja genau, die angegbenen Werte werden - egal ob hash oder nicht - wie strings behandelt. genau genommen werden die werte dann sogar 2x gehasht: https://en.wikipedia.org/wiki/HMAC. An sich würde verschlüsselung für uns auch funktionieren, aber AES und co erzeugen für gleiche inputs unterschiedliche outputs - was wir für die IDs nicht wollen.
## [2.22.0](v2.21.16...v2.22.0) (2024-10-15) ### Features * added support for truncating crypto-hashed values to a max length ([#207](#207)) ([54dae1e](54dae1e)) ### Miscellaneous Chores * **deps:** update all non-major dependencies ([#202](#202)) ([e5c3b47](e5c3b47)) * **deps:** update docker.io/library/postgres docker tag to v17 ([#206](#206)) ([a4fb8cb](a4fb8cb)) * **deps:** update dotnet monorepo ([#201](#201)) ([38971e1](38971e1))
🎉 This PR is included in version 2.22.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
No description provided.