Google Git
Sign in
go / tools / 0dd562f374060adec95657dff58e5b7fd06981ae^! / .
commit0dd562f374060adec95657dff58e5b7fd06981ae[log] [tgz]
authorRebecca Stambler <rstambler@golang.org>Tue Jul 28 18:00:54 2020 -0400
committerRebecca Stambler <rstambler@golang.org>Tue Jul 28 22:26:17 2020 +0000
treed57207489cbb45555e09844c7d20dbd96cf5afbf
parent95780ea8b324b37f8cf08967d36b372d5ce4bb01 [diff]
internal/lsp: remove uses of crypto/sha1 in gopls

SHA1 can have collisions. Replaced with crypto/sha256.

Change-Id: I54e8c042ae1a4eb41760ccbe26a7c59f68309477
Reviewed-on: https://go-review.googlesource.com/c/tools/+/245326
Run-TryBot: Rebecca Stambler <rstambler@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>

diff --git a/internal/lsp/cache/cache.go b/internal/lsp/cache/cache.go
index 74f6a6d..530a313 100644
--- a/internal/lsp/cache/cache.go
+++ b/internal/lsp/cache/cache.go

@@ -6,7 +6,7 @@
 
 import (
 	"context"
-	"crypto/sha1"
+	"crypto/sha256"
 	"fmt"
 	"go/ast"
 	"go/token"
@@ -156,9 +156,7 @@
 }
 
 func hashContents(contents []byte) string {
-	// TODO: consider whether sha1 is the best choice here
-	// This hash is used for internal identity detection only
-	return fmt.Sprintf("%x", sha1.Sum(contents))
+	return fmt.Sprintf("%x", sha256.Sum256(contents))
 }
 
 var cacheIndex, sessionIndex, viewIndex int64

diff --git a/internal/lsp/diagnostics.go b/internal/lsp/diagnostics.go
index e3f2d75..873413b 100644
--- a/internal/lsp/diagnostics.go
+++ b/internal/lsp/diagnostics.go

@@ -6,7 +6,7 @@
 
 import (
 	"context"
-	"crypto/sha1"
+	"crypto/sha256"
 	"fmt"
 	"path/filepath"
 	"strings"
@@ -190,7 +190,7 @@
 		related += fmt.Sprintf("%s%s%s", r.URI, r.Message, r.Range)
 	}
 	key := fmt.Sprintf("%s%s%s%s%s%s", d.Message, d.Range, d.Severity, d.Source, tags, related)
-	return fmt.Sprintf("%x", sha1.Sum([]byte(key)))
+	return fmt.Sprintf("%x", sha256.Sum256([]byte(key)))
 }
 
 func (s *Server) publishReports(ctx context.Context, snapshot source.Snapshot, reports map[idWithAnalysis]map[string]*source.Diagnostic) {

diff --git a/internal/lsp/lsprpc/autostart_posix.go b/internal/lsp/lsprpc/autostart_posix.go
index c432c82..224a5a0 100644
--- a/internal/lsp/lsprpc/autostart_posix.go
+++ b/internal/lsp/lsprpc/autostart_posix.go

@@ -7,7 +7,7 @@
 package lsprpc
 
 import (
-	"crypto/sha1"
+	"crypto/sha256"
 	"errors"
 	"fmt"
 	"log"
@@ -45,7 +45,7 @@
 	// socket name. If possible, we also include the buildid in this hash, to
 	// account for long-running processes where the binary has been subsequently
 	// rebuilt.
-	h := sha1.New()
+	h := sha256.New()
 	cmd := exec.Command("go", "tool", "buildid", goplsPath)
 	cmd.Stdout = h
 	var pathHash []byte
@@ -53,7 +53,7 @@
 		pathHash = h.Sum(nil)
 	} else {
 		log.Printf("error getting current buildid: %v", err)
-		sum := sha1.Sum([]byte(goplsPath))
+		sum := sha256.Sum256([]byte(goplsPath))
 		pathHash = sum[:]
 	}
 	shortHash := fmt.Sprintf("%x", pathHash)[:6]