Comments (6)
schmidtw
commented on June 2, 2024
1
So id is a string that matches the following regex: [a-zA-Z0-9]{1,64}
(1 to 64 ASCII alphanumeric characters)
Right?
from argus.
JC000
commented on June 2, 2024
There is no reason why Argus can't enforce the primary identifier to be a true UUID. Even if we choose to not use an UUID, Argus should still place constraints on what a valid value should look like (SHA256, MD5, etc).
from argus.
joe94
commented on June 2, 2024
True. What does each option give us?
One route is to switch back to the ID field name and place the constraint that it must be a SHA256 checksum.
from argus.
JC000
commented on June 2, 2024
Let's change the field name to id, but have strict enforcement that this field must be a 64 character long alpha-numeric string. We can then suggest using SHA256 to generate this string.
from argus.
joe94
commented on June 2, 2024
That looks right to me.
from argus.
joe94
commented on June 2, 2024
Additional info: The webhooks library was sending a base64 URL encoding of the digest https://github.com/xmidt-org/webpa-common/blob/main/xwebhook/service.go#L89
If we add this, it should be easy to just send the digest itself.
from argus.
Related Issues (20)
- Log Server Error
- id is only partly case insensitve
- Add configurable limit for GetAll db requests
- CVE-2022-21698 (High) detected in github.com/prometheus/client_golang-v1.10.0 - autoclosed HOT 1
- CVE-2020-13949 (High) detected in github.com/open-telemetry/opentelemetry-go-v0.19.0 - autoclosed HOT 1
- CVE-2022-28948 (High) detected in github.com/go-yaml/yaml-v3.0.0 - autoclosed HOT 1
- Incomplete log error message HOT 4
- JWK Migration HOT 2
- Remove Deprecated `webpa-common` HOT 2
- Fix Linter
- Refactor Long Functions for Readability
- CVE-2022-32149 (High) detected in golang.org/x/text-v0.3.7 - autoclosed HOT 1
- Replace `webpa common/logging`, `go-kit/log` with `zap`
- Replace `webpa common/logging`, `go-kit/log` with `zap`
- CVE-2022-41723 (High) detected in golang.org/x/net-v0.5.0 - autoclosed HOT 1
- Ensure Correct Xmidt Header Usage
- (unify) Use SPDX for copyright and reuse.
- (unify) Update code style.
- (unify) Fix linting errors and enable checking.
- CVE-2024-28122 (Medium) detected in github.com/lestrrat-go/jwx/v2-v2.0.21 - autoclosed HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argus.