Change Cursor Cache Key Hash to use Secure Algorithm
Type of change
-
Bug Fix -
Feature
Please provide link to gitlab issue or ADR(Architecture Decision Record)
Does this introduce a change in the core logic?
- [YES]
Does this introduce a change in the cloud provider implementation, if so which cloud?
-
AWS -
Azure -
Google Cloud -
IBM
Does this introduce a breaking change?
- [NO]
What is the current behavior?
The cursor is currently cached and the key is a hash of the cursor itself. The hash is created using a known insecure algorithm MD5. This is being flagged by our security scanners as a potential vulnerability. This will resolve that vuln.
What is the new/expected behavior?
The cursor key hash will use SHA-256 hash which is accepted as more secure. This does increase the length of the key hash. Cursors that were cached with previous version will no longer be accessible from cache. However, these cursors are short lived (90 seconds) so this should not be an issue.
Have you added/updated Unit Tests and Integration Tests?
Tests do not need to be changed because this is an implementation detail underneath. I have run both sets of tests on our internal build before and after this change. Both pass