diff --git a/internal/cloud/gcp/storage.go b/internal/cloud/gcp/storage.go index 6b3d548c7..522802ee0 100644 --- a/internal/cloud/gcp/storage.go +++ b/internal/cloud/gcp/storage.go @@ -2,6 +2,8 @@ package gcp import ( "context" + // gcp uses MD5 hashes + /* #nosec G501 */ "crypto/md5" "fmt" "io" @@ -46,6 +48,8 @@ func (g *GCP) StorageObjectUpload(ctx context.Context, filename, bucket, object defer imageFile.Close() // Compute MD5 checksum of the image file for later verification + // gcp uses MD5 hashes + /* #nosec G401 */ imageFileHash := md5.New() if _, err := io.Copy(imageFileHash, imageFile); err != nil { return nil, fmt.Errorf("cannot create md5 of the image: %v", err) diff --git a/internal/upload/azure/azurestorage.go b/internal/upload/azure/azurestorage.go index e25e784e7..d9821aef5 100644 --- a/internal/upload/azure/azurestorage.go +++ b/internal/upload/azure/azurestorage.go @@ -4,6 +4,8 @@ import ( "bufio" "bytes" "context" + // azure uses MD5 hashes + /* #nosec G501 */ "crypto/md5" "errors" "fmt" @@ -88,6 +90,8 @@ func (c StorageClient) UploadPageBlob(metadata BlobMetadata, fileName string, th } // Hash the imageFile + // azure uses MD5 hashes + /* #nosec G401 */ imageFileHash := md5.New() if _, err := io.Copy(imageFileHash, imageFile); err != nil { return fmt.Errorf("cannot create md5 of the image: %v", err) diff --git a/internal/upload/koji/koji.go b/internal/upload/koji/koji.go index f9cec6f0a..7ff7fca87 100644 --- a/internal/upload/koji/koji.go +++ b/internal/upload/koji/koji.go @@ -2,6 +2,8 @@ package koji import ( "bytes" + // koji uses MD5 hashes + /* #nosec G501 */ "crypto/md5" "encoding/json" "errors" @@ -343,6 +345,8 @@ func (k *Koji) uploadChunk(chunk []byte, filepath, filename string, offset uint6 func (k *Koji) Upload(file io.Reader, filepath, filename string) (string, uint64, error) { chunk := make([]byte, 1024*1024) // upload a megabyte at a time offset := uint64(0) + // Koji uses MD5 hashes + /* #nosec G401 */ hash := md5.New() for { n, err := file.Read(chunk)