ericphanson
commented
1 year ago That is in the tests, not the source code. The corresponding source code is https://github.com/JuliaCloud/AWS.jl/blob/100c30ec942e5e38d4a987dbef6b30c85dda9fbf/src/utilities/sign.jl#L77
I don't think that Content-MD5 header is for encryption but rather object integrity. The object is hashed with SHA256 as part of the the AWS v4 signature process.
So I don't think this is a security weakness.
Greetings,
We are some security researchers who have built a scanner to detect known security weaknesses. For your repository, we have found instances of Weak Encryption in the following locations:
Location-1: https://github.com/JuliaCloud/AWS.jl/blob/100c30ec942e5e38d4a987dbef6b30c85dda9fbf/test/AWS.jl#L95
Please give us feedback. Do you think these are valid instances on security weaknesses? Will you fix them?