search

campeon23 / split-fetcher

The code is a concurrent file downloader in Go that splits a file into multiple parts, downloads them in parallel, and assembles the final file, with support for Etag validation to ensure file integrity.
MIT License
1 stars 0 forks source link

Improve Data Handling in WriteEncryptedFile #152

Closed campeon23 closed 1 year ago

campeon23 commented 1 year ago

Description: The current sequence in WriteEncryptedFile involves writing the original data and then encrypting that data in place. This method poses a risk since plaintext data could potentially remain on the disk.

Recommendation: Encrypt data in memory first and subsequently write the encrypted data directly to the disk. This process minimizes the risk of exposing plaintext content.

Example Fix:

func WriteEncryptedFile(data []byte, key []byte, filePath string) error {
    encryptedData, err := encryptDataInMemory(data, key)
    if err != nil {
        return err
    }
    return ioutil.WriteFile(filePath, encryptedData, 0644)
}

Acceptance Criteria:

  • Refactor the WriteEncryptedFile function to adopt the recommended sequence.
  • Test the new implementation for effectiveness and security.
  • Update relevant documentation and ensure team members are informed.

Severity Level: Medium

campeon23 commented 1 year ago

With the recent commits, we have successfully refactored the WriteEncryptedFile function to align with best practices and the recommended sequence. Post-refactoring, thorough tests were executed to ensure the function's effectiveness and robust security. Additionally, transparency being one of our core values, we've updated all related documentation and informed the entire team of these enhancements. This endeavor not only improves the quality of our codebase but also reinforces the collaborative spirit of our team. Thanks to everyone involved in making this a success!