search

campeon23 / split-fetcher

The code is a concurrent file downloader in Go that splits a file into multiple parts, downloads them in parallel, and assembles the final file, with support for Etag validation to ensure file integrity.
MIT License
1 stars 0 forks source link

Improve Data Handling in WriteEncryptedFile #155

Closed campeon23 closed 1 year ago

campeon23 commented 1 year ago

Description: The current sequence in WriteEncryptedFile involves writing the original data and then encrypting that data in place. This method poses a risk since plaintext data could potentially remain on the disk.

Recommendation: Encrypt data in memory first and subsequently write the encrypted data directly to the disk. This process minimizes the risk of exposing plaintext content.

Example Fix:

func WriteEncryptedFile(data []byte, key []byte, filePath string) error {
    encryptedData, err := encryptDataInMemory(data, key)
    if err != nil {
        return err
    }
    return ioutil.WriteFile(filePath, encryptedData, 0644)
}

Acceptance Criteria:

  • Refactor the WriteEncryptedFile function to adopt the recommended sequence.
  • Test the new implementation for effectiveness and security.
  • Update relevant documentation and ensure team members are informed.

Severity Level: Medium

campeon23 commented 1 year ago

Closing ticket "Refactor WriteEncryptedFile Sequence". Won't do!

Rationale: Upon review, it has been determined that the function in question, WriteEncryptedFile, is solely used for testing purposes and handles mock data. The data passed for encryption within this context is not sensitive or real-world applicable. Given this context, the potential risk described is deemed non-impactful, and the suggested changes are unnecessary at this juncture.

If there are any further concerns or clarifications needed, please do not hesitate to raise a new ticket or discussion topic. Thank you for your diligence and ensuring our processes remain secure.