search

campeon23 / split-fetcher

The code is a concurrent file downloader in Go that splits a file into multiple parts, downloads them in parallel, and assembles the final file, with support for Etag validation to ensure file integrity.
MIT License
1 stars 0 forks source link

Ensure Safer Decryption Process #156

Closed campeon23 closed 1 year ago

campeon23 commented 1 year ago

Description: In our decryption routine, decrypted content gets written back to the disk. This approach could expose sensitive plaintext content, even if temporarily.

Recommendation: Refrain from writing decrypted content back to the disk unless there's a compelling requirement. Ideally, handle decrypted content solely in memory.

Example Fix:

func DecryptFileToMemory(filePath string, key []byte) ([]byte, error) {
    encryptedData, err := ioutil.ReadFile(filePath)
    if err != nil {
        return nil, err
    }
    return decryptDataInMemory(encryptedData, key)
}

Acceptance Criteria:

  • Modify the decryption process to manage decrypted content in memory by default.
  • Implement tests to confirm the safety and functionality of the revised process.
  • Update related documentation to reflect this change and the rationale behind it.

Severity Level: Medium

campeon23 commented 1 year ago

Duplicated ticket. Original #153