You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/03/11 22:52:00 UTC

[jira] [Commented] (NIFI-7119) Implement boundary checking for Argon2 cost parameters

    [ https://issues.apache.org/jira/browse/NIFI-7119?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17057454#comment-17057454 ] 

ASF subversion and git services commented on NIFI-7119:
-------------------------------------------------------

Commit 290bd378d5e219dabac8f3ecf2bf9c69451f1c3c in nifi's branch refs/heads/master from M Tien
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=290bd37 ]

NIFI-7119 Implement boundary checking for Argon2 cost parameters (#4111)

* NIFI-7119 Implemented parameter boundary enforcement for Argon2SecureHasher constructor.
Added unit tests for validating each parameter check.

* NIFI-7119 Refactored parameter validations. Added more test sizes to boundary checkers. Changed logger severity to error and added bounds to messages.

* NIFI-7119 Refactored Argon2 parameter data types to handle unsigned integer boundary values.
Updated unit tests.

Co-authored-by: Andy LoPresto <al...@apache.org>

Signed-off-by: Andy LoPresto <al...@apache.org>

> Implement boundary checking for Argon2 cost parameters
> ------------------------------------------------------
>
>                 Key: NIFI-7119
>                 URL: https://issues.apache.org/jira/browse/NIFI-7119
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.11.1
>            Reporter: Andy LoPresto
>            Assignee: M Tien
>            Priority: Major
>              Labels: beginner, boundary, hashing, security, validation
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> The {{Argon2}} secure hasher added for the flow fingerprint fix does not enforce boundaries around the cost parameters provided to the various constructors. It should restrict provided values to valid entries as noted in the Javadoc. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)