SignTool.sign(String) derives Elasticsearch document _ids from file paths using a hard-coded MD5 digest. Two concerns:
- Sonar flags it as a weak-hash hotspot (
java:S4790).
- Users cannot choose the algorithm.
Why MD5 can't simply be swapped: the digest is the document _id. Changing the algorithm changes every _id → a full reindex for existing users. So MD5 must remain the default for backward compatibility.
Proposal: introduce a setting (e.g. fs.hash_algorithm) letting users opt into a stronger digest (SHA-256…), keeping MD5 as the default. Deprecate the hard-coded sign(String) in favor of a configurable variant, and document the reindex implication when the algorithm is changed.
Context: raised while reducing SonarCloud findings. In the meantime SignTool.sign(String) is annotated @SuppressWarnings("java:S4790") + @Deprecated(since = "2.10") pointing here.
SignTool.sign(String)derives Elasticsearch document_ids from file paths using a hard-coded MD5 digest. Two concerns:java:S4790).Why MD5 can't simply be swapped: the digest is the document
_id. Changing the algorithm changes every_id→ a full reindex for existing users. So MD5 must remain the default for backward compatibility.Proposal: introduce a setting (e.g.
fs.hash_algorithm) letting users opt into a stronger digest (SHA-256…), keeping MD5 as the default. Deprecate the hard-codedsign(String)in favor of a configurable variant, and document the reindex implication when the algorithm is changed.Context: raised while reducing SonarCloud findings. In the meantime
SignTool.sign(String)is annotated@SuppressWarnings("java:S4790")+@Deprecated(since = "2.10")pointing here.