Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent potential SHA-1 hash mismatch in Bugsnag-Integrity header #1028

Merged
merged 1 commit into from
Dec 8, 2020
Merged

Prevent potential SHA-1 hash mismatch in Bugsnag-Integrity header #1028

merged 1 commit into from
Dec 8, 2020

Conversation

fractalwrench
Copy link
Contributor

@fractalwrench fractalwrench commented Dec 8, 2020
edited
Loading

Goal

Prevents a SHA-1 hash mismatch when the React Native notifier changes the notifier field on startup. Because the Android notifier assigns the event payload value by reference from Client#notifier, the request payload can change between generating a SHA-1 hash and making the request.

Changeset

Copied the notifier parameter when constructing an EventPayload, so that it does not hold a copy of global state.

Testing

Added unit test to verify that the notifier property is always copied when constructing an EventPayload. Additionally ran artefact against failing React Native scenario and confirmed that this change fixes the immediate issue.

@fractalwrench fractalwrench changed the title Prevent notifier field from changing SHA-1 hash Prevent potential SHA-1 hash mismatch in Bugsnag-Integrity header Dec 8, 2020
@fractalwrench fractalwrench force-pushed the PLAT-5579/integrity-header branch from adf7047 to 2df65ca Compare December 8, 2020 11:04
@bugsnagbot
Copy link
Collaborator

Android notifier sizes

Format Size impact of Bugsnag (kB) Size impact of Bugsnag when Minified (kB)
APK 1441.44 1361.29
arm64_v8a 369.24 287.33
armeabi 348.77 266.84
armeabi_v7a 332.39 250.47
x86 410.19 328.28
x86_64 389.72 307.8

Generated by 🚫 Danger

@fractalwrench fractalwrench merged commit 9d183b8 into next Dec 8, 2020
@fractalwrench fractalwrench deleted the PLAT-5579/integrity-header branch December 8, 2020 13:24
@fractalwrench fractalwrench mentioned this pull request Dec 9, 2020
Merged
@djskinner djskinner mentioned this pull request Dec 10, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomlongridge tomlongridge tomlongridge approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fractalwrench @bugsnagbot @tomlongridge