Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove MD5 usage #456

Merged
merged 1 commit into from
Jul 5, 2023
Merged

fix: remove MD5 usage #456

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 2 additions & 28 deletions Sources/Amplitude/Amplitude.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ @implementation Amplitude {

BOOL _inForeground;
BOOL _offline;

int _numRetries;
int _maxRetries;
int _originalUploadPeriodsInSeconds;
Expand Down Expand Up @@ -672,7 +672,7 @@ - (void)logEvent:(NSString *)eventType withEventProperties:(NSDictionary *)event
AMPLITUDE_ERROR(@"ERROR: JSONSerializing event type %@ resulted in an NULL string", eventType);
return;
}

if ([eventType isEqualToString:IDENTIFY_EVENT] || [eventType isEqualToString:GROUP_IDENTIFY_EVENT]) {
(void) [self.dbHelper addIdentify:jsonString];
} else {
Expand Down Expand Up @@ -1008,12 +1008,6 @@ - (void)makeEventUploadPostRequest:(NSString *)url events:(NSString *)events num
NSString *timestampString = [[NSNumber numberWithLongLong:[[self currentTime] timeIntervalSince1970] * 1000] stringValue];
[postData appendData:[timestampString dataUsingEncoding:NSUTF8StringEncoding]];

// Add checksum
[postData appendData:[@"&checksum=" dataUsingEncoding:NSUTF8StringEncoding]];
NSString *checksumData = [NSString stringWithFormat:@"%@%@%@%@", apiVersionString, self.apiKey, events, timestampString];
NSString *checksum = [self md5HexDigest:checksumData];
[postData appendData:[checksum dataUsingEncoding:NSUTF8StringEncoding]];

[request setHTTPMethod:@"POST"];
[request setValue:self.contentTypeHeader forHTTPHeaderField:@"Content-Type"];
[request setValue:[NSString stringWithFormat:@"%lu", (unsigned long)[postData length]] forHTTPHeaderField:@"Content-Length"];
Expand Down Expand Up @@ -1675,26 +1669,6 @@ - (BOOL)isArgument:(id)argument validType:(Class)class methodName:(NSString *)me
}
}

- (NSString *)md5HexDigest:(NSString *)input {
const char *str = [input UTF8String];
unsigned char result[CC_MD5_DIGEST_LENGTH];

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
// As mentioned by @haoliu-amp in // https://github.com/amplitude/Amplitude-iOS/issues/250#issuecomment-655224554,
// > This crypto algorithm is used for our checksum field, actually you don't need to worry about the security concern for that.
// > However, we will see if we wanna switch it to SHA256.
// Based on this, we can silence the compile warning here until a fix is implemented.
CC_MD5(str, (CC_LONG) strlen(str), result);
#pragma clang diagnostic pop

NSMutableString *ret = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH*2];
for(int i = 0; i<CC_MD5_DIGEST_LENGTH; i++) {
[ret appendFormat:@"%02x",result[i]];
}
return ret;
}

- (NSString *)urlEncodeString:(NSString *)string {
NSCharacterSet * allowedCharacters = [[NSCharacterSet characterSetWithCharactersInString:@":/?#[]@!$ &'()*+,;=\"<>%{}|\\^~`"] invertedSet];
return [string stringByAddingPercentEncodingWithAllowedCharacters:allowedCharacters];
Expand Down