(avro) branch branch-1.11 updated: AVRO-4016: Use SecureRandom for file sync markers (#3016)

Wed, 10 Jul 2024 23:59:59 -0700 

This is an automated email from the ASF dual-hosted git repository.

opwvhk pushed a commit to branch branch-1.11
in repository https://gitbox.apache.org/repos/asf/avro.git


The following commit(s) were added to refs/heads/branch-1.11 by this push:
     new dc520149f AVRO-4016: Use SecureRandom for file sync markers (#3016)
dc520149f is described below

commit dc520149f092be197455833d4f46f712868a1546
Author: Oscar Westra van Holthe - Kind <[email protected]>
AuthorDate: Thu Jul 11 08:41:10 2024 +0200

    AVRO-4016: Use SecureRandom for file sync markers (#3016)
    
    (cherry-picked from 25d86840557e7b2e33c78d425131e5c19693e461)
---
 .../java/org/apache/avro/file/DataFileWriter.java  | 47 ++++++++++------------
 1 file changed, 21 insertions(+), 26 deletions(-)

diff --git 
a/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java 
b/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
index a1fb6c437..37d67322e 100644
--- a/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
+++ b/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
@@ -17,7 +17,15 @@
  */
 package org.apache.avro.file;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
+import org.apache.avro.AvroRuntimeException;
+import org.apache.avro.Schema;
+import org.apache.avro.file.DataFileStream.DataBlock;
+import org.apache.avro.generic.GenericDatumReader;
+import org.apache.avro.io.BinaryEncoder;
+import org.apache.avro.io.DatumWriter;
+import org.apache.avro.io.EncoderFactory;
+import org.apache.avro.util.NonCopyingByteArrayOutputStream;
+import org.apache.commons.compress.utils.IOUtils;
 
 import java.io.BufferedOutputStream;
 import java.io.Closeable;
@@ -28,22 +36,12 @@ import java.io.IOException;
 import java.io.OutputStream;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.UUID;
 import java.util.function.Function;
 
-import org.apache.avro.AvroRuntimeException;
-import org.apache.avro.Schema;
-import org.apache.avro.file.DataFileStream.DataBlock;
-import org.apache.avro.generic.GenericDatumReader;
-import org.apache.avro.io.BinaryEncoder;
-import org.apache.avro.io.DatumWriter;
-import org.apache.avro.io.EncoderFactory;
-import org.apache.avro.util.NonCopyingByteArrayOutputStream;
-import org.apache.commons.compress.utils.IOUtils;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 /**
  * Stores in a file a sequence of data conforming to a schema. The schema is
@@ -52,7 +50,7 @@ import org.apache.commons.compress.utils.IOUtils;
  * <i>blocks</i>. A synchronization marker is written between blocks, so that
  * files may be split. Blocks may be compressed. Extensible metadata is stored
  * at the end of the file. Files may be appended to.
- * 
+ *
  * @see DataFileReader
  */
 public class DataFileWriter<D> implements Closeable, Flushable {
@@ -195,7 +193,7 @@ public class DataFileWriter<D> implements Closeable, 
Flushable {
    * sync marker is written. By default, the writer will flush the buffer each
    * time a sync marker is written (if the block size limit is reached or the
    * {@linkplain #sync()} is called.
-   * 
+   *
    * @param flushOnEveryBlock - If set to false, this writer will not flush the
    *                          block to the stream until {@linkplain #flush()} 
is
    *                          explicitly called.
@@ -225,7 +223,7 @@ public class DataFileWriter<D> implements Closeable, 
Flushable {
   /**
    * Open a writer appending to an existing file. <strong>Since 1.9.0 this 
method
    * does not close in.</strong>
-   * 
+   *
    * @param in  reading the existing file.
    * @param out positioned at the end of the existing file.
    */
@@ -262,15 +260,12 @@ public class DataFileWriter<D> implements Closeable, 
Flushable {
     this.isOpen = true;
   }
 
+  private static final SecureRandom RNG = new SecureRandom();
+
   private static byte[] generateSync() {
-    try {
-      MessageDigest digester = MessageDigest.getInstance("MD5");
-      long time = System.currentTimeMillis();
-      digester.update((UUID.randomUUID() + "@" + time).getBytes(UTF_8));
-      return digester.digest();
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    }
+    byte[] sync = new byte[16];
+    RNG.nextBytes(sync);
+    return sync;
   }
 
   private DataFileWriter<D> setMetaInternal(String key, byte[] value) {
@@ -318,7 +313,7 @@ public class DataFileWriter<D> implements Closeable, 
Flushable {
 
   /**
    * Append a datum to the file.
-   * 
+   *
    * @see AppendWriteException
    */
   public void append(D datum) throws IOException {
@@ -379,7 +374,7 @@ public class DataFileWriter<D> implements Closeable, 
Flushable {
    * at compression level 7. If <i>recompress</i> is false, blocks will be 
copied
    * without changing the compression level. If true, they will be converted to
    * the new compression level.
-   * 
+   *
    * @param otherFile
    * @param recompress
    * @throws IOException

Reply via email to