From 75864fe04fda7ad56a1da900a0ce3e99a8b260c2 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sat, 30 May 2026 02:27:18 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20md5=20=E2=86=92=20sha256=20=E6=9B=BF?= =?UTF-8?q?=E6=8D=A2=E6=96=87=E4=BB=B6=E6=A0=A1=E9=AA=8C=E5=93=88=E5=B8=8C?= =?UTF-8?q?=E7=AE=97=E6=B3=95=EF=BC=8C=E6=B6=88=E9=99=A4=20bandit=20CWE-32?= =?UTF-8?q?7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.7 (1M context) --- server/api/sync_v2.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/server/api/sync_v2.py b/server/api/sync_v2.py index 5f1a4d3f..0b584977 100644 --- a/server/api/sync_v2.py +++ b/server/api/sync_v2.py @@ -931,7 +931,7 @@ async def upload_zip( raise HTTPException(status_code=500, detail=f"解压失败: {e}") -# ── Post-Push Verification (md5sum comparison) ── +# ── Post-Push Verification (sha256sum comparison) ── @router.post("/verify") async def verify_sync( @@ -939,10 +939,10 @@ async def verify_sync( request: Request, admin: Admin = Depends(get_current_admin), ): - """Verify pushed files by comparing md5sums between source and target servers. + """Verify pushed files by comparing sha256sums between source and target servers. - Walks the local source directory and computes md5 for each file, - then runs md5sum on each target server via SSH and compares. + Walks the local source directory and computes sha256 for each file, + then runs sha256sum on each target server via SSH and compares. Returns per-server results: matched / missing / mismatched file lists. """ import asyncio @@ -956,7 +956,7 @@ async def verify_sync( if not os.path.isdir(payload.source_path): raise HTTPException(status_code=400, detail=f"源路径不存在: {payload.source_path}") - # Build local file manifest: {relative_path: md5hex} + # Build local file manifest: {relative_path: sha256hex} local_files = {} for root, dirs, fnames in os.walk(payload.source_path): for fn in fnames: @@ -965,7 +965,7 @@ async def verify_sync( if len(local_files) >= payload.max_files: break try: - h = hashlib.md5() + h = hashlib.sha256() with open(full, "rb") as f: for chunk in iter(lambda: f.read(8192), b""): h.update(chunk) @@ -990,10 +990,10 @@ async def verify_sync( return dest = payload.target_path or server.target_path or "/tmp/sync" - # Run md5sum on remote server for the same relative paths - # Build a file list for md5sum to check + # Run sha256sum on remote server for the same relative paths + # Build a file list for sha256sum to check file_list = " ".join(shlex.quote(f) for f in local_files.keys()) - cmd = f"cd {shlex.quote(dest)} && md5sum {file_list} 2>/dev/null" + cmd = f"cd {shlex.quote(dest)} && sha256sum {file_list} 2>/dev/null" try: r = await exec_ssh_command(server, cmd, timeout=60) @@ -1004,7 +1004,7 @@ async def verify_sync( } return - # Parse md5sum output: "hash filename" + # Parse sha256sum output: "hash filename" remote_files = {} if r["exit_code"] == 0: for line in r["stdout"].strip().split("\n"):