Skip to content

Commit

Permalink
fix: remove MD5 usage (#456)
Browse files Browse the repository at this point in the history
  • Loading branch information
justin-fiedler authored Jul 5, 2023
1 parent b54a60f commit 4e2d35f
Showing 1 changed file with 2 additions and 28 deletions.
30 changes: 2 additions & 28 deletions Sources/Amplitude/Amplitude.m
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ @implementation Amplitude {

BOOL _inForeground;
BOOL _offline;

int _numRetries;
int _maxRetries;
int _originalUploadPeriodsInSeconds;
Expand Down Expand Up @@ -740,7 +740,7 @@ - (void)logEvent:(NSString *)eventType withEventProperties:(NSDictionary *)event
AMPLITUDE_ERROR(@"ERROR: JSONSerializing event type %@ resulted in an NULL string", eventType);
return;
}

if ([eventType isEqualToString:IDENTIFY_EVENT] || [eventType isEqualToString:GROUP_IDENTIFY_EVENT]) {
(void) [self.dbHelper addIdentify:jsonString];
} else {
Expand Down Expand Up @@ -1106,12 +1106,6 @@ - (void)makeEventUploadPostRequest:(NSString *)url events:(NSString *)events num
NSString *timestampString = [[NSNumber numberWithLongLong:[[self currentTime] timeIntervalSince1970] * 1000] stringValue];
[postData appendData:[timestampString dataUsingEncoding:NSUTF8StringEncoding]];

// Add checksum
[postData appendData:[@"&checksum=" dataUsingEncoding:NSUTF8StringEncoding]];
NSString *checksumData = [NSString stringWithFormat:@"%@%@%@%@", apiVersionString, self.apiKey, events, timestampString];
NSString *checksum = [self md5HexDigest:checksumData];
[postData appendData:[checksum dataUsingEncoding:NSUTF8StringEncoding]];

[request setHTTPMethod:@"POST"];
[request setValue:self.contentTypeHeader forHTTPHeaderField:@"Content-Type"];
[request setValue:[NSString stringWithFormat:@"%lu", (unsigned long)[postData length]] forHTTPHeaderField:@"Content-Length"];
Expand Down Expand Up @@ -1775,26 +1769,6 @@ - (BOOL)isArgument:(id)argument validType:(Class)class methodName:(NSString *)me
}
}

- (NSString *)md5HexDigest:(NSString *)input {
const char *str = [input UTF8String];
unsigned char result[CC_MD5_DIGEST_LENGTH];

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
// As mentioned by @haoliu-amp in // https://github.com/amplitude/Amplitude-iOS/issues/250#issuecomment-655224554,
// > This crypto algorithm is used for our checksum field, actually you don't need to worry about the security concern for that.
// > However, we will see if we wanna switch it to SHA256.
// Based on this, we can silence the compile warning here until a fix is implemented.
CC_MD5(str, (CC_LONG) strlen(str), result);
#pragma clang diagnostic pop

NSMutableString *ret = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH*2];
for(int i = 0; i<CC_MD5_DIGEST_LENGTH; i++) {
[ret appendFormat:@"%02x",result[i]];
}
return ret;
}

- (NSString *)urlEncodeString:(NSString *)string {
NSCharacterSet * allowedCharacters = [[NSCharacterSet characterSetWithCharactersInString:@":/?#[]@!$ &'()*+,;=\"<>%{}|\\^~`"] invertedSet];
return [string stringByAddingPercentEncodingWithAllowedCharacters:allowedCharacters];
Expand Down

0 comments on commit 4e2d35f

Please sign in to comment.