chore(telemetry): report sha-256 of git repo remote URL #461
Conversation
EverlastingBugstopper
requested review from
JakeDawkins and
lrlna
as code owners
There was a problem hiding this comment.
I guess this doesn't really matter, but I don't think the certain telemetry like remote url or directory hash would be useful or accurate for certain commands that don't alter graphs (thinking like graph fetch or config whoami for example). This would have a probably small effect on actual metrics calculated off these values, right?
| if let Ok(repo) = repo { | ||
| if let Ok(remote) = repo.find_remote("origin") { | ||
| if let Some(remote_url) = remote.url() { | ||
| return Some(format!("{:x}", Sha256::digest(remote_url.as_bytes()))); |
There was a problem hiding this comment.
I don't think there's any security implications of hashing the remote, right? Mostly thinking of the issues we had in the past of user/passwords being reported from the remote url. I don't think there's any chance of that here, but just mentioning for my own sanity.
There was a problem hiding this comment.
the good news is that sha-256 is a one-way operation, if someone could reverse the hashing function it would be a preimage attack. if those were achievable/practical to carry out we'd have some pretty big problems as an industry 😆
fixes #313 -
want to get Nathan's feedback on the question I asked in that issue before merging.this is good to go!