From 75e96d6fe39b90adfa9e3d69e34f9b4215e633f7 Mon Sep 17 00:00:00 2001
From: Jens Kraemer <jk@jkraemer.net>
Date: Thu, 2 Mar 2017 10:46:35 +0800
Subject: [PATCH 1/3] changes the digest used for attachments to SHA256

---
 app/models/attachment.rb                              | 10 +++++-----
 db/migrate/20170302015225_widen_attachments_digest.rb |  8 ++++++++
 test/unit/attachment_test.rb                          |  4 ++--
 test/unit/mail_handler_test.rb                        | 10 +++++-----
 4 files changed, 20 insertions(+), 12 deletions(-)
 create mode 100644 db/migrate/20170302015225_widen_attachments_digest.rb

diff --git a/app/models/attachment.rb b/app/models/attachment.rb
index 52c7825..3bfecfc 100644
--- a/app/models/attachment.rb
+++ b/app/models/attachment.rb
@@ -15,7 +15,7 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
-require "digest/md5"
+require "digest"
 require "fileutils"
 
 class Attachment < ActiveRecord::Base
@@ -116,20 +116,20 @@ class Attachment < ActiveRecord::Base
       unless File.directory?(path)
         FileUtils.mkdir_p(path)
       end
-      md5 = Digest::MD5.new
+      sha = Digest::SHA256.new
       File.open(diskfile, "wb") do |f|
         if @temp_file.respond_to?(:read)
           buffer = ""
           while (buffer = @temp_file.read(8192))
             f.write(buffer)
-            md5.update(buffer)
+            sha.update(buffer)
           end
         else
           f.write(@temp_file)
-          md5.update(@temp_file)
+          sha.update(@temp_file)
         end
       end
-      self.digest = md5.hexdigest
+      self.digest = sha.hexdigest
     end
     @temp_file = nil
 
diff --git a/db/migrate/20170302015225_widen_attachments_digest.rb b/db/migrate/20170302015225_widen_attachments_digest.rb
new file mode 100644
index 0000000..6b916ad
--- /dev/null
+++ b/db/migrate/20170302015225_widen_attachments_digest.rb
@@ -0,0 +1,8 @@
+class WidenAttachmentsDigest < ActiveRecord::Migration
+  def up
+    change_column :attachments, :digest, :string, limit: 64
+  end
+  def down
+    change_column :attachments, :digest, :string, limit: 40
+  end
+end
diff --git a/test/unit/attachment_test.rb b/test/unit/attachment_test.rb
index 81d7e3c..a70009d 100644
--- a/test/unit/attachment_test.rb
+++ b/test/unit/attachment_test.rb
@@ -62,7 +62,7 @@ class AttachmentTest < ActiveSupport::TestCase
     assert_equal 59, a.filesize
     assert_equal 'text/plain', a.content_type
     assert_equal 0, a.downloads
-    assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest
+    assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest
 
     assert a.disk_directory
     assert_match %r{\A\d{4}/\d{2}\z}, a.disk_directory
@@ -188,7 +188,7 @@ class AttachmentTest < ActiveSupport::TestCase
     assert_equal 59, a.filesize
     assert_equal 'text/plain', a.content_type
     assert_equal 0, a.downloads
-    assert_equal '1478adae0d4eb06d35897518540e25d6', a.digest
+    assert_equal '6bc2eb7e87cfbf9145065689aaa8b5f513089ca0af68e2dc41f9cc025473d106', a.digest
     diskfile = a.diskfile
     assert File.exist?(diskfile)
     assert_equal 59, File.size(a.diskfile)
diff --git a/test/unit/mail_handler_test.rb b/test/unit/mail_handler_test.rb
index 562359a..fa8bcf2 100644
--- a/test/unit/mail_handler_test.rb
+++ b/test/unit/mail_handler_test.rb
@@ -519,7 +519,7 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal 10790, attachment.filesize
     assert File.exist?(attachment.diskfile)
     assert_equal 10790, File.size(attachment.diskfile)
-    assert_equal 'caaf384198bcbc9563ab5c058acd73cd', attachment.digest
+    assert_equal '4474dd534c36bdd212e2efc549507377c3e77147c9167b66dedcebfe9da8807f', attachment.digest
   end
 
   def test_thunderbird_with_attachment_ja
@@ -535,7 +535,7 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal 5, attachment.filesize
     assert File.exist?(attachment.diskfile)
     assert_equal 5, File.size(attachment.diskfile)
-    assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
+    assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
   end
 
   def test_invalid_utf8
@@ -561,7 +561,7 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal 5, attachment.filesize
     assert File.exist?(attachment.diskfile)
     assert_equal 5, File.size(attachment.diskfile)
-    assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
+    assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
   end
 
   def test_thunderbird_with_attachment_latin1
@@ -579,7 +579,7 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal 130, attachment.filesize
     assert File.exist?(attachment.diskfile)
     assert_equal 130, File.size(attachment.diskfile)
-    assert_equal '4d80e667ac37dddfe05502530f152abb', attachment.digest
+    assert_equal '5635d67364de20432247e651dfe86fcb2265ad5e9750bd8bba7319a86363e738', attachment.digest
   end
 
   def test_gmail_with_attachment_latin1
@@ -597,7 +597,7 @@ class MailHandlerTest < ActiveSupport::TestCase
     assert_equal 5, attachment.filesize
     assert File.exist?(attachment.diskfile)
     assert_equal 5, File.size(attachment.diskfile)
-    assert_equal 'd8e8fca2dc0f896fd7cb4cb0031ba249', attachment.digest
+    assert_equal 'f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2', attachment.digest
   end
 
   def test_mail_with_attachment_latin2
-- 
2.1.4