azure-metrics-exporter: fips-compliant sha256 replacement (#126)

Author: blueprismo

metrics/servicediscovery.go

@@ -2,7 +2,7 @@ package metrics
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"log/slog"
@@ -41,7 +41,7 @@ func (sd *AzureServiceDiscovery) fetchResourceList(subscriptionId, filter string
 	// nolint:gosec
 	cacheKey := fmt.Sprintf(
 		"%x",
-		sha1.Sum([]byte(fmt.Sprintf("%v:%v", subscriptionId, filter))),
+		sha256.Sum256([]byte(fmt.Sprintf("%v:%v", subscriptionId, filter))),
 	)
 
 	// try to fetch info from cache

probe_metrics_list.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsListHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("list:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("list:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 

probe_metrics_resource.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsResourceHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("resource:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("resource:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 

probe_metrics_resourcegraph.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -61,7 +61,7 @@ func probeMetricsResourceGraphHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("scrape:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("scrape:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 

probe_metrics_scrape.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -66,7 +66,7 @@ func probeMetricsScrapeHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("scrape:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("scrape:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 

probe_metrics_subscription.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsSubscriptionHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("list:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("list:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}