From deae3ca4b18f7b1ad27d7e282bba48350ecbed6c Mon Sep 17 00:00:00 2001
From: Alexandru Dima <alexdima@microsoft.com>
Date: Mon, 8 Jan 2024 14:11:19 +0100
Subject: [PATCH] Switch to using sha256 for checksums (fixes CodeQL warning)
 (#201977)

* Switch to using sha256 for checksums (fixes CodeQL warning)

* Fix unit test
---
 build/gulpfile.vscode.js                                   | 2 +-
 src/vs/platform/checksum/node/checksumService.ts           | 2 +-
 src/vs/platform/checksum/test/node/checksumService.test.ts | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/build/gulpfile.vscode.js b/build/gulpfile.vscode.js
index 857114fea15..bfd5c896e2f 100644
--- a/build/gulpfile.vscode.js
+++ b/build/gulpfile.vscode.js
@@ -184,7 +184,7 @@ function computeChecksum(filename) {
 	const contents = fs.readFileSync(filename);
 
 	const hash = crypto
-		.createHash('md5')
+		.createHash('sha256')
 		.update(contents)
 		.digest('base64')
 		.replace(/=+$/, '');
diff --git a/src/vs/platform/checksum/node/checksumService.ts b/src/vs/platform/checksum/node/checksumService.ts
index e4214019ff1..707095fde87 100644
--- a/src/vs/platform/checksum/node/checksumService.ts
+++ b/src/vs/platform/checksum/node/checksumService.ts
@@ -18,7 +18,7 @@ export class ChecksumService implements IChecksumService {
 	async checksum(resource: URI): Promise<string> {
 		const stream = (await this.fileService.readFileStream(resource)).value;
 		return new Promise<string>((resolve, reject) => {
-			const hash = createHash('md5');
+			const hash = createHash('sha256');
 
 			listenStream(stream, {
 				onData: data => hash.update(data.buffer),
diff --git a/src/vs/platform/checksum/test/node/checksumService.test.ts b/src/vs/platform/checksum/test/node/checksumService.test.ts
index 3e6a29fb573..3e56af64720 100644
--- a/src/vs/platform/checksum/test/node/checksumService.test.ts
+++ b/src/vs/platform/checksum/test/node/checksumService.test.ts
@@ -35,7 +35,7 @@ suite('Checksum Service', () => {
 		const checksumService = new ChecksumService(fileService);
 
 		const checksum = await checksumService.checksum(URI.file(FileAccess.asFileUri('vs/platform/checksum/test/node/fixtures/lorem.txt').fsPath));
-		assert.ok(checksum === '8mi5KF8kcb817zmlal1kZA' || checksum === 'DnUKbJ1bHPPNZoHgHV25sg'); // depends on line endings git config
+		assert.ok(checksum === 'd/9bMU0ydNCmc/hg8ItWeiLT/ePnf7gyPRQVGpd6tRI' || checksum === 'eJeeTIS0dzi8MZY+nHhjPBVtNbmGqxfVvgEOB4sqVIc'); // depends on line endings git config
 	});
 
 	ensureNoDisposablesAreLeakedInTestSuite();