Back

ollama #14023

fix(upload): security: replace MD5 with SHA-256 for upload ETag computation

by ravisastryk · Feb 06, 2026 at 19:32 UTC · scan-cb7bb0f02cb34aed

View on Github · Download JSON

High Risk (55%)

Get this automatically on every PR

Install the Axiomo GitHub App to get Signals as check runs and PR comments on every pull request.

Install App

Risk Assessment

Risk level: High (55%)

Risk Drivers

new_contributor: First contribution from ravisastryk
touches_ci_config: Modifies ci_config code

Intent

3/4 criteria met

Replace MD5 with SHA-256 for ETag computation in uploads

Acceptance Criteria

✓
Replace MD5 with SHA-256 in upload ETag computation
server/upload.go changed from md5 to sha256
✓
Add cryptographic security scan to workflow
.github/workflows/cryptoguard.yaml added
✓
No user-facing behavior changes
PR description confirms hash format unchanged
?
Prevents runtime panics in FIPS 140-only environments
Diff does not show runtime tests, PR description asserts change

Confidence: 95.0% Source: pr description AI: openai

Contributors

ravisastryk PR Author 1 commit ? New Contributor

Account Age: 3762 days

Prior PRs: 1

First-time contributor to this repository. maintains 55 public repositories. unfamiliar with 2 files.

Evidence

Evidence Completeness: 0.0%

Missing: ci_passing, tests_passing, lint_passing, security_scan_clean, coverage_maintained, build_successful

Supply Chain

Elevated Risk

Modifies dependencies

Modifies lockfile

Modifies CI config

Modifies build scripts

Focus Files

Focus on 1 critical file(s)

.github/workflows/cryptoguard.yaml +37

Modifies ci_config code; New file; Configuration

critical

server/upload.go +15

Source code

medium

Triage

minutes to review

medium

effort level

none

staleness risk

Prioritize for security-sensitive review

Recommendation

NEEDS DISCUSSION 23.0% readiness

Insufficient evidence (CI/tests) to evaluate

Next Steps

Concern


                                    .github/workflows/cryptoguard.yaml

Requires security review for ci_config changes

Question

Why is ci_passing missing? Consider adding this check.

Question

Why is tests_passing missing? Consider adding this check.

Concern


                                    .github/workflows/cryptoguard.yaml

Critical file: Modifies ci_config code; New file; Configuration

Suggestion


                                    .github/workflows/cryptoguard.yaml

CI configuration changed - verify build/deploy behavior

Nitpick

First contribution - consider welcoming and providing extra context