From dd8c9bfc17ca75007b22a1901b3f98908af54e9e Mon Sep 17 00:00:00 2001
From: Enin <enin.kaduk@docker.com>
Date: Fri, 31 Oct 2025 11:10:57 +0100
Subject: [PATCH] azure-metrics-exporter: fips-compliant sha256 replacement

---
 metrics/servicediscovery.go    | 4 ++--
 probe_metrics_list.go          | 4 ++--
 probe_metrics_resource.go      | 4 ++--
 probe_metrics_resourcegraph.go | 4 ++--
 probe_metrics_scrape.go        | 4 ++--
 probe_metrics_subscription.go  | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/metrics/servicediscovery.go b/metrics/servicediscovery.go
index 107eb28..12fc123 100644
--- a/metrics/servicediscovery.go
+++ b/metrics/servicediscovery.go
@@ -2,7 +2,7 @@ package metrics
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"encoding/json"
 	"fmt"
 	"log/slog"
@@ -41,7 +41,7 @@ func (sd *AzureServiceDiscovery) fetchResourceList(subscriptionId, filter string
 	// nolint:gosec
 	cacheKey := fmt.Sprintf(
 		"%x",
-		sha1.Sum([]byte(fmt.Sprintf("%v:%v", subscriptionId, filter))),
+		sha256.Sum256([]byte(fmt.Sprintf("%v:%v", subscriptionId, filter))),
 	)
 
 	// try to fetch info from cache
diff --git a/probe_metrics_list.go b/probe_metrics_list.go
index 8798464..eed03e9 100644
--- a/probe_metrics_list.go
+++ b/probe_metrics_list.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsListHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("list:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("list:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 
diff --git a/probe_metrics_resource.go b/probe_metrics_resource.go
index a846f1e..6089f0f 100644
--- a/probe_metrics_resource.go
+++ b/probe_metrics_resource.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsResourceHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("resource:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("resource:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 
diff --git a/probe_metrics_resourcegraph.go b/probe_metrics_resourcegraph.go
index 5046ec2..12ef600 100644
--- a/probe_metrics_resourcegraph.go
+++ b/probe_metrics_resourcegraph.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -61,7 +61,7 @@ func probeMetricsResourceGraphHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("scrape:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("scrape:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 
diff --git a/probe_metrics_scrape.go b/probe_metrics_scrape.go
index 47b2045..e247e78 100644
--- a/probe_metrics_scrape.go
+++ b/probe_metrics_scrape.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -66,7 +66,7 @@ func probeMetricsScrapeHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("scrape:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("scrape:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}
 
diff --git a/probe_metrics_subscription.go b/probe_metrics_subscription.go
index 58c878b..1eb1dbc 100644
--- a/probe_metrics_subscription.go
+++ b/probe_metrics_subscription.go
@@ -2,7 +2,7 @@ package main
 
 import (
 	"context"
-	"crypto/sha1" // #nosec G505
+	"crypto/sha256"
 	"fmt"
 	"log/slog"
 	"net/http"
@@ -54,7 +54,7 @@ func probeMetricsSubscriptionHandler(w http.ResponseWriter, r *http.Request) {
 	prober.SetAzureResourceTagManager(AzureResourceTagManager)
 	prober.SetPrometheusRegistry(registry)
 	if settings.Cache != nil {
-		cacheKey := fmt.Sprintf("list:%x", sha1.Sum([]byte(r.URL.String()))) // #nosec G401
+		cacheKey := fmt.Sprintf("list:%x", sha256.Sum256([]byte(r.URL.String())))
 		prober.EnableMetricsCache(metricsCache, cacheKey, settings.CacheDuration(startTime))
 	}