djcass44
diff --git a/‎pkg/ca-certificates/update-ca-certificates.go‎
Lines changed: 1 addition & 0 deletions b/‎pkg/ca-certificates/update-ca-certificates.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/ca-certificates/update-ca-certificates_test.go‎
Lines changed: 2 additions & 1 deletion b/‎pkg/ca-certificates/update-ca-certificates_test.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎pkg/debian/index.go‎
Lines changed: 3 additions & 0 deletions b/‎pkg/debian/index.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎pkg/downloader/downloader.go‎
Lines changed: 2 additions & 1 deletion b/‎pkg/downloader/downloader.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎pkg/downloader/hash.go‎
Lines changed: 14 additions & 0 deletions b/‎pkg/downloader/hash.go‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎tests/fixtures/alpine_318_full-lock.json‎
Lines changed: 0 additions & 293 deletions b/‎tests/fixtures/alpine_318_full-lock.json‎
Lines changed: 0 additions & 293 deletions
@@ -84,6 +84,7 @@ func readBlockedCerts(ctx context.Context, path string, rootfs memfs.FullFS) ([]
 		log.Error(err, "failed to open configuration file")
 		return nil, err
 	}
+	defer f.Close()
 
 	var blocked []string
 
 
@@ -2,13 +2,14 @@ package ca_certificates
 
 import (
 	"context"
+	"testing"
+
 	"github.com/Snakdy/container-build-engine/pkg/files"
 	"github.com/Snakdy/container-build-engine/pkg/vfs"
 	"github.com/go-logr/logr"
 	"github.com/go-logr/logr/testr"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"testing"
 )
 
 func TestUpdateCertificates(t *testing.T) {
 
@@ -56,6 +56,9 @@ func downloadIndex(ctx context.Context, repository, release, component, arch, fi
 		return nil, err
 	}
 	defer f.Close()
+	defer func() {
+		_ = os.Remove(f.Name())
+	}()
 	resp, err := http.Get(target)
 	if err != nil {
 		return nil, err
 
@@ -30,7 +30,8 @@ func (d *Downloader) Download(ctx context.Context, src string) (string, error) {
 
 	// download the file to a predictable location so that
 	// we can avoid repeated downloads
-	dst := filepath.Join(d.cacheDir, uri.Hostname(), filepath.Base(uri.Path))
+	cachePath := HashString(uri.Hostname() + "/" + uri.Path)
+	dst := filepath.Join(d.cacheDir, cachePath, filepath.Base(uri.Path))
 	// create the parent directory so that we don't
 	// have any name clashes between different repositories
 	if err := os.MkdirAll(filepath.Dir(dst), 0755); err != nil {
 
@@ -0,0 +1,14 @@
+package downloader
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+// HashString generates a 12-character SHA256 hash
+// from a given string.
+// It should not be used for cryptographic operations.
+func HashString(s string) string {
+	h := sha256.Sum256([]byte(s))
+	return hex.EncodeToString(h[:])[:12]
+}
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ func readBlockedCerts(ctx context.Context, path string, rootfs memfs.FullFS) ([]`
`84`	`84`	`log.Error(err, "failed to open configuration file")`
`85`	`85`	`return nil, err`
`86`	`86`	`}`
	`87`	`+ defer f.Close()`
`87`	`88`
`88`	`89`	`var blocked []string`
`89`	`90`