optimize performance of regex operations

pkg/api/error.go

@@ -57,12 +57,13 @@ func errorMsg(message string, code int) *models.Error {
 	}
 }
 
+var re = regexp.MustCompile("^(.*)Params$")
+
 func handleRekorAPIError(params interface{}, code int, err error, message string, fields ...interface{}) middleware.Responder {
 	if message == "" {
 		message = http.StatusText(code)
 	}
 
-	re := regexp.MustCompile("^(.*)Params$")
 	typeStr := fmt.Sprintf("%T", params)
 	handler := re.FindStringSubmatch(typeStr)[1]
 

pkg/types/alpine/v0.0.1/entry.go

@@ -18,6 +18,7 @@ package alpine
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -28,7 +29,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/asaskevich/govalidator"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 	"golang.org/x/sync/errgroup"
@@ -277,7 +277,11 @@ func (v V001Entry) validate() error {
 
 	hash := pkg.Hash
 	if hash != nil {
-		if !govalidator.IsHash(swag.StringValue(hash.Value), swag.StringValue(hash.Algorithm)) {
+		// Only sha256 is supported for alpine v0.0.1; enforce length accordingly.
+		if hash.Value == nil || len(*hash.Value) != crypto.SHA256.Size()*2 {
+			return errors.New("invalid value for hash")
+		}
+		if _, err := hex.DecodeString(*hash.Value); err != nil {
 			return errors.New("invalid value for hash")
 		}
 	} else if len(pkg.Content) == 0 {

pkg/types/hashedrekord/v0.0.1/entry.go

@@ -28,7 +28,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/asaskevich/govalidator"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 
@@ -170,17 +169,23 @@ func (v *V001Entry) validate() (pki.Signature, pki.PublicKey, error) {
 	if hash == nil {
 		return nil, nil, &types.InputValidationError{Err: errors.New("missing hash")}
 	}
-	if !govalidator.IsHash(swag.StringValue(hash.Value), swag.StringValue(hash.Algorithm)) {
-		return nil, nil, &types.InputValidationError{Err: errors.New("invalid value for hash")}
-	}
 
 	var alg crypto.Hash
 	switch swag.StringValue(hash.Algorithm) {
 	case models.HashedrekordV001SchemaDataHashAlgorithmSha384:
+		if len(*hash.Value) != crypto.SHA384.Size()*2 {
+			return nil, nil, &types.InputValidationError{Err: errors.New("invalid value for hash")}
+		}
 		alg = crypto.SHA384
 	case models.HashedrekordV001SchemaDataHashAlgorithmSha512:
+		if len(*hash.Value) != crypto.SHA512.Size()*2 {
+			return nil, nil, &types.InputValidationError{Err: errors.New("invalid value for hash")}
+		}
 		alg = crypto.SHA512
 	default:
+		if len(*hash.Value) != crypto.SHA256.Size()*2 {
+			return nil, nil, &types.InputValidationError{Err: errors.New("invalid value for hash")}
+		}
 		alg = crypto.SHA256
 	}
 

pkg/types/jar/v0.0.1/entry.go

@@ -19,6 +19,7 @@ import (
 	"archive/zip"
 	"bytes"
 	"context"
+	"crypto"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -38,8 +39,6 @@ import (
 	"github.com/sigstore/rekor/pkg/types/jar"
 	"github.com/sigstore/rekor/pkg/util"
 
-	"github.com/asaskevich/govalidator"
-
 	"github.com/go-openapi/strfmt"
 
 	"github.com/go-openapi/swag"
@@ -252,7 +251,11 @@ func (v *V001Entry) validate() error {
 
 	hash := archive.Hash
 	if hash != nil {
-		if !govalidator.IsHash(swag.StringValue(hash.Value), swag.StringValue(hash.Algorithm)) {
+		// Only sha256 is supported for jar v0.0.1; enforce length-by-algorithm like hashedrekord.
+		if hash.Value == nil || len(*hash.Value) != crypto.SHA256.Size()*2 {
+			return errors.New("invalid value for hash")
+		}
+		if _, err := hex.DecodeString(*hash.Value); err != nil {
 			return errors.New("invalid value for hash")
 		}
 	}

pkg/types/rekord/v0.0.1/entry.go

@@ -18,6 +18,7 @@ package rekord
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -28,7 +29,6 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/asaskevich/govalidator"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 
@@ -235,7 +235,11 @@ func (v V001Entry) validate() error {
 
 	hash := data.Hash
 	if hash != nil {
-		if !govalidator.IsHash(swag.StringValue(hash.Value), swag.StringValue(hash.Algorithm)) {
+		// Rekord v0.0.1 schema enumerates sha256; enforce length accordingly.
+		if hash.Value == nil || len(*hash.Value) != crypto.SHA256.Size()*2 {
+			return errors.New("invalid value for hash")
+		}
+		if _, err := hex.DecodeString(*hash.Value); err != nil {
 			return errors.New("invalid value for hash")
 		}
 	} else if len(data.Content) == 0 {

pkg/types/rpm/v0.0.1/entry.go

@@ -18,6 +18,7 @@ package rpm
 import (
 	"bytes"
 	"context"
+	"crypto"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
@@ -29,7 +30,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/asaskevich/govalidator"
 	rpmutils "github.com/cavaliercoder/go-rpm"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -297,7 +297,11 @@ func (v V001Entry) validate() error {
 
 	hash := pkg.Hash
 	if hash != nil {
-		if !govalidator.IsHash(swag.StringValue(hash.Value), swag.StringValue(hash.Algorithm)) {
+		// Only sha256 is supported for rpm v0.0.1; enforce length accordingly.
+		if hash.Value == nil || len(*hash.Value) != crypto.SHA256.Size()*2 {
+			return errors.New("invalid value for hash")
+		}
+		if _, err := hex.DecodeString(*hash.Value); err != nil {
 			return errors.New("invalid value for hash")
 		}
 	} else if len(pkg.Content) == 0 {