Created
February 16, 2021 20:50
-
-
Save bmbouter/31c45dac7de68eeccc35a9f9564c0f28 to your computer and use it in GitHub Desktop.
mark md5 as usedforsecurity=False
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/pulpcore/app/pulp_hashlib.py b/pulpcore/app/pulp_hashlib.py | |
index 604709b4d..87d684df6 100644 | |
--- a/pulpcore/app/pulp_hashlib.py | |
+++ b/pulpcore/app/pulp_hashlib.py | |
@@ -14,6 +14,9 @@ def new(name, *args, **kwargs): | |
This function raises an exception if a hasher is requested which is not allowed, and otherwise, | |
returns the standard hasher from `hashlib.new()`. | |
+ Additionally patches md5 to specify `usedforsecurity=False` allowing it to be used even in | |
+ restricted environments. | |
+ | |
Args: | |
name: The name of the hasher to be instantiated. | |
*args: args to be passed along to the real `hashlib.new()`. | |
@@ -33,4 +36,9 @@ def new(name, *args, **kwargs): | |
"setting" | |
).format(name) | |
) | |
+ if name == "md5": | |
+ try: | |
+ return the_real_hashlib.new(name, *args, usedforsecurity=False, **kwargs) | |
+ except TypeError: | |
+ pass | |
return the_real_hashlib.new(name, *args, **kwargs) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment