Skip to content

Commit

Permalink
fix: make fips compliant by adding useforsecurity=False flag on md5 h…
Browse files Browse the repository at this point in the history 
…ashes
  • Loading branch information
@actionjax
actionjax authored and Jackson Kwok committed Mar 27, 2024
1 parent 349e496 commit be985e9
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion superset/key_value/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ def decode_permalink_id(key: str, salt: str) -> int:


def get_uuid_namespace(seed: str) -> UUID:
md5_obj = md5()
md5_obj = md5(usedforsecurity=False)
md5_obj.update(seed.encode("utf-8"))
return UUID(md5_obj.hexdigest())

Expand Down
2 changes: 1 addition & 1 deletion superset/utils/hashing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@


def md5_sha_from_str(val: str) -> str:
return hashlib.md5(val.encode("utf-8")).hexdigest()
return hashlib.md5(val.encode("utf-8"), usedforsecurity=False).hexdigest()

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic hashing algorithm on sensitive data High

Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (id)
Loading
is used in a hashing algorithm (MD5) that is insecure.
Sensitive data (certificate)
Loading
is used in a hashing algorithm (MD5) that is insecure.


def md5_sha_from_dict(
Expand Down
4 changes: 2 additions & 2 deletions superset/utils/public_interfaces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,13 @@ def compute_hash(obj: Callable[..., Any]) -> str:


def compute_func_hash(function: Callable[..., Any]) -> str:
hashed = md5()
hashed = md5(usedforsecurity=False)

Check warning on line 43 in superset/utils/public_interfaces.py

View check run for this annotation

Codecov / codecov/patch

superset/utils/public_interfaces.py#L43 

Added line #L43 was not covered by tests
hashed.update(str(signature(function)).encode())
return b85encode(hashed.digest()).decode("utf-8")


def compute_class_hash(class_: Callable[..., Any]) -> str:
hashed = md5()
hashed = md5(usedforsecurity=False)

Check warning on line 49 in superset/utils/public_interfaces.py

View check run for this annotation

Codecov / codecov/patch

superset/utils/public_interfaces.py#L49 

Added line #L49 was not covered by tests
public_methods = sorted(
[
(name, method)
Expand Down

0 comments on commit be985e9

Please sign in to comment.