From be985e9a224e8988814bf2390985020f2b7ad395 Mon Sep 17 00:00:00 2001
From: Jackson Kwok <jackson.kwok@gmail.com>
Date: Wed, 27 Jul 2022 12:42:36 -0400
Subject: [PATCH 1/2] fix: make fips compliant by adding useforsecurity=False
 flag on md5 hashes

---
 superset/key_value/utils.py         | 2 +-
 superset/utils/hashing.py           | 2 +-
 superset/utils/public_interfaces.py | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/superset/key_value/utils.py b/superset/key_value/utils.py
index 6b487c278c0d0..406129232a877 100644
--- a/superset/key_value/utils.py
+++ b/superset/key_value/utils.py
@@ -61,7 +61,7 @@ def decode_permalink_id(key: str, salt: str) -> int:
 
 
 def get_uuid_namespace(seed: str) -> UUID:
-    md5_obj = md5()
+    md5_obj = md5(usedforsecurity=False)
     md5_obj.update(seed.encode("utf-8"))
     return UUID(md5_obj.hexdigest())
 
diff --git a/superset/utils/hashing.py b/superset/utils/hashing.py
index fff654263e4a5..2c1e4a17f555d 100644
--- a/superset/utils/hashing.py
+++ b/superset/utils/hashing.py
@@ -21,7 +21,7 @@
 
 
 def md5_sha_from_str(val: str) -> str:
-    return hashlib.md5(val.encode("utf-8")).hexdigest()
+    return hashlib.md5(val.encode("utf-8"), usedforsecurity=False).hexdigest()
 
 
 def md5_sha_from_dict(
diff --git a/superset/utils/public_interfaces.py b/superset/utils/public_interfaces.py
index 85622d1c3b020..33b02915abf10 100644
--- a/superset/utils/public_interfaces.py
+++ b/superset/utils/public_interfaces.py
@@ -40,13 +40,13 @@ def compute_hash(obj: Callable[..., Any]) -> str:
 
 
 def compute_func_hash(function: Callable[..., Any]) -> str:
-    hashed = md5()
+    hashed = md5(usedforsecurity=False)
     hashed.update(str(signature(function)).encode())
     return b85encode(hashed.digest()).decode("utf-8")
 
 
 def compute_class_hash(class_: Callable[..., Any]) -> str:
-    hashed = md5()
+    hashed = md5(usedforsecurity=False)
     public_methods = sorted(
         [
             (name, method)

From f08a6b175ba67789e09763fdbb5e599aa519f13a Mon Sep 17 00:00:00 2001
From: Jackson Kwok <jackson.kwok@gmail.com>
Date: Wed, 27 Mar 2024 15:19:01 -0400
Subject: [PATCH 2/2] fix: make fips compliant by replacing md5 with sha256 in
 PGDialect

---
 superset/migrations/shared/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/superset/migrations/shared/utils.py b/superset/migrations/shared/utils.py
index 2ae0dfeac158a..e62cac32f31b1 100644
--- a/superset/migrations/shared/utils.py
+++ b/superset/migrations/shared/utils.py
@@ -54,7 +54,7 @@ def table_has_column(table: str, column: str) -> bool:
 
 uuid_by_dialect = {
     MySQLDialect: "UNHEX(REPLACE(CONVERT(UUID() using utf8mb4), '-', ''))",
-    PGDialect: "uuid_in(md5(random()::text || clock_timestamp()::text)::cstring)",
+    PGDialect: "uuid_in(sha256(random()::text || clock_timestamp()::text)::cstring)",
 }