kallithea Changeset - 3a12df6cbf30

Changeset - 3a12df6cbf30

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Mads Kiilerich (mads) - 6 years ago 2020-06-11 21:15:07
mads@kiilerich.com

Grafted from: d479422fca87

lib: use sha1 instead of md5 in a couple of places

md5 is dead and should be avoided. In the places changed here, we want to keep
using hashes without trivial collisions, but do not expect strong crypto
security. sha1 seems like a trivial step up from md5 and without obvious
alternatives. It is more expensive than md5, but we can live with that in these
places.

The remaining few uses of md5() cannot be changed without breaking backwards
compatibility or external API.

2 files changed with 4 insertions and 4 deletions:

kallithea/lib/celerylib/__init__.py

kallithea/lib/markup_renderer.py

0 comments (0 inline, 0 general)

kallithea/lib/celerylib/__init__.py

➞

Show inline comments

@@ @@ -25,13 +25,13 @@ Original author and date, and relevant c @@
 :license: GPLv3, see LICENSE.md for more details.
 """
 import logging
 import os
-from hashlib import md5
+from hashlib import sha1
 from decorator import decorator
 from tg import config
 import kallithea
 from kallithea.lib.pidlock import DaemonLock, LockHeld
@@ @@ -91,13 +91,13 @@ def __get_lockkey(func, *fargs, **fkwarg @@
     params = list(fargs)
     params.extend(['%s-%s' % ar for ar in fkwargs.items()])
     func_name = str(func.__name__) if hasattr(func, '__name__') else str(func)
     lockkey = 'task_%s.lock' % \
-        md5(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest()
+        sha1(safe_bytes(func_name + '-' + '-'.join(str(x) for x in params))).hexdigest()
     return lockkey
 def locked_task(func):
     def __wrapper(func, *fargs, **fkwargs):
         lockkey = __get_lockkey(func, *fargs, **fkwargs)

kallithea/lib/markup_renderer.py

➞

Show inline comments

@@ @@ -71,19 +71,19 @@ class MarkupRenderer(object): @@
     def _flavored_markdown(cls, text):
         """
         Github style flavored markdown
         :param text:
         """
-        from hashlib import md5
+        from hashlib import sha1
         # Extract pre blocks.
         extractions = {}
         def pre_extraction_callback(matchobj):
-            digest = md5(matchobj.group(0)).hexdigest()
+            digest = sha1(matchobj.group(0)).hexdigest()
             extractions[digest] = matchobj.group(0)
             return "{gfm-extraction-%s}" % digest
         pattern = re.compile(r'<pre>.*?</pre>', re.MULTILINE | re.DOTALL)
         text = re.sub(pattern, pre_extraction_callback, text)
         # Prevent foo_bar_baz from ending up with an italic word in the middle.

0 comments (0 inline, 0 general)