openstack/oslo.utils
Code Issues Proposed changes

Add digestmod when using hmac

Browse Source 
Until Python 3.8 hmc.new() defaulted the digestmod argument to 'hmac-md5'.
This was deperecated, to be removed in Python 3.8 [1], so let's get
ready for new python.

Also switching to more secure sha1 algorithm, using md5 anywhere may
trigger alerts from automatic security tools.

[1] https://docs.python.org/3.8/library/hmac.html

Change-Id: I4b365cb05de98bdd498b3c2094e4a77ab3944b12
This commit is contained in:
Alfredo Moralejo 2019-08-21 17:44:16 +02:00
parent 1b8bafb391
commit 5ae7d21f98
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
oslo_utils/tests/test_secretutils.py
View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
import hashlib
import hmac
from oslotest import base as test_base
@ -23,7 +24,8 @@ from oslo_utils import secretutils
class SecretUtilsTest(testscenarios.TestWithScenarios,
test_base.BaseTestCase):
_gen_digest = lambda text: hmac.new(b'foo', text.encode('utf-8')).digest()
_gen_digest = lambda text: hmac.new(b'foo', text.encode('utf-8'),
digestmod=hashlib.sha1).digest()
scenarios = [
('binary', {'converter': _gen_digest}),
('unicode', {'converter': lambda text: text}),