arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2026-03-24 02:13:38 +00:00
Code Issues Projects Releases Wiki Activity

refactor: use usedforsecurity flag for md5 calculations

Browse Source
This commit is contained in:
Evgenii Alekseev
2026-03-23 23:07:31 +02:00
parent 40671b99d5
commit 21cc029c18
2 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ahriman/core/upload/http_upload.py
View File

@@ -41,7 +41,7 @@ class HttpUpload(SyncHttpClient):
str: calculated checksum of the file str: calculated checksum of the file
""" """
with path.open("rb") as local_file: with path.open("rb") as local_file:
md5 = hashlib.md5(local_file.read()) # nosec md5 = hashlib.md5(local_file.read(), usedforsecurity=False)
return md5.hexdigest() return md5.hexdigest()
@staticmethod @staticmethod

17
src/ahriman/core/upload/s3.py
View File

@@ -62,9 +62,7 @@ class S3(Upload):
@staticmethod @staticmethod
def calculate_etag(path: Path, chunk_size: int) -> str: def calculate_etag(path: Path, chunk_size: int) -> str:
""" """
calculate amazon s3 etag calculate amazon s3 etag. Credits to https://teppen.io/2018/10/23/aws_s3_verify_etags/
credits to https://teppen.io/2018/10/23/aws_s3_verify_etags/
For this method we have to define nosec because it is out of any security context and provided by AWS
Args: Args:
path(Path): path to local file path(Path): path to local file
@@ -76,14 +74,17 @@ class S3(Upload):
md5s = [] md5s = []
with path.open("rb") as local_file: with path.open("rb") as local_file:
for chunk in iter(lambda: local_file.read(chunk_size), b""): for chunk in iter(lambda: local_file.read(chunk_size), b""):
md5s.append(hashlib.md5(chunk)) # nosec md5s.append(hashlib.md5(chunk, usedforsecurity=False))
# in case if there is only one chunk it must be just this checksum # in case if there is only one chunk it must be just this checksum
# and checksum of joined digest otherwise (including empty list) if len(md5s) == 1:
checksum = md5s[0] if len(md5s) == 1 else hashlib.md5(b"".join(md5.digest() for md5 in md5s)) # nosec return md5s[0].hexdigest()
# in case if there are more than one chunk it should be appended with amount of chunks
# otherwise it is checksum of joined digest (including empty list)
md5 = hashlib.md5(b"".join(md5.digest() for md5 in md5s), usedforsecurity=False)
# in case if there are more (exactly) than one chunk it should be appended with amount of chunks
suffix = f"-{len(md5s)}" if len(md5s) > 1 else "" suffix = f"-{len(md5s)}" if len(md5s) > 1 else ""
return f"{checksum.hexdigest()}{suffix}" return f"{md5.hexdigest()}{suffix}"
@staticmethod @staticmethod
def files_remove(local_files: dict[Path, str], remote_objects: dict[Path, Any]) -> None: def files_remove(local_files: dict[Path, str], remote_objects: dict[Path, Any]) -> None: