diff options
| author | Michael Merickel <michael@merickel.org> | 2024-01-28 23:17:29 -0700 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2024-01-28 23:17:29 -0700 |
| commit | 43e66c6415d6397b0ee93d64dc80c742072f3ada (patch) | |
| tree | f08894d9c026f3c30c25e7aefc7a2c74e48086ac | |
| parent | 3d640f43403d7ed8b796d4c825886f591afee5a1 (diff) | |
| download | pyramid-43e66c6415d6397b0ee93d64dc80c742072f3ada.tar.gz pyramid-43e66c6415d6397b0ee93d64dc80c742072f3ada.tar.bz2 pyramid-43e66c6415d6397b0ee93d64dc80c742072f3ada.zip | |
upgrade phash implementation from md5 to sha256
| -rw-r--r-- | CHANGES.rst | 4 | ||||
| -rw-r--r-- | src/pyramid/config/predicates.py | 6 | ||||
| -rw-r--r-- | tests/test_config/test_views.py | 8 |
3 files changed, 11 insertions, 7 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index b3aae92b4..023ce3fe6 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -22,6 +22,10 @@ Features See https://github.com/Pylons/pyramid/pull/3735 +- Replace usage of ``md5`` in the Pyramid view system with ``sha256``. This + is not a security-related feature and is considered an implementation detail + that should not impact users. + Bug Fixes --------- diff --git a/src/pyramid/config/predicates.py b/src/pyramid/config/predicates.py index db5df0347..15d990b95 100644 --- a/src/pyramid/config/predicates.py +++ b/src/pyramid/config/predicates.py @@ -1,4 +1,4 @@ -from hashlib import md5 +from hashlib import sha256 from webob.acceptparse import Accept from pyramid.exceptions import ConfigurationError @@ -8,7 +8,7 @@ from pyramid.registry import predvalseq from pyramid.util import TopologicalSorter, bytes_, is_nonstr_iter MAX_ORDER = 1 << 30 -DEFAULT_PHASH = md5().hexdigest() +DEFAULT_PHASH = sha256().hexdigest() class PredicateConfiguratorMixin: @@ -137,7 +137,7 @@ class PredicateList: # phash) that can be used by a caller to identify identical predicate # lists. ordered = self.sorter.sorted() - phash = md5() + phash = sha256() weights = [] preds = [] info = PredicateInfo( diff --git a/tests/test_config/test_views.py b/tests/test_config/test_views.py index c7d8c2721..2018e61f2 100644 --- a/tests/test_config/test_views.py +++ b/tests/test_config/test_views.py @@ -554,7 +554,7 @@ class TestViewsConfigurationMixin(unittest.TestCase): self.assertEqual(wrapper, view) def test_add_view_same_phash_overrides_existing_single_view(self): - from hashlib import md5 + from hashlib import sha256 from zope.interface import Interface from pyramid.interfaces import ( @@ -565,7 +565,7 @@ class TestViewsConfigurationMixin(unittest.TestCase): ) from pyramid.renderers import null_renderer - phash = md5() + phash = sha256() phash.update(b'xhr = True') view = lambda *arg: 'NOT OK' view.__phash__ = phash.hexdigest() @@ -585,7 +585,7 @@ class TestViewsConfigurationMixin(unittest.TestCase): self.assertEqual(wrapper(None, request), 'OK') def test_add_view_exc_same_phash_overrides_existing_single_view(self): - from hashlib import md5 + from hashlib import sha256 from zope.interface import implementedBy from pyramid.interfaces import ( @@ -596,7 +596,7 @@ class TestViewsConfigurationMixin(unittest.TestCase): ) from pyramid.renderers import null_renderer - phash = md5() + phash = sha256() phash.update(b'xhr = True') view = lambda *arg: 'NOT OK' view.__phash__ = phash.hexdigest() |