diff --git a/src/DIRAC/AccountingSystem/private/MainReporter.py b/src/DIRAC/AccountingSystem/private/MainReporter.py index 97ac037dfdd..ee1b25c3410 100644 --- a/src/DIRAC/AccountingSystem/private/MainReporter.py +++ b/src/DIRAC/AccountingSystem/private/MainReporter.py @@ -39,7 +39,7 @@ def __calculateReportHash(self, reportRequest): for key in ("startTime", "endTime"): epoch = requestToHash[key] requestToHash[key] = epoch - epoch % granularity - md5Hash = hashlib.md5() + md5Hash = hashlib.md5(usedforsecurity=False) md5Hash.update(repr(requestToHash).encode()) return md5Hash.hexdigest() diff --git a/src/DIRAC/Core/DISET/MessageClient.py b/src/DIRAC/Core/DISET/MessageClient.py index 59e8a32db5d..03a249de512 100755 --- a/src/DIRAC/Core/DISET/MessageClient.py +++ b/src/DIRAC/Core/DISET/MessageClient.py @@ -31,7 +31,7 @@ def __generateUniqueClientName(self): hashStr = ":".join( (str(datetime.datetime.utcnow()), str(random.random()), Network.getFQDN(), gLogger.getName()) ) - hexHash = md5(hashStr.encode()).hexdigest() + hexHash = md5(hashStr.encode(), usedforsecurity=False).hexdigest() return hexHash def setUniqueName(self, uniqueName): diff --git a/src/DIRAC/Core/DISET/private/FileHelper.py b/src/DIRAC/Core/DISET/private/FileHelper.py index 6258b141600..7ac965b675c 100755 --- a/src/DIRAC/Core/DISET/private/FileHelper.py +++ b/src/DIRAC/Core/DISET/private/FileHelper.py @@ -20,7 +20,7 @@ class FileHelper: def __init__(self, oTransport=None, checkSum=True): self.oTransport = oTransport self.__checkMD5 = checkSum - self.__oMD5 = hashlib.md5() + self.__oMD5 = hashlib.md5(usedforsecurity=False) self.bFinishedTransmission = False self.bReceivedEOF = False self.direction = False @@ -149,7 +149,7 @@ def networkToFD(self, iFD, maxFileSize=0): def networkToDataSink(self, dataSink, maxFileSize=0): if "write" not in dir(dataSink): return S_ERROR(f"{str(dataSink)} data sink object does not have a write method") - self.__oMD5 = hashlib.md5() + self.__oMD5 = hashlib.md5(usedforsecurity=False) self.bReceivedEOF = False self.bErrorInMD5 = False receivedBytes = 0 @@ -212,7 +212,7 @@ def stringToNetwork(self, stringVal): return S_OK() def FDToNetwork(self, iFD): - self.__oMD5 = hashlib.md5() + self.__oMD5 = hashlib.md5(usedforsecurity=False) iPacketSize = self.packetSize self.__fileBytes = 0 sentBytes = 0 @@ -244,7 +244,7 @@ def BufferToNetwork(self, stringToSend): def DataSourceToNetwork(self, dataSource): if "read" not in dir(dataSource): return S_ERROR(f"{str(dataSource)} data source object does not have a read method") - self.__oMD5 = hashlib.md5() + self.__oMD5 = hashlib.md5(usedforsecurity=False) iPacketSize = self.packetSize self.__fileBytes = 0 sentBytes = 0 diff --git a/src/DIRAC/Core/DISET/private/Transports/BaseTransport.py b/src/DIRAC/Core/DISET/private/Transports/BaseTransport.py index 37b0858bbf7..a00a824e2e7 100755 --- a/src/DIRAC/Core/DISET/private/Transports/BaseTransport.py +++ b/src/DIRAC/Core/DISET/private/Transports/BaseTransport.py @@ -53,7 +53,7 @@ def __init__(self, stServerAddress, bServerMode=False, **kwargs): self.remoteAddress = False self.appData = "" self.startedKeepAlives = set() - self.keepAliveId = md5((str(stServerAddress) + str(bServerMode)).encode()).hexdigest() + self.keepAliveId = md5((str(stServerAddress) + str(bServerMode)).encode(), usedforsecurity=False).hexdigest() self.receivedMessages = [] self.sentKeepAlives = 0 self.waitingForKeepAlivePong = False diff --git a/src/DIRAC/Core/Security/m2crypto/X509Chain.py b/src/DIRAC/Core/Security/m2crypto/X509Chain.py index 80facb01633..1ebe73be38b 100644 --- a/src/DIRAC/Core/Security/m2crypto/X509Chain.py +++ b/src/DIRAC/Core/Security/m2crypto/X509Chain.py @@ -144,7 +144,7 @@ def __init__(self, certList=False, keyObj=False): # This is the position of the first proxy in the chain self.__firstProxyStep = 0 - # Cache for sha1 hash of the object + # Cache for sha256 hash of the object # This is just used as a unique identifier for # indexing in the ProxyCache self.__hash = False @@ -1004,25 +1004,25 @@ def getCredentials(self, ignoreDefault=False, withRegistryInfo=True): @needCertList def hash(self): - """Get a hash of the chain + """Get a hash of the chain (32 byte hex-string is returned) In practice, this is only used to index the chain in a DictCache :returns: S_OK(string hash) """ if self.__hash: return S_OK(self.__hash) - sha1 = hashlib.sha1() + sha = hashlib.sha256() for cert in self._certList: - sha1.update(str(cert.getSubjectNameObject()["Value"]).encode()) - sha1.update(str(self.getRemainingSecs()["Value"] / 3600).encode()) - sha1.update(self.getDIRACGroup()["Value"].encode()) + sha.update(str(cert.getSubjectNameObject()["Value"]).encode()) + sha.update(str(self.getRemainingSecs()["Value"] / 3600).encode()) + sha.update(self.getDIRACGroup()["Value"].encode()) if self.isVOMS(): - sha1.update(b"VOMS") + sha.update(b"VOMS") from DIRAC.Core.Security.VOMS import VOMS result = VOMS().getVOMSAttributes(self) if result["OK"]: for attribute in result["Value"]: - sha1.update(attribute.encode()) - self.__hash = sha1.hexdigest() - return S_OK(self.__hash) + sha.update(attribute.encode()) + self.__hash = sha.hexdigest() + return S_OK(self.__hash[:32]) diff --git a/src/DIRAC/Core/Utilities/File.py b/src/DIRAC/Core/Utilities/File.py index 8ef60ca375f..0df45a5765f 100755 --- a/src/DIRAC/Core/Utilities/File.py +++ b/src/DIRAC/Core/Utilities/File.py @@ -69,7 +69,7 @@ def makeGuid(fileName=None): :param string fileName: name of file """ - myMd5 = hashlib.md5() + myMd5 = hashlib.md5(usedforsecurity=False) if fileName: try: with open(fileName, "rb") as fd: @@ -106,7 +106,7 @@ def generateGuid(checksum, checksumtype): return guid # Failed to use the check sum, generate a new guid - myMd5 = hashlib.md5() + myMd5 = hashlib.md5(usedforsecurity=False) myMd5.update(str(random.getrandbits(128)).encode()) md5HexString = myMd5.hexdigest() guid = "{}-{}-{}-{}-{}".format( @@ -213,7 +213,7 @@ def getMD5ForFiles(fileList): :type fileList: python:list """ fileList.sort() - hashMD5 = hashlib.md5() + hashMD5 = hashlib.md5(usedforsecurity=False) for filePath in fileList: if os.path.isdir(filePath): continue diff --git a/src/DIRAC/Core/Utilities/Graphs/Palette.py b/src/DIRAC/Core/Utilities/Graphs/Palette.py index a9e28205886..e9f3259776b 100644 --- a/src/DIRAC/Core/Utilities/Graphs/Palette.py +++ b/src/DIRAC/Core/Utilities/Graphs/Palette.py @@ -83,7 +83,7 @@ def getColor(self, label): return self.generateColor(label) def generateColor(self, label): - myMD5 = hashlib.md5() + myMD5 = hashlib.md5(usedforsecurity=False) myMD5.update(label.encode()) hexstring = myMD5.hexdigest() color = "#" + hexstring[:6] diff --git a/src/DIRAC/Core/Utilities/LockRing.py b/src/DIRAC/Core/Utilities/LockRing.py index d60825352e8..def75d675fd 100644 --- a/src/DIRAC/Core/Utilities/LockRing.py +++ b/src/DIRAC/Core/Utilities/LockRing.py @@ -15,10 +15,10 @@ def __init__(self): def __genName(self, container): # TODO: Shouldn't this be a UUID? - name = md5(str(time.time() + random.random()).encode()).hexdigest() + name = md5(str(time.time() + random.random()).encode(), usedforsecurity=False).hexdigest() retries = 10 while name in container and retries: - name = md5(str(time.time() + random.random()).encode()).hexdigest() + name = md5(str(time.time() + random.random()).encode(), usedforsecurity=False).hexdigest() retries -= 1 return name diff --git a/src/DIRAC/Core/Utilities/ThreadScheduler.py b/src/DIRAC/Core/Utilities/ThreadScheduler.py index e1afdfb57ce..265afdedb74 100644 --- a/src/DIRAC/Core/Utilities/ThreadScheduler.py +++ b/src/DIRAC/Core/Utilities/ThreadScheduler.py @@ -32,7 +32,7 @@ def addPeriodicTask(self, period, taskFunc, taskArgs=(), executions=0, elapsedTi return S_ERROR(f"{str(taskFunc)} is not callable") period = max(period, self.__minPeriod) elapsedTime = min(elapsedTime, period - 1) - md = hashlib.md5() + md = hashlib.md5(usedforsecurity=False) task = { "period": period, "func": taskFunc, diff --git a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py index 0ad17f762e5..c2936bd38a2 100644 --- a/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py +++ b/src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py @@ -321,7 +321,7 @@ def __getMetaQueryParameters(self, metaQuery, credDict): idLfnDict = result["Value"] lfnIDList = list(idLfnDict) lfnList = sorted(idLfnDict.values()) - myMd5 = hashlib.md5() + myMd5 = hashlib.md5(usedforsecurity=False) myMd5.update(str(lfnList).encode()) datasetHash = myMd5.hexdigest().upper() numberOfFiles = len(lfnList) diff --git a/src/DIRAC/DataManagementSystem/scripts/dirac_dms_create_removal_request.py b/src/DIRAC/DataManagementSystem/scripts/dirac_dms_create_removal_request.py index 013182c5505..70f92c1b2c8 100755 --- a/src/DIRAC/DataManagementSystem/scripts/dirac_dms_create_removal_request.py +++ b/src/DIRAC/DataManagementSystem/scripts/dirac_dms_create_removal_request.py @@ -59,8 +59,8 @@ def main(): for lfnList in breakListIntoChunks(lfns, 100): oRequest = Request() requestName = "{}_{}".format( - md5(repr(time.time()).encode()).hexdigest()[:16], - md5(repr(time.time()).encode()).hexdigest()[:16], + md5(repr(time.time()).encode(), usedforsecurity=False).hexdigest()[:16], + md5(repr(time.time()).encode(), usedforsecurity=False).hexdigest()[:16], ) oRequest.RequestName = requestName diff --git a/src/DIRAC/DataManagementSystem/scripts/dirac_dms_move_replica_request.py b/src/DIRAC/DataManagementSystem/scripts/dirac_dms_move_replica_request.py index 7cfc3d25650..ce81a4c3df1 100755 --- a/src/DIRAC/DataManagementSystem/scripts/dirac_dms_move_replica_request.py +++ b/src/DIRAC/DataManagementSystem/scripts/dirac_dms_move_replica_request.py @@ -81,8 +81,8 @@ def main(): request = Request() request.RequestName = "{}_{}".format( - md5(repr(time.time()).encode()).hexdigest()[:16], - md5(repr(time.time()).encode()).hexdigest()[:16], + md5(repr(time.time()).encode(), usedforsecurity=False).hexdigest()[:16], + md5(repr(time.time()).encode(), usedforsecurity=False).hexdigest()[:16], ) moveReplica = Operation() diff --git a/src/DIRAC/MonitoringSystem/private/MainReporter.py b/src/DIRAC/MonitoringSystem/private/MainReporter.py index fbf614746fa..2a140eaf81c 100644 --- a/src/DIRAC/MonitoringSystem/private/MainReporter.py +++ b/src/DIRAC/MonitoringSystem/private/MainReporter.py @@ -71,7 +71,7 @@ def __calculateReportHash(self, reportRequest): for key in ("startTime", "endTime"): epoch = requestToHash[key] requestToHash[key] = epoch - epoch % granularity - md5Hash = hashlib.md5() + md5Hash = hashlib.md5(usedforsecurity=False) md5Hash.update(repr(requestToHash).encode()) return md5Hash.hexdigest() diff --git a/src/DIRAC/RequestManagementSystem/Service/ReqProxyHandler.py b/src/DIRAC/RequestManagementSystem/Service/ReqProxyHandler.py index 59befeddf1a..ac009470700 100644 --- a/src/DIRAC/RequestManagementSystem/Service/ReqProxyHandler.py +++ b/src/DIRAC/RequestManagementSystem/Service/ReqProxyHandler.py @@ -143,7 +143,7 @@ def __saveRequest(self, requestName, requestJSON): :param str requestJSON: request serialized to JSON format """ try: - requestFile = os.path.join(self.cacheDir(), md5(requestJSON.encode()).hexdigest()) + requestFile = os.path.join(self.cacheDir(), md5(requestJSON.encode(), usedforsecurity=False).hexdigest()) with open(requestFile, "w+") as request: request.write(requestJSON) return S_OK(requestFile) diff --git a/src/DIRAC/Resources/MessageQueue/Simple/StompInterface.py b/src/DIRAC/Resources/MessageQueue/Simple/StompInterface.py index dbc7de010e1..829a3e0c182 100644 --- a/src/DIRAC/Resources/MessageQueue/Simple/StompInterface.py +++ b/src/DIRAC/Resources/MessageQueue/Simple/StompInterface.py @@ -100,7 +100,7 @@ def getSubscriptionID(broker: tuple[str, int], dest: str) -> str: """ host, port = broker - return hashlib.md5((f"{host}_{port}_{dest}").encode()).hexdigest() + return hashlib.md5((f"{host}_{port}_{dest}").encode(), usedforsecurity=False).hexdigest() class StompConsumer: diff --git a/src/DIRAC/TransformationSystem/Agent/TransformationCleaningAgent.py b/src/DIRAC/TransformationSystem/Agent/TransformationCleaningAgent.py index 7e77e0d55ea..0a8a84e0ab4 100644 --- a/src/DIRAC/TransformationSystem/Agent/TransformationCleaningAgent.py +++ b/src/DIRAC/TransformationSystem/Agent/TransformationCleaningAgent.py @@ -723,7 +723,8 @@ def __submitRemovalRequests(self, lfns, transID=0): for index, lfnList in enumerate(breakListIntoChunks(lfns, 300)): oRequest = Request() - requestName = f"TCA_{transID}_{index}_{md5(repr(time.time()).encode()).hexdigest()[:5]}" + reqHash = md5(repr(time.time()).encode(), usedforsecurity=False).hexdigest()[:5] + requestName = f"TCA_{transID}_{index}_{reqHash}" oRequest.RequestName = requestName oOperation = Operation() oOperation.Type = "RemoveFile" diff --git a/src/DIRAC/WorkloadManagementSystem/Client/SandboxStoreClient.py b/src/DIRAC/WorkloadManagementSystem/Client/SandboxStoreClient.py index 27bf69a6117..cbad3a3e2a0 100755 --- a/src/DIRAC/WorkloadManagementSystem/Client/SandboxStoreClient.py +++ b/src/DIRAC/WorkloadManagementSystem/Client/SandboxStoreClient.py @@ -144,7 +144,7 @@ def uploadFilesAsSandbox(self, fileList, sizeLimit=0, assignTo=None): result["SandboxFileName"] = tmpFilePath return result - oMD5 = hashlib.md5() + oMD5 = hashlib.md5(usedforsecurity=False) with open(tmpFilePath, "rb") as fd: bData = fd.read(10240) while bData: diff --git a/src/DIRAC/WorkloadManagementSystem/Service/SandboxStoreHandler.py b/src/DIRAC/WorkloadManagementSystem/Service/SandboxStoreHandler.py index 698cec900f0..e5ceae87036 100755 --- a/src/DIRAC/WorkloadManagementSystem/Service/SandboxStoreHandler.py +++ b/src/DIRAC/WorkloadManagementSystem/Service/SandboxStoreHandler.py @@ -184,7 +184,7 @@ def _getFromClient(self, fileId, token, fileSize, fileHelper=None, data=""): if fileHelper: hdHash = fileHelper.getHash() else: - oMD5 = hashlib.md5() + oMD5 = hashlib.md5(usedforsecurity=False) with open(hdPath, "rb") as fd: bData = fd.read(10240) while bData: diff --git a/src/DIRAC/WorkloadManagementSystem/Utilities/QueueUtilities.py b/src/DIRAC/WorkloadManagementSystem/Utilities/QueueUtilities.py index 58311f3d3b3..504d79cdac4 100644 --- a/src/DIRAC/WorkloadManagementSystem/Utilities/QueueUtilities.py +++ b/src/DIRAC/WorkloadManagementSystem/Utilities/QueueUtilities.py @@ -135,7 +135,7 @@ def setAdditionalParams(ceDict, queueDict): def generateQueueHash(queueDict): """Generate a hash of the queue description""" - myMD5 = hashlib.md5() + myMD5 = hashlib.md5(usedforsecurity=False) myMD5.update(str(queueDict).encode()) hexstring = myMD5.hexdigest() return hexstring diff --git a/src/DIRAC/WorkloadManagementSystem/Utilities/RemoteRunner.py b/src/DIRAC/WorkloadManagementSystem/Utilities/RemoteRunner.py index e76f474509d..0ba5f845fed 100644 --- a/src/DIRAC/WorkloadManagementSystem/Utilities/RemoteRunner.py +++ b/src/DIRAC/WorkloadManagementSystem/Utilities/RemoteRunner.py @@ -274,7 +274,7 @@ def _checkOutputIntegrity(self, workingDirectory): for line in f: checkSum, remoteOutput = list(filter(None, line.strip("\n").split(" "))) - hash = hashlib.md5() + hash = hashlib.md5(usedforsecurity=False) localOutput = os.path.join(workingDirectory, remoteOutput) if not os.path.exists(localOutput): return S_ERROR(f"{localOutput} was expected but not found")