Skip to content

Commit

Permalink
Merge pull request #3745 from Pylons/phash-sha256
Browse files Browse the repository at this point in the history
upgrade phash implementation from md5 to sha256
  • Loading branch information
mmerickel authored Jan 29, 2024
2 parents 3d640f4 + 4fc143b commit ef8b250
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 7 deletions.
6 changes: 6 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ Features

See https://github.com/Pylons/pyramid/pull/3735

- Replace usage of ``md5`` in the Pyramid view system with ``sha256``. This
is not a security-related feature and is considered an implementation detail
that should not impact users.

See https://github.com/Pylons/pyramid/pull/3745

Bug Fixes
---------

Expand Down
6 changes: 3 additions & 3 deletions src/pyramid/config/predicates.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
from hashlib import md5
from hashlib import sha256
from webob.acceptparse import Accept

from pyramid.exceptions import ConfigurationError
Expand All @@ -8,7 +8,7 @@
from pyramid.util import TopologicalSorter, bytes_, is_nonstr_iter

MAX_ORDER = 1 << 30
DEFAULT_PHASH = md5().hexdigest()
DEFAULT_PHASH = sha256().hexdigest()


class PredicateConfiguratorMixin:
Expand Down Expand Up @@ -137,7 +137,7 @@ def make(self, config, **kw):
# phash) that can be used by a caller to identify identical predicate
# lists.
ordered = self.sorter.sorted()
phash = md5()
phash = sha256()
weights = []
preds = []
info = PredicateInfo(
Expand Down
8 changes: 4 additions & 4 deletions tests/test_config/test_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -554,7 +554,7 @@ def test_add_view_exception_register_secured_view(self):
self.assertEqual(wrapper, view)

def test_add_view_same_phash_overrides_existing_single_view(self):
from hashlib import md5
from hashlib import sha256
from zope.interface import Interface

from pyramid.interfaces import (
Expand All @@ -565,7 +565,7 @@ def test_add_view_same_phash_overrides_existing_single_view(self):
)
from pyramid.renderers import null_renderer

phash = md5()
phash = sha256()
phash.update(b'xhr = True')
view = lambda *arg: 'NOT OK'
view.__phash__ = phash.hexdigest()
Expand All @@ -585,7 +585,7 @@ def newview(context, request):
self.assertEqual(wrapper(None, request), 'OK')

def test_add_view_exc_same_phash_overrides_existing_single_view(self):
from hashlib import md5
from hashlib import sha256
from zope.interface import implementedBy

from pyramid.interfaces import (
Expand All @@ -596,7 +596,7 @@ def test_add_view_exc_same_phash_overrides_existing_single_view(self):
)
from pyramid.renderers import null_renderer

phash = md5()
phash = sha256()
phash.update(b'xhr = True')
view = lambda *arg: 'NOT OK'
view.__phash__ = phash.hexdigest()
Expand Down

0 comments on commit ef8b250

Please sign in to comment.