fix: Check md5 & sha1 usage

Author: sfayer

src/DIRAC/AccountingSystem/private/MainReporter.py

@@ -39,7 +39,7 @@ def __calculateReportHash(self, reportRequest):
         for key in ("startTime", "endTime"):
             epoch = requestToHash[key]
             requestToHash[key] = epoch - epoch % granularity
-        md5Hash = hashlib.md5()
+        md5Hash = hashlib.md5(usedforsecurity=False)
         md5Hash.update(repr(requestToHash).encode())
         return md5Hash.hexdigest()
 

src/DIRAC/Core/DISET/MessageClient.py

@@ -31,7 +31,7 @@ def __generateUniqueClientName(self):
         hashStr = ":".join(
             (str(datetime.datetime.utcnow()), str(random.random()), Network.getFQDN(), gLogger.getName())
         )
-        hexHash = md5(hashStr.encode()).hexdigest()
+        hexHash = md5(hashStr.encode(), usedforsecurity=False).hexdigest()
         return hexHash
 
     def setUniqueName(self, uniqueName):

src/DIRAC/Core/DISET/private/FileHelper.py

@@ -20,7 +20,7 @@ class FileHelper:
     def __init__(self, oTransport=None, checkSum=True):
         self.oTransport = oTransport
         self.__checkMD5 = checkSum
-        self.__oMD5 = hashlib.md5()
+        self.__oMD5 = hashlib.md5(usedforsecurity=False)
         self.bFinishedTransmission = False
         self.bReceivedEOF = False
         self.direction = False
@@ -149,7 +149,7 @@ def networkToFD(self, iFD, maxFileSize=0):
     def networkToDataSink(self, dataSink, maxFileSize=0):
         if "write" not in dir(dataSink):
             return S_ERROR(f"{str(dataSink)} data sink object does not have a write method")
-        self.__oMD5 = hashlib.md5()
+        self.__oMD5 = hashlib.md5(usedforsecurity=False)
         self.bReceivedEOF = False
         self.bErrorInMD5 = False
         receivedBytes = 0
@@ -212,7 +212,7 @@ def stringToNetwork(self, stringVal):
         return S_OK()
 
     def FDToNetwork(self, iFD):
-        self.__oMD5 = hashlib.md5()
+        self.__oMD5 = hashlib.md5(usedforsecurity=False)
         iPacketSize = self.packetSize
         self.__fileBytes = 0
         sentBytes = 0
@@ -244,7 +244,7 @@ def BufferToNetwork(self, stringToSend):
     def DataSourceToNetwork(self, dataSource):
         if "read" not in dir(dataSource):
             return S_ERROR(f"{str(dataSource)} data source object does not have a read method")
-        self.__oMD5 = hashlib.md5()
+        self.__oMD5 = hashlib.md5(usedforsecurity=False)
         iPacketSize = self.packetSize
         self.__fileBytes = 0
         sentBytes = 0

src/DIRAC/Core/DISET/private/Transports/BaseTransport.py

@@ -53,7 +53,7 @@ def __init__(self, stServerAddress, bServerMode=False, **kwargs):
         self.remoteAddress = False
         self.appData = ""
         self.startedKeepAlives = set()
-        self.keepAliveId = md5((str(stServerAddress) + str(bServerMode)).encode()).hexdigest()
+        self.keepAliveId = md5((str(stServerAddress) + str(bServerMode)).encode(), usedforsecurity=False).hexdigest()
         self.receivedMessages = []
         self.sentKeepAlives = 0
         self.waitingForKeepAlivePong = False

src/DIRAC/Core/Security/m2crypto/X509Chain.py

@@ -144,7 +144,7 @@ def __init__(self, certList=False, keyObj=False):
         # This is the position of the first proxy in the chain
         self.__firstProxyStep = 0
 
-        # Cache for sha1 hash of the object
+        # Cache for sha256 hash of the object
         # This is just used as a unique identifier for
         # indexing in the ProxyCache
         self.__hash = False
@@ -1004,25 +1004,25 @@ def getCredentials(self, ignoreDefault=False, withRegistryInfo=True):
 
     @needCertList
     def hash(self):
-        """Get a hash of the chain
+        """Get a hash of the chain (32 byte hex-string is returned)
         In practice, this is only used to index the chain in a DictCache
 
         :returns: S_OK(string hash)
         """
         if self.__hash:
             return S_OK(self.__hash)
-        sha1 = hashlib.sha1()
+        sha = hashlib.sha256()
         for cert in self._certList:
-            sha1.update(str(cert.getSubjectNameObject()["Value"]).encode())
-        sha1.update(str(self.getRemainingSecs()["Value"] / 3600).encode())
-        sha1.update(self.getDIRACGroup()["Value"].encode())
+            sha.update(str(cert.getSubjectNameObject()["Value"]).encode())
+        sha.update(str(self.getRemainingSecs()["Value"] / 3600).encode())
+        sha.update(self.getDIRACGroup()["Value"].encode())
         if self.isVOMS():
-            sha1.update(b"VOMS")
+            sha.update(b"VOMS")
             from DIRAC.Core.Security.VOMS import VOMS
 
             result = VOMS().getVOMSAttributes(self)
             if result["OK"]:
                 for attribute in result["Value"]:
-                    sha1.update(attribute.encode())
-        self.__hash = sha1.hexdigest()
-        return S_OK(self.__hash)
+                    sha.update(attribute.encode())
+        self.__hash = sha.hexdigest()
+        return S_OK(self.__hash[:32])

src/DIRAC/Core/Utilities/File.py

@@ -69,7 +69,7 @@ def makeGuid(fileName=None):
 
     :param string fileName: name of file
     """
-    myMd5 = hashlib.md5()
+    myMd5 = hashlib.md5(usedforsecurity=False)
     if fileName:
         try:
             with open(fileName, "rb") as fd:
@@ -106,7 +106,7 @@ def generateGuid(checksum, checksumtype):
             return guid
 
     # Failed to use the check sum, generate a new guid
-    myMd5 = hashlib.md5()
+    myMd5 = hashlib.md5(usedforsecurity=False)
     myMd5.update(str(random.getrandbits(128)).encode())
     md5HexString = myMd5.hexdigest()
     guid = "{}-{}-{}-{}-{}".format(
@@ -213,7 +213,7 @@ def getMD5ForFiles(fileList):
     :type fileList: python:list
     """
     fileList.sort()
-    hashMD5 = hashlib.md5()
+    hashMD5 = hashlib.md5(usedforsecurity=False)
     for filePath in fileList:
         if os.path.isdir(filePath):
             continue

src/DIRAC/Core/Utilities/Graphs/Palette.py

@@ -83,7 +83,7 @@ def getColor(self, label):
             return self.generateColor(label)
 
     def generateColor(self, label):
-        myMD5 = hashlib.md5()
+        myMD5 = hashlib.md5(usedforsecurity=False)
         myMD5.update(label.encode())
         hexstring = myMD5.hexdigest()
         color = "#" + hexstring[:6]

src/DIRAC/Core/Utilities/LockRing.py

@@ -15,10 +15,10 @@ def __init__(self):
 
     def __genName(self, container):
         # TODO: Shouldn't this be a UUID?
-        name = md5(str(time.time() + random.random()).encode()).hexdigest()
+        name = md5(str(time.time() + random.random()).encode(), usedforsecurity=False).hexdigest()
         retries = 10
         while name in container and retries:
-            name = md5(str(time.time() + random.random()).encode()).hexdigest()
+            name = md5(str(time.time() + random.random()).encode(), usedforsecurity=False).hexdigest()
             retries -= 1
         return name
 

src/DIRAC/Core/Utilities/ThreadScheduler.py

@@ -32,7 +32,7 @@ def addPeriodicTask(self, period, taskFunc, taskArgs=(), executions=0, elapsedTi
             return S_ERROR(f"{str(taskFunc)} is not callable")
         period = max(period, self.__minPeriod)
         elapsedTime = min(elapsedTime, period - 1)
-        md = hashlib.md5()
+        md = hashlib.md5(usedforsecurity=False)
         task = {
             "period": period,
             "func": taskFunc,

src/DIRAC/DataManagementSystem/DB/FileCatalogComponents/DatasetManager/DatasetManager.py

@@ -321,7 +321,7 @@ def __getMetaQueryParameters(self, metaQuery, credDict):
         idLfnDict = result["Value"]
         lfnIDList = list(idLfnDict)
         lfnList = sorted(idLfnDict.values())
-        myMd5 = hashlib.md5()
+        myMd5 = hashlib.md5(usedforsecurity=False)
         myMd5.update(str(lfnList).encode())
         datasetHash = myMd5.hexdigest().upper()
         numberOfFiles = len(lfnList)