chore: remove unused code in command.py as upgraded to pyOpenSSL 26.0.0#1917
Merged
sameer-google merged 1 commit intoApr 23, 2026
Merged
Conversation
Collaborator
|
can you update the description with the following: |
Collaborator
|
I see all necessary tests are green, can you perform manual sign url testing logs for this change too and close this |
sameer-google
approved these changes
Apr 23, 2026
Contributor
Author
all automation and manual test cases are green |
sameer-google
merged commit d5617bf
into
GoogleCloudPlatform:master
40 of 47 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The original code in gslib/command.py was wrapped in a try...except ImportError: block. Because we removed pycrypto from the dependencies, if gsutil ran that code today, it would simply fail to find the library, catch the ImportError gracefully, and move on. It wouldn't crash the application.
Even though it is "dead code" now, leaving from Crypto import Random in gslib/command.py is a huge risk for security scanners. If a scanner sees from Crypto ..., it will flag gsutil for using pycrypto (CVE-2018-6594), causing false positives and blocking customer deployments.
By physically deleting the _CryptoRandomAtFork function and its imports, we guarantee a clean audit and completely sever gsutil's ties to the deprecated library. Furthermore, modern cryptographic libraries (like cryptography) handle process forking natively and securely, so the workaround is completely obsolete anyway.