[NXDRIVE-1430] Use SHA256 for Note checksum - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 4.0.0
Fix Version/s: 4.0.1
Component/s: Framework, Security

Tags:
- addedDuringTheSprint
- nxDrive
Sprint:
nxDrive 10.10.1
Story Points:
0

Description

Running bandit -r nxdrive highlights this security issue:

>> Issue: [B303:blacklist] Use of insecure MD2, MD4, MD5, or SHA1 hash function.
   Severity: Medium   Confidence: High
   Location: nxdrive/objects.py:165
   More Info: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b303-md5
164                     else:
165                         m = hashlib.md5()
166                         m.update(note.encode("utf-8"))

Even if this is not crucial, we can simple swith to SHA256.

Attachments

Activity

People

Assignee:

Léa Klein

Reporter:

Mickaël Schoentgen

Participants:

Jenkins, Léa Klein, Mickaël Schoentgen

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2018-11-12 16:28

Updated:

2020-07-31 11:16

Resolved:

2018-11-20 11:31

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

15m