Don't use md5 for computing the lockfile filename

md5 is forbidden in FIPS mode, rely on sha3-256 instead
dcermak · Jul 1, 2024 · 937d04a · 937d04a
1 parent 27989dd
commit 937d04a
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/pytest_container/container.py b/pytest_container/container.py
@@ -20,7 +20,7 @@
 from dataclasses import field
 from datetime import datetime
 from datetime import timedelta
-from hashlib import md5
+from hashlib import sha3_256
 from os.path import exists
 from os.path import isabs
 from os.path import join
@@ -619,7 +619,12 @@ def filelock_filename(self) -> str:
                 all_elements.append("".join(value.values()))
             else:
                 all_elements.append(str(value))
-        return f"{md5((''.join(all_elements)).encode()).hexdigest()}.lock"
+
+        # Use a FIPS supported algorithm in here to avoid potential issues on
+        # hosts running in FIPS mode
+        # Unfortunately, we cannot use the usedforsecurity=False parameter, as
+        # that is not available on old python versions that we still support
+        return f"{sha3_256((''.join(all_elements)).encode()).hexdigest()}.lock"
 
 
 class ContainerBaseABC(ABC):