)]}'
{"openstack/utils.py":[{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"5c5082742eb0381a4d744b60ffbbccdef1f65397","unresolved":false,"context_lines":[{"line_number":236,"context_line":"try:"},{"line_number":237,"context_line":"    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def md5(string\u003db\u0027\u0027, usedforsecurity\u003dTrue):"},{"line_number":240,"context_line":"        \"\"\"Return an md5 hashlib object using usedforsecurity parameter"},{"line_number":241,"context_line":"        For python distributions that support the usedforsecurity keyword"},{"line_number":242,"context_line":"        parameter, this passes the parameter through as expected."}],"source_content_type":"text/x-python","patch_set":2,"id":"78c2ee47_4f399454","line":239,"updated":"2020-12-23 12:17:00.000000000","message":"md5 \u003d hashlib.md5","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"5d811005eccc4a307a661264f78d9786531b3519","unresolved":false,"context_lines":[{"line_number":236,"context_line":"try:"},{"line_number":237,"context_line":"    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def md5(string\u003db\u0027\u0027, usedforsecurity\u003dTrue):"},{"line_number":240,"context_line":"        \"\"\"Return an md5 hashlib object using usedforsecurity parameter"},{"line_number":241,"context_line":"        For python distributions that support the usedforsecurity keyword"},{"line_number":242,"context_line":"        parameter, this passes the parameter through as expected."}],"source_content_type":"text/x-python","patch_set":2,"id":"b3e08d21_afb842fd","line":239,"in_reply_to":"3a5dad09_8484ed4e","updated":"2021-01-04 18:02:43.000000000","message":"I\u0027m offering a simplification:\n\n try:\n    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec\n    md5 \u003d hashlib.md5\n except TypeError..\n\nactually, TypeError is a bit too generic, maybe:\n\n if sys.version_info \u003e\u003d (3, 9):\n     md5 \u003d hashlib.md5\n else:\n     ...","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b143b9bbac60f6eee2624226bda63bed7cf9bc63","unresolved":false,"context_lines":[{"line_number":236,"context_line":"try:"},{"line_number":237,"context_line":"    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def md5(string\u003db\u0027\u0027, usedforsecurity\u003dTrue):"},{"line_number":240,"context_line":"        \"\"\"Return an md5 hashlib object using usedforsecurity parameter"},{"line_number":241,"context_line":"        For python distributions that support the usedforsecurity keyword"},{"line_number":242,"context_line":"        parameter, this passes the parameter through as expected."}],"source_content_type":"text/x-python","patch_set":2,"id":"3a5dad09_8484ed4e","line":239,"in_reply_to":"78c2ee47_4f399454","updated":"2021-01-04 14:32:56.000000000","message":"I don\u0027t understand what you are saying here.\n\nThe test here -- which takes place at definition/import time - is to check to see whether we have a version of python that includes the new usedforsecurity flag.  It is not a check for FIPS.\n\nIf the test in line 237 succeeds, then md5(string, usedforsecurity) will be defined in a way that calls hashlib.md5 using the new flag.\n\nIf not, then we define md5(string, usedforsecurity) to call hashlib.md5 without the new flag.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"3dd59c4c2b10ff4731b8ac4300a1a0e42927b8db","unresolved":false,"context_lines":[{"line_number":236,"context_line":"try:"},{"line_number":237,"context_line":"    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    def md5(string\u003db\u0027\u0027, usedforsecurity\u003dTrue):"},{"line_number":240,"context_line":"        \"\"\"Return an md5 hashlib object using usedforsecurity parameter"},{"line_number":241,"context_line":"        For python distributions that support the usedforsecurity keyword"},{"line_number":242,"context_line":"        parameter, this passes the parameter through as expected."}],"source_content_type":"text/x-python","patch_set":2,"id":"6d0c3412_8ca92e33","line":239,"in_reply_to":"b3e08d21_afb842fd","updated":"2021-01-04 19:08:49.000000000","message":"Ah, I understand.  Yes, that is a good simplification.\n\nThe check for 3.9 won\u0027t work though, because there are some downstream python versions that already support this attribute. (Centos/RHEL in particular) and we want to support them.\n\nI\u0027ll add a version with your simplification.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"5c5082742eb0381a4d744b60ffbbccdef1f65397","unresolved":false,"context_lines":[{"line_number":249,"context_line":"        For python distributions that do not yet support this keyword"},{"line_number":250,"context_line":"        parameter, we drop the parameter"},{"line_number":251,"context_line":"        \"\"\""},{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"}],"source_content_type":"text/x-python","patch_set":2,"id":"a63d20e7_690f2936","line":252,"updated":"2020-12-23 12:17:00.000000000","message":"Maybe handle the exception and provide a helpful message with \"Either use Python 3.9 or disable FIPS\"?","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"3dd59c4c2b10ff4731b8ac4300a1a0e42927b8db","unresolved":false,"context_lines":[{"line_number":249,"context_line":"        For python distributions that do not yet support this keyword"},{"line_number":250,"context_line":"        parameter, we drop the parameter"},{"line_number":251,"context_line":"        \"\"\""},{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"}],"source_content_type":"text/x-python","patch_set":2,"id":"e513c34f_730f58a2","line":252,"in_reply_to":"5687f7c8_7b87200f","updated":"2021-01-04 19:08:49.000000000","message":"OK, so in this case, catching the exception that would be thrown on line 252 - logging the exception and presumably rethrowing it.  I\u0027m not sure there is much benefit to that and it would be problematic.  On a FIPS enabled system, we end up with a ValueError - which we\u0027d need to disentagle from other ValueErrors.  The error cauase is also pretty clear.\n\nValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b143b9bbac60f6eee2624226bda63bed7cf9bc63","unresolved":false,"context_lines":[{"line_number":249,"context_line":"        For python distributions that do not yet support this keyword"},{"line_number":250,"context_line":"        parameter, we drop the parameter"},{"line_number":251,"context_line":"        \"\"\""},{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"}],"source_content_type":"text/x-python","patch_set":2,"id":"d4477db4_9a174342","line":252,"in_reply_to":"a63d20e7_690f2936","updated":"2021-01-04 14:32:56.000000000","message":"See above, this is simply supposed to be a check as to whether the python being used supports md5.  The exception that is thrown here - at definition time - is in response to the call at line 237.  This is not a test of whether FIPS is enabled.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"5d811005eccc4a307a661264f78d9786531b3519","unresolved":false,"context_lines":[{"line_number":249,"context_line":"        For python distributions that do not yet support this keyword"},{"line_number":250,"context_line":"        parameter, we drop the parameter"},{"line_number":251,"context_line":"        \"\"\""},{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"}],"source_content_type":"text/x-python","patch_set":2,"id":"5687f7c8_7b87200f","line":252,"in_reply_to":"d4477db4_9a174342","updated":"2021-01-04 18:02:43.000000000","message":"The exception I\u0027m talking about is thrown in FIPS mode on Python \u003c 3.9 on any access to this call.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":10239,"name":"Dmitry Tantsur","email":"dtantsur@protonmail.com","username":"dtantsur"},"change_message_id":"5c5082742eb0381a4d744b60ffbbccdef1f65397","unresolved":false,"context_lines":[{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"},{"line_number":256,"context_line":"    return md5(usedforsecurity\u003dFalse)"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"65279d06_a886992a","line":255,"updated":"2020-12-23 12:17:00.000000000","message":"Seens redundant to me, and I\u0027d prefer the code to be explicit about usedforsecurity.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":9914,"name":"Ade Lee","email":"alee@redhat.com","username":"alee"},"change_message_id":"b143b9bbac60f6eee2624226bda63bed7cf9bc63","unresolved":false,"context_lines":[{"line_number":252,"context_line":"        return hashlib.md5(string)  # nosec"},{"line_number":253,"context_line":""},{"line_number":254,"context_line":""},{"line_number":255,"context_line":"def md5_factory():"},{"line_number":256,"context_line":"    return md5(usedforsecurity\u003dFalse)"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":""}],"source_content_type":"text/x-python","patch_set":2,"id":"638314c5_df49a9ce","line":255,"in_reply_to":"65279d06_a886992a","updated":"2021-01-04 14:32:56.000000000","message":"We can drop this one.  I needed to add it to swift to handle some collection code there, but its not needed here.","commit_id":"9eb81337f92abd8ffd63764b683e114689071472"},{"author":{"_account_id":15334,"name":"Stephen Finucane","display_name":"stephenfin","email":"stephenfin@redhat.com","username":"sfinucan"},"change_message_id":"cabf5a98498cc885a649f84adfb59290923323da","unresolved":true,"context_lines":[{"line_number":233,"context_line":"    return discover.version_to_string(result)"},{"line_number":234,"context_line":""},{"line_number":235,"context_line":""},{"line_number":236,"context_line":"try:"},{"line_number":237,"context_line":"    _test_md5 \u003d hashlib.md5(usedforsecurity\u003dFalse)  # nosec"},{"line_number":238,"context_line":""},{"line_number":239,"context_line":"    # Python distributions that support a hashlib.md5 with the usedforsecurity"}],"source_content_type":"text/x-python","patch_set":3,"id":"83008c6a_5ec21986","line":236,"updated":"2021-01-27 10:34:32.000000000","message":"A TODO to remove this when our minimum Python version is bumped to 3.9 (which is the first upstream version to support this keyword [1]) would help long-term code maintenance efforts\n\n[1] https://docs.python.org/3.9/library/hashlib.html?highlight\u003dusedforsecurity","commit_id":"27536928130e3b4d2fe9ec16e860cf908402fb8f"}]}