diff --git a/cogapp/cogapp.py b/cogapp/cogapp.py index dd305de..fb41754 100644 --- a/cogapp/cogapp.py +++ b/cogapp/cogapp.py @@ -2,6 +2,7 @@ """ import copy +import functools import getopt import glob import hashlib @@ -57,6 +58,13 @@ -h Print this help. """ +# Support FIPS mode where possible (Python >= 3.9). We don't use MD5 for security. +md5 = ( + functools.partial(hashlib.md5, usedforsecurity=False) + if sys.version_info >= (3, 9) + else hashlib.md5 +) + class CogError(Exception): """ Any exception raised by Cog. """ @@ -446,7 +454,7 @@ def processFile(self, fIn, fOut, fname=None, globals=None): self.cogmodule.inFile = sFileIn self.cogmodule.outFile = sFileOut - self.cogmodulename = 'cog_' + hashlib.md5(sFileOut.encode()).hexdigest() + self.cogmodulename = 'cog_' + md5(sFileOut.encode()).hexdigest() sys.modules[self.cogmodulename] = self.cogmodule # if "import cog" explicitly done in code by user, note threading will cause clashes. sys.modules['cog'] = self.cogmodule @@ -536,7 +544,7 @@ def processFile(self, fIn, fOut, fname=None, globals=None): # Eat all the lines in the output section. While reading past # them, compute the md5 hash of the old output. previous = "" - hasher = hashlib.md5() + hasher = md5() while l and not self.isEndOutputLine(l): if self.isBeginSpecLine(l): raise CogError( @@ -568,7 +576,7 @@ def processFile(self, fIn, fOut, fname=None, globals=None): # Write the output of the spec to be the new output if we're # supposed to generate code. - hasher = hashlib.md5() + hasher = md5() if not self.options.bNoGenerate: sFile = f"" sGen = gen.evaluate(cog=self, globals=globals, fname=sFile)