Change log hashing to SHA256
With the recent Bandit update[0], the usage of SHA1 is now being
tagged as an issue. This changes the hashing of logs to SHA256
instead of SHA1.
[0] https://pypi.org/project/bandit/1.5.0/
Change-Id: Icde62b8d5ff78b4155e9df8231d63be3ecc53520
(cherry picked from commit ccf6cb7903
)
This commit is contained in:
parent
323f4e4bc4
commit
52822f1c11
|
@ -365,10 +365,10 @@ class Session(object):
|
|||
secure_headers = ('authorization', 'x-auth-token',
|
||||
'x-subject-token', 'x-service-token')
|
||||
if header[0].lower() in secure_headers:
|
||||
token_hasher = hashlib.sha1()
|
||||
token_hasher = hashlib.sha256()
|
||||
token_hasher.update(header[1].encode('utf-8'))
|
||||
token_hash = token_hasher.hexdigest()
|
||||
return (header[0], '{SHA1}%s' % token_hash)
|
||||
return (header[0], '{SHA256}%s' % token_hash)
|
||||
return header
|
||||
|
||||
def _get_split_loggers(self, split_loggers):
|
||||
|
|
|
@ -324,7 +324,7 @@ class SessionTests(utils.TestCase):
|
|||
# Assert that response headers contains actual values and
|
||||
# only debug logs has been masked
|
||||
for k, v in security_headers.items():
|
||||
self.assertIn('%s: {SHA1}' % k, self.logger.output)
|
||||
self.assertIn('%s: {SHA256}' % k, self.logger.output)
|
||||
self.assertEqual(v, resp.headers[k])
|
||||
self.assertNotIn(v, self.logger.output)
|
||||
|
||||
|
|
Loading…
Reference in New Issue