Mpt 4059 vulnerability fixes (#10)

(cherry picked from commit 4bcb664)

auth/auth_server/controllers/token.py

@@ -109,7 +109,7 @@ def create_user_token(self, user, **kwargs):
             'created_at': now,
             'valid_until': now + datetime.timedelta(hours=self.expiration),
             'ip': kwargs.get('ip'),
-            'digest': hashlib.md5(macaroon_token.encode('utf-8')).hexdigest()
+            'digest': hashlib.md5(macaroon_token.encode('utf-8'), usedforsecurity=False).hexdigest()
         }
         token = model_type(**params)
         self.session.add(token)

auth/auth_server/tests/unittests/test_api_digest_token_meta.py

@@ -41,7 +41,7 @@ def test_digest_get_token_metadata1(self):
         token_response = self.get_token_response(self.user_partner.email,
                                                  self.user_partner_password)
         token = token_response['token']
-        digest = hashlib.md5(token.encode('utf-8')).hexdigest()
+        digest = hashlib.md5(token.encode('utf-8'), usedforsecurity=False).hexdigest()
         code, token_meta = self.client.token_meta_get([digest])
         self.assertEqual(code, 200)
         self.assertEqual(len(token_meta), 1)
@@ -62,8 +62,8 @@ def test_digest_get_token_metadata_bulk(self):
                                                   self.user_partner_password)
         token1 = token_response1['token']
         token2 = token_response2['token']
-        digest1 = hashlib.md5(token1.encode('utf-8')).hexdigest()
-        digest2 = hashlib.md5(token2.encode('utf-8')).hexdigest()
+        digest1 = hashlib.md5(token1.encode('utf-8'), usedforsecurity=False).hexdigest()
+        digest2 = hashlib.md5(token2.encode('utf-8'), usedforsecurity=False).hexdigest()
         code, token_meta = self.client.token_meta_get([digest1, digest2])
         self.assertEqual(code, 200)
         self.assertEqual(len(token_meta), 2)
@@ -89,7 +89,7 @@ def test_digest_get_token_metadata_bulk(self):
     def test_digest_get_with_unexpected(self):
         token = self.get_token(self.user_partner.email,
                                self.user_partner_password)
-        digest = hashlib.md5(token.encode('utf-8')).hexdigest()
+        digest = hashlib.md5(token.encode('utf-8'), usedforsecurity=False).hexdigest()
         payload_dict = {
             'digests': [digest]
         }

diworker/diworker/importers/gcp.py

@@ -69,7 +69,7 @@ def _get_resource_region(self, region_data):
 
     @staticmethod
     def _generate_tags_hash(tags: dict[str: str]) -> str:
-        return hashlib.sha1(repr(sorted(tags.items())).encode()).hexdigest()
+        return hashlib.sha1(repr(sorted(tags.items())).encode(), usedforsecurity=False).hexdigest()
 
     @staticmethod
     def _generate_resource_id(row_dict):

gemini/gemini_worker/migrator.py

@@ -106,7 +106,7 @@ def _get_script_from_name(filename):
     @staticmethod
     def _get_md5(filename):
         return hashlib.md5(
-            open(f"{MIGRATIONS_FOLDER}/{filename}.py", "rb").read()
+            open(f"{MIGRATIONS_FOLDER}/{filename}.py", "rb").read(), usedforsecurity=False
         ).hexdigest()
 
     def update_versions_table(self, filename):

keeper/report_server/controllers/event.py

@@ -154,7 +154,7 @@ def ack(self, id, **kwargs):
         poll_orgs = self.get_ack_resources(token)
         if event.organization_id not in poll_orgs:
             raise ForbiddenException(Err.OK0002, [])
-        digest = hashlib.md5(token.encode("utf-8")).hexdigest()
+        digest = hashlib.md5(token.encode("utf-8"), usedforsecurity=False).hexdigest()
         user_meta = self.get_meta_by_token(token)
         event.acknowledged_by = digest
         event.acknowledged_user = "%s (%s)" % (

keeper/report_server/controllers/event_base.py

@@ -84,7 +84,7 @@ def get_reads(self, user_id):
 
     def get_meta_by_token(self, token):
         user_digest = list(
-            map(lambda x: hashlib.md5(x.encode("utf-8")).hexdigest(), [token])
+            map(lambda x: hashlib.md5(x.encode("utf-8"), usedforsecurity=False).hexdigest(), [token])
         )[0]
         token_meta = self.get_token_meta([user_digest]).get(user_digest, {})
         return token_meta

metroculus/metroculus_worker/migrator.py

@@ -93,7 +93,7 @@ def _get_script_from_name(filename):
     @staticmethod
     def _get_md5(filename):
         return hashlib.md5(open(
-            f"{MIGRATIONS_FOLDER}/{filename}.py", 'rb').read()).hexdigest()
+            f"{MIGRATIONS_FOLDER}/{filename}.py", 'rb').read(), usedforsecurity=False).hexdigest()
 
     def update_versions_table(self, filename):
         version = [{

rest_api/rest_api_server/controllers/base.py

@@ -397,7 +397,7 @@ def auth_client(self):
         return self._auth_client
 
     def get_user_id(self):
-        user_digest = hashlib.md5(self.token.encode('utf-8')).hexdigest()
+        user_digest = hashlib.md5(self.token.encode('utf-8'), usedforsecurity=False).hexdigest()
         _, token_meta = self.auth_client.token_meta_get([user_digest])
         return token_meta.get(user_digest, {}).get('user_id')
 

rest_api/rest_api_server/controllers/environment_resource.py

@@ -171,7 +171,7 @@ def gen_cloud_resource_ids(resources):
         def get_cloud_resource_id(r):
             tail = "%s%s" % (r.get('name'), r.get('resource_type'))
             return 'environment_%s' % hashlib.md5(
-                tail.encode('utf-8')).hexdigest()
+                tail.encode('utf-8'), usedforsecurity=False).hexdigest()
 
         for resource in resources:
             if resource.get('cloud_resource_id'):

rest_api/rest_api_server/handlers/v1/base.py

@@ -295,9 +295,8 @@ def get_token_meta(self, digests):
         return token_meta_dict
 
     def get_meta_by_token(self, token):
-        print(2)
         user_digest = list(map(
-            lambda x: hashlib.md5(x.encode('utf-8')).hexdigest(), [token]))[0]
+            lambda x: hashlib.md5(x.encode('utf-8'), usedforsecurity=False).hexdigest(), [token]))[0]
         token_meta = self.get_token_meta([user_digest]).get(user_digest, {})
         return token_meta
 

risp/risp_worker/migrator.py

@@ -101,7 +101,7 @@ def _get_script_from_name(filename):
     @staticmethod
     def _get_md5(filename):
         return hashlib.md5(open(
-            f"{MIGRATIONS_FOLDER}/{filename}.py", 'rb').read()).hexdigest()
+            f"{MIGRATIONS_FOLDER}/{filename}.py", 'rb').read(), usedforsecurity=False).hexdigest()
 
     def update_versions_table(self, filename):
         version = [{

slacker/slacker_server/controllers/base.py

@@ -83,7 +83,7 @@ def __init__(self, app, db_session, config_cl=None, token=None,
         self.token = token
 
     def get_user_id(self):
-        user_digest = hashlib.md5(self.token.encode('utf-8')).hexdigest()
+        user_digest = hashlib.md5(self.token.encode('utf-8'), usedforsecurity=False).hexdigest()
         _, token_meta = self.auth_client.token_meta_get([user_digest])
         return token_meta.get(user_digest, {}).get('user_id')
 

slacker/slacker_server/handlers/v2/base.py

@@ -204,7 +204,7 @@ def get_token_meta(self, digests):
 
     def get_meta_by_token(self, token):
         user_digest = list(
-            map(lambda x: hashlib.md5(x.encode("utf-8")).hexdigest(), [token])
+            map(lambda x: hashlib.md5(x.encode("utf-8"), usedforsecurity=False).hexdigest(), [token])
         )[0]
         token_meta = self.get_token_meta([user_digest]).get(user_digest, {})
         return token_meta

tools/cloud_adapter/clouds/gcp.py

@@ -229,7 +229,7 @@ def _get_common_fields(self):
         )
 
     def _cloud_resource_hash(self):
-        return hashlib.sha1(self._cloud_object.self_link.encode()).hexdigest()
+        return hashlib.sha1(self._cloud_object.self_link.encode(), usedforsecurity=False).hexdigest()
 
     def _need_to_update_tags(self):
         optscale_tag_value = self.tags.get(OPTSCALE_TRACKING_TAG)